Discovery: Replace license-finder for python license scanning [time box research]

Problem to solve

Right now license-finder has a number of limitations:

• The container is large
• It does not perform well for python

We should consider using a different license management tool to support users using python.

Further details

Proposal

One alternative is:

• pip-licenses

Please take a day or two to look at the above tool and make a recommendation for

• should we add this as an additional scanner? pro/cons
• should this replace an existing scanner? if so which? and why (pro/cons)?
• Is this not worth adding to our suite of scanners, and why do you think so.

If you come across additional alternate tools, please place them in their own research issues.

Permissions and Security

Documentation

Testing

What does success look like, and how can we measure that?

Links / references