License Scanning
The License list is populated when GitLab parses an SBOM generated for one of the supported languages.
License Scanning should use the
licenses
field of the CycloneDX JSON SBOM when available, and fall back to using license information imported from the external License DB.
source: Use licenses of CycloneDX SBOMs in license scanner
The Ingest SBOM reports epic has some useful info about how everything is architected.