License miscompliance issues are one of several issue types within the Cortex Cloud Application Security platform. Understanding the relationship between license issues and the broader ecosystem enables effective cross-domain prioritization.
From findings to issues to Cases
The Cortex Cloud Application Security platform processes security data through a three-tier hierarchy:
Findings: Raw scanner output. The license scanner produces findings for every non-compliant license detected in every scanned dependency manifest. Findings are available on the Findings tab of the Licenses page
Issues: Deduplicated, policy-evaluated findings. When a finding matches a unified policy, Cortex Cloud creates an issue with the configured severity and enforcement actions. Issues are the primary unit of work for AppSec practitioners
Cases: Grouped issues that require coordinated remediation. Cases aggregate related issues across scanners and repositories into a single remediation workflow with ownership, SLA tracking, and audit trails
Unified policies and license compliance
Application Security policies govern how license miscompliance findings are evaluated and what actions are triggered. A policy can:
Create an issue with a specific severity when a license violation matches the policy conditions
Block a PR when a non-compliant license is detected during a PR scan
Block a CI pipeline when a non-compliant license is detected during a CI code scan
Generate a CLI report with the license violation details for developer review
Configure unified policies for license compliance at → → . For more information, refer to Unified Application Security policies.