Gradle: Detect software licenses for dependencies sourced from a custom repository

Problem to solve

I would like the license_scanning job to detect software licenses associated with dependencies in a project that are sourced from custom repositories.

Intended users

Sasha (Software Developer)

Personas are described at https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/

Further details

Custom gradle options can be forwarded to the LicenseFinder tool via a --gradle-command option.

Proposal

Capture GRADLE_CLI_OPTS and forward them to LicenseFinder via the --gradle-command option.
Update documentation to describe how to forward custom options to gradle to be able to connect to custom sources.

Permissions and Security

TBD

Documentation

We will need to document how to forward custom options to gradle to be able to connect to custom sources. Provide example .gitlab-ci.yml files with different ways to configure gradle.

Availability & Testing

Add an integration test to verify that GRADLE_CLI_OPTS are captured and forwarded to LicenseFinder correctly.

What does success look like, and how can we measure that?

The license_scanning job is able to identify software licenses of dependencies that are sourced from custom gradle repositories.

What is the type of buyer?

TBD

Is this a cross-stage feature?

Links / references

declaring repositories

Edited Apr 21, 2023 by 🤖 GitLab Bot 🤖