Support PHP (composer.lock) in License Compliance
Blocked by #13083 (closed)
Problem to solve
Many customers are using PHP as their project language. To date they have been unable to use our License Compliance feature. During this release we plan to make our License Compliance feature support PHP, specifically focusing on composer based projects (using composer.lock lockfile).
Intended users
Further details
We entirely rely on License Finder for License Management and they just added support for PHP.
Proposal
Update License Finder to benefit from the recent addition of support for PHP projects.
WARNING: PHP support for license finder is considered experimental: https://github.com/pivotal/LicenseFinder#experimental-project-types
We should carefully test this and make a clear statement in the documentation.
-
bump license finder to add php support: https://gitlab.com/gitlab-org/security-products/license-management/merge_requests/37 -
Make sure Documentation and Testing tasks are addressed.
Documentation
Testing
-
setup license management feature on our php composer test project by following existing conventions
What does success look like, and how can we measure that?
PHP composer projects get license information about their dependencies.
We should probably count the number of PHP projects using license management but not sure we have that level of granularity in our usage data.
What is the type of buyer?
Links / references
Product Management - @NicoleSchwartz
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.