Usage metrics for tools and versions used in License Scanning
Problem to solve
GitLab License Scanning (license-finder analyzer project) supports many "tools" (package managers and languages) and many versions of these tools via asdf. Overtime maintenance cost increases because new tools and versions are added, but none is removed. As project maintainers of license-finder
, we needs to know what's actively used, so that they can drop support for what's not used anymore, with a positive impact on code complexity, image size, tests, and pipeline execution.
For instance, we're considering dropping support for Godep, but first need to know whether License Scanning is used to scan Godep projects. See https://gitlab.com/gl-retrospectives/secure-sub-dept/composition-analysis/-/issues/4#note_555009296
Also, these usage metrics would help us what tools and versions could be dropped to bring License Scanning closer to what Dependency Scanning supports, in the context of #12933 (closed).
Proposal
Add usage metrics to track the tools (package managers and languages) and tool versions enabled in the license-scanning
job at run-time.