Introduce `external_licenses` for prioritised license lookups + consume licenses from SBOMs
TODO:
-
Demo- Moved to #310
-
Multi-license CycloneDX - These are handled implicitly, as we're making each row
UNIQUE ( ... license)
, so multiple licenses are absolutely fine. Validated with https://github.com/CycloneDX/bom-examples/blob/7d529848e2f8bd65d03aec9eab16f139fd445ff4/SBOM/dropwizard-1.3.15/bom.json
- These are handled implicitly, as we're making each row
-
Tweak policy evaluation to take from external_licenses
+ handle multiple if necessary -
Pick up CDX license.name
iflicense.id
not present
Edited by Jamie Tanna