Skip to content

.trivy

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History
 
 

.trivy

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
cncf-approved-licenses.rego
cncf-approved-licenses.rego
 
 

README.md

Scanning dependency licenses with Trivy

Distributed components of Keycloak must only include CNCF approved licenses, or a license exception is required.

Prior to submitting a license exception request review the dependency to check if it is available under multiple licenses, including one of the approved licenses.

Note: Eclipse Distribution License - v 1.0 (EDL) is based on BSD-3-Clause, which is an approved CNCF license

Scanning Java dependencies

trivy fs --scanners license --ignore-policy .trivy/cncf-approved-licenses.rego quarkus/deployment/

Scanning PNPM dependencies

pnpm install
trivy fs --scanners license --ignore-policy ../.trivy/cncf-approved-licenses.rego .