Scanning repository for license via docker #6318
-
QuestionI want to scan repositories for licenses. I installed Trivy locally with Brew and ran: I received JSON output with license for each package. Then I tried to use docker. I ran: I received JSON output with a license for each package. But in that case JSON output is much smaller than previous. For some repositories docker version didn't have any output(e.g. https://github.com/projectdiscovery/nuclei). Is it a bug? Can I scan repositories for licenses via docker? TargetGit Repository ScannerLicense Output FormatJSON ModeClient/Server Operating SystemmacOS Monterey VersionVersion: 0.49.1
Vulnerability DB:
Version: 2
UpdatedAt: 2024-03-13 06:10:47.882543858 +0000 UTC
NextUpdate: 2024-03-13 12:10:47.882543548 +0000 UTC
DownloadedAt: 2024-03-13 08:27:31.979966 +0000 UTC |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 4 replies
-
Hello @NikolayPopovDev We use Therefore, when you use docker image, Trivy may skip licenses for dependencies because cache directory doesn't contain those dependencies. Regards, Dmitriy |
Beta Was this translation helpful? Give feedback.
Hello @NikolayPopovDev
Thanks for your interest to Trivy!
We use
Go
cache dir to detect licenses forGo
packages - https://aquasecurity.github.io/trivy/v0.49/docs/coverage/language/golang/#go-modulesTherefore, when you use docker image, Trivy may skip licenses for dependencies because cache directory doesn't contain those dependencies.
Regards, Dmitriy