diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 46e9a82e..179a45f0 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -170,13 +170,16 @@ jobs:
           allow-ghsas: GHSA-x744-4wpc-v9h2
           # Include both the compound SPDX expression and individual components
           # to handle golang.org/x packages which report as compound license
+          # modernc.org/libc is BSD-3-Clause but GitHub reports NOASSERTION
+          # due to license detection failure on the modernc.org packages.
           allow-licenses: >-
             MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC,
             BlueOak-1.0.0, OFL-1.1, CC-BY-4.0, MPL-2.0, 0BSD,
             LicenseRef-scancode-google-patent-license-golang,
             BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang,
             LicenseRef-bad-fsl-1.1-mit,
-            0BSD AND ISC AND MIT
+            0BSD AND ISC AND MIT,
+            LicenseRef-github-NOASSERTION
 
   govulncheck:
     name: Go Vulnerability Check