Populate third party license meta data

[mering]

Is it possible to extend the aspect such that third party license information would be automatically populated?

For example pip_parse should expose the Python license meta information (setup.py license=, `pyproject.toml license=, License :: classifier).

[aiuto]

The aspect can only see what is visible in BUILD files. So we need pip_parse to splice it into the BUILD files or for a tool which merges in data form requirements_lock.txt.

The former is more useful, but the latter is easier to get done. For Bazel itself, we are using the maven lock file to add package metadata while building an SBOM. I would have preferred to enhance rules_jvm_external to do the right thing, but there were some difficulties with that.

[mering]

I think it makes sense to use the same mechanism among different package ecosystems. Could you give more insights about how/where it is solved for Maven lock files? And also where the difficulties are in enhancing rules_jvm_external (in order to prepare for similar problems in rules_python or other package ecosystems)?