Merge branch '6171_rename_licence_management_artifact' into 'master'

Rename licence management artifact

Closes #6171

See merge request gitlab-org/gitlab-ee!5874

doc/ci/examples/README.md

@@ -45,6 +45,10 @@ There's also a collection of repositories with [example projects](https://gitlab
 
 [Analyze code quality with the Code Climate CLI](code_climate.md).
 
+## Dependencies license management **[ULTIMATE]**
+
+[Find and manage the licenses of your dependencies](license_management.md).
+
 ## Static Application Security Testing (SAST) **[ULTIMATE]**
 
 [Scan your code for vulnerabilities](sast.md)

doc/ci/examples/license_management.md

+# Dependencies license management with GitLab CI/CD
+
+NOTE: **Note:**
+In order to use this tool, a [GitLab Ultimate][ee] license
+is needed.
+
+This example shows how to run the License Management tool on your
+project's dependencies by using GitLab CI/CD.
+
+First, you need GitLab Runner with [docker-in-docker executor](../docker/using_docker_build.md#use-docker-in-docker-executor).
+You can then add a new job to `.gitlab-ci.yml`, called `license_management`:
+
+```yaml
+license_management:
+  image: docker:stable
+  variables:
+    DOCKER_DRIVER: overlay2
+  allow_failure: true
+  services:
+    - docker:stable-dind
+  script:
+    - export LICENSE_MANAGEMENT_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
+    - docker run 
+        --volume "$PWD:/code"
+        "registry.gitlab.com/gitlab-org/security-products/license-management:$LICENSE_MANAGEMENT_VERSION" /run.sh /code
+  artifacts:
+    paths: [gl-license-management-report.json]
+```
+
+The above example will create a `license_management` job in the `test` stage and will create the required report artifact. Check the
+[Auto-DevOps template](https://gitlab.com/gitlab-org/gitlab-ci-yml/blob/master/Auto-DevOps.gitlab-ci.yml)
+for a full reference.
+
+
+TIP: **Tip:**
+Starting with [GitLab Ultimate][ee] 11.0, this information will
+be automatically extracted and shown right in the merge request widget. To do
+so, the CI job must be named `license_management` and the artifact path must be
+`gl-license-management-report.json`. Make sure your pipeline has a stage named `test`,
+or specify another existing stage inside the `license_management` job.
+[Learn more on license management results shown in merge requests](../../user/project/merge_requests/license_management.md).
+
+
+[ee]: https://about.gitlab.com/products/

doc/topics/autodevops/index.md

@@ -41,6 +41,7 @@ project in an easy and automatic way:
 1. [Auto Code Quality](#auto-code-quality)
 1. [Auto SAST (Static Application Security Testing)](#auto-sast)
 1. [Auto Dependency Scanning](#auto-dependency-scanning)
+1. [Auto License Management](#auto-license-management)
 1. [Auto Container Scanning](#auto-container-scanning)
 1. [Auto Review Apps](#auto-review-apps)
 1. [Auto DAST (Dynamic Application Security Testing)](#auto-dast)
@@ -256,6 +257,19 @@ check out.
 In GitLab Ultimate, any security warnings are also
 [shown in the merge request widget](../../user/project/merge_requests/dependency_scanning.md).
 
+### Auto License Management **[ULTIMATE]**
+
+> Introduced in [GitLab Ultimate][ee] 11.0.
+
+License Management uses the
+[License Management Docker image](https://gitlab.com/gitlab-org/security-products/license_management)
+to search the project dependencies for their license. Once the
+report is created, it's uploaded as an artifact which you can later download and
+check out.
+
+In GitLab Ultimate, any licenses are also
+[shown in the merge request widget](../../user/project/merge_requests/license_management.md).
+
 ### Auto Container Scanning
 
 > Introduced in GitLab 10.4.

doc/user/project/merge_requests/index.md

@@ -50,6 +50,7 @@ A. Consider you are a software developer working in a team:
 1. You checkout a new branch, and submit your changes through a merge request
 1. You gather feedback from your team
 1. You work on the implementation optimizing code with [Code Quality reports](code_quality_diff.md) **[STARTER]**
+1. You avoid using dependencies whose license is not compatible with your project with [License Management reports](license_management.md) **[ULTIMATE]**
 1. You build and test your changes with GitLab CI/CD
 1. You request the [approval](#merge-request-approvals) from your manager
 1. Your manager pushes a commit with his final review, [approves the merge request](#merge-request-approvals), and set it to [merge when pipeline succeeds](#merge-when-pipeline-succeeds)
@@ -248,6 +249,17 @@ GitLab runs the [Sitespeed.io container][sitespeed-container] and displays the d
 
 [Read more about Browser Performance Testing.](browser_performance_testing.md)
 
+## License Management **[ULTIMATE]**
+
+> Introduced in [GitLab Ultimate][products] 11.0.
+
+If you are using [GitLab CI/CD][ci], you can search your dependencies for their 
+licenses using License Management.
+Going a step further, GitLab can show the licenses report right in the
+merge request widget area.
+
+[Read more about License Management reports.](license_management.md)
+
 ## Security reports **[ULTIMATE]**
 
 GitLab can scan and report any vulnerabilities found in your project. The

doc/user/project/merge_requests/license_management.md

+# License Management
+
+> [Introduced][ee-5483] in [GitLab Ultimate][ee] 11.0.
+
+## Overview
+
+If you are using [GitLab CI/CD][ci], you can search your project dependencies for their licenses
+using License Management, either by
+including the CI job in your [existing `.gitlab-ci.yml` file][cc-docs] or
+by implicitly using [Auto License Management](../../../topics/autodevops/index.md#auto-dependency-scanning)
+that is provided by [Auto DevOps](../../../topics/autodevops/index.md).
+
+Going a step further, GitLab can show the licenses list right in the merge
+request widget area.
+
+## Use cases
+
+It helps you find licenses that you don't want to use in your project and see
+which dependencies use them. For example, your application is using an external (open source)
+library whose license is incompatible with yours.
+
+## Supported languages and dependency managers
+
+The following languages and dependency managers are supported.
+
+| Language   | Package managers                                                  |
+|------------|-------------------------------------------------------------------|
+| JavaScript | [Bower](https://bower.io/), [npm](https://www.npmjs.com/)         |
+| Go         | [Godep](https://github.com/tools/godep), go get                   |
+| Java       | [Gradle](https://gradle.org/), [Maven](https://maven.apache.org/) |
+| .NET       | [Nuget](https://www.nuget.org/)                                   |
+| Python     | [pip](https://pip.pypa.io/en/stable/)                             |
+| Ruby       | [gem](https://rubygems.org/)                                      |
+
+## How it works
+
+First of all, you need to define a job named `license_management` in your
+`.gitlab-ci.yml` file. [Check how the `license_management` job should look like][cc-docs].
+
+In order for the report to show in the merge request, there are two
+prerequisites:
+
+- the specified job **must** be named `license_management`
+- the resulting report **must** be named `gl-license-management-report.json`
+  and uploaded as an artifact
+
+The `license_management` job will search the application dependencies for licenses,
+the resulting JSON file will be uploaded as an artifact, and
+GitLab will then check this file and show the information inside the merge
+request.
+
+![License Management Widget](img/license_management.jpg)
+
+[ee-5483]: https://gitlab.com/gitlab-org/gitlab-ee/issues/5483
+[ee]: https://about.gitlab.com/products/
+[ci]: ../../../ci/README.md
+[cc-docs]: ../../../ci/examples/license_management.md

ee/app/models/ee/ci/build.rb

@@ -11,7 +11,7 @@ module EE
       CODECLIMATE_FILE = 'codeclimate.json'.freeze
       CODE_QUALITY_FILE = 'gl-code-quality-report.json'.freeze
       DEPENDENCY_SCANNING_FILE = 'gl-dependency-scanning-report.json'.freeze
-      LICENSE_MANAGEMENT_FILE = 'gl-license-report.json'.freeze
+      LICENSE_MANAGEMENT_FILE = 'gl-license-management-report.json'.freeze
       SAST_FILE = 'gl-sast-report.json'.freeze
       PERFORMANCE_FILE = 'performance.json'.freeze
       # SAST_CONTAINER_FILE is deprecated and replaced with CONTAINER_SCANNING_FILE (#5778)