bug(license): Trivy splits licenses that include the WITH separator when determining the category. #9379
Description
Description
Trivy checks licenses that include WITH separator as multiple licenses when determining license category:
➜ cat trivy-full.yaml
license:
notice:
- Similar to Apache License but with the acknowledgment clause removed
- "Similar to Apache License but with the acknowledgment clause removed" ➜ trivy -q fs ./pom.xml --scanners license --table-mode detailed --config ./trivy-full.yaml
pom.xml (license)
Total: 1 (UNKNOWN: 1, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
┌───────────────┬──────────────────────────────────────────────────────────────┬────────────────┬──────────┐
│ Package │ License │ Classification │ Severity │
├───────────────┼──────────────────────────────────────────────────────────────┼────────────────┼──────────┤
│ org.jdom:jdom │ Similar to Apache License but with the acknowledgment clause │ Non Standard │ UNKNOWN │
│ │ removed │ │ │
└───────────────┴──────────────────────────────────────────────────────────────┴────────────────┴──────────┘
➜ cat trivy-separated.yaml
license:
notice:
- Similar to Apache License but
- the acknowledgment clause removed
➜ trivy -q fs ./pom.xml --scanners license --table-mode detailed --config ./trivy-separated.yaml
pom.xml (license)
Total: 1 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
┌───────────────┬──────────────────────────────────────────────────────────────┬────────────────┬──────────┐
│ Package │ License │ Classification │ Severity │
├───────────────┼──────────────────────────────────────────────────────────────┼────────────────┼──────────┤
│ org.jdom:jdom │ Similar to Apache License but with the acknowledgment clause │ Notice │ LOW │
│ │ removed │ │ │
└───────────────┴──────────────────────────────────────────────────────────────┴────────────────┴──────────┘