“I don’t know” license type should not be published
The automated component detection creates inventory items with unknown license types. This happens under the following scenarios:
Automated component detection publishes inventory items with "I don't know" license type
There are multiple license options (i.e. CDDL or GPL with Classpath Exception)
The component does not have a license
Automated component detection creates unpublished inventory items with "Work In Progress" license type
The published items with the "I don't know" license type are labeld as P3 and marked as “Pending”. It does not make sense to me that an inventory item can be published for approval if the license type is not known.
If a license cannot be determined, the automated fining should be unpublished state so that the analyst can determine the correct license type.