Poetry license scanning / SBOM license scanning

[erzz]

Description

Would love to see support for license scanning with Poetry - its working great with pure pip projects but Poetry is over 50% of our projects and it seems there is no path to do this directly at the moment.

Right now a hacky solution is for a pre-scan step in CI along the lines of

poetry export -f requirements.txt --output requirements.txt
python -m venv .
source bin/activate
pip install -r requirements.txt

Which is OK I guess though it would of course be nicer to have it supported out of the box.

Then I also thought that an alternative to this would be to use the sbom target seeing as it contains license information - but license scanning an SBOM target is not supported either?

Target

Filesystem

Scanner

License

[knqyf263]

There is a PR regarding license scanning for SBOM.
#6072