Github API (to fill if not specified) - APIs are under rate limiting #18
Description
Hi @voltone
Not an issue, just a note about it.
The github API is rate limited (ref https://docs.github.com/en/rest/using-the-rest-api/rate-limits-for-the-rest-api?apiVersion=2022-11-28).
Few months ago we went down the same attempt but rolled back as soon as we tested in CI, we are able to reach the limit (authenticated or not) very soon give the numebre of component an daily build we trigger.
Anyway, the current implementation ignore errors (no matter if conn error, 4xx / 5xx) and fallback to not filling the missing license.
In case of error this will lead to non-deterministic SBOM reports.
I would not make the generation non-deterministic, even more introducing a dependency on an external (rate limited) service.