Go dependencies report licenses as unkown

Summary

We got the ~"license management" to work for Gitaly (gitaly!1076 (merged)). Unfortunately a lot of dependencies report the license as "unknown". Which still means that those have to be checked manually.

Steps to reproduce

Create MR in Gitaly project (just change readme) and wait CI to run LM job. You can observe output of LM job

We should improve the experience of the license scanning. It also is a bit unclear to why this happens, as the vendored dependencies actually contain license information:

What is the expected correct behavior?

LM should be able to find all dependencie's licenses

Findings

This is the current situation with Gitaly at the moment

We only have 7 dependencies with unknown licenses. When issue was reported it was 19.

Reason they shown and unknown is some of these dependencies don't use any of the following that License finder supports

some of the packages are indirectly included. like github.com/kr/pretty. is a dependency of a dependency but since those dependencies don't have proper go.mod setup LM might not able to find license for them properly.

For example github.com/kr/pretty is used un gitaly indirectly.

go mod why github.com/kr/pretty 

gitlab.com/gitlab-org/gitaly/cmd/gitaly
gitlab.com/gitlab-org/labkit/tracing
gitlab.com/gitlab-org/labkit/tracing/impl
github.com/lightstep/lightstep-tracer-go
github.com/lightstep/lightstep-tracer-go.test
github.com/onsi/gomega
github.com/onsi/gomega/matchers
gopkg.in/yaml.v2
gopkg.in/yaml.v2.test
gopkg.in/check.v1
github.com/kr/pretty

gopkg.in/check.v1 doesn't any dependency tool set that LM can work with. It seems it is effecting LM to find license for github.com/kr/pretty

Include github.com/kr/pretty as direct dependency in my own go project and LM was able to detect that. Because github.com/kr/pretty proper gomod setup.

Possible fixes

There is no possible fix that we can apply at the moment. Upstream projects and their dependencies have to adapt go.mod