Merge branch '217903-offline-composer' into 'master'v3.20.0

Parse `composer.lock` file when composer CLI fails

See merge request gitlab-org/security-products/license-management!200

2 files changed, 13 insertions, 3 deletions

diff --git a/lib/license/finder/ext/composer.rb b/lib/license/finder/ext/composer.rb
index e6b0733..1be4e2b 100644
--- a/lib/license/finder/ext/composer.rb
+++ b/lib/license/finder/ext/composer.rb
@@ -45,9 +45,12 @@ module LicenseFinder
         :licenses,
         '--format=json'
       ], env: default_env)
-      return [] unless status.success?
+      return from_lockfile unless status.success?
 
-      JSON.parse(stdout).fetch('dependencies', {}).map do |name, data|
+      dependencies = JSON.parse(stdout).fetch('dependencies', {})
+      return from_lockfile if dependencies.empty?
+
+      dependencies.map do |name, data|
         data.merge('name' => name) if data.is_a?(Hash)
       end.compact
     end
@@ -72,5 +75,12 @@ module LicenseFinder
       ], env: default_env)
       status.success? ? stdout.split(' ').last : ''
     end
+
+    def from_lockfile
+      return [] unless lockfile_path.exist?
+
+      json = JSON.parse(lockfile_path.read)
+      json.fetch('packages', [])
+    end
   end
 end
diff --git a/lib/license/management/version.rb b/lib/license/management/version.rb
index 851642e..ac8abbd 100644
--- a/lib/license/management/version.rb
+++ b/lib/license/management/version.rb
@@ -2,6 +2,6 @@
 
 module License
   module Management
-    VERSION = '3.19.5'
+    VERSION = '3.20.0'
   end
 end