Gradle: `trivy fs --scanners license . --format cyclonedx` shows lots of components without license. #8756

MatthiasGrandl · 2025-04-18T09:40:15Z

MatthiasGrandl
Apr 18, 2025

Question

I have a gradle project that I want to generate an SBOM for. trivy fs --scanners license . --format cyclonedx shows lots of components without license. I am wondering why? Those components don't show in the table format.

They are also all maven packages and it sounds like trivy should have the ability to query maven to fetch those licenses from maven.

Appreciate any hints on how to resolve this!

Target

Filesystem

Scanner

License

Output Format

CycloneDX

Mode

Standalone

Operating System

macOS

Version

Version: 0.61.0
Vulnerability DB:
  Version: 2
  UpdatedAt: 2025-04-10 06:18:32.822061966 +0000 UTC
  NextUpdate: 2025-04-11 06:18:32.822061766 +0000 UTC
  DownloadedAt: 2025-04-10 10:04:36.423002 +0000 UTC

knqyf263 · 2025-04-22T06:52:11Z

knqyf263
Apr 22, 2025
Maintainer

Trivy tries to find license information under the cache directory. Can you please make sure your local cache directory is populated?
https://trivy.dev/latest/docs/coverage/language/java/#licenses

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Gradle: `trivy fs --scanners license . --format cyclonedx` shows lots of components without license. #8756

{{title}}

Replies: 1 comment

{{title}}

Select a reply

Gradle: trivy fs --scanners license . --format cyclonedx shows lots of components without license. #8756

MatthiasGrandl Apr 18, 2025

Question

Target

Scanner

Output Format

Mode

Operating System

Version

Replies: 1 comment

knqyf263 Apr 22, 2025 Maintainer

Gradle: `trivy fs --scanners license . --format cyclonedx` shows lots of components without license. #8756

MatthiasGrandl
Apr 18, 2025

knqyf263
Apr 22, 2025
Maintainer