Find exact commits of artifacts #430
Description
The Repo Finder allows repositories to be discovered for artifacts that are not already linked to one at analysis time. However, the current implementation typically leads to the most recent version of the source code being analysed, rather than the state that would have been current when the actual artifact was released. Extending the Repo FInder to look for matching meta data, e..g Github tags, will allow more accurate analysis.
It should be noted that this enhancement will be another level of "best effort" on top of the Repo Finder's already "best effort" functionality. For projects where this is still possible, the results should be very useful.