feat(license): improve work with custom classification of licenses from config file (#8861)

pkg/licensing/scanner.go

@@ -1,11 +1,10 @@
 package licensing
 
 import (
-	"slices"
-
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
 	"github.com/aquasecurity/trivy/pkg/fanal/types"
 	"github.com/aquasecurity/trivy/pkg/licensing/expression"
+	"github.com/aquasecurity/trivy/pkg/set"
 )
 
 type ScannerOption struct {
@@ -22,17 +21,14 @@ func NewScanner(categories map[types.LicenseCategory][]string) Scanner {
 }
 
 func (s *Scanner) Scan(licenseName string) (types.LicenseCategory, string) {
-	normalized := NormalizeLicense(expression.SimpleExpr{License: licenseName})
-	var normalizedName string
-	switch normalized := normalized.(type) {
-	case expression.SimpleExpr:
-		normalizedName = normalized.License
-	case expression.CompoundExpr:
-		normalizedName = normalized.String()
+	expr := NormalizeLicense(expression.SimpleExpr{License: licenseName})
+	normalizedNames := set.New(expr.String()) // The license name with suffix (e.g. AGPL-1.0-or-later)
+	if se, ok := expr.(expression.SimpleExpr); ok {
+		normalizedNames.Append(se.License) // Also accept the license name without suffix (e.g. AGPL-1.0)
 	}
 
 	for category, names := range s.categories {
-		if slices.Contains(names, normalizedName) {
+		if normalizedNames.Intersection(set.New(names...)).Size() > 0 {
 			return category, categoryToSeverity(category).String()
 		}
 	}

pkg/licensing/scanner_test.go

@@ -42,6 +42,17 @@ func TestScanner_Scan(t *testing.T) {
 			wantCategory: types.CategoryForbidden,
 			wantSeverity: "CRITICAL",
 		},
+		{
+			name: "`categories` contains license with suffix",
+			categories: map[types.LicenseCategory][]string{
+				types.CategoryNotice: {
+					"LGPL-2.0-only",
+				},
+			},
+			licenseName:  "LGPL-2.0-only",
+			wantCategory: types.CategoryNotice,
+			wantSeverity: "LOW",
+		},
 		{
 			name: "restricted",
 			categories: map[types.LicenseCategory][]string{