Identify the use of licensed JDK through GitLab's composition analysis

Release notes

Problem to solve

In speaking with a large enterprise customer about license scanning & software composition analysis, one of the use cases they shared was the need to identify where there may be commercial use of licensed Java components (i.e. JDK binaries, or alike).

Oracle's licensing model today looks straightforward for organizations of smaller than 250 employees operating fewer than 50,000 processors worth of workloads, but for larger orgs, understanding the number of places workloads may be utilizing these licensed components is critical to a fair & accurate licensing arrangement.

Proposal

Utilize GitLab's existing Dependency List capability to get an accurate estimate of the number occurrences of licensed commercial use.

This could potentially be already accessible today (and perhaps would just benefit from a documented example of how to accomplish this).

Intended users

Feature Usage Metrics

Does this feature require an audit event?

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.