My blackduck synopsis scan result shown esapi-java-legacy2.5.3.1 come with high risk license issue to BSD 3-clause "New" or "Revised" License and Creative Commons Attribution Share Alike 3.0.
I had tried to put BSD 3-clause license at the Java Ear file root directory with named LICENSE.txt, however it is still shown up with same error. I am also tried to put LICENSE-esapi-java-legacy2.5.3.1.txt, LICENSE-esapi-java-legacy2.5.3.1 in /licenses but still not working. What is the correct way to place these licenses?
I'm not sure what exactly BlackDuck SCA is specifically looking for. I would try
/LICENSE.md
or maybe placing it under/META-INF
under various file names and if none of those work, I'd recommend contacting Synopsis tech support.But given that you didn't show any detailed error message, the best I can do is to make an uneducated guess.