Create License Database
Release notes
Problem to solve
To support replacing license finder, we need to have a central, uniformly formatted collection of data that maps license data to components.
Intended users
Proposal
- A new repository will be created, similar to https://gitlab.com/gitlab-org/security-products/gemnasium-db called "GitLab License Database".
- The GitLab License Database will be licensed similarly to the GitLab Advisory Database. The exact license will need to be approved by legal.
- The stored format will be JSON and will include the following information at a minimum:
date
-
registry
(should be either) component_name
component_version
-
license_name
(this can be an array if there are multiple licenses involved)
- A regular daily job will be created to read license data from the following registries, import the data, and store it in the GitLab License Database in a consistent format:
language | packages | API docs | docs |
---|---|---|---|
JavaScript | npm, yarn | API docs | A listing of all packages can be obtained at https://replicate.npmjs.com/_all_docs and license data can be obtained by querying for individual packages via https://registry.npmjs.org/{{package_name}} See CouchDB |
Ruby | Bundler | API docs | API calls are authenticated so we likely need an account. A listing of all packages can be obtained at https://rubygems.org/versions using the Compact Index. |
PHP | Composer | API docs | A listing of all packages can be obtained at https://packagist.org/packages/list.json?filter=* and license data can be obtained by querying for individual packages via https://repo.packagist.org/p2/{{package_name}}.json (for example https://repo.packagist.org/p2/phpcommon/comparison.json) |
C, C++ | Conan | https://github.com/conan-io/conan-center-index.git | |
Go | Go | license information may be detected from the source repositories of the go module dependencies | See https://index.golang.org |
Java | Gradle, Maven | Sonatype, MVNRepository | |
.NET, C# | NuGet | API docs | |
Python | setuptools, Pip, Pipenv, Poetry | API docs | |
Scala | sbt | Same as for Maven; all build tools for JVM-based languages are mainly relying on Maven (sbt, gradle, leiningen) |
Further details
This is intended to be somewhat similar to https://gitlab.com/gitlab-org/security-products/gemnasium-db only it will be maintained by groupcomposition analysis and will store license data instead of vulnerability data.
Available Tier
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.
🤖
Auto-Summary Discoto Usage
Points
Discussion points are declared by headings, list items, and single lines that start with the text (case-insensitive)
point:
. For example, the following are all valid points:
#### POINT: This is a point
* point: This is a point
+ Point: This is a point
- pOINT: This is a point
point: This is a **point**
Note that any markdown used in the point text will also be propagated into the topic summaries.
Topics
Topics can be stand-alone and contained within an issuable (epic, issue, MR), or can be inline.
Inline topics are defined by creating a new thread (discussion) where the first line of the first comment is a heading that starts with (case-insensitive)
topic:
. For example, the following are all valid topics:
# Topic: Inline discussion topic 1
## TOPIC: **{+A Green, bolded topic+}**
### tOpIc: Another topic
Quick Actions
Action Description /discuss sub-topic TITLE
Create an issue for a sub-topic. Does not work in epics /discuss link ISSUABLE-LINK
Link an issuable as a child of this discussion
Last updated by this job
- TOPIC File-based database (Git repository) #368862 (comment 1041881030)
- TOPIC Maintenance effort #368862 (comment 1041924933)
- TOPIC Alternative solution -- lazy license database creation #368862 (comment 1041975040)
- TOPIC Alternative solution -- using a 3rd party license database #368862 (comment 1041985167)
Discoto Settings
---
summary:
max_items: -1
sort_by: created
sort_direction: ascending
See the settings schema for details.