Scan Agent Plugins
The following enhancement is now available for one or more of the Code Insight scan-agent plugins.
Refined License Reporting for Docker Containers
In the previous release (which introduced Syft integration with Docker image scans), Code Insight simply reported license names for inventory directly from the Syft scan response. This behavior could cause license mismatches with the Code Insight data library and result in “Unknown License” designations for inventory.
In this release, the license matching process has been refined:
| • | Only the names of those licenses reported by Syft that have matching names in the Code Insight data library are explicitly included in the inventory name. |
| • | If multiple licenses are reported by Syft, the inventory name can include the names of up to three license matches along with an or more clause, indicating that more licenses (with matches or no matches in the data library) are available for you to review. |
| • | You can view the names of all matched and non-matched licenses detected by Syft for a given inventory item by accessing the inventory’s Detection Notes in the Code Insight UI. |
For instructions on using the Docker Images plugin, see “Docker Images Plugin” in the Code Insight Plugins Guide.
Jenkins and Generic Plugin Support for Java 11
The Jenkins and generic scan-agent plugins have extended their Java support to include Java 11. These plugins can now scan systems that run on Java 8 or 11.