Third-Party Licenses

DFIRe is built using open source software. This page lists the third-party libraries and their licenses.

License Summary

DFIRe uses only open source libraries with licenses that permit commercial use. The following license types are used by our dependencies:

License Type Commercial Use
MIT Permissive Allowed
BSD (2-Clause, 3-Clause) Permissive Allowed
Apache 2.0 Permissive Allowed
ISC Permissive Allowed
HPND Permissive Allowed
BlueOak-1.0.0 Permissive Allowed
MPL 2.0 Weak Copyleft Allowed (see note below)
LGPL 3.0 Weak Copyleft Allowed (see note below)
RSALv2 / SSPLv1 Source Available Allowed (see note below)
PSF (Python) Permissive Allowed
PostgreSQL License Permissive Allowed
ZPL 2.1 Permissive Allowed

LGPL Note: The psycopg2 PostgreSQL driver is licensed under LGPL 3.0. Under LGPL terms, you may use this library in commercial applications without releasing your own source code, provided you do not modify the library itself. DFIRe uses psycopg2 as an unmodified dependency.

MPL 2.0 Note: mozilla-django-oidc and DOMPurify are licensed under MPL 2.0 (DOMPurify is dual-licensed Apache-2.0/MPL-2.0). MPL 2.0 is a file-level copyleft license: modifications to MPL-licensed source files must be made available, but it does not require disclosure of surrounding proprietary code. DFIRe uses these libraries as unmodified dependencies.

Redis Note: Redis 7.4 and later is licensed under RSALv2/SSPLv1 (previously BSD-3-Clause). RSALv2 permits using Redis as a component in commercial software. It only restricts offering Redis itself as a competing managed database service. DFIRe uses Redis as an internal caching and message broker component, which is fully permitted under these terms.

Backend Dependencies (Python)

The DFIRe backend is built with Python and uses the following key libraries:

Web Framework

Package License Purpose
Django BSD-3-Clause Web framework
Django REST Framework BSD-3-Clause REST API
drf-spectacular BSD-3-Clause OpenAPI schema generation
django-cors-headers MIT CORS handling
django-filter BSD-3-Clause QuerySet filtering
Django Channels BSD-3-Clause WebSocket support
Daphne BSD-3-Clause ASGI server
Gunicorn MIT WSGI server
WhiteNoise MIT Static file serving

Database & Caching

Package License Purpose
psycopg2 LGPL-3.0 PostgreSQL driver
dj-database-url BSD-3-Clause Database URL configuration
redis-py MIT Redis client
django-redis BSD-3-Clause Django cache backend for Redis
channels_redis BSD-3-Clause Redis channel layer for Channels
Django-Q2 MIT Background task queue

Security & Authentication

Package License Purpose
cryptography Apache-2.0 / BSD Encryption primitives
mozilla-django-oidc MPL-2.0 OpenID Connect authentication
PyJWT MIT JSON Web Token handling
pyOpenSSL Apache-2.0 TLS/SSL support
Bleach Apache-2.0 HTML sanitization

Storage & Cloud

Package License Purpose
boto3 Apache-2.0 AWS/S3-compatible storage
django-storages BSD-3-Clause Storage backend abstraction
smbprotocol MIT SMB/CIFS file sharing

Data Processing

Package License Purpose
Pillow HPND Image processing
python-magic MIT File type detection
Requests Apache-2.0 HTTP client
PyYAML MIT YAML parsing
python-dotenv BSD-3-Clause Environment configuration
python-whois MIT WHOIS lookups for IOC enrichment

Integrations

Package License Purpose
jira BSD-3-Clause Jira integration
Slack Bolt MIT Slack integration
LiteLLM MIT LLM API abstraction

Transitive Dependencies

The following notable libraries are included as transitive dependencies (pulled in by the packages above):

Package License Purpose
Twisted MIT Async networking (via Daphne)
Autobahn MIT WebSocket implementation (via Daphne)
zope.interface ZPL-2.1 Interface definitions (via Twisted)
Pydantic MIT Data validation (via LiteLLM)
HTTPX BSD-3-Clause Async HTTP client (via LiteLLM)

Frontend Dependencies (JavaScript)

The DFIRe frontend is a React single-page application using the following libraries:

Core Framework

Package License Purpose
React MIT UI framework
React Router MIT Client-side routing
TanStack Query MIT Server state management

Styling & UI

Package License Purpose
Tailwind CSS MIT Utility-first CSS framework
Lucide React ISC Icon library
Recharts MIT Charting library

Data & HTTP

Package License Purpose
Axios MIT HTTP client
date-fns MIT Date manipulation

Content & Security

Package License Purpose
DOMPurify Apache-2.0 / MPL-2.0 HTML sanitization
react-markdown MIT Markdown rendering
remark-gfm MIT GitHub Flavored Markdown support
rehype-sanitize MIT HTML sanitization for Markdown
PrismJS MIT Syntax highlighting
react-simple-code-editor MIT Code editor component

Build Tools

Package License Purpose
Vite MIT Build tool & dev server
TypeScript Apache-2.0 Type checking
ESLint MIT Code linting
Vitest MIT Testing framework

Runtime Dependencies

DFIRe runs on the following open source infrastructure components:

Component License Purpose
Python PSF License Backend runtime
Node.js MIT Frontend build
PostgreSQL PostgreSQL License Database
Redis RSALv2 / SSPLv1 Caching & message broker
Nginx BSD-2-Clause Web server (production)

License Compliance

DFIRe complies with all license requirements of its dependencies:

  • Attribution: This page provides attribution as required by BSD, MIT, and Apache licenses.
  • Source availability: All dependencies are available from their respective package registries (PyPI, npm) or source repositories.
  • No modification: DFIRe uses all dependencies as unmodified libraries, satisfying LGPL and MPL requirements without source disclosure obligations.
  • Redis usage: DFIRe uses Redis as an internal infrastructure component (caching and message broker), which is permitted under the RSALv2 license terms.
  • License texts: Full license texts are included in the respective packages and available from the links above.

Questions? If you have questions about licensing or need additional compliance documentation, please contact us at contact@dfire.fi.