Licensing Compliance Considerations in Containerization

Containers have revolutionized modern application development and deployment. However, they significantly alter the scale of compliance obligations.

In the traditional method of software distribution, a developer or distributor can more easily track which upstream projects form a part of the software package distributed by them to third-parties. These could be libraries, executables or other dependencies, as well as source code created by others such as contributors and upstream projects.

Containers make application distribution and deployment easier, but they also increase compliance burden as every component included in every layer of the container image is distributed to end-users as a part of the containerized application. Therefore, licensing requirements of every component in every layer must be complied with.

In this talk, I'll discuss about common compliance obligations; complexities created by layers in container images such as when a layer removes a software component that was present in a previous layer; and use of open-source tooling for license compliance.