SPDX License List Updated to v3.28

We’ve updated Snyk Open Source license detection to use the latest  SPDX license list  (v3.28), upgrading from the previously supported version (v3.20).

This update improves license recognition across dependencies and reduces the number of licenses previously categorized as “Unknown”. With this change, Snyk can now recognize and surface additional standard SPDX licenses, enabling more accurate license compliance insights and allowing customers to define policies for these licenses directly.

What’s changed

• Updated SPDX License List support to the latest version, v3.28 (previously v3.20).

• Snyk Open Source license detection now recognizes additional SPDX licenses included in the latest version.

• Newly recognized licenses can now be managed in License Policies, reducing cases where licenses appear as “Unknown.”

Who’s affected

• This update applies to all customers using Snyk Open Source license scanning.

• Newly supported licenses will appear after the next dependency scan or project re-test.

Why this matters

Previously, some dependencies using valid SPDX licenses were categorized as “Unknown” because they were not yet supported by Snyk.

By expanding SPDX license coverage, this update helps teams:

• Improve the accuracy of license detection in dependency scans.

• Define policies for a broader set of open source licenses.

• Reduce manual investigation when licenses appear as “Unknown”.

If you have any questions about this update, please reach out to the Snyk Support team.

To learn more about licenses, visit the Snyk documentation.