Custom License Scanning #6553
Unanswered
AndreMoonster
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Question
Hi all! I have started using Trivy for license scanning, but I am running into a particular issue when comparing results with other license scanners (Mainly Mend and Debricked)
I will use the httpclient-2.8.3 gem as an example, although, it happens with quite a few others that we have seen. httpclient contains a README.md with a ## License section with the below license
This is a custom license that will not be detected by Trivy license scanner, as I imagine it does not match any patterns. Just to make sure, I replaced the text with a standard MIT license and the Trivy scanner then detected it.
Considering the other 2 tools I mentioned did detect the above as a Ruby license, I was expecting Trivy to at least detect an 'unknown' license, but the report completely leaves out this file. I was wondering if or how it would be possible to add in some kind of custom check with Trivy for the above? I played around with both the --generate-default-config (by adding a few random keywords) and played around a bit with custom rego checks, but have ultimately been unsuccessful.
Is there anyone who has run into a similar issue and knows how to get this file checked? Any help will be much appreciated! :)
Target
Filesystem
Scanner
License
Output Format
JSON
Mode
Standalone
Operating System
Windows 11
Version
Beta Was this translation helpful? Give feedback.
All reactions