# Legal Report Package: trivy Checkout: cb2920338751c152d41a947b9fd6cb45d9eeab1b7dd982200a808a84b21d32cf ## System Notice Diff to closest match 462355: New unresolved matches in trivy-0.66.0/brand/readme.md and 29 files more Found new license Any reference remote (risk 3) not present in old report Found new license CPL-1.0 (risk 4) not present in old report Found new license LPPL-1.3 (risk 2) not present in old report Found new license OLDAP-2.0 (risk 3) not present in old report Found new license SSPL-1.0 (risk 5) not present in old report ## Licenses Note: Report is incomplete, reviewers need to create new license patterns for unmatched keywords or ignore false positive matches. Estimated risks for each file are based on the highest risk snippet. The lower its similarity to existing license patterns, the higher the risk will climb above the predicted license. ### Risk 9 (Unknown) * `vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/cache/cache.go`: 20.4% similarity to "Keyword", estimated risk 9 * `vendor/github.com/dlclark/regexp2/README.processed.md`: 18% similarity to "Apache-2.0", estimated risk 8 * `vendor/buf.build/go/spdx/spdx.gen.processed.go`: 41.6% similarity to "Apache-2.0", estimated risk 7 * `vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud/doc.go`: 21.2% similarity to "Any reference local", estimated risk 7 * `vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.processed.go`: 23.2% similarity to "Any reference local", estimated risk 7 * `trivy-0.66.0/brand/readme.md`: 51.9% similarity to "CC-BY-SA-4.0", estimated risk 6 * `trivy-0.66.0/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/cms.processed.1ssl`: 46.7% similarity to "OpenSSL", estimated risk 6 * `trivy-0.66.0/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/ecparam.1ssl`: 46.7% similarity to "OpenSSL", estimated risk 6 * `trivy-0.66.0/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/engine.1ssl`: 56.6% similarity to "OpenSSL", estimated risk 6 * `trivy-0.66.0/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/genpkey.1ssl`: 45.5% similarity to "OpenSSL", estimated risk 6 * `trivy-0.66.0/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man7/ct.7ssl`: 56.7% similarity to "OpenSSL", estimated risk 6 * `trivy-0.66.0/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/crl.1ssl`: 47% similarity to "OpenSSL", estimated risk 6 * `trivy-0.66.0/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/genrsa.processed.1ssl`: 47.1% similarity to "OpenSSL", estimated risk 6 * `trivy-0.66.0/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/rehash.1ssl`: 45.1% similarity to "OpenSSL", estimated risk 6 * `trivy-0.66.0/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/ts.1ssl`: 46.4% similarity to "OpenSSL", estimated risk 6 * `trivy-0.66.0/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man7/x509.7ssl`: 46.8% similarity to "OpenSSL", estimated risk 6 * `trivy-0.66.0/pkg/fanal/test/testdata/vuln-image/63878f4412bb7032ac4db4a1713c4921981e16643aeba99b92e4b8a2586474e6/layer/usr/share/base-files/motd`: 43.1% similarity to "LGPL-2.0+", estimated risk 6 * `vendor/github.com/CycloneDX/cyclonedx-go/README.processed.md`: 45.1% similarity to "Apache-2.0", estimated risk 6 * `vendor/github.com/bufbuild/buf/private/pkg/tmp/tmp.go`: 55.6% similarity to "Apache-2.0", estimated risk 6 * `vendor/modernc.org/libc/limits/limits_illumos_amd64.processed.go`: 55.1% similarity to "CDDL-1.0", estimated risk 6 * `vendor/modernc.org/libc/pthread/pthread_darwin_amd64.processed.go`: 61.9% similarity to "APSL-2.0", estimated risk 6 * `vendor/modernc.org/libc/pthread/pthread_illumos_amd64.processed.go`: 68.3% similarity to "CDDL-1.0", estimated risk 6 * `trivy-0.66.0/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/doc/libc6/copyright`: 53.4% similarity to "IETF", estimated risk 5 * `trivy-0.66.0/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/errstr.1ssl`: 59.7% similarity to "OpenSSL", estimated risk 5 * `trivy-0.66.0/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/list.1ssl`: 63% similarity to "OpenSSL", estimated risk 5 * `trivy-0.66.0/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/ocsp.processed.1ssl`: 60% similarity to "OpenSSL", estimated risk 5 * `trivy-0.66.0/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/pkeyparam.1ssl`: 59.1% similarity to "OpenSSL", estimated risk 5 * `trivy-0.66.0/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/ec.1ssl`: 59.6% similarity to "OpenSSL", estimated risk 5 * `trivy-0.66.0/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/speed.1ssl`: 60% similarity to "OpenSSL", estimated risk 5 * `vendor/github.com/gocsaf/csaf/v3/csaf/validation.processed.go`: 66.8% similarity to "Apache-2.0", estimated risk 5 * `vendor/github.com/magefile/mage/CODE_OF_CONDUCT.processed.md`: 51.5% similarity to "Any reference remote", estimated risk 5 * `vendor/modernc.org/libc/COPYRIGHT-MUSL`: 45.8% similarity to "MIT AND BSD-2-Clause", estimated risk 5 * `vendor/modernc.org/libc/musl_windows_amd64.processed.go`: 45.8% similarity to "MIT AND BSD-2-Clause", estimated risk 5 * `vendor/modernc.org/libc/netinet/in/in_illumos_amd64.processed.go`: 55.2% similarity to "BSD-3-Clause", estimated risk 5 * `vendor/modernc.org/libc/signal/signal_netbsd_arm.processed.go`: 66.5% similarity to "BSD-4-clause", estimated risk 5 * `vendor/modernc.org/libc/time/time_illumos_amd64.processed.go`: 77% similarity to "CDDL-1.0", estimated risk 5 * `vendor/modernc.org/libc/unistd/unistd_illumos_amd64.processed.go`: 73.3% similarity to "CDDL-1.0", estimated risk 5 * `vendor/sigs.k8s.io/kind/pkg/build/nodeimage/internal/container/docker/archive.processed.go`: 63.2% similarity to "Apache-2.0", estimated risk 5 * `trivy-0.66.0/pkg/fanal/test/integration/testdata/goldens/packages/debian-buster.json.golden`: 65.5% similarity to "LGPL-3.0 OR GPL-2.0 OR GPL-3.0", estimated risk 4 * `trivy-0.66.0/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/doc/libc6/copyright`: 78.5% similarity to "BSD-3-Clause", estimated risk 4 * `vendor/github.com/DataDog/zstd/threading.c`: 78.2% similarity to "BSD-Unspecifid AND GPL-2.0", estimated risk 4 * `vendor/github.com/anchore/go-struct-converter/CONTRIBUTING.processed.md`: 74% similarity to "DCO", estimated risk 4 * `vendor/github.com/docker/cli/NOTICE`: 86.4% similarity to "Any floating warranty", estimated risk 4 * `vendor/github.com/google/licenseclassifier/v2/assets/Supplement/CC-BY-4.0/preface.txt`: 71.5% similarity to "CC-BY-4.0", estimated risk 4 * `vendor/github.com/google/licenseclassifier/v2/assets/Supplement/CC-BY-SA-4.0/preface.txt`: 68.4% similarity to "CC-BY-4.0", estimated risk 4 * `vendor/github.com/google/licenseclassifier/v2/assets/Supplement/ImageMagick/usage.txt`: 86.9% similarity to "ImageMagick", estimated risk 4 * `vendor/github.com/spdx/tools-golang/LICENSE.code`: 79.8% similarity to "GPL-2.0+", estimated risk 4 * `vendor/modernc.org/libc/musl_windows_386.processed.go`: 58.8% similarity to "Any reference local", estimated risk 4 * `vendor/modernc.org/libc/signal/signal_freebsd_arm.processed.go`: 70% similarity to "BSD-2-Clause", estimated risk 4 * `trivy-0.66.0/pkg/fanal/analyzer/pkg/dpkg/testdata/all-patterns-copyright`: 92.4% similarity to "GPL-2.0+", estimated risk 3 * `vendor/sigs.k8s.io/json/LICENSE`: 96.6% similarity to "Apache-2.0", estimated risk 3 * `vendor/sigs.k8s.io/kind/pkg/cluster/internal/providers/podman/provider.processed.go`: 99.7% similarity to "Apache-2.0", estimated risk 3 * `vendor/github.com/DataDog/zstd/xxhash.processed.h`: 95.3% similarity to "BSD-Unspecifid AND GPL-2.0", estimated risk 2 * `trivy-0.66.0/pkg/fanal/analyzer/language/python/packaging/testdata/license-file-dist/typing_extensions-4.4.0.dist-info/LICENSE.txt`: 94.9% similarity to "Python >=2.0.1", estimated risk 1 ### Risk 5 (High) * SSPL-1.0: 1 file ### Risk 4 (High) * APSL-1.1: 3 files * APSL-2.0: 46 files * CDDL-1.0: 22 files * CPL-1.0: 1 file * EPL-Unspecified: 2 files * MPL-1.0: 2 files * MPL-1.1: 2 files ### Risk 3 (Low) * AGPL-3.0+: 2 files * Any CLA: 4 files * Any Copyleft: 2 files * Any Patent: 4 files * Any reciprocal clause: 2 files * Any reference local: 4 files * Any reference remote: 2 files * Apache-2.0: 7495 files * Apache-2.0 AND MIT: 2 files * Apache-2.0 WITH LLVM-exception: 19 files * Artistic-1.0: 1 file * BSD-3-Clause: 58 files * BSD-4-Clause: 84 files * BSD-4-Clause-UC: 44 files * BSD-4-clause: 38 files * CC-BY-3.0: 1 file * CC-BY-SA-4.0: 1 file * GPL-2.0: 3 files * GPL-2.0+: 1 file * GPL-2.0-only WITH Linux-syscall-note: 3 files * GPL-3.0: 7 files * GPL-3.0 WITH GCC-exception-3.1: 92 files * GPL-3.0+: 9 files * GPL-Unspecified: 15 files * ImageMagick: 1 file * LGPL Unspecified: 2 files * LGPL-2.1+: 171 files * MPL-1.1: 2 files * MPL-2.0: 244 files * OLDAP-2.0: 1 file * OpenSSL: 17 files ### Risk 2 (Low) * All Rights Reserved: 749 files * Any floating warranty: 4 files * Any permissive keep free: 1 file * Any reference local: 105 files * BSD-Unspecifid AND GPL-2.0: 70 files * BSD-Unspecified: 2186 files * CC-BY-4.0: 2 files * CC-BY-SA-4.0: 1 file * CDDL-1.0: 17 files * CDDL-1.0.1 OR GPL-2.0 WITH Classpath-exception-2.0: 4 files * CDDL-1.1 OR GPL-2.0 WITH Classpath-exception-2.0: 4 files * ClArtistic: 2 files * GFDL-1.3: 2 files * GPL-1.0+: 2 files * GPL-2.0: 13 files * GPL-2.0+: 60 files * GPL-2.0+ WITH Linux-syscall-note: 5 files * GPL-3.0+: 3 files * IETF: 1 file * LGPL-3.0: 1 file * LGPL-3.0+: 6 files * LGPL-Unspecified: 3 files * LPPL-1.3: 1 file * OLDAP-2.3: 3 files * OpenSSL: 4 files * XFree86: 11 files * bzip2-1.0.6: 1 file * regex: 1 file ### Risk 1 (Low) * Any CLA: 19 files * Any Permissive: 25 files * Any copyright: 2 files * Any distributed with: 13 files * Any floating warranty: 26 files * Any reference local: 268 files * Any reference remote: 1 file * Any trademark: 1 file * Apache-2.0: 2 files * BSD-2-Clause: 239 files * BSD-2-Clause-FreeBSD: 84 files * BSD-3-Clause: 608 files * BSD-4-clause-UC: 135 files * BSL-1.0: 1 file * CC0-1.0: 4 files * DCO: 7 files * GFDL-1.1: 1 file * GFDL-1.2: 6 files * HPND: 1 file * ISC: 26 files * LGPL-2.0+: 5 files * LGPL-2.1: 2 files * LGPL-2.1+: 244 files * MIT: 637 files * Public-Domain: 267 files * Python >=2.0.1: 14 files * Unicode-DFS-2016: 1 file * Unlicense: 1 file * Zlib: 9 files * man pages: 1 file * openSUSE specfile: 1 file ### Risk 0 (Low) * Any CLA: 1 file * SUSE-FSF: 219 files * Suse Copyright: 15 files ## About This plain text report was generated by Cavil. For more details please consult the HTML and SPDX reports.