Description
In some scenarios, like showcasing ORT / onboarding new users or best-effort analyses with a cost / quality tradeoff, it might me desirable to enrich the declared licenses from an analyzer result only then with detected licenses from a scanner if this additional data can be retrieved reasonably cheap.
This could be achieved by a new scanner CLI option called something like --stored-results-only
to only use existing scan results from any of the configured storages matching the configured scanner(s), but not actually run any scanner if no stores scan result is found for a package / provenance.
With such an option, it's important to clearly signal to the user what the cause for non-existing scan results for a package in the scan result is: Whether it's due to no existing stored scan result being available, or because there were no license / copyright findings.