Remove software_licenses table

As discussed in this thread, after moving the custom_licenses to the custom_software_licenses table, the software_licenses will only be used for the SPDX licenses.

The SPDX licenses are updated by the ImportSoftwareLicensesWorker. This worker runs weekly, and we have a 7 day cache for the SPDX licenses. We are basically reading the SPDX licenses from our cache. In the scope of this issue, we want to capture the effort required to remove the software license table.

Implementation plan

Add integration tests for the features using the software license to ensure they will still work after the table is removed.
Keep static files as JSON in the repo cache when we query it.
In software_license_policies store either spdx_identifier or custom_software_license_id instead of software_license_id and delete the software_licenses table.
modify all places where we read information from software_licenses table (like https://gitlab.com/gitlab-org/gitlab/-/blob/df861bd970872e18937a28f30c2cd0a75f493f52/ee/lib/gitlab/ci/reports/license_scanning/report.rb#L45 or https://gitlab.com/gitlab-org/gitlab/-/blob/cdaf4e2b3adcbb3da9bbfa8483b7dbe0492e6192/ee/lib/security/scan_result_policies/license_violation_checker.rb#L65).

Edited Dec 16, 2025 by 🤖 GitLab Bot 🤖