Add SPDX licenses to license compliance
Problem to solve
The selection of license names available in license compliance is limited. The user may have a license that needs to be added, which is not on the licenses available in the dropdown.
Context: this issue is based on discovery work done in https://gitlab.com/gitlab-org/gitlab-ee/issues/12941 and license name technical review by @xlgmokha.
Intended users
- Compliance Role wants to see that they are following policies that have been set, edit policies as needed, and set policies for unclassified licenses.
- Delaney (Development Team Lead)
- Sasha (Software Developer)
- Sam (Security Analyst)\
- Legal and/or person responsible for orgs compliance
Further details
Ideally, this is completed at the same time as: #34698 (closed) (which adds the ability to select/edit license to the new LC section)
Proposal
Add the SDPX licenses as license selections the user may add to their project policies.
Permissions and Security
Same permissions rules apply, as with this issue #34698 (closed)
Documentation
- license name technical review
- Need to add license library source to the documentation
Testing
Unit tests should be updated by the developer to cover SPDX licenses. SET should update the license compliance end to end test to ensure SPDX licenses are recognised.
What does success look like, and how can we measure that?
- The additional listings are used by customers