syft outputs incorrect license LicenseRef-AND
makotosato-at opened this issue · comments
What happened:
License BSD-2-Clause AND BSD-3-Clause AND Public-Domain
becomes
LicenseRef-AND AND BSD-2-Clause AND BSD-3-Clause AND LicenseRef-Public-Domain
What you expected to happen:
It should be: (BSD-2-Clause AND BSD-3-Clause AND LicenseRef-Public-Domain)
Steps to reproduce the issue:
On alpine linux
# apk add libarchive
# export SYFT_FORMAT_SPDX_JSON_PRETTY=true
# syft -o spdx-json@2.2 / > spdx.json
spdx.json
{
"name": "libarchive",
...
"licenseDeclared": "LicenseRef-AND AND BSD-2-Clause AND BSD-3-Clause AND LicenseRef-Public-Domain",
Anything else we need to know?:
Environment:
- Output of
syft version
: 1.4.1 - OS (e.g:
cat /etc/os-release
or similar): alpine linux 3.19.1
Hi @makotosato-at, thanks for the report. We will take a look!