SimpleSecCheck orchestrates third-party tools via CLI inside Docker. No third-party source code is bundled or linked.
- SimpleSecCheck is MIT licensed.
- Each tool keeps its own license.
- Tools run as separate processes, so licenses do not "infect" the orchestrator.
- Permissive: MIT, Apache-2.0
- Copyleft: GPL/LGPL/AGPL (still separate processes)
- Proprietary: Some tools (e.g., CodeQL, Burp Suite community)
You are responsible for complying with each tool’s license and API terms.
For a full list, see each tool’s repository LICENSE file.