Support sub-directories for License Compliance analysis
Problem to solve
Our License Compliance analysis only detects the type of project dependencies to analyze from the root folder.
This causes limitation like e.g. when you are organizing your code by putting some dependency files into different subfolders. This is the case for our Gitaly project having Gemfile in a ruby
subdirectory: https://gitlab.com/gitlab-org/gitaly/tree/master/ruby
Intended users
Further details
Proposal
-
Accept LICENSE_FINDER_CLI_OPTS
as an environment variable and forward it to the license finder executable here. https://gitlab.com/gitlab-org/security-products/license-management/merge_requests/77 -
Update documentation to provide examples on how to use the license-management job with project setup for sub-directories. !19177 (merged)
For this particular customer we can consider:
license_management:
before_script:
- cd ruby && bundle install
variables:
- LICENSE_FINDER_CLI_OPTS: "--prepare --recursive"
Permissions and Security
Documentation
Testing
What does success look like, and how can we measure that?
What is the type of buyer?
Links / references
Edited by mo khan