License exceptions with a plus sign #7833
Closed
javierfreire
started this conversation in
Bugs
Replies: 2 comments 9 replies
-
Thanks. Track #7838 |
Beta Was this translation helpful? Give feedback.
0 replies
-
I don't seem able to reproduce this log output
Is this still an issue or am I missing something? |
Beta Was this translation helpful? Give feedback.
9 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Description
Trivy returns license expressions that contain exceptions with a plus sign. This is invalid according to the spec. The plus sign can be used with a license identifier, not an exception identifier.
Desired Behavior
The SPDX includes licenses with valid expressions
Actual Behavior
Some licenses generated are invalid, like:
MIT AND all-permissive AND GPL-3.0-only WITH autoconf-exception+ AND BSD-2-Clause AND GPL-3.0-only
Reproduction Steps
1. trivy image bitnami/wordpress --format spdx-json | grep autoconf-exception+
Target
None
Scanner
None
Output Format
SPDX
Mode
None
Debug Output
Operating System
Ubuntu 23.04
Version
Checklist
trivy clean --all
Beta Was this translation helpful? Give feedback.
All reactions