# Legal Report Package: trivy Checkout: 32dbe3d53a36c812a53360b1b8992232303450539a332910d2327dac62ccc371 Unpacked: 31994 files (525MiB) ## System Notice Diff to closest match 495637: Found new unresolved matches in vendor/github.com/open-policy-agent/opa/internal/semver/semver.go and 1 other file ## Licenses **Warning** Elevated risk, package might contain incompatible licenses: GPL-2.0-only, Apache-2.0 Note: Report is incomplete, reviewers need to create new license patterns for unmatched keywords or ignore false positive matches. Estimated risks for each file are based on the highest risk snippet. The lower its similarity to existing license patterns, the higher the risk will climb above the predicted license. ### Risk 9 (Unknown) * `vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/cache/cache.go`: 20.4% similarity to "Keyword", estimated risk 9 * `vendor/github.com/dlclark/regexp2/README.processed.md`: 18% similarity to "Apache-2.0", estimated risk 8 * `vendor/buf.build/go/spdx/spdx.gen.processed.go`: 41.6% similarity to "Apache-2.0", estimated risk 7 * `vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud/doc.go`: 21.2% similarity to "Any reference local", estimated risk 7 * `vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.processed.go`: 23.2% similarity to "Any reference local", estimated risk 7 * `trivy-0.69.0/brand/readme.md`: 51.9% similarity to "CC-BY-SA-4.0", estimated risk 6 * `trivy-0.69.0/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/crl.1ssl`: 47% similarity to "OpenSSL", estimated risk 6 * `trivy-0.69.0/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/genpkey.1ssl`: 45.5% similarity to "OpenSSL", estimated risk 6 * `trivy-0.69.0/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/ts.1ssl`: 46.4% similarity to "OpenSSL", estimated risk 6 * `trivy-0.69.0/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/cms.processed.1ssl`: 46.7% similarity to "OpenSSL", estimated risk 6 * `trivy-0.69.0/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/ecparam.1ssl`: 46.7% similarity to "OpenSSL", estimated risk 6 * `trivy-0.69.0/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/engine.1ssl`: 56.6% similarity to "OpenSSL", estimated risk 6 * `trivy-0.69.0/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/genrsa.processed.1ssl`: 47.1% similarity to "OpenSSL", estimated risk 6 * `trivy-0.69.0/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/rehash.1ssl`: 45.1% similarity to "OpenSSL", estimated risk 6 * `trivy-0.69.0/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man7/ct.7ssl`: 56.7% similarity to "OpenSSL", estimated risk 6 * `trivy-0.69.0/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man7/x509.7ssl`: 46.8% similarity to "OpenSSL", estimated risk 6 * `trivy-0.69.0/pkg/fanal/test/testdata/vuln-image/63878f4412bb7032ac4db4a1713c4921981e16643aeba99b92e4b8a2586474e6/layer/usr/share/base-files/motd`: 43.1% similarity to "LGPL-2.0-or-later", estimated risk 6 * `vendor/github.com/CycloneDX/cyclonedx-go/README.processed.md`: 45.1% similarity to "Apache-2.0", estimated risk 6 * `vendor/github.com/bufbuild/buf/private/pkg/tmp/tmp.go`: 55.6% similarity to "Apache-2.0", estimated risk 6 * `vendor/github.com/open-policy-agent/opa/internal/semver/semver.go`: 43.8% similarity to "Apache-2.0", estimated risk 6 * `vendor/modernc.org/libc/pthread/pthread_darwin_amd64.processed.go`: 61.9% similarity to "APSL-2.0", estimated risk 6 * `vendor/modernc.org/libc/pthread/pthread_illumos_amd64.processed.go`: 68.3% similarity to "CDDL-1.0", estimated risk 6 * `trivy-0.69.0/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/doc/libc6/copyright`: 53.4% similarity to "IETF", estimated risk 5 * `trivy-0.69.0/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/errstr.1ssl`: 59.7% similarity to "OpenSSL", estimated risk 5 * `trivy-0.69.0/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/list.1ssl`: 63% similarity to "OpenSSL", estimated risk 5 * `trivy-0.69.0/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/pkeyparam.1ssl`: 59.1% similarity to "OpenSSL", estimated risk 5 * `trivy-0.69.0/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/speed.1ssl`: 60% similarity to "OpenSSL", estimated risk 5 * `trivy-0.69.0/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/ec.1ssl`: 59.6% similarity to "OpenSSL", estimated risk 5 * `trivy-0.69.0/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/ocsp.processed.1ssl`: 60% similarity to "OpenSSL", estimated risk 5 * `vendor/github.com/cyphar/filepath-securejoin/COPYING.md`: 58.7% similarity to "BSD-3-Clause", estimated risk 5 * `vendor/github.com/gocsaf/csaf/v3/internal/misc/doc.go`: 66.8% similarity to "Apache-2.0", estimated risk 5 * `vendor/github.com/magefile/mage/CODE_OF_CONDUCT.processed.md`: 51.5% similarity to "Any reference remote", estimated risk 5 * `vendor/modernc.org/libc/netinet/in/in_illumos_amd64.processed.go`: 55.2% similarity to "BSD-3-Clause", estimated risk 5 * `vendor/modernc.org/libc/signal/signal_netbsd_arm.processed.go`: 66.5% similarity to "BSD-4-clause", estimated risk 5 * `vendor/modernc.org/libc/time/time_illumos_amd64.processed.go`: 77% similarity to "CDDL-1.0", estimated risk 5 * `vendor/sigs.k8s.io/kind/pkg/build/nodeimage/internal/container/docker/doc.go`: 63.2% similarity to "Apache-2.0", estimated risk 5 * `trivy-0.69.0/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/doc/libc6/copyright`: 60.7% similarity to "BSD-3-Clause", estimated risk 4 * `vendor/github.com/DataDog/zstd/threading.h`: 78.2% similarity to "BSD-Unspecifid AND GPL-2.0", estimated risk 4 * `vendor/github.com/anchore/go-struct-converter/CONTRIBUTING.processed.md`: 74% similarity to "DCO", estimated risk 4 * `vendor/github.com/docker/cli/NOTICE`: 86.4% similarity to "Any floating warranty", estimated risk 4 * `vendor/github.com/google/licenseclassifier/v2/assets/Supplement/CC-BY-4.0/preface.txt`: 71.5% similarity to "CC-BY-4.0", estimated risk 4 * `vendor/github.com/google/licenseclassifier/v2/assets/Supplement/CC-BY-NC-4.0/preface.txt`: 68.4% similarity to "CC-BY-4.0", estimated risk 4 * `vendor/github.com/google/licenseclassifier/v2/assets/Supplement/ImageMagick/usage.txt`: 86.9% similarity to "ImageMagick", estimated risk 4 * `vendor/github.com/segmentio/asm/LICENSE`: 82.7% similarity to "MIT-0", estimated risk 4 * `vendor/github.com/spdx/tools-golang/LICENSE.code`: 79.8% similarity to "GPL-2.0-or-later", estimated risk 4 * `vendor/modernc.org/libc/COPYRIGHT-MUSL`: 69.4% similarity to "MIT", estimated risk 4 * `vendor/modernc.org/libc/musl_windows_386.processed.go`: 69.4% similarity to "MIT", estimated risk 4 * `vendor/modernc.org/libc/signal/signal_freebsd_arm.processed.go`: 70% similarity to "BSD-2-Clause", estimated risk 4 * `trivy-0.69.0/pkg/fanal/analyzer/pkg/dpkg/testdata/all-patterns-copyright`: 92.4% similarity to "GPL-2.0-or-later", estimated risk 3 * `vendor/sigs.k8s.io/json/LICENSE`: 96.6% similarity to "Apache-2.0", estimated risk 3 * `vendor/sigs.k8s.io/kind/pkg/cluster/internal/providers/docker/node.go`: 99.7% similarity to "Apache-2.0", estimated risk 3 * `vendor/github.com/DataDog/zstd/huf.processed.h`: 95.3% similarity to "BSD-Unspecifid AND GPL-2.0", estimated risk 2 * `trivy-0.69.0/pkg/fanal/analyzer/language/python/packaging/testdata/license-file-dist/typing_extensions-4.4.0.dist-info/LICENSE.txt`: 94.9% similarity to "Python >=2.0.1", estimated risk 1 ### Risk 5 (High) * SSPL-1.0: 1 file ### Risk 4 (High) * APSL-1.1: 3 files * APSL-2.0: 46 files * CDDL-1.0: 22 files * CPL-1.0: 1 file * EPL-Unspecified: 2 files * MPL-1.0: 2 files * MPL-1.1: 2 files ### Risk 3 (Low) * AGPL-3.0-or-later: 2 files * Any CLA: 4 files * Any Copyleft: 2 files * Any Patent: 4 files * Any reciprocal clause: 2 files * Any reference local: 4 files * Any reference remote: 2 files * Apache-2.0: 7800 files * Apache-2.0 AND MIT: 3 files * Apache-2.0 WITH LLVM-exception: 19 files * Artistic-1.0: 1 file * BSD-3-Clause: 58 files * BSD-4-Clause: 84 files * BSD-4-Clause-UC: 44 files * BSD-4-clause: 38 files * CC-BY-3.0: 1 file * CC-BY-SA-4.0: 1 file * GPL-2.0-only: 2 files * GPL-2.0-or-later: 1 file * GPL-2.0-only WITH Linux-syscall-note: 3 files * GPL-3.0-only: 4 files * GPL-3.0-only WITH GCC-exception-3.1: 92 files * GPL-3.0-or-later: 3 files * GPL-Unspecified: 15 files * ImageMagick: 1 file * LGPL Unspecified: 3 files * LGPL-2.1-or-later: 171 files * MPL-1.1: 2 files * MPL-2.0: 297 files * OLDAP-2.0: 1 file * OpenSSL: 17 files ### Risk 2 (Low) * All Rights Reserved: 758 files * Any floating warranty: 4 files * Any permissive keep free: 1 file * Any reference local: 108 files * BSD-Unspecifid AND GPL-2.0: 70 files * BSD-Unspecified: 2147 files * CC-BY-4.0: 2 files * CC-BY-SA-4.0: 1 file * CDDL-1.0: 18 files * CDDL-1.0.1 OR GPL-2.0 WITH Classpath-exception-2.0: 4 files * CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0: 4 files * ClArtistic: 2 files * GFDL-1.3-only: 2 files * GPL-1.0-or-later: 2 files * GPL-2.0-only: 13 files * GPL-2.0-or-later: 54 files * GPL-2.0-or-later WITH Linux-syscall-note: 5 files * GPL-3.0-or-later: 3 files * IETF: 1 file * LGPL-3.0-only: 1 file * LGPL-3.0-or-later: 4 files * LGPL-Unspecified: 3 files * LPPL-1.3: 1 file * MIT: 2 files * OpenSSL: 4 files * XFree86: 11 files * bzip2-1.0.6: 1 file * regex: 1 file ### Risk 1 (Low) * Any CLA: 16 files * Any Permissive: 25 files * Any copyright: 2 files * Any distributed with: 13 files * Any floating warranty: 25 files * Any reference local: 271 files * Any reference remote: 1 file * Any trademark: 1 file * Apache-2.0: 2 files * BSD-2-Clause: 253 files * BSD-2-Clause-FreeBSD: 84 files * BSD-3-Clause: 629 files * BSD-4-clause-UC: 135 files * BSL-1.0: 1 file * CC0-1.0: 4 files * DCO: 7 files * GFDL-1.1-only: 1 file * GFDL-1.2-only: 4 files * HPND: 1 file * ISC: 40 files * LGPL-2.0-or-later: 3 files * LGPL-2.1-only: 1 file * LGPL-2.1-or-later: 238 files * MIT: 654 files * Public-Domain: 266 files * Python >=2.0.1: 11 files * Unicode-DFS-2016: 1 file * Unlicense: 1 file * Zlib: 3 files * man pages: 1 file * openSUSE specfile: 1 file ### Risk 0 (Low) * MPL-2.0: 2 files * SUSE-FSF: 219 files * Suse Copyright: 51 files ## About This plain text report was generated by Cavil. For more details please consult the HTML and SPDX reports.