Notices Report from the Docker Scan Plugin display unnecessary text

lpopescu · ‎Jul 29, 2019

Notices Report from the Docker Scan Plugin display unnecessary text.

In FNCI 2019.R2 after running a scan of a docker container, and generating a Notices Report, the report contains additional, not necessary, information.

ex1:

The component title is specified as such:

@elastic/filesaver 1.1.2 [Found inside docker3610470980375742434.tar] (MIT)

"Found inside docker3610470980375742434.tar" is not necessary, since is a temporary file.

ex2:

"The following text is found in file:LICENSE at /tmp/a7584510-7e15-40aa-b330-053ba4bc872c/-1284141453/usr/share/kibana/node_modules/@elastic/numeral/LICENSE"

This text belongs in the "Internal Auditing Notes" and not in the "Notices Report". Also this is a temporary file location.

Missing:

"Notice License URL" is missing. In V6 this was included but in V7 is no longer included.

ex. Notice License URL: http://spdx.org/licenses/Apache-2.0.html

While these issues can be removed using a find and replace, it would be easier if the report would publish the necessary License information only.

Thanks,

LP

tphamda · ‎Sep 30, 2022

Hi @lpopescu,

We sincerely apologize for our lack of response. Going forward, we will be making a concerted effort to respond to all forum questions in a timely manner as well as responding to all previously asked questions on our forum. If you or someone else still has this question, here is our response:

A new version of our Docker plugin with major improvements is currently targeted for release with the 2022 R4 version. Please refer to our release schedule here:

https://community.flexera.com/t5/Release-Information/Code-Insight-Release-Schedule/ta-p/153660