Scan package and Improve from PurlDB should treat "unknown" license as an empty license

[DennisClark]

A recent import of an SBOM, originally generated from SCIO, to a DejaCode product imported multiple packages (originally detected as dependencies by SCIO) with minimal information, many with empty Download URLs, and with license expression set to unknown. I ran the "Improve Packages from PurlDB" Action on the product and it ran successfully and updated multiple Download URL values, but even though PurlDB has a license for many of those packages they remained with a license key of unknown, which is not very useful.

I also submitted a scan for one of the packages with an unknown license and the scan ran successfully, and the results show a meaningful license, but it did not update the package license assignment.

This is understandable since our general guideline is not to update non-empty fields automatically, but I think that we can and should make an exception for the unknown license key (and possibly some others, but let's focus on this one).

Improving this will make our SBOM imports a lot more useful.

[tdruez]

Implemented in #209

[DennisClark]

@tdruez tested in Staging Starship with promising results:

• submitting a scan request for an existing package with an unknown license results in an updated license assignment when the scan detects a meaningful license
• running the "Improve Packages from PurlDB" Action on a Product where an assigned package has a an unknown license results in an updated license assignment on the Package definition when there is a good match in the PurlDB.

However, the product package license assignment is not also getting updated by the "Improve Packages from PurlDB" Action, which is what the user probably expects. I realize that perhaps this Action has never done that but it would make the whole thing much more effective, especially if one is dealing with a Product Inventory where multiple packages have an unknown license assignment; updating the license of each relationship can be lots of manual work. Is it possible to update the Product Package Relationship as well?

[DennisClark]

@tdruez Update of ProductPackage.license_expression from Package when "Improve Packages from PurlDB" is run confirmed. I think this one is complete, thanks!