SBOM-based License Scanning does not detect licenses previously detected by license-finder

Summary

SBOM-based License Scanning fails to detect new licenses for dependencies added via Merge Request.

Steps to reproduce

1. Take an existing Maven-based project and create a Scan Result Policy that prohibits the following licenses:

type: scan_result_policy
name: License Review
description: ''
enabled: true
rules:
  - type: license_finding
    branches: []
    match_on_inclusion: true
    license_types:
      - 'The GNU Lesser General Public License, Version 2.1'
      - unknown
    license_states:
      - newly_detected
      - detected
actions:
  - type: require_approval
    approvals_required: 1
    user_approvers_ids:
      - 5721888

1. Create an MR and add the following change to the pom.xml:

		<dependency>
		    <groupId>ecs</groupId>
		    <artifactId>ecs</artifactId>
		    <version>1.4.2</version>
		</dependency>  
        <dependency>
            <groupId>org.apache.struts</groupId>
            <artifactId>struts2-core</artifactId>
            <version>2.3.1</version>
        </dependency> 
		<dependency>
		    <groupId>com.google.code.maven-play-plugin.org.allcolor.yahp</groupId>
		    <artifactId>yahp</artifactId>
		    <version>1.3</version>
		</dependency> 

What is the current bug behavior?

No licenses are reported:

What is the expected correct behavior?

The following prohibited licenses should be displayed in the MR widget:

Output of checks

This bug happens on GitLab.com

--

Contact me directly to be added as member of project where this behaviour can be seen.