Skip to main content

Changes in Update Released on 28-Jan-2022

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

MIT License Cleanup

There are two licenses in Code Insight for MIT – MIT License and MIT-Style License. While most licenses declared by open-source developers fall into the MIT License, the MIT-Style License is more of a template license consisting of various ways of how MIT license can be declared.

We noticed that the license mapping to majority of components are mapped incorrectly to the MIT-Style License. This is being resolved via an electronic update where the mappings are corrected and for existing projects that need mappings change a script will be provided.

note

See the article entitled Code Insight MIT License Data Cleanup Project in the Revenera Community for detailed information and workarounds.

Known Issue

A script "MIT-CleanupQueries.sql" is provided which has to be run after the PDL update.

This script updates the license names and the incorrect license mappings in the existing system-generated inventories with the updated data changes as mentioned above.

There is a known issue for a particular set of inventories which have comma separated license names. This is observed in the inventories generated by AutoWriteup.

Ex: jQuery (MIT, MIT License)

In this case, the script provided to update the existing inventory names would not work. This causes a duplicate inventory on rescan.

Issue IDIssue Summary
SCA-39812Map vulnerabilities for gnu components
SCA-39748Update version information for pilotmoon-scroll-reverser
SCA-38553License detection XML detects both MIT and MIT-Style as evidence for MIT License
SCA-28851MIT License cleanup: Enhancement to collector level license mappings mechanism to update invalid mappings for MIT and MIT-Style licenses.
SCA-28766Perform entire sequence of MIT License Cleanup-License short_name changes and license remapping at component and version level.

Addition of Missing Vulnerability Mappings

Missing vulnerability mappings for the following components were added:

  • Itop

  • Mupdf

  • Anchrome

Addition of License Detection Capability and License Evidence Mechanism

License detection capability and license evidence mechanism was added for the following licenses:

  • CNRI-Jython

  • CNRI-Python

  • CNRI-Python-GPL-Compatible

  • Crossword

  • CrystalStacker

  • PSF-2.0

  • Python-2.0