# Legal Report Package: trivy Checkout: 1901ecd77018a9e9571b5e53df8e678c87a1f734550691a5b989d5d7cb425715 Unpacked: 31453 files (522MiB) ## System Notice Diff to closest match 495545: Found new unresolved matches in vendor/github.com/gocsaf/csaf/v3/csaf/advisory.processed.go ## Licenses **Warning** Elevated risk, package might contain incompatible licenses: GPL-2.0-only, Apache-2.0 Note: Report is incomplete, reviewers need to create new license patterns for unmatched keywords or ignore false positive matches. Estimated risks for each file are based on the highest risk snippet. The lower its similarity to existing license patterns, the higher the risk will climb above the predicted license. ### Risk 9 (Unknown) * `vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/cache/cache.go`: 20.4% similarity to "Keyword", estimated risk 9 * `vendor/github.com/dlclark/regexp2/README.processed.md`: 18% similarity to "Apache-2.0", estimated risk 8 * `vendor/buf.build/go/spdx/spdx.gen.processed.go`: 41.6% similarity to "Apache-2.0", estimated risk 7 * `vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud/doc.go`: 21.2% similarity to "Any reference local", estimated risk 7 * `vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.processed.go`: 23.2% similarity to "Any reference local", estimated risk 7 * `trivy-0.68.2/brand/readme.md`: 51.9% similarity to "CC-BY-SA-4.0", estimated risk 6 * `trivy-0.68.2/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/ecparam.1ssl`: 46.7% similarity to "OpenSSL", estimated risk 6 * `trivy-0.68.2/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/genpkey.1ssl`: 45.5% similarity to "OpenSSL", estimated risk 6 * `trivy-0.68.2/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/genrsa.processed.1ssl`: 47.1% similarity to "OpenSSL", estimated risk 6 * `trivy-0.68.2/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/ts.1ssl`: 46.4% similarity to "OpenSSL", estimated risk 6 * `trivy-0.68.2/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man7/x509.7ssl`: 46.8% similarity to "OpenSSL", estimated risk 6 * `trivy-0.68.2/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/cms.processed.1ssl`: 46.7% similarity to "OpenSSL", estimated risk 6 * `trivy-0.68.2/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/crl.1ssl`: 47% similarity to "OpenSSL", estimated risk 6 * `trivy-0.68.2/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/engine.1ssl`: 56.6% similarity to "OpenSSL", estimated risk 6 * `trivy-0.68.2/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/rehash.1ssl`: 45.1% similarity to "OpenSSL", estimated risk 6 * `trivy-0.68.2/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man7/ct.7ssl`: 56.7% similarity to "OpenSSL", estimated risk 6 * `trivy-0.68.2/pkg/fanal/test/testdata/vuln-image/63878f4412bb7032ac4db4a1713c4921981e16643aeba99b92e4b8a2586474e6/layer/usr/share/base-files/motd`: 43.1% similarity to "LGPL-2.0-or-later", estimated risk 6 * `vendor/github.com/CycloneDX/cyclonedx-go/README.processed.md`: 45.1% similarity to "Apache-2.0", estimated risk 6 * `vendor/github.com/bufbuild/buf/private/pkg/tmp/tmp.go`: 55.6% similarity to "Apache-2.0", estimated risk 6 * `vendor/modernc.org/libc/pthread/pthread_darwin_amd64.processed.go`: 61.9% similarity to "APSL-2.0", estimated risk 6 * `vendor/modernc.org/libc/pthread/pthread_illumos_amd64.processed.go`: 68.3% similarity to "CDDL-1.0", estimated risk 6 * `trivy-0.68.2/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/ec.1ssl`: 59.6% similarity to "OpenSSL", estimated risk 5 * `trivy-0.68.2/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/errstr.1ssl`: 59.7% similarity to "OpenSSL", estimated risk 5 * `trivy-0.68.2/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/man/man1/ocsp.processed.1ssl`: 60% similarity to "OpenSSL", estimated risk 5 * `trivy-0.68.2/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/doc/libc6/copyright`: 53.4% similarity to "IETF", estimated risk 5 * `trivy-0.68.2/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/list.1ssl`: 63% similarity to "OpenSSL", estimated risk 5 * `trivy-0.68.2/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/pkeyparam.1ssl`: 59.1% similarity to "OpenSSL", estimated risk 5 * `trivy-0.68.2/pkg/fanal/test/testdata/vuln-image/442a194bb9cf15e70a45e22d1e439f67caec3d5997ba2a38169d8bdd3e06138b/layer/usr/share/man/man1/speed.1ssl`: 60% similarity to "OpenSSL", estimated risk 5 * `vendor/github.com/cyphar/filepath-securejoin/COPYING.md`: 58.7% similarity to "BSD-3-Clause", estimated risk 5 * `vendor/github.com/gocsaf/csaf/v3/csaf/advisory.processed.go`: 66.8% similarity to "Apache-2.0", estimated risk 5 * `vendor/github.com/magefile/mage/CODE_OF_CONDUCT.processed.md`: 51.5% similarity to "Any reference remote", estimated risk 5 * `vendor/modernc.org/libc/netinet/in/in_illumos_amd64.processed.go`: 55.2% similarity to "BSD-3-Clause", estimated risk 5 * `vendor/modernc.org/libc/signal/signal_netbsd_arm.processed.go`: 66.5% similarity to "BSD-4-clause", estimated risk 5 * `vendor/modernc.org/libc/time/time_illumos_amd64.processed.go`: 77% similarity to "CDDL-1.0", estimated risk 5 * `vendor/sigs.k8s.io/kind/pkg/build/nodeimage/internal/container/docker/archive.processed.go`: 63.2% similarity to "Apache-2.0", estimated risk 5 * `trivy-0.68.2/pkg/fanal/test/testdata/distroless/a7401a0e90dc2e2da3ab9d778b3bf4d6e6c643c99c65020eeb587d4a8f152370/layer/usr/share/doc/libc6/copyright`: 60.7% similarity to "BSD-3-Clause", estimated risk 4 * `vendor/github.com/DataDog/zstd/threading.c`: 78.2% similarity to "BSD-Unspecifid AND GPL-2.0", estimated risk 4 * `vendor/github.com/anchore/go-struct-converter/CONTRIBUTING.processed.md`: 74% similarity to "DCO", estimated risk 4 * `vendor/github.com/docker/cli/NOTICE`: 86.4% similarity to "Any floating warranty", estimated risk 4 * `vendor/github.com/google/licenseclassifier/v2/assets/Supplement/CC-BY-4.0/preface.txt`: 71.5% similarity to "CC-BY-4.0", estimated risk 4 * `vendor/github.com/google/licenseclassifier/v2/assets/Supplement/CC-BY-NC-4.0/preface.txt`: 68.4% similarity to "CC-BY-4.0", estimated risk 4 * `vendor/github.com/google/licenseclassifier/v2/assets/Supplement/ImageMagick/usage.txt`: 86.9% similarity to "ImageMagick", estimated risk 4 * `vendor/github.com/spdx/tools-golang/LICENSE.code`: 79.8% similarity to "GPL-2.0-or-later", estimated risk 4 * `vendor/modernc.org/libc/COPYRIGHT-MUSL`: 69.4% similarity to "MIT", estimated risk 4 * `vendor/modernc.org/libc/musl_windows_386.processed.go`: 69.4% similarity to "MIT", estimated risk 4 * `vendor/modernc.org/libc/musl_windows_arm64.processed.go`: 58.8% similarity to "Any reference local", estimated risk 4 * `vendor/modernc.org/libc/signal/signal_freebsd_arm.processed.go`: 70% similarity to "BSD-2-Clause", estimated risk 4 * `trivy-0.68.2/pkg/fanal/analyzer/pkg/dpkg/testdata/all-patterns-copyright`: 92.4% similarity to "GPL-2.0-or-later", estimated risk 3 * `vendor/sigs.k8s.io/json/LICENSE`: 96.6% similarity to "Apache-2.0", estimated risk 3 * `vendor/sigs.k8s.io/kind/pkg/cluster/internal/providers/common/doc.go`: 99.7% similarity to "Apache-2.0", estimated risk 3 * `vendor/github.com/DataDog/zstd/fse_decompress.processed.c`: 95.3% similarity to "BSD-Unspecifid AND GPL-2.0", estimated risk 2 * `trivy-0.68.2/pkg/fanal/analyzer/language/python/packaging/testdata/license-file-dist/typing_extensions-4.4.0.dist-info/LICENSE.txt`: 94.9% similarity to "Python >=2.0.1", estimated risk 1 ### Risk 5 (High) * SSPL-1.0: 1 file ### Risk 4 (High) * APSL-1.1: 3 files * APSL-2.0: 46 files * CDDL-1.0: 22 files * CPL-1.0: 1 file * EPL-Unspecified: 2 files * MPL-1.0: 2 files * MPL-1.1: 2 files ### Risk 3 (Low) * AGPL-3.0-or-later: 2 files * Any CLA: 4 files * Any Copyleft: 2 files * Any Patent: 4 files * Any reciprocal clause: 2 files * Any reference local: 4 files * Any reference remote: 2 files * Apache-2.0: 7689 files * Apache-2.0 AND MIT: 2 files * Apache-2.0 WITH LLVM-exception: 19 files * Artistic-1.0: 1 file * BSD-3-Clause: 57 files * BSD-4-Clause: 84 files * BSD-4-Clause-UC: 44 files * BSD-4-clause: 38 files * CC-BY-3.0: 1 file * CC-BY-SA-4.0: 1 file * GPL-2.0-only: 2 files * GPL-2.0-or-later: 1 file * GPL-2.0-only WITH Linux-syscall-note: 3 files * GPL-3.0-only: 4 files * GPL-3.0-only WITH GCC-exception-3.1: 92 files * GPL-3.0-or-later: 3 files * GPL-Unspecified: 15 files * ImageMagick: 1 file * LGPL Unspecified: 2 files * LGPL-2.1-or-later: 171 files * MPL-1.1: 2 files * MPL-2.0: 297 files * OLDAP-2.0: 1 file * OpenSSL: 17 files ### Risk 2 (Low) * All Rights Reserved: 758 files * Any floating warranty: 4 files * Any permissive keep free: 1 file * Any reference local: 108 files * BSD-Unspecifid AND GPL-2.0: 70 files * BSD-Unspecified: 2148 files * CC-BY-4.0: 2 files * CC-BY-SA-4.0: 1 file * CDDL-1.0: 18 files * CDDL-1.0.1 OR GPL-2.0 WITH Classpath-exception-2.0: 4 files * CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0: 4 files * ClArtistic: 2 files * GFDL-1.3-only: 2 files * GPL-1.0-or-later: 2 files * GPL-2.0-only: 13 files * GPL-2.0-or-later: 54 files * GPL-2.0-or-later WITH Linux-syscall-note: 5 files * GPL-3.0-or-later: 3 files * IETF: 1 file * LGPL-3.0-only: 1 file * LGPL-3.0-or-later: 4 files * LGPL-Unspecified: 3 files * LPPL-1.3: 1 file * MIT: 2 files * OpenSSL: 4 files * XFree86: 11 files * bzip2-1.0.6: 1 file * regex: 1 file ### Risk 1 (Low) * Any CLA: 16 files * Any Permissive: 25 files * Any copyright: 2 files * Any distributed with: 13 files * Any floating warranty: 25 files * Any reference local: 271 files * Any reference remote: 1 file * Any trademark: 1 file * Apache-2.0: 2 files * BSD-2-Clause: 253 files * BSD-2-Clause-FreeBSD: 84 files * BSD-3-Clause: 625 files * BSD-4-clause-UC: 135 files * BSL-1.0: 1 file * CC0-1.0: 4 files * DCO: 7 files * GFDL-1.1-only: 1 file * GFDL-1.2-only: 4 files * HPND: 1 file * ISC: 40 files * LGPL-2.0-or-later: 3 files * LGPL-2.1-only: 1 file * LGPL-2.1-or-later: 238 files * MIT: 640 files * Public-Domain: 267 files * Python >=2.0.1: 11 files * Unicode-DFS-2016: 1 file * Unlicense: 1 file * Zlib: 3 files * man pages: 1 file * openSUSE specfile: 1 file ### Risk 0 (Low) * MPL-2.0: 2 files * SUSE-FSF: 219 files * Suse Copyright: 51 files ## About This plain text report was generated by Cavil. For more details please consult the HTML and SPDX reports.