.NET offline License Compliance
Problem to solve
Detect software licenses associated with dependencies declared using conan the same way we do today for online instances, in an offline instance relying on a proxied or locally hosted custom repository.
If possible this will deal with setting both address and optional authentication. If needed pop authentication into it's own issue.
Personas are described at https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/
This change allows the retrieval of pip dependencies from non standard sources.
This is to support users in offline GitLab self-hosted instances
Permissions and Security
same users today who can setup license scanning can set it up.
the repository may or may not be authenticated
We will need to update user documentation
Availability & Testing
Manual: Use the existing GCP environment
Automated: Please work with Quality to make sure we have coverage as we must avoid regression
What does success look like, and how can we measure that?
after following documentation it does not require an internet connection to run a scan and provide results.
What is the type of buyer?
Heavily regulated industry, highly secretive organizations, and those with poor connectivity.
Is this a cross-stage feature?
- Exclude development/test dependencies for nuget projects.
- Exclude development/test dependencies for dotnet CLI projects.
- Add integrations test(s) to verify that dependencies can be installed from a custom nuget package registry.
- Ensure that packages can be installed from a registry served with a custom self signed TLS certificate.
- Add documentation to describe any setup required for working in an offline environment. Example
- Add documentation to describe supported nuget/dotnet CLI project types.
- Add example project to templates
- Compress size of mono dependencies.
- Compress size of dotnet CLI dependencies.