GLOSSARY

What is the Server Side Public License?

A plain definition for the people who carry the risk. This glossary entry explains what the Server Side Public License is, why it is source available rather than open source, which projects use it, and the exposure it can create for software already in production.

The Server Side Public License is a source available software license created by MongoDB in 2018. It lets you read, modify, and run the code, but it carries a strong condition aimed at anyone who offers the software as a service. The license is widely known by its initials, the SSPL, and it is not approved by the Open Source Initiative. That single fact, that it is source available and not open source, is the heart of why it matters to enterprises.

The defining condition

The Server Side Public License adds a service condition to a familiar copyleft structure. If you offer the licensed software to others as a service, the license requires you to release the source of the programs you use to make that service available, under the same license. The intent is to stop a third party, typically a large cloud provider, from running the software as a managed service without contributing back. For an enterprise that runs the software internally, the condition often does not trigger. For one that offers it to customers as a service, it can be significant.

Why it is not open source

Source available means the code is visible, but the license restricts how you may use it. The Open Source Initiative has not approved the Server Side Public License because its service condition limits use in a way the open source definition does not allow. Treating it as open source is the common mistake, because a policy written for permissive and copyleft licenses has no category for it. The wider point is set out in why source available is not open source.

Which projects use it

MongoDB adopted the Server Side Public License in 2018, the first major project to do so. Elasticsearch and Kibana moved to it alongside the Elastic License in 2021, with the fork OpenSearch. Redis moved to a model that includes it as of March 2024, with the fork Valkey. The pattern is consistent: a widely used data layer project relicenses to restrict managed service competitors, and the community responds with an open fork. The detail sits in the competitive restrictions in the SSPL.

The exposure it creates

The main exposure is the service condition, which can apply to software already running in production. Because upgrades keep working after a relicense, the change is easy to miss, and the obligation accrues quietly until an audit or a deal brings it forward. The practical defense is to record the license state of every dependency, give source available its own category in policy, and classify deployments by how they are used so the condition can be assessed. Browse the full open source license risk glossary for related terms.

COMMON QUESTIONS

Questions buyers ask.

CONTAINMENT

Find where the Server Side Public License governs your software.

A confidential open source license risk assessment. Independent, buyer side, paid only by you.

Not ready to talk? Read the free open source license risk guides first.