Allow dependency scanning to look at library fingerprints
Problem to solve
An organization may fear insider threat trying to maliciously work around blacklisted libraries (wether by license or by name) so we should allow the checking of library fingerprints. This is not perfect as any modification to the library will change the fingerprint but it increases the difficulty level of the breach.
Intended users
Further details
An enhancement to #32710 (closed) and others.
This is likely time consuming so should be offered at a scheduled interval for many, and only turned on always for the most risk averse customers in their most critical applications.