lpopescu
Level 5

Notices Report from the Docker Scan Plugin display unnecessary text

Notices Report from the Docker Scan Plugin display unnecessary text.

In FNCI 2019.R2 after running a scan of a docker container, and generating a Notices Report, the report contains additional, not necessary, information.

ex1:

The component title is specified as such:

@elastic/filesaver 1.1.2 [Found inside docker3610470980375742434.tar] (MIT)

"Found inside docker3610470980375742434.tar" is not necessary, since is a temporary file.

ex2:

"The following text is found in file:LICENSE at /tmp/a7584510-7e15-40aa-b330-053ba4bc872c/-1284141453/usr/share/kibana/node_modules/@elastic/numeral/LICENSE"

This text belongs in the "Internal Auditing Notes" and not in the "Notices Report". Also this is a temporary file location.

 

Missing:

"Notice License URL" is missing.   In V6 this was included but in V7 is no longer included.

ex.  Notice License URL: http://spdx.org/licenses/Apache-2.0.html

 

While these issues can be removed using a find and replace, it would be easier if the report would publish the necessary License  information only.

Thanks,

LP

0 Kudos
0 Replies