We are using the Checkov scanner which is an open-source scanner and it requires iGraph dependency. However, it comes under an AGPL license, so can someone please help if it is open for commercial use and we don’t have to expose our code to the public domain?
The python-igraph and igraph sources are under GPL version 2 or later. If you use a binary distribution that has GLPK compiled in, such as the one in PyPI, then it’s GPL version 3 or later (as GLPK itself is GPL3+).
Thus, to be clear, it’s GPL and not AGPL.
As for the interpretation of these licenses, I am not a lawyer, so I can’t give reliable advice.