License Scanning

The License list is populated when GitLab parses an SBOM generated for one of the supported languages.

License Scanning should use the licenses field of the CycloneDX JSON SBOM when available, and fall back to using license information imported from the external License DB.

source: Use licenses of CycloneDX SBOMs in license scanner

The Ingest SBOM reports epic has some useful info about how everything is architected.

🌐 External Resources

- CycloneDX Tool Center