# Legal Report Package: trivy Checkout: cdbf0f01cd34ba9d69abc165f1cb9561c3cc8cd09f3c3f24f186ba44617ec872 ## System Notice Diff to closest match 488601: New unresolved matches in trivy-0.68.1/brand/readme.md and 28 files more Found new license Any reference remote (risk 3) not present in old report ## Licenses Note: Report is incomplete, reviewers need to create new license patterns for unmatched keywords or ignore false positive matches. Estimated risks for each file are based on the highest risk snippet. The lower its similarity to existing license patterns, the higher the risk will climb above the predicted license. ### Risk 9 (Unknown) * `vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/cache/cache.go`: 20.4% similarity to "Keyword", estimated risk 9 * `vendor/github.com/dlclark/regexp2/README.processed.md`: 18% similarity to "Apache-2.0", estimated risk 8 * `vendor/buf.build/go/spdx/spdx.gen.processed.go`: 41.6% similarity to "Apache-2.0", estimated risk 7 * `vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud/doc.go`: 21.2% similarity to "Any reference local", estimated risk 7 * `vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.processed.go`: 23.2% similarity to "Any reference local", estimated risk 7 * `trivy-0.68.1/brand/readme.md`: 51.9% similarity to "CC-BY-SA-4.0", estimated risk 6 * `trivy-0.68.1/pkg/fanal/test/testdata/distroless/79a7d2af65570c00b173b9137c3440a7bf23238c3bb340d1f280c16369eb5cf4/layer/usr/share/base-files/motd`: 43.1% similarity to "LGPL-2.0+", estimated risk 6 * `trivy-0.68.1/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/cms.processed.1ssl`: 46.7% similarity to "OpenSSL", estimated risk 6 * `trivy-0.68.1/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/crl.1ssl`: 47% similarity to "OpenSSL", estimated risk 6 * `trivy-0.68.1/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/engine.1ssl`: 56.6% similarity to "OpenSSL", estimated risk 6 * `trivy-0.68.1/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/genpkey.1ssl`: 45.5% similarity to "OpenSSL", estimated risk 6 * `trivy-0.68.1/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/genrsa.processed.1ssl`: 47.1% similarity to "OpenSSL", estimated risk 6 * `trivy-0.68.1/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/rehash.1ssl`: 45.1% similarity to "OpenSSL", estimated risk 6 * `trivy-0.68.1/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/ecparam.1ssl`: 46.7% similarity to "OpenSSL", estimated risk 6 * `trivy-0.68.1/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/ts.1ssl`: 46.4% similarity to "OpenSSL", estimated risk 6 * `trivy-0.68.1/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man7/ct.7ssl`: 56.7% similarity to "OpenSSL", estimated risk 6 * `trivy-0.68.1/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man7/x509.7ssl`: 46.8% similarity to "OpenSSL", estimated risk 6 * `vendor/github.com/CycloneDX/cyclonedx-go/README.processed.md`: 45.1% similarity to "Apache-2.0", estimated risk 6 * `vendor/github.com/bufbuild/buf/private/pkg/tmp/tmp.go`: 55.6% similarity to "Apache-2.0", estimated risk 6 * `vendor/modernc.org/libc/pthread/pthread_darwin_amd64.processed.go`: 61.9% similarity to "APSL-2.0", estimated risk 6 * `vendor/modernc.org/libc/pthread/pthread_illumos_amd64.processed.go`: 68.3% similarity to "CDDL-1.0", estimated risk 6 * `trivy-0.68.1/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/errstr.1ssl`: 59.7% similarity to "OpenSSL", estimated risk 5 * `trivy-0.68.1/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/list.1ssl`: 63% similarity to "OpenSSL", estimated risk 5 * `trivy-0.68.1/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/ocsp.processed.1ssl`: 60% similarity to "OpenSSL", estimated risk 5 * `trivy-0.68.1/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/pkeyparam.1ssl`: 59.1% similarity to "OpenSSL", estimated risk 5 * `trivy-0.68.1/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/doc/libc6/copyright`: 53.4% similarity to "IETF", estimated risk 5 * `trivy-0.68.1/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/ec.1ssl`: 59.6% similarity to "OpenSSL", estimated risk 5 * `trivy-0.68.1/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/speed.1ssl`: 60% similarity to "OpenSSL", estimated risk 5 * `vendor/github.com/cyphar/filepath-securejoin/COPYING.md`: 58.7% similarity to "BSD-3-Clause", estimated risk 5 * `vendor/github.com/gocsaf/csaf/v3/csaf/util.go`: 66.8% similarity to "Apache-2.0", estimated risk 5 * `vendor/github.com/magefile/mage/CODE_OF_CONDUCT.processed.md`: 51.5% similarity to "Any reference remote", estimated risk 5 * `vendor/modernc.org/libc/netinet/in/in_illumos_amd64.processed.go`: 55.2% similarity to "BSD-3-Clause", estimated risk 5 * `vendor/modernc.org/libc/signal/signal_netbsd_arm.processed.go`: 66.5% similarity to "BSD-4-clause", estimated risk 5 * `vendor/modernc.org/libc/time/time_illumos_amd64.processed.go`: 77% similarity to "CDDL-1.0", estimated risk 5 * `vendor/sigs.k8s.io/kind/pkg/build/nodeimage/internal/container/docker/archive.processed.go`: 63.2% similarity to "Apache-2.0", estimated risk 5 * `trivy-0.68.1/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/doc/libc6/copyright`: 63.2% similarity to "PCRE", estimated risk 4 * `vendor/github.com/DataDog/zstd/threading.c`: 78.2% similarity to "BSD-Unspecifid AND GPL-2.0", estimated risk 4 * `vendor/github.com/anchore/go-struct-converter/CONTRIBUTING.processed.md`: 74% similarity to "DCO", estimated risk 4 * `vendor/github.com/docker/cli/NOTICE`: 86.4% similarity to "Any floating warranty", estimated risk 4 * `vendor/github.com/google/licenseclassifier/v2/assets/Supplement/CC-BY-4.0/preface.txt`: 71.5% similarity to "CC-BY-4.0", estimated risk 4 * `vendor/github.com/google/licenseclassifier/v2/assets/Supplement/CC-BY-SA-4.0/preface.txt`: 68.4% similarity to "CC-BY-4.0", estimated risk 4 * `vendor/github.com/google/licenseclassifier/v2/assets/Supplement/ImageMagick/usage.txt`: 86.9% similarity to "ImageMagick", estimated risk 4 * `vendor/github.com/spdx/tools-golang/LICENSE.code`: 79.8% similarity to "GPL-2.0+", estimated risk 4 * `vendor/modernc.org/libc/COPYRIGHT-MUSL`: 69.4% similarity to "MIT", estimated risk 4 * `vendor/modernc.org/libc/musl_windows_amd64.processed.go`: 58.8% similarity to "Any reference local", estimated risk 4 * `vendor/modernc.org/libc/musl_windows_arm64.processed.go`: 69.4% similarity to "MIT", estimated risk 4 * `vendor/modernc.org/libc/signal/signal_freebsd_arm.processed.go`: 70% similarity to "BSD-2-Clause", estimated risk 4 * `trivy-0.68.1/pkg/fanal/analyzer/pkg/dpkg/testdata/all-patterns-copyright`: 92.4% similarity to "GPL-2.0+", estimated risk 3 * `vendor/sigs.k8s.io/json/LICENSE`: 96.6% similarity to "Apache-2.0", estimated risk 3 * `vendor/sigs.k8s.io/kind/pkg/cluster/internal/providers/common/doc.go`: 99.7% similarity to "Apache-2.0", estimated risk 3 * `vendor/github.com/DataDog/zstd/bitstream.processed.h`: 95.3% similarity to "BSD-Unspecifid AND GPL-2.0", estimated risk 2 * `trivy-0.68.1/pkg/fanal/analyzer/language/python/packaging/testdata/license-file-dist/typing_extensions-4.4.0.dist-info/LICENSE.txt`: 94.9% similarity to "Python >=2.0.1", estimated risk 1 ### Risk 5 (High) * SSPL-1.0: 1 file ### Risk 4 (High) * APSL-1.1: 3 files * APSL-2.0: 46 files * CDDL-1.0: 22 files * CPL-1.0: 1 file * EPL-Unspecified: 2 files * MPL-1.0: 2 files * MPL-1.1: 2 files ### Risk 3 (Low) * AGPL-3.0+: 2 files * Any CLA: 4 files * Any Copyleft: 2 files * Any Patent: 4 files * Any reciprocal clause: 2 files * Any reference local: 3 files * Any reference remote: 2 files * Apache-2.0: 7689 files * Apache-2.0 AND MIT: 2 files * Apache-2.0 WITH LLVM-exception: 19 files * Artistic-1.0: 1 file * BSD-3-Clause: 57 files * BSD-4-Clause: 84 files * BSD-4-Clause-UC: 44 files * BSD-4-clause: 38 files * CC-BY-3.0: 1 file * CC-BY-SA-4.0: 1 file * GPL-2.0: 2 files * GPL-2.0+: 1 file * GPL-2.0-only WITH Linux-syscall-note: 3 files * GPL-3.0: 4 files * GPL-3.0 WITH GCC-exception-3.1: 92 files * GPL-3.0+: 3 files * GPL-Unspecified: 15 files * ImageMagick: 1 file * LGPL Unspecified: 2 files * LGPL-2.1+: 171 files * MPL-1.1: 2 files * MPL-2.0: 297 files * OLDAP-2.0: 1 file * OpenSSL: 17 files ### Risk 2 (Low) * All Rights Reserved: 757 files * Any floating warranty: 4 files * Any permissive keep free: 1 file * Any reference local: 108 files * BSD-Unspecifid AND GPL-2.0: 70 files * BSD-Unspecified: 2148 files * CC-BY-4.0: 2 files * CC-BY-SA-4.0: 1 file * CDDL-1.0: 18 files * CDDL-1.0.1 OR GPL-2.0 WITH Classpath-exception-2.0: 4 files * CDDL-1.1 OR GPL-2.0 WITH Classpath-exception-2.0: 4 files * ClArtistic: 2 files * GFDL-1.3: 2 files * GPL-1.0+: 2 files * GPL-2.0: 13 files * GPL-2.0+: 54 files * GPL-2.0+ WITH Linux-syscall-note: 5 files * GPL-3.0+: 3 files * IETF: 1 file * LGPL-3.0: 1 file * LGPL-3.0+: 4 files * LGPL-Unspecified: 3 files * LPPL-1.3: 1 file * MIT: 2 files * OpenSSL: 4 files * XFree86: 11 files * bzip2-1.0.6: 1 file * regex: 1 file ### Risk 1 (Low) * Any CLA: 16 files * Any Permissive: 25 files * Any copyright: 2 files * Any distributed with: 13 files * Any floating warranty: 25 files * Any reference local: 271 files * Any reference remote: 1 file * Any trademark: 1 file * Apache-2.0: 2 files * BSD-2-Clause: 253 files * BSD-2-Clause-FreeBSD: 84 files * BSD-3-Clause: 625 files * BSD-4-clause-UC: 135 files * BSL-1.0: 1 file * CC0-1.0: 4 files * DCO: 7 files * GFDL-1.1: 1 file * GFDL-1.2: 4 files * HPND: 1 file * ISC: 40 files * LGPL-2.0+: 3 files * LGPL-2.1: 1 file * LGPL-2.1+: 238 files * MIT: 640 files * Public-Domain: 267 files * Python >=2.0.1: 11 files * Unicode-DFS-2016: 1 file * Unlicense: 1 file * Zlib: 3 files * man pages: 1 file * openSUSE specfile: 1 file ### Risk 0 (Low) * MPL-2.0: 2 files * SUSE-FSF: 219 files * Suse Copyright: 51 files ## About This plain text report was generated by Cavil. For more details please consult the HTML and SPDX reports.