SSPL . BSL . NOT OSI APPROVED
Source Available License Advisory
A source available license advisory maps where source available terms touch your estate, explains plainly what each one demands, and sizes the exposure. Source available is not open source. The rights are restricted even when the code is readable, and those restrictions can apply to software you are already running in production.
A source available license lets you read the source but withholds the freedoms that define open source. The most common forms in the enterprise today are the Business Source License and the Server Side Public License, and neither is approved by the Open Source Initiative. The Business Source License restricts competitive production use and converts to an open license only after a delay. The Server Side Public License attaches far reaching obligations to anyone who offers the software as a service. Treating either as if it were a permissive license is the most expensive mistake we see.
What a source available license advisory covers
We find every component in your estate that now carries a source available license, confirm the exact terms and the date they took effect, and map what each component touches. We then translate the legal mechanics into business terms. Competitive use restrictions, distribution and copyleft style obligations, delayed conversion windows, and commercial license demands each create a different kind of exposure, and we name which ones apply to you and which do not.
The relicensing wave is wide. HashiCorp moved Terraform, Vault, Consul, Nomad, and Packer to the Business Source License as of August 2023. Redis moved to a dual model with the Server Side Public License as of March 2024 and later added an open license option. Elasticsearch and Kibana moved to the Server Side Public License and the Elastic License as of 2021 and later added an open option. MongoDB moved to the Server Side Public License in 2018. The community forks OpenTofu, Valkey, and OpenSearch give you alternatives, and the advisory weighs them against staying put and against a commercial license.
From advisory to a contained position
The advisory ends with a recommendation, not a list of worries. For each affected component we set out the cheapest defensible path on engineering cost, license posture, and timeline. For deeper sizing across the estate, the relicensing exposure review quantifies the blast radius, and the open source license risk assessment maps the full dependency tree first. The wider context sits on the relicensing exposure pillar.
Independent and buyer side
We take no vendor fees and resell no software. The advisory reflects your risk and your leverage, not a sale. That independence is why our read on a source available license can be trusted to tell you when the right answer is to do nothing yet, and when it is to move before the cost to cure climbs.
COMMON QUESTIONS
Questions buyers ask.
What is a source available license advisory?
A source available license advisory maps where source available terms such as the Business Source License and the Server Side Public License touch your estate, explains what each one demands, sizes the exposure, and recommends a path to contain it. The work is independent and buyer side.
Is source available the same as open source?
No. You can read the code, but the rights are restricted. The Server Side Public License and the Business Source License are not approved by the Open Source Initiative. They limit competitive use, carry distribution and copyleft style obligations, or convert to an open license only after a delay. Those restrictions can apply to software already in production.
Which projects moved to source available licenses?
HashiCorp moved Terraform, Vault, Consul, Nomad, and Packer to the Business Source License as of August 2023. Redis moved to a dual model with the Server Side Public License as of March 2024. Elasticsearch and Kibana moved to the Server Side Public License and the Elastic License as of 2021. MongoDB moved to the Server Side Public License in 2018.
Is this legal advice?
No. This is commercial and licensing risk advisory, not legal advice. For interpretation of source available license terms and your compliance position, we recommend you engage your own counsel.
CONTAINMENT
Get clear on your source available exposure.
A confidential open source license risk assessment. Independent, buyer side, paid only by you.
Not ready to talk? Read the free open source license risk guides first.
Independent, confidential, buyer side. See how buyers contained their exposure →