License scan - trailing and ending spaces in license

[KrzysztofKlubek]

Question

I have a problem after upgrade to 0.58 version - license scan of library org.jvnet.staxex:stax-ex v1.8 returns in output json
"Name": "\n Dual license consisting of the CDDL v1.1 and GPL v2\n ",
and that is ok, that is license in pom.xml, but how can I add this licence to yml config file for classification? I have tried both:
- Dual license consisting of the CDDL v1.1 and GPL v2
- \n Dual license consisting of the CDDL v1.1 and GPL v2\n

and still license is unclasified.
Maybe trailing and ending whitespaces can be removed before printing in json output file and comparing with config in yml?

Target

Filesystem

Scanner

License

Output Format

JSON

Mode

Standalone

Operating System

No response

Version

Version: 0.58.0

[DmitriyLewen]

Hello @KrzysztofKlubek

"\n Dual license consisting of the CDDL v1.1 and GPL v2\n " works for me.

Take a look:

➜ trivy -q fs --scanners license ./pom.xml                          

pom.xml (license)

Total: 2 (UNKNOWN: 1, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)

┌─────────────────────────────┬─────────────────────────────────────────────────────┬────────────────┬──────────┐
│           Package           │                       License                       │ Classification │ Severity │
├─────────────────────────────┼─────────────────────────────────────────────────────┼────────────────┼──────────┤
│ org.jvnet.staxex:stax-ex    │ Dual license consisting of the CDDL v1.1 and GPL v2 │ Non Standard   │ UNKNOWN  │
├─────────────────────────────┼─────────────────────────────────────────────────────┼────────────────┼──────────┤
│ javax.activation:activation │ CDDL-1.0                                            │ Reciprocal     │ MEDIUM   │
└─────────────────────────────┴─────────────────────────────────────────────────────┴────────────────┴──────────┘
➜ cat trivy-config.yaml 
license:
  forbidden:
  - "\n                Dual license consisting of the CDDL v1.1 and GPL v2\n            "                                                                                          ➜ trivy -q fs --scanners license ./pom.xml --config trivy-config.yaml

pom.xml (license)

Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 1)

┌─────────────────────────────┬─────────────────────────────────────────────────────┬────────────────┬──────────┐
│           Package           │                       License                       │ Classification │ Severity │
├─────────────────────────────┼─────────────────────────────────────────────────────┼────────────────┼──────────┤
│ org.jvnet.staxex:stax-ex    │ Dual license consisting of the CDDL v1.1 and GPL v2 │ Forbidden      │ CRITICAL │
├─────────────────────────────┼─────────────────────────────────────────────────────┼────────────────┼──────────┤
│ javax.activation:activation │ CDDL-1.0                                            │ Reciprocal     │ MEDIUM   │
└─────────────────────────────┴─────────────────────────────────────────────────────┴────────────────┴──────────┘

[DmitriyLewen]

Created #8094.