diff --git a/vulnerabilities/importers/xen.py b/vulnerabilities/importers/xen.py
index 41cc4ed22..8e97a4cf7 100644
--- a/vulnerabilities/importers/xen.py
+++ b/vulnerabilities/importers/xen.py
@@ -7,10 +7,6 @@
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 
-import json
-
-import requests
-
 from vulnerabilities.importer import AdvisoryData
 from vulnerabilities.importer import Importer
 from vulnerabilities.references import XsaReference
@@ -21,14 +17,27 @@
 class XenImporter(Importer):
 
     url = "https://xenbits.xen.org/xsa/xsa.json"
-    spdx_license_expression = ""
-    license_url = ""
+    spdx_license_expression = "GPL-2"
+    license_url = "https://wiki.xenproject.org/wiki/Xen_FAQ_General"
 
     def advisory_data(self):
         data = fetch_response(self.url).json()
-        if not len(data):
+        # The data looks like this
+        # [
+        #  {
+        #   "xsas": [
+        #     {
+        #       "cve": [
+        #         "CVE-2012-5510"
+        #       ],
+        #       "title": "XSA-1: Xen security advisory",
+        #       }
+        #     ]
+        #   }
+        # ]
+        if not data:
             return []
-        xsas = data[0].get("xsas") or []
+        xsas = data[0]["xsas"]
         for xsa in xsas:
             yield from self.to_advisories(xsa)
 
diff --git a/vulnerabilities/tests/test_xen.py b/vulnerabilities/tests/test_xen.py
index 4e0278d5a..d9e913f68 100644
--- a/vulnerabilities/tests/test_xen.py
+++ b/vulnerabilities/tests/test_xen.py
@@ -1,3 +1,12 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+
 import json
 import os