Optionally include Copyrights/Notices in scan results

[anders-swanson]

Is it possible for Trivy to include Copyrights and/or Notice texts in scan results, if they are present? This could be a helpful compliance feature.

[omkarparkhe]

I agree with @anders-swanson. It would be very help in terms license compliance and also benefits the user/developer to readily consume a notices file with all the relevant licenses and copyright data from the SBOM generated by Trivy.

[PeterBurner]

I also think this would be a valuable feature.

Many licenses contain a copyright notice. It usually consists of a copyright holder and a year or version number. Most of these licenses (like MIT, Apache, GPL, LGPL, MPL, etc.) do require you to reproduce the copyright notice(s) of the original authors and any subsequent contributors when you distribute the software. This is usually a core condition of the license.
Popular SBOM formats even specify a dedicated field for the copyright notice (CycloneDX --> Copyright, SPDX --> copyrightText, ...).

Unfortunately Trivy currently does not exposed this information in any way.

[BjoernSaja]

Basically these parts: