DRI: @ifrenkel ## Problem to solve Software Composition Analysis does not support `cargo` projects as of the creation of this epic. This epic defines the work involved in adding this support. ## Proposal Add support for `cargo` for ~"SCA:Dependency Scanning" ~"SCA:License Scanning" ~"Category:Container Scanning". https://gitlab.com/gitlab-org/gitlab/-/issues/439634+ showed that the dataset is sufficient for identifying licenses for specific cargo package-version combinations. The work touches the following components: ### Licenses #### license-db * package, version, license ingestion * [x]   https://gitlab.com/gitlab-org/gitlab/-/issues/448898+s * [x]   https://gitlab.com/gitlab-org/gitlab/-/issues/448899+s * [x]   https://gitlab.com/gitlab-org/gitlab/-/issues/450312+s * update infrastructure provisioning to add an interfacer pubsub topic for cargo * [x]   https://gitlab.com/gitlab-org/gitlab/-/issues/450310+s * scheduled pipelines for cargo feeder and cargo exporter * [x]   https://gitlab.com/gitlab-org/gitlab/-/issues/450313+s #### rails monolith * package metadata sync * [x]   https://gitlab.com/gitlab-org/gitlab/-/issues/456283+s * sbom ingestion * [x]   https://gitlab.com/gitlab-org/gitlab/-/issues/456286+s * [x]   https://gitlab.com/gitlab-org/gitlab/-/issues/466406+s ### analyzer * [x]   https://gitlab.com/gitlab-org/gitlab/-/issues/465107+s #### documentation * official docs * [x] https://gitlab.com/gitlab-org/gitlab/-/issues/461096+s  ### Advisories It's not currently clear that advisory data is recent enough to do vulnerability scanning. This is to be explored in a separate spike: https://gitlab.com/gitlab-org/gitlab/-/issues/444220+s ### Post-MVC * https://gitlab.com/gitlab-org/gitlab/-/issues/466407+s