Which scanning method identifies potential license compliance issues?

Dependency scanning is the correct choice for identifying potential license compliance issues because it analyzes the dependencies within a project to determine if any of them have licenses that may not be compatible with the project's license or could pose legal risks. This scanning method automatically checks the various third-party libraries and packages used in the project, providing insights into licensing obligations and potential conflicts.

The process involves examining the metadata associated with these dependencies, which includes details about the license under which each dependency is distributed. By doing so, dependency scanning helps developers understand their legal responsibilities concerning open-source software, ensuring that the project remains compliant with relevant licensing requirements. This proactive approach can save organizations from potential legal issues that might arise from improper license usage.

Other methods such as container scanning focus more on security vulnerabilities within container images rather than license compliance, while security test scanning assesses overall security flaws and code quality checking evaluates the standard and maintainability of the code itself. Thus, dependency scanning stands out as the specific method for addressing license compliance concerns.