Implement license_scanning Artifacts Reports Type for Third-Party License Scanners

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Overview

Request to add support for external license scanning report artifacts (like OSS Review Toolkit - ORT) to enable uploading external license scanning results and overriding GitLab's built-in license scanning findings.

Description

Problem/Objective

Currently, there is no report artifact type for license scanning in GitLab CI/CD. Organizations using third party scanning capabilities (e.g. ORT) cannot upload their scan results as report artifacts or override GitLab's default license scanning findings with external tool results.

Context/Background

• GitLab provides built-in license scanning as part of its security features
• Many organizations use specialized tools like ORT (OSS Review Toolkit) for license compliance
• Current GitLab implementation doesn't support external license scanning tool integration
• Teams need to maintain compliance workflows within GitLab while using their preferred scanning tools

Proposed Solution

Introduce a new license_scanning reports artifacts type that allows:

• Uploading ORT and similar tools scanning results as CI/CD job artifacts
• Ability to override or supplement GitLab's license scanning results
• Support for standard license scanning report formats used by ORT and similar tools