Open-source software (OSS) license risk has intensified amid the rise of generative software engineering (e.g., CodeLLMs) and rapid license evolution, exposing critical limitations in current management practices—namely, inaccurate license identification, coarse-grained risk assessment, and delayed mitigation. To address this gap, we conduct the first systematic literature review (SLR) dedicated to OSS license management, analyzing 80 peer-reviewed studies across three core phases: license identification, risk assessment, and mitigation. We categorize technical approaches—including code provenance analysis, compliance checking, and automated tooling—to map academic and industrial capabilities and uncover persistent gaps. Integrating insights from generative AI advancements, we propose future research directions emphasizing explainability, dynamic license adaptation, and cross-ecosystem coordination, alongside actionable governance recommendations. This work delivers a pragmatic, evidence-based roadmap for OSS license risk management, bridging theory and practice for researchers and practitioners alike.

Integrating third-party software components is a common practice in modern software development, offering significant advantages in terms of efficiency and innovation. However, this practice is fraught with risks related to software licensing. A lack of understanding may lead to disputes, which can pose serious legal and operational challenges. To these ends, both academia and industry have conducted various investigations and proposed solutions and tools to deal with these challenges. However, significant limitations still remain. Moreover, the rapid evolution of open-source software (OSS) licenses, as well as the rapidly incorporated generative software engineering techniques, such as large language models for code (CodeLLMs), are placing greater demands on the systematic management of software license risks. To unveil the severe challenges and explore possible future directions, we conduct the first systematic literature review (SLR) on 80 carefully selected OSS license-related papers, classifying existing research into three key categories, i.e., license identification, license risk assessment, and license risk mitigation. Based on these, we discuss challenges in existing solutions, conclude the opportunities to shed light on future research directions and offer practical recommendations for practitioners. We hope this thorough review will help bridge the gaps between academia and industry and accelerate the ecosystem-wide governance of legitimate software risks within the software engineering community.