License Compliance ignores pip configurations with private servers

Summary

License Compliance doesn't work with private pip servers.

Steps to reproduce

  1. Install GitLab in a private network, with restricted access to the Internet.
  2. Install a private pip server
  3. Publish a package on this server
  4. Create a python project on this GitLab, using the private package.
  5. Create a .pip folder in the project to prefer a private server url (ex: https://gist.github.com/Jaza/fcea493dd0ba6ebf09d3#configure-pip-to-use-private-pypi)
  6. Setup and run the license_management job on that project

What is the current bug behavior?

Job is failing, trying to hit https://pypi.org/[...]

What is the expected correct behavior?

Job is succeeding, and licenses are reported.

Possible fixes

The call to pypi.org is hardcoded in https://github.com/pivotal-legacy/LicenseFinder/blob/master/lib/license_finder/package_managers/pip.rb#L61 There's an issue open for this in the LicenseFinder project: https://github.com/pivotal-legacy/LicenseFinder/issues/230 with a fork we can leverage to get started on this.

Also refs: https://gitlab.com/gitlab-org/gitlab-ee/issues/6603

Edited by Lukas Eipert