Add maxLength validations for SBoM license name ingestion

Harrison Petersrequested to merge
543113-set-spdx-limits into master

What does this MR do and why?

Add maxLength validations for SBoM license name ingestion

Currently SBoM ingestion can fail due to different validation conditions on the license name field. The limit for a license name on ingestion is 50 characters, which is too small given there are valid SPDX identifiers longer than that. License names can also be chained SPDX identifiers using AND/OR as well, allowing for even larger names (ex; "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL").

In this PR we update the limit for spdx_identifier from 50 to 255 on ingestion. We also set a maxLength of 255 on license names during report parsing for consistency (fails on this validation are also reported to the user).

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #543113 (closed)

Merge request reports