gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-12 15:50:15 -08:00
Code Issues Packages Projects Releases Wiki Activity

feat(license): improve work text licenses with custom classification (#8888)

Browse Source 
Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
This commit is contained in:
DmitriyLewen
2025-05-22 17:53:15 +06:00
committed by GitHub
parent cae79d637d
commit ee522300b7
5 changed files with 122 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
docs/docs/scanner/license.md
View File

@@ -342,6 +342,28 @@ license:
permissive: []
```
#### Text licenses
By default, Trivy categorizes a license as UNKNOWN if it cannot determine the license name from the license text.
To define a category for a text license, you need to add license with the `text://` prefix to license classification.
For example:
```yaml
license:
forbidden:
- "text://Text of Apache Software Foundation License"
```
But a text license can by large. So for these cases Trivy supports using `regex` in license classification.
For example:
```yaml
license:
forbidden:
- "text://.* Apache Software .*"
```
!!! note
`regex` is only used for text licenses and can't be used to configure license IDs.
[^1]: See the list of supported language files [here](../coverage/language/index.md).
[^2]: Some lock files require additional files (e.g. files from the cache directory) to detect licenses. Check [coverage][coverage] for more information.