# Legal Report Package: trivy Checkout: 17acbb0d97180dae731acd77452fccde6c47efdb071300aa4d438cd1088e935d ## System Notice Diff to closest match 464370: New unresolved matches in trivy-0.67.2/brand/readme.md and 27 files more Found new license Any reference local (risk 2) not present in old report ## Licenses Note: Report is incomplete, reviewers need to create new license patterns for unmatched keywords or ignore false positive matches. Estimated risks for each file are based on the highest risk snippet. The lower its similarity to existing license patterns, the higher the risk will climb above the predicted license. ### Risk 9 (Unknown) * `vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/cache/cache.go`: 20.4% similarity to "Keyword", estimated risk 9 * `vendor/github.com/dlclark/regexp2/README.processed.md`: 18% similarity to "Apache-2.0", estimated risk 8 * `vendor/buf.build/go/spdx/spdx.gen.processed.go`: 41.6% similarity to "Apache-2.0", estimated risk 7 * `vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud/doc.go`: 21.2% similarity to "Any reference local", estimated risk 7 * `vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.processed.go`: 23.2% similarity to "Any reference local", estimated risk 7 * `trivy-0.67.2/brand/readme.md`: 51.9% similarity to "CC-BY-SA-4.0", estimated risk 6 * `trivy-0.67.2/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/crl.1ssl`: 47% similarity to "OpenSSL", estimated risk 6 * `trivy-0.67.2/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/ecparam.1ssl`: 46.7% similarity to "OpenSSL", estimated risk 6 * `trivy-0.67.2/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/engine.1ssl`: 56.6% similarity to "OpenSSL", estimated risk 6 * `trivy-0.67.2/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/genrsa.processed.1ssl`: 47.1% similarity to "OpenSSL", estimated risk 6 * `trivy-0.67.2/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man7/ct.7ssl`: 56.7% similarity to "OpenSSL", estimated risk 6 * `trivy-0.67.2/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/cms.processed.1ssl`: 46.7% similarity to "OpenSSL", estimated risk 6 * `trivy-0.67.2/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/genpkey.1ssl`: 45.5% similarity to "OpenSSL", estimated risk 6 * `trivy-0.67.2/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/rehash.1ssl`: 45.1% similarity to "OpenSSL", estimated risk 6 * `trivy-0.67.2/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/ts.1ssl`: 46.4% similarity to "OpenSSL", estimated risk 6 * `trivy-0.67.2/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man7/x509.7ssl`: 46.8% similarity to "OpenSSL", estimated risk 6 * `trivy-0.67.2/pkg/fanal/test/testdata/vuln-image/63878f4412bb7032ac4db4a1713c4921981e16643aeba99b92e4b8a2586474e6/layer/usr/share/base-files/motd`: 43.1% similarity to "LGPL-2.0+", estimated risk 6 * `vendor/github.com/CycloneDX/cyclonedx-go/README.processed.md`: 45.1% similarity to "Apache-2.0", estimated risk 6 * `vendor/github.com/bufbuild/buf/private/pkg/tmp/tmp.go`: 55.6% similarity to "Apache-2.0", estimated risk 6 * `vendor/modernc.org/libc/pthread/pthread_darwin_amd64.processed.go`: 61.9% similarity to "APSL-2.0", estimated risk 6 * `vendor/modernc.org/libc/pthread/pthread_illumos_amd64.processed.go`: 68.3% similarity to "CDDL-1.0", estimated risk 6 * `trivy-0.67.2/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/doc/libc6/copyright`: 53.4% similarity to "IETF", estimated risk 5 * `trivy-0.67.2/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/errstr.1ssl`: 59.7% similarity to "OpenSSL", estimated risk 5 * `trivy-0.67.2/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/list.1ssl`: 63% similarity to "OpenSSL", estimated risk 5 * `trivy-0.67.2/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/pkeyparam.1ssl`: 59.1% similarity to "OpenSSL", estimated risk 5 * `trivy-0.67.2/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/ec.1ssl`: 59.6% similarity to "OpenSSL", estimated risk 5 * `trivy-0.67.2/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/ocsp.processed.1ssl`: 60% similarity to "OpenSSL", estimated risk 5 * `trivy-0.67.2/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/speed.1ssl`: 60% similarity to "OpenSSL", estimated risk 5 * `vendor/github.com/gocsaf/csaf/v3/util/set.go`: 66.8% similarity to "Apache-2.0", estimated risk 5 * `vendor/github.com/magefile/mage/CODE_OF_CONDUCT.processed.md`: 51.5% similarity to "Any reference remote", estimated risk 5 * `vendor/modernc.org/libc/netinet/in/in_illumos_amd64.processed.go`: 55.2% similarity to "BSD-3-Clause", estimated risk 5 * `vendor/modernc.org/libc/signal/signal_netbsd_arm.processed.go`: 66.5% similarity to "BSD-4-clause", estimated risk 5 * `vendor/modernc.org/libc/time/time_illumos_amd64.processed.go`: 77% similarity to "CDDL-1.0", estimated risk 5 * `vendor/sigs.k8s.io/kind/pkg/build/nodeimage/internal/container/docker/archive.processed.go`: 63.2% similarity to "Apache-2.0", estimated risk 5 * `trivy-0.67.2/pkg/fanal/test/integration/testdata/goldens/packages/debian-buster.json.golden`: 65.5% similarity to "LGPL-3.0 OR GPL-2.0 OR GPL-3.0", estimated risk 4 * `trivy-0.67.2/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/doc/libc6/copyright`: 78.5% similarity to "BSD-3-Clause", estimated risk 4 * `vendor/github.com/DataDog/zstd/threading.c`: 78.2% similarity to "BSD-Unspecifid AND GPL-2.0", estimated risk 4 * `vendor/github.com/anchore/go-struct-converter/CONTRIBUTING.processed.md`: 74% similarity to "DCO", estimated risk 4 * `vendor/github.com/docker/cli/NOTICE`: 86.4% similarity to "Any floating warranty", estimated risk 4 * `vendor/github.com/google/licenseclassifier/v2/assets/Supplement/CC-BY-4.0/preface.txt`: 71.5% similarity to "CC-BY-4.0", estimated risk 4 * `vendor/github.com/google/licenseclassifier/v2/assets/Supplement/CC-BY-NC-4.0/preface.txt`: 68.4% similarity to "CC-BY-4.0", estimated risk 4 * `vendor/github.com/google/licenseclassifier/v2/assets/Supplement/ImageMagick/usage.txt`: 86.9% similarity to "ImageMagick", estimated risk 4 * `vendor/github.com/spdx/tools-golang/LICENSE.code`: 79.8% similarity to "GPL-2.0+", estimated risk 4 * `vendor/modernc.org/libc/COPYRIGHT-MUSL`: 69.4% similarity to "MIT", estimated risk 4 * `vendor/modernc.org/libc/musl_windows_386.processed.go`: 58.8% similarity to "Any reference local", estimated risk 4 * `vendor/modernc.org/libc/musl_windows_arm64.processed.go`: 69.4% similarity to "MIT", estimated risk 4 * `vendor/modernc.org/libc/signal/signal_freebsd_arm.processed.go`: 70% similarity to "BSD-2-Clause", estimated risk 4 * `trivy-0.67.2/pkg/fanal/analyzer/pkg/dpkg/testdata/all-patterns-copyright`: 92.4% similarity to "GPL-2.0+", estimated risk 3 * `vendor/sigs.k8s.io/json/LICENSE`: 96.6% similarity to "Apache-2.0", estimated risk 3 * `vendor/sigs.k8s.io/kind/pkg/cluster/internal/providers/podman/provider.processed.go`: 99.7% similarity to "Apache-2.0", estimated risk 3 * `vendor/github.com/DataDog/zstd/debug.h`: 95.3% similarity to "BSD-Unspecifid AND GPL-2.0", estimated risk 2 * `trivy-0.67.2/pkg/fanal/analyzer/language/python/packaging/testdata/license-file-dist/typing_extensions-4.4.0.dist-info/LICENSE.txt`: 94.9% similarity to "Python >=2.0.1", estimated risk 1 ### Risk 5 (High) * SSPL-1.0: 1 file ### Risk 4 (High) * APSL-1.1: 3 files * APSL-2.0: 46 files * CDDL-1.0: 22 files * CPL-1.0: 1 file * EPL-Unspecified: 2 files * MPL-1.0: 2 files * MPL-1.1: 2 files ### Risk 3 (Low) * AGPL-3.0+: 2 files * Any CLA: 4 files * Any Copyleft: 2 files * Any Patent: 4 files * Any reciprocal clause: 2 files * Any reference local: 4 files * Any reference remote: 2 files * Apache-2.0: 7589 files * Apache-2.0 AND MIT: 2 files * Apache-2.0 WITH LLVM-exception: 19 files * Artistic-1.0: 1 file * BSD-3-Clause: 56 files * BSD-4-Clause: 84 files * BSD-4-Clause-UC: 44 files * BSD-4-clause: 38 files * CC-BY-3.0: 1 file * CC-BY-SA-4.0: 1 file * GPL-2.0: 3 files * GPL-2.0+: 1 file * GPL-2.0-only WITH Linux-syscall-note: 3 files * GPL-3.0: 7 files * GPL-3.0 WITH GCC-exception-3.1: 92 files * GPL-3.0+: 9 files * GPL-Unspecified: 15 files * ImageMagick: 1 file * LGPL Unspecified: 2 files * LGPL-2.1+: 171 files * MPL-1.1: 2 files * MPL-2.0: 258 files * OLDAP-2.0: 1 file * OpenSSL: 17 files ### Risk 2 (Low) * All Rights Reserved: 751 files * Any floating warranty: 4 files * Any permissive keep free: 1 file * Any reference local: 108 files * BSD-Unspecifid AND GPL-2.0: 70 files * BSD-Unspecified: 2150 files * CC-BY-4.0: 2 files * CC-BY-SA-4.0: 1 file * CDDL-1.0: 18 files * CDDL-1.0.1 OR GPL-2.0 WITH Classpath-exception-2.0: 4 files * CDDL-1.1 OR GPL-2.0 WITH Classpath-exception-2.0: 4 files * ClArtistic: 2 files * GFDL-1.3: 2 files * GPL-1.0+: 2 files * GPL-2.0: 13 files * GPL-2.0+: 60 files * GPL-2.0+ WITH Linux-syscall-note: 5 files * GPL-3.0+: 3 files * IETF: 1 file * LGPL-3.0: 1 file * LGPL-3.0+: 6 files * LGPL-Unspecified: 3 files * LPPL-1.3: 1 file * MIT: 2 files * OLDAP-2.3: 3 files * OpenSSL: 4 files * XFree86: 11 files * bzip2-1.0.6: 1 file * regex: 1 file ### Risk 1 (Low) * Any CLA: 17 files * Any Permissive: 25 files * Any copyright: 2 files * Any distributed with: 13 files * Any floating warranty: 26 files * Any reference local: 268 files * Any reference remote: 1 file * Any trademark: 1 file * Apache-2.0: 2 files * BSD-2-Clause: 254 files * BSD-2-Clause-FreeBSD: 84 files * BSD-3-Clause: 608 files * BSD-4-clause-UC: 135 files * BSL-1.0: 1 file * CC0-1.0: 4 files * DCO: 7 files * GFDL-1.1: 1 file * GFDL-1.2: 6 files * HPND: 1 file * ISC: 41 files * LGPL-2.0+: 5 files * LGPL-2.1: 2 files * LGPL-2.1+: 244 files * MIT: 662 files * Public-Domain: 267 files * Python >=2.0.1: 14 files * Unicode-DFS-2016: 1 file * Unlicense: 1 file * Zlib: 9 files * man pages: 1 file * openSUSE specfile: 1 file ### Risk 0 (Low) * SUSE-FSF: 219 files * Suse Copyright: 15 files ## About This plain text report was generated by Cavil. For more details please consult the HTML and SPDX reports.