diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..99d6c63 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,3 @@ +# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners + +* @konflux-ci/build-maintainers diff --git a/.github/workflows/build-sbom-utility-scripts-image.yml b/.github/workflows/build-sbom-utility-scripts-image.yml deleted file mode 100644 index 8f04c7f..0000000 --- a/.github/workflows/build-sbom-utility-scripts-image.yml +++ /dev/null @@ -1,80 +0,0 @@ -name: Build sbom utility scripts image - -on: - push: - branches: - - main - paths: - - .github/workflows/build-sbom-utility-scripts-image.yml - - sbom-utility-scripts/** - - pull_request: - branches: - - main - paths: - - .github/workflows/build-sbom-utility-scripts-image.yml - - sbom-utility-scripts/** - - -env: - REGISTRY: quay.io/redhat-appstudio - IMAGE_NAME: sbom-utility-scripts-image - -jobs: - build: - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Set up Python - uses: actions/setup-python@v5 - with: - python-version: 3.11 - - - name: Run tox checks for base-images-sbom-script - run: | - python3 -m pip install tox - cd ./sbom-utility-scripts/scripts/base-images-sbom-script/app/ - tox - - - name: Run tox checks for merge-cachi2-sboms-script - run: | - python3 -m pip install tox - cd ./sbom-utility-scripts/scripts/merge-cachi2-sboms-script/ - tox - - - name: Run tox checks for index-image-sbom-script - run: | - python3 -m pip install tox - cd ./sbom-utility-scripts/scripts/index-image-sbom-script/ - tox - - - name: Run tox checks for index-image-sbom-script - run: | - python3 -m pip install tox - cd ./sbom-utility-scripts/scripts/add-image-reference-script/ - tox - - - name: Build Image - id: build-image - uses: redhat-actions/buildah-build@v2 - with: - image: ${{ env.IMAGE_NAME }} - tags: | - ${{ github.sha }} - latest - context: ./sbom-utility-scripts - containerfiles: | - ./sbom-utility-scripts/Dockerfile - - - name: Push to Quay - if: github.event_name == 'push' # don't push image from PR - uses: redhat-actions/push-to-registry@v2 - with: - image: ${{ steps.build-image.outputs.image }} - tags: ${{ steps.build-image.outputs.tags }} - registry: ${{ env.REGISTRY }} - username: ${{ secrets.QUAY_USERNAME }} - password: ${{ secrets.QUAY_PASSWORD }} diff --git a/.github/workflows/build-task-toolset.yml b/.github/workflows/build-task-toolset.yml deleted file mode 100644 index 3ad39fa..0000000 --- a/.github/workflows/build-task-toolset.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: Build Task ToolSet Image on Push - -on: - workflow_dispatch: - push: - branches: - - main - paths: - - task-toolset/Dockerfile - -env: - REGISTRY: quay.io/redhat-appstudio - IMAGE_NAME: task-toolset - -jobs: - build: - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Build Image - id: build-image - uses: redhat-actions/buildah-build@v2 - with: - image: ${{ env.IMAGE_NAME }} - tags: ${{ github.sha }} - context: . - containerfiles: | - ./task-toolset/Dockerfile - - - name: Push to Quay - uses: redhat-actions/push-to-registry@v2 - with: - image: ${{ steps.build-image.outputs.image }} - tags: ${{ steps.build-image.outputs.tags }} - registry: ${{ env.REGISTRY }} - username: ${{ secrets.QUAY_USERNAME }} - password: ${{ secrets.QUAY_PASSWORD }} diff --git a/.github/workflows/check-author-in-owner-file.yml b/.github/workflows/check-author-in-owner-file.yml deleted file mode 100644 index cf23492..0000000 --- a/.github/workflows/check-author-in-owner-file.yml +++ /dev/null @@ -1,60 +0,0 @@ -name: Check Author - -on: - pull_request: - branches: - - main - paths: - - update-infra-deployments-task-scripts-image/Dockerfile - -jobs: - check-author: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - - - name: Check the author - shell: bash - run: | - owners=$(yq e ".allowed_users.[]" OWNERS) - - function exists_in_user_list() { - LIST=$1 - DELIMITER=$2 - VALUE=$3 - LIST_WHITESPACES=`echo $LIST | tr "$DELIMITER" " "` - for x in $LIST_WHITESPACES; do - if [ "$x" = "$VALUE" ]; then - return 0 - fi - done - return 1 - } - - if exists_in_user_list "$owners" " " ${{ github.actor }} ; then - echo "PR author is in the allowed users list" - exit 0 - else - echo "PR author is NOT in the allowed users list" - exit 1 - fi - - - name: Get changed files - id: changed-files - uses: tj-actions/changed-files@v44 - - - name: Check if OWNERS file changed - shell: bash - run: | - for file in ${{ steps.changed-files.outputs.all_changed_files }}; do - if [ $file = "OWNERS" ]; then - echo "OWNERS file is changed" - exit 1 - else - echo "OWNERS file is NOT changed" - fi - done - - - diff --git a/.github/workflows/inject-icm-test.yaml b/.github/workflows/inject-icm-test.yaml new file mode 100644 index 0000000..1642065 --- /dev/null +++ b/.github/workflows/inject-icm-test.yaml @@ -0,0 +1,25 @@ +name: Test icm-injection-scripts + +on: + pull_request: + branches: + - main + paths: + - .github/workflows/inject-icm-test.yaml + - icm-injection-scripts/** + +jobs: + check: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Run test for cyclonedx + run: | + TEST_SBOM_FORMAT=cyclonedx ./icm-injection-scripts/scripts/test-inject-icm.sh + + - name: Run test for spdx + run: | + TEST_SBOM_FORMAT=spdx ./icm-injection-scripts/scripts/test-inject-icm.sh diff --git a/.github/workflows/test-sbom-utility-scripts-image.yml b/.github/workflows/test-sbom-utility-scripts-image.yml new file mode 100644 index 0000000..3bacad0 --- /dev/null +++ b/.github/workflows/test-sbom-utility-scripts-image.yml @@ -0,0 +1,53 @@ +name: Test sbom utility scripts image + +on: + push: + branches: + - main + paths: + - .github/workflows/test-sbom-utility-scripts-image.yml + - sbom-utility-scripts/** + + pull_request: + branches: + - main + paths: + - .github/workflows/test-sbom-utility-scripts-image.yml + - sbom-utility-scripts/** + +jobs: + test: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: 3.11 + + - name: Run tox checks for base-images-sbom-script + run: | + python3 -m pip install tox + cd ./sbom-utility-scripts/scripts/base-images-sbom-script/app/ + tox + + - name: Run tox checks for merge-sboms-script + run: | + python3 -m pip install tox + cd ./sbom-utility-scripts/scripts/merge-sboms-script/ + tox + + - name: Run tox checks for index-image-sbom-script + run: | + python3 -m pip install tox + cd ./sbom-utility-scripts/scripts/index-image-sbom-script/ + tox + + - name: Run tox checks for index-image-sbom-script + run: | + python3 -m pip install tox + cd ./sbom-utility-scripts/scripts/add-image-reference-script/ + tox diff --git a/.gitignore b/.gitignore index ec3e810..a06ecfa 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ .venv/ .coverage __pycache__/ +.idea/ diff --git a/.tekton/build-pipeline.yaml b/.tekton/build-pipeline.yaml new file mode 100644 index 0000000..cb72eba --- /dev/null +++ b/.tekton/build-pipeline.yaml @@ -0,0 +1,547 @@ +apiVersion: tekton.dev/v1 +kind: Pipeline +metadata: + name: build-pipeline +spec: + description: | + This pipeline is ideal for building multi-arch container images from a Containerfile while maintaining trust after pipeline customization. + + _Uses `buildah` to create a multi-platform container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. This pipeline requires that the [multi platform controller](https://github.com/konflux-ci/multi-platform-controller) is deployed and configured on your Konflux instance. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks. + This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-multi-platform-oci-ta?tab=tags)_ + params: + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: Path to the source code of an application's component from where + to build image. + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile inside the context specified by parameter + path-context + name: dockerfile + type: string + - default: "false" + description: Force rebuild image + name: rebuild + type: string + - default: "false" + description: Skip checks against built image + name: skip-checks + type: string + - default: "false" + description: Execute the build with network isolation + name: hermetic + type: string + - default: "" + description: Build dependencies to be prefetched by Cachi2 + name: prefetch-input + type: string + - default: "" + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. + name: image-expires-after + - default: "false" + description: Build a source image. + name: build-source-image + type: string + - default: "true" + description: Add built image into an OCI image index + name: build-image-index + type: string + - default: [] + description: Array of --build-arg values ("arg=value" strings) for buildah + name: build-args + type: array + - default: "" + description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file + name: build-args-file + type: string + - default: + - linux/x86_64 + description: List of platforms to build the container images on. The available + set of values is determined by the configuration of the multi-platform-controller. + name: build-platforms + type: array + results: + - description: "" + name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + tasks: + - name: init + params: + - name: image-url + value: $(params.output-image) + - name: rebuild + value: $(params.rebuild) + - name: skip-checks + value: $(params.skip-checks) + taskRef: + params: + - name: name + value: init + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:90dda596d44b3f861889da2fba161dff34c6116fe76c3989e3f84262ea0f29cd + - name: kind + value: task + resolver: bundles + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + - name: ociStorage + value: $(params.output-image).git + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) + runAfter: + - init + taskRef: + params: + - name: name + value: git-clone-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:f72fcca6732516339d55ac5f01660e287968e64e857a40a8608db27e298b5126 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: basic-auth + workspace: git-auth + - name: prefetch-dependencies + params: + - name: input + value: $(params.prefetch-input) + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: ociStorage + value: $(params.output-image).prefetch + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) + runAfter: + - clone-repository + taskRef: + params: + - name: name + value: prefetch-dependencies-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:994f816e36ac832f4020647afd69223a015c84c503f925013c573fed52f05420 + - name: kind + value: task + resolver: bundles + workspaces: + - name: git-basic-auth + workspace: git-auth + - name: netrc + workspace: netrc + - matrix: + params: + - name: PLATFORM + value: + - $(params.build-platforms) + name: build-images + params: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + - name: IMAGE_APPEND_PLATFORM + value: "true" + runAfter: + - prefetch-dependencies + taskRef: + params: + - name: name + value: buildah-remote-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta@sha256:6c2c433ef94187e9aa73575004029cd6e2bbbdeefc7f90070595fb20f77bc121 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - name: build-image-index + params: + - name: IMAGE + value: $(params.output-image) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: ALWAYS_BUILD_INDEX + value: $(params.build-image-index) + - name: IMAGES + value: + - $(tasks.build-images.results.IMAGE_REF[*]) + runAfter: + - build-images + taskRef: + params: + - name: name + value: build-image-index + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:479775c8655d815fb515aeb97efc0e64284a8520c452754981970900b937a393 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - name: build-source-image + params: + - name: BINARY_IMAGE + value: $(params.output-image) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: source-build-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.1@sha256:75e882bf1619dd45a4043060ce42a6ad3ce781264ade5b7f66a1d994ee159126 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - input: $(params.build-source-image) + operator: in + values: + - "true" + - name: deprecated-base-image-check + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: deprecated-image-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:f8efb0b22692fad908a1a75f8d5c0b6ed3b0bcd2a9853577e7be275e5bac1bb8 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: clair-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clair-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:e428b37d253621365ffb24d4053e5f3141988ae6a30fce1c8ba73b7211396eb0 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: ecosystem-cert-preflight-checks + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: ecosystem-cert-preflight-checks + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:df8a25a3431a70544172ed4844f9d0c6229d39130633960729f825a031a7dea9 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-snyk-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-snyk-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:6d232347739a0366dcfc4e40afbcb5d1937dd3fea8952afb1bd6a4b0c5d1c1f5 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: clamav-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clamav-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:d78221853f7ff2befc6669dd0eeb91e6611ae84ac7754150ea0f071d92ff41cb + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-coverity-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - coverity-availability-check + taskRef: + params: + - name: name + value: sast-coverity-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check-oci-ta:0.1@sha256:a2a504ffd550e8029034fd737e237e194c13e1b593c8e37402218408e5d632df + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - input: $(tasks.coverity-availability-check.results.STATUS) + operator: in + values: + - success + - name: coverity-availability-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: coverity-availability-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check-oci-ta:0.1@sha256:c6c04c3b7ab71c039fe5958559f3d0bf30cb56239ee3be6a7806a71912660da4 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-shell-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-shell-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:ac6a35e4143a68f841e363da3f21f2123de9f3acf76596f79ecb60c501eed408 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-unicode-check + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-shell-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:ac6a35e4143a68f841e363da3f21f2123de9f3acf76596f79ecb60c501eed408 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: apply-tags + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: apply-tags + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:2c2d88c07623b2d25163994ded6e9f29205ea5bbab090f4c86379739940028b9 + - name: kind + value: task + resolver: bundles + - name: push-dockerfile + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: push-dockerfile-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:98ccae6ac132ab837fc51a70514be5fca656e09d6d4ad93230bd10f0119258aa + - name: kind + value: task + resolver: bundles + - name: rpms-signature-scan + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:39cd56ffa26ff5edfd5bf9b61e902cae35a345c078cd9dcbc0737d30f3ce5ef1 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: git-auth + optional: true + - name: netrc + optional: true \ No newline at end of file diff --git a/.tekton/icm-injection-scripts-pull-request.yaml b/.tekton/icm-injection-scripts-pull-request.yaml new file mode 100644 index 0000000..1275d82 --- /dev/null +++ b/.tekton/icm-injection-scripts-pull-request.yaml @@ -0,0 +1,49 @@ +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.openshift.io/repo: https://github.com/konflux-ci/build-tasks-dockerfiles?rev={{revision}} + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "main" && + ( + "icm-injection-scripts/***".pathChanged() || + ".tekton/icm-injection-scripts-pull-request.yaml".pathChanged() || + ".tekton/build-pipeline.yaml".pathChanged() + ) + creationTimestamp: null + labels: + appstudio.openshift.io/application: build-tasks-dockerfiles + appstudio.openshift.io/component: icm-injection-scripts + pipelines.appstudio.openshift.io/type: build + name: icm-injection-scripts-on-pull-request + namespace: rhtap-build-tenant +spec: + params: + - name: git-url + value: '{{source_url}}' + - name: revision + value: '{{revision}}' + - name: output-image + value: quay.io/redhat-user-workloads/rhtap-build-tenant/icm-injection-scripts:on-pr-{{revision}} + - name: image-expires-after + value: 5d + - name: build-platforms + value: + - linux/x86_64 + - name: dockerfile + value: Containerfile + - name: path-context + value: icm-injection-scripts + - name: build-source-image + value: "true" + pipelineRef: + name: build-pipeline + taskRunTemplate: {} + workspaces: + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} diff --git a/.tekton/icm-injection-scripts-push.yaml b/.tekton/icm-injection-scripts-push.yaml new file mode 100644 index 0000000..d2cf594 --- /dev/null +++ b/.tekton/icm-injection-scripts-push.yaml @@ -0,0 +1,46 @@ +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.openshift.io/repo: https://github.com/konflux-ci/build-tasks-dockerfiles?rev={{revision}} + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "main" && + ( + "icm-injection-scripts/***".pathChanged() || + ".tekton/icm-injection-scripts-pull-request.yaml".pathChanged() || + ".tekton/build-pipeline.yaml".pathChanged() + ) + creationTimestamp: null + labels: + appstudio.openshift.io/application: build-tasks-dockerfiles + appstudio.openshift.io/component: icm-injection-scripts + pipelines.appstudio.openshift.io/type: build + name: icm-injection-scripts-on-push + namespace: rhtap-build-tenant +spec: + params: + - name: git-url + value: '{{source_url}}' + - name: revision + value: '{{revision}}' + - name: output-image + value: quay.io/redhat-user-workloads/rhtap-build-tenant/icm-injection-scripts:{{revision}} + - name: build-platforms + value: + - linux/x86_64 + - name: dockerfile + value: Containerfile + - name: path-context + value: icm-injection-scripts + - name: build-source-image + value: "true" + pipelineRef: + name: build-pipeline + taskRunTemplate: {} + workspaces: + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} diff --git a/.tekton/sbom-utility-scripts-pull-request.yaml b/.tekton/sbom-utility-scripts-pull-request.yaml new file mode 100644 index 0000000..b1c7df5 --- /dev/null +++ b/.tekton/sbom-utility-scripts-pull-request.yaml @@ -0,0 +1,49 @@ +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.openshift.io/repo: https://github.com/konflux-ci/build-tasks-dockerfiles?rev={{revision}} + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "main" && + ( + "sbom-utility-scripts/***".pathChanged() || + ".tekton/sbom-utility-scripts-pull-request.yaml".pathChanged() || + ".tekton/build-pipeline.yaml".pathChanged() + ) + creationTimestamp: null + labels: + appstudio.openshift.io/application: build-tasks-dockerfiles + appstudio.openshift.io/component: sbom-utility-scripts + pipelines.appstudio.openshift.io/type: build + name: sbom-utility-scripts-on-pull-request + namespace: rhtap-build-tenant +spec: + params: + - name: git-url + value: '{{source_url}}' + - name: revision + value: '{{revision}}' + - name: output-image + value: quay.io/redhat-user-workloads/rhtap-build-tenant/sbom-utility-scripts:on-pr-{{revision}} + - name: image-expires-after + value: 5d + - name: build-platforms + value: + - linux/x86_64 + - name: dockerfile + value: Dockerfile + - name: path-context + value: sbom-utility-scripts + - name: build-source-image + value: "true" + pipelineRef: + name: build-pipeline + taskRunTemplate: {} + workspaces: + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} diff --git a/.tekton/sbom-utility-scripts-push.yaml b/.tekton/sbom-utility-scripts-push.yaml new file mode 100644 index 0000000..3ac8aa5 --- /dev/null +++ b/.tekton/sbom-utility-scripts-push.yaml @@ -0,0 +1,46 @@ +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.openshift.io/repo: https://github.com/konflux-ci/build-tasks-dockerfiles?rev={{revision}} + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "main" && + ( + "sbom-utility-scripts/***".pathChanged() || + ".tekton/sbom-utility-scripts-push.yaml".pathChanged() || + ".tekton/build-pipeline.yaml".pathChanged() + ) + creationTimestamp: null + labels: + appstudio.openshift.io/application: build-tasks-dockerfiles + appstudio.openshift.io/component: sbom-utility-scripts + pipelines.appstudio.openshift.io/type: build + name: sbom-utility-scripts-on-push + namespace: rhtap-build-tenant +spec: + params: + - name: git-url + value: '{{source_url}}' + - name: revision + value: '{{revision}}' + - name: output-image + value: quay.io/redhat-user-workloads/rhtap-build-tenant/sbom-utility-scripts:{{revision}} + - name: build-platforms + value: + - linux/x86_64 + - name: dockerfile + value: Dockerfile + - name: path-context + value: sbom-utility-scripts + - name: build-source-image + value: "true" + pipelineRef: + name: build-pipeline + taskRunTemplate: {} + workspaces: + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} diff --git a/.tekton/source-container-build-pull-request.yaml b/.tekton/source-container-build-pull-request.yaml index f994415..d6d9e3a 100644 --- a/.tekton/source-container-build-pull-request.yaml +++ b/.tekton/source-container-build-pull-request.yaml @@ -7,7 +7,13 @@ metadata: build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "main" && ( "source-container-build/***".pathChanged() || ".tekton/source-container-build-pull-request.yaml".pathChanged() ) + pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "main" && + ( + "source-container-build/***".pathChanged() || + ".tekton/source-container-build-pull-request.yaml".pathChanged() || + ".tekton/build-pipeline.yaml".pathChanged() || + "integration-tests/***".pathChanged() + ) creationTimestamp: labels: appstudio.openshift.io/application: build-tasks-dockerfiles @@ -17,390 +23,25 @@ metadata: namespace: rhtap-build-tenant spec: params: - - name: dockerfile - value: Dockerfile - name: git-url value: '{{source_url}}' - - name: image-expires-after - value: 5d + - name: revision + value: '{{revision}}' - name: output-image value: quay.io/redhat-user-workloads/rhtap-build-tenant/build-tasks-dockerfiles/source-container-build:on-pr-{{revision}} + - name: image-expires-after + value: 5d + - name: build-platforms + value: + - linux/x86_64 + - name: dockerfile + value: Dockerfile - name: path-context value: source-container-build - - name: revision - value: '{{revision}}' - pipelineSpec: - finally: - - name: show-sbom - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - params: - - name: name - value: show-sbom - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 - - name: kind - value: task - resolver: bundles - params: - - description: Source Repository URL - name: git-url - type: string - - default: "" - description: Revision of the Source Repository - name: revision - type: string - - description: Fully Qualified Output Image - name: output-image - type: string - - default: . - description: Path to the source code of an application's component from where to build image. - name: path-context - type: string - - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter path-context - name: dockerfile - type: string - - default: "false" - description: Force rebuild image - name: rebuild - type: string - - default: "false" - description: Skip checks against built image - name: skip-checks - type: string - - default: "false" - description: Execute the build with network isolation - name: hermetic - type: string - - default: "" - description: Build dependencies to be prefetched by Cachi2 - name: prefetch-input - type: string - - default: "false" - description: Java build - name: java - type: string - - default: "" - description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. - name: image-expires-after - - default: "false" - description: Build a source image. - name: build-source-image - type: string - - default: [] - description: Array of --build-arg values ("arg=value" strings) for buildah - name: build-args - type: array - - default: "" - description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file - name: build-args-file - type: string - results: - - description: "" - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - description: "" - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - - description: "" - name: CHAINS-GIT_URL - value: $(tasks.clone-repository.results.url) - - description: "" - name: CHAINS-GIT_COMMIT - value: $(tasks.clone-repository.results.commit) - - description: "" - name: JAVA_COMMUNITY_DEPENDENCIES - value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) - tasks: - - name: init - params: - - name: image-url - value: $(params.output-image) - - name: rebuild - value: $(params.rebuild) - - name: skip-checks - value: $(params.skip-checks) - taskRef: - params: - - name: name - value: init - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:0523b51c28375a3f222da91690e22eff11888ebc98a0c73c468af44762265c69 - - name: kind - value: task - resolver: bundles - - name: clone-repository - params: - - name: url - value: $(params.git-url) - - name: revision - value: $(params.revision) - - name: ociStorage - value: $(params.output-image).git - - name: ociArtifactExpiresAfter - value: $(params.image-expires-after) - runAfter: - - init - taskRef: - params: - - name: name - value: git-clone-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:4bf48d038ff12d25bdeb5ab3e98dc2271818056f454c83d7393ebbd413028147 - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: basic-auth - workspace: git-auth - - name: prefetch-dependencies - params: - - name: input - value: $(params.prefetch-input) - - name: SOURCE_ARTIFACT - value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - - name: ociStorage - value: $(params.output-image).prefetch - - name: ociArtifactExpiresAfter - value: $(params.image-expires-after) - runAfter: - - clone-repository - taskRef: - params: - - name: name - value: prefetch-dependencies-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:0203960a9d15b184545d387296f9d47801feba1219083af5917c44d94329ef93 - - name: kind - value: task - resolver: bundles - workspaces: - - name: git-basic-auth - workspace: git-auth - - name: build-container - params: - - name: IMAGE - value: $(params.output-image) - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: HERMETIC - value: $(params.hermetic) - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - name: IMAGE_EXPIRES_AFTER - value: $(params.image-expires-after) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - - name: BUILD_ARGS - value: - - $(params.build-args[*]) - - name: BUILD_ARGS_FILE - value: $(params.build-args-file) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - runAfter: - - prefetch-dependencies - taskRef: - params: - - name: name - value: buildah-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.2@sha256:2d99cd4a5ecec47ba3b4c0a9ad071ca2aa01864906ebcdcfc9686cdc60323e0f - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - - name: rpms-signature-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: rpms-signature-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:28aaf87d61078a0aeeeabcae455eda7d05c4f9b81d8995bdcf3dde95c1a7a77b - - name: kind - value: task - resolver: bundles - - name: build-source-image - params: - - name: BINARY_IMAGE - value: $(params.output-image) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - runAfter: - - build-container - taskRef: - params: - - name: name - value: source-build-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.1@sha256:bd786bc1d33391bb169f98a1070d1a39e410b835f05fd0db0263754c65bd9bea - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - - input: $(params.build-source-image) - operator: in - values: - - "true" - - name: deprecated-base-image-check - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - runAfter: - - build-container - taskRef: - params: - - name: name - value: deprecated-image-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:5a1a165fa02270f0a947d8a2131ee9d8be0b8e9d34123828c2bef589e504ee84 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: clair-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: clair-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:0a5421111e7092740398691d5bd7c125cc0896f29531d19414bb5724ae41692a - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: ecosystem-cert-preflight-checks - params: - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: ecosystem-cert-preflight-checks - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:a8d79484734817c01b1634153bdb5dc4090db6ef685dbf218dc2d509f9f50ec8 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sast-snyk-check - runAfter: - - build-container - taskRef: - params: - - name: name - value: sast-snyk-check-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:65a213322ea7c64159e37071d369d74b6378b23403150e29537865cada90f022 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - - name: clamav-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: clamav-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:b4f450f1447b166da671f1d5819ab5a1485083e5c27ab91f7d8b7a2ff994c8c2 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: apply-tags - params: - - name: IMAGE - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: apply-tags - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:87fd7fc0e937aad1a8db9b6e377d7e444f53394dafde512d68adbea6966a4702 - - name: kind - value: task - resolver: bundles - workspaces: - - name: git-auth - optional: true + - name: build-source-image + value: "true" + pipelineRef: + name: build-pipeline taskRunTemplate: {} workspaces: - name: git-auth diff --git a/.tekton/source-container-build-push.yaml b/.tekton/source-container-build-push.yaml index 898b3c0..472207a 100644 --- a/.tekton/source-container-build-push.yaml +++ b/.tekton/source-container-build-push.yaml @@ -6,7 +6,12 @@ metadata: build.appstudio.redhat.com/commit_sha: '{{revision}}' build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "main" + pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "main" && + ( + "source-container-build/***".pathChanged() || + ".tekton/source-container-build-push.yaml".pathChanged() || + ".tekton/build-pipeline.yaml".pathChanged() + ) creationTimestamp: labels: appstudio.openshift.io/application: build-tasks-dockerfiles @@ -16,388 +21,23 @@ metadata: namespace: rhtap-build-tenant spec: params: - - name: dockerfile - value: Dockerfile - name: git-url value: '{{source_url}}' + - name: revision + value: '{{revision}}' - name: output-image value: quay.io/redhat-user-workloads/rhtap-build-tenant/build-tasks-dockerfiles/source-container-build:{{revision}} + - name: build-platforms + value: + - linux/x86_64 + - name: dockerfile + value: Dockerfile - name: path-context value: source-container-build - - name: revision - value: '{{revision}}' - pipelineSpec: - finally: - - name: show-sbom - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - params: - - name: name - value: show-sbom - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 - - name: kind - value: task - resolver: bundles - params: - - description: Source Repository URL - name: git-url - type: string - - default: "" - description: Revision of the Source Repository - name: revision - type: string - - description: Fully Qualified Output Image - name: output-image - type: string - - default: . - description: Path to the source code of an application's component from where to build image. - name: path-context - type: string - - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter path-context - name: dockerfile - type: string - - default: "false" - description: Force rebuild image - name: rebuild - type: string - - default: "false" - description: Skip checks against built image - name: skip-checks - type: string - - default: "false" - description: Execute the build with network isolation - name: hermetic - type: string - - default: "" - description: Build dependencies to be prefetched by Cachi2 - name: prefetch-input - type: string - - default: "false" - description: Java build - name: java - type: string - - default: "" - description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. - name: image-expires-after - - default: "false" - description: Build a source image. - name: build-source-image - type: string - - default: [] - description: Array of --build-arg values ("arg=value" strings) for buildah - name: build-args - type: array - - default: "" - description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file - name: build-args-file - type: string - results: - - description: "" - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - description: "" - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - - description: "" - name: CHAINS-GIT_URL - value: $(tasks.clone-repository.results.url) - - description: "" - name: CHAINS-GIT_COMMIT - value: $(tasks.clone-repository.results.commit) - - description: "" - name: JAVA_COMMUNITY_DEPENDENCIES - value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) - tasks: - - name: init - params: - - name: image-url - value: $(params.output-image) - - name: rebuild - value: $(params.rebuild) - - name: skip-checks - value: $(params.skip-checks) - taskRef: - params: - - name: name - value: init - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:0523b51c28375a3f222da91690e22eff11888ebc98a0c73c468af44762265c69 - - name: kind - value: task - resolver: bundles - - name: clone-repository - params: - - name: url - value: $(params.git-url) - - name: revision - value: $(params.revision) - - name: ociStorage - value: $(params.output-image).git - - name: ociArtifactExpiresAfter - value: $(params.image-expires-after) - runAfter: - - init - taskRef: - params: - - name: name - value: git-clone-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:4bf48d038ff12d25bdeb5ab3e98dc2271818056f454c83d7393ebbd413028147 - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: basic-auth - workspace: git-auth - - name: prefetch-dependencies - params: - - name: input - value: $(params.prefetch-input) - - name: SOURCE_ARTIFACT - value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - - name: ociStorage - value: $(params.output-image).prefetch - - name: ociArtifactExpiresAfter - value: $(params.image-expires-after) - runAfter: - - clone-repository - taskRef: - params: - - name: name - value: prefetch-dependencies-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:0203960a9d15b184545d387296f9d47801feba1219083af5917c44d94329ef93 - - name: kind - value: task - resolver: bundles - workspaces: - - name: git-basic-auth - workspace: git-auth - - name: build-container - params: - - name: IMAGE - value: $(params.output-image) - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: HERMETIC - value: $(params.hermetic) - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - name: IMAGE_EXPIRES_AFTER - value: $(params.image-expires-after) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - - name: BUILD_ARGS - value: - - $(params.build-args[*]) - - name: BUILD_ARGS_FILE - value: $(params.build-args-file) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - runAfter: - - prefetch-dependencies - taskRef: - params: - - name: name - value: buildah-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.2@sha256:2d99cd4a5ecec47ba3b4c0a9ad071ca2aa01864906ebcdcfc9686cdc60323e0f - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - - name: rpms-signature-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: rpms-signature-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:28aaf87d61078a0aeeeabcae455eda7d05c4f9b81d8995bdcf3dde95c1a7a77b - - name: kind - value: task - resolver: bundles - - name: build-source-image - params: - - name: BINARY_IMAGE - value: $(params.output-image) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - runAfter: - - build-container - taskRef: - params: - - name: name - value: source-build-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.1@sha256:bd786bc1d33391bb169f98a1070d1a39e410b835f05fd0db0263754c65bd9bea - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - - input: $(params.build-source-image) - operator: in - values: - - "true" - - name: deprecated-base-image-check - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - runAfter: - - build-container - taskRef: - params: - - name: name - value: deprecated-image-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:5a1a165fa02270f0a947d8a2131ee9d8be0b8e9d34123828c2bef589e504ee84 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: clair-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: clair-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:0a5421111e7092740398691d5bd7c125cc0896f29531d19414bb5724ae41692a - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: ecosystem-cert-preflight-checks - params: - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: ecosystem-cert-preflight-checks - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:a8d79484734817c01b1634153bdb5dc4090db6ef685dbf218dc2d509f9f50ec8 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sast-snyk-check - runAfter: - - build-container - taskRef: - params: - - name: name - value: sast-snyk-check-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:65a213322ea7c64159e37071d369d74b6378b23403150e29537865cada90f022 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - - name: clamav-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: clamav-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:b4f450f1447b166da671f1d5819ab5a1485083e5c27ab91f7d8b7a2ff994c8c2 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: apply-tags - params: - - name: IMAGE - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: apply-tags - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:87fd7fc0e937aad1a8db9b6e377d7e444f53394dafde512d68adbea6966a4702 - - name: kind - value: task - resolver: bundles - workspaces: - - name: git-auth - optional: true + - name: build-source-image + value: "true" + pipelineRef: + name: build-pipeline taskRunTemplate: {} workspaces: - name: git-auth diff --git a/OWNERS b/OWNERS deleted file mode 100644 index 51ee3ae..0000000 --- a/OWNERS +++ /dev/null @@ -1,24 +0,0 @@ -allowed_users: - - tisutisu - - chmeliik - - mkosiarc - - mmorhun - - rcerven - - tkdchen - - tnevrlka -approvers: - - tisutisu - - chmeliik - - mkosiarc - - mmorhun - - rcerven - - tkdchen - - tnevrlka -reviewers: - - tisutisu - - chmeliik - - mkosiarc - - mmorhun - - rcerven - - tkdchen - - tnevrlka diff --git a/icm-injection-scripts/Containerfile b/icm-injection-scripts/Containerfile new file mode 100644 index 0000000..a2ec4fb --- /dev/null +++ b/icm-injection-scripts/Containerfile @@ -0,0 +1,16 @@ +FROM quay.io/konflux-ci/buildah-task:latest@sha256:b2d6c32d1e05e91920cd4475b2761d58bb7ee11ad5dff3ecb59831c7572b4d0c + +WORKDIR /scripts + +COPY scripts/inject-icm.sh /scripts + +LABEL \ + description="Inject an ICM (image content manifest) file with content sets for backwards compatibility." \ + io.k8s.description="Inject an ICM (image content manifest) file with content sets for backwards compatibility." \ + summary="Inject an ICM (image content manifest) file" \ + io.k8s.display-name="Inject an ICM (image content manifest) file" \ + name="Inject an ICM (image content manifest) file" \ + com.redhat.component="inject-icm" + +ENTRYPOINT ["/scripts/inject-icm.sh"] + diff --git a/icm-injection-scripts/scripts/inject-icm.sh b/icm-injection-scripts/scripts/inject-icm.sh new file mode 100755 index 0000000..003ad81 --- /dev/null +++ b/icm-injection-scripts/scripts/inject-icm.sh @@ -0,0 +1,80 @@ +#!/bin/bash +# Inject an ICM (image content manifest) file with content sets for backwards compatibility +# +# https://github.com/containerbuildsystem/atomic-reactor/blob/master/atomic_reactor/schemas/content_manifest.json +# +# This is not a file we want to inject always into the future, but older Red +# Hat build systems injected a file like this and some third-party scanners +# depend on it in order to map rpms found in each layer to CPE ids, to match +# them with vulnerability data. In the future, those scanners should port to +# using the dnf db and/or SBOMs to make that same match. Consider this +# deprecated. +# +# This is only possible for images built hermetically with prefetch + +set -euo pipefail + +IMAGE="${1}" +SQUASH="${SQUASH:-false}" + +icm_filename="content-sets.json" +location="/root/buildinfo/content_manifests/${icm_filename}" + +if [ ! -f "./sbom-cachi2.json" ]; then + echo "Could not find sbom-cachi2.json. No content_sets found for ICM" + exit 0 +fi + +echo "Extracting annotations to copy to the modified image" +base_image_name=$(buildah inspect --format '{{ index .ImageAnnotations "org.opencontainers.image.base.name"}}' "$IMAGE" | cut -f1 -d'@') +base_image_digest=$(buildah inspect --format '{{ index .ImageAnnotations "org.opencontainers.image.base.digest"}}' "$IMAGE") + +echo "Creating container from $IMAGE" +CONTAINER=$(buildah from --pull-never $IMAGE) +trap 'buildah rm "$CONTAINER"' EXIT + +echo "Preparing construction of $location for container $CONTAINER to be committed back as $IMAGE (squash: $SQUASH)" +cat >content-sets.json < content-sets.json.tmp + mv content-sets.json.tmp content-sets.json + fi +done <<< "$( + jq -r ' + if .bomFormat == "CycloneDX" then + .components[].purl + else + .packages[].externalRefs[]? | select(.referenceType == "purl") | .referenceLocator + end' sbom-cachi2.json | + grep -o -P '(?<=repository_id=).*(?=(&|$))' | + sort -u +)" + +echo "Constructed the following:" +cat content-sets.json + +echo "Writing that to $location" +buildah copy "$CONTAINER" content-sets.json /root/buildinfo/content_manifests/ +buildah config -a "org.opencontainers.image.base.name=${base_image_name}" -a "org.opencontainers.image.base.digest=${base_image_digest}" "$CONTAINER" + +BUILDAH_ARGS=() +if [ "${SQUASH}" == "true" ]; then + BUILDAH_ARGS+=("--squash") +fi + +echo "Committing that back to $IMAGE" +buildah commit "${BUILDAH_ARGS[@]}" "$CONTAINER" "$IMAGE" diff --git a/icm-injection-scripts/scripts/test-data/sbom-cachi2-cyclonedx.json b/icm-injection-scripts/scripts/test-data/sbom-cachi2-cyclonedx.json new file mode 100644 index 0000000..4763a55 --- /dev/null +++ b/icm-injection-scripts/scripts/test-data/sbom-cachi2-cyclonedx.json @@ -0,0 +1,175 @@ +{ + "bomFormat": "CycloneDX", + "components": [ + { + "name": "glibc-common", + "purl": "pkg:rpm/fedora/glibc-common@2.39-6.fc40?arch=x86_64&checksum=sha256:45fe79ffea9358fc7a4f233e2358b08678bdec476680d0655063b4a4058e8789&repository_id=releases", + "version": "2.39", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "type": "library" + }, + { + "name": "glibc-common", + "purl": "pkg:rpm/fedora/glibc-common@2.39-6.fc40?arch=x86_64&repository_id=releases", + "version": "2.39", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + }, + { + "name": "cachi2:missing_hash:in_file", + "value": "another-project/rpms.lock.yaml" + } + ], + "type": "library" + }, + { + "name": "glibc-minimal-langpack", + "purl": "pkg:rpm/fedora/glibc-minimal-langpack@2.38-7.fc39?arch=x86_64&checksum=sha256:6f9b45618d3b46fbbfb44407e05dd7054f3bd6a4df4f7291b576858b88deadc5&repository_id=releases", + "version": "2.38", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "type": "library" + }, + { + "name": "glibc-minimal-langpack", + "purl": "pkg:rpm/fedora/glibc-minimal-langpack@2.39-6.fc40?arch=x86_64&checksum=sha256:9982f68ddcc3e972a2f3f220f29d56b0e9dde0e409bdecfe0bc559fe39013dde&repository_id=releases", + "version": "2.39", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "type": "library" + }, + { + "name": "gzip", + "purl": "pkg:rpm/fedora/gzip@1.13-1.fc40?arch=x86_64&checksum=sha256:6dcc2f8885135fc873c8ab94a6c7df05883060c5b25287956bebb3aa15a84e71&repository_id=releases", + "version": "1.13", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "type": "library" + }, + { + "name": "apr-util-bdb", + "purl": "pkg:rpm/redhat/apr-util-bdb@1.6.1-9.el8?arch=x86_64&checksum=sha256:106ed56188f62702d967d3148b05ef2f0e43fceee7b2bc3d44dd53be20a300b5&repository_id=ubi-8-appstream-rpms", + "version": "1.6.1", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "type": "library" + }, + { + "name": "apr-util-openssl", + "purl": "pkg:rpm/redhat/apr-util-openssl@1.6.1-9.el8?arch=x86_64&checksum=sha256:bb636fb6d64af9e9a9b3f432dd587d60946c987b31758c59a20a0d7872099c14&repository_id=ubi-8-appstream-rpms", + "version": "1.6.1", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "type": "library" + }, + { + "name": "apr-util", + "purl": "pkg:rpm/redhat/apr-util@1.6.1-9.el8?arch=src&checksum=sha256:3a7dec001ee63a28de3f1609a4b3da03ec9c8eda3f6802fe491cf456be267e82&repository_id=ubi-8-appstream-source", + "version": "1.6.1", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "type": "library" + }, + { + "name": "apr-util", + "purl": "pkg:rpm/redhat/apr-util@1.6.1-9.el8?arch=x86_64&checksum=sha256:153b5f51d3e71191b5ccd483298911aeb9a0794cc9d8f13ae22cac8c5b3643e3&repository_id=ubi-8-appstream-rpms", + "version": "1.6.1", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "type": "library" + }, + { + "name": "apr", + "purl": "pkg:rpm/redhat/apr@1.6.3-12.el8?arch=src&checksum=sha256:31c1ce68fb74c6426ac6270f0f255199daffc9000897343efcdff0a41e914f9d&repository_id=ubi-8-appstream-source", + "version": "1.6.3", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "type": "library" + }, + { + "name": "apr", + "purl": "pkg:rpm/redhat/apr@1.6.3-12.el8?arch=x86_64&checksum=sha256:4be7cfbb58aeec0db66ac9d2e996de662499bac99a2788f934f87d6998ba073e&repository_id=ubi-8-appstream-rpms", + "version": "1.6.3", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "type": "library" + }, + { + "name": "httpd-tools", + "purl": "pkg:rpm/redhat/httpd-tools@2.4.37-65.module%2Bel8.10.0%2B22196%2Bd82931da.2?arch=x86_64&checksum=sha256:2b650ff7cfb275f157f849f7dc7883c4f7b9bf9f8d89e10a1406c4d7802b3387&repository_id=ubi-8-appstream-rpms", + "version": "2.4.37", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "type": "library" + }, + { + "name": "httpd", + "purl": "pkg:rpm/redhat/httpd@2.4.37-65.module%2Bel8.10.0%2B22196%2Bd82931da.2?arch=src&checksum=sha256:bc1c91f3fce3452aa7dba9810592cf2a40957ef5d3b2d23a96c1853365425c50&repository_id=ubi-8-appstream-source", + "version": "2.4.37", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "type": "library" + } + ], + "metadata": { + "tools": [ + { + "vendor": "red hat", + "name": "cachi2" + } + ] + }, + "specVersion": "1.4", + "version": 1 +} diff --git a/icm-injection-scripts/scripts/test-data/sbom-cachi2-spdx.json b/icm-injection-scripts/scripts/test-data/sbom-cachi2-spdx.json new file mode 100644 index 0000000..d702934 --- /dev/null +++ b/icm-injection-scripts/scripts/test-data/sbom-cachi2-spdx.json @@ -0,0 +1,390 @@ +{ + "spdxVersion": "SPDX-2.3", + "SPDXID": "SPDXRef-DOCUMENT", + "dataLicense": "CC0-1.0", + "name": "", + "documentNamespace": "NOASSERTION", + "creationInfo": { + "creators": [ + "Tool: cachi2", + "Organization: red hat" + ], + "created": "2025-01-13T09:51:43Z" + }, + "packages": [ + { + "SPDXID": "SPDXRef-DocumentRoot-File-", + "name": "", + "versionInfo": "", + "externalRefs": [], + "annotations": [], + "downloadLocation": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-apr-1.6.3-1e2e21f55c49e50881b467a875d1bbfede39dfe02594958a02463f5dbdb6e05e", + "name": "apr", + "versionInfo": "1.6.3", + "externalRefs": [ + { + "referenceLocator": "pkg:rpm/redhat/apr@1.6.3-12.el8?arch=src&checksum=sha256:31c1ce68fb74c6426ac6270f0f255199daffc9000897343efcdff0a41e914f9d&repository_id=ubi-8-appstream-source", + "referenceType": "purl", + "referenceCategory": "PACKAGE-MANAGER" + } + ], + "annotations": [ + { + "annotator": "Tool: cachi2:jsonencoded", + "annotationDate": "2025-01-13T09:51:43Z", + "annotationType": "OTHER", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-apr-1.6.3-f45835cfe760749f68574114b52bbfd25036acdd30ce3553c30a4708056dbbf2", + "name": "apr", + "versionInfo": "1.6.3", + "externalRefs": [ + { + "referenceLocator": "pkg:rpm/redhat/apr@1.6.3-12.el8?arch=x86_64&checksum=sha256:4be7cfbb58aeec0db66ac9d2e996de662499bac99a2788f934f87d6998ba073e&repository_id=ubi-8-appstream-rpms", + "referenceType": "purl", + "referenceCategory": "PACKAGE-MANAGER" + } + ], + "annotations": [ + { + "annotator": "Tool: cachi2:jsonencoded", + "annotationDate": "2025-01-13T09:51:43Z", + "annotationType": "OTHER", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-apr-util-1.6.1-54dac25e7fe18cff27ca527e7bd31f72d11596f313c8997cc7f5eda57396d4e6", + "name": "apr-util", + "versionInfo": "1.6.1", + "externalRefs": [ + { + "referenceLocator": "pkg:rpm/redhat/apr-util@1.6.1-9.el8?arch=src&checksum=sha256:3a7dec001ee63a28de3f1609a4b3da03ec9c8eda3f6802fe491cf456be267e82&repository_id=ubi-8-appstream-source", + "referenceType": "purl", + "referenceCategory": "PACKAGE-MANAGER" + } + ], + "annotations": [ + { + "annotator": "Tool: cachi2:jsonencoded", + "annotationDate": "2025-01-13T09:51:43Z", + "annotationType": "OTHER", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-apr-util-1.6.1-158322a7f051adb5cbf6a7e1d5a06c716bbf00d2a11211a8410023c2fc7cf2d0", + "name": "apr-util", + "versionInfo": "1.6.1", + "externalRefs": [ + { + "referenceLocator": "pkg:rpm/redhat/apr-util@1.6.1-9.el8?arch=x86_64&checksum=sha256:153b5f51d3e71191b5ccd483298911aeb9a0794cc9d8f13ae22cac8c5b3643e3&repository_id=ubi-8-appstream-rpms", + "referenceType": "purl", + "referenceCategory": "PACKAGE-MANAGER" + } + ], + "annotations": [ + { + "annotator": "Tool: cachi2:jsonencoded", + "annotationDate": "2025-01-13T09:51:43Z", + "annotationType": "OTHER", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-apr-util-bdb-1.6.1-80a350715c5d5bce1ed3adcb29bdac2f69b9e432b8e148486428fb5a1dbed133", + "name": "apr-util-bdb", + "versionInfo": "1.6.1", + "externalRefs": [ + { + "referenceLocator": "pkg:rpm/redhat/apr-util-bdb@1.6.1-9.el8?arch=x86_64&checksum=sha256:106ed56188f62702d967d3148b05ef2f0e43fceee7b2bc3d44dd53be20a300b5&repository_id=ubi-8-appstream-rpms", + "referenceType": "purl", + "referenceCategory": "PACKAGE-MANAGER" + } + ], + "annotations": [ + { + "annotator": "Tool: cachi2:jsonencoded", + "annotationDate": "2025-01-13T09:51:43Z", + "annotationType": "OTHER", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-apr-util-openssl-1.6.1-51b9c3b95c53f3b666732fc45eb7e926976375b5e848a0ff53c05e765441a319", + "name": "apr-util-openssl", + "versionInfo": "1.6.1", + "externalRefs": [ + { + "referenceLocator": "pkg:rpm/redhat/apr-util-openssl@1.6.1-9.el8?arch=x86_64&checksum=sha256:bb636fb6d64af9e9a9b3f432dd587d60946c987b31758c59a20a0d7872099c14&repository_id=ubi-8-appstream-rpms", + "referenceType": "purl", + "referenceCategory": "PACKAGE-MANAGER" + } + ], + "annotations": [ + { + "annotator": "Tool: cachi2:jsonencoded", + "annotationDate": "2025-01-13T09:51:43Z", + "annotationType": "OTHER", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-glibc-common-2.39-d94aa3f6228e20ca5fc645a33339470bb020492c164adf965d69388fc85a6e92", + "name": "glibc-common", + "versionInfo": "2.39", + "externalRefs": [ + { + "referenceLocator": "pkg:rpm/fedora/glibc-common@2.39-6.fc40?arch=x86_64&checksum=sha256:45fe79ffea9358fc7a4f233e2358b08678bdec476680d0655063b4a4058e8789&repository_id=releases", + "referenceType": "purl", + "referenceCategory": "PACKAGE-MANAGER" + } + ], + "annotations": [ + { + "annotator": "Tool: cachi2:jsonencoded", + "annotationDate": "2025-01-13T09:51:43Z", + "annotationType": "OTHER", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-glibc-common-2.39-fab6e099abf5033d3104beadf5ff1bf60708378f3a52f6e3d92ecdf708d3329a", + "name": "glibc-common", + "versionInfo": "2.39", + "externalRefs": [ + { + "referenceLocator": "pkg:rpm/fedora/glibc-common@2.39-6.fc40?arch=x86_64&repository_id=releases", + "referenceType": "purl", + "referenceCategory": "PACKAGE-MANAGER" + } + ], + "annotations": [ + { + "annotator": "Tool: cachi2:jsonencoded", + "annotationDate": "2025-01-13T09:51:43Z", + "annotationType": "OTHER", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + }, + { + "annotator": "Tool: cachi2:jsonencoded", + "annotationDate": "2025-01-13T09:51:43Z", + "annotationType": "OTHER", + "comment": "{\"name\": \"cachi2:missing_hash:in_file\", \"value\": \"another-project/rpms.lock.yaml\"}" + } + ], + "downloadLocation": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-glibc-minimal-langpack-2.38-3a5546b79055579930b001b0ff7d3aedf0cdce68ab86148169fa8d6f004ad7eb", + "name": "glibc-minimal-langpack", + "versionInfo": "2.38", + "externalRefs": [ + { + "referenceLocator": "pkg:rpm/fedora/glibc-minimal-langpack@2.38-7.fc39?arch=x86_64&checksum=sha256:6f9b45618d3b46fbbfb44407e05dd7054f3bd6a4df4f7291b576858b88deadc5&repository_id=releases", + "referenceType": "purl", + "referenceCategory": "PACKAGE-MANAGER" + } + ], + "annotations": [ + { + "annotator": "Tool: cachi2:jsonencoded", + "annotationDate": "2025-01-13T09:51:43Z", + "annotationType": "OTHER", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-glibc-minimal-langpack-2.39-e7fa29dee8fa39c1c698993c821122e82be41477d32b1e1927cc27005f92ec3f", + "name": "glibc-minimal-langpack", + "versionInfo": "2.39", + "externalRefs": [ + { + "referenceLocator": "pkg:rpm/fedora/glibc-minimal-langpack@2.39-6.fc40?arch=x86_64&checksum=sha256:9982f68ddcc3e972a2f3f220f29d56b0e9dde0e409bdecfe0bc559fe39013dde&repository_id=releases", + "referenceType": "purl", + "referenceCategory": "PACKAGE-MANAGER" + } + ], + "annotations": [ + { + "annotator": "Tool: cachi2:jsonencoded", + "annotationDate": "2025-01-13T09:51:43Z", + "annotationType": "OTHER", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-gzip-1.13-9d35dafbe4dd02490cb1d8927e51b0e34f7da5d593a4f30570c1f0a435a0d2db", + "name": "gzip", + "versionInfo": "1.13", + "externalRefs": [ + { + "referenceLocator": "pkg:rpm/fedora/gzip@1.13-1.fc40?arch=x86_64&checksum=sha256:6dcc2f8885135fc873c8ab94a6c7df05883060c5b25287956bebb3aa15a84e71&repository_id=releases", + "referenceType": "purl", + "referenceCategory": "PACKAGE-MANAGER" + } + ], + "annotations": [ + { + "annotator": "Tool: cachi2:jsonencoded", + "annotationDate": "2025-01-13T09:51:43Z", + "annotationType": "OTHER", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-httpd-2.4.37-4b5382e33a9ca75388ecf09694c83f42996d010c4ffb2bb68315fd79bf814406", + "name": "httpd", + "versionInfo": "2.4.37", + "externalRefs": [ + { + "referenceLocator": "pkg:rpm/redhat/httpd@2.4.37-65.module%2Bel8.10.0%2B22196%2Bd82931da.2?arch=src&checksum=sha256:bc1c91f3fce3452aa7dba9810592cf2a40957ef5d3b2d23a96c1853365425c50&repository_id=ubi-8-appstream-source", + "referenceType": "purl", + "referenceCategory": "PACKAGE-MANAGER" + } + ], + "annotations": [ + { + "annotator": "Tool: cachi2:jsonencoded", + "annotationDate": "2025-01-13T09:51:43Z", + "annotationType": "OTHER", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-httpd-tools-2.4.37-9635cd40e1b282eefd2d4dd96daf7b7d924041d526f0c7267f129a524a4894ac", + "name": "httpd-tools", + "versionInfo": "2.4.37", + "externalRefs": [ + { + "referenceLocator": "pkg:rpm/redhat/httpd-tools@2.4.37-65.module%2Bel8.10.0%2B22196%2Bd82931da.2?arch=x86_64&checksum=sha256:2b650ff7cfb275f157f849f7dc7883c4f7b9bf9f8d89e10a1406c4d7802b3387&repository_id=ubi-8-appstream-rpms", + "referenceType": "purl", + "referenceCategory": "PACKAGE-MANAGER" + } + ], + "annotations": [ + { + "annotator": "Tool: cachi2:jsonencoded", + "annotationDate": "2025-01-13T09:51:43Z", + "annotationType": "OTHER", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION" + } + ], + "files": [], + "relationships": [ + { + "spdxElementId": "SPDXRef-DOCUMENT", + "comment": "", + "relatedSpdxElement": "SPDXRef-DocumentRoot-File-", + "relationshipType": "DESCRIBES" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-File-", + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-apr-util-bdb-1.6.1-80a350715c5d5bce1ed3adcb29bdac2f69b9e432b8e148486428fb5a1dbed133", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-File-", + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-apr-util-openssl-1.6.1-51b9c3b95c53f3b666732fc45eb7e926976375b5e848a0ff53c05e765441a319", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-File-", + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-apr-util-1.6.1-54dac25e7fe18cff27ca527e7bd31f72d11596f313c8997cc7f5eda57396d4e6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-File-", + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-apr-util-1.6.1-158322a7f051adb5cbf6a7e1d5a06c716bbf00d2a11211a8410023c2fc7cf2d0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-File-", + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-apr-1.6.3-1e2e21f55c49e50881b467a875d1bbfede39dfe02594958a02463f5dbdb6e05e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-File-", + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-apr-1.6.3-f45835cfe760749f68574114b52bbfd25036acdd30ce3553c30a4708056dbbf2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-File-", + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-httpd-tools-2.4.37-9635cd40e1b282eefd2d4dd96daf7b7d924041d526f0c7267f129a524a4894ac", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-File-", + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-httpd-2.4.37-4b5382e33a9ca75388ecf09694c83f42996d010c4ffb2bb68315fd79bf814406", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-File-", + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-glibc-common-2.39-d94aa3f6228e20ca5fc645a33339470bb020492c164adf965d69388fc85a6e92", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-File-", + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-glibc-common-2.39-fab6e099abf5033d3104beadf5ff1bf60708378f3a52f6e3d92ecdf708d3329a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-File-", + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-glibc-minimal-langpack-2.38-3a5546b79055579930b001b0ff7d3aedf0cdce68ab86148169fa8d6f004ad7eb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-File-", + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-glibc-minimal-langpack-2.39-e7fa29dee8fa39c1c698993c821122e82be41477d32b1e1927cc27005f92ec3f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-File-", + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-gzip-1.13-9d35dafbe4dd02490cb1d8927e51b0e34f7da5d593a4f30570c1f0a435a0d2db", + "relationshipType": "CONTAINS" + } + ] +} diff --git a/icm-injection-scripts/scripts/test-inject-icm.sh b/icm-injection-scripts/scripts/test-inject-icm.sh new file mode 100755 index 0000000..123cd56 --- /dev/null +++ b/icm-injection-scripts/scripts/test-inject-icm.sh @@ -0,0 +1,64 @@ +#!/bin/bash +set -o errexit -o nounset -o pipefail + +SCRIPTDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null 2>&1 && pwd)" + +: "${TEST_SBOM_FORMAT?must set variable; valid values: cyclonedx, spdx}" +: "${TEST_IMAGE=icm-inject-test:latest}" + +banner() { + echo "--------------------------------------------------------------------------------" + echo "$1" + echo "--------------------------------------------------------------------------------" +} + +cleanup() { + rm -r "$WORKDIR" || true + buildah rm "$test_container" >/dev/null || true + buildah rmi "$TEST_IMAGE" >/dev/null || true +} +trap cleanup EXIT + +WORKDIR=$(mktemp -d --suffix=-icm-inject-test) + +banner "Creating test image: $TEST_IMAGE" +test_container=$(buildah from registry.fedoraproject.org/fedora-minimal:41) +buildah commit "$test_container" "$TEST_IMAGE" + +cd "$WORKDIR" + +banner "Running inject-icm.sh with a $TEST_SBOM_FORMAT SBOM" +cp "$SCRIPTDIR/test-data/sbom-cachi2-$TEST_SBOM_FORMAT.json" ./sbom-cachi2.json +bash "$SCRIPTDIR/inject-icm.sh" "$TEST_IMAGE" + +expect_icm=$(jq -n '{ + "metadata": { + "icm_version": 1, + "icm_spec": "https://raw.githubusercontent.com/containerbuildsystem/atomic-reactor/master/atomic_reactor/schemas/content_manifest.json", + "image_layer_index": 0 + }, + "from_dnf_hint": true, + "content_sets": [ + "releases", + "ubi-8-appstream-rpms", + "ubi-8-appstream-source" + ] +}') + +banner "Checking the content of /root/buildinfo/content_manifests/content-sets.json in $TEST_IMAGE" + +got_icm=$(podman run --rm "$TEST_IMAGE" cat /root/buildinfo/content_manifests/content-sets.json | jq) + +if [[ "$expect_icm" != "$got_icm" ]]; then + printf "%s\n" \ + "❌ Mismatched ICM files!" \ + "------------------------" \ + "Expected:" \ + "$expect_icm" \ + "------------------------" \ + "Got:" \ + "$got_icm" + exit 1 +else + echo "✅ Success!" +fi diff --git a/integration-tests/pipelines/e2e-tests-pipeline.yaml b/integration-tests/pipelines/e2e-tests-pipeline.yaml index f1c924f..e8771e6 100644 --- a/integration-tests/pipelines/e2e-tests-pipeline.yaml +++ b/integration-tests/pipelines/e2e-tests-pipeline.yaml @@ -30,7 +30,7 @@ spec: value: $(params.SNAPSHOT) script: | echo "SNAPSHOT: ${SNAPSHOT}" - export SOURCE_IMAGE=$(jq -r .components[0].containerImage <<< "$SNAPSHOT") + export SOURCE_IMAGE=$(jq -r '.components[] | select(.name == "source-container-build") | .containerImage' <<< "$SNAPSHOT") echo "Built image: ${SOURCE_IMAGE}" git clone --branch main https://github.com/redhat-appstudio/e2e-tests.git diff --git a/integration-tests/tasks/e2e-test.yaml b/integration-tests/tasks/e2e-test.yaml index df6ab91..906c6db 100644 --- a/integration-tests/tasks/e2e-test.yaml +++ b/integration-tests/tasks/e2e-test.yaml @@ -18,7 +18,7 @@ spec: type: string steps: - name: e2e-test - image: quay.io/redhat-user-workloads/konflux-qe-team-tenant/konflux-e2e/konflux-e2e-tests:766cb58dab7674a475b965a5329a728e4f9394d5 + image: quay.io/redhat-user-workloads/konflux-qe-team-tenant/konflux-e2e/konflux-e2e-tests:8729abe9ff69bfda25fea19b946d99aa576437e0 command: ["/konflux-e2e/konflux-e2e.test"] args: [ "--ginkgo.label-filter=source-build-e2e", diff --git a/multi-platform-runner/Dockerfile b/multi-platform-runner/Dockerfile index f624d58..eaf76c8 100644 --- a/multi-platform-runner/Dockerfile +++ b/multi-platform-runner/Dockerfile @@ -1,4 +1,4 @@ -FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4-1227.1725849298 +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.5-1734497536 ENV HOME=/root RUN microdnf install -y rsync openssh-clients buildah podman diff --git a/sbom-utility-scripts/Dockerfile b/sbom-utility-scripts/Dockerfile index 51794d9..06a36d7 100644 --- a/sbom-utility-scripts/Dockerfile +++ b/sbom-utility-scripts/Dockerfile @@ -1,10 +1,12 @@ -FROM registry.access.redhat.com/ubi9/python-39:1-197.1725907694@sha256:278ae38e8f28ccba3cb7cd542f684d739a84f771e418fc8018d07a522205b05c +FROM registry.access.redhat.com/ubi9/python-312:9.5-1736338296@sha256:9b84a91c94aa7e7ebfcd416db7857610bc7872ba6170cfa7b0753590d4b71dd0 WORKDIR /scripts COPY scripts/merge_syft_sboms.py /scripts -COPY scripts/merge-cachi2-sboms-script/merge_cachi2_sboms.py /scripts -COPY scripts/create_purl_sbom.py /scripts +COPY scripts/merge-sboms-script/merge_sboms.py /scripts +# for backwards compatibility, also ship the script at the original location +COPY scripts/merge-sboms-script/merge_sboms.py /scripts/merge_cachi2_sboms.py +COPY scripts/merge-sboms-script/requirements.txt /scripts/merge-sboms-script-requirements.txt COPY scripts/base-images-sbom-script/app/base_images_sbom_script.py /scripts COPY scripts/base-images-sbom-script/app/requirements.txt /scripts/base-images-sbom-script-requirements.txt COPY scripts/index-image-sbom-script/requirements.txt /scripts/index-image-sbom-script-requirements.txt @@ -14,6 +16,7 @@ COPY scripts/add-image-reference-script/add_image_reference.py /scripts COPY scripts/add-image-reference-script/requirements.txt /scripts/add-image-reference-requirements.txt RUN pip3 install --no-cache-dir \ + -r merge-sboms-script-requirements.txt \ -r base-images-sbom-script-requirements.txt \ -r index-image-sbom-script-requirements.txt \ -r add-image-reference-requirements.txt diff --git a/sbom-utility-scripts/scripts/add-image-reference-script/add_image_reference.py b/sbom-utility-scripts/scripts/add-image-reference-script/add_image_reference.py index caa6ce0..051d8f6 100755 --- a/sbom-utility-scripts/scripts/add-image-reference-script/add_image_reference.py +++ b/sbom-utility-scripts/scripts/add-image-reference-script/add_image_reference.py @@ -243,7 +243,21 @@ def describes_the_document(relationship_element: dict, doc_spdx_id: str) -> bool def is_virtual_root(package: dict) -> bool: """ - Check if the package is a virtual - usually a package with empty values. + Check if the package is a virtual root - usually a package with empty values. + + For example: + + { + "SPDXID": "SPDXRef-DocumentRoot-Unknown", + "name": "", + "versionInfo": "" + } + + { + "SPDXID": "SPDXRef-DocumentRoot-Directory-.-some-directory", + "name": "./some-directory", + "versionInfo": "" + } Args: package (dict): A package element from the SBOM. @@ -251,7 +265,8 @@ def is_virtual_root(package: dict) -> bool: Returns: bool: A boolean indicating if the package is a virtual root. """ - return not package.get("name") + name = package.get("name") + return not name or name.startswith((".", "/")) def redirect_current_roots_to_new_root(sbom: dict, new_root: str) -> dict: @@ -265,7 +280,7 @@ def redirect_current_roots_to_new_root(sbom: dict, new_root: str) -> dict: Returns: dict: Updated SBOM with the new root node identifier. """ - for relationship in sbom["relationships"]: + for relationship in sbom["relationships"].copy(): if not describes_the_document(relationship, sbom["SPDXID"]): continue diff --git a/sbom-utility-scripts/scripts/add-image-reference-script/test_add_image_reference.py b/sbom-utility-scripts/scripts/add-image-reference-script/test_add_image_reference.py index bc2a781..abcb822 100644 --- a/sbom-utility-scripts/scripts/add-image-reference-script/test_add_image_reference.py +++ b/sbom-utility-scripts/scripts/add-image-reference-script/test_add_image_reference.py @@ -115,8 +115,13 @@ def test_is_virtual_root() -> None: assert add_image_reference.is_virtual_root(package) is True - package["name"] = "bar" + package["name"] = "./some-dir" + assert add_image_reference.is_virtual_root(package) is True + package["name"] = "/some/absolute/path" + assert add_image_reference.is_virtual_root(package) is True + + package["name"] = "bar" assert add_image_reference.is_virtual_root(package) is False @@ -125,12 +130,16 @@ def test_redirect_current_roots_to_new_root() -> None: sbom = { "packages": [ {"SPDXID": "virtual", "name": ""}, + {"SPDXID": "virtual2", "name": "./some-dir"}, {"SPDXID": "bar", "name": "bar"}, {"SPDXID": "baz", "name": "baz"}, + {"SPDXID": "spam", "name": "spam"}, ], "relationships": [ {"spdxElementId": "foo", "relationshipType": "DESCRIBES", "relatedSpdxElement": "virtual"}, + {"spdxElementId": "foo", "relationshipType": "DESCRIBES", "relatedSpdxElement": "virtual2"}, {"spdxElementId": "virtual", "relationshipType": "CONTAINS", "relatedSpdxElement": "baz"}, + {"spdxElementId": "virtual2", "relationshipType": "CONTAINS", "relatedSpdxElement": "spam"}, ], "SPDXID": "foo", } @@ -140,9 +149,11 @@ def test_redirect_current_roots_to_new_root() -> None: "packages": [ {"SPDXID": "bar", "name": "bar"}, {"SPDXID": "baz", "name": "baz"}, + {"SPDXID": "spam", "name": "spam"}, ], "relationships": [ {"spdxElementId": "bar", "relationshipType": "CONTAINS", "relatedSpdxElement": "baz"}, + {"spdxElementId": "bar", "relationshipType": "CONTAINS", "relatedSpdxElement": "spam"}, ], "SPDXID": "foo", } @@ -153,10 +164,14 @@ def test_redirect_current_roots_to_new_root() -> None: {"SPDXID": "npm", "name": "npm"}, {"SPDXID": "bar", "name": "bar"}, {"SPDXID": "baz", "name": "baz"}, + {"SPDXID": "pip", "name": "pip"}, + {"SPDXID": "spam", "name": "spam"}, ], "relationships": [ {"spdxElementId": "foo", "relationshipType": "DESCRIBES", "relatedSpdxElement": "npm"}, + {"spdxElementId": "foo", "relationshipType": "DESCRIBES", "relatedSpdxElement": "pip"}, {"spdxElementId": "npm", "relationshipType": "CONTAINS", "relatedSpdxElement": "baz"}, + {"spdxElementId": "pip", "relationshipType": "CONTAINS", "relatedSpdxElement": "spam"}, ], "SPDXID": "foo", } @@ -167,10 +182,14 @@ def test_redirect_current_roots_to_new_root() -> None: {"SPDXID": "npm", "name": "npm"}, {"SPDXID": "bar", "name": "bar"}, {"SPDXID": "baz", "name": "baz"}, + {"SPDXID": "pip", "name": "pip"}, + {"SPDXID": "spam", "name": "spam"}, ], "relationships": [ {"spdxElementId": "bar", "relationshipType": "CONTAINS", "relatedSpdxElement": "npm"}, + {"spdxElementId": "bar", "relationshipType": "CONTAINS", "relatedSpdxElement": "pip"}, {"spdxElementId": "npm", "relationshipType": "CONTAINS", "relatedSpdxElement": "baz"}, + {"spdxElementId": "pip", "relationshipType": "CONTAINS", "relatedSpdxElement": "spam"}, ], "SPDXID": "foo", } diff --git a/sbom-utility-scripts/scripts/add-image-reference-script/tox.ini b/sbom-utility-scripts/scripts/add-image-reference-script/tox.ini index a0ff21a..0d6449e 100644 --- a/sbom-utility-scripts/scripts/add-image-reference-script/tox.ini +++ b/sbom-utility-scripts/scripts/add-image-reference-script/tox.ini @@ -2,6 +2,7 @@ env_list = flake8,black,test [testenv:test] +basepython = 3.12 deps = -r requirements-test.txt -r requirements.txt commands = pytest ./ \ diff --git a/sbom-utility-scripts/scripts/base-images-sbom-script/README.md b/sbom-utility-scripts/scripts/base-images-sbom-script/README.md index 7a416de..f2fee64 100644 --- a/sbom-utility-scripts/scripts/base-images-sbom-script/README.md +++ b/sbom-utility-scripts/scripts/base-images-sbom-script/README.md @@ -5,10 +5,12 @@ This is a script that creates sbom data for base images. It is used in It takes several inputs: 1. path to the sbom file, that will be updated in place with the base image data -2. path to a file containing base images as taken from from the dockerfile (with preserved order) -3. path to a file containing base images with digests, generated from the output of **buildah images --format '{{ .Name }}:{{ .Tag }}@{{ .Digest }}'**. The dockerfile order must be preserved as well - +2. path to a json file containing parsed Dockerfile via dockerfile-json +3. path to a file containing base images references as used during in the Dockerfile mapped to the full image references +with digests. This mapping is expected to be in the format ` `. +The full image reference with digest is generated from the output of `buildah images --format '{{ .Name }}:{{ .Tag }}@{{ .Digest }}'`. +## CycloneDX The base images data will be added in the [formulation attribute](https://cyclonedx.org/docs/1.5/json/#formulation), by appending new item with the **components** array. This will not affect any other items in the formulation array. If the formulation part of the sbom does not exist, it is created. @@ -70,6 +72,78 @@ If a base image is used multiple times, only one component with multiple propert }, ``` +## SPDX + +The script adds the base images to the `.packages` array in the SBOM and adds +` BUILD_TOOL_OF ` relationships to the `.relationships` array. + +Where the CycloneDX SBOM uses `.properties` to indicate whether the image is a "builder" +image or a base image for SPDX we use annotations instead +(see the [relevant section of the ADR][spdx-adr-properties]). + +The result might look something like this: + +``` +{ + // ... + "packages": [ + // ... + { + "SPDXID": "SPDXRef-image-quay.io/mkosiarc_rhtap/single-container-app-9520a72cbb69edfca5cac88ea2a9e0e09142ec934952b9420d686e77765f002c", + "name": "quay.io/mkosiarc_rhtap/single-container-app", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/single-container-app@sha256:8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941?repository_url=quay.io/mkosiarc_rhtap/single-container-app" + } + ], + "annotations": [ + { + "annotator": "Tool: konflux:jsonencoded", + "comment": "{\"name\":\"konflux:container:is_builder_image:for_stage\",\"value\":\"0\"}", + "annotationDate": "2024-12-09T12:00:00Z", + "annotationType": "OTHER" + } + ] + }, + { + "SPDXID": "SPDXRef-image-registry.access.redhat.com/ubi8/ubi-0f22256f634f8205fbd9c438c387ccf2d4859250e04104571c93fdb89a62bae1", + "name": "registry.access.redhat.com/ubi8/ubi", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/ubi@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac?repository_url=registry.access.redhat.com/ubi8/ubi" + } + ], + "annotations": [ + { + "annotator": "Tool: konflux:jsonencoded", + "comment": "{\"name\":\"konflux:container:is_builder_image:for_stage\",\"value\":\"1\"}", + "annotationDate": "2024-12-09T12:00:00Z", + "annotationType": "OTHER" + } + ] + } + ], + "relationships": [ + // ... + { + "spdxElementId": "SPDXRef-image-quay.io/mkosiarc_rhtap/single-container-app-9520a72cbb69edfca5cac88ea2a9e0e09142ec934952b9420d686e77765f002c", + "relationshipType": "BUILD_TOOL_OF", + "relatedSpdxElement": "SPDXRef-main" + }, + { + "spdxElementId": "SPDXRef-image-registry.access.redhat.com/ubi8/ubi-0f22256f634f8205fbd9c438c387ccf2d4859250e04104571c93fdb89a62bae1", + "relationshipType": "BUILD_TOOL_OF", + "relatedSpdxElement": "SPDXRef-main" + } + ] +} +``` ## The image The image that is used in the buildah task in Konflux is built by the Github CI and pushed to @@ -82,4 +156,5 @@ during development with: ``` tox -e test ``` - \ No newline at end of file + +[spdx-adr-properties]: https://github.com/konflux-ci/architecture/blob/main/ADR/0044-spdx-support.md#componentproperties diff --git a/sbom-utility-scripts/scripts/base-images-sbom-script/app/base_images_sbom_script.py b/sbom-utility-scripts/scripts/base-images-sbom-script/app/base_images_sbom_script.py index ce2221f..c607be6 100644 --- a/sbom-utility-scripts/scripts/base-images-sbom-script/app/base_images_sbom_script.py +++ b/sbom-utility-scripts/scripts/base-images-sbom-script/app/base_images_sbom_script.py @@ -1,14 +1,44 @@ -import json import argparse +import datetime +import hashlib +import json import pathlib +from typing import Any, Literal, NamedTuple, NewType, TypedDict -from collections import namedtuple from packageurl import PackageURL -ParsedImage = namedtuple("ParsedImage", "repository, digest, name") +class ParsedImage(NamedTuple): + repository: str + digest: str + name: str + + +class CDXComponent(TypedDict): + """The relevant attributes of a CycloneDX Component.""" + + type: str + name: str + purl: str + properties: list[dict[str, str]] + + +SPDXID = NewType("SPDXID", str) -def parse_image_reference_to_parts(image): + +class SPDXPackage(TypedDict): + """The relevant attributes of an SPDX Package (the equivalent of a CycloneDX Component).""" + + # SPDXID, name and downloadLocation are required per the SPDX 2.3 schema + # https://github.com/spdx/spdx-spec/blob/ed8c9b520963b651fce3c86422b387e92e6d9a8f/schemas/spdx-schema.json#L438 + SPDXID: SPDXID + name: str + downloadLocation: str + externalRefs: list[dict[str, str]] + annotations: list[dict[str, str]] + + +def parse_image_reference_to_parts(image: str) -> ParsedImage: """ This function expects that the image is in the expected format as generated from the output of @@ -18,7 +48,7 @@ def parse_image_reference_to_parts(image): :return: ParsedImage (namedTuple): the image parsed into individual parts """ - # example image: registry.access.redhat.com/ubi8/ubi:latest@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac # noqa + # example image: registry.access.redhat.com/ubi8/ubi:latest@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac # repository_with_tag = registry.access.redhat.com/ubi8/ubi:latest # digest = sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac # repository = registry.access.redhat.com/ubi8/ubi @@ -33,29 +63,56 @@ def parse_image_reference_to_parts(image): return ParsedImage(repository=repository, digest=digest, name=name) -def get_base_images_sbom_components(base_images_digests, is_last_from_scratch): +def get_base_images_sbom_components(base_images: list[str], base_images_digests: dict[str, str]) -> list[CDXComponent]: """ Creates the base images sbom data - :param base_images_digests: (List) - list of base images digests, same as BASE_IMAGE_DIGESTS tekton result - :param is_last_from_scratch: (Boolean) - Is the last stage/base image from scratch? - :return: components (List) - List of dict items in which each item contains sbom data about each base image + :param base_images: List of base images used during build, in the order they were used. The values here + are the keys in the base_images_digests dict. + For example: + ["registry.access.redhat.com/ubi8/ubi:latest"] + :param base_images_digests: Dict of base images references, where the key is the image reference as + used in the original Dockerfile (The elements of base_images param) + and the values are the full image reference with digests that was + actually used by buildah during build time. + For example: + { + "registry.access.redhat.com/ubi8/ubi:latest": + "registry.access.redhat.com/ubi8/ubi:latest@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac" + } + :return: List of dict items in which each item contains sbom data about each base image """ - components = [] - already_used_base_images = set() + components: list[CDXComponent] = [] + already_used_base_images: set[str] = set() - # property_name shows whether the image was used only in the building process - # or if it is the final base image. If the final base image is scratch, then - # this is omitted, because we aren't including scratch in the sbom. - for index, image in enumerate(base_images_digests): + for index, image in enumerate(base_images): + # flatpak archive and scratch are not real base images. So we skip them, but + # in a way that allows us to keep the correct track of index variable that + # refers to stage number. + if image.startswith("oci-archive") or image == "scratch": + continue + + # property_name shows whether the image was used only in the building process + # or if it is the final base image. property_name = "konflux:container:is_builder_image:for_stage" property_value = str(index) - if index == len(base_images_digests) - 1 and not is_last_from_scratch: + + # This is not reached if the last "image" was scratch or oci-archive. + # That is because we don't consider them base images, and we aren't putting + # them in SBOM + if index == len(base_images) - 1: property_name = "konflux:container:is_base_image" property_value = "true" - parsed_image = parse_image_reference_to_parts(image) + # It could happen that we have a base image from the parsed Dockerfile, but we don't have + # a digest reference for it. This could happen when buildah skipped the stage, due to optimization + # when it is unreachable, or redundant. Since in this case, it was not used in the actual build, + # it is ok to just skip these stages + base_image_digest = base_images_digests.get(image) + if not base_image_digest: + continue + parsed_image = parse_image_reference_to_parts(base_image_digest) purl = PackageURL( type="oci", @@ -75,7 +132,7 @@ def get_base_images_sbom_components(base_images_digests, is_last_from_scratch): if component["purl"] == purl_str: component["properties"].append(property) else: - component = { + component: CDXComponent = { "type": "container", "name": parsed_image.repository, "purl": purl_str, @@ -87,23 +144,174 @@ def get_base_images_sbom_components(base_images_digests, is_last_from_scratch): return components -def parse_args(): +def get_base_images_from_dockerfile(parsed_dockerfile: dict[str, Any]) -> list[str]: + """ + Reads the base images from provided parsed dockerfile + + :param parsed_dockerfile: Contents of the parsed dockerfile + :return: base_images List of base images used during build as extracted + from the dockerfile in the order they were used. + + Example: + If the Dockerfile looks like + FROM registry.access.redhat.com/ubi8/ubi:latest as builder + ... + FROM builder + ... + + Then the relevant part of parsed_dockerfile look like + { + "Stages": [ + { + "BaseName": "registry.access.redhat.com/ubi8/ubi:latest", + "As": "builder", + "From": {"Image": "registry.access.redhat.com/ubi8/ubi:latest"}, + }, + { + "BaseName": "builder", + "From": {"Stage": {"Named": "builder", "Index": 0}}, + }, + ] + }, + """ + base_images: list[str] = [] + + # this part of the json is the relevant one that contains the + # info about base images + stages = parsed_dockerfile["Stages"] + + for stage in stages: + if "Image" in stage["From"]: + base_images.append(stage["From"]["Image"]) + elif "Scratch" in stage["From"]: + base_images.append("scratch") + elif "Stage" in stage["From"]: + stage_index = stage["From"]["Stage"]["Index"] + # Find the original stage/image. Named stage can refer to another named stage, + # so continue looking until we find the image those stages refer to. + while stage_index is not None: + refered_stage = stages[stage_index] + stage_index = refered_stage.get("From").get("Stage", {}).get("Index", None) + if stage_index is None: + base_images.append(refered_stage["From"]["Image"]) + + return base_images + + +def cdx_to_spdx(cdx: CDXComponent, annotation_date: datetime.datetime) -> SPDXPackage: + name = cdx["name"] + purl = cdx["purl"] + # consistent with index_image_sbom_script.py + spdxid = SPDXID(f"SPDXRef-image-{name}-{hashlib.sha256(purl.encode()).hexdigest()}") + + return { + "SPDXID": spdxid, + "name": name, + "downloadLocation": "NOASSERTION", + # https://github.com/konflux-ci/architecture/blob/main/ADR/0044-spdx-support.md#componentpurl + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": purl, + }, + ], + # https://github.com/konflux-ci/architecture/blob/main/ADR/0044-spdx-support.md#componentproperties + "annotations": [ + { + "annotator": "Tool: konflux:jsonencoded", + "comment": json.dumps(cdx_property, separators=(",", ":")), + # https://spdx.github.io/spdx-spec/v2.3/annotations/#122-annotation-date-field + "annotationDate": annotation_date.strftime("%Y-%m-%dT%H:%M:%SZ"), + "annotationType": "OTHER", + } + for cdx_property in cdx["properties"] + ], + } + + +def find_spdx_root_package(sbom: dict[str, Any]) -> SPDXID: + """Find the element that's in relationship DESCRIBES . + + If there isn't exactly one such element, raise an error. + """ + doc_spxid = sbom["SPDXID"] + doc_describes = [ + r["relatedSpdxElement"] + for r in sbom.get("relationships", []) + if r["spdxElementId"] == doc_spxid and r["relationshipType"] == "DESCRIBES" + ] + if len(doc_describes) != 1: + raise ValueError( + "Expected to find exactly one DESCRIBES relationship. " + f"Found {len(doc_describes)} ROOTs: {doc_describes}" + ) + return SPDXID(doc_describes[0]) + + +def update_cyclonedx_sbom(sbom: dict[str, Any], base_images: list[CDXComponent]) -> None: + """Update (in-place) a CycloneDX SBOM with a list of base images. + + Add an item containing the base image list into the .formulation section. + + :param base_images: list of base images in CycloneDX format + """ + sbom.setdefault("formulation", []).append({"components": base_images}) + + +def update_spdx_sbom(sbom: dict[str, Any], base_images: list[SPDXPackage]) -> None: + """Update (in-place) an SPDX SBOM with a list of base images. + + Add the base images to the .packages section. + Add BUILD_TOOL_OF relationships to the .relationships section. + + :param base_images: list of base images in SPDX format + """ + root = find_spdx_root_package(sbom) + relationships = [ + { + "spdxElementId": base_image["SPDXID"], + "relationshipType": "BUILD_TOOL_OF", + "relatedSpdxElement": root, + } + for base_image in base_images + ] + + sbom.setdefault("packages", []).extend(base_images) + sbom.setdefault("relationships", []).extend(relationships) + + +def detect_sbom_type(sbom: dict[str, Any]) -> Literal["cyclonedx", "spdx"]: + if sbom.get("bomFormat") == "CycloneDX": + return "cyclonedx" + elif sbom.get("spdxVersion"): + return "spdx" + else: + raise ValueError("Unknown SBOM format") + + +def _datetime_utc_now() -> datetime.datetime: + # a mockable datetime.datetime.now (just for tests): + return datetime.datetime.now(datetime.UTC) + + +def parse_args() -> argparse.Namespace: parser = argparse.ArgumentParser( description="Updates the sbom file with base images data based on the provided files" ) parser.add_argument("--sbom", type=pathlib.Path, help="Path to the sbom file", required=True) parser.add_argument( - "--base-images-from-dockerfile", + "--parsed-dockerfile", type=pathlib.Path, - help="Path to the file containing base images extracted from Dockerfile via grep, sed and awk in the buildah " - "task", + help="Path to the file containing parsed Dockerfile in json format extracted " + "from dockerfile-json in buildah task", required=True, ) parser.add_argument( "--base-images-digests", type=pathlib.Path, help="Path to the file containing base images digests." - " This is taken from the BASE_IMAGES_DIGEST tekton result that was generated from" + " This is taken from the base_images_digests file that was generated from" "the output of 'buildah images'", required=True, ) @@ -112,25 +320,31 @@ def parse_args(): return args -def main(): - +def main() -> None: args = parse_args() - base_images_from_dockerfile = args.base_images_from_dockerfile.read_text().splitlines() - base_images_digests = args.base_images_digests.read_text().splitlines() + with args.parsed_dockerfile.open("r") as f: + parsed_dockerfile = json.load(f) + + base_images = get_base_images_from_dockerfile(parsed_dockerfile) + + base_images_digests_raw = args.base_images_digests.read_text().splitlines() + base_images_digests = dict(item.split() for item in base_images_digests_raw) - is_last_from_scratch = False - if base_images_from_dockerfile[-1] == "scratch": - is_last_from_scratch = True + base_images_sbom_components = get_base_images_sbom_components(base_images, base_images_digests) + # base_images_sbom_components could be empty, when having just one stage FROM scratch + if not base_images_sbom_components: + return with args.sbom.open("r") as f: sbom = json.load(f) - base_images_sbom_components = get_base_images_sbom_components(base_images_digests, is_last_from_scratch) - if "formulation" in sbom: - sbom["formulation"].append({"components": base_images_sbom_components}) + if detect_sbom_type(sbom) == "cyclonedx": + update_cyclonedx_sbom(sbom, base_images_sbom_components) else: - sbom.update({"formulation": [{"components": base_images_sbom_components}]}) + annotation_date = _datetime_utc_now() + base_images_spdx = [cdx_to_spdx(c, annotation_date) for c in base_images_sbom_components] + update_spdx_sbom(sbom, base_images_spdx) with args.sbom.open("w") as f: json.dump(sbom, f, indent=4) diff --git a/sbom-utility-scripts/scripts/base-images-sbom-script/app/test_base_images_sbom_script.py b/sbom-utility-scripts/scripts/base-images-sbom-script/app/test_base_images_sbom_script.py index 6d36dcc..aa4ab08 100644 --- a/sbom-utility-scripts/scripts/base-images-sbom-script/app/test_base_images_sbom_script.py +++ b/sbom-utility-scripts/scripts/base-images-sbom-script/app/test_base_images_sbom_script.py @@ -1,30 +1,40 @@ -import pytest import json - +import datetime +from pathlib import Path +from typing import Any from unittest.mock import MagicMock -from base_images_sbom_script import get_base_images_sbom_components, main, parse_image_reference_to_parts, ParsedImage +import pytest +from pytest_mock import MockerFixture + +from base_images_sbom_script import ( + ParsedImage, + get_base_images_from_dockerfile, + get_base_images_sbom_components, + main, + parse_image_reference_to_parts, +) @pytest.mark.parametrize( - "base_images_digests, is_last_from_scratch, expected_result", + "base_images, base_images_digests, expected_result", [ - # two builder images, last base image is from scratch + # two builder images, last stage is from scratch ( [ - "quay.io/mkosiarc_rhtap/single-container-app:f2566ab@sha256" - ":8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", - "registry.access.redhat.com/ubi8/ubi:latest@sha256" - ":627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", + "quay.io/mkosiarc_rhtap/single-container-app:f2566ab", + "registry.access.redhat.com/ubi8/ubi:latest", + "scratch", ], - True, + { + "quay.io/mkosiarc_rhtap/single-container-app:f2566ab": "quay.io/mkosiarc_rhtap/single-container-app:f2566ab@sha256:8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "registry.access.redhat.com/ubi8/ubi:latest": "registry.access.redhat.com/ubi8/ubi:latest@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", + }, [ { "type": "container", "name": "quay.io/mkosiarc_rhtap/single-container-app", - "purl": "pkg:oci/single-container-app@sha256" - ":8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941?repository_url=quay.io" - "/mkosiarc_rhtap/single-container-app", + "purl": "pkg:oci/single-container-app@sha256:8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941?repository_url=quay.io/mkosiarc_rhtap/single-container-app", "properties": [ { "name": "konflux:container:is_builder_image:for_stage", @@ -35,8 +45,7 @@ { "type": "container", "name": "registry.access.redhat.com/ubi8/ubi", - "purl": "pkg:oci/ubi@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac" - "?repository_url=registry.access.redhat.com/ubi8/ubi", + "purl": "pkg:oci/ubi@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac?repository_url=registry.access.redhat.com/ubi8/ubi", "properties": [ { "name": "konflux:container:is_builder_image:for_stage", @@ -49,19 +58,18 @@ # one builder image, one parent image ( [ - "quay.io/mkosiarc_rhtap/single-container-app:f2566ab@sha256" - ":8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", - "registry.access.redhat.com/ubi8/ubi:latest@sha256" - ":627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", + "quay.io/mkosiarc_rhtap/single-container-app:f2566ab", + "registry.access.redhat.com/ubi8/ubi:latest", ], - False, + { + "quay.io/mkosiarc_rhtap/single-container-app:f2566ab": "quay.io/mkosiarc_rhtap/single-container-app:f2566ab@sha256:8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "registry.access.redhat.com/ubi8/ubi:latest": "registry.access.redhat.com/ubi8/ubi:latest@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", + }, [ { "type": "container", "name": "quay.io/mkosiarc_rhtap/single-container-app", - "purl": "pkg:oci/single-container-app@sha256" - ":8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941?repository_url=quay.io" - "/mkosiarc_rhtap/single-container-app", + "purl": "pkg:oci/single-container-app@sha256:8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941?repository_url=quay.io/mkosiarc_rhtap/single-container-app", "properties": [ { "name": "konflux:container:is_builder_image:for_stage", @@ -72,43 +80,37 @@ { "type": "container", "name": "registry.access.redhat.com/ubi8/ubi", - "purl": "pkg:oci/ubi@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac" - "?repository_url=registry.access.redhat.com/ubi8/ubi", + "purl": "pkg:oci/ubi@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac?repository_url=registry.access.redhat.com/ubi8/ubi", "properties": [{"name": "konflux:container:is_base_image", "value": "true"}], }, ], ), # just one parent image ( - [ - "registry.access.redhat.com/ubi8/ubi:latest@sha256" - ":627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", - ], - False, + ["registry.access.redhat.com/ubi8/ubi:latest"], + { + "registry.access.redhat.com/ubi8/ubi:latest": "registry.access.redhat.com/ubi8/ubi:latest@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", + }, [ { "type": "container", "name": "registry.access.redhat.com/ubi8/ubi", - "purl": "pkg:oci/ubi@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac" - "?repository_url=registry.access.redhat.com/ubi8/ubi", + "purl": "pkg:oci/ubi@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac?repository_url=registry.access.redhat.com/ubi8/ubi", "properties": [{"name": "konflux:container:is_base_image", "value": "true"}], }, ], ), - # one builder, last base image from scratch + # one builder, last stage from scratch ( - [ - "quay.io/mkosiarc_rhtap/single-container-app:f2566ab@sha256" - ":8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", - ], - True, + ["quay.io/mkosiarc_rhtap/single-container-app:f2566ab", "scratch"], + { + "quay.io/mkosiarc_rhtap/single-container-app:f2566ab": "quay.io/mkosiarc_rhtap/single-container-app:f2566ab@sha256:8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + }, [ { "type": "container", "name": "quay.io/mkosiarc_rhtap/single-container-app", - "purl": "pkg:oci/single-container-app@sha256" - ":8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941?repository_url=quay.io" - "/mkosiarc_rhtap/single-container-app", + "purl": "pkg:oci/single-container-app@sha256:8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941?repository_url=quay.io/mkosiarc_rhtap/single-container-app", "properties": [ { "name": "konflux:container:is_builder_image:for_stage", @@ -118,25 +120,26 @@ }, ], ), - # four builder images, and from scratch base image + # four builder images, and from scratch in last stage ( [ - "quay.io/builder1/builder1:aaaaaaa@sha256" - ":1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", - "quay.io/builder2/builder2:bbbbbbb@sha256" - ":2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942", - "quay.io/builder3/builder3:ccccccc@sha256" - ":3f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420943", - "quay.io/builder4/builder4:ddddddd@sha256" - ":4f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420944", + "quay.io/builder1/builder1:aaaaaaa@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "quay.io/builder2/builder2:bbbbbbb@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942", + "quay.io/builder3/builder3:ccccccc@sha256:3f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420943", + "quay.io/builder4/builder4:ddddddd@sha256:4f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420944", + "scratch", ], - True, + { + "quay.io/builder1/builder1:aaaaaaa@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941": "quay.io/builder1/builder1:aaaaaaa@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "quay.io/builder2/builder2:bbbbbbb@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942": "quay.io/builder2/builder2:bbbbbbb@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942", + "quay.io/builder3/builder3:ccccccc@sha256:3f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420943": "quay.io/builder3/builder3:ccccccc@sha256:3f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420943", + "quay.io/builder4/builder4:ddddddd@sha256:4f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420944": "quay.io/builder4/builder4:ddddddd@sha256:4f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420944", + }, [ { "type": "container", "name": "quay.io/builder1/builder1", - "purl": "pkg:oci/builder1@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941" - "?repository_url=quay.io/builder1/builder1", + "purl": "pkg:oci/builder1@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941?repository_url=quay.io/builder1/builder1", "properties": [ { "name": "konflux:container:is_builder_image:for_stage", @@ -147,8 +150,7 @@ { "type": "container", "name": "quay.io/builder2/builder2", - "purl": "pkg:oci/builder2@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942" - "?repository_url=quay.io/builder2/builder2", + "purl": "pkg:oci/builder2@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942?repository_url=quay.io/builder2/builder2", "properties": [ { "name": "konflux:container:is_builder_image:for_stage", @@ -159,8 +161,7 @@ { "type": "container", "name": "quay.io/builder3/builder3", - "purl": "pkg:oci/builder3@sha256:3f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420943" - "?repository_url=quay.io/builder3/builder3", + "purl": "pkg:oci/builder3@sha256:3f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420943?repository_url=quay.io/builder3/builder3", "properties": [ { "name": "konflux:container:is_builder_image:for_stage", @@ -171,8 +172,7 @@ { "type": "container", "name": "quay.io/builder4/builder4", - "purl": "pkg:oci/builder4@sha256:4f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420944" - "?repository_url=quay.io/builder4/builder4", + "purl": "pkg:oci/builder4@sha256:4f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420944?repository_url=quay.io/builder4/builder4", "properties": [ { "name": "konflux:container:is_builder_image:for_stage", @@ -185,24 +185,24 @@ # four builders and one parent image ( [ - "quay.io/builder1/builder1:aaaaaaa@sha256" - ":1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", - "quay.io/builder2/builder2:bbbbbbb@sha256" - ":2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942", - "quay.io/builder3/builder3:ccccccc@sha256" - ":3f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420943", - "quay.io/builder4/builder4:ddddddd@sha256" - ":4f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420944", - "registry.access.redhat.com/ubi8/ubi:latest@sha256" - ":627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", + "quay.io/builder1/builder1:aaaaaaa@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "quay.io/builder2/builder2:bbbbbbb@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942", + "quay.io/builder3/builder3:ccccccc@sha256:3f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420943", + "quay.io/builder4/builder4:ddddddd@sha256:4f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420944", + "registry.access.redhat.com/ubi8/ubi:latest@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", ], - False, + { + "quay.io/builder1/builder1:aaaaaaa@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941": "quay.io/builder1/builder1:aaaaaaa@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "quay.io/builder2/builder2:bbbbbbb@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942": "quay.io/builder2/builder2:bbbbbbb@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942", + "quay.io/builder3/builder3:ccccccc@sha256:3f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420943": "quay.io/builder3/builder3:ccccccc@sha256:3f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420943", + "quay.io/builder4/builder4:ddddddd@sha256:4f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420944": "quay.io/builder4/builder4:ddddddd@sha256:4f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420944", + "registry.access.redhat.com/ubi8/ubi:latest@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac": "registry.access.redhat.com/ubi8/ubi:latest@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", + }, [ { "type": "container", "name": "quay.io/builder1/builder1", - "purl": "pkg:oci/builder1@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941" - "?repository_url=quay.io/builder1/builder1", + "purl": "pkg:oci/builder1@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941?repository_url=quay.io/builder1/builder1", "properties": [ { "name": "konflux:container:is_builder_image:for_stage", @@ -213,8 +213,7 @@ { "type": "container", "name": "quay.io/builder2/builder2", - "purl": "pkg:oci/builder2@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942" - "?repository_url=quay.io/builder2/builder2", + "purl": "pkg:oci/builder2@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942?repository_url=quay.io/builder2/builder2", "properties": [ { "name": "konflux:container:is_builder_image:for_stage", @@ -225,8 +224,7 @@ { "type": "container", "name": "quay.io/builder3/builder3", - "purl": "pkg:oci/builder3@sha256:3f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420943" - "?repository_url=quay.io/builder3/builder3", + "purl": "pkg:oci/builder3@sha256:3f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420943?repository_url=quay.io/builder3/builder3", "properties": [ { "name": "konflux:container:is_builder_image:for_stage", @@ -237,8 +235,7 @@ { "type": "container", "name": "quay.io/builder4/builder4", - "purl": "pkg:oci/builder4@sha256:4f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420944" - "?repository_url=quay.io/builder4/builder4", + "purl": "pkg:oci/builder4@sha256:4f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420944?repository_url=quay.io/builder4/builder4", "properties": [ { "name": "konflux:container:is_builder_image:for_stage", @@ -249,35 +246,33 @@ { "type": "container", "name": "registry.access.redhat.com/ubi8/ubi", - "purl": "pkg:oci/ubi@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac" - "?repository_url=registry.access.redhat.com/ubi8/ubi", + "purl": "pkg:oci/ubi@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac?repository_url=registry.access.redhat.com/ubi8/ubi", "properties": [{"name": "konflux:container:is_base_image", "value": "true"}], }, ], ), - # 3 builders and one final base image. builder 1 is reused twice, resulting in multiple properties + # 3 builders and one final base image. builder 1 is reused three times, resulting in multiple properties ( [ - "quay.io/builder1/builder1:aaaaaaa@sha256" - ":1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", - "quay.io/builder2/builder2:bbbbbbb@sha256" - ":2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942", - "quay.io/builder1/builder1:aaaaaaa@sha256" - ":1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", - "quay.io/builder3/builder3:ccccccc@sha256" - ":3f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420943", - "quay.io/builder1/builder1:aaaaaaa@sha256" - ":1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", - "registry.access.redhat.com/ubi8/ubi:latest@sha256" - ":627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", - ], - False, + "quay.io/builder1/builder1:aaaaaaa@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "quay.io/builder2/builder2:bbbbbbb@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942", + "quay.io/builder1/builder1:aaaaaaa@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "quay.io/builder3/builder3:ccccccc@sha256:3f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420943", + "quay.io/builder1/builder1:aaaaaaa@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "registry.access.redhat.com/ubi8/ubi:latest@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", + ], + { + "quay.io/builder1/builder1:aaaaaaa@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941": "quay.io/builder1/builder1:aaaaaaa@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "quay.io/builder2/builder2:bbbbbbb@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942": "quay.io/builder2/builder2:bbbbbbb@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942", + "quay.io/builder3/builder3:ccccccc@sha256:3f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420943": "quay.io/builder3/builder3:ccccccc@sha256:3f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420943", + "quay.io/builder4/builder4:ddddddd@sha256:4f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420944": "quay.io/builder4/builder4:ddddddd@sha256:4f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420944", + "registry.access.redhat.com/ubi8/ubi:latest@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac": "registry.access.redhat.com/ubi8/ubi:latest@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", + }, [ { "type": "container", "name": "quay.io/builder1/builder1", - "purl": "pkg:oci/builder1@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941" - "?repository_url=quay.io/builder1/builder1", + "purl": "pkg:oci/builder1@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941?repository_url=quay.io/builder1/builder1", "properties": [ { "name": "konflux:container:is_builder_image:for_stage", @@ -296,8 +291,7 @@ { "type": "container", "name": "quay.io/builder2/builder2", - "purl": "pkg:oci/builder2@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942" - "?repository_url=quay.io/builder2/builder2", + "purl": "pkg:oci/builder2@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942?repository_url=quay.io/builder2/builder2", "properties": [ { "name": "konflux:container:is_builder_image:for_stage", @@ -308,8 +302,7 @@ { "type": "container", "name": "quay.io/builder3/builder3", - "purl": "pkg:oci/builder3@sha256:3f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420943" - "?repository_url=quay.io/builder3/builder3", + "purl": "pkg:oci/builder3@sha256:3f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420943?repository_url=quay.io/builder3/builder3", "properties": [ { "name": "konflux:container:is_builder_image:for_stage", @@ -331,27 +324,27 @@ }, ], ), - # 3 builders and final base image is scratch. builder 1 is reused twice, resulting in multiple properties + # 3 builders and final base image is scratch. builder 1 is reused three times, resulting in multiple properties ( [ - "quay.io/builder1/builder1:aaaaaaa@sha256" - ":1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", - "quay.io/builder2/builder2:bbbbbbb@sha256" - ":2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942", - "quay.io/builder1/builder1:aaaaaaa@sha256" - ":1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", - "quay.io/builder3/builder3:ccccccc@sha256" - ":3f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420943", - "quay.io/builder1/builder1:aaaaaaa@sha256" - ":1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "quay.io/builder1/builder1:aaaaaaa@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "quay.io/builder2/builder2:bbbbbbb@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942", + "quay.io/builder1/builder1:aaaaaaa@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "quay.io/builder3/builder3:ccccccc@sha256:3f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420943", + "quay.io/builder1/builder1:aaaaaaa@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "scratch", ], - True, + { + "quay.io/builder1/builder1:aaaaaaa@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941": "quay.io/builder1/builder1:aaaaaaa@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "quay.io/builder2/builder2:bbbbbbb@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942": "quay.io/builder2/builder2:bbbbbbb@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942", + "quay.io/builder3/builder3:ccccccc@sha256:3f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420943": "quay.io/builder3/builder3:ccccccc@sha256:3f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420943", + "quay.io/builder4/builder4:ddddddd@sha256:4f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420944": "quay.io/builder4/builder4:ddddddd@sha256:4f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420944", + }, [ { "type": "container", "name": "quay.io/builder1/builder1", - "purl": "pkg:oci/builder1@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941" - "?repository_url=quay.io/builder1/builder1", + "purl": "pkg:oci/builder1@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941?repository_url=quay.io/builder1/builder1", "properties": [ { "name": "konflux:container:is_builder_image:for_stage", @@ -370,8 +363,7 @@ { "type": "container", "name": "quay.io/builder2/builder2", - "purl": "pkg:oci/builder2@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942" - "?repository_url=quay.io/builder2/builder2", + "purl": "pkg:oci/builder2@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942?repository_url=quay.io/builder2/builder2", "properties": [ { "name": "konflux:container:is_builder_image:for_stage", @@ -382,8 +374,7 @@ { "type": "container", "name": "quay.io/builder3/builder3", - "purl": "pkg:oci/builder3@sha256:3f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420943" - "?repository_url=quay.io/builder3/builder3", + "purl": "pkg:oci/builder3@sha256:3f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420943?repository_url=quay.io/builder3/builder3", "properties": [ { "name": "konflux:container:is_builder_image:for_stage", @@ -396,20 +387,19 @@ # 2 builders and builder 1 is then reused as final base image, resulting in multiple properties ( [ - "quay.io/builder1/builder1:aaaaaaa@sha256" - ":1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", - "quay.io/builder2/builder2:bbbbbbb@sha256" - ":2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942", - "quay.io/builder1/builder1:aaaaaaa@sha256" - ":1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "quay.io/builder1/builder1:aaaaaaa@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "quay.io/builder2/builder2:bbbbbbb@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942", + "quay.io/builder1/builder1:aaaaaaa@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", ], - False, + { + "quay.io/builder1/builder1:aaaaaaa@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941": "quay.io/builder1/builder1:aaaaaaa@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "quay.io/builder2/builder2:bbbbbbb@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942": "quay.io/builder2/builder2:bbbbbbb@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942", + }, [ { "type": "container", "name": "quay.io/builder1/builder1", - "purl": "pkg:oci/builder1@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941" - "?repository_url=quay.io/builder1/builder1", + "purl": "pkg:oci/builder1@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941?repository_url=quay.io/builder1/builder1", "properties": [ { "name": "konflux:container:is_builder_image:for_stage", @@ -424,8 +414,7 @@ { "type": "container", "name": "quay.io/builder2/builder2", - "purl": "pkg:oci/builder2@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942" - "?repository_url=quay.io/builder2/builder2", + "purl": "pkg:oci/builder2@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942?repository_url=quay.io/builder2/builder2", "properties": [ { "name": "konflux:container:is_builder_image:for_stage", @@ -435,243 +424,789 @@ }, ], ), + # Two images, both reused and several oci-archives and from scratch layers + ( + [ + "quay.io/builder1/builder1:aaaaaaa@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "scratch", + "quay.io/builder2/builder2:bbbbbbb@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942", + "scratch", + "quay.io/builder1/builder1:aaaaaaa@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "oci-archive:export/out.ociarchive", + "quay.io/builder2/builder2:bbbbbbb@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942", + "oci-archive:export/out.ociarchive", + "quay.io/builder1/builder1:aaaaaaa@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + ], + { + "quay.io/builder1/builder1:aaaaaaa@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941": "quay.io/builder1/builder1:aaaaaaa@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "quay.io/builder2/builder2:bbbbbbb@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942": "quay.io/builder2/builder2:bbbbbbb@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942", + }, + [ + { + "type": "container", + "name": "quay.io/builder1/builder1", + "purl": "pkg:oci/builder1@sha256:1f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941?repository_url=quay.io/builder1/builder1", + "properties": [ + { + "name": "konflux:container:is_builder_image:for_stage", + "value": "0", + }, + { + "name": "konflux:container:is_builder_image:for_stage", + "value": "4", + }, + { + "name": "konflux:container:is_base_image", + "value": "true", + }, + ], + }, + { + "type": "container", + "name": "quay.io/builder2/builder2", + "purl": "pkg:oci/builder2@sha256:2f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420942?repository_url=quay.io/builder2/builder2", + "properties": [ + { + "name": "konflux:container:is_builder_image:for_stage", + "value": "2", + }, + { + "name": "konflux:container:is_builder_image:for_stage", + "value": "6", + }, + ], + }, + ], + ), + # one builder, last stage from oci-archive + ( + [ + "quay.io/mkosiarc_rhtap/single-container-app:f2566ab", + "oci-archive:export/out.ociarchive", + ], + { + "quay.io/mkosiarc_rhtap/single-container-app:f2566ab": "quay.io/mkosiarc_rhtap/single-container-app:f2566ab@sha256:8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + }, + [ + { + "type": "container", + "name": "quay.io/mkosiarc_rhtap/single-container-app", + "purl": "pkg:oci/single-container-app@sha256:8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941?repository_url=quay.io/mkosiarc_rhtap/single-container-app", + "properties": [ + { + "name": "konflux:container:is_builder_image:for_stage", + "value": "0", + } + ], + }, + ], + ), + # just from scratch + ( + ["scratch"], + {}, # empty base_images_digests + [], # SBOM not created + ), ], ) -def test_get_base_images_sbom_components(base_images_digests, is_last_from_scratch, expected_result): - result = get_base_images_sbom_components(base_images_digests, is_last_from_scratch) +def test_get_base_images_sbom_components(base_images, base_images_digests, expected_result): + result = get_base_images_sbom_components(base_images, base_images_digests) assert result == expected_result -def test_main_input_sbom_does_not_contain_formulation(tmp_path, mocker): - sbom_file = tmp_path / "sbom.json" - base_images_from_dockerfile_file = tmp_path / "base_images_from_dockerfile.txt" - base_images_digests_file = tmp_path / "base_images_digests.txt" - - # minimal input sbom file - sbom_file.write_text( - """{ - "project_name": "MyProject", - "version": "1.0", - "components": [] - }""" - ) - - # one builder images and one base image - base_images_from_dockerfile_file.write_text( - "quay.io/mkosiarc_rhtap/single-container-app:f2566ab\nregistry.access.redhat.com/ubi8/ubi:latest" - ) - base_images_digests_file.write_text( - "quay.io/mkosiarc_rhtap/single-container-app:f2566ab@sha256" - ":8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941\nregistry.access.redhat.com/ubi8/ubi" - ":latest@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac " - ) - - # mock the parsed args, to avoid testing parse_args function - mock_args = MagicMock() - mock_args.sbom = sbom_file - mock_args.base_images_from_dockerfile = base_images_from_dockerfile_file - mock_args.base_images_digests = base_images_digests_file - mocker.patch("base_images_sbom_script.parse_args", return_value=mock_args) - - main() - - expected_output = { - "formulation": [ +@pytest.mark.parametrize( + ["input_sbom", "parsed_dockerfile", "base_images_digests_lines", "expect_result"], + [ + pytest.param( + # minimal CycloneDX SBOM + { + "bomFormat": "CycloneDX", + "version": "1.0", + "components": [], + }, + # one builder images and one base image + { + "Stages": [ + {"From": {"Image": "quay.io/mkosiarc_rhtap/single-container-app:f2566ab"}}, + {"From": {"Image": "registry.access.redhat.com/ubi8/ubi:latest"}}, + ] + }, + # base image digests + [ + "quay.io/mkosiarc_rhtap/single-container-app:f2566ab quay.io/mkosiarc_rhtap/single-container-app:f2566ab@sha256:8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "registry.access.redhat.com/ubi8/ubi:latest registry.access.redhat.com/ubi8/ubi:latest@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", + ], + # expected output + { + "bomFormat": "CycloneDX", + "version": "1.0", + "components": [], + "formulation": [ + { + "components": [ + { + "type": "container", + "name": "quay.io/mkosiarc_rhtap/single-container-app", + "purl": "pkg:oci/single-container-app@sha256:8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941?repository_url=quay.io/mkosiarc_rhtap/single-container-app", + "properties": [ + { + "name": "konflux:container:is_builder_image:for_stage", + "value": "0", + } + ], + }, + { + "type": "container", + "name": "registry.access.redhat.com/ubi8/ubi", + "purl": "pkg:oci/ubi@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac?repository_url=registry.access.redhat.com/ubi8/ubi", + "properties": [ + { + "name": "konflux:container:is_base_image", + "value": "true", + } + ], + }, + ] + } + ], + }, + id="cyclonedx-no-formulation", + ), + pytest.param( + # minimal CycloneDX SBOM + { + "bomFormat": "CycloneDX", + "version": "1.0", + "components": [], + }, + # two builder images, base from scratch + { + "Stages": [ + {"From": {"Image": "quay.io/mkosiarc_rhtap/single-container-app:f2566ab"}}, + {"From": {"Image": "registry.access.redhat.com/ubi8/ubi:latest"}}, + {"From": {"Scratch": True}}, + ] + }, + # base image digests + [ + "quay.io/mkosiarc_rhtap/single-container-app:f2566ab quay.io/mkosiarc_rhtap/single-container-app:f2566ab@sha256:8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "registry.access.redhat.com/ubi8/ubi:latest registry.access.redhat.com/ubi8/ubi:latest@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", + ], + # expected output + { + "bomFormat": "CycloneDX", + "version": "1.0", + "components": [], + "formulation": [ + { + "components": [ + { + "type": "container", + "name": "quay.io/mkosiarc_rhtap/single-container-app", + "purl": "pkg:oci/single-container-app@sha256:8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941?repository_url=quay.io/mkosiarc_rhtap/single-container-app", + "properties": [ + { + "name": "konflux:container:is_builder_image:for_stage", + "value": "0", + } + ], + }, + { + "type": "container", + "name": "registry.access.redhat.com/ubi8/ubi", + "purl": "pkg:oci/ubi@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac?repository_url=registry.access.redhat.com/ubi8/ubi", + # Note: the property is "is_builder_image", not "is_base_image". + # There is no base image, the base is from scratch. + "properties": [ + { + "name": "konflux:container:is_builder_image:for_stage", + "value": "1", + } + ], + }, + ] + } + ], + }, + id="cyclonedx-no-formulation-base-from-scratch", + ), + pytest.param( + # CycloneDX SBOM with .formulation + { + "bomFormat": "CycloneDX", + "version": "1.0", + "components": [], + "formulation": [ + { + "components": [ + { + "type": "library", + "name": "fresh", + "version": "0.5.2", + "purl": "pkg:npm/fresh@0.5.2", + } + ] + } + ], + }, + # two builder images, base from scratch + { + "Stages": [ + {"From": {"Image": "quay.io/mkosiarc_rhtap/single-container-app:f2566ab"}}, + {"From": {"Image": "registry.access.redhat.com/ubi8/ubi:latest"}}, + {"From": {"Scratch": True}}, + ] + }, + # base image digests + [ + "quay.io/mkosiarc_rhtap/single-container-app:f2566ab quay.io/mkosiarc_rhtap/single-container-app:f2566ab@sha256:8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "registry.access.redhat.com/ubi8/ubi:latest registry.access.redhat.com/ubi8/ubi:latest@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", + ], + # expected output + { + "bomFormat": "CycloneDX", + "version": "1.0", + "components": [], + "formulation": [ + { + "components": [ + { + "type": "library", + "name": "fresh", + "version": "0.5.2", + "purl": "pkg:npm/fresh@0.5.2", + } + ] + }, + # The new formulation is appended to the existing formulations + { + "components": [ + { + "type": "container", + "name": "quay.io/mkosiarc_rhtap/single-container-app", + "purl": "pkg:oci/single-container-app@sha256:8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941?repository_url=quay.io/mkosiarc_rhtap/single-container-app", + "properties": [ + { + "name": "konflux:container:is_builder_image:for_stage", + "value": "0", + } + ], + }, + { + "type": "container", + "name": "registry.access.redhat.com/ubi8/ubi", + "purl": "pkg:oci/ubi@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac?repository_url=registry.access.redhat.com/ubi8/ubi", + # Note: the property is "is_builder_image", not "is_base_image". + # There is no base image, the base is from scratch. + "properties": [ + { + "name": "konflux:container:is_builder_image:for_stage", + "value": "1", + } + ], + }, + ] + }, + ], + }, + id="cyclonedx-has-formulation-base-from-scratch", + ), + pytest.param( + # Unknown SBOM format + {}, + # one builder images and one base image + { + "Stages": [ + {"From": {"Image": "quay.io/mkosiarc_rhtap/single-container-app:f2566ab"}}, + {"From": {"Image": "registry.access.redhat.com/ubi8/ubi:latest"}}, + ] + }, + # base image digests + [ + "quay.io/mkosiarc_rhtap/single-container-app:f2566ab quay.io/mkosiarc_rhtap/single-container-app:f2566ab@sha256:8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "registry.access.redhat.com/ubi8/ubi:latest registry.access.redhat.com/ubi8/ubi:latest@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", + ], + # expected output + ValueError(r"Unknown SBOM format"), + id="unknown-sbom-format", + ), + pytest.param( + # SPDX SBOM with no root package + { + "SPDXID": "SPDXRef-Document", + "spdxVersion": "SPDX-2.3", + "name": "MyProject", + "documentNamespace": "http://example.com/uid-1234", + }, + # one builder images and one base image + { + "Stages": [ + {"From": {"Image": "quay.io/mkosiarc_rhtap/single-container-app:f2566ab"}}, + {"From": {"Image": "registry.access.redhat.com/ubi8/ubi:latest"}}, + ] + }, + # base image digests + [ + "quay.io/mkosiarc_rhtap/single-container-app:f2566ab quay.io/mkosiarc_rhtap/single-container-app:f2566ab@sha256:8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "registry.access.redhat.com/ubi8/ubi:latest registry.access.redhat.com/ubi8/ubi:latest@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", + ], + # expected output + ValueError(r"Found 0 ROOTs: \[\]"), + id="spdx-missing-root", + ), + pytest.param( + # SPDX SBOM with too many roots + { + "SPDXID": "SPDXRef-Document", + "spdxVersion": "SPDX-2.3", + "name": "MyProject", + "documentNamespace": "http://example.com/uid-1234", + "packages": [ + { + "SPDXID": "SPDXRef-root1", + "name": "", + "downloadLocation": "NOASSERTION", + }, + { + "SPDXID": "SPDXRef-root2", + "name": "", + "downloadLocation": "NOASSERTION", + }, + ], + "relationships": [ + { + "spdxElementId": "SPDXRef-Document", + "relationshipType": "DESCRIBES", + "relatedSpdxElement": "SPDXRef-root1", + }, + { + "spdxElementId": "SPDXRef-Document", + "relationshipType": "DESCRIBES", + "relatedSpdxElement": "SPDXRef-root2", + }, + ], + }, + # one builder images and one base image + { + "Stages": [ + {"From": {"Image": "quay.io/mkosiarc_rhtap/single-container-app:f2566ab"}}, + {"From": {"Image": "registry.access.redhat.com/ubi8/ubi:latest"}}, + ] + }, + # base image digests + [ + "quay.io/mkosiarc_rhtap/single-container-app:f2566ab quay.io/mkosiarc_rhtap/single-container-app:f2566ab@sha256:8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "registry.access.redhat.com/ubi8/ubi:latest registry.access.redhat.com/ubi8/ubi:latest@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", + ], + # expected output + ValueError(r"Found 2 ROOTs: \['SPDXRef-root1', 'SPDXRef-root2'\]"), + id="spdx-too-many-roots", + ), + pytest.param( + # minimal valid SPDX SBOM { - "components": [ + "SPDXID": "SPDXRef-Document", + "spdxVersion": "SPDX-2.3", + "name": "MyProject", + "documentNamespace": "http://example.com/uid-1234", + "packages": [ { - "type": "container", + "SPDXID": "SPDXRef-image-my-cool-image", + "name": "MyMainPackage", + "downloadLocation": "NOASSERTION", + }, + ], + "relationships": [ + { + "spdxElementId": "SPDXRef-Document", + "relationshipType": "DESCRIBES", + "relatedSpdxElement": "SPDXRef-image-my-cool-image", + }, + ], + }, + # one builder images and one base image + { + "Stages": [ + {"From": {"Image": "quay.io/mkosiarc_rhtap/single-container-app:f2566ab"}}, + {"From": {"Image": "registry.access.redhat.com/ubi8/ubi:latest"}}, + ] + }, + # base image digests + [ + "quay.io/mkosiarc_rhtap/single-container-app:f2566ab quay.io/mkosiarc_rhtap/single-container-app:f2566ab@sha256:8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "registry.access.redhat.com/ubi8/ubi:latest registry.access.redhat.com/ubi8/ubi:latest@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", + ], + # expected output + { + "SPDXID": "SPDXRef-Document", + "spdxVersion": "SPDX-2.3", + "name": "MyProject", + "documentNamespace": "http://example.com/uid-1234", + "packages": [ + { + "SPDXID": "SPDXRef-image-my-cool-image", + "name": "MyMainPackage", + "downloadLocation": "NOASSERTION", + }, + { + "SPDXID": "SPDXRef-image-quay.io/mkosiarc_rhtap/single-container-app-9520a72cbb69edfca5cac88ea2a9e0e09142ec934952b9420d686e77765f002c", "name": "quay.io/mkosiarc_rhtap/single-container-app", - "purl": "pkg:oci/single-container-app@sha256" - ":8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941?repository_url" - "=quay.io/mkosiarc_rhtap/single-container-app", - "properties": [ + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/single-container-app@sha256:8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941?repository_url=quay.io/mkosiarc_rhtap/single-container-app", + } + ], + "annotations": [ { - "name": "konflux:container:is_builder_image:for_stage", - "value": "0", + "annotator": "Tool: konflux:jsonencoded", + "comment": '{"name":"konflux:container:is_builder_image:for_stage","value":"0"}', + "annotationDate": "2024-12-09T12:00:00Z", + "annotationType": "OTHER", } ], }, { - "type": "container", + "SPDXID": "SPDXRef-image-registry.access.redhat.com/ubi8/ubi-0f22256f634f8205fbd9c438c387ccf2d4859250e04104571c93fdb89a62bae1", "name": "registry.access.redhat.com/ubi8/ubi", - "purl": "pkg:oci/ubi@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac" - "?repository_url=registry.access.redhat.com/ubi8/ubi", - "properties": [ + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/ubi@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac?repository_url=registry.access.redhat.com/ubi8/ubi", + } + ], + "annotations": [ { - "name": "konflux:container:is_base_image", - "value": "true", + "annotator": "Tool: konflux:jsonencoded", + "comment": '{"name":"konflux:container:is_base_image","value":"true"}', + "annotationDate": "2024-12-09T12:00:00Z", + "annotationType": "OTHER", } ], }, + ], + "relationships": [ + { + "spdxElementId": "SPDXRef-Document", + "relationshipType": "DESCRIBES", + "relatedSpdxElement": "SPDXRef-image-my-cool-image", + }, + { + "spdxElementId": "SPDXRef-image-quay.io/mkosiarc_rhtap/single-container-app-9520a72cbb69edfca5cac88ea2a9e0e09142ec934952b9420d686e77765f002c", + "relationshipType": "BUILD_TOOL_OF", + "relatedSpdxElement": "SPDXRef-image-my-cool-image", + }, + { + "spdxElementId": "SPDXRef-image-registry.access.redhat.com/ubi8/ubi-0f22256f634f8205fbd9c438c387ccf2d4859250e04104571c93fdb89a62bae1", + "relationshipType": "BUILD_TOOL_OF", + "relatedSpdxElement": "SPDXRef-image-my-cool-image", + }, + ], + }, + id="spdx-minimal", + ), + pytest.param( + # minimal valid SPDX SBOM + { + "SPDXID": "SPDXRef-Document", + "spdxVersion": "SPDX-2.3", + "name": "MyProject", + "documentNamespace": "http://example.com/uid-1234", + "packages": [ + { + "SPDXID": "SPDXRef-image-my-cool-image", + "name": "MyMainPackage", + "downloadLocation": "NOASSERTION", + }, + ], + "relationships": [ + { + "spdxElementId": "SPDXRef-Document", + "relationshipType": "DESCRIBES", + "relatedSpdxElement": "SPDXRef-image-my-cool-image", + }, + ], + }, + # two builder images, base from scratch + { + "Stages": [ + {"From": {"Image": "quay.io/mkosiarc_rhtap/single-container-app:f2566ab"}}, + {"From": {"Image": "registry.access.redhat.com/ubi8/ubi:latest"}}, + {"From": {"Scratch": True}}, ] - } - ] - } - - with sbom_file.open("r") as f: - sbom = json.load(f) - - assert "formulation" in sbom - assert expected_output["formulation"] == sbom["formulation"] - - -def test_main_input_sbom_does_not_contain_formulation_and_base_image_from_scratch(tmp_path, mocker): - sbom_file = tmp_path / "sbom.json" - base_images_from_dockerfile_file = tmp_path / "base_images_from_dockerfile.txt" - base_images_digests_file = tmp_path / "base_images_digests.txt" - - # minimal input sbom file - sbom_file.write_text( - """{ - "project_name": "MyProject", - "version": "1.0", - "components": [] - }""" - ) - - # two builder images and the last one is from scratch - base_images_from_dockerfile_file.write_text( - "quay.io/mkosiarc_rhtap/single-container-app:f2566ab\nregistry.access.redhat.com/ubi8/ubi:latest\nscratch" - ) - base_images_digests_file.write_text( - "quay.io/mkosiarc_rhtap/single-container-app:f2566ab@sha256" - ":8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941\nregistry.access.redhat.com/ubi8/ubi" - ":latest@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac " - ) - - # mock the parsed args, to avoid testing parse_args function - mock_args = MagicMock() - mock_args.sbom = sbom_file - mock_args.base_images_from_dockerfile = base_images_from_dockerfile_file - mock_args.base_images_digests = base_images_digests_file - mocker.patch("base_images_sbom_script.parse_args", return_value=mock_args) - - main() - - expected_output = { - "formulation": [ + }, + # base image digests + [ + "quay.io/mkosiarc_rhtap/single-container-app:f2566ab quay.io/mkosiarc_rhtap/single-container-app:f2566ab@sha256:8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "registry.access.redhat.com/ubi8/ubi:latest registry.access.redhat.com/ubi8/ubi:latest@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", + ], + # expected output { - "components": [ + "SPDXID": "SPDXRef-Document", + "spdxVersion": "SPDX-2.3", + "name": "MyProject", + "documentNamespace": "http://example.com/uid-1234", + "packages": [ { - "type": "container", + "SPDXID": "SPDXRef-image-my-cool-image", + "name": "MyMainPackage", + "downloadLocation": "NOASSERTION", + }, + { + "SPDXID": "SPDXRef-image-quay.io/mkosiarc_rhtap/single-container-app-9520a72cbb69edfca5cac88ea2a9e0e09142ec934952b9420d686e77765f002c", "name": "quay.io/mkosiarc_rhtap/single-container-app", - "purl": "pkg:oci/single-container-app@sha256" - ":8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941?repository_url" - "=quay.io/mkosiarc_rhtap/single-container-app", - "properties": [ + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/single-container-app@sha256:8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941?repository_url=quay.io/mkosiarc_rhtap/single-container-app", + } + ], + "annotations": [ { - "name": "konflux:container:is_builder_image:for_stage", - "value": "0", + "annotator": "Tool: konflux:jsonencoded", + "comment": '{"name":"konflux:container:is_builder_image:for_stage","value":"0"}', + "annotationDate": "2024-12-09T12:00:00Z", + "annotationType": "OTHER", } ], }, { - "type": "container", + "SPDXID": "SPDXRef-image-registry.access.redhat.com/ubi8/ubi-0f22256f634f8205fbd9c438c387ccf2d4859250e04104571c93fdb89a62bae1", "name": "registry.access.redhat.com/ubi8/ubi", - "purl": "pkg:oci/ubi@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac" - "?repository_url=registry.access.redhat.com/ubi8/ubi", - "properties": [ + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/ubi@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac?repository_url=registry.access.redhat.com/ubi8/ubi", + } + ], + "annotations": [ { - "name": "konflux:container:is_builder_image:for_stage", - "value": "1", + "annotator": "Tool: konflux:jsonencoded", + "comment": '{"name":"konflux:container:is_builder_image:for_stage","value":"1"}', + "annotationDate": "2024-12-09T12:00:00Z", + "annotationType": "OTHER", } ], }, + ], + "relationships": [ + { + "spdxElementId": "SPDXRef-Document", + "relationshipType": "DESCRIBES", + "relatedSpdxElement": "SPDXRef-image-my-cool-image", + }, + { + "spdxElementId": "SPDXRef-image-quay.io/mkosiarc_rhtap/single-container-app-9520a72cbb69edfca5cac88ea2a9e0e09142ec934952b9420d686e77765f002c", + "relationshipType": "BUILD_TOOL_OF", + "relatedSpdxElement": "SPDXRef-image-my-cool-image", + }, + { + "spdxElementId": "SPDXRef-image-registry.access.redhat.com/ubi8/ubi-0f22256f634f8205fbd9c438c387ccf2d4859250e04104571c93fdb89a62bae1", + "relationshipType": "BUILD_TOOL_OF", + "relatedSpdxElement": "SPDXRef-image-my-cool-image", + }, + ], + }, + id="spdx-minimal-base-from-scratch", + ), + pytest.param( + # SPDX SBOM with some existing packages + { + "SPDXID": "SPDXRef-Document", + "spdxVersion": "SPDX-2.3", + "name": "MyProject", + "documentNamespace": "http://example.com/uid-1234", + "packages": [ + { + "SPDXID": "SPDXRef-image-my-cool-image", + "name": "MyMainPackage", + "downloadLocation": "NOASSERTION", + }, + { + "SPDXID": "SPDXRef-some-runtime-dep", + "name": "SomeDependency", + "downloadLocation": "NOASSERTION", + }, + { + "SPDXID": "SPDXRef-some-builddep", + "name": "BuildTool", + "downloadLocation": "NOASSERTION", + }, + ], + "relationships": [ + { + "spdxElementId": "SPDXRef-Document", + "relationshipType": "DESCRIBES", + "relatedSpdxElement": "SPDXRef-image-my-cool-image", + }, + { + "spdxElementId": "SPDXRef-image-my-cool-image", + "relationshipType": "CONTAINS", + "relatedSpdxElement": "SPDXRef-some-runtime-dep", + }, + { + "spdxElementId": "SPDXRef-some-builddep", + "relationshipType": "BUILD_TOOL_OF", + "relatedSpdxElement": "SPDXRef-image-my-cool-image", + }, + ], + }, + # two builder images, base from scratch + { + "Stages": [ + {"From": {"Image": "quay.io/mkosiarc_rhtap/single-container-app:f2566ab"}}, + {"From": {"Image": "registry.access.redhat.com/ubi8/ubi:latest"}}, + {"From": {"Scratch": True}}, ] - } - ] - } - - with sbom_file.open("r") as f: - sbom = json.load(f) - - assert "formulation" in sbom - assert expected_output["formulation"] == sbom["formulation"] - - -def test_main_input_sbom_contains_formulation(tmp_path, mocker): + }, + # base image digests + [ + "quay.io/mkosiarc_rhtap/single-container-app:f2566ab quay.io/mkosiarc_rhtap/single-container-app:f2566ab@sha256:8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941", + "registry.access.redhat.com/ubi8/ubi:latest registry.access.redhat.com/ubi8/ubi:latest@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", + ], + # expected output + { + "SPDXID": "SPDXRef-Document", + "spdxVersion": "SPDX-2.3", + "name": "MyProject", + "documentNamespace": "http://example.com/uid-1234", + "packages": [ + { + "SPDXID": "SPDXRef-image-my-cool-image", + "name": "MyMainPackage", + "downloadLocation": "NOASSERTION", + }, + { + "SPDXID": "SPDXRef-some-runtime-dep", + "name": "SomeDependency", + "downloadLocation": "NOASSERTION", + }, + { + "SPDXID": "SPDXRef-some-builddep", + "name": "BuildTool", + "downloadLocation": "NOASSERTION", + }, + { + "SPDXID": "SPDXRef-image-quay.io/mkosiarc_rhtap/single-container-app-9520a72cbb69edfca5cac88ea2a9e0e09142ec934952b9420d686e77765f002c", + "name": "quay.io/mkosiarc_rhtap/single-container-app", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/single-container-app@sha256:8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941?repository_url=quay.io/mkosiarc_rhtap/single-container-app", + } + ], + "annotations": [ + { + "annotator": "Tool: konflux:jsonencoded", + "comment": '{"name":"konflux:container:is_builder_image:for_stage","value":"0"}', + "annotationDate": "2024-12-09T12:00:00Z", + "annotationType": "OTHER", + } + ], + }, + { + "SPDXID": "SPDXRef-image-registry.access.redhat.com/ubi8/ubi-0f22256f634f8205fbd9c438c387ccf2d4859250e04104571c93fdb89a62bae1", + "name": "registry.access.redhat.com/ubi8/ubi", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/ubi@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac?repository_url=registry.access.redhat.com/ubi8/ubi", + } + ], + "annotations": [ + { + "annotator": "Tool: konflux:jsonencoded", + "comment": '{"name":"konflux:container:is_builder_image:for_stage","value":"1"}', + "annotationDate": "2024-12-09T12:00:00Z", + "annotationType": "OTHER", + } + ], + }, + ], + "relationships": [ + { + "spdxElementId": "SPDXRef-Document", + "relationshipType": "DESCRIBES", + "relatedSpdxElement": "SPDXRef-image-my-cool-image", + }, + { + "spdxElementId": "SPDXRef-image-my-cool-image", + "relationshipType": "CONTAINS", + "relatedSpdxElement": "SPDXRef-some-runtime-dep", + }, + { + "spdxElementId": "SPDXRef-some-builddep", + "relationshipType": "BUILD_TOOL_OF", + "relatedSpdxElement": "SPDXRef-image-my-cool-image", + }, + { + "spdxElementId": "SPDXRef-image-quay.io/mkosiarc_rhtap/single-container-app-9520a72cbb69edfca5cac88ea2a9e0e09142ec934952b9420d686e77765f002c", + "relationshipType": "BUILD_TOOL_OF", + "relatedSpdxElement": "SPDXRef-image-my-cool-image", + }, + { + "spdxElementId": "SPDXRef-image-registry.access.redhat.com/ubi8/ubi-0f22256f634f8205fbd9c438c387ccf2d4859250e04104571c93fdb89a62bae1", + "relationshipType": "BUILD_TOOL_OF", + "relatedSpdxElement": "SPDXRef-image-my-cool-image", + }, + ], + }, + id="spdx-nonminimal-base-from-scratch", + ), + ], +) +def test_main( + input_sbom: dict[str, Any], + parsed_dockerfile: dict[str, Any], + base_images_digests_lines: list[str], + expect_result: dict[str, Any] | Exception, + tmp_path: Path, + mocker: MockerFixture, +): sbom_file = tmp_path / "sbom.json" - base_images_from_dockerfile_file = tmp_path / "base_images_from_dockerfile.txt" - base_images_digests_file = tmp_path / "base_images_digests.txt" + parsed_dockerfile_file = tmp_path / "parsed_dockerfile.json" + base_images_digests_raw_file = tmp_path / "base_images_digests.txt" - # minimal sbom with existing formulation that contains components item - sbom_file.write_text( - """ - { - "project_name": "MyProject", - "version": "1.0", - "components": [], - "formulation": [ - { - "components": [ - { - "type": "library", - "name": "fresh", - "version": "0.5.2", - "purl": "pkg:npm/fresh@0.5.2" - } - ] - } - ] - } - """ - ) - - # two builder images and the last one is from scratch - base_images_from_dockerfile_file.write_text( - "quay.io/mkosiarc_rhtap/single-container-app:f2566ab\nregistry.access.redhat.com/ubi8/ubi:latest\nscratch" - ) - base_images_digests_file.write_text( - "quay.io/mkosiarc_rhtap/single-container-app:f2566ab@sha256" - ":8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941\nregistry.access.redhat.com/ubi8/ubi" - ":latest@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac " - ) + sbom_file.write_text(json.dumps(input_sbom)) + parsed_dockerfile_file.write_text(json.dumps(parsed_dockerfile)) + base_images_digests_raw_file.write_text("\n".join(base_images_digests_lines)) # mock the parsed args, to avoid testing parse_args function mock_args = MagicMock() mock_args.sbom = sbom_file - mock_args.base_images_from_dockerfile = base_images_from_dockerfile_file - mock_args.base_images_digests = base_images_digests_file + mock_args.parsed_dockerfile = parsed_dockerfile_file + mock_args.base_images_digests = base_images_digests_raw_file mocker.patch("base_images_sbom_script.parse_args", return_value=mock_args) - main() + # mock datetime.now + mocker.patch( + "base_images_sbom_script._datetime_utc_now", + return_value=datetime.datetime(2024, 12, 9, 12, 0, 0, tzinfo=datetime.UTC), + ) - expected_output = { - "components": [ - { - "type": "container", - "name": "quay.io/mkosiarc_rhtap/single-container-app", - "purl": "pkg:oci/single-container-app@sha256" - ":8f99627e843e931846855c5d899901bf093f5093e613a92745696a26b5420941?repository_url=quay.io" - "/mkosiarc_rhtap/single-container-app", - "properties": [ - { - "name": "konflux:container:is_builder_image:for_stage", - "value": "0", - } - ], - }, - { - "type": "container", - "name": "registry.access.redhat.com/ubi8/ubi", - "purl": "pkg:oci/ubi@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac" - "?repository_url=registry.access.redhat.com/ubi8/ubi", - "properties": [ - { - "name": "konflux:container:is_builder_image:for_stage", - "value": "1", - } - ], - }, - ] - } + if not isinstance(expect_result, Exception): + main() + + with sbom_file.open("r") as f: + sbom = json.load(f) - with sbom_file.open("r") as f: - sbom = json.load(f) + assert sbom == expect_result - # we are appending an item to the formulation key, so it should be at the end - assert expected_output == sbom["formulation"][-1] + else: + with pytest.raises(type(expect_result), match=str(expect_result)): + main() @pytest.mark.parametrize( @@ -679,8 +1214,7 @@ def test_main_input_sbom_contains_formulation(tmp_path, mocker): [ # basic example ( - "registry.access.redhat.com/ubi8/ubi:latest@sha256" - ":627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", + "registry.access.redhat.com/ubi8/ubi:latest@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", ParsedImage( repository="registry.access.redhat.com/ubi8/ubi", digest="sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", @@ -689,8 +1223,7 @@ def test_main_input_sbom_contains_formulation(tmp_path, mocker): ), # missing tag ( - "registry.access.redhat.com/ubi8/ubi:@sha256" - ":627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", + "registry.access.redhat.com/ubi8/ubi:@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", ParsedImage( repository="registry.access.redhat.com/ubi8/ubi", digest="sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", @@ -699,8 +1232,7 @@ def test_main_input_sbom_contains_formulation(tmp_path, mocker): ), # registry with port ( - "some_registry_with_port:5000/ubi8/ubi:latest@sha256" - ":627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", + "some_registry_with_port:5000/ubi8/ubi:latest@sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", ParsedImage( repository="some_registry_with_port:5000/ubi8/ubi", digest="sha256:627867e53ad6846afba2dfbf5cef1d54c868a9025633ef0afd546278d4654eac", @@ -709,8 +1241,7 @@ def test_main_input_sbom_contains_formulation(tmp_path, mocker): ), # multiple path components ( - "quay.io/redhat-user-workloads/rh-acs-tenant/acs/collector:358b6cfb019e436d1fa61a09fcca04e081e1c993" - "@sha256:8e5d62b32a5bb6d73ca7f54941f00ee8807563ddcb424660894dea85ed1f109d", + "quay.io/redhat-user-workloads/rh-acs-tenant/acs/collector:358b6cfb019e436d1fa61a09fcca04e081e1c993@sha256:8e5d62b32a5bb6d73ca7f54941f00ee8807563ddcb424660894dea85ed1f109d", ParsedImage( repository="quay.io/redhat-user-workloads/rh-acs-tenant/acs/collector", digest="sha256:8e5d62b32a5bb6d73ca7f54941f00ee8807563ddcb424660894dea85ed1f109d", @@ -722,3 +1253,183 @@ def test_main_input_sbom_contains_formulation(tmp_path, mocker): def test_parse_image_reference_to_parts(image, expected_parsed_image): parsed_image = parse_image_reference_to_parts(image) assert parsed_image == expected_parsed_image + + +@pytest.mark.parametrize( + "parsed_dockerfile, expected_base_images", + [ + # basic example + # FROM quay.io/mkosiarc_rhtap/single-container-app:f2566ab + # ... + # FROM registry.access.redhat.com/ubi8/ubi:latest + # ... + ( + { + "Stages": [ + { + "BaseName": "quay.io/mkosiarc_rhtap/single-container-app:f2566ab", + "From": {"Image": "quay.io/mkosiarc_rhtap/single-container-app:f2566ab"}, + }, + { + "BaseName": "registry.access.redhat.com/ubi8/ubi:latest", + "From": {"Image": "registry.access.redhat.com/ubi8/ubi:latest"}, + }, + ] + }, + [ + "quay.io/mkosiarc_rhtap/single-container-app:f2566ab", + "registry.access.redhat.com/ubi8/ubi:latest", + ], + ), + # basic example with scratch stage + # FROM quay.io/mkosiarc_rhtap/single-container-app:f2566ab + # ... + # FROM registry.access.redhat.com/ubi8/ubi:latest + # ... + # FROM scratch + # ... + ( + { + "Stages": [ + { + "BaseName": "quay.io/mkosiarc_rhtap/single-container-app:f2566ab", + "From": {"Image": "quay.io/mkosiarc_rhtap/single-container-app:f2566ab"}, + }, + { + "BaseName": "registry.access.redhat.com/ubi8/ubi:latest", + "From": {"Image": "registry.access.redhat.com/ubi8/ubi:latest"}, + }, + {"BaseName": "scratch", "From": {"Scratch": True}}, + ] + }, + [ + "quay.io/mkosiarc_rhtap/single-container-app:f2566ab", + "registry.access.redhat.com/ubi8/ubi:latest", + "scratch", + ], + ), + # just from scratch + ( + { + "Stages": [ + {"BaseName": "scratch", "From": {"Scratch": True}}, + ] + }, + [ + "scratch", + ], + ), + # Multiple images which are reused, including two scratch stages and two oci-archive stages + # FROM quay.io/mkosiarc_rhtap/single-container-app:f2566ab + # ... + # FROM scratch + # ... + # FROM quay.io/mkosiarc_rhtap/single-container-app:f2566ab + # ... + # FROM oci-archive:export/out.ociarchive + # ... + # FROM registry.access.redhat.com/ubi8/ubi:latest + # ... + # FROM scratch + # ... + # FROM oci-archive:export/out.ociarchive + # ... + ( + { + "Stages": [ + { + "BaseName": "quay.io/mkosiarc_rhtap/single-container-app:f2566ab", + "From": {"Image": "quay.io/mkosiarc_rhtap/single-container-app:f2566ab"}, + }, + {"BaseName": "scratch", "From": {"Scratch": True}}, + { + "BaseName": "quay.io/mkosiarc_rhtap/single-container-app:f2566ab", + "From": {"Image": "quay.io/mkosiarc_rhtap/single-container-app:f2566ab"}, + }, + { + "BaseName": "oci-archive:export/out.ociarchive", + "From": {"Image": "oci-archive:export/out.ociarchive"}, + }, + { + "BaseName": "registry.access.redhat.com/ubi8/ubi:latest", + "From": {"Image": "registry.access.redhat.com/ubi8/ubi:latest"}, + }, + {"BaseName": "scratch", "From": {"Scratch": True}}, + { + "BaseName": "oci-archive:export/out.ociarchive", + "From": {"Image": "oci-archive:export/out.ociarchive"}, + }, + ] + }, + [ + "quay.io/mkosiarc_rhtap/single-container-app:f2566ab", + "scratch", + "quay.io/mkosiarc_rhtap/single-container-app:f2566ab", + "oci-archive:export/out.ociarchive", + "registry.access.redhat.com/ubi8/ubi:latest", + "scratch", + "oci-archive:export/out.ociarchive", + ], + ), + # alias/named stage, so something like + # FROM registry.access.redhat.com/ubi8/ubi:latest as builder + # ... + # FROM builder + # ... + ( + { + "Stages": [ + { + "BaseName": "registry.access.redhat.com/ubi8/ubi:latest", + "As": "builder", + "From": {"Image": "registry.access.redhat.com/ubi8/ubi:latest"}, + }, + { + "BaseName": "builder", + "From": {"Stage": {"Named": "builder", "Index": 0}}, + }, + ] + }, + [ + "registry.access.redhat.com/ubi8/ubi:latest", + "registry.access.redhat.com/ubi8/ubi:latest", + ], + ), + # alias to an alias, so something like + # FROM registry.access.redhat.com/ubi8/ubi:latest as builder + # ... + # FROM builder as stage1 + # ... + # FROM stage1 as stage2 + # ... + ( + { + "Stages": [ + { + "BaseName": "registry.access.redhat.com/ubi8/ubi:latest", + "As": "builder", + "From": {"Image": "registry.access.redhat.com/ubi8/ubi:latest"}, + }, + { + "BaseName": "builder", + "As": "stage1", + "From": {"Stage": {"Named": "builder", "Index": 0}}, + }, + { + "BaseName": "stage1", + "As": "stage2", + "From": {"Stage": {"Named": "stage1", "Index": 1}}, + }, + ] + }, + [ + "registry.access.redhat.com/ubi8/ubi:latest", + "registry.access.redhat.com/ubi8/ubi:latest", + "registry.access.redhat.com/ubi8/ubi:latest", + ], + ), + ], +) +def test_get_base_images_from_dockerfile(parsed_dockerfile, expected_base_images): + actual_base_images = get_base_images_from_dockerfile(parsed_dockerfile) + assert actual_base_images == expected_base_images diff --git a/sbom-utility-scripts/scripts/base-images-sbom-script/app/tox.ini b/sbom-utility-scripts/scripts/base-images-sbom-script/app/tox.ini index 846a495..d1cc7ae 100644 --- a/sbom-utility-scripts/scripts/base-images-sbom-script/app/tox.ini +++ b/sbom-utility-scripts/scripts/base-images-sbom-script/app/tox.ini @@ -2,14 +2,19 @@ env_list = flake8,black,test [testenv:test] +basepython = 3.12 deps = -r requirements-test.txt -r requirements.txt commands = pytest test_base_images_sbom_script.py [testenv:flake8] deps = flake8 -commands = flake8 --max-line-length 120 base_images_sbom_script.py test_base_images_sbom_script.py +commands = flake8 base_images_sbom_script.py test_base_images_sbom_script.py [testenv:black] deps = black commands = black --line-length 120 --check --diff . + +[flake8] +# line-length check is useless since we have auto-formatting +extend-ignore = E501 diff --git a/sbom-utility-scripts/scripts/create_purl_sbom.py b/sbom-utility-scripts/scripts/create_purl_sbom.py deleted file mode 100644 index bb22db5..0000000 --- a/sbom-utility-scripts/scripts/create_purl_sbom.py +++ /dev/null @@ -1,10 +0,0 @@ -import json - -with open("./sbom-cyclonedx.json") as f: - cyclonedx_sbom = json.load(f) - -purls = [{"purl": component["purl"]} for component in cyclonedx_sbom.get("components", []) if "purl" in component] -purl_content = {"image_contents": {"dependencies": purls}} - -with open("sbom-purl.json", "w") as output_file: - json.dump(purl_content, output_file, indent=4) diff --git a/sbom-utility-scripts/scripts/index-image-sbom-script/tox.ini b/sbom-utility-scripts/scripts/index-image-sbom-script/tox.ini index 3a0a1b5..bb77f80 100644 --- a/sbom-utility-scripts/scripts/index-image-sbom-script/tox.ini +++ b/sbom-utility-scripts/scripts/index-image-sbom-script/tox.ini @@ -2,6 +2,7 @@ env_list = flake8,black,test [testenv:test] +basepython = 3.12 deps = -r requirements-test.txt -r requirements.txt commands = pytest -s -vv test_image_index_sbom_script.py diff --git a/sbom-utility-scripts/scripts/merge-cachi2-sboms-script/merge_cachi2_sboms.py b/sbom-utility-scripts/scripts/merge-cachi2-sboms-script/merge_cachi2_sboms.py deleted file mode 100644 index 3473862..0000000 --- a/sbom-utility-scripts/scripts/merge-cachi2-sboms-script/merge_cachi2_sboms.py +++ /dev/null @@ -1,180 +0,0 @@ -#!/usr/bin/env python3 -import json -from argparse import ArgumentParser -from typing import Any, Callable -from urllib.parse import quote_plus, urlsplit - - -def _is_syft_local_golang_component(component: dict) -> bool: - """ - Check if a Syft Golang reported component is a local replacement. - - Local replacements are reported in a very different way by Cachi2, which is why the same - reports by Syft should be removed. - """ - return component.get("purl", "").startswith("pkg:golang") and ( - component.get("name", "").startswith(".") or component.get("version", "") == "(devel)" - ) - - -def _is_cachi2_non_registry_dependency(component: dict) -> bool: - """ - Check if Cachi2 component was fetched from a VCS or a direct file location. - - Cachi2 reports non-registry components in a different way from Syft, so the reports from - Syft need to be removed. - - Unfortunately, there's no way to determine which components are non-registry by looking - at the Syft report alone. This function is meant to create a list of non-registry components - from Cachi2's SBOM, then remove the corresponding ones reported by Syft for the merged SBOM. - - Note that this function is only applicable for PyPI or NPM components. - """ - purl = component.get("purl", "") - - return (purl.startswith("pkg:pypi") or purl.startswith("pkg:npm")) and ( - "vcs_url=" in purl or "download_url=" in purl - ) - - -def _unique_key_cachi2(component: dict) -> str: - """ - Create a unique key from Cachi2 reported components. - - This is done by taking a purl and removing any qualifiers and subpaths. - - See https://github.com/package-url/purl-spec/tree/master#purl for more info on purls. - """ - url = urlsplit(component["purl"]) - return url.scheme + ":" + url.path - - -def _unique_key_syft(component: dict) -> str: - """ - Create a unique key for Syft reported components. - - This is done by taking a lowercase namespace/name, and URL encoding the version. - - Syft does not set any qualifier for NPM, Pip or Golang, so there's no need to remove them - as done in _unique_key_cachi2. - - If a Syft component lacks a purl (e.g. type OS), we'll use its name and version instead. - """ - if "purl" not in component: - return component.get("name", "") + "@" + component.get("version", "") - - if "@" in component["purl"]: - name, version = component["purl"].split("@") - - if name.startswith("pkg:pypi"): - name = name.lower() - - if name.startswith("pkg:golang"): - version = quote_plus(version) - - return f"{name}@{version}" - else: - return component["purl"] - - -def _get_syft_component_filter(cachi_sbom_components: list[dict[str, Any]]) -> Callable: - """ - Get a function that filters out Syft components for the merged SBOM. - - This function currently considers a Syft component as a duplicate/removable if: - - it has the same key as a Cachi2 component - - it is a local Golang replacement - - is a non-registry component also reported by Cachi2 - - Note that for the last bullet, we can only rely on the Pip dependency's name to find a - duplicate. This is because Cachi2 does not report a non-PyPI Pip dependency's version. - - Even though multiple versions of a same dependency can be available in the same project, - we are removing all Syft instances by name only because Cachi2 will report them correctly, - given that it scans all the source code properly and the image is built hermetically. - """ - cachi2_non_registry_components = [ - component["name"] for component in cachi_sbom_components if _is_cachi2_non_registry_dependency(component) - ] - - cachi2_indexed_components = {_unique_key_cachi2(component): component for component in cachi_sbom_components} - - def is_duplicate_non_registry_component(component: dict[str, Any]) -> bool: - return component["name"] in cachi2_non_registry_components - - def component_is_duplicated(component: dict[str, Any]) -> bool: - key = _unique_key_syft(component) - - return ( - _is_syft_local_golang_component(component) - or is_duplicate_non_registry_component(component) - or key in cachi2_indexed_components.keys() - ) - - return component_is_duplicated - - -def _merge_tools_metadata(syft_sbom: dict[Any, Any], cachi2_sbom: dict[Any, Any]) -> None: - """Merge the content of tools in the metadata section of the SBOM. - - With CycloneDX 1.5, a new format for specifying tools was introduced, and the format from 1.4 - was marked as deprecated. - - This function aims to support both formats in the Syft SBOM. We're assuming the Cachi2 SBOM - was generated with the same version as this script, and it will be in the older format. - """ - syft_tools = syft_sbom["metadata"]["tools"] - cachi2_tools = cachi2_sbom["metadata"]["tools"] - - if isinstance(syft_tools, dict): - components = [] - - for t in cachi2_tools: - components.append( - { - "author": t["vendor"], - "name": t["name"], - "type": "application", - } - ) - - syft_tools["components"].extend(components) - elif isinstance(syft_tools, list): - syft_tools.extend(cachi2_tools) - else: - raise RuntimeError( - "The .metadata.tools JSON key is in an unexpected format. " - f"Expected dict or list, got {type(syft_tools)}." - ) - - -def merge_sboms(cachi2_sbom_path: str, syft_sbom_path: str) -> str: - """Merge Cachi2 components into the Syft SBOM while removing duplicates.""" - with open(cachi2_sbom_path) as file: - cachi2_sbom = json.load(file) - - with open(syft_sbom_path) as file: - syft_sbom = json.load(file) - - is_duplicate_component = _get_syft_component_filter(cachi2_sbom["components"]) - - filtered_syft_components = [c for c in syft_sbom.get("components", []) if not is_duplicate_component(c)] - - syft_sbom["components"] = filtered_syft_components + cachi2_sbom["components"] - - _merge_tools_metadata(syft_sbom, cachi2_sbom) - - return json.dumps(syft_sbom, indent=2) - - -if __name__ == "__main__": - parser = ArgumentParser() - - parser.add_argument("cachi2_sbom_path") - parser.add_argument("syft_sbom_path") - - args = parser.parse_args() - - merged_sbom = merge_sboms(args.cachi2_sbom_path, args.syft_sbom_path) - - print(merged_sbom) diff --git a/sbom-utility-scripts/scripts/merge-cachi2-sboms-script/test_data/cachi2.bom.json b/sbom-utility-scripts/scripts/merge-cachi2-sboms-script/test_data/cachi2.bom.json deleted file mode 100644 index 846f639..0000000 --- a/sbom-utility-scripts/scripts/merge-cachi2-sboms-script/test_data/cachi2.bom.json +++ /dev/null @@ -1,227 +0,0 @@ -{ - "bomFormat": "CycloneDX", - "components": [ - { - "name": "aiowsgi", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "version": "0.8", - "purl": "pkg:pypi/aiowsgi@0.8", - "type": "library" - }, - { - "name": "appr", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "purl": "pkg:pypi/appr?checksum=sha256:ee6a0a38bed8cff46a562ed3620bc453141a02262ab0c8dd055824af2829ee5c&download_url=https://github.com/quay/appr/archive/37ff9a487a54ad41b59855ecd76ee092fe206a84.zip", - "type": "library" - }, - { - "name": "archive/tar", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "purl": "pkg:golang/archive/tar?type=package", - "type": "library" - }, - { - "name": "cachi2", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "version": "0.0.1", - "purl": "pkg:pypi/cachi2@0.0.1?vcs_url=git%2Bssh://git%40github.com/containerbuildsystem/cachi2%40fc0d6079c2dc9b2a491c0848e550ad3509986110", - "type": "library" - }, - { - "name": "cachito-npm-without-deps", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "purl": "pkg:npm/cachito-npm-without-deps?vcs_url=git%2Bhttps://github.com/cachito-testing/cachito-npm-without-deps.git%402f0ce1d7b1f8b35572d919428b965285a69583f6", - "type": "library" - }, - { - "name": "code.gitea.io/sdk/gitea", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "version": "v0.15.1", - "purl": "pkg:golang/code.gitea.io/sdk/gitea@v0.15.1?type=module", - "type": "library" - }, - { - "name": "code.gitea.io/sdk/gitea", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "version": "v0.15.1", - "purl": "pkg:golang/code.gitea.io/sdk/gitea@v0.15.1?type=package", - "type": "library" - }, - { - "name": "fecha", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "purl": "pkg:npm/fecha?checksum=sha512:8ae71e98d68e38e1f6e4c629187684dd85e4dc96647c7219b1dd189598ea52865e947f0ad94a7001fa8fb5eccf58467fe34ad10066e831af3374120134604bd5&download_url=https://github.com/taylorhakes/fecha/archive/91680e4db1415fea33eac878cfd889c80a7b55c7.tar.gz", - "type": "library" - }, - { - "name": "github.com/docker/cli/cli/config", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "version": "v23.0.0-rc.3+incompatible", - "purl": "pkg:golang/github.com/docker/cli/cli/config@v23.0.0-rc.3%2Bincompatible?type=package", - "type": "library" - }, - { - "name": "github.com/docker/cli", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "version": "v23.0.0-rc.3+incompatible", - "purl": "pkg:golang/github.com/docker/cli@v23.0.0-rc.3%2Bincompatible?type=module", - "type": "library" - }, - { - "name": "knative.dev/pkg/metrics", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "version": "v0.0.0-20230125083639-408ad0773f47", - "purl": "pkg:golang/knative.dev/pkg/metrics@v0.0.0-20230125083639-408ad0773f47?type=package", - "type": "library" - }, - { - "name": "knative.dev/pkg", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "version": "v0.0.0-20230125083639-408ad0773f47", - "purl": "pkg:golang/knative.dev/pkg@v0.0.0-20230125083639-408ad0773f47?type=module", - "type": "library" - }, - { - "name": "github.com/redhat-appstudio/build-service", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "version": "v0.0.0-20230503110830-d1a9e858489d", - "purl": "pkg:golang/github.com/redhat-appstudio/build-service@v0.0.0-20230503110830-d1a9e858489d?type=module", - "type": "library" - }, - { - "name": "github.com/redhat-appstudio/build-service", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "version": "v0.0.0-20230503110830-d1a9e858489d", - "purl": "pkg:golang/github.com/redhat-appstudio/build-service@v0.0.0-20230503110830-d1a9e858489d?type=package", - "type": "library" - }, - { - "name": "github.com/cachito-testing/gomod-pandemonium/terminaltor", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "version": "v1.0.0", - "purl": "pkg:golang/github.com/cachito-testing/gomod-pandemonium/terminaltor@v1.0.0?type=module", - "type": "library" - }, - { - "name": "github.com/cachito-testing/gomod-pandemonium/terminaltor", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "version": "v1.0.0", - "purl": "pkg:golang/github.com/cachito-testing/gomod-pandemonium/terminaltor@v1.0.0?type=package", - "type": "library" - }, - { - "name": "PyYAML", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "version": "6.0", - "purl": "pkg:pypi/pyyaml@6.0", - "type": "library" - }, - { - "name": "test_package_cachi2", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "version": "1.0.0", - "purl": "pkg:pypi/test-package-cachi2@1.0.0?vcs_url=git%2Bssh://git%40github.com/brunoapimentel/pip-e2e-test.git%40294df352deed835cf703ae8a799926418ae5fd3b", - "type": "library" - } - ], - "metadata": { - "tools": [ - { - "vendor": "red hat", - "name": "cachi2" - } - ] - }, - "specVersion": "1.4", - "version": 1 -} diff --git a/sbom-utility-scripts/scripts/merge-cachi2-sboms-script/test_data/merged.bom.json b/sbom-utility-scripts/scripts/merge-cachi2-sboms-script/test_data/merged.bom.json deleted file mode 100644 index dc876ce..0000000 --- a/sbom-utility-scripts/scripts/merge-cachi2-sboms-script/test_data/merged.bom.json +++ /dev/null @@ -1,327 +0,0 @@ -{ - "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", - "bomFormat": "CycloneDX", - "specVersion": "1.5", - "serialNumber": "urn:uuid:4370d1ba-7643-4579-8313-bc715da2fa90", - "version": 1, - "metadata": { - "timestamp": "2023-05-03T18:19:41Z", - "tools": { - "components": [ - { - "type": "application", - "author": "anchore", - "name": "syft", - "version": "0.100.0" - }, - { - "type": "application", - "author": "red hat", - "name": "cachi2" - } - ] - }, - "component": { - "bom-ref": "6b8edfe5f2756e0", - "type": "file", - "name": "/var/lib/containers/storage/vfs/dir/517aef0ffe20db360d19aa475dbbfbe03f452f53403881a31f9a475c83af788b" - } - }, - "components": [ - { - "bom-ref": "pkg:rpm/rhel/bash@4.4.20-4.el8_6?arch=x86_64&upstream=bash-4.4.20-4.el8_6.src.rpm&distro=rhel-8.7&package-id=5b17560161ffa050", - "type": "library", - "publisher": "Red Hat, Inc.", - "name": "bash", - "version": "4.4.20-4.el8_6", - "cpe": "cpe:2.3:a:redhat:bash:4.4.20-4.el8_6:*:*:*:*:*:*:*", - "purl": "pkg:rpm/rhel/bash@4.4.20-4.el8_6?arch=x86_64&upstream=bash-4.4.20-4.el8_6.src.rpm&distro=rhel-8.7", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "rpmdb-cataloger" - }, - { - "name": "syft:package:metadataType", - "value": "RpmdbMetadata" - }, - { - "name": "syft:package:type", - "value": "rpm" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:bash:bash:4.4.20-4.el8_6:*:*:*:*:*:*:*" - }, - { - "name": "syft:location:0:path", - "value": "var/lib/rpm/Packages" - }, - { - "name": "syft:metadata:release", - "value": "4.el8_6" - }, - { - "name": "syft:metadata:size", - "value": "6861444" - }, - { - "name": "syft:metadata:sourceRpm", - "value": "bash-4.4.20-4.el8_6.src.rpm" - } - ] - }, - { - "type": "operating-system", - "name": "rhel", - "version": "8.7", - "description": "Red Hat Enterprise Linux 8.7 (Ootpa)", - "cpe": "cpe:/o:redhat:enterprise_linux:8::baseos", - "swid": { - "tagId": "rhel", - "name": "rhel", - "version": "8.7" - }, - "externalReferences": [ - { - "url": "https://bugzilla.redhat.com/", - "type": "issue-tracker" - }, - { - "url": "https://www.redhat.com/", - "type": "website" - } - ], - "properties": [ - { - "name": "syft:distro:id", - "value": "rhel" - }, - { - "name": "syft:distro:idLike:0", - "value": "fedora" - }, - { - "name": "syft:distro:prettyName", - "value": "Red Hat Enterprise Linux 8.7 (Ootpa)" - }, - { - "name": "syft:distro:versionID", - "value": "8.7" - } - ] - }, - { - "name": "aiowsgi", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "version": "0.8", - "purl": "pkg:pypi/aiowsgi@0.8", - "type": "library" - }, - { - "name": "appr", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "purl": "pkg:pypi/appr?checksum=sha256:ee6a0a38bed8cff46a562ed3620bc453141a02262ab0c8dd055824af2829ee5c&download_url=https://github.com/quay/appr/archive/37ff9a487a54ad41b59855ecd76ee092fe206a84.zip", - "type": "library" - }, - { - "name": "archive/tar", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "purl": "pkg:golang/archive/tar?type=package", - "type": "library" - }, - { - "name": "cachi2", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "version": "0.0.1", - "purl": "pkg:pypi/cachi2@0.0.1?vcs_url=git%2Bssh://git%40github.com/containerbuildsystem/cachi2%40fc0d6079c2dc9b2a491c0848e550ad3509986110", - "type": "library" - }, - { - "name": "cachito-npm-without-deps", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "purl": "pkg:npm/cachito-npm-without-deps?vcs_url=git%2Bhttps://github.com/cachito-testing/cachito-npm-without-deps.git%402f0ce1d7b1f8b35572d919428b965285a69583f6", - "type": "library" - }, - { - "name": "code.gitea.io/sdk/gitea", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "version": "v0.15.1", - "purl": "pkg:golang/code.gitea.io/sdk/gitea@v0.15.1?type=module", - "type": "library" - }, - { - "name": "code.gitea.io/sdk/gitea", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "version": "v0.15.1", - "purl": "pkg:golang/code.gitea.io/sdk/gitea@v0.15.1?type=package", - "type": "library" - }, - { - "name": "fecha", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "purl": "pkg:npm/fecha?checksum=sha512:8ae71e98d68e38e1f6e4c629187684dd85e4dc96647c7219b1dd189598ea52865e947f0ad94a7001fa8fb5eccf58467fe34ad10066e831af3374120134604bd5&download_url=https://github.com/taylorhakes/fecha/archive/91680e4db1415fea33eac878cfd889c80a7b55c7.tar.gz", - "type": "library" - }, - { - "name": "github.com/docker/cli/cli/config", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "version": "v23.0.0-rc.3+incompatible", - "purl": "pkg:golang/github.com/docker/cli/cli/config@v23.0.0-rc.3%2Bincompatible?type=package", - "type": "library" - }, - { - "name": "github.com/docker/cli", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "version": "v23.0.0-rc.3+incompatible", - "purl": "pkg:golang/github.com/docker/cli@v23.0.0-rc.3%2Bincompatible?type=module", - "type": "library" - }, - { - "name": "knative.dev/pkg/metrics", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "version": "v0.0.0-20230125083639-408ad0773f47", - "purl": "pkg:golang/knative.dev/pkg/metrics@v0.0.0-20230125083639-408ad0773f47?type=package", - "type": "library" - }, - { - "name": "knative.dev/pkg", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "version": "v0.0.0-20230125083639-408ad0773f47", - "purl": "pkg:golang/knative.dev/pkg@v0.0.0-20230125083639-408ad0773f47?type=module", - "type": "library" - }, - { - "name": "github.com/redhat-appstudio/build-service", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "version": "v0.0.0-20230503110830-d1a9e858489d", - "purl": "pkg:golang/github.com/redhat-appstudio/build-service@v0.0.0-20230503110830-d1a9e858489d?type=module", - "type": "library" - }, - { - "name": "github.com/redhat-appstudio/build-service", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "version": "v0.0.0-20230503110830-d1a9e858489d", - "purl": "pkg:golang/github.com/redhat-appstudio/build-service@v0.0.0-20230503110830-d1a9e858489d?type=package", - "type": "library" - }, - { - "name": "github.com/cachito-testing/gomod-pandemonium/terminaltor", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "version": "v1.0.0", - "purl": "pkg:golang/github.com/cachito-testing/gomod-pandemonium/terminaltor@v1.0.0?type=module", - "type": "library" - }, - { - "name": "github.com/cachito-testing/gomod-pandemonium/terminaltor", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "version": "v1.0.0", - "purl": "pkg:golang/github.com/cachito-testing/gomod-pandemonium/terminaltor@v1.0.0?type=package", - "type": "library" - }, - { - "name": "PyYAML", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "version": "6.0", - "purl": "pkg:pypi/pyyaml@6.0", - "type": "library" - }, - { - "name": "test_package_cachi2", - "properties": [ - { - "name": "cachi2:found_by", - "value": "cachi2" - } - ], - "version": "1.0.0", - "purl": "pkg:pypi/test-package-cachi2@1.0.0?vcs_url=git%2Bssh://git%40github.com/brunoapimentel/pip-e2e-test.git%40294df352deed835cf703ae8a799926418ae5fd3b", - "type": "library" - } - ] -} diff --git a/sbom-utility-scripts/scripts/merge-cachi2-sboms-script/test_data/syft.bom.json b/sbom-utility-scripts/scripts/merge-cachi2-sboms-script/test_data/syft.bom.json deleted file mode 100644 index 6bf35bc..0000000 --- a/sbom-utility-scripts/scripts/merge-cachi2-sboms-script/test_data/syft.bom.json +++ /dev/null @@ -1,903 +0,0 @@ -{ - "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", - "bomFormat": "CycloneDX", - "specVersion": "1.5", - "serialNumber": "urn:uuid:4370d1ba-7643-4579-8313-bc715da2fa90", - "version": 1, - "metadata": { - "timestamp": "2023-05-03T18:19:41Z", - "tools": { - "components": [ - { - "type": "application", - "author": "anchore", - "name": "syft", - "version": "0.100.0" - } - ] - }, - "component": { - "bom-ref": "6b8edfe5f2756e0", - "type": "file", - "name": "/var/lib/containers/storage/vfs/dir/517aef0ffe20db360d19aa475dbbfbe03f452f53403881a31f9a475c83af788b" - } - }, - "components": [ - { - "bom-ref": "pkg:pypi/aiowsgi@0.8?package-id=3038521054a801b2", - "type": "library", - "author": "Gael Pasgrimaud ", - "name": "aiowsgi", - "version": "0.8", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "cpe": "cpe:2.3:a:gael_pasgrimaud:python-aiowsgi:0.8:*:*:*:*:*:*:*", - "purl": "pkg:pypi/aiowsgi@0.8", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "python-package-cataloger" - }, - { - "name": "syft:package:language", - "value": "python" - }, - { - "name": "syft:package:metadataType", - "value": "PythonPackageMetadata" - }, - { - "name": "syft:package:type", - "value": "python" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:gael_pasgrimaud:python_aiowsgi:0.8:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python-aiowsgi:python-aiowsgi:0.8:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python-aiowsgi:python_aiowsgi:0.8:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python_aiowsgi:python-aiowsgi:0.8:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python_aiowsgi:python_aiowsgi:0.8:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:gael_pasgrimaud:aiowsgi:0.8:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:aiowsgi:python-aiowsgi:0.8:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:aiowsgi:python_aiowsgi:0.8:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python-aiowsgi:aiowsgi:0.8:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python_aiowsgi:aiowsgi:0.8:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python:python-aiowsgi:0.8:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python:python_aiowsgi:0.8:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:gael:python-aiowsgi:0.8:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:gael:python_aiowsgi:0.8:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:aiowsgi:aiowsgi:0.8:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python:aiowsgi:0.8:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:gael:aiowsgi:0.8:*:*:*:*:*:*:*" - }, - { - "name": "syft:location:0:path", - "value": "opt/app-root/lib/python3.9/site-packages/aiowsgi-0.8.dist-info/METADATA" - }, - { - "name": "syft:location:1:path", - "value": "opt/app-root/lib/python3.9/site-packages/aiowsgi-0.8.dist-info/METADATA" - }, - { - "name": "syft:location:2:path", - "value": "opt/app-root/lib/python3.9/site-packages/aiowsgi-0.8.dist-info/RECORD" - }, - { - "name": "syft:location:3:path", - "value": "opt/app-root/lib/python3.9/site-packages/aiowsgi-0.8.dist-info/top_level.txt" - } - ] - }, - { - "bom-ref": "pkg:pypi/appr@0.7.4?package-id=86c12ef7e3e40483", - "type": "library", - "author": "Antoine Legrand <2t.antoine@gmail.com>", - "name": "appr", - "version": "0.7.4", - "cpe": "cpe:2.3:a:antoine_legrand:python-appr:0.7.4:*:*:*:*:*:*:*", - "purl": "pkg:pypi/appr@0.7.4", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "python-package-cataloger" - }, - { - "name": "syft:package:language", - "value": "python" - }, - { - "name": "syft:package:metadataType", - "value": "PythonPackageMetadata" - }, - { - "name": "syft:package:type", - "value": "python" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:antoine_legrand:python_appr:0.7.4:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python-appr:python-appr:0.7.4:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python-appr:python_appr:0.7.4:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python_appr:python-appr:0.7.4:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python_appr:python_appr:0.7.4:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:2t-antoine:python-appr:0.7.4:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:2t-antoine:python_appr:0.7.4:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:2t_antoine:python-appr:0.7.4:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:2t_antoine:python_appr:0.7.4:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:antoine_legrand:appr:0.7.4:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python:python-appr:0.7.4:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python:python_appr:0.7.4:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:appr:python-appr:0.7.4:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:appr:python_appr:0.7.4:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python-appr:appr:0.7.4:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python_appr:appr:0.7.4:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:2t-antoine:appr:0.7.4:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:2t_antoine:appr:0.7.4:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python:appr:0.7.4:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:appr:appr:0.7.4:*:*:*:*:*:*:*" - }, - { - "name": "syft:location:0:path", - "value": "opt/app-root/lib/python3.9/site-packages/appr-0.7.4-py3.9.egg-info/PKG-INFO" - }, - { - "name": "syft:location:1:path", - "value": "opt/app-root/lib/python3.9/site-packages/appr-0.7.4-py3.9.egg-info/PKG-INFO" - }, - { - "name": "syft:location:2:path", - "value": "opt/app-root/lib/python3.9/site-packages/appr-0.7.4-py3.9.egg-info/top_level.txt" - } - ] - }, - { - "bom-ref": "pkg:rpm/rhel/bash@4.4.20-4.el8_6?arch=x86_64&upstream=bash-4.4.20-4.el8_6.src.rpm&distro=rhel-8.7&package-id=5b17560161ffa050", - "type": "library", - "publisher": "Red Hat, Inc.", - "name": "bash", - "version": "4.4.20-4.el8_6", - "cpe": "cpe:2.3:a:redhat:bash:4.4.20-4.el8_6:*:*:*:*:*:*:*", - "purl": "pkg:rpm/rhel/bash@4.4.20-4.el8_6?arch=x86_64&upstream=bash-4.4.20-4.el8_6.src.rpm&distro=rhel-8.7", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "rpmdb-cataloger" - }, - { - "name": "syft:package:metadataType", - "value": "RpmdbMetadata" - }, - { - "name": "syft:package:type", - "value": "rpm" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:bash:bash:4.4.20-4.el8_6:*:*:*:*:*:*:*" - }, - { - "name": "syft:location:0:path", - "value": "var/lib/rpm/Packages" - }, - { - "name": "syft:metadata:release", - "value": "4.el8_6" - }, - { - "name": "syft:metadata:size", - "value": "6861444" - }, - { - "name": "syft:metadata:sourceRpm", - "value": "bash-4.4.20-4.el8_6.src.rpm" - } - ] - }, - { - "bom-ref": "pkg:pypi/cachi2@0.0.post1+gdfd2180.d20230704?package-id=d6b54ce4d7c02efb", - "type": "library", - "name": "cachi2", - "version": "0.0.post1+gdfd2180.d20230704", - "cpe": "cpe:2.3:a:python-cachi2:python-cachi2:0.0.post1\\+gdfd2180.d20230704:*:*:*:*:*:*:*", - "purl": "pkg:pypi/cachi2@0.0.post1+gdfd2180.d20230704", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "python-package-cataloger" - }, - { - "name": "syft:package:language", - "value": "python" - }, - { - "name": "syft:package:metadataType", - "value": "PythonPackageMetadata" - }, - { - "name": "syft:package:type", - "value": "python" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python-cachi2:python_cachi2:0.0.post1\\+gdfd2180.d20230704:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python_cachi2:python-cachi2:0.0.post1\\+gdfd2180.d20230704:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python_cachi2:python_cachi2:0.0.post1\\+gdfd2180.d20230704:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:cachi2:python-cachi2:0.0.post1\\+gdfd2180.d20230704:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:cachi2:python_cachi2:0.0.post1\\+gdfd2180.d20230704:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python-cachi2:cachi2:0.0.post1\\+gdfd2180.d20230704:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python:python-cachi2:0.0.post1\\+gdfd2180.d20230704:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python:python_cachi2:0.0.post1\\+gdfd2180.d20230704:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python_cachi2:cachi2:0.0.post1\\+gdfd2180.d20230704:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:cachi2:cachi2:0.0.post1\\+gdfd2180.d20230704:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python:cachi2:0.0.post1\\+gdfd2180.d20230704:*:*:*:*:*:*:*" - }, - { - "name": "syft:location:0:path", - "value": "src/cachi2.egg-info/PKG-INFO" - }, - { - "name": "syft:location:1:path", - "value": "src/cachi2.egg-info/top_level.txt" - } - ] - }, - { - "bom-ref": "pkg:npm/cachito-npm-without-deps%40git+https:/github.com/cachito-testing/cachito-npm-without-deps.git%232f0ce1d7b1f8b35572d919428b965285a69583f6?package-id=f381e97e072d545c", - "type": "library", - "name": "cachito-npm-without-deps", - "version": "git+https://github.com/cachito-testing/cachito-npm-without-deps.git#2f0ce1d7b1f8b35572d919428b965285a69583f6", - "cpe": "cpe:2.3:a:cachito-npm-without-deps:cachito-npm-without-deps:git\\+https\\:\\/\\/github.com\\/cachito-testing\\/cachito-npm-without-deps.git\\#2f0ce1d7b1f8b35572d919428b965285a69583f6:*:*:*:*:*:*:*", - "purl": "pkg:npm/cachito-npm-without-deps@git+https://github.com/cachito-testing/cachito-npm-without-deps.git%232f0ce1d7b1f8b35572d919428b965285a69583f6", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "javascript-lock-cataloger" - }, - { - "name": "syft:package:language", - "value": "javascript" - }, - { - "name": "syft:package:type", - "value": "npm" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:cachito-npm-without-deps:cachito_npm_without_deps:git\\+https\\:\\/\\/github.com\\/cachito-testing\\/cachito-npm-without-deps.git\\#2f0ce1d7b1f8b35572d919428b965285a69583f6:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:cachito_npm_without_deps:cachito-npm-without-deps:git\\+https\\:\\/\\/github.com\\/cachito-testing\\/cachito-npm-without-deps.git\\#2f0ce1d7b1f8b35572d919428b965285a69583f6:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:cachito_npm_without_deps:cachito_npm_without_deps:git\\+https\\:\\/\\/github.com\\/cachito-testing\\/cachito-npm-without-deps.git\\#2f0ce1d7b1f8b35572d919428b965285a69583f6:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:cachito-npm-without:cachito-npm-without-deps:git\\+https\\:\\/\\/github.com\\/cachito-testing\\/cachito-npm-without-deps.git\\#2f0ce1d7b1f8b35572d919428b965285a69583f6:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:cachito-npm-without:cachito_npm_without_deps:git\\+https\\:\\/\\/github.com\\/cachito-testing\\/cachito-npm-without-deps.git\\#2f0ce1d7b1f8b35572d919428b965285a69583f6:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:cachito_npm_without:cachito-npm-without-deps:git\\+https\\:\\/\\/github.com\\/cachito-testing\\/cachito-npm-without-deps.git\\#2f0ce1d7b1f8b35572d919428b965285a69583f6:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:cachito_npm_without:cachito_npm_without_deps:git\\+https\\:\\/\\/github.com\\/cachito-testing\\/cachito-npm-without-deps.git\\#2f0ce1d7b1f8b35572d919428b965285a69583f6:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:cachito-npm:cachito-npm-without-deps:git\\+https\\:\\/\\/github.com\\/cachito-testing\\/cachito-npm-without-deps.git\\#2f0ce1d7b1f8b35572d919428b965285a69583f6:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:cachito-npm:cachito_npm_without_deps:git\\+https\\:\\/\\/github.com\\/cachito-testing\\/cachito-npm-without-deps.git\\#2f0ce1d7b1f8b35572d919428b965285a69583f6:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:cachito_npm:cachito-npm-without-deps:git\\+https\\:\\/\\/github.com\\/cachito-testing\\/cachito-npm-without-deps.git\\#2f0ce1d7b1f8b35572d919428b965285a69583f6:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:cachito_npm:cachito_npm_without_deps:git\\+https\\:\\/\\/github.com\\/cachito-testing\\/cachito-npm-without-deps.git\\#2f0ce1d7b1f8b35572d919428b965285a69583f6:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:cachito:cachito-npm-without-deps:git\\+https\\:\\/\\/github.com\\/cachito-testing\\/cachito-npm-without-deps.git\\#2f0ce1d7b1f8b35572d919428b965285a69583f6:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:cachito:cachito_npm_without_deps:git\\+https\\:\\/\\/github.com\\/cachito-testing\\/cachito-npm-without-deps.git\\#2f0ce1d7b1f8b35572d919428b965285a69583f6:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:*:cachito-npm-without-deps:git\\+https\\:\\/\\/github.com\\/cachito-testing\\/cachito-npm-without-deps.git\\#2f0ce1d7b1f8b35572d919428b965285a69583f6:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:*:cachito_npm_without_deps:git\\+https\\:\\/\\/github.com\\/cachito-testing\\/cachito-npm-without-deps.git\\#2f0ce1d7b1f8b35572d919428b965285a69583f6:*:*:*:*:*:*:*" - }, - { - "name": "syft:location:0:path", - "value": "opt/app-root/src/package-lock.json" - } - ] - }, - { - "bom-ref": "pkg:golang/code.gitea.io/sdk/gitea@v0.15.1?package-id=bd0f7d1b7175ede9", - "type": "library", - "name": "code.gitea.io/sdk/gitea", - "version": "v0.15.1", - "cpe": "cpe:2.3:a:sdk:gitea:v0.15.1:*:*:*:*:*:*:*", - "purl": "pkg:golang/code.gitea.io/sdk/gitea@v0.15.1", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "go-module-binary-cataloger" - }, - { - "name": "syft:package:language", - "value": "go" - }, - { - "name": "syft:package:metadataType", - "value": "GolangBinMetadata" - }, - { - "name": "syft:package:type", - "value": "go-module" - }, - { - "name": "syft:location:0:path", - "value": "manager" - }, - { - "name": "syft:metadata:architecture", - "value": "amd64" - }, - { - "name": "syft:metadata:goCompiledVersion", - "value": "go1.18.4" - }, - { - "name": "syft:metadata:h1Digest", - "value": "h1:WJreC7YYuxbn0UDaPuWIe/mtiNKTvLN8MLkaw71yx/M=" - } - ] - }, - { - "bom-ref": "pkg:npm/fecha%40https:/github.com/taylorhakes/fecha/archive/91680e4db1415fea33eac878cfd889c80a7b55c7.tar.gz?package-id=b989ad78c681a9ab", - "type": "library", - "name": "fecha", - "version": "https://github.com/taylorhakes/fecha/archive/91680e4db1415fea33eac878cfd889c80a7b55c7.tar.gz", - "cpe": "cpe:2.3:a:fecha:fecha:https\\:\\/\\/github.com\\/taylorhakes\\/fecha\\/archive\\/91680e4db1415fea33eac878cfd889c80a7b55c7.tar.gz:*:*:*:*:*:*:*", - "purl": "pkg:npm/fecha@https://github.com/taylorhakes/fecha/archive/91680e4db1415fea33eac878cfd889c80a7b55c7.tar.gz", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "javascript-lock-cataloger" - }, - { - "name": "syft:package:language", - "value": "javascript" - }, - { - "name": "syft:package:type", - "value": "npm" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:*:fecha:https\\:\\/\\/github.com\\/taylorhakes\\/fecha\\/archive\\/91680e4db1415fea33eac878cfd889c80a7b55c7.tar.gz:*:*:*:*:*:*:*" - }, - { - "name": "syft:location:0:path", - "value": "opt/app-root/src/package-lock.json" - } - ] - }, - { - "bom-ref": "pkg:golang/github.com/docker/cli@v23.0.0-rc.3+incompatible?package-id=53a1b0df25cf6062", - "type": "library", - "name": "github.com/docker/cli", - "version": "v23.0.0-rc.3+incompatible", - "cpe": "cpe:2.3:a:docker:cli:v23.0.0-rc.3\\+incompatible:*:*:*:*:*:*:*", - "purl": "pkg:golang/github.com/docker/cli@v23.0.0-rc.3+incompatible", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "go-module-binary-cataloger" - }, - { - "name": "syft:package:language", - "value": "go" - }, - { - "name": "syft:package:metadataType", - "value": "GolangBinMetadata" - }, - { - "name": "syft:package:type", - "value": "go-module" - }, - { - "name": "syft:location:0:path", - "value": "manager" - }, - { - "name": "syft:metadata:architecture", - "value": "amd64" - }, - { - "name": "syft:metadata:goCompiledVersion", - "value": "go1.18.4" - }, - { - "name": "syft:metadata:h1Digest", - "value": "h1:OPrcUDrpApVrVZsZByISt51zID7HT0VxDKa/onvUzOo=" - } - ] - }, - { - "bom-ref": "pkg:golang/knative.dev/pkg@v0.0.0-20230125083639-408ad0773f47?package-id=d90b5a02ef9f5ceb", - "type": "library", - "name": "knative.dev/pkg", - "version": "v0.0.0-20230125083639-408ad0773f47", - "purl": "pkg:golang/knative.dev/pkg@v0.0.0-20230125083639-408ad0773f47", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "go-module-binary-cataloger" - }, - { - "name": "syft:package:language", - "value": "go" - }, - { - "name": "syft:package:metadataType", - "value": "GolangBinMetadata" - }, - { - "name": "syft:package:type", - "value": "go-module" - }, - { - "name": "syft:location:0:path", - "value": "manager" - }, - { - "name": "syft:metadata:architecture", - "value": "amd64" - }, - { - "name": "syft:metadata:goCompiledVersion", - "value": "go1.18.4" - }, - { - "name": "syft:metadata:h1Digest", - "value": "h1:zlRO7wXOHVYgKvsC3nIaYGqeQGlLJL8EIUY30Rh37Is=" - } - ] - }, - { - "bom-ref": "pkg:golang/./terminaltor?package-id=ead05afcd869908f", - "type": "library", - "name": "./terminaltor", - "purl": "pkg:golang/./terminaltor", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "go-mod-file-cataloger" - }, - { - "name": "syft:package:language", - "value": "go" - }, - { - "name": "syft:package:type", - "value": "go-module" - }, - { - "name": "syft:location:0:path", - "value": "opt/app-root/src/go.mod" - } - ] - }, - { - "bom-ref": "pkg:golang/./terminaltor@(devel)?package-id=f75768aa294abccc", - "type": "library", - "name": "./terminaltor", - "version": "(devel)", - "purl": "pkg:golang/./terminaltor@(devel)", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "go-module-binary-cataloger" - }, - { - "name": "syft:package:language", - "value": "go" - }, - { - "name": "syft:package:metadataType", - "value": "GolangBinMetadata" - }, - { - "name": "syft:package:type", - "value": "go-module" - }, - { - "name": "syft:location:0:path", - "value": "opt/app-root/src/main" - }, - { - "name": "syft:metadata:architecture", - "value": "amd64" - }, - { - "name": "syft:metadata:goCompiledVersion", - "value": "go1.18.9" - }, - { - "name": "syft:metadata:mainModule", - "value": "github.com/cachito-testing/gomod-pandemonium" - } - ] - }, - { - "bom-ref": "pkg:golang/github.com/redhat-appstudio/build-service@(devel)?package-id=2d30ce4decf63ac", - "type": "library", - "name": "github.com/redhat-appstudio/build-service", - "version": "(devel)", - "cpe": "cpe:2.3:a:redhat-appstudio:build-service:\\(devel\\):*:*:*:*:*:*:*", - "purl": "pkg:golang/github.com/redhat-appstudio/build-service@(devel)", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "go-module-binary-cataloger" - }, - { - "name": "syft:package:language", - "value": "go" - }, - { - "name": "syft:package:metadataType", - "value": "GolangBinMetadata" - }, - { - "name": "syft:package:type", - "value": "go-module" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat-appstudio:build_service:\\(devel\\):*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat_appstudio:build-service:\\(devel\\):*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat_appstudio:build_service:\\(devel\\):*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:build-service:\\(devel\\):*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:build_service:\\(devel\\):*:*:*:*:*:*:*" - }, - { - "name": "syft:location:0:path", - "value": "manager" - }, - { - "name": "syft:metadata:architecture", - "value": "amd64" - }, - { - "name": "syft:metadata:goCompiledVersion", - "value": "go1.18.4" - } - ] - }, - { - "bom-ref": "pkg:pypi/pyyaml@6.0?package-id=377756039bc8cd3d", - "type": "library", - "author": "Kirill Simonov ", - "name": "PyYAML", - "version": "6.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "cpe": "cpe:2.3:a:kirill_simonov:python-PyYAML:6.0:*:*:*:*:*:*:*", - "purl": "pkg:pypi/PyYAML@6.0", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "python-package-cataloger" - }, - { - "name": "syft:package:language", - "value": "python" - }, - { - "name": "syft:package:metadataType", - "value": "PythonPackageMetadata" - }, - { - "name": "syft:package:type", - "value": "python" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:kirill_simonov:python_PyYAML:6.0:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python-PyYAML:python-PyYAML:6.0:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python-PyYAML:python_PyYAML:6.0:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python_PyYAML:python-PyYAML:6.0:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python_PyYAML:python_PyYAML:6.0:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:kirill_simonov:PyYAML:6.0:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:PyYAML:python-PyYAML:6.0:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:PyYAML:python_PyYAML:6.0:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python-PyYAML:PyYAML:6.0:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python:python-PyYAML:6.0:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python:python_PyYAML:6.0:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python_PyYAML:PyYAML:6.0:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:xi:python-PyYAML:6.0:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:xi:python_PyYAML:6.0:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:PyYAML:PyYAML:6.0:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:python:PyYAML:6.0:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:xi:PyYAML:6.0:*:*:*:*:*:*:*" - }, - { - "name": "syft:location:0:path", - "value": "usr/local/lib64/python3.11/site-packages/PyYAML-6.0.dist-info/METADATA" - }, - { - "name": "syft:location:1:path", - "value": "usr/local/lib64/python3.11/site-packages/PyYAML-6.0.dist-info/RECORD" - }, - { - "name": "syft:location:2:path", - "value": "usr/local/lib64/python3.11/site-packages/PyYAML-6.0.dist-info/top_level.txt" - } - ] - }, - { - "type": "operating-system", - "name": "rhel", - "version": "8.7", - "description": "Red Hat Enterprise Linux 8.7 (Ootpa)", - "cpe": "cpe:/o:redhat:enterprise_linux:8::baseos", - "swid": { - "tagId": "rhel", - "name": "rhel", - "version": "8.7" - }, - "externalReferences": [ - { - "url": "https://bugzilla.redhat.com/", - "type": "issue-tracker" - }, - { - "url": "https://www.redhat.com/", - "type": "website" - } - ], - "properties": [ - { - "name": "syft:distro:id", - "value": "rhel" - }, - { - "name": "syft:distro:idLike:0", - "value": "fedora" - }, - { - "name": "syft:distro:prettyName", - "value": "Red Hat Enterprise Linux 8.7 (Ootpa)" - }, - { - "name": "syft:distro:versionID", - "value": "8.7" - } - ] - } - ] -} diff --git a/sbom-utility-scripts/scripts/merge-cachi2-sboms-script/test_merge_cachi2_sboms.py b/sbom-utility-scripts/scripts/merge-cachi2-sboms-script/test_merge_cachi2_sboms.py deleted file mode 100644 index b88c945..0000000 --- a/sbom-utility-scripts/scripts/merge-cachi2-sboms-script/test_merge_cachi2_sboms.py +++ /dev/null @@ -1,133 +0,0 @@ -import json -from pathlib import Path -from typing import Any - -import pytest - -from merge_cachi2_sboms import merge_sboms - -TOOLS_METADATA = { - "syft-cyclonedx-1.4": { - "name": "syft", - "vendor": "anchore", - "version": "0.47.0", - }, - "syft-cyclonedx-1.5": { - "type": "application", - "author": "anchore", - "name": "syft", - "version": "0.100.0", - }, - "cachi2-cyclonedx-1.4": { - "name": "cachi2", - "vendor": "red hat", - }, - "cachi2-cyclonedx-1.5": { - "type": "application", - "author": "red hat", - "name": "cachi2", - }, -} - - -@pytest.fixture -def data_dir() -> Path: - """Path to the directory for storing unit test data.""" - return Path(__file__).parent / "test_data" - - -def test_merge_sboms(data_dir: Path) -> None: - result = merge_sboms(f"{data_dir}/cachi2.bom.json", f"{data_dir}/syft.bom.json") - - with open(f"{data_dir}/merged.bom.json") as file: - expected_sbom = json.load(file) - - assert json.loads(result) == expected_sbom - - -@pytest.mark.parametrize( - "syft_tools_metadata, expected_result", - [ - ( - [TOOLS_METADATA["syft-cyclonedx-1.4"]], - [ - TOOLS_METADATA["syft-cyclonedx-1.4"], - TOOLS_METADATA["cachi2-cyclonedx-1.4"], - ], - ), - ( - { - "components": [TOOLS_METADATA["syft-cyclonedx-1.5"]], - }, - { - "components": [ - TOOLS_METADATA["syft-cyclonedx-1.5"], - TOOLS_METADATA["cachi2-cyclonedx-1.5"], - ], - }, - ), - ], -) -def test_merging_tools_metadata(syft_tools_metadata: str, expected_result: Any, tmpdir: Path) -> None: - syft_sbom = { - "bomFormat": "CycloneDX", - "specVersion": "1.5", - "metadata": { - "tools": syft_tools_metadata, - }, - "components": [], - } - - cachi2_sbom = { - "bomFormat": "CycloneDX", - "specVersion": "1.4", - "metadata": { - "tools": [TOOLS_METADATA["cachi2-cyclonedx-1.4"]], - }, - "components": [], - } - - syft_sbom_path = f"{tmpdir}/syft.bom.json" - cachi2_sbom_path = f"{tmpdir}/cachi2.bom.json" - - with open(syft_sbom_path, "w") as file: - json.dump(syft_sbom, file) - - with open(cachi2_sbom_path, "w") as file: - json.dump(cachi2_sbom, file) - - result = merge_sboms(cachi2_sbom_path, syft_sbom_path) - - assert json.loads(result)["metadata"]["tools"] == expected_result - - -def test_invalid_tools_format(tmpdir: Path) -> None: - syft_sbom = { - "bomFormat": "CycloneDX", - "specVersion": "1.5", - "metadata": { - "tools": "invalid", - }, - "components": [], - } - - cachi2_sbom = { - "bomFormat": "CycloneDX", - "specVersion": "1.4", - "metadata": { - "tools": [TOOLS_METADATA["cachi2-cyclonedx-1.4"]], - }, - "components": [], - } - - syft_sbom_path = f"{tmpdir}/syft.bom.json" - cachi2_sbom_path = f"{tmpdir}/cachi2.bom.json" - - with open(syft_sbom_path, "w") as file: - json.dump(syft_sbom, file) - - with open(cachi2_sbom_path, "w") as file: - json.dump(cachi2_sbom, file) - - with pytest.raises(RuntimeError): - merge_sboms(cachi2_sbom_path, syft_sbom_path) diff --git a/sbom-utility-scripts/scripts/merge-cachi2-sboms-script/tox.ini b/sbom-utility-scripts/scripts/merge-cachi2-sboms-script/tox.ini deleted file mode 100644 index db6ddad..0000000 --- a/sbom-utility-scripts/scripts/merge-cachi2-sboms-script/tox.ini +++ /dev/null @@ -1,15 +0,0 @@ -[tox] -env_list = flake8,black,test - -[testenv:test] -deps = -r requirements-test.txt -commands = pytest test_merge_cachi2_sboms.py - -[testenv:flake8] -deps = flake8 -commands = flake8 --max-line-length 120 merge_cachi2_sboms.py test_merge_cachi2_sboms.py - -[testenv:black] -deps = black -commands = black --line-length 120 --check --diff . - diff --git a/sbom-utility-scripts/scripts/merge-sboms-script/merge_sboms.py b/sbom-utility-scripts/scripts/merge-sboms-script/merge_sboms.py new file mode 100644 index 0000000..fa1ffcc --- /dev/null +++ b/sbom-utility-scripts/scripts/merge-sboms-script/merge_sboms.py @@ -0,0 +1,508 @@ +#!/usr/bin/env python3 +import functools +import itertools +import json +from argparse import ArgumentParser +from collections import defaultdict +from dataclasses import dataclass +from pathlib import Path +from typing import Any, Callable, Iterable, Literal, Protocol, Sequence +from urllib.parse import quote_plus + +from packageurl import PackageURL + + +def try_parse_purl(s: str) -> PackageURL | None: + try: + return PackageURL.from_string(s) + except ValueError: + return None + + +class SBOMItem(Protocol): + def id(self) -> str: ... + def name(self) -> str: ... + def version(self) -> str: ... + def purl(self) -> PackageURL | None: ... + def unwrap(self) -> dict[str, Any]: ... + + +def fallback_key(package: SBOMItem) -> str: + """Get the "fallback key" for a package that doesn't have a purl.""" + name = package.name() + version = package.version() + # name starts with "." or "/" -> the package probably represents a local directory + # that is a useless name, don't use it as the key + if name and not name.startswith((".", "/")): + return f"{name}@{version}" + return package.id() + + +@dataclass +class CDXComponent: + data: dict[str, Any] + + def id(self) -> str: + return self.data.get("bom-ref", "") + + def name(self) -> str: + return self.data["name"] + + def version(self) -> str: + return self.data.get("version") or "" + + def purl(self) -> PackageURL | None: + if purl_str := self.data.get("purl"): + return try_parse_purl(purl_str) + return None + + def unwrap(self) -> dict[str, Any]: + return self.data + + +def wrap_as_cdx(items: Iterable[dict[str, Any]]) -> list[CDXComponent]: + return list(map(CDXComponent, items)) + + +@dataclass +class SPDXPackage: + data: dict[str, Any] + + def id(self) -> str: + return self.data["SPDXID"] + + def name(self) -> str: + return self.data["name"] + + def version(self) -> str: + return self.data.get("versionInfo") or "" + + def purl(self) -> PackageURL | None: + purls = self.all_purls() + if len(purls) > 1: + raise ValueError(f"multiple purls for SPDX package: {', '.join(map(str, purls))}") + return purls[0] if purls else None + + def all_purls(self) -> list[PackageURL]: + purls = [ref["referenceLocator"] for ref in self.data.get("externalRefs", []) if ref["referenceType"] == "purl"] + return list(filter(None, map(try_parse_purl, purls))) + + def unwrap(self) -> dict[str, Any]: + return self.data + + +def wrap_as_spdx(items: list[dict[str, Any]]) -> list[SPDXPackage]: + return list(map(SPDXPackage, items)) + + +def _subpath_is_version(subpath: str) -> bool: + # pkg:golang/github.com/cachito-testing/gomod-pandemonium@v0.0.0#terminaltor -> subpath is a subpath + # pkg:golang/github.com/cachito-testing/retrodep@v2.1.1#v2 -> subpath is a version. Thanks, Syft. + return subpath.startswith("v") and subpath.removeprefix("v").isdecimal() + + +def _is_syft_local_golang_component(component: SBOMItem) -> bool: + """ + Check if a Syft Golang reported component is a local replacement. + + Local replacements are reported in a very different way by Cachi2, which is why the same + reports by Syft should be removed. + """ + purl = component.purl() + if not purl or purl.type != "golang": + return False + if (subpath := purl.subpath) and not _subpath_is_version(subpath): + return True + return component.name().startswith(".") or component.version() == "(devel)" + + +def _is_cachi2_non_registry_dependency(component: SBOMItem) -> bool: + """ + Check if Cachi2 component was fetched from a VCS or a direct file location. + + Cachi2 reports non-registry components in a different way from Syft, so the reports from + Syft need to be removed. + + Unfortunately, there's no way to determine which components are non-registry by looking + at the Syft report alone. This function is meant to create a list of non-registry components + from Cachi2's SBOM, then remove the corresponding ones reported by Syft for the merged SBOM. + + Note that this function is only applicable for PyPI or NPM components. + """ + purl = component.purl() + if not purl: + return False + + qualifiers = purl.qualifiers or {} + return purl.type in ("pypi", "npm") and ("vcs_url" in qualifiers or "download_url" in qualifiers) + + +def _unique_key_cachi2(component: SBOMItem) -> str: + """ + Create a unique key from Cachi2 reported components. + + This is done by taking a purl and removing any qualifiers and subpaths. + + See https://github.com/package-url/purl-spec/tree/master#purl for more info on purls. + """ + purl = component.purl() + if not purl: + return fallback_key(component) + return purl._replace(qualifiers=None, subpath=None).to_string() + + +def _unique_key_syft(component: SBOMItem) -> str: + """ + Create a unique key for Syft reported components. + + This is done by taking a lowercase namespace/name, and URL encoding the version. + + Syft does not set any qualifier for NPM, Pip or Golang, so there's no need to remove them + as done in _unique_key_cachi2. + + If a Syft component lacks a purl (e.g. type OS), we'll use its name and version instead. + """ + purl = component.purl() + if not purl: + return fallback_key(component) + + name = purl.name + version = purl.version + subpath = purl.subpath + + if purl.type == "pypi": + name = name.lower() + + if purl.type == "golang": + if version: + version = quote_plus(version) + if subpath and _subpath_is_version(subpath): + # put the module version where it belongs (in the module name) + name = f"{name}/{subpath}" + subpath = None + + return purl._replace(name=name, version=version, subpath=subpath).to_string() + + +def _get_syft_component_filter(cachi_sbom_components: Sequence[SBOMItem]) -> Callable[[SBOMItem], bool]: + """ + Get a function that filters out Syft components for the merged SBOM. + + This function currently considers a Syft component as a duplicate/removable if: + - it has the same key as a Cachi2 component + - it is a local Golang replacement + - is a non-registry component also reported by Cachi2 + + Note that for the last bullet, we can only rely on the Pip dependency's name to find a + duplicate. This is because Cachi2 does not report a non-PyPI Pip dependency's version. + + Even though multiple versions of a same dependency can be available in the same project, + we are removing all Syft instances by name only because Cachi2 will report them correctly, + given that it scans all the source code properly and the image is built hermetically. + """ + cachi2_non_registry_components = [ + component.name() for component in cachi_sbom_components if _is_cachi2_non_registry_dependency(component) + ] + cachi2_local_paths = { + Path(subpath) for component in cachi_sbom_components if (purl := component.purl()) and (subpath := purl.subpath) + } + + cachi2_indexed_components = {_unique_key_cachi2(component): component for component in cachi_sbom_components} + + def is_duplicate_non_registry_component(component: SBOMItem) -> bool: + return component.name() in cachi2_non_registry_components + + def is_duplicate_npm_localpath_component(component: SBOMItem) -> bool: + purl = component.purl() + if not purl or purl.type != "npm": + return False + # instead of reporting path dependencies as pkg:npm/name@version?...#subpath, + # syft repots them as pkg:npm/subpath@version + return Path(purl.namespace or "", purl.name) in cachi2_local_paths + + def component_is_duplicated(component: SBOMItem) -> bool: + key = _unique_key_syft(component) + + return ( + _is_syft_local_golang_component(component) + or is_duplicate_non_registry_component(component) + or is_duplicate_npm_localpath_component(component) + or key in cachi2_indexed_components.keys() + ) + + return component_is_duplicated + + +def _merge_tools_metadata(sbom_a: dict[Any, Any], sbom_b: dict[Any, Any]) -> None: + """Merge the .metadata.tools of the right SBOM into the left SBOM. + + Handle both the 1.4 style and the 1.5 style of .metadata.tools. + If the SBOMs don't use the same style, conform to the left SBOM. + """ + # https://cyclonedx.org/docs/1.4/json/#metadata_tools + # vs. + # https://cyclonedx.org/docs/1.5/json/#metadata_tools + shared_keys = ["name", "version", "hashes", "externalReferences"] + + def tool_to_component(tool: dict[str, Any]) -> dict[str, Any]: + component = {key: tool[key] for key in shared_keys if key in tool} + if vendor := tool.get("vendor"): + component["author"] = vendor + component["type"] = "application" + return component + + def component_to_tool(component: dict[str, Any]) -> dict[str, Any]: + tool = {key: component[key] for key in shared_keys if key in component} + if author := component.get("author"): + tool["vendor"] = author + return tool + + tools_a = sbom_a["metadata"]["tools"] + tools_b = sbom_b["metadata"]["tools"] + + if isinstance(tools_a, dict): + components_a = tools_a["components"] + if isinstance(tools_b, dict): + components_b = tools_b["components"] + else: + components_b = map(tool_to_component, tools_b) + + merged_components = merge_by_apparent_sameness(wrap_as_cdx(components_a), wrap_as_cdx(components_b)) + sbom_a["metadata"]["tools"]["components"] = merged_components + elif isinstance(tools_a, list): + if isinstance(tools_b, dict): + tools_b = map(component_to_tool, tools_b["components"]) + + sbom_a["metadata"]["tools"] = _merge(tools_a, tools_b, lambda t: (t["name"], t.get("version"))) + else: + raise RuntimeError( + f"The .metadata.tools JSON key is in an unexpected format. Expected dict or list, got {type(tools_a)}." + ) + + +type MergeComponentsFunc[T: SBOMItem] = Callable[[Sequence[T], Sequence[T]], list[dict[str, Any]]] + + +def merge_by_prefering_cachi2[ + T: SBOMItem +](syft_components: Sequence[T], cachi2_components: Sequence[T]) -> list[dict[str, Any]]: + is_duplicate_component = _get_syft_component_filter(cachi2_components) + merged = [c for c in syft_components if not is_duplicate_component(c)] + merged += cachi2_components + return [c.unwrap() for c in merged] + + +def merge_by_apparent_sameness[ + T: SBOMItem +](components_a: Sequence[T], components_b: Sequence[T]) -> list[dict[str, Any]]: + def key(component: SBOMItem) -> str: + purl = component.purl() + if purl: + return purl.to_string() + return fallback_key(component) + + return [c.unwrap() for c in _merge(components_a, components_b, key)] + + +def _merge[T](items_a: Iterable[T], items_b: Iterable[T], by_key: Callable[[T], Any]) -> list[T]: + return _dedupe(itertools.chain(items_a, items_b), by_key) + + +def _dedupe[T](items: Iterable[T], by_key: Callable[[T], Any]) -> list[T]: + item_by_key: dict[Any, T] = {} + for item in items: + item_by_key.setdefault(by_key(item), item) + + return list(item_by_key.values()) + + +def merge_cyclonedx_sboms( + sbom_a: dict[str, Any], + sbom_b: dict[str, Any], + merge_components: MergeComponentsFunc[CDXComponent], +) -> dict[str, Any]: + """Merge two CycloneDX SBOMs.""" + components_a = wrap_as_cdx(sbom_a.get("components", [])) + components_b = wrap_as_cdx(sbom_b.get("components", [])) + merged = merge_components(components_a, components_b) + + sbom_a["components"] = merged + _merge_tools_metadata(sbom_a, sbom_b) + + return sbom_a + + +def _merge_spdx_creation_info(creation_info_a: dict[str, Any], creation_info_b: dict[str, Any]) -> dict[str, Any]: + def identity(creator: str) -> str: + return creator + + creators = _merge(creation_info_a["creators"], creation_info_b["creators"], by_key=identity) + return creation_info_a | {"creators": creators} + + +def _merge_spdx_relationships( + relationships_a: list[dict[str, Any]], + relationships_b: list[dict[str, Any]], + replace_spdxid: Callable[[str], str | None], +) -> list[dict[str, Any]]: + """Merge two lists of SPDX relationships. + + Modify relationships according to the replace_spdxid function. Given an SPDXID, it can return: + - the same SPDXID (relationship is unchanged) + - a different SPDXID (relationship is updated) + - None (relationship is dropped) + """ + merged_relationships = [] + + for relationship in itertools.chain(relationships_a, relationships_b): + element = replace_spdxid(relationship["spdxElementId"]) + related_element = replace_spdxid(relationship["relatedSpdxElement"]) + + if element and related_element: + merged_relationships.append( + relationship | {"spdxElementId": element, "relatedSpdxElement": related_element} + ) + + return _dedupe( + merged_relationships, + lambda r: (r["spdxElementId"], r["relationshipType"], r["relatedSpdxElement"]), + ) + + +def merge_spdx_sboms( + sbom_a: dict[str, Any], + sbom_b: dict[str, Any], + merge_components: MergeComponentsFunc[SPDXPackage], +) -> dict[str, Any]: + """Merge two SPDX SBOMs.""" + packages_a = wrap_as_spdx(sbom_a.get("packages", [])) + packages_b = wrap_as_spdx(sbom_b.get("packages", [])) + + merged_packages = merge_components(packages_a, packages_b) + merged_packages_ids = {p["SPDXID"] for p in merged_packages} + + def replace_spdxid(spdxid: str) -> str | None: + if spdxid == sbom_b["SPDXID"]: + # The merged document can only have one SPDXID, keep the left one + return sbom_a["SPDXID"] + if spdxid == sbom_a["SPDXID"] or spdxid in merged_packages_ids: + # Unchanged + return spdxid + # Drop + return None + + merged_relationships = _merge_spdx_relationships( + sbom_a.get("relationships", []), + sbom_b.get("relationships", []), + replace_spdxid=replace_spdxid, + ) + merged_creation_info = _merge_spdx_creation_info( + sbom_a["creationInfo"], + sbom_b["creationInfo"], + ) + + merged_sbom = sbom_a | { + "packages": merged_packages, + "relationships": merged_relationships, + "creationInfo": merged_creation_info, + } + # we have no handling for .files + # we don't really care about them, so drop them altogether + merged_sbom.pop("files", None) + + return merged_sbom + + +def merge_sboms( + sbom_a: dict[str, Any], + sbom_b: dict[str, Any], + merge_components: MergeComponentsFunc[SBOMItem], +) -> dict[str, Any]: + fmt = detect_sbom_type(sbom_a) + fmt2 = detect_sbom_type(sbom_b) + if fmt != fmt2: + raise ValueError(f"Mismatched SBOM formats: {fmt} X {fmt2}") + + if fmt == "cyclonedx": + return merge_cyclonedx_sboms(sbom_a, sbom_b, merge_components) + else: + return merge_spdx_sboms(sbom_a, sbom_b, merge_components) + + +def detect_sbom_type(sbom: dict[str, Any]) -> Literal["cyclonedx", "spdx"]: + if sbom.get("bomFormat") == "CycloneDX": + return "cyclonedx" + elif sbom.get("spdxVersion"): + return "spdx" + else: + raise ValueError("Unknown SBOM format") + + +def merge_syft_and_cachi2_sboms(syft_sbom_paths: list[str], cachi2_sbom_path: str) -> dict[str, Any]: + syft_sbom = merge_n_syft_sboms(syft_sbom_paths) + + with open(cachi2_sbom_path) as file: + cachi2_sbom = json.load(file) + + return merge_sboms(syft_sbom, cachi2_sbom, merge_by_prefering_cachi2) + + +def merge_n_syft_sboms(syft_sbom_paths: list[str]) -> dict[str, Any]: + sboms = [] + for path in syft_sbom_paths: + with open(path) as f: + sboms.append(json.load(f)) + + merge = functools.partial(merge_sboms, merge_components=merge_by_apparent_sameness) + merged_sbom = functools.reduce(merge, sboms) + return merged_sbom + + +def parse_sbom_arg(arg: str, default_flavour: str) -> tuple[str, str]: + before_colon, colon, after_colon = arg.partition(":") + if colon: + flavour = before_colon.lower() + path = after_colon + else: + path = before_colon + flavour = default_flavour + + return flavour, path + + +def main() -> None: + parser = ArgumentParser() + parser.add_argument("sbom_a") + parser.add_argument("more_sboms", nargs="+") + args = parser.parse_args() + + # For backwards compatiblity, if the flavour is unspecified, + # the left SBOM defaults to cachi2 and the right one(s) to syft. + sbom_a: tuple[str, str] = parse_sbom_arg(args.sbom_a, default_flavour="cachi2") + more_sboms: list[tuple[str, str]] = [parse_sbom_arg(arg, default_flavour="syft") for arg in args.more_sboms] + + sboms = [sbom_a, *more_sboms] + sbom_paths_by_flavour: dict[str, list[str]] = defaultdict(list) + for flavour, path in sboms: + sbom_paths_by_flavour[flavour].append(path) + + merged = None + + match sbom_paths_by_flavour: + case {"cachi2": [cachi2_sbom_path], "syft": syft_sbom_paths, **extra} if not extra: + merged = merge_syft_and_cachi2_sboms(syft_sbom_paths, cachi2_sbom_path) + case {"syft": syft_sbom_paths, **extra} if not extra: + merged = merge_n_syft_sboms(syft_sbom_paths) + case _: + flavours = " X ".join(flavour for flavour, _ in sboms) + raise ValueError( + f"Unsupported combination of SBOM flavours: {flavours}\n" + "\n" + "This script supports merging 0 or 1 cachi2 SBOM with >=1 syft SBOMs" + ) + + print(json.dumps(merged, indent=2)) + + +if __name__ == "__main__": + main() diff --git a/sbom-utility-scripts/scripts/merge-cachi2-sboms-script/requirements-test.in b/sbom-utility-scripts/scripts/merge-sboms-script/requirements-test.in similarity index 100% rename from sbom-utility-scripts/scripts/merge-cachi2-sboms-script/requirements-test.in rename to sbom-utility-scripts/scripts/merge-sboms-script/requirements-test.in diff --git a/sbom-utility-scripts/scripts/merge-cachi2-sboms-script/requirements-test.txt b/sbom-utility-scripts/scripts/merge-sboms-script/requirements-test.txt similarity index 100% rename from sbom-utility-scripts/scripts/merge-cachi2-sboms-script/requirements-test.txt rename to sbom-utility-scripts/scripts/merge-sboms-script/requirements-test.txt diff --git a/sbom-utility-scripts/scripts/merge-sboms-script/requirements.in b/sbom-utility-scripts/scripts/merge-sboms-script/requirements.in new file mode 100644 index 0000000..bad750f --- /dev/null +++ b/sbom-utility-scripts/scripts/merge-sboms-script/requirements.in @@ -0,0 +1 @@ +packageurl-python diff --git a/sbom-utility-scripts/scripts/merge-sboms-script/requirements.txt b/sbom-utility-scripts/scripts/merge-sboms-script/requirements.txt new file mode 100644 index 0000000..345bddf --- /dev/null +++ b/sbom-utility-scripts/scripts/merge-sboms-script/requirements.txt @@ -0,0 +1,10 @@ +# +# This file is autogenerated by pip-compile with Python 3.11 +# by the following command: +# +# pip-compile --generate-hashes --output-file=requirements.txt requirements.in +# +packageurl-python==0.15.0 \ + --hash=sha256:cdc6bd42dc30c4fc7f8f0ccb721fc31f8c33985dbffccb6e6be4c72874de48ca \ + --hash=sha256:f219b2ce6348185a27bd6a72e6fdc9f984e6c9fa157effa7cb93e341c49cdcc2 + # via -r requirements.in diff --git a/sbom-utility-scripts/scripts/merge-sboms-script/test_data/assemble-input-sboms.sh b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/assemble-input-sboms.sh new file mode 100755 index 0000000..a204f62 --- /dev/null +++ b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/assemble-input-sboms.sh @@ -0,0 +1,127 @@ +#!/bin/bash +set -o errexit -o nounset -o pipefail -o xtrace + +# This script was used to generate the input SBOMs in this directory: +# - cyclonedx/** +# - spdx/** +# +# Hopefully you won't need to run this script again, but if you do, you need: +# - cachi2 (https://github.com/containerbuildsystem/cachi2/blob/main/CONTRIBUTING.md#virtual-environment) +# - syft (https://github.com/anchore/syft/releases) +# - preferably at the version used by the tasks in https://github.com/konflux-ci/build-definitions +# +# It will generate cachi2 and syft SBOMs for a few sample repositories (and one +# container image, for syft) and assemble them into a merged cachi2 SBOM and a +# merged syft SBOM. You can then test the merge_sboms.py script by merging +# the cachi2 SBOM with the syft SBOM. + +sbom_type=${1:-cyclonedx} + +case $sbom_type in + cyclonedx) + syft_sbom_type=cyclonedx-json@1.5 + ;; + spdx) + syft_sbom_type=spdx-json@2.3 + ;; + *) + echo "unknown SBOM type: $sbom_type" >&2 + exit 1 + ;; +esac + +testdata_dir=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd) + +# This can't actually be in /tmp! Until v1.6.0, syft had a bug where directory scanning +# didn't work at all if the directory was in /tmp +temp_workdir=$PWD/assemble-sboms-$sbom_type +mkdir -p "$temp_workdir" +trap 'rm -rf "$temp_workdir"' EXIT + +cd "$temp_workdir" +mkdir cachi2-sboms +mkdir syft-sboms + +git clone https://github.com/cachito-testing/gomod-pandemonium +( + cd gomod-pandemonium + + syft dir:. -o "$syft_sbom_type" > "$temp_workdir/syft-sboms/gomod-pandemonium.bom.json" + + cachi2 fetch-deps --sbom-output-type "$sbom_type" '[ + {"type": "gomod"}, + {"type": "gomod", "path": "terminaltor"}, + {"type": "gomod", "path": "weird"} + ]' + cp cachi2-output/bom.json "../cachi2-sboms/gomod-pandemonium.bom.json" +) + +git clone https://github.com/cachito-testing/pip-e2e-test +( + cd pip-e2e-test + + syft dir:. -o "$syft_sbom_type" > "$temp_workdir/syft-sboms/pip-e2e-test.bom.json" + + cachi2 fetch-deps --sbom-output-type "$sbom_type" pip + cp cachi2-output/bom.json "$temp_workdir/cachi2-sboms/pip-e2e-test.bom.json" +) + +git clone https://github.com/cachito-testing/npm-cachi2-smoketest --branch lockfile-v3 +( + cd npm-cachi2-smoketest + + syft dir:. -o "$syft_sbom_type" > "$temp_workdir/syft-sboms/npm-cachi2-smoketest.bom.json" + + cachi2 fetch-deps --sbom-output-type "$sbom_type" npm + cp cachi2-output/bom.json "$temp_workdir/cachi2-sboms/npm-cachi2-smoketest.bom.json" +) + +ubi_micro=registry.access.redhat.com/ubi9/ubi-micro:9.5@sha256:a22fffe0256af00176c8b4f22eec5d8ecb1cb1684d811c33b1f2832fd573260f +syft image:"$ubi_micro" -o "$syft_sbom_type" > "$temp_workdir/syft-sboms/ubi-micro.bom.json" + +# postprocess_*: Some attributes change every time, e.g. timestamps or UUIDs. +# Set them to hardcoded values to avoid unnecessary changes when re-running this script. + +postprocess_cachi2_cyclonedx() { + jq --sort-keys +} + +postprocess_cachi2_spdx() { + jq --sort-keys ' + .creationInfo.created = "2024-12-18T11:27:10Z" | + .packages[].annotations[].annotationDate = "2024-12-18T11:27:10Z" | + (.relationships |= sort) + ' + # TODO remove the relationships sorting if cachi2 fixes the random order +} + +postprocess_syft_cyclonedx() { + jq --sort-keys ' + .metadata.timestamp = "2024-12-18T11:08:00+01:00" | + .serialNumber = "urn:uuid:1d823647-6b64-41b3-a29b-1d09cfb3ba8a" + ' +} + +postprocess_syft_spdx() { + jq --sort-keys ' + .creationInfo.created = "2024-12-18T11:28:00Z" | + .documentNamespace = "https://anchore.com/syft/dir/syft-sboms-b66779b6-6e20-4128-9fad-da28250a1b82" + ' +} + +mkdir -p "$testdata_dir/$sbom_type" + +cachi2 merge-sboms --sbom-output-type "$sbom_type" "$temp_workdir/cachi2-sboms"/* | + postprocess_cachi2_"$sbom_type" > "$testdata_dir/$sbom_type/cachi2.bom.json" + +mkdir -p "$testdata_dir/$sbom_type/syft-sboms" +for syft_sbom in ./syft-sboms/*; do + name=$(basename "$syft_sbom") + postprocess_syft_"$sbom_type" < "$syft_sbom" > "$testdata_dir/$sbom_type/syft-sboms/$name" +done + +syft ./syft-sboms --select-catalogers=+sbom-cataloger -o "$syft_sbom_type" | + postprocess_syft_"$sbom_type" > "$testdata_dir/$sbom_type/syft.merged-by-syft.bom.json" + +printf "syft:%s\n" "$testdata_dir/$sbom_type/syft-sboms"/* | + xargs python "$testdata_dir/../merge_sboms.py" > "$testdata_dir/$sbom_type/syft.merged-by-us.bom.json" diff --git a/sbom-utility-scripts/scripts/merge-sboms-script/test_data/cyclonedx/cachi2.bom.json b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/cyclonedx/cachi2.bom.json new file mode 100644 index 0000000..27acde0 --- /dev/null +++ b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/cyclonedx/cachi2.bom.json @@ -0,0 +1,3132 @@ +{ + "bomFormat": "CycloneDX", + "components": [ + { + "name": "bufio", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/bufio?type=package", + "type": "library" + }, + { + "name": "bytes", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/bytes?type=package", + "type": "library" + }, + { + "name": "compress/flate", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/compress/flate?type=package", + "type": "library" + }, + { + "name": "compress/gzip", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/compress/gzip?type=package", + "type": "library" + }, + { + "name": "container/list", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/container/list?type=package", + "type": "library" + }, + { + "name": "context", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/context?type=package", + "type": "library" + }, + { + "name": "crypto/aes", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/aes?type=package", + "type": "library" + }, + { + "name": "crypto/cipher", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/cipher?type=package", + "type": "library" + }, + { + "name": "crypto/des", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/des?type=package", + "type": "library" + }, + { + "name": "crypto/dsa", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/dsa?type=package", + "type": "library" + }, + { + "name": "crypto/ecdh", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/ecdh?type=package", + "type": "library" + }, + { + "name": "crypto/ecdsa", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/ecdsa?type=package", + "type": "library" + }, + { + "name": "crypto/ed25519", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/ed25519?type=package", + "type": "library" + }, + { + "name": "crypto/elliptic", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/elliptic?type=package", + "type": "library" + }, + { + "name": "crypto/hmac", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/hmac?type=package", + "type": "library" + }, + { + "name": "crypto/internal/alias", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/internal/alias?type=package", + "type": "library" + }, + { + "name": "crypto/internal/bigmod", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/internal/bigmod?type=package", + "type": "library" + }, + { + "name": "crypto/internal/boring/bbig", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/internal/boring/bbig?type=package", + "type": "library" + }, + { + "name": "crypto/internal/boring/sig", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/internal/boring/sig?type=package", + "type": "library" + }, + { + "name": "crypto/internal/boring", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/internal/boring?type=package", + "type": "library" + }, + { + "name": "crypto/internal/edwards25519/field", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/internal/edwards25519/field?type=package", + "type": "library" + }, + { + "name": "crypto/internal/edwards25519", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/internal/edwards25519?type=package", + "type": "library" + }, + { + "name": "crypto/internal/nistec/fiat", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/internal/nistec/fiat?type=package", + "type": "library" + }, + { + "name": "crypto/internal/nistec", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/internal/nistec?type=package", + "type": "library" + }, + { + "name": "crypto/internal/randutil", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/internal/randutil?type=package", + "type": "library" + }, + { + "name": "crypto/md5", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/md5?type=package", + "type": "library" + }, + { + "name": "crypto/rand", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/rand?type=package", + "type": "library" + }, + { + "name": "crypto/rc4", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/rc4?type=package", + "type": "library" + }, + { + "name": "crypto/rsa", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/rsa?type=package", + "type": "library" + }, + { + "name": "crypto/sha1", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/sha1?type=package", + "type": "library" + }, + { + "name": "crypto/sha256", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/sha256?type=package", + "type": "library" + }, + { + "name": "crypto/sha512", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/sha512?type=package", + "type": "library" + }, + { + "name": "crypto/subtle", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/subtle?type=package", + "type": "library" + }, + { + "name": "crypto/tls", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/tls?type=package", + "type": "library" + }, + { + "name": "crypto/x509/pkix", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/x509/pkix?type=package", + "type": "library" + }, + { + "name": "crypto/x509", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/x509?type=package", + "type": "library" + }, + { + "name": "crypto", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto?type=package", + "type": "library" + }, + { + "name": "embed", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/embed?type=package", + "type": "library" + }, + { + "name": "encoding/asn1", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/encoding/asn1?type=package", + "type": "library" + }, + { + "name": "encoding/base64", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/encoding/base64?type=package", + "type": "library" + }, + { + "name": "encoding/binary", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/encoding/binary?type=package", + "type": "library" + }, + { + "name": "encoding/hex", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/encoding/hex?type=package", + "type": "library" + }, + { + "name": "encoding/json", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/encoding/json?type=package", + "type": "library" + }, + { + "name": "encoding/pem", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/encoding/pem?type=package", + "type": "library" + }, + { + "name": "encoding/xml", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/encoding/xml?type=package", + "type": "library" + }, + { + "name": "encoding", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/encoding?type=package", + "type": "library" + }, + { + "name": "errors", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/errors?type=package", + "type": "library" + }, + { + "name": "fmt", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/fmt?type=package", + "type": "library" + }, + { + "name": "github.com/Azure/go-ansiterm", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/Azure/go-ansiterm@v0.0.0-20210617225240-d185dfc1b5a1?type=module", + "type": "library", + "version": "v0.0.0-20210617225240-d185dfc1b5a1" + }, + { + "name": "github.com/Masterminds/semver", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/Masterminds/semver@v1.4.2?type=module", + "type": "library", + "version": "v1.4.2" + }, + { + "name": "github.com/Masterminds/semver", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/Masterminds/semver@v1.4.2?type=package", + "type": "library", + "version": "v1.4.2" + }, + { + "name": "github.com/Microsoft/go-winio", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/Microsoft/go-winio@v0.6.0?type=module", + "type": "library", + "version": "v0.6.0" + }, + { + "name": "github.com/cachito-testing/gomod-pandemonium/terminaltor", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/gomod-pandemonium/terminaltor@v1.0.0?type=module", + "type": "library", + "version": "v1.0.0" + }, + { + "name": "github.com/cachito-testing/gomod-pandemonium/terminaltor", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/gomod-pandemonium/terminaltor@v1.0.0?type=package", + "type": "library", + "version": "v1.0.0" + }, + { + "name": "github.com/cachito-testing/gomod-pandemonium/weird", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/gomod-pandemonium/weird@v0.0.0-20230417073518-0c6890c3280a?type=module", + "type": "library", + "version": "v0.0.0-20230417073518-0c6890c3280a" + }, + { + "name": "github.com/cachito-testing/gomod-pandemonium/weird", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/gomod-pandemonium/weird@v0.0.0-20230417073518-0c6890c3280a?type=package", + "type": "library", + "version": "v0.0.0-20230417073518-0c6890c3280a" + }, + { + "name": "github.com/cachito-testing/gomod-pandemonium/where-was-i-built", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/gomod-pandemonium/where-was-i-built@v0.1.0?type=package", + "type": "library", + "version": "v0.1.0" + }, + { + "name": "github.com/cachito-testing/gomod-pandemonium", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/gomod-pandemonium@v0.1.0?type=module", + "type": "library", + "version": "v0.1.0" + }, + { + "name": "github.com/cachito-testing/gomod-pandemonium", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/gomod-pandemonium@v0.1.0?type=package", + "type": "library", + "version": "v0.1.0" + }, + { + "name": "github.com/cachito-testing/retrodep/v2/retrodep/glide", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/retrodep/v2/retrodep/glide@v2.1.1?type=package", + "type": "library", + "version": "v2.1.1" + }, + { + "name": "github.com/cachito-testing/retrodep/v2/retrodep", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/retrodep/v2/retrodep@v2.1.1?type=package", + "type": "library", + "version": "v2.1.1" + }, + { + "name": "github.com/cachito-testing/retrodep/v2", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/retrodep/v2@v2.1.1?type=module", + "type": "library", + "version": "v2.1.1" + }, + { + "name": "github.com/go-logr/logr", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/go-logr/logr@v1.2.3?type=module", + "type": "library", + "version": "v1.2.3" + }, + { + "name": "github.com/go-task/slim-sprig", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/go-task/slim-sprig@v0.0.0-20230315185526-52ccab3ef572?type=module", + "type": "library", + "version": "v0.0.0-20230315185526-52ccab3ef572" + }, + { + "name": "github.com/google/go-cmp", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/google/go-cmp@v0.5.9?type=module", + "type": "library", + "version": "v0.5.9" + }, + { + "name": "github.com/google/pprof", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/google/pprof@v0.0.0-20210407192527-94a9f03dee38?type=module", + "type": "library", + "version": "v0.0.0-20210407192527-94a9f03dee38" + }, + { + "name": "github.com/moby/term", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/moby/term@v0.0.0-20221205130635-1aeaba878587?type=module", + "type": "library", + "version": "v0.0.0-20221205130635-1aeaba878587" + }, + { + "name": "github.com/moby/term", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/moby/term@v0.0.0-20221205130635-1aeaba878587?type=package", + "type": "library", + "version": "v0.0.0-20221205130635-1aeaba878587" + }, + { + "name": "github.com/onsi/ginkgo/v2", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/onsi/ginkgo/v2@v2.9.2?type=module", + "type": "library", + "version": "v2.9.2" + }, + { + "name": "github.com/onsi/gomega", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/onsi/gomega@v1.27.4?type=module", + "type": "library", + "version": "v1.27.4" + }, + { + "name": "github.com/op/go-logging", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/op/go-logging@v0.0.0-20160315200505-970db520ece7?type=module", + "type": "library", + "version": "v0.0.0-20160315200505-970db520ece7" + }, + { + "name": "github.com/op/go-logging", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/op/go-logging@v0.0.0-20160315200505-970db520ece7?type=package", + "type": "library", + "version": "v0.0.0-20160315200505-970db520ece7" + }, + { + "name": "github.com/pkg/errors", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/pkg/errors@v0.8.1?type=module", + "type": "library", + "version": "v0.8.1" + }, + { + "name": "github.com/pkg/errors", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/pkg/errors@v0.8.1?type=package", + "type": "library", + "version": "v0.8.1" + }, + { + "name": "go/ast", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/go/ast?type=package", + "type": "library" + }, + { + "name": "go/build/constraint", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/go/build/constraint?type=package", + "type": "library" + }, + { + "name": "go/build", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/go/build?type=package", + "type": "library" + }, + { + "name": "go/doc/comment", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/go/doc/comment?type=package", + "type": "library" + }, + { + "name": "go/doc", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/go/doc?type=package", + "type": "library" + }, + { + "name": "go/internal/typeparams", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/go/internal/typeparams?type=package", + "type": "library" + }, + { + "name": "go/parser", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/go/parser?type=package", + "type": "library" + }, + { + "name": "go/scanner", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/go/scanner?type=package", + "type": "library" + }, + { + "name": "go/token", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/go/token?type=package", + "type": "library" + }, + { + "name": "golang.org/x/mod", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/golang.org/x/mod@v0.9.0?type=module", + "type": "library", + "version": "v0.9.0" + }, + { + "name": "golang.org/x/net", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/golang.org/x/net@v0.8.0?type=module", + "type": "library", + "version": "v0.8.0" + }, + { + "name": "golang.org/x/sys/execabs", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/golang.org/x/sys/execabs@v0.6.0?type=package", + "type": "library", + "version": "v0.6.0" + }, + { + "name": "golang.org/x/sys/unix", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/golang.org/x/sys/unix@v0.6.0?type=package", + "type": "library", + "version": "v0.6.0" + }, + { + "name": "golang.org/x/sys", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/golang.org/x/sys@v0.6.0?type=module", + "type": "library", + "version": "v0.6.0" + }, + { + "name": "golang.org/x/text", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/golang.org/x/text@v0.8.0?type=module", + "type": "library", + "version": "v0.8.0" + }, + { + "name": "golang.org/x/tools/go/vcs", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/golang.org/x/tools/go/vcs@v0.7.0?type=package", + "type": "library", + "version": "v0.7.0" + }, + { + "name": "golang.org/x/tools", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/golang.org/x/tools@v0.7.0?type=module", + "type": "library", + "version": "v0.7.0" + }, + { + "name": "gopkg.in/yaml.v2", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/gopkg.in/yaml.v2@v2.2.2?type=module", + "type": "library", + "version": "v2.2.2" + }, + { + "name": "gopkg.in/yaml.v2", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/gopkg.in/yaml.v2@v2.2.2?type=package", + "type": "library", + "version": "v2.2.2" + }, + { + "name": "gopkg.in/yaml.v3", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/gopkg.in/yaml.v3@v3.0.1?type=module", + "type": "library", + "version": "v3.0.1" + }, + { + "name": "hash/crc32", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/hash/crc32?type=package", + "type": "library" + }, + { + "name": "hash", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/hash?type=package", + "type": "library" + }, + { + "name": "internal/abi", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/abi?type=package", + "type": "library" + }, + { + "name": "internal/buildcfg", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/buildcfg?type=package", + "type": "library" + }, + { + "name": "internal/bytealg", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/bytealg?type=package", + "type": "library" + }, + { + "name": "internal/coverage/rtcov", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/coverage/rtcov?type=package", + "type": "library" + }, + { + "name": "internal/cpu", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/cpu?type=package", + "type": "library" + }, + { + "name": "internal/fmtsort", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/fmtsort?type=package", + "type": "library" + }, + { + "name": "internal/goarch", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/goarch?type=package", + "type": "library" + }, + { + "name": "internal/godebug", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/godebug?type=package", + "type": "library" + }, + { + "name": "internal/goexperiment", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/goexperiment?type=package", + "type": "library" + }, + { + "name": "internal/goos", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/goos?type=package", + "type": "library" + }, + { + "name": "internal/goroot", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/goroot?type=package", + "type": "library" + }, + { + "name": "internal/goversion", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/goversion?type=package", + "type": "library" + }, + { + "name": "internal/intern", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/intern?type=package", + "type": "library" + }, + { + "name": "internal/itoa", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/itoa?type=package", + "type": "library" + }, + { + "name": "internal/lazyregexp", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/lazyregexp?type=package", + "type": "library" + }, + { + "name": "internal/nettrace", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/nettrace?type=package", + "type": "library" + }, + { + "name": "internal/oserror", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/oserror?type=package", + "type": "library" + }, + { + "name": "internal/poll", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/poll?type=package", + "type": "library" + }, + { + "name": "internal/race", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/race?type=package", + "type": "library" + }, + { + "name": "internal/reflectlite", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/reflectlite?type=package", + "type": "library" + }, + { + "name": "internal/safefilepath", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/safefilepath?type=package", + "type": "library" + }, + { + "name": "internal/singleflight", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/singleflight?type=package", + "type": "library" + }, + { + "name": "internal/syscall/execenv", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/syscall/execenv?type=package", + "type": "library" + }, + { + "name": "internal/syscall/unix", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/syscall/unix?type=package", + "type": "library" + }, + { + "name": "internal/testlog", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/testlog?type=package", + "type": "library" + }, + { + "name": "internal/unsafeheader", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/unsafeheader?type=package", + "type": "library" + }, + { + "name": "io/fs", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/io/fs?type=package", + "type": "library" + }, + { + "name": "io/ioutil", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/io/ioutil?type=package", + "type": "library" + }, + { + "name": "io", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/io?type=package", + "type": "library" + }, + { + "name": "log/syslog", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/log/syslog?type=package", + "type": "library" + }, + { + "name": "log", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/log?type=package", + "type": "library" + }, + { + "name": "math/big", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/math/big?type=package", + "type": "library" + }, + { + "name": "math/bits", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/math/bits?type=package", + "type": "library" + }, + { + "name": "math/rand", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/math/rand?type=package", + "type": "library" + }, + { + "name": "math", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/math?type=package", + "type": "library" + }, + { + "name": "mime/multipart", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/mime/multipart?type=package", + "type": "library" + }, + { + "name": "mime/quotedprintable", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/mime/quotedprintable?type=package", + "type": "library" + }, + { + "name": "mime", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/mime?type=package", + "type": "library" + }, + { + "name": "net/http/httptrace", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/net/http/httptrace?type=package", + "type": "library" + }, + { + "name": "net/http/internal/ascii", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/net/http/internal/ascii?type=package", + "type": "library" + }, + { + "name": "net/http/internal", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/net/http/internal?type=package", + "type": "library" + }, + { + "name": "net/http", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/net/http?type=package", + "type": "library" + }, + { + "name": "net/netip", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/net/netip?type=package", + "type": "library" + }, + { + "name": "net/textproto", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/net/textproto?type=package", + "type": "library" + }, + { + "name": "net/url", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/net/url?type=package", + "type": "library" + }, + { + "name": "net", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/net?type=package", + "type": "library" + }, + { + "name": "os/exec", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/os/exec?type=package", + "type": "library" + }, + { + "name": "os", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/os?type=package", + "type": "library" + }, + { + "name": "path/filepath", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/path/filepath?type=package", + "type": "library" + }, + { + "name": "path", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/path?type=package", + "type": "library" + }, + { + "name": "reflect", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/reflect?type=package", + "type": "library" + }, + { + "name": "regexp/syntax", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/regexp/syntax?type=package", + "type": "library" + }, + { + "name": "regexp", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/regexp?type=package", + "type": "library" + }, + { + "name": "runtime/cgo", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/runtime/cgo?type=package", + "type": "library" + }, + { + "name": "runtime/internal/atomic", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/runtime/internal/atomic?type=package", + "type": "library" + }, + { + "name": "runtime/internal/math", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/runtime/internal/math?type=package", + "type": "library" + }, + { + "name": "runtime/internal/sys", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/runtime/internal/sys?type=package", + "type": "library" + }, + { + "name": "runtime/internal/syscall", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/runtime/internal/syscall?type=package", + "type": "library" + }, + { + "name": "runtime", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/runtime?type=package", + "type": "library" + }, + { + "name": "sort", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/sort?type=package", + "type": "library" + }, + { + "name": "strconv", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/strconv?type=package", + "type": "library" + }, + { + "name": "strings", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/strings?type=package", + "type": "library" + }, + { + "name": "sync/atomic", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/sync/atomic?type=package", + "type": "library" + }, + { + "name": "sync", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/sync?type=package", + "type": "library" + }, + { + "name": "syscall", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/syscall?type=package", + "type": "library" + }, + { + "name": "time", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/time?type=package", + "type": "library" + }, + { + "name": "unicode/utf16", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/unicode/utf16?type=package", + "type": "library" + }, + { + "name": "unicode/utf8", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/unicode/utf8?type=package", + "type": "library" + }, + { + "name": "unicode", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/unicode?type=package", + "type": "library" + }, + { + "name": "unsafe", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/unsafe?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/crypto/chacha20", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/crypto/chacha20?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/crypto/chacha20poly1305", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/crypto/chacha20poly1305?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/crypto/cryptobyte/asn1", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/crypto/cryptobyte/asn1?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/crypto/cryptobyte", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/crypto/cryptobyte?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/crypto/hkdf", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/crypto/hkdf?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/crypto/internal/alias", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/crypto/internal/alias?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/crypto/internal/poly1305", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/crypto/internal/poly1305?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/net/dns/dnsmessage", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/net/dns/dnsmessage?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/net/http/httpguts", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/net/http/httpguts?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/net/http/httpproxy", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/net/http/httpproxy?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/net/http2/hpack", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/net/http2/hpack?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/net/idna", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/net/idna?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/sys/cpu", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/sys/cpu?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/text/secure/bidirule", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/text/secure/bidirule?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/text/transform", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/text/transform?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/text/unicode/bidi", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/text/unicode/bidi?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/text/unicode/norm", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/text/unicode/norm?type=package", + "type": "library" + }, + { + "name": "@types/prop-types", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/%40types/prop-types@15.7.5", + "type": "library", + "version": "15.7.5" + }, + { + "name": "@types/react-dom", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/%40types/react-dom@18.0.11", + "type": "library", + "version": "18.0.11" + }, + { + "name": "@types/react", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/%40types/react@18.0.35", + "type": "library", + "version": "18.0.35" + }, + { + "name": "@types/scheduler", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/%40types/scheduler@0.16.3", + "type": "library", + "version": "0.16.3" + }, + { + "name": "abbrev", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/abbrev@2.0.0", + "type": "library", + "version": "2.0.0" + }, + { + "name": "accepts", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/accepts@1.3.8", + "type": "library", + "version": "1.3.8" + }, + { + "name": "array-flatten", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/array-flatten@1.1.1", + "type": "library", + "version": "1.1.1" + }, + { + "name": "bar", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/bar@1.0.0?vcs_url=git%2Bhttps://github.com/cachito-testing/npm-cachi2-smoketest%40f1d31c2b051b218c84399b12461e0957d87bd0cd#bar", + "type": "library", + "version": "1.0.0" + }, + { + "name": "bitbucket-cachi2-npm-without-deps-second", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/bitbucket-cachi2-npm-without-deps-second@2.0.0?vcs_url=git%2Bssh://git%40bitbucket.org/cachi-testing/cachi2-without-deps-second.git%4009992d418fc44a2895b7a9ff27c4e32d6f74a982", + "type": "library", + "version": "2.0.0" + }, + { + "name": "bitbucket-cachi2-npm-without-deps", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/bitbucket-cachi2-npm-without-deps@1.0.0?vcs_url=git%2Bssh://git%40bitbucket.org/cachi-testing/cachi2-without-deps.git%409e164b97043a2d91bbeb992f6cc68a3d1015086a", + "type": "library", + "version": "1.0.0" + }, + { + "name": "body-parser", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/body-parser@1.20.1", + "type": "library", + "version": "1.20.1" + }, + { + "name": "bytes", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/bytes@3.1.2", + "type": "library", + "version": "3.1.2" + }, + { + "name": "cachito-npm-without-deps", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/cachito-npm-without-deps@1.0.0?checksum=sha512:43e71f90ad5f9eb349ab18a283f8954994def373962ddc61b866bdea4d48249e67913c6b84dca1e8c519e981ca1fcc62b438292104a88ee9ed72db76a41efede&download_url=https://github.com/cachito-testing/cachito-npm-without-deps/raw/tarball/cachito-npm-without-deps-1.0.0.tgz", + "type": "library", + "version": "1.0.0" + }, + { + "name": "call-bind", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/call-bind@1.0.2", + "type": "library", + "version": "1.0.2" + }, + { + "name": "classnames", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/classnames@2.3.2", + "type": "library", + "version": "2.3.2" + }, + { + "name": "colors", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/colors@1.4.0", + "type": "library", + "version": "1.4.0" + }, + { + "name": "content-disposition", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/content-disposition@0.5.4", + "type": "library", + "version": "0.5.4" + }, + { + "name": "content-type", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/content-type@1.0.5", + "type": "library", + "version": "1.0.5" + }, + { + "name": "cookie-signature", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/cookie-signature@1.0.6", + "type": "library", + "version": "1.0.6" + }, + { + "name": "cookie", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/cookie@0.5.0", + "type": "library", + "version": "0.5.0" + }, + { + "name": "csstype", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/csstype@3.1.2", + "type": "library", + "version": "3.1.2" + }, + { + "name": "dateformat", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/dateformat@5.0.3", + "type": "library", + "version": "5.0.3" + }, + { + "name": "debug", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/debug@2.6.9", + "type": "library", + "version": "2.6.9" + }, + { + "name": "depd", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/depd@2.0.0", + "type": "library", + "version": "2.0.0" + }, + { + "name": "destroy", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/destroy@1.2.0", + "type": "library", + "version": "1.2.0" + }, + { + "name": "ee-first", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/ee-first@1.1.1", + "type": "library", + "version": "1.1.1" + }, + { + "name": "eggs", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/eggs@1.0.0?vcs_url=git%2Bhttps://github.com/cachito-testing/npm-cachi2-smoketest%40f1d31c2b051b218c84399b12461e0957d87bd0cd#eggs-packages/eggs", + "type": "library", + "version": "1.0.0" + }, + { + "name": "encodeurl", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/encodeurl@1.0.2", + "type": "library", + "version": "1.0.2" + }, + { + "name": "escape-html", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/escape-html@1.0.3", + "type": "library", + "version": "1.0.3" + }, + { + "name": "etag", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/etag@1.8.1", + "type": "library", + "version": "1.8.1" + }, + { + "name": "express", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/express@4.18.2", + "type": "library", + "version": "4.18.2" + }, + { + "name": "fecha", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/fecha@4.2.3?vcs_url=git%2Bhttps://github.com/cachito-testing/npm-cachi2-smoketest%40f1d31c2b051b218c84399b12461e0957d87bd0cd#fecha-4.2.3.tgz", + "type": "library", + "version": "4.2.3" + }, + { + "name": "finalhandler", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/finalhandler@1.2.0", + "type": "library", + "version": "1.2.0" + }, + { + "name": "foo", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/foo@1.0.0?vcs_url=git%2Bhttps://github.com/cachito-testing/npm-cachi2-smoketest%40f1d31c2b051b218c84399b12461e0957d87bd0cd#foo", + "type": "library", + "version": "1.0.0" + }, + { + "name": "forwarded", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/forwarded@0.2.0", + "type": "library", + "version": "0.2.0" + }, + { + "name": "fresh", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/fresh@0.5.2", + "type": "library", + "version": "0.5.2" + }, + { + "name": "function-bind", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/function-bind@1.1.1", + "type": "library", + "version": "1.1.1" + }, + { + "name": "get-intrinsic", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/get-intrinsic@1.2.0", + "type": "library", + "version": "1.2.0" + }, + { + "name": "has-symbols", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/has-symbols@1.0.3", + "type": "library", + "version": "1.0.3" + }, + { + "name": "has", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/has@1.0.3", + "type": "library", + "version": "1.0.3" + }, + { + "name": "http-errors", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/http-errors@2.0.0", + "type": "library", + "version": "2.0.0" + }, + { + "name": "iconv-lite", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/iconv-lite@0.4.24", + "type": "library", + "version": "0.4.24" + }, + { + "name": "inherits", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/inherits@2.0.4", + "type": "library", + "version": "2.0.4" + }, + { + "name": "ipaddr.js", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/ipaddr.js@1.9.1", + "type": "library", + "version": "1.9.1" + }, + { + "name": "is-positive", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/is-positive@3.1.0?vcs_url=git%2Bssh://git%40github.com/kevva/is-positive.git%4097edff6f525f192a3f83cea1944765f769ae2678", + "type": "library", + "version": "3.1.0" + }, + { + "name": "media-typer", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/media-typer@0.3.0", + "type": "library", + "version": "0.3.0" + }, + { + "name": "merge-descriptors", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/merge-descriptors@1.0.1", + "type": "library", + "version": "1.0.1" + }, + { + "name": "methods", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/methods@1.1.2", + "type": "library", + "version": "1.1.2" + }, + { + "name": "mime-db", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/mime-db@1.52.0", + "type": "library", + "version": "1.52.0" + }, + { + "name": "mime-types", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/mime-types@2.1.35", + "type": "library", + "version": "2.1.35" + }, + { + "name": "mime", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/mime@1.6.0", + "type": "library", + "version": "1.6.0" + }, + { + "name": "ms", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/ms@2.0.0", + "type": "library", + "version": "2.0.0" + }, + { + "name": "ms", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/ms@2.1.3", + "type": "library", + "version": "2.1.3" + }, + { + "name": "negotiator", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/negotiator@0.6.3", + "type": "library", + "version": "0.6.3" + }, + { + "name": "not-baz", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/not-baz@1.0.0?vcs_url=git%2Bhttps://github.com/cachito-testing/npm-cachi2-smoketest%40f1d31c2b051b218c84399b12461e0957d87bd0cd#baz", + "type": "library", + "version": "1.0.0" + }, + { + "name": "npm_test", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/npm_test@1.1.0?vcs_url=git%2Bhttps://github.com/cachito-testing/npm-cachi2-smoketest%40f1d31c2b051b218c84399b12461e0957d87bd0cd", + "type": "library", + "version": "1.1.0" + }, + { + "name": "object-inspect", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/object-inspect@1.12.3", + "type": "library", + "version": "1.12.3" + }, + { + "name": "on-finished", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/on-finished@2.4.1", + "type": "library", + "version": "2.4.1" + }, + { + "name": "parseurl", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/parseurl@1.3.3", + "type": "library", + "version": "1.3.3" + }, + { + "name": "path-to-regexp", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/path-to-regexp@0.1.7", + "type": "library", + "version": "0.1.7" + }, + { + "name": "proxy-addr", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/proxy-addr@2.0.7", + "type": "library", + "version": "2.0.7" + }, + { + "name": "qs", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/qs@6.11.0", + "type": "library", + "version": "6.11.0" + }, + { + "name": "range-parser", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/range-parser@1.2.1", + "type": "library", + "version": "1.2.1" + }, + { + "name": "raw-body", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/raw-body@2.5.1", + "type": "library", + "version": "2.5.1" + }, + { + "name": "safe-buffer", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/safe-buffer@5.2.1", + "type": "library", + "version": "5.2.1" + }, + { + "name": "safer-buffer", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2", + "type": "library", + "version": "2.1.2" + }, + { + "name": "sax", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/sax@0.1.1", + "type": "library", + "version": "0.1.1" + }, + { + "name": "send", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/send@0.18.0", + "type": "library", + "version": "0.18.0" + }, + { + "name": "serve-static", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/serve-static@1.15.0", + "type": "library", + "version": "1.15.0" + }, + { + "name": "setprototypeof", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/setprototypeof@1.2.0", + "type": "library", + "version": "1.2.0" + }, + { + "name": "side-channel", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/side-channel@1.0.4", + "type": "library", + "version": "1.0.4" + }, + { + "name": "spam", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/spam@1.0.0?vcs_url=git%2Bhttps://github.com/cachito-testing/npm-cachi2-smoketest%40f1d31c2b051b218c84399b12461e0957d87bd0cd#spam-packages/spam", + "type": "library", + "version": "1.0.0" + }, + { + "name": "statuses", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/statuses@2.0.1", + "type": "library", + "version": "2.0.1" + }, + { + "name": "toidentifier", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/toidentifier@1.0.1", + "type": "library", + "version": "1.0.1" + }, + { + "name": "type-is", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/type-is@1.6.18", + "type": "library", + "version": "1.6.18" + }, + { + "name": "unpipe", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/unpipe@1.0.0", + "type": "library", + "version": "1.0.0" + }, + { + "name": "utils-merge", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/utils-merge@1.0.1", + "type": "library", + "version": "1.0.1" + }, + { + "name": "uuid", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/uuid@9.0.0", + "type": "library", + "version": "9.0.0" + }, + { + "name": "vary", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/vary@1.1.2", + "type": "library", + "version": "1.1.2" + }, + { + "name": "certifi", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:pypi/certifi@2022.12.7", + "type": "library", + "version": "2022.12.7" + }, + { + "name": "charset-normalizer", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:pypi/charset-normalizer@3.0.1", + "type": "library", + "version": "3.0.1" + }, + { + "name": "dockerfile-parse", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:pypi/dockerfile-parse?checksum=sha256:36e4469abb0d96b0e3cd656284d5016e8a674cd57b8ebe5af64786fe63b8184d&download_url=https://github.com/containerbuildsystem/dockerfile-parse/archive/refs/tags/2.0.0.tar.gz", + "type": "library" + }, + { + "name": "flit-core", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:pypi/flit-core@3.8.0", + "type": "library", + "version": "3.8.0" + }, + { + "name": "idna", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:pypi/idna@3.4", + "type": "library", + "version": "3.4" + }, + { + "name": "requests", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:pypi/requests@2.28.2", + "type": "library", + "version": "2.28.2" + }, + { + "name": "setuptools", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:pypi/setuptools@67.1.0", + "type": "library", + "version": "67.1.0" + }, + { + "name": "test_package_cachi2", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:pypi/test-package-cachi2@1.0.0?vcs_url=git%2Bhttps://github.com/cachito-testing/pip-e2e-test%401ecda839ba9ca55070d75c86c26a1bb07d777bba", + "type": "library", + "version": "1.0.0" + }, + { + "name": "urllib3", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:pypi/urllib3@1.26.14", + "type": "library", + "version": "1.26.14" + }, + { + "name": "wheel", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:pypi/wheel@0.38.4", + "type": "library", + "version": "0.38.4" + } + ], + "metadata": { + "tools": [ + { + "name": "cachi2", + "vendor": "red hat" + } + ] + }, + "specVersion": "1.4", + "version": 1 +} diff --git a/sbom-utility-scripts/scripts/merge-sboms-script/test_data/cyclonedx/merged.bom.json b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/cyclonedx/merged.bom.json new file mode 100644 index 0000000..0da3944 --- /dev/null +++ b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/cyclonedx/merged.bom.json @@ -0,0 +1,4614 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "bomFormat": "CycloneDX", + "components": [ + { + "bom-ref": "pkg:golang/github.com/release-engineering/retrodep@v2.1.0?package-id=b1aab99da74371f7#v2", + "cpe": "cpe:2.3:a:release-engineering:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*", + "name": "github.com/release-engineering/retrodep/v2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:release_engineering:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:release:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + } + ], + "purl": "pkg:golang/github.com/release-engineering/retrodep@v2.1.0#v2", + "type": "library", + "version": "v2.1.0" + }, + { + "bom-ref": "pkg:rpm/rhel/basesystem@11-13.el9?arch=noarch&upstream=basesystem-11-13.el9.src.rpm&distro=rhel-9.5&package-id=fcabd006cb3bfe7d", + "cpe": "cpe:2.3:a:basesystem:basesystem:11-13.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "Public Domain" + } + } + ], + "name": "basesystem", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:basesystem:11-13.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "13.el9" + }, + { + "name": "syft:metadata:size", + "value": "0" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "basesystem-11-13.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/basesystem@11-13.el9?arch=noarch&upstream=basesystem-11-13.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "11-13.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/bash@5.1.8-9.el9?arch=x86_64&upstream=bash-5.1.8-9.el9.src.rpm&distro=rhel-9.5&package-id=a6062d7253817d9d", + "cpe": "cpe:2.3:a:redhat:bash:5.1.8-9.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "GPLv3+" + } + } + ], + "name": "bash", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bash:bash:5.1.8-9.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "9.el9" + }, + { + "name": "syft:metadata:size", + "value": "7738778" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "bash-5.1.8-9.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/bash@5.1.8-9.el9?arch=x86_64&upstream=bash-5.1.8-9.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "5.1.8-9.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/coreutils-single@8.32-36.el9?arch=x86_64&upstream=coreutils-8.32-36.el9.src.rpm&distro=rhel-9.5&package-id=bc07797a46d14a80", + "cpe": "cpe:2.3:a:coreutils-single:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "GPLv3+" + } + } + ], + "name": "coreutils-single", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils-single:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils_single:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils_single:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "36.el9" + }, + { + "name": "syft:metadata:size", + "value": "1403137" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "coreutils-8.32-36.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/coreutils-single@8.32-36.el9?arch=x86_64&upstream=coreutils-8.32-36.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "8.32-36.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/filesystem@3.16-5.el9?arch=x86_64&upstream=filesystem-3.16-5.el9.src.rpm&distro=rhel-9.5&package-id=5423c4a724c69dca", + "cpe": "cpe:2.3:a:filesystem:filesystem:3.16-5.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "Public Domain" + } + } + ], + "name": "filesystem", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:filesystem:3.16-5.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "5.el9" + }, + { + "name": "syft:metadata:size", + "value": "106" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "filesystem-3.16-5.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/filesystem@3.16-5.el9?arch=x86_64&upstream=filesystem-3.16-5.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "3.16-5.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/glibc@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5&package-id=ab6bbd6d165109d2", + "cpe": "cpe:2.3:a:redhat:glibc:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + } + } + ], + "name": "glibc", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "125.el9_5.1" + }, + { + "name": "syft:metadata:size", + "value": "6430227" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "glibc-2.34-125.el9_5.1.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/glibc@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2.34-125.el9_5.1" + }, + { + "bom-ref": "pkg:rpm/rhel/glibc-common@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5&package-id=5d2e03b4ae3e405b", + "cpe": "cpe:2.3:a:glibc-common:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + } + } + ], + "name": "glibc-common", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-common:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_common:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_common:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "125.el9_5.1" + }, + { + "name": "syft:metadata:size", + "value": "1083649" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "glibc-2.34-125.el9_5.1.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/glibc-common@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2.34-125.el9_5.1" + }, + { + "bom-ref": "pkg:rpm/rhel/glibc-minimal-langpack@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5&package-id=d35bdd9cfa0b8d62", + "cpe": "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + } + } + ], + "name": "glibc-minimal-langpack", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "125.el9_5.1" + }, + { + "name": "syft:metadata:size", + "value": "0" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "glibc-2.34-125.el9_5.1.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/glibc-minimal-langpack@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2.34-125.el9_5.1" + }, + { + "bom-ref": "pkg:rpm/rhel/gpg-pubkey@5a6340b3-6229229e?distro=rhel-9.5&package-id=6a4614b48b443e33", + "cpe": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "pubkey" + } + } + ], + "name": "gpg-pubkey", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg-pubkey:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg_pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg_pubkey:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "6229229e" + }, + { + "name": "syft:metadata:size", + "value": "0" + } + ], + "purl": "pkg:rpm/rhel/gpg-pubkey@5a6340b3-6229229e?distro=rhel-9.5", + "type": "library", + "version": "5a6340b3-6229229e" + }, + { + "bom-ref": "pkg:rpm/rhel/gpg-pubkey@fd431d51-4ae0493b?distro=rhel-9.5&package-id=0b9edfc7dd36b25d", + "cpe": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "pubkey" + } + } + ], + "name": "gpg-pubkey", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg-pubkey:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg_pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg_pubkey:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "4ae0493b" + }, + { + "name": "syft:metadata:size", + "value": "0" + } + ], + "purl": "pkg:rpm/rhel/gpg-pubkey@fd431d51-4ae0493b?distro=rhel-9.5", + "type": "library", + "version": "fd431d51-4ae0493b" + }, + { + "bom-ref": "pkg:rpm/rhel/libacl@2.3.1-4.el9?arch=x86_64&upstream=acl-2.3.1-4.el9.src.rpm&distro=rhel-9.5&package-id=6a12891a28711ed0", + "cpe": "cpe:2.3:a:libacl:libacl:2.3.1-4.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "name": "libacl", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libacl:2.3.1-4.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "4.el9" + }, + { + "name": "syft:metadata:size", + "value": "40554" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "acl-2.3.1-4.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/libacl@2.3.1-4.el9?arch=x86_64&upstream=acl-2.3.1-4.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2.3.1-4.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/libattr@2.5.1-3.el9?arch=x86_64&upstream=attr-2.5.1-3.el9.src.rpm&distro=rhel-9.5&package-id=246362466b6f01d4", + "cpe": "cpe:2.3:a:libattr:libattr:2.5.1-3.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "name": "libattr", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libattr:2.5.1-3.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "3.el9" + }, + { + "name": "syft:metadata:size", + "value": "29429" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "attr-2.5.1-3.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/libattr@2.5.1-3.el9?arch=x86_64&upstream=attr-2.5.1-3.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2.5.1-3.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/libcap@2.48-9.el9_2?arch=x86_64&upstream=libcap-2.48-9.el9_2.src.rpm&distro=rhel-9.5&package-id=e129417de8081c72", + "cpe": "cpe:2.3:a:libcap:libcap:2.48-9.el9_2:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "BSD or GPLv2" + } + } + ], + "name": "libcap", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libcap:2.48-9.el9_2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "9.el9_2" + }, + { + "name": "syft:metadata:size", + "value": "177471" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libcap-2.48-9.el9_2.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/libcap@2.48-9.el9_2?arch=x86_64&upstream=libcap-2.48-9.el9_2.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2.48-9.el9_2" + }, + { + "bom-ref": "pkg:rpm/rhel/libgcc@11.5.0-2.el9?arch=x86_64&upstream=gcc-11.5.0-2.el9.src.rpm&distro=rhel-9.5&package-id=492434936db2f877", + "cpe": "cpe:2.3:a:libgcc:libgcc:11.5.0-2.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + } + } + ], + "name": "libgcc", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libgcc:11.5.0-2.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "2.el9" + }, + { + "name": "syft:metadata:size", + "value": "198756" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "gcc-11.5.0-2.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/libgcc@11.5.0-2.el9?arch=x86_64&upstream=gcc-11.5.0-2.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "11.5.0-2.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/libselinux@3.6-1.el9?arch=x86_64&upstream=libselinux-3.6-1.el9.src.rpm&distro=rhel-9.5&package-id=79db8c526f87ba3b", + "cpe": "cpe:2.3:a:libselinux:libselinux:3.6-1.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "Public Domain" + } + } + ], + "name": "libselinux", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libselinux:3.6-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "1.el9" + }, + { + "name": "syft:metadata:size", + "value": "176853" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libselinux-3.6-1.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/libselinux@3.6-1.el9?arch=x86_64&upstream=libselinux-3.6-1.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "3.6-1.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/libsepol@3.6-1.el9?arch=x86_64&upstream=libsepol-3.6-1.el9.src.rpm&distro=rhel-9.5&package-id=9891839d8f699944", + "cpe": "cpe:2.3:a:libsepol:libsepol:3.6-1.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "name": "libsepol", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libsepol:3.6-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "1.el9" + }, + { + "name": "syft:metadata:size", + "value": "829251" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libsepol-3.6-1.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/libsepol@3.6-1.el9?arch=x86_64&upstream=libsepol-3.6-1.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "3.6-1.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/ncurses-base@6.2-10.20210508.el9?arch=noarch&upstream=ncurses-6.2-10.20210508.el9.src.rpm&distro=rhel-9.5&package-id=a0d19211c8c4589b", + "cpe": "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "name": "ncurses-base", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "10.20210508.el9" + }, + { + "name": "syft:metadata:size", + "value": "307293" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "ncurses-6.2-10.20210508.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/ncurses-base@6.2-10.20210508.el9?arch=noarch&upstream=ncurses-6.2-10.20210508.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "6.2-10.20210508.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&upstream=ncurses-6.2-10.20210508.el9.src.rpm&distro=rhel-9.5&package-id=31b40b2b21390159", + "cpe": "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "name": "ncurses-libs", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "10.20210508.el9" + }, + { + "name": "syft:metadata:size", + "value": "994375" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "ncurses-6.2-10.20210508.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&upstream=ncurses-6.2-10.20210508.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "6.2-10.20210508.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/pcre2@10.40-6.el9?arch=x86_64&upstream=pcre2-10.40-6.el9.src.rpm&distro=rhel-9.5&package-id=1a97d50a68b062d7", + "cpe": "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "BSD" + } + } + ], + "name": "pcre2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "6.el9" + }, + { + "name": "syft:metadata:size", + "value": "652298" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "pcre2-10.40-6.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/pcre2@10.40-6.el9?arch=x86_64&upstream=pcre2-10.40-6.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "10.40-6.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/pcre2-syntax@10.40-6.el9?arch=noarch&upstream=pcre2-10.40-6.el9.src.rpm&distro=rhel-9.5&package-id=8f3dd37865073b05", + "cpe": "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "BSD" + } + } + ], + "name": "pcre2-syntax", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "6.el9" + }, + { + "name": "syft:metadata:size", + "value": "234324" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "pcre2-10.40-6.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/pcre2-syntax@10.40-6.el9?arch=noarch&upstream=pcre2-10.40-6.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "10.40-6.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/redhat-release@9.5-0.6.el9?arch=x86_64&upstream=redhat-release-9.5-0.6.el9.src.rpm&distro=rhel-9.5&package-id=bbf1d165194eceb0", + "cpe": "cpe:2.3:a:redhat-release:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "GPLv2" + } + } + ], + "name": "redhat-release", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat-release:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat_release:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat_release:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "0.6.el9" + }, + { + "name": "syft:metadata:size", + "value": "58817" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "redhat-release-9.5-0.6.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/redhat-release@9.5-0.6.el9?arch=x86_64&upstream=redhat-release-9.5-0.6.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "9.5-0.6.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/setup@2.13.7-10.el9?arch=noarch&upstream=setup-2.13.7-10.el9.src.rpm&distro=rhel-9.5&package-id=befa3e6a19701472", + "cpe": "cpe:2.3:a:redhat:setup:2.13.7-10.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "Public Domain" + } + } + ], + "name": "setup", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:setup:setup:2.13.7-10.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "10.el9" + }, + { + "name": "syft:metadata:size", + "value": "725932" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "setup-2.13.7-10.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/setup@2.13.7-10.el9?arch=noarch&upstream=setup-2.13.7-10.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2.13.7-10.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/tzdata@2024b-2.el9?arch=noarch&upstream=tzdata-2024b-2.el9.src.rpm&distro=rhel-9.5&package-id=f21803b5b9d9adef", + "cpe": "cpe:2.3:a:redhat:tzdata:2024b-2.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "Public Domain" + } + } + ], + "name": "tzdata", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:tzdata:tzdata:2024b-2.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "2.el9" + }, + { + "name": "syft:metadata:size", + "value": "1654640" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "tzdata-2024b-2.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/tzdata@2024b-2.el9?arch=noarch&upstream=tzdata-2024b-2.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2024b-2.el9" + }, + { + "bom-ref": "os:rhel@9.5", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", + "description": "Red Hat Enterprise Linux 9.5 (Plow)", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://issues.redhat.com/" + }, + { + "type": "website", + "url": "https://www.redhat.com/" + } + ], + "name": "rhel", + "properties": [ + { + "name": "syft:distro:id", + "value": "rhel" + }, + { + "name": "syft:distro:idLike:0", + "value": "fedora" + }, + { + "name": "syft:distro:prettyName", + "value": "Red Hat Enterprise Linux 9.5 (Plow)" + }, + { + "name": "syft:distro:versionID", + "value": "9.5" + } + ], + "swid": { + "name": "rhel", + "tagId": "rhel", + "version": "9.5" + }, + "type": "operating-system", + "version": "9.5" + }, + { + "name": "bufio", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/bufio?type=package", + "type": "library" + }, + { + "name": "bytes", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/bytes?type=package", + "type": "library" + }, + { + "name": "compress/flate", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/compress/flate?type=package", + "type": "library" + }, + { + "name": "compress/gzip", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/compress/gzip?type=package", + "type": "library" + }, + { + "name": "container/list", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/container/list?type=package", + "type": "library" + }, + { + "name": "context", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/context?type=package", + "type": "library" + }, + { + "name": "crypto/aes", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/aes?type=package", + "type": "library" + }, + { + "name": "crypto/cipher", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/cipher?type=package", + "type": "library" + }, + { + "name": "crypto/des", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/des?type=package", + "type": "library" + }, + { + "name": "crypto/dsa", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/dsa?type=package", + "type": "library" + }, + { + "name": "crypto/ecdh", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/ecdh?type=package", + "type": "library" + }, + { + "name": "crypto/ecdsa", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/ecdsa?type=package", + "type": "library" + }, + { + "name": "crypto/ed25519", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/ed25519?type=package", + "type": "library" + }, + { + "name": "crypto/elliptic", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/elliptic?type=package", + "type": "library" + }, + { + "name": "crypto/hmac", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/hmac?type=package", + "type": "library" + }, + { + "name": "crypto/internal/alias", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/internal/alias?type=package", + "type": "library" + }, + { + "name": "crypto/internal/bigmod", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/internal/bigmod?type=package", + "type": "library" + }, + { + "name": "crypto/internal/boring/bbig", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/internal/boring/bbig?type=package", + "type": "library" + }, + { + "name": "crypto/internal/boring/sig", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/internal/boring/sig?type=package", + "type": "library" + }, + { + "name": "crypto/internal/boring", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/internal/boring?type=package", + "type": "library" + }, + { + "name": "crypto/internal/edwards25519/field", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/internal/edwards25519/field?type=package", + "type": "library" + }, + { + "name": "crypto/internal/edwards25519", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/internal/edwards25519?type=package", + "type": "library" + }, + { + "name": "crypto/internal/nistec/fiat", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/internal/nistec/fiat?type=package", + "type": "library" + }, + { + "name": "crypto/internal/nistec", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/internal/nistec?type=package", + "type": "library" + }, + { + "name": "crypto/internal/randutil", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/internal/randutil?type=package", + "type": "library" + }, + { + "name": "crypto/md5", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/md5?type=package", + "type": "library" + }, + { + "name": "crypto/rand", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/rand?type=package", + "type": "library" + }, + { + "name": "crypto/rc4", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/rc4?type=package", + "type": "library" + }, + { + "name": "crypto/rsa", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/rsa?type=package", + "type": "library" + }, + { + "name": "crypto/sha1", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/sha1?type=package", + "type": "library" + }, + { + "name": "crypto/sha256", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/sha256?type=package", + "type": "library" + }, + { + "name": "crypto/sha512", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/sha512?type=package", + "type": "library" + }, + { + "name": "crypto/subtle", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/subtle?type=package", + "type": "library" + }, + { + "name": "crypto/tls", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/tls?type=package", + "type": "library" + }, + { + "name": "crypto/x509/pkix", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/x509/pkix?type=package", + "type": "library" + }, + { + "name": "crypto/x509", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto/x509?type=package", + "type": "library" + }, + { + "name": "crypto", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/crypto?type=package", + "type": "library" + }, + { + "name": "embed", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/embed?type=package", + "type": "library" + }, + { + "name": "encoding/asn1", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/encoding/asn1?type=package", + "type": "library" + }, + { + "name": "encoding/base64", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/encoding/base64?type=package", + "type": "library" + }, + { + "name": "encoding/binary", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/encoding/binary?type=package", + "type": "library" + }, + { + "name": "encoding/hex", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/encoding/hex?type=package", + "type": "library" + }, + { + "name": "encoding/json", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/encoding/json?type=package", + "type": "library" + }, + { + "name": "encoding/pem", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/encoding/pem?type=package", + "type": "library" + }, + { + "name": "encoding/xml", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/encoding/xml?type=package", + "type": "library" + }, + { + "name": "encoding", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/encoding?type=package", + "type": "library" + }, + { + "name": "errors", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/errors?type=package", + "type": "library" + }, + { + "name": "fmt", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/fmt?type=package", + "type": "library" + }, + { + "name": "github.com/Azure/go-ansiterm", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/Azure/go-ansiterm@v0.0.0-20210617225240-d185dfc1b5a1?type=module", + "type": "library", + "version": "v0.0.0-20210617225240-d185dfc1b5a1" + }, + { + "name": "github.com/Masterminds/semver", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/Masterminds/semver@v1.4.2?type=module", + "type": "library", + "version": "v1.4.2" + }, + { + "name": "github.com/Masterminds/semver", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/Masterminds/semver@v1.4.2?type=package", + "type": "library", + "version": "v1.4.2" + }, + { + "name": "github.com/Microsoft/go-winio", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/Microsoft/go-winio@v0.6.0?type=module", + "type": "library", + "version": "v0.6.0" + }, + { + "name": "github.com/cachito-testing/gomod-pandemonium/terminaltor", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/gomod-pandemonium/terminaltor@v1.0.0?type=module", + "type": "library", + "version": "v1.0.0" + }, + { + "name": "github.com/cachito-testing/gomod-pandemonium/terminaltor", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/gomod-pandemonium/terminaltor@v1.0.0?type=package", + "type": "library", + "version": "v1.0.0" + }, + { + "name": "github.com/cachito-testing/gomod-pandemonium/weird", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/gomod-pandemonium/weird@v0.0.0-20230417073518-0c6890c3280a?type=module", + "type": "library", + "version": "v0.0.0-20230417073518-0c6890c3280a" + }, + { + "name": "github.com/cachito-testing/gomod-pandemonium/weird", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/gomod-pandemonium/weird@v0.0.0-20230417073518-0c6890c3280a?type=package", + "type": "library", + "version": "v0.0.0-20230417073518-0c6890c3280a" + }, + { + "name": "github.com/cachito-testing/gomod-pandemonium/where-was-i-built", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/gomod-pandemonium/where-was-i-built@v0.1.0?type=package", + "type": "library", + "version": "v0.1.0" + }, + { + "name": "github.com/cachito-testing/gomod-pandemonium", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/gomod-pandemonium@v0.1.0?type=module", + "type": "library", + "version": "v0.1.0" + }, + { + "name": "github.com/cachito-testing/gomod-pandemonium", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/gomod-pandemonium@v0.1.0?type=package", + "type": "library", + "version": "v0.1.0" + }, + { + "name": "github.com/cachito-testing/retrodep/v2/retrodep/glide", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/retrodep/v2/retrodep/glide@v2.1.1?type=package", + "type": "library", + "version": "v2.1.1" + }, + { + "name": "github.com/cachito-testing/retrodep/v2/retrodep", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/retrodep/v2/retrodep@v2.1.1?type=package", + "type": "library", + "version": "v2.1.1" + }, + { + "name": "github.com/cachito-testing/retrodep/v2", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/retrodep/v2@v2.1.1?type=module", + "type": "library", + "version": "v2.1.1" + }, + { + "name": "github.com/go-logr/logr", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/go-logr/logr@v1.2.3?type=module", + "type": "library", + "version": "v1.2.3" + }, + { + "name": "github.com/go-task/slim-sprig", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/go-task/slim-sprig@v0.0.0-20230315185526-52ccab3ef572?type=module", + "type": "library", + "version": "v0.0.0-20230315185526-52ccab3ef572" + }, + { + "name": "github.com/google/go-cmp", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/google/go-cmp@v0.5.9?type=module", + "type": "library", + "version": "v0.5.9" + }, + { + "name": "github.com/google/pprof", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/google/pprof@v0.0.0-20210407192527-94a9f03dee38?type=module", + "type": "library", + "version": "v0.0.0-20210407192527-94a9f03dee38" + }, + { + "name": "github.com/moby/term", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/moby/term@v0.0.0-20221205130635-1aeaba878587?type=module", + "type": "library", + "version": "v0.0.0-20221205130635-1aeaba878587" + }, + { + "name": "github.com/moby/term", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/moby/term@v0.0.0-20221205130635-1aeaba878587?type=package", + "type": "library", + "version": "v0.0.0-20221205130635-1aeaba878587" + }, + { + "name": "github.com/onsi/ginkgo/v2", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/onsi/ginkgo/v2@v2.9.2?type=module", + "type": "library", + "version": "v2.9.2" + }, + { + "name": "github.com/onsi/gomega", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/onsi/gomega@v1.27.4?type=module", + "type": "library", + "version": "v1.27.4" + }, + { + "name": "github.com/op/go-logging", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/op/go-logging@v0.0.0-20160315200505-970db520ece7?type=module", + "type": "library", + "version": "v0.0.0-20160315200505-970db520ece7" + }, + { + "name": "github.com/op/go-logging", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/op/go-logging@v0.0.0-20160315200505-970db520ece7?type=package", + "type": "library", + "version": "v0.0.0-20160315200505-970db520ece7" + }, + { + "name": "github.com/pkg/errors", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/pkg/errors@v0.8.1?type=module", + "type": "library", + "version": "v0.8.1" + }, + { + "name": "github.com/pkg/errors", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/github.com/pkg/errors@v0.8.1?type=package", + "type": "library", + "version": "v0.8.1" + }, + { + "name": "go/ast", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/go/ast?type=package", + "type": "library" + }, + { + "name": "go/build/constraint", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/go/build/constraint?type=package", + "type": "library" + }, + { + "name": "go/build", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/go/build?type=package", + "type": "library" + }, + { + "name": "go/doc/comment", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/go/doc/comment?type=package", + "type": "library" + }, + { + "name": "go/doc", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/go/doc?type=package", + "type": "library" + }, + { + "name": "go/internal/typeparams", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/go/internal/typeparams?type=package", + "type": "library" + }, + { + "name": "go/parser", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/go/parser?type=package", + "type": "library" + }, + { + "name": "go/scanner", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/go/scanner?type=package", + "type": "library" + }, + { + "name": "go/token", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/go/token?type=package", + "type": "library" + }, + { + "name": "golang.org/x/mod", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/golang.org/x/mod@v0.9.0?type=module", + "type": "library", + "version": "v0.9.0" + }, + { + "name": "golang.org/x/net", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/golang.org/x/net@v0.8.0?type=module", + "type": "library", + "version": "v0.8.0" + }, + { + "name": "golang.org/x/sys/execabs", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/golang.org/x/sys/execabs@v0.6.0?type=package", + "type": "library", + "version": "v0.6.0" + }, + { + "name": "golang.org/x/sys/unix", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/golang.org/x/sys/unix@v0.6.0?type=package", + "type": "library", + "version": "v0.6.0" + }, + { + "name": "golang.org/x/sys", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/golang.org/x/sys@v0.6.0?type=module", + "type": "library", + "version": "v0.6.0" + }, + { + "name": "golang.org/x/text", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/golang.org/x/text@v0.8.0?type=module", + "type": "library", + "version": "v0.8.0" + }, + { + "name": "golang.org/x/tools/go/vcs", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/golang.org/x/tools/go/vcs@v0.7.0?type=package", + "type": "library", + "version": "v0.7.0" + }, + { + "name": "golang.org/x/tools", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/golang.org/x/tools@v0.7.0?type=module", + "type": "library", + "version": "v0.7.0" + }, + { + "name": "gopkg.in/yaml.v2", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/gopkg.in/yaml.v2@v2.2.2?type=module", + "type": "library", + "version": "v2.2.2" + }, + { + "name": "gopkg.in/yaml.v2", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/gopkg.in/yaml.v2@v2.2.2?type=package", + "type": "library", + "version": "v2.2.2" + }, + { + "name": "gopkg.in/yaml.v3", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/gopkg.in/yaml.v3@v3.0.1?type=module", + "type": "library", + "version": "v3.0.1" + }, + { + "name": "hash/crc32", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/hash/crc32?type=package", + "type": "library" + }, + { + "name": "hash", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/hash?type=package", + "type": "library" + }, + { + "name": "internal/abi", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/abi?type=package", + "type": "library" + }, + { + "name": "internal/buildcfg", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/buildcfg?type=package", + "type": "library" + }, + { + "name": "internal/bytealg", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/bytealg?type=package", + "type": "library" + }, + { + "name": "internal/coverage/rtcov", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/coverage/rtcov?type=package", + "type": "library" + }, + { + "name": "internal/cpu", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/cpu?type=package", + "type": "library" + }, + { + "name": "internal/fmtsort", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/fmtsort?type=package", + "type": "library" + }, + { + "name": "internal/goarch", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/goarch?type=package", + "type": "library" + }, + { + "name": "internal/godebug", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/godebug?type=package", + "type": "library" + }, + { + "name": "internal/goexperiment", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/goexperiment?type=package", + "type": "library" + }, + { + "name": "internal/goos", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/goos?type=package", + "type": "library" + }, + { + "name": "internal/goroot", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/goroot?type=package", + "type": "library" + }, + { + "name": "internal/goversion", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/goversion?type=package", + "type": "library" + }, + { + "name": "internal/intern", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/intern?type=package", + "type": "library" + }, + { + "name": "internal/itoa", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/itoa?type=package", + "type": "library" + }, + { + "name": "internal/lazyregexp", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/lazyregexp?type=package", + "type": "library" + }, + { + "name": "internal/nettrace", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/nettrace?type=package", + "type": "library" + }, + { + "name": "internal/oserror", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/oserror?type=package", + "type": "library" + }, + { + "name": "internal/poll", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/poll?type=package", + "type": "library" + }, + { + "name": "internal/race", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/race?type=package", + "type": "library" + }, + { + "name": "internal/reflectlite", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/reflectlite?type=package", + "type": "library" + }, + { + "name": "internal/safefilepath", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/safefilepath?type=package", + "type": "library" + }, + { + "name": "internal/singleflight", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/singleflight?type=package", + "type": "library" + }, + { + "name": "internal/syscall/execenv", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/syscall/execenv?type=package", + "type": "library" + }, + { + "name": "internal/syscall/unix", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/syscall/unix?type=package", + "type": "library" + }, + { + "name": "internal/testlog", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/testlog?type=package", + "type": "library" + }, + { + "name": "internal/unsafeheader", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/internal/unsafeheader?type=package", + "type": "library" + }, + { + "name": "io/fs", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/io/fs?type=package", + "type": "library" + }, + { + "name": "io/ioutil", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/io/ioutil?type=package", + "type": "library" + }, + { + "name": "io", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/io?type=package", + "type": "library" + }, + { + "name": "log/syslog", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/log/syslog?type=package", + "type": "library" + }, + { + "name": "log", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/log?type=package", + "type": "library" + }, + { + "name": "math/big", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/math/big?type=package", + "type": "library" + }, + { + "name": "math/bits", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/math/bits?type=package", + "type": "library" + }, + { + "name": "math/rand", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/math/rand?type=package", + "type": "library" + }, + { + "name": "math", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/math?type=package", + "type": "library" + }, + { + "name": "mime/multipart", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/mime/multipart?type=package", + "type": "library" + }, + { + "name": "mime/quotedprintable", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/mime/quotedprintable?type=package", + "type": "library" + }, + { + "name": "mime", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/mime?type=package", + "type": "library" + }, + { + "name": "net/http/httptrace", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/net/http/httptrace?type=package", + "type": "library" + }, + { + "name": "net/http/internal/ascii", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/net/http/internal/ascii?type=package", + "type": "library" + }, + { + "name": "net/http/internal", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/net/http/internal?type=package", + "type": "library" + }, + { + "name": "net/http", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/net/http?type=package", + "type": "library" + }, + { + "name": "net/netip", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/net/netip?type=package", + "type": "library" + }, + { + "name": "net/textproto", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/net/textproto?type=package", + "type": "library" + }, + { + "name": "net/url", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/net/url?type=package", + "type": "library" + }, + { + "name": "net", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/net?type=package", + "type": "library" + }, + { + "name": "os/exec", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/os/exec?type=package", + "type": "library" + }, + { + "name": "os", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/os?type=package", + "type": "library" + }, + { + "name": "path/filepath", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/path/filepath?type=package", + "type": "library" + }, + { + "name": "path", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/path?type=package", + "type": "library" + }, + { + "name": "reflect", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/reflect?type=package", + "type": "library" + }, + { + "name": "regexp/syntax", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/regexp/syntax?type=package", + "type": "library" + }, + { + "name": "regexp", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/regexp?type=package", + "type": "library" + }, + { + "name": "runtime/cgo", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/runtime/cgo?type=package", + "type": "library" + }, + { + "name": "runtime/internal/atomic", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/runtime/internal/atomic?type=package", + "type": "library" + }, + { + "name": "runtime/internal/math", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/runtime/internal/math?type=package", + "type": "library" + }, + { + "name": "runtime/internal/sys", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/runtime/internal/sys?type=package", + "type": "library" + }, + { + "name": "runtime/internal/syscall", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/runtime/internal/syscall?type=package", + "type": "library" + }, + { + "name": "runtime", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/runtime?type=package", + "type": "library" + }, + { + "name": "sort", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/sort?type=package", + "type": "library" + }, + { + "name": "strconv", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/strconv?type=package", + "type": "library" + }, + { + "name": "strings", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/strings?type=package", + "type": "library" + }, + { + "name": "sync/atomic", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/sync/atomic?type=package", + "type": "library" + }, + { + "name": "sync", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/sync?type=package", + "type": "library" + }, + { + "name": "syscall", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/syscall?type=package", + "type": "library" + }, + { + "name": "time", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/time?type=package", + "type": "library" + }, + { + "name": "unicode/utf16", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/unicode/utf16?type=package", + "type": "library" + }, + { + "name": "unicode/utf8", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/unicode/utf8?type=package", + "type": "library" + }, + { + "name": "unicode", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/unicode?type=package", + "type": "library" + }, + { + "name": "unsafe", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/unsafe?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/crypto/chacha20", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/crypto/chacha20?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/crypto/chacha20poly1305", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/crypto/chacha20poly1305?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/crypto/cryptobyte/asn1", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/crypto/cryptobyte/asn1?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/crypto/cryptobyte", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/crypto/cryptobyte?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/crypto/hkdf", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/crypto/hkdf?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/crypto/internal/alias", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/crypto/internal/alias?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/crypto/internal/poly1305", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/crypto/internal/poly1305?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/net/dns/dnsmessage", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/net/dns/dnsmessage?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/net/http/httpguts", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/net/http/httpguts?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/net/http/httpproxy", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/net/http/httpproxy?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/net/http2/hpack", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/net/http2/hpack?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/net/idna", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/net/idna?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/sys/cpu", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/sys/cpu?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/text/secure/bidirule", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/text/secure/bidirule?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/text/transform", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/text/transform?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/text/unicode/bidi", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/text/unicode/bidi?type=package", + "type": "library" + }, + { + "name": "vendor/golang.org/x/text/unicode/norm", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:golang/vendor/golang.org/x/text/unicode/norm?type=package", + "type": "library" + }, + { + "name": "@types/prop-types", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/%40types/prop-types@15.7.5", + "type": "library", + "version": "15.7.5" + }, + { + "name": "@types/react-dom", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/%40types/react-dom@18.0.11", + "type": "library", + "version": "18.0.11" + }, + { + "name": "@types/react", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/%40types/react@18.0.35", + "type": "library", + "version": "18.0.35" + }, + { + "name": "@types/scheduler", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/%40types/scheduler@0.16.3", + "type": "library", + "version": "0.16.3" + }, + { + "name": "abbrev", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/abbrev@2.0.0", + "type": "library", + "version": "2.0.0" + }, + { + "name": "accepts", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/accepts@1.3.8", + "type": "library", + "version": "1.3.8" + }, + { + "name": "array-flatten", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/array-flatten@1.1.1", + "type": "library", + "version": "1.1.1" + }, + { + "name": "bar", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/bar@1.0.0?vcs_url=git%2Bhttps://github.com/cachito-testing/npm-cachi2-smoketest%40f1d31c2b051b218c84399b12461e0957d87bd0cd#bar", + "type": "library", + "version": "1.0.0" + }, + { + "name": "bitbucket-cachi2-npm-without-deps-second", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/bitbucket-cachi2-npm-without-deps-second@2.0.0?vcs_url=git%2Bssh://git%40bitbucket.org/cachi-testing/cachi2-without-deps-second.git%4009992d418fc44a2895b7a9ff27c4e32d6f74a982", + "type": "library", + "version": "2.0.0" + }, + { + "name": "bitbucket-cachi2-npm-without-deps", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/bitbucket-cachi2-npm-without-deps@1.0.0?vcs_url=git%2Bssh://git%40bitbucket.org/cachi-testing/cachi2-without-deps.git%409e164b97043a2d91bbeb992f6cc68a3d1015086a", + "type": "library", + "version": "1.0.0" + }, + { + "name": "body-parser", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/body-parser@1.20.1", + "type": "library", + "version": "1.20.1" + }, + { + "name": "bytes", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/bytes@3.1.2", + "type": "library", + "version": "3.1.2" + }, + { + "name": "cachito-npm-without-deps", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/cachito-npm-without-deps@1.0.0?checksum=sha512:43e71f90ad5f9eb349ab18a283f8954994def373962ddc61b866bdea4d48249e67913c6b84dca1e8c519e981ca1fcc62b438292104a88ee9ed72db76a41efede&download_url=https://github.com/cachito-testing/cachito-npm-without-deps/raw/tarball/cachito-npm-without-deps-1.0.0.tgz", + "type": "library", + "version": "1.0.0" + }, + { + "name": "call-bind", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/call-bind@1.0.2", + "type": "library", + "version": "1.0.2" + }, + { + "name": "classnames", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/classnames@2.3.2", + "type": "library", + "version": "2.3.2" + }, + { + "name": "colors", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/colors@1.4.0", + "type": "library", + "version": "1.4.0" + }, + { + "name": "content-disposition", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/content-disposition@0.5.4", + "type": "library", + "version": "0.5.4" + }, + { + "name": "content-type", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/content-type@1.0.5", + "type": "library", + "version": "1.0.5" + }, + { + "name": "cookie-signature", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/cookie-signature@1.0.6", + "type": "library", + "version": "1.0.6" + }, + { + "name": "cookie", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/cookie@0.5.0", + "type": "library", + "version": "0.5.0" + }, + { + "name": "csstype", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/csstype@3.1.2", + "type": "library", + "version": "3.1.2" + }, + { + "name": "dateformat", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/dateformat@5.0.3", + "type": "library", + "version": "5.0.3" + }, + { + "name": "debug", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/debug@2.6.9", + "type": "library", + "version": "2.6.9" + }, + { + "name": "depd", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/depd@2.0.0", + "type": "library", + "version": "2.0.0" + }, + { + "name": "destroy", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/destroy@1.2.0", + "type": "library", + "version": "1.2.0" + }, + { + "name": "ee-first", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/ee-first@1.1.1", + "type": "library", + "version": "1.1.1" + }, + { + "name": "eggs", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/eggs@1.0.0?vcs_url=git%2Bhttps://github.com/cachito-testing/npm-cachi2-smoketest%40f1d31c2b051b218c84399b12461e0957d87bd0cd#eggs-packages/eggs", + "type": "library", + "version": "1.0.0" + }, + { + "name": "encodeurl", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/encodeurl@1.0.2", + "type": "library", + "version": "1.0.2" + }, + { + "name": "escape-html", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/escape-html@1.0.3", + "type": "library", + "version": "1.0.3" + }, + { + "name": "etag", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/etag@1.8.1", + "type": "library", + "version": "1.8.1" + }, + { + "name": "express", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/express@4.18.2", + "type": "library", + "version": "4.18.2" + }, + { + "name": "fecha", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/fecha@4.2.3?vcs_url=git%2Bhttps://github.com/cachito-testing/npm-cachi2-smoketest%40f1d31c2b051b218c84399b12461e0957d87bd0cd#fecha-4.2.3.tgz", + "type": "library", + "version": "4.2.3" + }, + { + "name": "finalhandler", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/finalhandler@1.2.0", + "type": "library", + "version": "1.2.0" + }, + { + "name": "foo", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/foo@1.0.0?vcs_url=git%2Bhttps://github.com/cachito-testing/npm-cachi2-smoketest%40f1d31c2b051b218c84399b12461e0957d87bd0cd#foo", + "type": "library", + "version": "1.0.0" + }, + { + "name": "forwarded", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/forwarded@0.2.0", + "type": "library", + "version": "0.2.0" + }, + { + "name": "fresh", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/fresh@0.5.2", + "type": "library", + "version": "0.5.2" + }, + { + "name": "function-bind", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/function-bind@1.1.1", + "type": "library", + "version": "1.1.1" + }, + { + "name": "get-intrinsic", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/get-intrinsic@1.2.0", + "type": "library", + "version": "1.2.0" + }, + { + "name": "has-symbols", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/has-symbols@1.0.3", + "type": "library", + "version": "1.0.3" + }, + { + "name": "has", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/has@1.0.3", + "type": "library", + "version": "1.0.3" + }, + { + "name": "http-errors", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/http-errors@2.0.0", + "type": "library", + "version": "2.0.0" + }, + { + "name": "iconv-lite", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/iconv-lite@0.4.24", + "type": "library", + "version": "0.4.24" + }, + { + "name": "inherits", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/inherits@2.0.4", + "type": "library", + "version": "2.0.4" + }, + { + "name": "ipaddr.js", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/ipaddr.js@1.9.1", + "type": "library", + "version": "1.9.1" + }, + { + "name": "is-positive", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/is-positive@3.1.0?vcs_url=git%2Bssh://git%40github.com/kevva/is-positive.git%4097edff6f525f192a3f83cea1944765f769ae2678", + "type": "library", + "version": "3.1.0" + }, + { + "name": "media-typer", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/media-typer@0.3.0", + "type": "library", + "version": "0.3.0" + }, + { + "name": "merge-descriptors", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/merge-descriptors@1.0.1", + "type": "library", + "version": "1.0.1" + }, + { + "name": "methods", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/methods@1.1.2", + "type": "library", + "version": "1.1.2" + }, + { + "name": "mime-db", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/mime-db@1.52.0", + "type": "library", + "version": "1.52.0" + }, + { + "name": "mime-types", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/mime-types@2.1.35", + "type": "library", + "version": "2.1.35" + }, + { + "name": "mime", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/mime@1.6.0", + "type": "library", + "version": "1.6.0" + }, + { + "name": "ms", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/ms@2.0.0", + "type": "library", + "version": "2.0.0" + }, + { + "name": "ms", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/ms@2.1.3", + "type": "library", + "version": "2.1.3" + }, + { + "name": "negotiator", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/negotiator@0.6.3", + "type": "library", + "version": "0.6.3" + }, + { + "name": "not-baz", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/not-baz@1.0.0?vcs_url=git%2Bhttps://github.com/cachito-testing/npm-cachi2-smoketest%40f1d31c2b051b218c84399b12461e0957d87bd0cd#baz", + "type": "library", + "version": "1.0.0" + }, + { + "name": "npm_test", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/npm_test@1.1.0?vcs_url=git%2Bhttps://github.com/cachito-testing/npm-cachi2-smoketest%40f1d31c2b051b218c84399b12461e0957d87bd0cd", + "type": "library", + "version": "1.1.0" + }, + { + "name": "object-inspect", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/object-inspect@1.12.3", + "type": "library", + "version": "1.12.3" + }, + { + "name": "on-finished", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/on-finished@2.4.1", + "type": "library", + "version": "2.4.1" + }, + { + "name": "parseurl", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/parseurl@1.3.3", + "type": "library", + "version": "1.3.3" + }, + { + "name": "path-to-regexp", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/path-to-regexp@0.1.7", + "type": "library", + "version": "0.1.7" + }, + { + "name": "proxy-addr", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/proxy-addr@2.0.7", + "type": "library", + "version": "2.0.7" + }, + { + "name": "qs", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/qs@6.11.0", + "type": "library", + "version": "6.11.0" + }, + { + "name": "range-parser", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/range-parser@1.2.1", + "type": "library", + "version": "1.2.1" + }, + { + "name": "raw-body", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/raw-body@2.5.1", + "type": "library", + "version": "2.5.1" + }, + { + "name": "safe-buffer", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/safe-buffer@5.2.1", + "type": "library", + "version": "5.2.1" + }, + { + "name": "safer-buffer", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2", + "type": "library", + "version": "2.1.2" + }, + { + "name": "sax", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/sax@0.1.1", + "type": "library", + "version": "0.1.1" + }, + { + "name": "send", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/send@0.18.0", + "type": "library", + "version": "0.18.0" + }, + { + "name": "serve-static", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/serve-static@1.15.0", + "type": "library", + "version": "1.15.0" + }, + { + "name": "setprototypeof", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/setprototypeof@1.2.0", + "type": "library", + "version": "1.2.0" + }, + { + "name": "side-channel", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/side-channel@1.0.4", + "type": "library", + "version": "1.0.4" + }, + { + "name": "spam", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/spam@1.0.0?vcs_url=git%2Bhttps://github.com/cachito-testing/npm-cachi2-smoketest%40f1d31c2b051b218c84399b12461e0957d87bd0cd#spam-packages/spam", + "type": "library", + "version": "1.0.0" + }, + { + "name": "statuses", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/statuses@2.0.1", + "type": "library", + "version": "2.0.1" + }, + { + "name": "toidentifier", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/toidentifier@1.0.1", + "type": "library", + "version": "1.0.1" + }, + { + "name": "type-is", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/type-is@1.6.18", + "type": "library", + "version": "1.6.18" + }, + { + "name": "unpipe", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/unpipe@1.0.0", + "type": "library", + "version": "1.0.0" + }, + { + "name": "utils-merge", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/utils-merge@1.0.1", + "type": "library", + "version": "1.0.1" + }, + { + "name": "uuid", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/uuid@9.0.0", + "type": "library", + "version": "9.0.0" + }, + { + "name": "vary", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:npm/vary@1.1.2", + "type": "library", + "version": "1.1.2" + }, + { + "name": "certifi", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:pypi/certifi@2022.12.7", + "type": "library", + "version": "2022.12.7" + }, + { + "name": "charset-normalizer", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:pypi/charset-normalizer@3.0.1", + "type": "library", + "version": "3.0.1" + }, + { + "name": "dockerfile-parse", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:pypi/dockerfile-parse?checksum=sha256:36e4469abb0d96b0e3cd656284d5016e8a674cd57b8ebe5af64786fe63b8184d&download_url=https://github.com/containerbuildsystem/dockerfile-parse/archive/refs/tags/2.0.0.tar.gz", + "type": "library" + }, + { + "name": "flit-core", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:pypi/flit-core@3.8.0", + "type": "library", + "version": "3.8.0" + }, + { + "name": "idna", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:pypi/idna@3.4", + "type": "library", + "version": "3.4" + }, + { + "name": "requests", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:pypi/requests@2.28.2", + "type": "library", + "version": "2.28.2" + }, + { + "name": "setuptools", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:pypi/setuptools@67.1.0", + "type": "library", + "version": "67.1.0" + }, + { + "name": "test_package_cachi2", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:pypi/test-package-cachi2@1.0.0?vcs_url=git%2Bhttps://github.com/cachito-testing/pip-e2e-test%401ecda839ba9ca55070d75c86c26a1bb07d777bba", + "type": "library", + "version": "1.0.0" + }, + { + "name": "urllib3", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:pypi/urllib3@1.26.14", + "type": "library", + "version": "1.26.14" + }, + { + "name": "wheel", + "properties": [ + { + "name": "cachi2:found_by", + "value": "cachi2" + } + ], + "purl": "pkg:pypi/wheel@0.38.4", + "type": "library", + "version": "0.38.4" + } + ], + "metadata": { + "component": { + "bom-ref": "af63bd4c8601b7f1", + "name": ".", + "type": "file" + }, + "timestamp": "2024-12-18T11:08:00+01:00", + "tools": { + "components": [ + { + "author": "anchore", + "name": "syft", + "type": "application", + "version": "1.4.1" + }, + { + "name": "cachi2", + "author": "red hat", + "type": "application" + } + ] + } + }, + "serialNumber": "urn:uuid:1d823647-6b64-41b3-a29b-1d09cfb3ba8a", + "specVersion": "1.5", + "version": 1 +} diff --git a/sbom-utility-scripts/scripts/merge-sboms-script/test_data/cyclonedx/syft-sboms/gomod-pandemonium.bom.json b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/cyclonedx/syft-sboms/gomod-pandemonium.bom.json new file mode 100644 index 0000000..e6db5aa --- /dev/null +++ b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/cyclonedx/syft-sboms/gomod-pandemonium.bom.json @@ -0,0 +1,1058 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "bomFormat": "CycloneDX", + "components": [ + { + "bom-ref": "pkg:golang/./terminaltor?package-id=fb7b11a4b3fddcb6", + "name": "./terminaltor", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + } + ], + "purl": "pkg:golang/./terminaltor", + "type": "library" + }, + { + "bom-ref": "pkg:golang/./weird?package-id=ab3afc436e9979e6", + "name": "./weird", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + } + ], + "purl": "pkg:golang/./weird", + "type": "library" + }, + { + "bom-ref": "pkg:golang/github.com/azure/go-ansiterm@v0.0.0-20210617225240-d185dfc1b5a1?package-id=e56101171f13c2dd", + "cpe": "cpe:2.3:a:Azure:go-ansiterm:v0.0.0-20210617225240-d185dfc1b5a1:*:*:*:*:*:*:*", + "name": "github.com/Azure/go-ansiterm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:Azure:go_ansiterm:v0.0.0-20210617225240-d185dfc1b5a1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=" + } + ], + "purl": "pkg:golang/github.com/Azure/go-ansiterm@v0.0.0-20210617225240-d185dfc1b5a1", + "type": "library", + "version": "v0.0.0-20210617225240-d185dfc1b5a1" + }, + { + "bom-ref": "pkg:golang/github.com/azure/go-ansiterm@v0.0.0-20210617225240-d185dfc1b5a1?package-id=2a664fb25458fc56", + "cpe": "cpe:2.3:a:Azure:go-ansiterm:v0.0.0-20210617225240-d185dfc1b5a1:*:*:*:*:*:*:*", + "name": "github.com/Azure/go-ansiterm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:Azure:go_ansiterm:v0.0.0-20210617225240-d185dfc1b5a1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/terminaltor/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=" + } + ], + "purl": "pkg:golang/github.com/Azure/go-ansiterm@v0.0.0-20210617225240-d185dfc1b5a1", + "type": "library", + "version": "v0.0.0-20210617225240-d185dfc1b5a1" + }, + { + "bom-ref": "pkg:golang/github.com/masterminds/semver@v1.4.2?package-id=354d8d82b2da8793", + "cpe": "cpe:2.3:a:Masterminds:semver:v1.4.2:*:*:*:*:*:*:*", + "name": "github.com/Masterminds/semver", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:WBLTQ37jOCzSLtXNdoo8bNM8876KhNqOKvrlGITgsTc=" + } + ], + "purl": "pkg:golang/github.com/Masterminds/semver@v1.4.2", + "type": "library", + "version": "v1.4.2" + }, + { + "bom-ref": "pkg:golang/github.com/microsoft/go-winio@v0.6.0?package-id=c2a50d97cb0e4bfc", + "cpe": "cpe:2.3:a:Microsoft:go-winio:v0.6.0:*:*:*:*:*:*:*", + "name": "github.com/Microsoft/go-winio", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:Microsoft:go_winio:v0.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=" + } + ], + "purl": "pkg:golang/github.com/Microsoft/go-winio@v0.6.0", + "type": "library", + "version": "v0.6.0" + }, + { + "bom-ref": "pkg:golang/github.com/cachito-testing/gomod-pandemonium@v0.0.0?package-id=146c86ecdbb0cfe7#terminaltor", + "cpe": "cpe:2.3:a:cachito-testing:gomod-pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*", + "name": "github.com/cachito-testing/gomod-pandemonium/terminaltor", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-testing:gomod_pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_testing:gomod-pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_testing:gomod_pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito:gomod-pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito:gomod_pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/gomod-pandemonium@v0.0.0#terminaltor", + "type": "library", + "version": "v0.0.0" + }, + { + "bom-ref": "pkg:golang/github.com/cachito-testing/gomod-pandemonium@v0.0.0?package-id=fa2ffebd22241e0d#weird", + "cpe": "cpe:2.3:a:cachito-testing:gomod-pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*", + "name": "github.com/cachito-testing/gomod-pandemonium/weird", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-testing:gomod_pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_testing:gomod-pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_testing:gomod_pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito:gomod-pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito:gomod_pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/gomod-pandemonium@v0.0.0#weird", + "type": "library", + "version": "v0.0.0" + }, + { + "bom-ref": "pkg:golang/github.com/cachito-testing/retrodep@v2.1.1?package-id=6db993d8ef0e368a#v2", + "cpe": "cpe:2.3:a:cachito-testing:retrodep\\/v2:v2.1.1:*:*:*:*:*:*:*", + "name": "github.com/cachito-testing/retrodep/v2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_testing:retrodep\\/v2:v2.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito:retrodep\\/v2:v2.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:inziEuX1Zo/BJv1pgZ2tRPltfQVJaVpRmIlsomaKMb0=" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/retrodep@v2.1.1#v2", + "type": "library", + "version": "v2.1.1" + }, + { + "bom-ref": "pkg:golang/github.com/go-logr/logr@v1.2.3?package-id=b07c55dbe14eb54f", + "cpe": "cpe:2.3:a:go-logr:logr:v1.2.3:*:*:*:*:*:*:*", + "name": "github.com/go-logr/logr", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go_logr:logr:v1.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go:logr:v1.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=" + } + ], + "purl": "pkg:golang/github.com/go-logr/logr@v1.2.3", + "type": "library", + "version": "v1.2.3" + }, + { + "bom-ref": "pkg:golang/github.com/go-task/slim-sprig@v0.0.0-20230315185526-52ccab3ef572?package-id=09ce847851ef4807", + "cpe": "cpe:2.3:a:go-task:slim-sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*", + "name": "github.com/go-task/slim-sprig", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go-task:slim_sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go_task:slim-sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go_task:slim_sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go:slim-sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go:slim_sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=" + } + ], + "purl": "pkg:golang/github.com/go-task/slim-sprig@v0.0.0-20230315185526-52ccab3ef572", + "type": "library", + "version": "v0.0.0-20230315185526-52ccab3ef572" + }, + { + "bom-ref": "pkg:golang/github.com/google/go-cmp@v0.5.9?package-id=c2740da0f3c011dc", + "cpe": "cpe:2.3:a:google:go-cmp:v0.5.9:*:*:*:*:*:*:*", + "name": "github.com/google/go-cmp", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:google:go_cmp:v0.5.9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=" + } + ], + "purl": "pkg:golang/github.com/google/go-cmp@v0.5.9", + "type": "library", + "version": "v0.5.9" + }, + { + "bom-ref": "pkg:golang/github.com/google/pprof@v0.0.0-20210407192527-94a9f03dee38?package-id=768bdea76795da5e", + "cpe": "cpe:2.3:a:google:pprof:v0.0.0-20210407192527-94a9f03dee38:*:*:*:*:*:*:*", + "name": "github.com/google/pprof", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:yAJXTCF9TqKcTiHJAE8dj7HMvPfh66eeA2JYW7eFpSE=" + } + ], + "purl": "pkg:golang/github.com/google/pprof@v0.0.0-20210407192527-94a9f03dee38", + "type": "library", + "version": "v0.0.0-20210407192527-94a9f03dee38" + }, + { + "bom-ref": "pkg:golang/github.com/moby/term@v0.0.0-20221205130635-1aeaba878587?package-id=16768dd257ca9ea1", + "cpe": "cpe:2.3:a:moby:term:v0.0.0-20221205130635-1aeaba878587:*:*:*:*:*:*:*", + "name": "github.com/moby/term", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA=" + } + ], + "purl": "pkg:golang/github.com/moby/term@v0.0.0-20221205130635-1aeaba878587", + "type": "library", + "version": "v0.0.0-20221205130635-1aeaba878587" + }, + { + "bom-ref": "pkg:golang/github.com/moby/term@v0.0.0-20221205130635-1aeaba878587?package-id=555434403d475809", + "cpe": "cpe:2.3:a:moby:term:v0.0.0-20221205130635-1aeaba878587:*:*:*:*:*:*:*", + "name": "github.com/moby/term", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/terminaltor/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA=" + } + ], + "purl": "pkg:golang/github.com/moby/term@v0.0.0-20221205130635-1aeaba878587", + "type": "library", + "version": "v0.0.0-20221205130635-1aeaba878587" + }, + { + "bom-ref": "pkg:golang/github.com/onsi/ginkgo@v2.9.2?package-id=dbe722f079d05fed#v2", + "cpe": "cpe:2.3:a:onsi:ginkgo\\/v2:v2.9.2:*:*:*:*:*:*:*", + "name": "github.com/onsi/ginkgo/v2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:BA2GMJOtfGAfagzYtrAlufIP0lq6QERkFmHLMLPwFSU=" + } + ], + "purl": "pkg:golang/github.com/onsi/ginkgo@v2.9.2#v2", + "type": "library", + "version": "v2.9.2" + }, + { + "bom-ref": "pkg:golang/github.com/onsi/gomega@v1.27.4?package-id=33a8824de4d78c9f", + "cpe": "cpe:2.3:a:onsi:gomega:v1.27.4:*:*:*:*:*:*:*", + "name": "github.com/onsi/gomega", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:Z2AnStgsdSayCMDiCU42qIz+HLqEPcgiOCXjAU/w+8E=" + } + ], + "purl": "pkg:golang/github.com/onsi/gomega@v1.27.4", + "type": "library", + "version": "v1.27.4" + }, + { + "bom-ref": "pkg:golang/github.com/op/go-logging@v0.0.0-20160315200505-970db520ece7?package-id=d053202ebaedc3aa", + "cpe": "cpe:2.3:a:op:go-logging:v0.0.0-20160315200505-970db520ece7:*:*:*:*:*:*:*", + "name": "github.com/op/go-logging", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:op:go_logging:v0.0.0-20160315200505-970db520ece7:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:lDH9UUVJtmYCjyT0CI4q8xvlXPxeZ0gYCVvWbmPlp88=" + } + ], + "purl": "pkg:golang/github.com/op/go-logging@v0.0.0-20160315200505-970db520ece7", + "type": "library", + "version": "v0.0.0-20160315200505-970db520ece7" + }, + { + "bom-ref": "pkg:golang/github.com/pkg/errors@v0.8.1?package-id=e9a30d103cc846e1", + "cpe": "cpe:2.3:a:pkg:errors:v0.8.1:*:*:*:*:*:*:*", + "name": "github.com/pkg/errors", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=" + } + ], + "purl": "pkg:golang/github.com/pkg/errors@v0.8.1", + "type": "library", + "version": "v0.8.1" + }, + { + "bom-ref": "pkg:golang/github.com/release-engineering/retrodep@v2.1.0?package-id=b1aab99da74371f7#v2", + "cpe": "cpe:2.3:a:release-engineering:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*", + "name": "github.com/release-engineering/retrodep/v2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:release_engineering:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:release:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + } + ], + "purl": "pkg:golang/github.com/release-engineering/retrodep@v2.1.0#v2", + "type": "library", + "version": "v2.1.0" + }, + { + "bom-ref": "pkg:golang/golang.org/x/mod@v0.9.0?package-id=23b7926420819455", + "cpe": "cpe:2.3:a:golang:x\\/mod:v0.9.0:*:*:*:*:*:*:*", + "name": "golang.org/x/mod", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:KENHtAZL2y3NLMYZeHY9DW8HW8V+kQyJsY/V9JlKvCs=" + } + ], + "purl": "pkg:golang/golang.org/x/mod@v0.9.0", + "type": "library", + "version": "v0.9.0" + }, + { + "bom-ref": "pkg:golang/golang.org/x/net@v0.8.0?package-id=22fa1122214f7ae2", + "cpe": "cpe:2.3:a:golang:networking:v0.8.0:*:*:*:*:go:*:*", + "name": "golang.org/x/net", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=" + } + ], + "purl": "pkg:golang/golang.org/x/net@v0.8.0", + "type": "library", + "version": "v0.8.0" + }, + { + "bom-ref": "pkg:golang/golang.org/x/sys@v0.6.0?package-id=bf14db941e01d41c", + "cpe": "cpe:2.3:a:golang:x\\/sys:v0.6.0:*:*:*:*:*:*:*", + "name": "golang.org/x/sys", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=" + } + ], + "purl": "pkg:golang/golang.org/x/sys@v0.6.0", + "type": "library", + "version": "v0.6.0" + }, + { + "bom-ref": "pkg:golang/golang.org/x/sys@v0.6.0?package-id=16865a35dc8ec832", + "cpe": "cpe:2.3:a:golang:x\\/sys:v0.6.0:*:*:*:*:*:*:*", + "name": "golang.org/x/sys", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/terminaltor/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=" + } + ], + "purl": "pkg:golang/golang.org/x/sys@v0.6.0", + "type": "library", + "version": "v0.6.0" + }, + { + "bom-ref": "pkg:golang/golang.org/x/text@v0.8.0?package-id=5f5f28df2a89cd2b", + "cpe": "cpe:2.3:a:golang:text:v0.8.0:*:*:*:*:*:*:*", + "name": "golang.org/x/text", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=" + } + ], + "purl": "pkg:golang/golang.org/x/text@v0.8.0", + "type": "library", + "version": "v0.8.0" + }, + { + "bom-ref": "pkg:golang/golang.org/x/tools@v0.7.0?package-id=f249a74f177d2a78", + "cpe": "cpe:2.3:a:golang:x\\/tools:v0.7.0:*:*:*:*:*:*:*", + "name": "golang.org/x/tools", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4=" + } + ], + "purl": "pkg:golang/golang.org/x/tools@v0.7.0", + "type": "library", + "version": "v0.7.0" + }, + { + "bom-ref": "pkg:golang/gopkg.in/yaml.v2@v2.2.2?package-id=c743bd971b07bf7f", + "name": "gopkg.in/yaml.v2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=" + } + ], + "purl": "pkg:golang/gopkg.in/yaml.v2@v2.2.2", + "type": "library", + "version": "v2.2.2" + }, + { + "bom-ref": "pkg:golang/gopkg.in/yaml.v3@v3.0.1?package-id=716c668b92999095", + "cpe": "cpe:2.3:a:yaml_project:yaml:v3.0.1:*:*:*:*:go:*:*", + "name": "gopkg.in/yaml.v3", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=" + } + ], + "purl": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", + "type": "library", + "version": "v3.0.1" + } + ], + "metadata": { + "component": { + "bom-ref": "af63bd4c8601b7f1", + "name": ".", + "type": "file" + }, + "timestamp": "2024-12-18T11:08:00+01:00", + "tools": { + "components": [ + { + "author": "anchore", + "name": "syft", + "type": "application", + "version": "1.4.1" + } + ] + } + }, + "serialNumber": "urn:uuid:1d823647-6b64-41b3-a29b-1d09cfb3ba8a", + "specVersion": "1.5", + "version": 1 +} diff --git a/sbom-utility-scripts/scripts/merge-sboms-script/test_data/cyclonedx/syft-sboms/npm-cachi2-smoketest.bom.json b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/cyclonedx/syft-sboms/npm-cachi2-smoketest.bom.json new file mode 100644 index 0000000..7f39d20 --- /dev/null +++ b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/cyclonedx/syft-sboms/npm-cachi2-smoketest.bom.json @@ -0,0 +1,3531 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "bomFormat": "CycloneDX", + "components": [ + { + "bom-ref": "pkg:npm/%40types/prop-types@15.7.5?package-id=38e27e44d41f52ce", + "cpe": "cpe:2.3:a:\\@types\\/prop-types:\\@types\\/prop-types:15.7.5:*:*:*:*:*:*:*", + "name": "@types/prop-types", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/prop-types:\\@types\\/prop_types:15.7.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/prop_types:\\@types\\/prop-types:15.7.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/prop_types:\\@types\\/prop_types:15.7.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/prop:\\@types\\/prop-types:15.7.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/prop:\\@types\\/prop_types:15.7.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/%40types/prop-types@15.7.5", + "type": "library", + "version": "15.7.5" + }, + { + "bom-ref": "pkg:npm/%40types/react@18.0.35?package-id=32822b9f11e1589a", + "cpe": "cpe:2.3:a:\\@types\\/react:\\@types\\/react:18.0.35:*:*:*:*:*:*:*", + "name": "@types/react", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/%40types/react@18.0.35", + "type": "library", + "version": "18.0.35" + }, + { + "bom-ref": "pkg:npm/%40types/react-dom@18.0.11?package-id=4c4ba8dfb825b32d", + "cpe": "cpe:2.3:a:\\@types\\/react-dom:\\@types\\/react-dom:18.0.11:*:*:*:*:*:*:*", + "name": "@types/react-dom", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/react-dom:\\@types\\/react_dom:18.0.11:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/react_dom:\\@types\\/react-dom:18.0.11:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/react_dom:\\@types\\/react_dom:18.0.11:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/react:\\@types\\/react-dom:18.0.11:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/react:\\@types\\/react_dom:18.0.11:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/%40types/react-dom@18.0.11", + "type": "library", + "version": "18.0.11" + }, + { + "bom-ref": "pkg:npm/%40types/scheduler@0.16.3?package-id=9d26bede47ebfeea", + "cpe": "cpe:2.3:a:\\@types\\/scheduler:\\@types\\/scheduler:0.16.3:*:*:*:*:*:*:*", + "name": "@types/scheduler", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/%40types/scheduler@0.16.3", + "type": "library", + "version": "0.16.3" + }, + { + "bom-ref": "pkg:npm/abbrev@2.0.0?package-id=3be56342a35f1f05", + "cpe": "cpe:2.3:a:abbrev:abbrev:2.0.0:*:*:*:*:*:*:*", + "name": "abbrev", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/abbrev@2.0.0", + "type": "library", + "version": "2.0.0" + }, + { + "bom-ref": "pkg:npm/accepts@1.3.8?package-id=931d209532cf2470", + "cpe": "cpe:2.3:a:accepts:accepts:1.3.8:*:*:*:*:*:*:*", + "name": "accepts", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/accepts@1.3.8", + "type": "library", + "version": "1.3.8" + }, + { + "bom-ref": "pkg:npm/array-flatten@1.1.1?package-id=03addc097d0a6218", + "cpe": "cpe:2.3:a:array-flatten:array-flatten:1.1.1:*:*:*:*:*:*:*", + "name": "array-flatten", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:array-flatten:array_flatten:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:array_flatten:array-flatten:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:array_flatten:array_flatten:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:array:array-flatten:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:array:array_flatten:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/array-flatten@1.1.1", + "type": "library", + "version": "1.1.1" + }, + { + "bom-ref": "pkg:npm/bar?package-id=66cc4304f82b84df", + "cpe": "cpe:2.3:a:bar:bar:*:*:*:*:*:*:*:*", + "name": "bar", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/bar", + "type": "library" + }, + { + "bom-ref": "pkg:npm/bar@1.0.0?package-id=9cc7c48b54214fa1", + "cpe": "cpe:2.3:a:bar:bar:1.0.0:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "name": "bar", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/bar@1.0.0", + "type": "library", + "version": "1.0.0" + }, + { + "bom-ref": "pkg:npm/bitbucket-cachi2-npm-without-deps@1.0.0?package-id=06b6ba58ac830af0", + "cpe": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "name": "bitbucket-cachi2-npm-without-deps", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/bitbucket-cachi2-npm-without-deps@1.0.0", + "type": "library", + "version": "1.0.0" + }, + { + "bom-ref": "pkg:npm/bitbucket-cachi2-npm-without-deps-second@2.0.0?package-id=2beab3450e977bf2", + "cpe": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps-second:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "name": "bitbucket-cachi2-npm-without-deps-second", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps-second:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps_second:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps_second:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/bitbucket-cachi2-npm-without-deps-second@2.0.0", + "type": "library", + "version": "2.0.0" + }, + { + "bom-ref": "pkg:npm/body-parser@1.20.1?package-id=2e6ddb0a13ebe1b5", + "cpe": "cpe:2.3:a:body-parser:body-parser:1.20.1:*:*:*:*:*:*:*", + "name": "body-parser", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:body-parser:body_parser:1.20.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:body_parser:body-parser:1.20.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:body_parser:body_parser:1.20.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:body:body-parser:1.20.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:body:body_parser:1.20.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/body-parser@1.20.1", + "type": "library", + "version": "1.20.1" + }, + { + "bom-ref": "pkg:npm/bytes@3.1.2?package-id=11b7c62df6dc5b1d", + "cpe": "cpe:2.3:a:bytes:bytes:3.1.2:*:*:*:*:*:*:*", + "name": "bytes", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/bytes@3.1.2", + "type": "library", + "version": "3.1.2" + }, + { + "bom-ref": "pkg:npm/cachito-npm-without-deps@1.0.0?package-id=2cab59eb6e472a37", + "cpe": "cpe:2.3:a:cachito-npm-without-deps:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "name": "cachito-npm-without-deps", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-npm-without-deps:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_npm_without_deps:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_npm_without_deps:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-npm-without:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-npm-without:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_npm_without:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_npm_without:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-npm:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-npm:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_npm:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_npm:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/cachito-npm-without-deps@1.0.0", + "type": "library", + "version": "1.0.0" + }, + { + "bom-ref": "pkg:npm/call-bind@1.0.2?package-id=35adfcd784173f59", + "cpe": "cpe:2.3:a:call-bind:call-bind:1.0.2:*:*:*:*:*:*:*", + "name": "call-bind", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:call-bind:call_bind:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:call_bind:call-bind:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:call_bind:call_bind:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:call:call-bind:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:call:call_bind:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/call-bind@1.0.2", + "type": "library", + "version": "1.0.2" + }, + { + "bom-ref": "pkg:npm/classnames@2.3.2?package-id=02162ed8743e22f3", + "cpe": "cpe:2.3:a:classnames:classnames:2.3.2:*:*:*:*:*:*:*", + "name": "classnames", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/classnames@2.3.2", + "type": "library", + "version": "2.3.2" + }, + { + "bom-ref": "pkg:npm/colors@1.4.0?package-id=06a7d9e0197b39e0", + "cpe": "cpe:2.3:a:colors:colors:1.4.0:*:*:*:*:*:*:*", + "name": "colors", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/colors@1.4.0", + "type": "library", + "version": "1.4.0" + }, + { + "bom-ref": "pkg:npm/content-disposition@0.5.4?package-id=105471e28411dc70", + "cpe": "cpe:2.3:a:content-disposition:content-disposition:0.5.4:*:*:*:*:*:*:*", + "name": "content-disposition", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content-disposition:content_disposition:0.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content_disposition:content-disposition:0.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content_disposition:content_disposition:0.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content:content-disposition:0.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content:content_disposition:0.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/content-disposition@0.5.4", + "type": "library", + "version": "0.5.4" + }, + { + "bom-ref": "pkg:npm/content-type@1.0.5?package-id=ff50f3e9146f918a", + "cpe": "cpe:2.3:a:content-type:content-type:1.0.5:*:*:*:*:*:*:*", + "name": "content-type", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content-type:content_type:1.0.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content_type:content-type:1.0.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content_type:content_type:1.0.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content:content-type:1.0.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content:content_type:1.0.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/content-type@1.0.5", + "type": "library", + "version": "1.0.5" + }, + { + "bom-ref": "pkg:npm/cookie@0.5.0?package-id=d6a8687d55fe9822", + "cpe": "cpe:2.3:a:cookie:cookie:0.5.0:*:*:*:*:*:*:*", + "name": "cookie", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/cookie@0.5.0", + "type": "library", + "version": "0.5.0" + }, + { + "bom-ref": "pkg:npm/cookie-signature@1.0.6?package-id=d1ddfc590683a178", + "cpe": "cpe:2.3:a:cookie-signature_project:cookie-signature:1.0.6:*:*:*:*:node.js:*:*", + "name": "cookie-signature", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/cookie-signature@1.0.6", + "type": "library", + "version": "1.0.6" + }, + { + "bom-ref": "pkg:npm/csstype@3.1.2?package-id=56cfd4aaf334efad", + "cpe": "cpe:2.3:a:csstype:csstype:3.1.2:*:*:*:*:*:*:*", + "name": "csstype", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/csstype@3.1.2", + "type": "library", + "version": "3.1.2" + }, + { + "bom-ref": "pkg:npm/dateformat@5.0.3?package-id=d074071dcc6a8350", + "cpe": "cpe:2.3:a:dateformat:dateformat:5.0.3:*:*:*:*:*:*:*", + "name": "dateformat", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/dateformat@5.0.3", + "type": "library", + "version": "5.0.3" + }, + { + "bom-ref": "pkg:npm/debug@2.6.9?package-id=92252ea21868a6d9", + "cpe": "cpe:2.3:a:debug_project:debug:2.6.9:*:*:*:*:node.js:*:*", + "name": "debug", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/debug@2.6.9", + "type": "library", + "version": "2.6.9" + }, + { + "bom-ref": "pkg:npm/depd@2.0.0?package-id=a0f4b2f715620506", + "cpe": "cpe:2.3:a:depd:depd:2.0.0:*:*:*:*:*:*:*", + "name": "depd", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/depd@2.0.0", + "type": "library", + "version": "2.0.0" + }, + { + "bom-ref": "pkg:npm/destroy@1.2.0?package-id=c0b574391f65a7f0", + "cpe": "cpe:2.3:a:destroy:destroy:1.2.0:*:*:*:*:*:*:*", + "name": "destroy", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/destroy@1.2.0", + "type": "library", + "version": "1.2.0" + }, + { + "bom-ref": "pkg:npm/ee-first@1.1.1?package-id=3b86eb35be74119c", + "cpe": "cpe:2.3:a:ee-first:ee-first:1.1.1:*:*:*:*:*:*:*", + "name": "ee-first", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ee-first:ee_first:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ee_first:ee-first:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ee_first:ee_first:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ee:ee-first:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ee:ee_first:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/ee-first@1.1.1", + "type": "library", + "version": "1.1.1" + }, + { + "bom-ref": "pkg:npm/eggs?package-id=2247fa00832a65ff", + "cpe": "cpe:2.3:a:eggs:eggs:*:*:*:*:*:*:*:*", + "name": "eggs", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/eggs", + "type": "library" + }, + { + "bom-ref": "pkg:npm/eggs-packages/eggs@1.0.0?package-id=af32220520b08aa3", + "cpe": "cpe:2.3:a:eggs-packages\\/eggs:eggs-packages\\/eggs:1.0.0:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "name": "eggs-packages/eggs", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:eggs-packages\\/eggs:eggs_packages\\/eggs:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:eggs_packages\\/eggs:eggs-packages\\/eggs:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:eggs_packages\\/eggs:eggs_packages\\/eggs:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:eggs:eggs-packages\\/eggs:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:eggs:eggs_packages\\/eggs:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/eggs-packages/eggs@1.0.0", + "type": "library", + "version": "1.0.0" + }, + { + "bom-ref": "pkg:npm/encodeurl@1.0.2?package-id=b77b63dcf4971d69", + "cpe": "cpe:2.3:a:encodeurl:encodeurl:1.0.2:*:*:*:*:*:*:*", + "name": "encodeurl", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/encodeurl@1.0.2", + "type": "library", + "version": "1.0.2" + }, + { + "bom-ref": "pkg:npm/escape-html@1.0.3?package-id=c0cdf8c952ce772a", + "cpe": "cpe:2.3:a:escape-html:escape-html:1.0.3:*:*:*:*:*:*:*", + "name": "escape-html", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:escape-html:escape_html:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:escape_html:escape-html:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:escape_html:escape_html:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:escape:escape-html:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:escape:escape_html:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/escape-html@1.0.3", + "type": "library", + "version": "1.0.3" + }, + { + "bom-ref": "pkg:npm/etag@1.8.1?package-id=7d0dc766870c2472", + "cpe": "cpe:2.3:a:etag:etag:1.8.1:*:*:*:*:*:*:*", + "name": "etag", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/etag@1.8.1", + "type": "library", + "version": "1.8.1" + }, + { + "bom-ref": "pkg:npm/express@4.18.2?package-id=843137561e387c44", + "cpe": "cpe:2.3:a:openjsf:express:4.18.2:*:*:*:*:node.js:*:*", + "name": "express", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/express@4.18.2", + "type": "library", + "version": "4.18.2" + }, + { + "bom-ref": "pkg:npm/fecha@4.2.3?package-id=0dbe723d51b71105", + "cpe": "cpe:2.3:a:fecha:fecha:4.2.3:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "name": "fecha", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/fecha@4.2.3", + "type": "library", + "version": "4.2.3" + }, + { + "bom-ref": "pkg:npm/finalhandler@1.2.0?package-id=b5cddb9ad2ad4516", + "cpe": "cpe:2.3:a:finalhandler:finalhandler:1.2.0:*:*:*:*:*:*:*", + "name": "finalhandler", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/finalhandler@1.2.0", + "type": "library", + "version": "1.2.0" + }, + { + "bom-ref": "pkg:npm/foo?package-id=352f1023dd02679f", + "cpe": "cpe:2.3:a:foo:foo:*:*:*:*:*:*:*:*", + "name": "foo", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/foo", + "type": "library" + }, + { + "bom-ref": "pkg:npm/foo@1.0.0?package-id=e577272d8af44a23", + "cpe": "cpe:2.3:a:foo:foo:1.0.0:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "name": "foo", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/foo@1.0.0", + "type": "library", + "version": "1.0.0" + }, + { + "bom-ref": "pkg:npm/forwarded@0.2.0?package-id=d07931fe109020ee", + "cpe": "cpe:2.3:a:forwarded_project:forwarded:0.2.0:*:*:*:*:node.js:*:*", + "name": "forwarded", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/forwarded@0.2.0", + "type": "library", + "version": "0.2.0" + }, + { + "bom-ref": "pkg:npm/fresh@0.5.2?package-id=a35427e837fe81b6", + "cpe": "cpe:2.3:a:fresh_project:fresh:0.5.2:*:*:*:*:node.js:*:*", + "name": "fresh", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/fresh@0.5.2", + "type": "library", + "version": "0.5.2" + }, + { + "bom-ref": "pkg:npm/function-bind@1.1.1?package-id=b0d705f9d55d98a8", + "cpe": "cpe:2.3:a:function-bind:function-bind:1.1.1:*:*:*:*:*:*:*", + "name": "function-bind", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:function-bind:function_bind:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:function_bind:function-bind:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:function_bind:function_bind:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:function:function-bind:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:function:function_bind:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/function-bind@1.1.1", + "type": "library", + "version": "1.1.1" + }, + { + "bom-ref": "pkg:npm/get-intrinsic@1.2.0?package-id=14d124688defa36a", + "cpe": "cpe:2.3:a:get-intrinsic:get-intrinsic:1.2.0:*:*:*:*:*:*:*", + "name": "get-intrinsic", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:get-intrinsic:get_intrinsic:1.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:get_intrinsic:get-intrinsic:1.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:get_intrinsic:get_intrinsic:1.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:get:get-intrinsic:1.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:get:get_intrinsic:1.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/get-intrinsic@1.2.0", + "type": "library", + "version": "1.2.0" + }, + { + "bom-ref": "pkg:npm/has@1.0.3?package-id=1756c590ddbbbf1f", + "cpe": "cpe:2.3:a:has:has:1.0.3:*:*:*:*:*:*:*", + "name": "has", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/has@1.0.3", + "type": "library", + "version": "1.0.3" + }, + { + "bom-ref": "pkg:npm/has-symbols@1.0.3?package-id=41af9f2eb5a7b313", + "cpe": "cpe:2.3:a:has-symbols:has-symbols:1.0.3:*:*:*:*:*:*:*", + "name": "has-symbols", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:has-symbols:has_symbols:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:has_symbols:has-symbols:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:has_symbols:has_symbols:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:has:has-symbols:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:has:has_symbols:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/has-symbols@1.0.3", + "type": "library", + "version": "1.0.3" + }, + { + "bom-ref": "pkg:npm/http-errors@2.0.0?package-id=1d02b487dab61965", + "cpe": "cpe:2.3:a:http-errors:http-errors:2.0.0:*:*:*:*:*:*:*", + "name": "http-errors", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:http-errors:http_errors:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:http_errors:http-errors:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:http_errors:http_errors:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:http:http-errors:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:http:http_errors:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/http-errors@2.0.0", + "type": "library", + "version": "2.0.0" + }, + { + "bom-ref": "pkg:npm/iconv-lite@0.4.24?package-id=c90cedf9e72dd0f0", + "cpe": "cpe:2.3:a:iconv-lite:iconv-lite:0.4.24:*:*:*:*:*:*:*", + "name": "iconv-lite", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:iconv-lite:iconv_lite:0.4.24:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:iconv_lite:iconv-lite:0.4.24:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:iconv_lite:iconv_lite:0.4.24:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:iconv:iconv-lite:0.4.24:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:iconv:iconv_lite:0.4.24:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/iconv-lite@0.4.24", + "type": "library", + "version": "0.4.24" + }, + { + "bom-ref": "pkg:npm/inherits@2.0.4?package-id=c4b3a63b476363af", + "cpe": "cpe:2.3:a:inherits:inherits:2.0.4:*:*:*:*:*:*:*", + "name": "inherits", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/inherits@2.0.4", + "type": "library", + "version": "2.0.4" + }, + { + "bom-ref": "pkg:npm/ipaddr.js@1.9.1?package-id=c680b64700b2337d", + "cpe": "cpe:2.3:a:ipaddr.js:ipaddr.js:1.9.1:*:*:*:*:*:*:*", + "name": "ipaddr.js", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/ipaddr.js@1.9.1", + "type": "library", + "version": "1.9.1" + }, + { + "bom-ref": "pkg:npm/is-positive@3.1.0?package-id=bc8e42cbdee7b510", + "cpe": "cpe:2.3:a:is-positive:is-positive:3.1.0:*:*:*:*:*:*:*", + "name": "is-positive", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:is-positive:is_positive:3.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:is_positive:is-positive:3.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:is_positive:is_positive:3.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:is:is-positive:3.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:is:is_positive:3.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/is-positive@3.1.0", + "type": "library", + "version": "3.1.0" + }, + { + "bom-ref": "pkg:npm/media-typer@0.3.0?package-id=0d0c9173b3765561", + "cpe": "cpe:2.3:a:media-typer:media-typer:0.3.0:*:*:*:*:*:*:*", + "name": "media-typer", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:media-typer:media_typer:0.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:media_typer:media-typer:0.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:media_typer:media_typer:0.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:media:media-typer:0.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:media:media_typer:0.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/media-typer@0.3.0", + "type": "library", + "version": "0.3.0" + }, + { + "bom-ref": "pkg:npm/merge-descriptors@1.0.1?package-id=4c25dffaba71b53f", + "cpe": "cpe:2.3:a:merge-descriptors:merge-descriptors:1.0.1:*:*:*:*:*:*:*", + "name": "merge-descriptors", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:merge-descriptors:merge_descriptors:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:merge_descriptors:merge-descriptors:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:merge_descriptors:merge_descriptors:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:merge:merge-descriptors:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:merge:merge_descriptors:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/merge-descriptors@1.0.1", + "type": "library", + "version": "1.0.1" + }, + { + "bom-ref": "pkg:npm/methods@1.1.2?package-id=9f5112a619f16ada", + "cpe": "cpe:2.3:a:methods:methods:1.1.2:*:*:*:*:*:*:*", + "name": "methods", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/methods@1.1.2", + "type": "library", + "version": "1.1.2" + }, + { + "bom-ref": "pkg:npm/mime@1.6.0?package-id=3a8f4690355983f8", + "cpe": "cpe:2.3:a:mime_project:mime:1.6.0:*:*:*:*:node.js:*:*", + "name": "mime", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/mime@1.6.0", + "type": "library", + "version": "1.6.0" + }, + { + "bom-ref": "pkg:npm/mime-db@1.52.0?package-id=65a378639eed7a8d", + "cpe": "cpe:2.3:a:mime-db:mime-db:1.52.0:*:*:*:*:*:*:*", + "name": "mime-db", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime-db:mime_db:1.52.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime_db:mime-db:1.52.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime_db:mime_db:1.52.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime:mime-db:1.52.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime:mime_db:1.52.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/mime-db@1.52.0", + "type": "library", + "version": "1.52.0" + }, + { + "bom-ref": "pkg:npm/mime-types@2.1.35?package-id=14ae2be2d517fcdc", + "cpe": "cpe:2.3:a:mime-types:mime-types:2.1.35:*:*:*:*:*:*:*", + "name": "mime-types", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime-types:mime_types:2.1.35:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime_types:mime-types:2.1.35:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime_types:mime_types:2.1.35:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime:mime-types:2.1.35:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime:mime_types:2.1.35:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/mime-types@2.1.35", + "type": "library", + "version": "2.1.35" + }, + { + "bom-ref": "pkg:npm/ms@2.0.0?package-id=acfab536d1f4602c", + "cpe": "cpe:2.3:a:vercel:ms:2.0.0:*:*:*:*:node.js:*:*", + "name": "ms", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/ms@2.0.0", + "type": "library", + "version": "2.0.0" + }, + { + "bom-ref": "pkg:npm/ms@2.1.3?package-id=bca22b52057e7753", + "cpe": "cpe:2.3:a:vercel:ms:2.1.3:*:*:*:*:node.js:*:*", + "name": "ms", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/ms@2.1.3", + "type": "library", + "version": "2.1.3" + }, + { + "bom-ref": "pkg:npm/negotiator@0.6.3?package-id=af6245201061f5e2", + "cpe": "cpe:2.3:a:negotiator:negotiator:0.6.3:*:*:*:*:*:*:*", + "name": "negotiator", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/negotiator@0.6.3", + "type": "library", + "version": "0.6.3" + }, + { + "bom-ref": "pkg:npm/not-baz?package-id=b8327c159037e29a", + "cpe": "cpe:2.3:a:not-baz:not-baz:*:*:*:*:*:*:*:*", + "name": "not-baz", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not-baz:not_baz:*:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not_baz:not-baz:*:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not_baz:not_baz:*:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not:not-baz:*:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not:not_baz:*:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/not-baz", + "type": "library" + }, + { + "bom-ref": "pkg:npm/not-baz@1.0.0?package-id=3b1af970071fba18", + "cpe": "cpe:2.3:a:not-baz:not-baz:1.0.0:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "name": "not-baz", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not-baz:not_baz:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not_baz:not-baz:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not_baz:not_baz:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not:not-baz:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not:not_baz:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/not-baz@1.0.0", + "type": "library", + "version": "1.0.0" + }, + { + "bom-ref": "pkg:npm/npm_test@1.1.0?package-id=34ba90ce6af47f8c", + "cpe": "cpe:2.3:a:npm-test:npm-test:1.1.0:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "name": "npm_test", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:npm-test:npm_test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:npm_test:npm-test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:npm_test:npm_test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:npm:npm-test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:npm:npm_test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/npm_test@1.1.0", + "type": "library", + "version": "1.1.0" + }, + { + "bom-ref": "pkg:npm/object-inspect@1.12.3?package-id=d4a5f46fefb0c652", + "cpe": "cpe:2.3:a:object-inspect:object-inspect:1.12.3:*:*:*:*:*:*:*", + "name": "object-inspect", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:object-inspect:object_inspect:1.12.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:object_inspect:object-inspect:1.12.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:object_inspect:object_inspect:1.12.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:object:object-inspect:1.12.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:object:object_inspect:1.12.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/object-inspect@1.12.3", + "type": "library", + "version": "1.12.3" + }, + { + "bom-ref": "pkg:npm/on-finished@2.4.1?package-id=025772e77611d88b", + "cpe": "cpe:2.3:a:on-finished:on-finished:2.4.1:*:*:*:*:*:*:*", + "name": "on-finished", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:on-finished:on_finished:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:on_finished:on-finished:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:on_finished:on_finished:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:on:on-finished:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:on:on_finished:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/on-finished@2.4.1", + "type": "library", + "version": "2.4.1" + }, + { + "bom-ref": "pkg:npm/parseurl@1.3.3?package-id=8957b9f80bfd7e48", + "cpe": "cpe:2.3:a:parseurl:parseurl:1.3.3:*:*:*:*:*:*:*", + "name": "parseurl", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/parseurl@1.3.3", + "type": "library", + "version": "1.3.3" + }, + { + "bom-ref": "pkg:npm/path-to-regexp@0.1.7?package-id=6fb024842a7b51c9", + "cpe": "cpe:2.3:a:path-to-regexp:path-to-regexp:0.1.7:*:*:*:*:*:*:*", + "name": "path-to-regexp", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path-to-regexp:path_to_regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path_to_regexp:path-to-regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path_to_regexp:path_to_regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path-to:path-to-regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path-to:path_to_regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path_to:path-to-regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path_to:path_to_regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path:path-to-regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path:path_to_regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/path-to-regexp@0.1.7", + "type": "library", + "version": "0.1.7" + }, + { + "bom-ref": "pkg:npm/proxy-addr@2.0.7?package-id=aa592d0a6f0e14e0", + "cpe": "cpe:2.3:a:proxy-addr:proxy-addr:2.0.7:*:*:*:*:*:*:*", + "name": "proxy-addr", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:proxy-addr:proxy_addr:2.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:proxy_addr:proxy-addr:2.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:proxy_addr:proxy_addr:2.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:proxy:proxy-addr:2.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:proxy:proxy_addr:2.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/proxy-addr@2.0.7", + "type": "library", + "version": "2.0.7" + }, + { + "bom-ref": "pkg:npm/qs@6.11.0?package-id=6e2c51e0e8fdd82a", + "cpe": "cpe:2.3:a:qs_project:qs:6.11.0:*:*:*:*:node.js:*:*", + "name": "qs", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/qs@6.11.0", + "type": "library", + "version": "6.11.0" + }, + { + "bom-ref": "pkg:npm/range-parser@1.2.1?package-id=a5ac7b9eddc291fe", + "cpe": "cpe:2.3:a:range-parser:range-parser:1.2.1:*:*:*:*:*:*:*", + "name": "range-parser", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:range-parser:range_parser:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:range_parser:range-parser:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:range_parser:range_parser:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:range:range-parser:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:range:range_parser:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/range-parser@1.2.1", + "type": "library", + "version": "1.2.1" + }, + { + "bom-ref": "pkg:npm/raw-body@2.5.1?package-id=c124e89ccbc8e1a9", + "cpe": "cpe:2.3:a:raw-body:raw-body:2.5.1:*:*:*:*:*:*:*", + "name": "raw-body", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:raw-body:raw_body:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:raw_body:raw-body:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:raw_body:raw_body:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:raw:raw-body:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:raw:raw_body:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/raw-body@2.5.1", + "type": "library", + "version": "2.5.1" + }, + { + "bom-ref": "pkg:npm/safe-buffer@5.2.1?package-id=f1a458d0a34a3e1e", + "cpe": "cpe:2.3:a:safe-buffer:safe-buffer:5.2.1:*:*:*:*:*:*:*", + "name": "safe-buffer", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safe-buffer:safe_buffer:5.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safe_buffer:safe-buffer:5.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safe_buffer:safe_buffer:5.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safe:safe-buffer:5.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safe:safe_buffer:5.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/safe-buffer@5.2.1", + "type": "library", + "version": "5.2.1" + }, + { + "bom-ref": "pkg:npm/safer-buffer@2.1.2?package-id=35e495695450988a", + "cpe": "cpe:2.3:a:safer-buffer:safer-buffer:2.1.2:*:*:*:*:*:*:*", + "name": "safer-buffer", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safer-buffer:safer_buffer:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safer_buffer:safer-buffer:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safer_buffer:safer_buffer:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safer:safer-buffer:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safer:safer_buffer:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2", + "type": "library", + "version": "2.1.2" + }, + { + "bom-ref": "pkg:npm/sax@0.1.1?package-id=e5fe5e07946d7f0e", + "cpe": "cpe:2.3:a:sax:sax:0.1.1:*:*:*:*:*:*:*", + "name": "sax", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/sax@0.1.1", + "type": "library", + "version": "0.1.1" + }, + { + "bom-ref": "pkg:npm/send@0.18.0?package-id=eb7410154bfac325", + "cpe": "cpe:2.3:a:send_project:send:0.18.0:*:*:*:*:node.js:*:*", + "name": "send", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/send@0.18.0", + "type": "library", + "version": "0.18.0" + }, + { + "bom-ref": "pkg:npm/serve-static@1.15.0?package-id=73cf56576686cfde", + "cpe": "cpe:2.3:a:serve-static:serve-static:1.15.0:*:*:*:*:*:*:*", + "name": "serve-static", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:serve-static:serve_static:1.15.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:serve_static:serve-static:1.15.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:serve_static:serve_static:1.15.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:serve:serve-static:1.15.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:serve:serve_static:1.15.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/serve-static@1.15.0", + "type": "library", + "version": "1.15.0" + }, + { + "bom-ref": "pkg:npm/setprototypeof@1.2.0?package-id=547a0345595d4c22", + "cpe": "cpe:2.3:a:setprototypeof:setprototypeof:1.2.0:*:*:*:*:*:*:*", + "name": "setprototypeof", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/setprototypeof@1.2.0", + "type": "library", + "version": "1.2.0" + }, + { + "bom-ref": "pkg:npm/side-channel@1.0.4?package-id=cdb286823062a5b2", + "cpe": "cpe:2.3:a:side-channel:side-channel:1.0.4:*:*:*:*:*:*:*", + "name": "side-channel", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:side-channel:side_channel:1.0.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:side_channel:side-channel:1.0.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:side_channel:side_channel:1.0.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:side:side-channel:1.0.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:side:side_channel:1.0.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/side-channel@1.0.4", + "type": "library", + "version": "1.0.4" + }, + { + "bom-ref": "pkg:npm/spam?package-id=ee4212f669097a9b", + "cpe": "cpe:2.3:a:spam:spam:*:*:*:*:*:*:*:*", + "name": "spam", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/spam", + "type": "library" + }, + { + "bom-ref": "pkg:npm/spam-packages/spam@1.0.0?package-id=8ad0ba47106e9eca", + "cpe": "cpe:2.3:a:spam-packages\\/spam:spam-packages\\/spam:1.0.0:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "name": "spam-packages/spam", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:spam-packages\\/spam:spam_packages\\/spam:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:spam_packages\\/spam:spam-packages\\/spam:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:spam_packages\\/spam:spam_packages\\/spam:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:spam:spam-packages\\/spam:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:spam:spam_packages\\/spam:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/spam-packages/spam@1.0.0", + "type": "library", + "version": "1.0.0" + }, + { + "bom-ref": "pkg:npm/statuses@2.0.1?package-id=f8d7a7aac610252f", + "cpe": "cpe:2.3:a:statuses:statuses:2.0.1:*:*:*:*:*:*:*", + "name": "statuses", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/statuses@2.0.1", + "type": "library", + "version": "2.0.1" + }, + { + "bom-ref": "pkg:npm/toidentifier@1.0.1?package-id=f4b7c633380a689c", + "cpe": "cpe:2.3:a:toidentifier:toidentifier:1.0.1:*:*:*:*:*:*:*", + "name": "toidentifier", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/toidentifier@1.0.1", + "type": "library", + "version": "1.0.1" + }, + { + "bom-ref": "pkg:npm/type-is@1.6.18?package-id=d68517abe50bfeac", + "cpe": "cpe:2.3:a:type-is:type-is:1.6.18:*:*:*:*:*:*:*", + "name": "type-is", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:type-is:type_is:1.6.18:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:type_is:type-is:1.6.18:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:type_is:type_is:1.6.18:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:type:type-is:1.6.18:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:type:type_is:1.6.18:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/type-is@1.6.18", + "type": "library", + "version": "1.6.18" + }, + { + "bom-ref": "pkg:npm/unpipe@1.0.0?package-id=a69d83f063c5175d", + "cpe": "cpe:2.3:a:unpipe:unpipe:1.0.0:*:*:*:*:*:*:*", + "name": "unpipe", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/unpipe@1.0.0", + "type": "library", + "version": "1.0.0" + }, + { + "bom-ref": "pkg:npm/utils-merge@1.0.1?package-id=1909c40a9ae99753", + "cpe": "cpe:2.3:a:utils-merge:utils-merge:1.0.1:*:*:*:*:*:*:*", + "name": "utils-merge", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:utils-merge:utils_merge:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:utils_merge:utils-merge:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:utils_merge:utils_merge:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:utils:utils-merge:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:utils:utils_merge:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/utils-merge@1.0.1", + "type": "library", + "version": "1.0.1" + }, + { + "bom-ref": "pkg:npm/uuid@9.0.0?package-id=ccbce98fa2fd50bf", + "cpe": "cpe:2.3:a:uuid:uuid:9.0.0:*:*:*:*:*:*:*", + "name": "uuid", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/uuid@9.0.0", + "type": "library", + "version": "9.0.0" + }, + { + "bom-ref": "pkg:npm/vary@1.1.2?package-id=4bc84cbb6d76f2fa", + "cpe": "cpe:2.3:a:vary:vary:1.1.2:*:*:*:*:*:*:*", + "name": "vary", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/vary@1.1.2", + "type": "library", + "version": "1.1.2" + } + ], + "metadata": { + "component": { + "bom-ref": "af63bd4c8601b7f1", + "name": ".", + "type": "file" + }, + "timestamp": "2024-12-18T11:08:00+01:00", + "tools": { + "components": [ + { + "author": "anchore", + "name": "syft", + "type": "application", + "version": "1.4.1" + } + ] + } + }, + "serialNumber": "urn:uuid:1d823647-6b64-41b3-a29b-1d09cfb3ba8a", + "specVersion": "1.5", + "version": 1 +} diff --git a/sbom-utility-scripts/scripts/merge-sboms-script/test_data/cyclonedx/syft-sboms/pip-e2e-test.bom.json b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/cyclonedx/syft-sboms/pip-e2e-test.bom.json new file mode 100644 index 0000000..f38a8e8 --- /dev/null +++ b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/cyclonedx/syft-sboms/pip-e2e-test.bom.json @@ -0,0 +1,603 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "bomFormat": "CycloneDX", + "components": [ + { + "bom-ref": "pkg:pypi/certifi@2022.12.7?package-id=605ce44010623730", + "cpe": "cpe:2.3:a:kennethreitz:certifi:2022.12.7:*:*:*:*:python:*:*", + "name": "certifi", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "python-package-cataloger" + }, + { + "name": "syft:package:language", + "value": "python" + }, + { + "name": "syft:package:type", + "value": "python" + }, + { + "name": "syft:package:metadataType", + "value": "python-pip-requirements-entry" + }, + { + "name": "syft:location:0:path", + "value": "/requirements.txt" + } + ], + "purl": "pkg:pypi/certifi@2022.12.7", + "type": "library", + "version": "2022.12.7" + }, + { + "bom-ref": "pkg:pypi/charset-normalizer@3.0.1?package-id=af8ef9b528d1324d", + "cpe": "cpe:2.3:a:python-charset-normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "name": "charset-normalizer", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "python-package-cataloger" + }, + { + "name": "syft:package:language", + "value": "python" + }, + { + "name": "syft:package:type", + "value": "python" + }, + { + "name": "syft:package:metadataType", + "value": "python-pip-requirements-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset-normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset_normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset_normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset-normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset-normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset_normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset_normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset-normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset-normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset_normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset_normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset-normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset-normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset_normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset_normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/requirements.txt" + } + ], + "purl": "pkg:pypi/charset-normalizer@3.0.1", + "type": "library", + "version": "3.0.1" + }, + { + "bom-ref": "pkg:pypi/flit-core@3.8.0?package-id=24f242ce07794d00", + "cpe": "cpe:2.3:a:python-flit-core:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "name": "flit-core", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "python-package-cataloger" + }, + { + "name": "syft:package:language", + "value": "python" + }, + { + "name": "syft:package:type", + "value": "python" + }, + { + "name": "syft:package:metadataType", + "value": "python-pip-requirements-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit-core:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit_core:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit_core:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit-core:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit-core:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit_core:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit_core:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit-core:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit-core:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit_core:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit_core:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit-core:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit-core:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit_core:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit_core:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/requirements-build.txt" + } + ], + "purl": "pkg:pypi/flit-core@3.8.0", + "type": "library", + "version": "3.8.0" + }, + { + "bom-ref": "pkg:pypi/idna@3.4?package-id=ff5d4caf61299680", + "cpe": "cpe:2.3:a:python-idna:python-idna:3.4:*:*:*:*:*:*:*", + "name": "idna", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "python-package-cataloger" + }, + { + "name": "syft:package:language", + "value": "python" + }, + { + "name": "syft:package:type", + "value": "python" + }, + { + "name": "syft:package:metadataType", + "value": "python-pip-requirements-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-idna:python_idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_idna:python-idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_idna:python_idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python-idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python_idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:idna:python-idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:idna:python_idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-idna:idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_idna:idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:idna:idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/requirements.txt" + } + ], + "purl": "pkg:pypi/idna@3.4", + "type": "library", + "version": "3.4" + }, + { + "bom-ref": "pkg:pypi/requests@2.28.2?package-id=03176f57fdf54d1e", + "cpe": "cpe:2.3:a:python:requests:2.28.2:*:*:*:*:*:*:*", + "name": "requests", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "python-package-cataloger" + }, + { + "name": "syft:package:language", + "value": "python" + }, + { + "name": "syft:package:type", + "value": "python" + }, + { + "name": "syft:package:metadataType", + "value": "python-pip-requirements-entry" + }, + { + "name": "syft:location:0:path", + "value": "/requirements.txt" + } + ], + "purl": "pkg:pypi/requests@2.28.2", + "type": "library", + "version": "2.28.2" + }, + { + "bom-ref": "pkg:pypi/setuptools@67.1.0?package-id=7ae302e7223ecbbd", + "cpe": "cpe:2.3:a:python:setuptools:67.1.0:*:*:*:*:*:*:*", + "name": "setuptools", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "python-package-cataloger" + }, + { + "name": "syft:package:language", + "value": "python" + }, + { + "name": "syft:package:type", + "value": "python" + }, + { + "name": "syft:package:metadataType", + "value": "python-pip-requirements-entry" + }, + { + "name": "syft:location:0:path", + "value": "/requirements-build.txt" + } + ], + "purl": "pkg:pypi/setuptools@67.1.0", + "type": "library", + "version": "67.1.0" + }, + { + "bom-ref": "pkg:pypi/urllib3@1.26.14?package-id=531a10a07587b59c", + "cpe": "cpe:2.3:a:python:urllib3:1.26.14:*:*:*:*:*:*:*", + "name": "urllib3", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "python-package-cataloger" + }, + { + "name": "syft:package:language", + "value": "python" + }, + { + "name": "syft:package:type", + "value": "python" + }, + { + "name": "syft:package:metadataType", + "value": "python-pip-requirements-entry" + }, + { + "name": "syft:location:0:path", + "value": "/requirements.txt" + } + ], + "purl": "pkg:pypi/urllib3@1.26.14", + "type": "library", + "version": "1.26.14" + }, + { + "bom-ref": "pkg:pypi/wheel@0.38.4?package-id=3a9d5577afa1b279", + "cpe": "cpe:2.3:a:python-wheel:python-wheel:0.38.4:*:*:*:*:*:*:*", + "name": "wheel", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "python-package-cataloger" + }, + { + "name": "syft:package:language", + "value": "python" + }, + { + "name": "syft:package:type", + "value": "python" + }, + { + "name": "syft:package:metadataType", + "value": "python-pip-requirements-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-wheel:python_wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_wheel:python-wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_wheel:python_wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python-wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python_wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-wheel:wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_wheel:wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:wheel:python-wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:wheel:python_wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:wheel:wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/requirements-build.txt" + } + ], + "purl": "pkg:pypi/wheel@0.38.4", + "type": "library", + "version": "0.38.4" + } + ], + "metadata": { + "component": { + "bom-ref": "af63bd4c8601b7f1", + "name": ".", + "type": "file" + }, + "timestamp": "2024-12-18T11:08:00+01:00", + "tools": { + "components": [ + { + "author": "anchore", + "name": "syft", + "type": "application", + "version": "1.4.1" + } + ] + } + }, + "serialNumber": "urn:uuid:1d823647-6b64-41b3-a29b-1d09cfb3ba8a", + "specVersion": "1.5", + "version": 1 +} diff --git a/sbom-utility-scripts/scripts/merge-sboms-script/test_data/cyclonedx/syft-sboms/ubi-micro.bom.json b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/cyclonedx/syft-sboms/ubi-micro.bom.json new file mode 100644 index 0000000..dcd1852 --- /dev/null +++ b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/cyclonedx/syft-sboms/ubi-micro.bom.json @@ -0,0 +1,1529 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "bomFormat": "CycloneDX", + "components": [ + { + "bom-ref": "pkg:rpm/rhel/basesystem@11-13.el9?arch=noarch&upstream=basesystem-11-13.el9.src.rpm&distro=rhel-9.5&package-id=fcabd006cb3bfe7d", + "cpe": "cpe:2.3:a:basesystem:basesystem:11-13.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "Public Domain" + } + } + ], + "name": "basesystem", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:basesystem:11-13.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "13.el9" + }, + { + "name": "syft:metadata:size", + "value": "0" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "basesystem-11-13.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/basesystem@11-13.el9?arch=noarch&upstream=basesystem-11-13.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "11-13.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/bash@5.1.8-9.el9?arch=x86_64&upstream=bash-5.1.8-9.el9.src.rpm&distro=rhel-9.5&package-id=a6062d7253817d9d", + "cpe": "cpe:2.3:a:redhat:bash:5.1.8-9.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "GPLv3+" + } + } + ], + "name": "bash", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bash:bash:5.1.8-9.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "9.el9" + }, + { + "name": "syft:metadata:size", + "value": "7738778" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "bash-5.1.8-9.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/bash@5.1.8-9.el9?arch=x86_64&upstream=bash-5.1.8-9.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "5.1.8-9.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/coreutils-single@8.32-36.el9?arch=x86_64&upstream=coreutils-8.32-36.el9.src.rpm&distro=rhel-9.5&package-id=bc07797a46d14a80", + "cpe": "cpe:2.3:a:coreutils-single:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "GPLv3+" + } + } + ], + "name": "coreutils-single", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils-single:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils_single:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils_single:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "36.el9" + }, + { + "name": "syft:metadata:size", + "value": "1403137" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "coreutils-8.32-36.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/coreutils-single@8.32-36.el9?arch=x86_64&upstream=coreutils-8.32-36.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "8.32-36.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/filesystem@3.16-5.el9?arch=x86_64&upstream=filesystem-3.16-5.el9.src.rpm&distro=rhel-9.5&package-id=5423c4a724c69dca", + "cpe": "cpe:2.3:a:filesystem:filesystem:3.16-5.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "Public Domain" + } + } + ], + "name": "filesystem", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:filesystem:3.16-5.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "5.el9" + }, + { + "name": "syft:metadata:size", + "value": "106" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "filesystem-3.16-5.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/filesystem@3.16-5.el9?arch=x86_64&upstream=filesystem-3.16-5.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "3.16-5.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/glibc@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5&package-id=ab6bbd6d165109d2", + "cpe": "cpe:2.3:a:redhat:glibc:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + } + } + ], + "name": "glibc", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "125.el9_5.1" + }, + { + "name": "syft:metadata:size", + "value": "6430227" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "glibc-2.34-125.el9_5.1.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/glibc@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2.34-125.el9_5.1" + }, + { + "bom-ref": "pkg:rpm/rhel/glibc-common@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5&package-id=5d2e03b4ae3e405b", + "cpe": "cpe:2.3:a:glibc-common:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + } + } + ], + "name": "glibc-common", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-common:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_common:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_common:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "125.el9_5.1" + }, + { + "name": "syft:metadata:size", + "value": "1083649" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "glibc-2.34-125.el9_5.1.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/glibc-common@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2.34-125.el9_5.1" + }, + { + "bom-ref": "pkg:rpm/rhel/glibc-minimal-langpack@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5&package-id=d35bdd9cfa0b8d62", + "cpe": "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + } + } + ], + "name": "glibc-minimal-langpack", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "125.el9_5.1" + }, + { + "name": "syft:metadata:size", + "value": "0" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "glibc-2.34-125.el9_5.1.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/glibc-minimal-langpack@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2.34-125.el9_5.1" + }, + { + "bom-ref": "pkg:rpm/rhel/gpg-pubkey@5a6340b3-6229229e?distro=rhel-9.5&package-id=6a4614b48b443e33", + "cpe": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "pubkey" + } + } + ], + "name": "gpg-pubkey", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg-pubkey:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg_pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg_pubkey:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "6229229e" + }, + { + "name": "syft:metadata:size", + "value": "0" + } + ], + "purl": "pkg:rpm/rhel/gpg-pubkey@5a6340b3-6229229e?distro=rhel-9.5", + "type": "library", + "version": "5a6340b3-6229229e" + }, + { + "bom-ref": "pkg:rpm/rhel/gpg-pubkey@fd431d51-4ae0493b?distro=rhel-9.5&package-id=0b9edfc7dd36b25d", + "cpe": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "pubkey" + } + } + ], + "name": "gpg-pubkey", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg-pubkey:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg_pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg_pubkey:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "4ae0493b" + }, + { + "name": "syft:metadata:size", + "value": "0" + } + ], + "purl": "pkg:rpm/rhel/gpg-pubkey@fd431d51-4ae0493b?distro=rhel-9.5", + "type": "library", + "version": "fd431d51-4ae0493b" + }, + { + "bom-ref": "pkg:rpm/rhel/libacl@2.3.1-4.el9?arch=x86_64&upstream=acl-2.3.1-4.el9.src.rpm&distro=rhel-9.5&package-id=6a12891a28711ed0", + "cpe": "cpe:2.3:a:libacl:libacl:2.3.1-4.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "name": "libacl", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libacl:2.3.1-4.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "4.el9" + }, + { + "name": "syft:metadata:size", + "value": "40554" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "acl-2.3.1-4.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/libacl@2.3.1-4.el9?arch=x86_64&upstream=acl-2.3.1-4.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2.3.1-4.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/libattr@2.5.1-3.el9?arch=x86_64&upstream=attr-2.5.1-3.el9.src.rpm&distro=rhel-9.5&package-id=246362466b6f01d4", + "cpe": "cpe:2.3:a:libattr:libattr:2.5.1-3.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "name": "libattr", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libattr:2.5.1-3.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "3.el9" + }, + { + "name": "syft:metadata:size", + "value": "29429" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "attr-2.5.1-3.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/libattr@2.5.1-3.el9?arch=x86_64&upstream=attr-2.5.1-3.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2.5.1-3.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/libcap@2.48-9.el9_2?arch=x86_64&upstream=libcap-2.48-9.el9_2.src.rpm&distro=rhel-9.5&package-id=e129417de8081c72", + "cpe": "cpe:2.3:a:libcap:libcap:2.48-9.el9_2:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "BSD or GPLv2" + } + } + ], + "name": "libcap", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libcap:2.48-9.el9_2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "9.el9_2" + }, + { + "name": "syft:metadata:size", + "value": "177471" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libcap-2.48-9.el9_2.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/libcap@2.48-9.el9_2?arch=x86_64&upstream=libcap-2.48-9.el9_2.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2.48-9.el9_2" + }, + { + "bom-ref": "pkg:rpm/rhel/libgcc@11.5.0-2.el9?arch=x86_64&upstream=gcc-11.5.0-2.el9.src.rpm&distro=rhel-9.5&package-id=492434936db2f877", + "cpe": "cpe:2.3:a:libgcc:libgcc:11.5.0-2.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + } + } + ], + "name": "libgcc", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libgcc:11.5.0-2.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "2.el9" + }, + { + "name": "syft:metadata:size", + "value": "198756" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "gcc-11.5.0-2.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/libgcc@11.5.0-2.el9?arch=x86_64&upstream=gcc-11.5.0-2.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "11.5.0-2.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/libselinux@3.6-1.el9?arch=x86_64&upstream=libselinux-3.6-1.el9.src.rpm&distro=rhel-9.5&package-id=79db8c526f87ba3b", + "cpe": "cpe:2.3:a:libselinux:libselinux:3.6-1.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "Public Domain" + } + } + ], + "name": "libselinux", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libselinux:3.6-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "1.el9" + }, + { + "name": "syft:metadata:size", + "value": "176853" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libselinux-3.6-1.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/libselinux@3.6-1.el9?arch=x86_64&upstream=libselinux-3.6-1.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "3.6-1.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/libsepol@3.6-1.el9?arch=x86_64&upstream=libsepol-3.6-1.el9.src.rpm&distro=rhel-9.5&package-id=9891839d8f699944", + "cpe": "cpe:2.3:a:libsepol:libsepol:3.6-1.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "name": "libsepol", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libsepol:3.6-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "1.el9" + }, + { + "name": "syft:metadata:size", + "value": "829251" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libsepol-3.6-1.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/libsepol@3.6-1.el9?arch=x86_64&upstream=libsepol-3.6-1.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "3.6-1.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/ncurses-base@6.2-10.20210508.el9?arch=noarch&upstream=ncurses-6.2-10.20210508.el9.src.rpm&distro=rhel-9.5&package-id=a0d19211c8c4589b", + "cpe": "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "name": "ncurses-base", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "10.20210508.el9" + }, + { + "name": "syft:metadata:size", + "value": "307293" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "ncurses-6.2-10.20210508.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/ncurses-base@6.2-10.20210508.el9?arch=noarch&upstream=ncurses-6.2-10.20210508.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "6.2-10.20210508.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&upstream=ncurses-6.2-10.20210508.el9.src.rpm&distro=rhel-9.5&package-id=31b40b2b21390159", + "cpe": "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "name": "ncurses-libs", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "10.20210508.el9" + }, + { + "name": "syft:metadata:size", + "value": "994375" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "ncurses-6.2-10.20210508.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&upstream=ncurses-6.2-10.20210508.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "6.2-10.20210508.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/pcre2@10.40-6.el9?arch=x86_64&upstream=pcre2-10.40-6.el9.src.rpm&distro=rhel-9.5&package-id=1a97d50a68b062d7", + "cpe": "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "BSD" + } + } + ], + "name": "pcre2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "6.el9" + }, + { + "name": "syft:metadata:size", + "value": "652298" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "pcre2-10.40-6.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/pcre2@10.40-6.el9?arch=x86_64&upstream=pcre2-10.40-6.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "10.40-6.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/pcre2-syntax@10.40-6.el9?arch=noarch&upstream=pcre2-10.40-6.el9.src.rpm&distro=rhel-9.5&package-id=8f3dd37865073b05", + "cpe": "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "BSD" + } + } + ], + "name": "pcre2-syntax", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "6.el9" + }, + { + "name": "syft:metadata:size", + "value": "234324" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "pcre2-10.40-6.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/pcre2-syntax@10.40-6.el9?arch=noarch&upstream=pcre2-10.40-6.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "10.40-6.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/redhat-release@9.5-0.6.el9?arch=x86_64&upstream=redhat-release-9.5-0.6.el9.src.rpm&distro=rhel-9.5&package-id=bbf1d165194eceb0", + "cpe": "cpe:2.3:a:redhat-release:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "GPLv2" + } + } + ], + "name": "redhat-release", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat-release:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat_release:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat_release:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "0.6.el9" + }, + { + "name": "syft:metadata:size", + "value": "58817" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "redhat-release-9.5-0.6.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/redhat-release@9.5-0.6.el9?arch=x86_64&upstream=redhat-release-9.5-0.6.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "9.5-0.6.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/setup@2.13.7-10.el9?arch=noarch&upstream=setup-2.13.7-10.el9.src.rpm&distro=rhel-9.5&package-id=befa3e6a19701472", + "cpe": "cpe:2.3:a:redhat:setup:2.13.7-10.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "Public Domain" + } + } + ], + "name": "setup", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:setup:setup:2.13.7-10.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "10.el9" + }, + { + "name": "syft:metadata:size", + "value": "725932" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "setup-2.13.7-10.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/setup@2.13.7-10.el9?arch=noarch&upstream=setup-2.13.7-10.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2.13.7-10.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/tzdata@2024b-2.el9?arch=noarch&upstream=tzdata-2024b-2.el9.src.rpm&distro=rhel-9.5&package-id=f21803b5b9d9adef", + "cpe": "cpe:2.3:a:redhat:tzdata:2024b-2.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "Public Domain" + } + } + ], + "name": "tzdata", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:tzdata:tzdata:2024b-2.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "2.el9" + }, + { + "name": "syft:metadata:size", + "value": "1654640" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "tzdata-2024b-2.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/tzdata@2024b-2.el9?arch=noarch&upstream=tzdata-2024b-2.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2024b-2.el9" + }, + { + "bom-ref": "os:rhel@9.5", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", + "description": "Red Hat Enterprise Linux 9.5 (Plow)", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://issues.redhat.com/" + }, + { + "type": "website", + "url": "https://www.redhat.com/" + } + ], + "name": "rhel", + "properties": [ + { + "name": "syft:distro:id", + "value": "rhel" + }, + { + "name": "syft:distro:idLike:0", + "value": "fedora" + }, + { + "name": "syft:distro:prettyName", + "value": "Red Hat Enterprise Linux 9.5 (Plow)" + }, + { + "name": "syft:distro:versionID", + "value": "9.5" + } + ], + "swid": { + "name": "rhel", + "tagId": "rhel", + "version": "9.5" + }, + "type": "operating-system", + "version": "9.5" + } + ], + "metadata": { + "component": { + "bom-ref": "b44437b8fda849e7", + "name": "registry.access.redhat.com/ubi9/ubi-micro", + "type": "container", + "version": "9.5" + }, + "properties": [ + { + "name": "syft:image:labels:architecture", + "value": "x86_64" + }, + { + "name": "syft:image:labels:build-date", + "value": "2024-12-16T05:39:19Z" + }, + { + "name": "syft:image:labels:com.redhat.component", + "value": "ubi9-micro-container" + }, + { + "name": "syft:image:labels:com.redhat.license_terms", + "value": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" + }, + { + "name": "syft:image:labels:description", + "value": "Very small image which doesn't install the package manager." + }, + { + "name": "syft:image:labels:distribution-scope", + "value": "public" + }, + { + "name": "syft:image:labels:io.buildah.version", + "value": "1.38.0-dev" + }, + { + "name": "syft:image:labels:io.k8s.description", + "value": "Very small image which doesn't install the package manager." + }, + { + "name": "syft:image:labels:io.k8s.display-name", + "value": "Red Hat Universal Base Image 9 Micro" + }, + { + "name": "syft:image:labels:maintainer", + "value": "Red Hat, Inc." + }, + { + "name": "syft:image:labels:name", + "value": "ubi9/ubi-micro" + }, + { + "name": "syft:image:labels:release", + "value": "1734327559" + }, + { + "name": "syft:image:labels:summary", + "value": "ubi9 micro image" + }, + { + "name": "syft:image:labels:url", + "value": "https://www.redhat.com" + }, + { + "name": "syft:image:labels:vcs-ref", + "value": "251d41421265b744c32b334e1112a80c223f6089" + }, + { + "name": "syft:image:labels:vcs-type", + "value": "git" + }, + { + "name": "syft:image:labels:vendor", + "value": "Red Hat, Inc." + }, + { + "name": "syft:image:labels:version", + "value": "9.5" + } + ], + "timestamp": "2024-12-18T11:08:00+01:00", + "tools": { + "components": [ + { + "author": "anchore", + "name": "syft", + "type": "application", + "version": "1.4.1" + } + ] + } + }, + "serialNumber": "urn:uuid:1d823647-6b64-41b3-a29b-1d09cfb3ba8a", + "specVersion": "1.5", + "version": 1 +} diff --git a/sbom-utility-scripts/scripts/merge-sboms-script/test_data/cyclonedx/syft.merged-by-syft.bom.json b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/cyclonedx/syft.merged-by-syft.bom.json new file mode 100644 index 0000000..2724c41 --- /dev/null +++ b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/cyclonedx/syft.merged-by-syft.bom.json @@ -0,0 +1,8668 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "bomFormat": "CycloneDX", + "components": [ + { + "bom-ref": "pkg:golang/./terminaltor?package-id=fb7b11a4b3fddcb6", + "name": "./terminaltor", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/gomod-pandemonium.bom.json" + } + ], + "purl": "pkg:golang/./terminaltor", + "type": "library" + }, + { + "bom-ref": "pkg:golang/./weird?package-id=ab3afc436e9979e6", + "name": "./weird", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/gomod-pandemonium.bom.json" + } + ], + "purl": "pkg:golang/./weird", + "type": "library" + }, + { + "bom-ref": "pkg:npm/%40types/prop-types@15.7.5?package-id=3387493cfee00bd7", + "cpe": "cpe:2.3:a:\\@types\\/prop-types:\\@types\\/prop-types:15.7.5:*:*:*:*:*:*:*", + "name": "@types/prop-types", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/prop-types:\\@types\\/prop_types:15.7.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/prop_types:\\@types\\/prop-types:15.7.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/prop_types:\\@types\\/prop_types:15.7.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/prop:\\@types\\/prop-types:15.7.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/prop:\\@types\\/prop_types:15.7.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/prop-types:\\@types\\/prop-types:15.7.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/prop-types:\\@types\\/prop_types:15.7.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/prop_types:\\@types\\/prop-types:15.7.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/prop_types:\\@types\\/prop_types:15.7.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/prop:\\@types\\/prop-types:15.7.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/prop:\\@types\\/prop_types:15.7.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/%40types/prop-types@15.7.5", + "type": "library", + "version": "15.7.5" + }, + { + "bom-ref": "pkg:npm/%40types/react@18.0.35?package-id=a8aec5089a67807c", + "cpe": "cpe:2.3:a:\\@types\\/react:\\@types\\/react:18.0.35:*:*:*:*:*:*:*", + "name": "@types/react", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/react:\\@types\\/react:18.0.35:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/%40types/react@18.0.35", + "type": "library", + "version": "18.0.35" + }, + { + "bom-ref": "pkg:npm/%40types/react-dom@18.0.11?package-id=956e85c463e7efc6", + "cpe": "cpe:2.3:a:\\@types\\/react-dom:\\@types\\/react-dom:18.0.11:*:*:*:*:*:*:*", + "name": "@types/react-dom", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/react-dom:\\@types\\/react_dom:18.0.11:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/react_dom:\\@types\\/react-dom:18.0.11:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/react_dom:\\@types\\/react_dom:18.0.11:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/react:\\@types\\/react-dom:18.0.11:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/react:\\@types\\/react_dom:18.0.11:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/react-dom:\\@types\\/react-dom:18.0.11:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/react-dom:\\@types\\/react_dom:18.0.11:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/react_dom:\\@types\\/react-dom:18.0.11:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/react_dom:\\@types\\/react_dom:18.0.11:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/react:\\@types\\/react-dom:18.0.11:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/react:\\@types\\/react_dom:18.0.11:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/%40types/react-dom@18.0.11", + "type": "library", + "version": "18.0.11" + }, + { + "bom-ref": "pkg:npm/%40types/scheduler@0.16.3?package-id=efb014ec5ed9a643", + "cpe": "cpe:2.3:a:\\@types\\/scheduler:\\@types\\/scheduler:0.16.3:*:*:*:*:*:*:*", + "name": "@types/scheduler", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/scheduler:\\@types\\/scheduler:0.16.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/%40types/scheduler@0.16.3", + "type": "library", + "version": "0.16.3" + }, + { + "bom-ref": "pkg:npm/abbrev@2.0.0?package-id=e62b98c8ab05d587", + "cpe": "cpe:2.3:a:abbrev:abbrev:2.0.0:*:*:*:*:*:*:*", + "name": "abbrev", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:abbrev:abbrev:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/abbrev@2.0.0", + "type": "library", + "version": "2.0.0" + }, + { + "bom-ref": "pkg:npm/accepts@1.3.8?package-id=3a22edf55127c732", + "cpe": "cpe:2.3:a:accepts:accepts:1.3.8:*:*:*:*:*:*:*", + "name": "accepts", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:accepts:accepts:1.3.8:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/accepts@1.3.8", + "type": "library", + "version": "1.3.8" + }, + { + "bom-ref": "pkg:npm/array-flatten@1.1.1?package-id=19dd02b7b4e089a6", + "cpe": "cpe:2.3:a:array-flatten:array-flatten:1.1.1:*:*:*:*:*:*:*", + "name": "array-flatten", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:array-flatten:array_flatten:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:array_flatten:array-flatten:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:array_flatten:array_flatten:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:array:array-flatten:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:array:array_flatten:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:array-flatten:array-flatten:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:array-flatten:array_flatten:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:array_flatten:array-flatten:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:array_flatten:array_flatten:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:array:array-flatten:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:array:array_flatten:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/array-flatten@1.1.1", + "type": "library", + "version": "1.1.1" + }, + { + "bom-ref": "pkg:npm/bar?package-id=368880c15e7c6cb5", + "cpe": "cpe:2.3:a:bar:bar:*:*:*:*:*:*:*:*", + "name": "bar", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bar:bar:*:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/bar", + "type": "library" + }, + { + "bom-ref": "pkg:npm/bar@1.0.0?package-id=9cc7c48b54214fa1", + "cpe": "cpe:2.3:a:bar:bar:1.0.0:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "name": "bar", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bar:bar:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/bar@1.0.0", + "type": "library", + "version": "1.0.0" + }, + { + "bom-ref": "pkg:rpm/rhel/basesystem@11-13.el9?arch=noarch&upstream=basesystem-11-13.el9.src.rpm&distro=rhel-9.5&package-id=c5f52a38a9661dc3", + "cpe": "cpe:2.3:a:basesystem:basesystem:11-13.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "Public Domain" + } + } + ], + "name": "basesystem", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:basesystem:11-13.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:basesystem:basesystem:11-13.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:basesystem:11-13.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/ubi-micro.bom.json" + }, + { + "name": "syft:metadata:release", + "value": "13.el9" + }, + { + "name": "syft:metadata:size", + "value": "0" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "basesystem-11-13.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/basesystem@11-13.el9?arch=noarch&upstream=basesystem-11-13.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "11-13.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/bash@5.1.8-9.el9?arch=x86_64&upstream=bash-5.1.8-9.el9.src.rpm&distro=rhel-9.5&package-id=70bc982e916e30d4", + "cpe": "cpe:2.3:a:redhat:bash:5.1.8-9.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "GPLv3+" + } + } + ], + "name": "bash", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bash:bash:5.1.8-9.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:bash:5.1.8-9.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bash:bash:5.1.8-9.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/ubi-micro.bom.json" + }, + { + "name": "syft:metadata:release", + "value": "9.el9" + }, + { + "name": "syft:metadata:size", + "value": "7738778" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "bash-5.1.8-9.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/bash@5.1.8-9.el9?arch=x86_64&upstream=bash-5.1.8-9.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "5.1.8-9.el9" + }, + { + "bom-ref": "pkg:npm/bitbucket-cachi2-npm-without-deps@1.0.0?package-id=aadd10178a546334", + "cpe": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "name": "bitbucket-cachi2-npm-without-deps", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/bitbucket-cachi2-npm-without-deps@1.0.0", + "type": "library", + "version": "1.0.0" + }, + { + "bom-ref": "pkg:npm/bitbucket-cachi2-npm-without-deps-second@2.0.0?package-id=760f41e2ea84ee03", + "cpe": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps-second:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "name": "bitbucket-cachi2-npm-without-deps-second", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps-second:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps_second:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps_second:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps-second:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps-second:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps_second:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps_second:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/bitbucket-cachi2-npm-without-deps-second@2.0.0", + "type": "library", + "version": "2.0.0" + }, + { + "bom-ref": "pkg:npm/body-parser@1.20.1?package-id=00f9b883b75f5a82", + "cpe": "cpe:2.3:a:body-parser:body-parser:1.20.1:*:*:*:*:*:*:*", + "name": "body-parser", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:body-parser:body_parser:1.20.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:body_parser:body-parser:1.20.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:body_parser:body_parser:1.20.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:body:body-parser:1.20.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:body:body_parser:1.20.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:body-parser:body-parser:1.20.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:body-parser:body_parser:1.20.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:body_parser:body-parser:1.20.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:body_parser:body_parser:1.20.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:body:body-parser:1.20.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:body:body_parser:1.20.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/body-parser@1.20.1", + "type": "library", + "version": "1.20.1" + }, + { + "bom-ref": "pkg:npm/bytes@3.1.2?package-id=c9f13fce9bc7e204", + "cpe": "cpe:2.3:a:bytes:bytes:3.1.2:*:*:*:*:*:*:*", + "name": "bytes", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bytes:bytes:3.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/bytes@3.1.2", + "type": "library", + "version": "3.1.2" + }, + { + "bom-ref": "pkg:npm/cachito-npm-without-deps@1.0.0?package-id=1a33db62877d7a89", + "cpe": "cpe:2.3:a:cachito-npm-without-deps:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "name": "cachito-npm-without-deps", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-npm-without-deps:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_npm_without_deps:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_npm_without_deps:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-npm-without:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-npm-without:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_npm_without:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_npm_without:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-npm:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-npm:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_npm:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_npm:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-npm-without-deps:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-npm-without-deps:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_npm_without_deps:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_npm_without_deps:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-npm-without:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-npm-without:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_npm_without:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_npm_without:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-npm:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-npm:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_npm:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_npm:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/cachito-npm-without-deps@1.0.0", + "type": "library", + "version": "1.0.0" + }, + { + "bom-ref": "pkg:npm/call-bind@1.0.2?package-id=46c7592b837b8cf9", + "cpe": "cpe:2.3:a:call-bind:call-bind:1.0.2:*:*:*:*:*:*:*", + "name": "call-bind", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:call-bind:call_bind:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:call_bind:call-bind:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:call_bind:call_bind:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:call:call-bind:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:call:call_bind:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:call-bind:call-bind:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:call-bind:call_bind:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:call_bind:call-bind:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:call_bind:call_bind:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:call:call-bind:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:call:call_bind:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/call-bind@1.0.2", + "type": "library", + "version": "1.0.2" + }, + { + "bom-ref": "pkg:pypi/certifi@2022.12.7?package-id=08a5a5c65028c113", + "cpe": "cpe:2.3:a:kennethreitz:certifi:2022.12.7:*:*:*:*:python:*:*", + "name": "certifi", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "python" + }, + { + "name": "syft:package:type", + "value": "python" + }, + { + "name": "syft:package:metadataType", + "value": "python-pip-requirements-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:kennethreitz:certifi:2022.12.7:*:*:*:*:python:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/pip-e2e-test.bom.json" + } + ], + "purl": "pkg:pypi/certifi@2022.12.7", + "type": "library", + "version": "2022.12.7" + }, + { + "bom-ref": "pkg:pypi/charset-normalizer@3.0.1?package-id=b1da77d2ba479851", + "cpe": "cpe:2.3:a:python-charset-normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "name": "charset-normalizer", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "python" + }, + { + "name": "syft:package:type", + "value": "python" + }, + { + "name": "syft:package:metadataType", + "value": "python-pip-requirements-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset-normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset_normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset_normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset-normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset-normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset_normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset_normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset-normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset-normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset_normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset_normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset-normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset-normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset_normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset_normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset-normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset-normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset_normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset_normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset-normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset-normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset_normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset_normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset-normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset-normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset_normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset_normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset-normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset-normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset_normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset_normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/pip-e2e-test.bom.json" + } + ], + "purl": "pkg:pypi/charset-normalizer@3.0.1", + "type": "library", + "version": "3.0.1" + }, + { + "bom-ref": "pkg:npm/classnames@2.3.2?package-id=b520384d51550c55", + "cpe": "cpe:2.3:a:classnames:classnames:2.3.2:*:*:*:*:*:*:*", + "name": "classnames", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:classnames:classnames:2.3.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/classnames@2.3.2", + "type": "library", + "version": "2.3.2" + }, + { + "bom-ref": "pkg:npm/colors@1.4.0?package-id=cfd3cd0d8115caa9", + "cpe": "cpe:2.3:a:colors:colors:1.4.0:*:*:*:*:*:*:*", + "name": "colors", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:colors:colors:1.4.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/colors@1.4.0", + "type": "library", + "version": "1.4.0" + }, + { + "bom-ref": "pkg:npm/content-disposition@0.5.4?package-id=ce8679127adcf941", + "cpe": "cpe:2.3:a:content-disposition:content-disposition:0.5.4:*:*:*:*:*:*:*", + "name": "content-disposition", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content-disposition:content_disposition:0.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content_disposition:content-disposition:0.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content_disposition:content_disposition:0.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content:content-disposition:0.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content:content_disposition:0.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content-disposition:content-disposition:0.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content-disposition:content_disposition:0.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content_disposition:content-disposition:0.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content_disposition:content_disposition:0.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content:content-disposition:0.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content:content_disposition:0.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/content-disposition@0.5.4", + "type": "library", + "version": "0.5.4" + }, + { + "bom-ref": "pkg:npm/content-type@1.0.5?package-id=b530ee2bc415e683", + "cpe": "cpe:2.3:a:content-type:content-type:1.0.5:*:*:*:*:*:*:*", + "name": "content-type", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content-type:content_type:1.0.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content_type:content-type:1.0.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content_type:content_type:1.0.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content:content-type:1.0.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content:content_type:1.0.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content-type:content-type:1.0.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content-type:content_type:1.0.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content_type:content-type:1.0.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content_type:content_type:1.0.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content:content-type:1.0.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content:content_type:1.0.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/content-type@1.0.5", + "type": "library", + "version": "1.0.5" + }, + { + "bom-ref": "pkg:npm/cookie@0.5.0?package-id=d98a3175d3ef9789", + "cpe": "cpe:2.3:a:cookie:cookie:0.5.0:*:*:*:*:*:*:*", + "name": "cookie", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cookie:cookie:0.5.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/cookie@0.5.0", + "type": "library", + "version": "0.5.0" + }, + { + "bom-ref": "pkg:npm/cookie-signature@1.0.6?package-id=af290df53ebebf20", + "cpe": "cpe:2.3:a:cookie-signature_project:cookie-signature:1.0.6:*:*:*:*:node.js:*:*", + "name": "cookie-signature", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cookie-signature_project:cookie-signature:1.0.6:*:*:*:*:node.js:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/cookie-signature@1.0.6", + "type": "library", + "version": "1.0.6" + }, + { + "bom-ref": "pkg:rpm/rhel/coreutils-single@8.32-36.el9?arch=x86_64&upstream=coreutils-8.32-36.el9.src.rpm&distro=rhel-9.5&package-id=f26726f28e90ce75", + "cpe": "cpe:2.3:a:coreutils-single:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "GPLv3+" + } + } + ], + "name": "coreutils-single", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils-single:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils_single:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils_single:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils-single:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils-single:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils_single:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils_single:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/ubi-micro.bom.json" + }, + { + "name": "syft:metadata:release", + "value": "36.el9" + }, + { + "name": "syft:metadata:size", + "value": "1403137" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "coreutils-8.32-36.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/coreutils-single@8.32-36.el9?arch=x86_64&upstream=coreutils-8.32-36.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "8.32-36.el9" + }, + { + "bom-ref": "pkg:npm/csstype@3.1.2?package-id=8d912e34ab821891", + "cpe": "cpe:2.3:a:csstype:csstype:3.1.2:*:*:*:*:*:*:*", + "name": "csstype", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:csstype:csstype:3.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/csstype@3.1.2", + "type": "library", + "version": "3.1.2" + }, + { + "bom-ref": "pkg:npm/dateformat@5.0.3?package-id=3b4c263403d22a53", + "cpe": "cpe:2.3:a:dateformat:dateformat:5.0.3:*:*:*:*:*:*:*", + "name": "dateformat", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:dateformat:dateformat:5.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/dateformat@5.0.3", + "type": "library", + "version": "5.0.3" + }, + { + "bom-ref": "pkg:npm/debug@2.6.9?package-id=091b321c49f82c43", + "cpe": "cpe:2.3:a:debug_project:debug:2.6.9:*:*:*:*:node.js:*:*", + "name": "debug", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:debug_project:debug:2.6.9:*:*:*:*:node.js:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/debug@2.6.9", + "type": "library", + "version": "2.6.9" + }, + { + "bom-ref": "pkg:npm/depd@2.0.0?package-id=e9f678305c53cdbf", + "cpe": "cpe:2.3:a:depd:depd:2.0.0:*:*:*:*:*:*:*", + "name": "depd", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:depd:depd:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/depd@2.0.0", + "type": "library", + "version": "2.0.0" + }, + { + "bom-ref": "pkg:npm/destroy@1.2.0?package-id=fbffb336a86247c2", + "cpe": "cpe:2.3:a:destroy:destroy:1.2.0:*:*:*:*:*:*:*", + "name": "destroy", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:destroy:destroy:1.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/destroy@1.2.0", + "type": "library", + "version": "1.2.0" + }, + { + "bom-ref": "pkg:npm/ee-first@1.1.1?package-id=bef15d8ccf015568", + "cpe": "cpe:2.3:a:ee-first:ee-first:1.1.1:*:*:*:*:*:*:*", + "name": "ee-first", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ee-first:ee_first:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ee_first:ee-first:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ee_first:ee_first:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ee:ee-first:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ee:ee_first:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ee-first:ee-first:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ee-first:ee_first:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ee_first:ee-first:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ee_first:ee_first:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ee:ee-first:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ee:ee_first:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/ee-first@1.1.1", + "type": "library", + "version": "1.1.1" + }, + { + "bom-ref": "pkg:npm/eggs?package-id=142d0eddbed833d2", + "cpe": "cpe:2.3:a:eggs:eggs:*:*:*:*:*:*:*:*", + "name": "eggs", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:eggs:eggs:*:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/eggs", + "type": "library" + }, + { + "bom-ref": "pkg:npm/eggs-packages/eggs@1.0.0?package-id=af32220520b08aa3", + "cpe": "cpe:2.3:a:eggs-packages\\/eggs:eggs-packages\\/eggs:1.0.0:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "name": "eggs-packages/eggs", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:eggs-packages\\/eggs:eggs_packages\\/eggs:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:eggs_packages\\/eggs:eggs-packages\\/eggs:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:eggs_packages\\/eggs:eggs_packages\\/eggs:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:eggs:eggs-packages\\/eggs:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:eggs:eggs_packages\\/eggs:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:eggs-packages\\/eggs:eggs-packages\\/eggs:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:eggs-packages\\/eggs:eggs_packages\\/eggs:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:eggs_packages\\/eggs:eggs-packages\\/eggs:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:eggs_packages\\/eggs:eggs_packages\\/eggs:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:eggs:eggs-packages\\/eggs:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:eggs:eggs_packages\\/eggs:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/eggs-packages/eggs@1.0.0", + "type": "library", + "version": "1.0.0" + }, + { + "bom-ref": "pkg:npm/encodeurl@1.0.2?package-id=d48220f1b647e755", + "cpe": "cpe:2.3:a:encodeurl:encodeurl:1.0.2:*:*:*:*:*:*:*", + "name": "encodeurl", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:encodeurl:encodeurl:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/encodeurl@1.0.2", + "type": "library", + "version": "1.0.2" + }, + { + "bom-ref": "pkg:npm/escape-html@1.0.3?package-id=33a6c06cc98c0b7c", + "cpe": "cpe:2.3:a:escape-html:escape-html:1.0.3:*:*:*:*:*:*:*", + "name": "escape-html", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:escape-html:escape_html:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:escape_html:escape-html:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:escape_html:escape_html:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:escape:escape-html:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:escape:escape_html:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:escape-html:escape-html:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:escape-html:escape_html:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:escape_html:escape-html:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:escape_html:escape_html:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:escape:escape-html:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:escape:escape_html:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/escape-html@1.0.3", + "type": "library", + "version": "1.0.3" + }, + { + "bom-ref": "pkg:npm/etag@1.8.1?package-id=dced71f4a68973a3", + "cpe": "cpe:2.3:a:etag:etag:1.8.1:*:*:*:*:*:*:*", + "name": "etag", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:etag:etag:1.8.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/etag@1.8.1", + "type": "library", + "version": "1.8.1" + }, + { + "bom-ref": "pkg:npm/express@4.18.2?package-id=122b585f8d12c9ce", + "cpe": "cpe:2.3:a:openjsf:express:4.18.2:*:*:*:*:node.js:*:*", + "name": "express", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:openjsf:express:4.18.2:*:*:*:*:node.js:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/express@4.18.2", + "type": "library", + "version": "4.18.2" + }, + { + "bom-ref": "pkg:npm/fecha@4.2.3?package-id=6347af3150b728c1", + "cpe": "cpe:2.3:a:fecha:fecha:4.2.3:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "name": "fecha", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:fecha:fecha:4.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/fecha@4.2.3", + "type": "library", + "version": "4.2.3" + }, + { + "bom-ref": "pkg:rpm/rhel/filesystem@3.16-5.el9?arch=x86_64&upstream=filesystem-3.16-5.el9.src.rpm&distro=rhel-9.5&package-id=77424b7b1080bae1", + "cpe": "cpe:2.3:a:filesystem:filesystem:3.16-5.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "Public Domain" + } + } + ], + "name": "filesystem", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:filesystem:3.16-5.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:filesystem:filesystem:3.16-5.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:filesystem:3.16-5.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/ubi-micro.bom.json" + }, + { + "name": "syft:metadata:release", + "value": "5.el9" + }, + { + "name": "syft:metadata:size", + "value": "106" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "filesystem-3.16-5.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/filesystem@3.16-5.el9?arch=x86_64&upstream=filesystem-3.16-5.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "3.16-5.el9" + }, + { + "bom-ref": "pkg:npm/finalhandler@1.2.0?package-id=4af1ca2b917a868e", + "cpe": "cpe:2.3:a:finalhandler:finalhandler:1.2.0:*:*:*:*:*:*:*", + "name": "finalhandler", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:finalhandler:finalhandler:1.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/finalhandler@1.2.0", + "type": "library", + "version": "1.2.0" + }, + { + "bom-ref": "pkg:pypi/flit-core@3.8.0?package-id=35badae25108e596", + "cpe": "cpe:2.3:a:python-flit-core:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "name": "flit-core", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "python" + }, + { + "name": "syft:package:type", + "value": "python" + }, + { + "name": "syft:package:metadataType", + "value": "python-pip-requirements-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit-core:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit_core:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit_core:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit-core:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit-core:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit_core:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit_core:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit-core:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit-core:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit_core:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit_core:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit-core:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit-core:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit_core:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit_core:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit-core:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit-core:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit_core:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit_core:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit-core:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit-core:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit_core:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit_core:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit-core:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit-core:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit_core:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit_core:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit-core:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit-core:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit_core:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit_core:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/pip-e2e-test.bom.json" + } + ], + "purl": "pkg:pypi/flit-core@3.8.0", + "type": "library", + "version": "3.8.0" + }, + { + "bom-ref": "pkg:npm/foo?package-id=1bc5d5ebd9cb9e1c", + "cpe": "cpe:2.3:a:foo:foo:*:*:*:*:*:*:*:*", + "name": "foo", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:foo:foo:*:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/foo", + "type": "library" + }, + { + "bom-ref": "pkg:npm/foo@1.0.0?package-id=e577272d8af44a23", + "cpe": "cpe:2.3:a:foo:foo:1.0.0:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "name": "foo", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:foo:foo:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/foo@1.0.0", + "type": "library", + "version": "1.0.0" + }, + { + "bom-ref": "pkg:npm/forwarded@0.2.0?package-id=db65fc5672034b85", + "cpe": "cpe:2.3:a:forwarded_project:forwarded:0.2.0:*:*:*:*:node.js:*:*", + "name": "forwarded", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:forwarded_project:forwarded:0.2.0:*:*:*:*:node.js:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/forwarded@0.2.0", + "type": "library", + "version": "0.2.0" + }, + { + "bom-ref": "pkg:npm/fresh@0.5.2?package-id=f5e8d551c6d1ffe6", + "cpe": "cpe:2.3:a:fresh_project:fresh:0.5.2:*:*:*:*:node.js:*:*", + "name": "fresh", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:fresh_project:fresh:0.5.2:*:*:*:*:node.js:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/fresh@0.5.2", + "type": "library", + "version": "0.5.2" + }, + { + "bom-ref": "pkg:npm/function-bind@1.1.1?package-id=aa5fc677d9ca8c6f", + "cpe": "cpe:2.3:a:function-bind:function-bind:1.1.1:*:*:*:*:*:*:*", + "name": "function-bind", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:function-bind:function_bind:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:function_bind:function-bind:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:function_bind:function_bind:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:function:function-bind:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:function:function_bind:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:function-bind:function-bind:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:function-bind:function_bind:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:function_bind:function-bind:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:function_bind:function_bind:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:function:function-bind:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:function:function_bind:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/function-bind@1.1.1", + "type": "library", + "version": "1.1.1" + }, + { + "bom-ref": "pkg:npm/get-intrinsic@1.2.0?package-id=b47aa1419d831e03", + "cpe": "cpe:2.3:a:get-intrinsic:get-intrinsic:1.2.0:*:*:*:*:*:*:*", + "name": "get-intrinsic", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:get-intrinsic:get_intrinsic:1.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:get_intrinsic:get-intrinsic:1.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:get_intrinsic:get_intrinsic:1.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:get:get-intrinsic:1.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:get:get_intrinsic:1.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:get-intrinsic:get-intrinsic:1.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:get-intrinsic:get_intrinsic:1.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:get_intrinsic:get-intrinsic:1.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:get_intrinsic:get_intrinsic:1.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:get:get-intrinsic:1.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:get:get_intrinsic:1.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/get-intrinsic@1.2.0", + "type": "library", + "version": "1.2.0" + }, + { + "bom-ref": "pkg:golang/github.com/azure/go-ansiterm@v0.0.0-20210617225240-d185dfc1b5a1?package-id=e56101171f13c2dd", + "cpe": "cpe:2.3:a:Azure:go-ansiterm:v0.0.0-20210617225240-d185dfc1b5a1:*:*:*:*:*:*:*", + "name": "github.com/Azure/go-ansiterm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:Azure:go_ansiterm:v0.0.0-20210617225240-d185dfc1b5a1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:Azure:go-ansiterm:v0.0.0-20210617225240-d185dfc1b5a1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:Azure:go_ansiterm:v0.0.0-20210617225240-d185dfc1b5a1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/gomod-pandemonium.bom.json" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=" + } + ], + "purl": "pkg:golang/github.com/Azure/go-ansiterm@v0.0.0-20210617225240-d185dfc1b5a1", + "type": "library", + "version": "v0.0.0-20210617225240-d185dfc1b5a1" + }, + { + "bom-ref": "pkg:golang/github.com/azure/go-ansiterm@v0.0.0-20210617225240-d185dfc1b5a1?package-id=2a664fb25458fc56", + "cpe": "cpe:2.3:a:Azure:go-ansiterm:v0.0.0-20210617225240-d185dfc1b5a1:*:*:*:*:*:*:*", + "name": "github.com/Azure/go-ansiterm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:Azure:go_ansiterm:v0.0.0-20210617225240-d185dfc1b5a1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:Azure:go-ansiterm:v0.0.0-20210617225240-d185dfc1b5a1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:Azure:go_ansiterm:v0.0.0-20210617225240-d185dfc1b5a1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/gomod-pandemonium.bom.json" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=" + } + ], + "purl": "pkg:golang/github.com/Azure/go-ansiterm@v0.0.0-20210617225240-d185dfc1b5a1", + "type": "library", + "version": "v0.0.0-20210617225240-d185dfc1b5a1" + }, + { + "bom-ref": "pkg:golang/github.com/masterminds/semver@v1.4.2?package-id=354d8d82b2da8793", + "cpe": "cpe:2.3:a:Masterminds:semver:v1.4.2:*:*:*:*:*:*:*", + "name": "github.com/Masterminds/semver", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:Masterminds:semver:v1.4.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/gomod-pandemonium.bom.json" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:WBLTQ37jOCzSLtXNdoo8bNM8876KhNqOKvrlGITgsTc=" + } + ], + "purl": "pkg:golang/github.com/Masterminds/semver@v1.4.2", + "type": "library", + "version": "v1.4.2" + }, + { + "bom-ref": "pkg:golang/github.com/microsoft/go-winio@v0.6.0?package-id=c2a50d97cb0e4bfc", + "cpe": "cpe:2.3:a:Microsoft:go-winio:v0.6.0:*:*:*:*:*:*:*", + "name": "github.com/Microsoft/go-winio", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:Microsoft:go_winio:v0.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:Microsoft:go-winio:v0.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:Microsoft:go_winio:v0.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/gomod-pandemonium.bom.json" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=" + } + ], + "purl": "pkg:golang/github.com/Microsoft/go-winio@v0.6.0", + "type": "library", + "version": "v0.6.0" + }, + { + "bom-ref": "pkg:golang/github.com/cachito-testing/gomod-pandemonium@v0.0.0?package-id=146c86ecdbb0cfe7#terminaltor", + "cpe": "cpe:2.3:a:cachito-testing:gomod-pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*", + "name": "github.com/cachito-testing/gomod-pandemonium/terminaltor", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-testing:gomod_pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_testing:gomod-pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_testing:gomod_pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito:gomod-pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito:gomod_pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-testing:gomod-pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-testing:gomod_pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_testing:gomod-pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_testing:gomod_pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito:gomod-pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito:gomod_pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/gomod-pandemonium.bom.json" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/gomod-pandemonium@v0.0.0#terminaltor", + "type": "library", + "version": "v0.0.0" + }, + { + "bom-ref": "pkg:golang/github.com/cachito-testing/gomod-pandemonium@v0.0.0?package-id=fa2ffebd22241e0d#weird", + "cpe": "cpe:2.3:a:cachito-testing:gomod-pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*", + "name": "github.com/cachito-testing/gomod-pandemonium/weird", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-testing:gomod_pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_testing:gomod-pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_testing:gomod_pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito:gomod-pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito:gomod_pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-testing:gomod-pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-testing:gomod_pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_testing:gomod-pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_testing:gomod_pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito:gomod-pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito:gomod_pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/gomod-pandemonium.bom.json" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/gomod-pandemonium@v0.0.0#weird", + "type": "library", + "version": "v0.0.0" + }, + { + "bom-ref": "pkg:golang/github.com/cachito-testing/retrodep@v2.1.1?package-id=6db993d8ef0e368a#v2", + "cpe": "cpe:2.3:a:cachito-testing:retrodep\\/v2:v2.1.1:*:*:*:*:*:*:*", + "name": "github.com/cachito-testing/retrodep/v2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_testing:retrodep\\/v2:v2.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito:retrodep\\/v2:v2.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-testing:retrodep\\/v2:v2.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_testing:retrodep\\/v2:v2.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito:retrodep\\/v2:v2.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/gomod-pandemonium.bom.json" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:inziEuX1Zo/BJv1pgZ2tRPltfQVJaVpRmIlsomaKMb0=" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/retrodep@v2.1.1#v2", + "type": "library", + "version": "v2.1.1" + }, + { + "bom-ref": "pkg:golang/github.com/go-logr/logr@v1.2.3?package-id=b07c55dbe14eb54f", + "cpe": "cpe:2.3:a:go-logr:logr:v1.2.3:*:*:*:*:*:*:*", + "name": "github.com/go-logr/logr", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go_logr:logr:v1.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go:logr:v1.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go-logr:logr:v1.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go_logr:logr:v1.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go:logr:v1.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/gomod-pandemonium.bom.json" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=" + } + ], + "purl": "pkg:golang/github.com/go-logr/logr@v1.2.3", + "type": "library", + "version": "v1.2.3" + }, + { + "bom-ref": "pkg:golang/github.com/go-task/slim-sprig@v0.0.0-20230315185526-52ccab3ef572?package-id=09ce847851ef4807", + "cpe": "cpe:2.3:a:go-task:slim-sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*", + "name": "github.com/go-task/slim-sprig", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go-task:slim_sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go_task:slim-sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go_task:slim_sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go:slim-sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go:slim_sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go-task:slim-sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go-task:slim_sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go_task:slim-sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go_task:slim_sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go:slim-sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go:slim_sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/gomod-pandemonium.bom.json" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=" + } + ], + "purl": "pkg:golang/github.com/go-task/slim-sprig@v0.0.0-20230315185526-52ccab3ef572", + "type": "library", + "version": "v0.0.0-20230315185526-52ccab3ef572" + }, + { + "bom-ref": "pkg:golang/github.com/google/go-cmp@v0.5.9?package-id=c2740da0f3c011dc", + "cpe": "cpe:2.3:a:google:go-cmp:v0.5.9:*:*:*:*:*:*:*", + "name": "github.com/google/go-cmp", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:google:go_cmp:v0.5.9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:google:go-cmp:v0.5.9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:google:go_cmp:v0.5.9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/gomod-pandemonium.bom.json" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=" + } + ], + "purl": "pkg:golang/github.com/google/go-cmp@v0.5.9", + "type": "library", + "version": "v0.5.9" + }, + { + "bom-ref": "pkg:golang/github.com/google/pprof@v0.0.0-20210407192527-94a9f03dee38?package-id=768bdea76795da5e", + "cpe": "cpe:2.3:a:google:pprof:v0.0.0-20210407192527-94a9f03dee38:*:*:*:*:*:*:*", + "name": "github.com/google/pprof", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:google:pprof:v0.0.0-20210407192527-94a9f03dee38:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/gomod-pandemonium.bom.json" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:yAJXTCF9TqKcTiHJAE8dj7HMvPfh66eeA2JYW7eFpSE=" + } + ], + "purl": "pkg:golang/github.com/google/pprof@v0.0.0-20210407192527-94a9f03dee38", + "type": "library", + "version": "v0.0.0-20210407192527-94a9f03dee38" + }, + { + "bom-ref": "pkg:golang/github.com/moby/term@v0.0.0-20221205130635-1aeaba878587?package-id=16768dd257ca9ea1", + "cpe": "cpe:2.3:a:moby:term:v0.0.0-20221205130635-1aeaba878587:*:*:*:*:*:*:*", + "name": "github.com/moby/term", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:moby:term:v0.0.0-20221205130635-1aeaba878587:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/gomod-pandemonium.bom.json" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA=" + } + ], + "purl": "pkg:golang/github.com/moby/term@v0.0.0-20221205130635-1aeaba878587", + "type": "library", + "version": "v0.0.0-20221205130635-1aeaba878587" + }, + { + "bom-ref": "pkg:golang/github.com/moby/term@v0.0.0-20221205130635-1aeaba878587?package-id=555434403d475809", + "cpe": "cpe:2.3:a:moby:term:v0.0.0-20221205130635-1aeaba878587:*:*:*:*:*:*:*", + "name": "github.com/moby/term", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:moby:term:v0.0.0-20221205130635-1aeaba878587:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/gomod-pandemonium.bom.json" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA=" + } + ], + "purl": "pkg:golang/github.com/moby/term@v0.0.0-20221205130635-1aeaba878587", + "type": "library", + "version": "v0.0.0-20221205130635-1aeaba878587" + }, + { + "bom-ref": "pkg:golang/github.com/onsi/ginkgo@v2.9.2?package-id=dbe722f079d05fed#v2", + "cpe": "cpe:2.3:a:onsi:ginkgo\\/v2:v2.9.2:*:*:*:*:*:*:*", + "name": "github.com/onsi/ginkgo/v2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:onsi:ginkgo\\/v2:v2.9.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/gomod-pandemonium.bom.json" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:BA2GMJOtfGAfagzYtrAlufIP0lq6QERkFmHLMLPwFSU=" + } + ], + "purl": "pkg:golang/github.com/onsi/ginkgo@v2.9.2#v2", + "type": "library", + "version": "v2.9.2" + }, + { + "bom-ref": "pkg:golang/github.com/onsi/gomega@v1.27.4?package-id=33a8824de4d78c9f", + "cpe": "cpe:2.3:a:onsi:gomega:v1.27.4:*:*:*:*:*:*:*", + "name": "github.com/onsi/gomega", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:onsi:gomega:v1.27.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/gomod-pandemonium.bom.json" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:Z2AnStgsdSayCMDiCU42qIz+HLqEPcgiOCXjAU/w+8E=" + } + ], + "purl": "pkg:golang/github.com/onsi/gomega@v1.27.4", + "type": "library", + "version": "v1.27.4" + }, + { + "bom-ref": "pkg:golang/github.com/op/go-logging@v0.0.0-20160315200505-970db520ece7?package-id=d053202ebaedc3aa", + "cpe": "cpe:2.3:a:op:go-logging:v0.0.0-20160315200505-970db520ece7:*:*:*:*:*:*:*", + "name": "github.com/op/go-logging", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:op:go_logging:v0.0.0-20160315200505-970db520ece7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:op:go-logging:v0.0.0-20160315200505-970db520ece7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:op:go_logging:v0.0.0-20160315200505-970db520ece7:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/gomod-pandemonium.bom.json" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:lDH9UUVJtmYCjyT0CI4q8xvlXPxeZ0gYCVvWbmPlp88=" + } + ], + "purl": "pkg:golang/github.com/op/go-logging@v0.0.0-20160315200505-970db520ece7", + "type": "library", + "version": "v0.0.0-20160315200505-970db520ece7" + }, + { + "bom-ref": "pkg:golang/github.com/pkg/errors@v0.8.1?package-id=e9a30d103cc846e1", + "cpe": "cpe:2.3:a:pkg:errors:v0.8.1:*:*:*:*:*:*:*", + "name": "github.com/pkg/errors", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pkg:errors:v0.8.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/gomod-pandemonium.bom.json" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=" + } + ], + "purl": "pkg:golang/github.com/pkg/errors@v0.8.1", + "type": "library", + "version": "v0.8.1" + }, + { + "bom-ref": "pkg:golang/github.com/release-engineering/retrodep@v2.1.0?package-id=b1aab99da74371f7#v2", + "cpe": "cpe:2.3:a:release-engineering:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*", + "name": "github.com/release-engineering/retrodep/v2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:release_engineering:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:release:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:release-engineering:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:release_engineering:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:release:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/gomod-pandemonium.bom.json" + } + ], + "purl": "pkg:golang/github.com/release-engineering/retrodep@v2.1.0#v2", + "type": "library", + "version": "v2.1.0" + }, + { + "bom-ref": "pkg:rpm/rhel/glibc@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5&package-id=9489b86e448d8dfd", + "cpe": "cpe:2.3:a:redhat:glibc:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + } + } + ], + "name": "glibc", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:glibc:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/ubi-micro.bom.json" + }, + { + "name": "syft:metadata:release", + "value": "125.el9_5.1" + }, + { + "name": "syft:metadata:size", + "value": "6430227" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "glibc-2.34-125.el9_5.1.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/glibc@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2.34-125.el9_5.1" + }, + { + "bom-ref": "pkg:rpm/rhel/glibc-common@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5&package-id=311b45c789b83bf4", + "cpe": "cpe:2.3:a:glibc-common:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + } + } + ], + "name": "glibc-common", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-common:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_common:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_common:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-common:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-common:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_common:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_common:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/ubi-micro.bom.json" + }, + { + "name": "syft:metadata:release", + "value": "125.el9_5.1" + }, + { + "name": "syft:metadata:size", + "value": "1083649" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "glibc-2.34-125.el9_5.1.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/glibc-common@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2.34-125.el9_5.1" + }, + { + "bom-ref": "pkg:rpm/rhel/glibc-minimal-langpack@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5&package-id=987fcae5ecc095f4", + "cpe": "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + } + } + ], + "name": "glibc-minimal-langpack", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/ubi-micro.bom.json" + }, + { + "name": "syft:metadata:release", + "value": "125.el9_5.1" + }, + { + "name": "syft:metadata:size", + "value": "0" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "glibc-2.34-125.el9_5.1.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/glibc-minimal-langpack@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2.34-125.el9_5.1" + }, + { + "bom-ref": "pkg:golang/golang.org/x/mod@v0.9.0?package-id=23b7926420819455", + "cpe": "cpe:2.3:a:golang:x\\/mod:v0.9.0:*:*:*:*:*:*:*", + "name": "golang.org/x/mod", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:golang:x\\/mod:v0.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/gomod-pandemonium.bom.json" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:KENHtAZL2y3NLMYZeHY9DW8HW8V+kQyJsY/V9JlKvCs=" + } + ], + "purl": "pkg:golang/golang.org/x/mod@v0.9.0", + "type": "library", + "version": "v0.9.0" + }, + { + "bom-ref": "pkg:golang/golang.org/x/net@v0.8.0?package-id=22fa1122214f7ae2", + "cpe": "cpe:2.3:a:golang:networking:v0.8.0:*:*:*:*:go:*:*", + "name": "golang.org/x/net", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:golang:networking:v0.8.0:*:*:*:*:go:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/gomod-pandemonium.bom.json" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=" + } + ], + "purl": "pkg:golang/golang.org/x/net@v0.8.0", + "type": "library", + "version": "v0.8.0" + }, + { + "bom-ref": "pkg:golang/golang.org/x/sys@v0.6.0?package-id=bf14db941e01d41c", + "cpe": "cpe:2.3:a:golang:x\\/sys:v0.6.0:*:*:*:*:*:*:*", + "name": "golang.org/x/sys", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:golang:x\\/sys:v0.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/gomod-pandemonium.bom.json" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=" + } + ], + "purl": "pkg:golang/golang.org/x/sys@v0.6.0", + "type": "library", + "version": "v0.6.0" + }, + { + "bom-ref": "pkg:golang/golang.org/x/sys@v0.6.0?package-id=16865a35dc8ec832", + "cpe": "cpe:2.3:a:golang:x\\/sys:v0.6.0:*:*:*:*:*:*:*", + "name": "golang.org/x/sys", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:golang:x\\/sys:v0.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/gomod-pandemonium.bom.json" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=" + } + ], + "purl": "pkg:golang/golang.org/x/sys@v0.6.0", + "type": "library", + "version": "v0.6.0" + }, + { + "bom-ref": "pkg:golang/golang.org/x/text@v0.8.0?package-id=5f5f28df2a89cd2b", + "cpe": "cpe:2.3:a:golang:text:v0.8.0:*:*:*:*:*:*:*", + "name": "golang.org/x/text", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:golang:text:v0.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/gomod-pandemonium.bom.json" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=" + } + ], + "purl": "pkg:golang/golang.org/x/text@v0.8.0", + "type": "library", + "version": "v0.8.0" + }, + { + "bom-ref": "pkg:golang/golang.org/x/tools@v0.7.0?package-id=f249a74f177d2a78", + "cpe": "cpe:2.3:a:golang:x\\/tools:v0.7.0:*:*:*:*:*:*:*", + "name": "golang.org/x/tools", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:golang:x\\/tools:v0.7.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/gomod-pandemonium.bom.json" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4=" + } + ], + "purl": "pkg:golang/golang.org/x/tools@v0.7.0", + "type": "library", + "version": "v0.7.0" + }, + { + "bom-ref": "pkg:golang/gopkg.in/yaml.v2@v2.2.2?package-id=c743bd971b07bf7f", + "name": "gopkg.in/yaml.v2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/gomod-pandemonium.bom.json" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=" + } + ], + "purl": "pkg:golang/gopkg.in/yaml.v2@v2.2.2", + "type": "library", + "version": "v2.2.2" + }, + { + "bom-ref": "pkg:golang/gopkg.in/yaml.v3@v3.0.1?package-id=716c668b92999095", + "cpe": "cpe:2.3:a:yaml_project:yaml:v3.0.1:*:*:*:*:go:*:*", + "name": "gopkg.in/yaml.v3", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:yaml_project:yaml:v3.0.1:*:*:*:*:go:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/gomod-pandemonium.bom.json" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=" + } + ], + "purl": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", + "type": "library", + "version": "v3.0.1" + }, + { + "bom-ref": "pkg:rpm/rhel/gpg-pubkey@5a6340b3-6229229e?distro=rhel-9.5&package-id=6f295cf72da6a770", + "cpe": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "pubkey" + } + } + ], + "name": "gpg-pubkey", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg-pubkey:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg_pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg_pubkey:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg-pubkey:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg_pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg_pubkey:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/ubi-micro.bom.json" + }, + { + "name": "syft:metadata:release", + "value": "6229229e" + }, + { + "name": "syft:metadata:size", + "value": "0" + } + ], + "purl": "pkg:rpm/rhel/gpg-pubkey@5a6340b3-6229229e?distro=rhel-9.5", + "type": "library", + "version": "5a6340b3-6229229e" + }, + { + "bom-ref": "pkg:rpm/rhel/gpg-pubkey@fd431d51-4ae0493b?distro=rhel-9.5&package-id=c388b788c5f4618d", + "cpe": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "pubkey" + } + } + ], + "name": "gpg-pubkey", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg-pubkey:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg_pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg_pubkey:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg-pubkey:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg_pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg_pubkey:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/ubi-micro.bom.json" + }, + { + "name": "syft:metadata:release", + "value": "4ae0493b" + }, + { + "name": "syft:metadata:size", + "value": "0" + } + ], + "purl": "pkg:rpm/rhel/gpg-pubkey@fd431d51-4ae0493b?distro=rhel-9.5", + "type": "library", + "version": "fd431d51-4ae0493b" + }, + { + "bom-ref": "pkg:npm/has@1.0.3?package-id=149e0ee0e9687231", + "cpe": "cpe:2.3:a:has:has:1.0.3:*:*:*:*:*:*:*", + "name": "has", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:has:has:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/has@1.0.3", + "type": "library", + "version": "1.0.3" + }, + { + "bom-ref": "pkg:npm/has-symbols@1.0.3?package-id=690f05395fc975d7", + "cpe": "cpe:2.3:a:has-symbols:has-symbols:1.0.3:*:*:*:*:*:*:*", + "name": "has-symbols", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:has-symbols:has_symbols:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:has_symbols:has-symbols:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:has_symbols:has_symbols:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:has:has-symbols:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:has:has_symbols:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:has-symbols:has-symbols:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:has-symbols:has_symbols:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:has_symbols:has-symbols:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:has_symbols:has_symbols:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:has:has-symbols:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:has:has_symbols:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/has-symbols@1.0.3", + "type": "library", + "version": "1.0.3" + }, + { + "bom-ref": "pkg:npm/http-errors@2.0.0?package-id=ab2edf7a826d7279", + "cpe": "cpe:2.3:a:http-errors:http-errors:2.0.0:*:*:*:*:*:*:*", + "name": "http-errors", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:http-errors:http_errors:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:http_errors:http-errors:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:http_errors:http_errors:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:http:http-errors:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:http:http_errors:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:http-errors:http-errors:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:http-errors:http_errors:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:http_errors:http-errors:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:http_errors:http_errors:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:http:http-errors:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:http:http_errors:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/http-errors@2.0.0", + "type": "library", + "version": "2.0.0" + }, + { + "bom-ref": "pkg:npm/iconv-lite@0.4.24?package-id=5bb6c83eba66abb3", + "cpe": "cpe:2.3:a:iconv-lite:iconv-lite:0.4.24:*:*:*:*:*:*:*", + "name": "iconv-lite", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:iconv-lite:iconv_lite:0.4.24:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:iconv_lite:iconv-lite:0.4.24:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:iconv_lite:iconv_lite:0.4.24:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:iconv:iconv-lite:0.4.24:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:iconv:iconv_lite:0.4.24:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:iconv-lite:iconv-lite:0.4.24:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:iconv-lite:iconv_lite:0.4.24:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:iconv_lite:iconv-lite:0.4.24:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:iconv_lite:iconv_lite:0.4.24:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:iconv:iconv-lite:0.4.24:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:iconv:iconv_lite:0.4.24:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/iconv-lite@0.4.24", + "type": "library", + "version": "0.4.24" + }, + { + "bom-ref": "pkg:pypi/idna@3.4?package-id=e9f54a59d1909c7a", + "cpe": "cpe:2.3:a:python-idna:python-idna:3.4:*:*:*:*:*:*:*", + "name": "idna", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "python" + }, + { + "name": "syft:package:type", + "value": "python" + }, + { + "name": "syft:package:metadataType", + "value": "python-pip-requirements-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-idna:python_idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_idna:python-idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_idna:python_idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python-idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python_idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:idna:python-idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:idna:python_idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-idna:idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_idna:idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:idna:idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-idna:python-idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-idna:python_idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_idna:python-idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_idna:python_idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python-idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python_idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:idna:python-idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:idna:python_idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-idna:idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_idna:idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:idna:idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/pip-e2e-test.bom.json" + } + ], + "purl": "pkg:pypi/idna@3.4", + "type": "library", + "version": "3.4" + }, + { + "bom-ref": "pkg:npm/inherits@2.0.4?package-id=5be7936772345127", + "cpe": "cpe:2.3:a:inherits:inherits:2.0.4:*:*:*:*:*:*:*", + "name": "inherits", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:inherits:inherits:2.0.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/inherits@2.0.4", + "type": "library", + "version": "2.0.4" + }, + { + "bom-ref": "pkg:npm/ipaddr.js@1.9.1?package-id=2ebe9abbf160c7ad", + "cpe": "cpe:2.3:a:ipaddr.js:ipaddr.js:1.9.1:*:*:*:*:*:*:*", + "name": "ipaddr.js", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ipaddr.js:ipaddr.js:1.9.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/ipaddr.js@1.9.1", + "type": "library", + "version": "1.9.1" + }, + { + "bom-ref": "pkg:npm/is-positive@3.1.0?package-id=e55cbb8da65684d0", + "cpe": "cpe:2.3:a:is-positive:is-positive:3.1.0:*:*:*:*:*:*:*", + "name": "is-positive", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:is-positive:is_positive:3.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:is_positive:is-positive:3.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:is_positive:is_positive:3.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:is:is-positive:3.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:is:is_positive:3.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:is-positive:is-positive:3.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:is-positive:is_positive:3.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:is_positive:is-positive:3.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:is_positive:is_positive:3.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:is:is-positive:3.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:is:is_positive:3.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/is-positive@3.1.0", + "type": "library", + "version": "3.1.0" + }, + { + "bom-ref": "pkg:rpm/rhel/libacl@2.3.1-4.el9?arch=x86_64&upstream=acl-2.3.1-4.el9.src.rpm&distro=rhel-9.5&package-id=595e70db205f0935", + "cpe": "cpe:2.3:a:libacl:libacl:2.3.1-4.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "name": "libacl", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libacl:2.3.1-4.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libacl:libacl:2.3.1-4.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libacl:2.3.1-4.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/ubi-micro.bom.json" + }, + { + "name": "syft:metadata:release", + "value": "4.el9" + }, + { + "name": "syft:metadata:size", + "value": "40554" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "acl-2.3.1-4.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/libacl@2.3.1-4.el9?arch=x86_64&upstream=acl-2.3.1-4.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2.3.1-4.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/libattr@2.5.1-3.el9?arch=x86_64&upstream=attr-2.5.1-3.el9.src.rpm&distro=rhel-9.5&package-id=f22ce785f4cb2598", + "cpe": "cpe:2.3:a:libattr:libattr:2.5.1-3.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "name": "libattr", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libattr:2.5.1-3.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libattr:libattr:2.5.1-3.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libattr:2.5.1-3.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/ubi-micro.bom.json" + }, + { + "name": "syft:metadata:release", + "value": "3.el9" + }, + { + "name": "syft:metadata:size", + "value": "29429" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "attr-2.5.1-3.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/libattr@2.5.1-3.el9?arch=x86_64&upstream=attr-2.5.1-3.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2.5.1-3.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/libcap@2.48-9.el9_2?arch=x86_64&upstream=libcap-2.48-9.el9_2.src.rpm&distro=rhel-9.5&package-id=834f8cbd6a96a118", + "cpe": "cpe:2.3:a:libcap:libcap:2.48-9.el9_2:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "BSD or GPLv2" + } + } + ], + "name": "libcap", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libcap:2.48-9.el9_2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcap:libcap:2.48-9.el9_2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libcap:2.48-9.el9_2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/ubi-micro.bom.json" + }, + { + "name": "syft:metadata:release", + "value": "9.el9_2" + }, + { + "name": "syft:metadata:size", + "value": "177471" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libcap-2.48-9.el9_2.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/libcap@2.48-9.el9_2?arch=x86_64&upstream=libcap-2.48-9.el9_2.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2.48-9.el9_2" + }, + { + "bom-ref": "pkg:rpm/rhel/libgcc@11.5.0-2.el9?arch=x86_64&upstream=gcc-11.5.0-2.el9.src.rpm&distro=rhel-9.5&package-id=036d41cc6ce4f88a", + "cpe": "cpe:2.3:a:libgcc:libgcc:11.5.0-2.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + } + } + ], + "name": "libgcc", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libgcc:11.5.0-2.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libgcc:libgcc:11.5.0-2.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libgcc:11.5.0-2.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/ubi-micro.bom.json" + }, + { + "name": "syft:metadata:release", + "value": "2.el9" + }, + { + "name": "syft:metadata:size", + "value": "198756" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "gcc-11.5.0-2.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/libgcc@11.5.0-2.el9?arch=x86_64&upstream=gcc-11.5.0-2.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "11.5.0-2.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/libselinux@3.6-1.el9?arch=x86_64&upstream=libselinux-3.6-1.el9.src.rpm&distro=rhel-9.5&package-id=757b3ad6c9f342ff", + "cpe": "cpe:2.3:a:libselinux:libselinux:3.6-1.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "Public Domain" + } + } + ], + "name": "libselinux", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libselinux:3.6-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libselinux:libselinux:3.6-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libselinux:3.6-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/ubi-micro.bom.json" + }, + { + "name": "syft:metadata:release", + "value": "1.el9" + }, + { + "name": "syft:metadata:size", + "value": "176853" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libselinux-3.6-1.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/libselinux@3.6-1.el9?arch=x86_64&upstream=libselinux-3.6-1.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "3.6-1.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/libsepol@3.6-1.el9?arch=x86_64&upstream=libsepol-3.6-1.el9.src.rpm&distro=rhel-9.5&package-id=e2f6759466eb7d48", + "cpe": "cpe:2.3:a:libsepol:libsepol:3.6-1.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "name": "libsepol", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libsepol:3.6-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libsepol:libsepol:3.6-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libsepol:3.6-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/ubi-micro.bom.json" + }, + { + "name": "syft:metadata:release", + "value": "1.el9" + }, + { + "name": "syft:metadata:size", + "value": "829251" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libsepol-3.6-1.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/libsepol@3.6-1.el9?arch=x86_64&upstream=libsepol-3.6-1.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "3.6-1.el9" + }, + { + "bom-ref": "pkg:npm/media-typer@0.3.0?package-id=857d061d3520bfea", + "cpe": "cpe:2.3:a:media-typer:media-typer:0.3.0:*:*:*:*:*:*:*", + "name": "media-typer", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:media-typer:media_typer:0.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:media_typer:media-typer:0.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:media_typer:media_typer:0.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:media:media-typer:0.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:media:media_typer:0.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:media-typer:media-typer:0.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:media-typer:media_typer:0.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:media_typer:media-typer:0.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:media_typer:media_typer:0.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:media:media-typer:0.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:media:media_typer:0.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/media-typer@0.3.0", + "type": "library", + "version": "0.3.0" + }, + { + "bom-ref": "pkg:npm/merge-descriptors@1.0.1?package-id=f573f4660f18975b", + "cpe": "cpe:2.3:a:merge-descriptors:merge-descriptors:1.0.1:*:*:*:*:*:*:*", + "name": "merge-descriptors", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:merge-descriptors:merge_descriptors:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:merge_descriptors:merge-descriptors:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:merge_descriptors:merge_descriptors:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:merge:merge-descriptors:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:merge:merge_descriptors:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:merge-descriptors:merge-descriptors:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:merge-descriptors:merge_descriptors:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:merge_descriptors:merge-descriptors:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:merge_descriptors:merge_descriptors:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:merge:merge-descriptors:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:merge:merge_descriptors:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/merge-descriptors@1.0.1", + "type": "library", + "version": "1.0.1" + }, + { + "bom-ref": "pkg:npm/methods@1.1.2?package-id=e96d320d97976c3b", + "cpe": "cpe:2.3:a:methods:methods:1.1.2:*:*:*:*:*:*:*", + "name": "methods", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:methods:methods:1.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/methods@1.1.2", + "type": "library", + "version": "1.1.2" + }, + { + "bom-ref": "pkg:npm/mime@1.6.0?package-id=a76ea7b1648dc130", + "cpe": "cpe:2.3:a:mime_project:mime:1.6.0:*:*:*:*:node.js:*:*", + "name": "mime", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime_project:mime:1.6.0:*:*:*:*:node.js:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/mime@1.6.0", + "type": "library", + "version": "1.6.0" + }, + { + "bom-ref": "pkg:npm/mime-db@1.52.0?package-id=e2f92ca70689476e", + "cpe": "cpe:2.3:a:mime-db:mime-db:1.52.0:*:*:*:*:*:*:*", + "name": "mime-db", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime-db:mime_db:1.52.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime_db:mime-db:1.52.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime_db:mime_db:1.52.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime:mime-db:1.52.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime:mime_db:1.52.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime-db:mime-db:1.52.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime-db:mime_db:1.52.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime_db:mime-db:1.52.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime_db:mime_db:1.52.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime:mime-db:1.52.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime:mime_db:1.52.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/mime-db@1.52.0", + "type": "library", + "version": "1.52.0" + }, + { + "bom-ref": "pkg:npm/mime-types@2.1.35?package-id=1664d4cff86dc355", + "cpe": "cpe:2.3:a:mime-types:mime-types:2.1.35:*:*:*:*:*:*:*", + "name": "mime-types", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime-types:mime_types:2.1.35:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime_types:mime-types:2.1.35:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime_types:mime_types:2.1.35:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime:mime-types:2.1.35:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime:mime_types:2.1.35:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime-types:mime-types:2.1.35:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime-types:mime_types:2.1.35:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime_types:mime-types:2.1.35:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime_types:mime_types:2.1.35:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime:mime-types:2.1.35:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime:mime_types:2.1.35:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/mime-types@2.1.35", + "type": "library", + "version": "2.1.35" + }, + { + "bom-ref": "pkg:npm/ms@2.0.0?package-id=881f5fcf4480ac75", + "cpe": "cpe:2.3:a:vercel:ms:2.0.0:*:*:*:*:node.js:*:*", + "name": "ms", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:vercel:ms:2.0.0:*:*:*:*:node.js:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/ms@2.0.0", + "type": "library", + "version": "2.0.0" + }, + { + "bom-ref": "pkg:npm/ms@2.1.3?package-id=68364be3a7b4e493", + "cpe": "cpe:2.3:a:vercel:ms:2.1.3:*:*:*:*:node.js:*:*", + "name": "ms", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:vercel:ms:2.1.3:*:*:*:*:node.js:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/ms@2.1.3", + "type": "library", + "version": "2.1.3" + }, + { + "bom-ref": "pkg:rpm/rhel/ncurses-base@6.2-10.20210508.el9?arch=noarch&upstream=ncurses-6.2-10.20210508.el9.src.rpm&distro=rhel-9.5&package-id=3d75fc5e58b4c660", + "cpe": "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "name": "ncurses-base", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/ubi-micro.bom.json" + }, + { + "name": "syft:metadata:release", + "value": "10.20210508.el9" + }, + { + "name": "syft:metadata:size", + "value": "307293" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "ncurses-6.2-10.20210508.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/ncurses-base@6.2-10.20210508.el9?arch=noarch&upstream=ncurses-6.2-10.20210508.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "6.2-10.20210508.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&upstream=ncurses-6.2-10.20210508.el9.src.rpm&distro=rhel-9.5&package-id=97c4d0c10f88b8e0", + "cpe": "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "name": "ncurses-libs", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/ubi-micro.bom.json" + }, + { + "name": "syft:metadata:release", + "value": "10.20210508.el9" + }, + { + "name": "syft:metadata:size", + "value": "994375" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "ncurses-6.2-10.20210508.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&upstream=ncurses-6.2-10.20210508.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "6.2-10.20210508.el9" + }, + { + "bom-ref": "pkg:npm/negotiator@0.6.3?package-id=cd68a6998fd42afd", + "cpe": "cpe:2.3:a:negotiator:negotiator:0.6.3:*:*:*:*:*:*:*", + "name": "negotiator", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:negotiator:negotiator:0.6.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/negotiator@0.6.3", + "type": "library", + "version": "0.6.3" + }, + { + "bom-ref": "pkg:npm/not-baz?package-id=018b8310e3190dd6", + "cpe": "cpe:2.3:a:not-baz:not-baz:*:*:*:*:*:*:*:*", + "name": "not-baz", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not-baz:not_baz:*:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not_baz:not-baz:*:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not_baz:not_baz:*:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not:not-baz:*:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not:not_baz:*:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not-baz:not-baz:*:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not-baz:not_baz:*:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not_baz:not-baz:*:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not_baz:not_baz:*:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not:not-baz:*:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not:not_baz:*:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/not-baz", + "type": "library" + }, + { + "bom-ref": "pkg:npm/not-baz@1.0.0?package-id=3b1af970071fba18", + "cpe": "cpe:2.3:a:not-baz:not-baz:1.0.0:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "name": "not-baz", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not-baz:not_baz:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not_baz:not-baz:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not_baz:not_baz:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not:not-baz:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not:not_baz:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not-baz:not-baz:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not-baz:not_baz:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not_baz:not-baz:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not_baz:not_baz:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not:not-baz:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not:not_baz:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/not-baz@1.0.0", + "type": "library", + "version": "1.0.0" + }, + { + "bom-ref": "pkg:npm/npm_test@1.1.0?package-id=34ba90ce6af47f8c", + "cpe": "cpe:2.3:a:npm-test:npm-test:1.1.0:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "name": "npm_test", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:npm-test:npm_test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:npm_test:npm-test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:npm_test:npm_test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:npm:npm-test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:npm:npm_test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:npm-test:npm-test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:npm-test:npm_test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:npm_test:npm-test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:npm_test:npm_test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:npm:npm-test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:npm:npm_test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/npm_test@1.1.0", + "type": "library", + "version": "1.1.0" + }, + { + "bom-ref": "pkg:npm/object-inspect@1.12.3?package-id=4c28a0e62e3d15c4", + "cpe": "cpe:2.3:a:object-inspect:object-inspect:1.12.3:*:*:*:*:*:*:*", + "name": "object-inspect", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:object-inspect:object_inspect:1.12.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:object_inspect:object-inspect:1.12.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:object_inspect:object_inspect:1.12.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:object:object-inspect:1.12.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:object:object_inspect:1.12.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:object-inspect:object-inspect:1.12.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:object-inspect:object_inspect:1.12.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:object_inspect:object-inspect:1.12.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:object_inspect:object_inspect:1.12.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:object:object-inspect:1.12.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:object:object_inspect:1.12.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/object-inspect@1.12.3", + "type": "library", + "version": "1.12.3" + }, + { + "bom-ref": "pkg:npm/on-finished@2.4.1?package-id=cacb63ee1aaad5ef", + "cpe": "cpe:2.3:a:on-finished:on-finished:2.4.1:*:*:*:*:*:*:*", + "name": "on-finished", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:on-finished:on_finished:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:on_finished:on-finished:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:on_finished:on_finished:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:on:on-finished:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:on:on_finished:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:on-finished:on-finished:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:on-finished:on_finished:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:on_finished:on-finished:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:on_finished:on_finished:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:on:on-finished:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:on:on_finished:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/on-finished@2.4.1", + "type": "library", + "version": "2.4.1" + }, + { + "bom-ref": "pkg:npm/parseurl@1.3.3?package-id=508d411bb176492d", + "cpe": "cpe:2.3:a:parseurl:parseurl:1.3.3:*:*:*:*:*:*:*", + "name": "parseurl", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:parseurl:parseurl:1.3.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/parseurl@1.3.3", + "type": "library", + "version": "1.3.3" + }, + { + "bom-ref": "pkg:npm/path-to-regexp@0.1.7?package-id=be3d6bd80f4fc8c7", + "cpe": "cpe:2.3:a:path-to-regexp:path-to-regexp:0.1.7:*:*:*:*:*:*:*", + "name": "path-to-regexp", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path-to-regexp:path_to_regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path_to_regexp:path-to-regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path_to_regexp:path_to_regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path-to:path-to-regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path-to:path_to_regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path_to:path-to-regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path_to:path_to_regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path:path-to-regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path:path_to_regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path-to-regexp:path-to-regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path-to-regexp:path_to_regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path_to_regexp:path-to-regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path_to_regexp:path_to_regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path-to:path-to-regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path-to:path_to_regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path_to:path-to-regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path_to:path_to_regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path:path-to-regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path:path_to_regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/path-to-regexp@0.1.7", + "type": "library", + "version": "0.1.7" + }, + { + "bom-ref": "pkg:rpm/rhel/pcre2@10.40-6.el9?arch=x86_64&upstream=pcre2-10.40-6.el9.src.rpm&distro=rhel-9.5&package-id=37a65e784a24d7d3", + "cpe": "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "BSD" + } + } + ], + "name": "pcre2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/ubi-micro.bom.json" + }, + { + "name": "syft:metadata:release", + "value": "6.el9" + }, + { + "name": "syft:metadata:size", + "value": "652298" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "pcre2-10.40-6.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/pcre2@10.40-6.el9?arch=x86_64&upstream=pcre2-10.40-6.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "10.40-6.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/pcre2-syntax@10.40-6.el9?arch=noarch&upstream=pcre2-10.40-6.el9.src.rpm&distro=rhel-9.5&package-id=f6daf885475ee95e", + "cpe": "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "BSD" + } + } + ], + "name": "pcre2-syntax", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/ubi-micro.bom.json" + }, + { + "name": "syft:metadata:release", + "value": "6.el9" + }, + { + "name": "syft:metadata:size", + "value": "234324" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "pcre2-10.40-6.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/pcre2-syntax@10.40-6.el9?arch=noarch&upstream=pcre2-10.40-6.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "10.40-6.el9" + }, + { + "bom-ref": "pkg:npm/proxy-addr@2.0.7?package-id=037ee7c9d7c53011", + "cpe": "cpe:2.3:a:proxy-addr:proxy-addr:2.0.7:*:*:*:*:*:*:*", + "name": "proxy-addr", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:proxy-addr:proxy_addr:2.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:proxy_addr:proxy-addr:2.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:proxy_addr:proxy_addr:2.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:proxy:proxy-addr:2.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:proxy:proxy_addr:2.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:proxy-addr:proxy-addr:2.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:proxy-addr:proxy_addr:2.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:proxy_addr:proxy-addr:2.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:proxy_addr:proxy_addr:2.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:proxy:proxy-addr:2.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:proxy:proxy_addr:2.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/proxy-addr@2.0.7", + "type": "library", + "version": "2.0.7" + }, + { + "bom-ref": "pkg:npm/qs@6.11.0?package-id=a19e526f140832d7", + "cpe": "cpe:2.3:a:qs_project:qs:6.11.0:*:*:*:*:node.js:*:*", + "name": "qs", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:qs_project:qs:6.11.0:*:*:*:*:node.js:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/qs@6.11.0", + "type": "library", + "version": "6.11.0" + }, + { + "bom-ref": "pkg:npm/range-parser@1.2.1?package-id=89628b9e60c12723", + "cpe": "cpe:2.3:a:range-parser:range-parser:1.2.1:*:*:*:*:*:*:*", + "name": "range-parser", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:range-parser:range_parser:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:range_parser:range-parser:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:range_parser:range_parser:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:range:range-parser:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:range:range_parser:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:range-parser:range-parser:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:range-parser:range_parser:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:range_parser:range-parser:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:range_parser:range_parser:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:range:range-parser:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:range:range_parser:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/range-parser@1.2.1", + "type": "library", + "version": "1.2.1" + }, + { + "bom-ref": "pkg:npm/raw-body@2.5.1?package-id=ad179eba5fdb00fb", + "cpe": "cpe:2.3:a:raw-body:raw-body:2.5.1:*:*:*:*:*:*:*", + "name": "raw-body", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:raw-body:raw_body:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:raw_body:raw-body:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:raw_body:raw_body:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:raw:raw-body:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:raw:raw_body:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:raw-body:raw-body:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:raw-body:raw_body:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:raw_body:raw-body:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:raw_body:raw_body:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:raw:raw-body:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:raw:raw_body:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/raw-body@2.5.1", + "type": "library", + "version": "2.5.1" + }, + { + "bom-ref": "pkg:rpm/rhel/redhat-release@9.5-0.6.el9?arch=x86_64&upstream=redhat-release-9.5-0.6.el9.src.rpm&distro=rhel-9.5&package-id=bc7c9796f66e5424", + "cpe": "cpe:2.3:a:redhat-release:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "GPLv2" + } + } + ], + "name": "redhat-release", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat-release:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat_release:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat_release:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat-release:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat-release:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat_release:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat_release:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/ubi-micro.bom.json" + }, + { + "name": "syft:metadata:release", + "value": "0.6.el9" + }, + { + "name": "syft:metadata:size", + "value": "58817" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "redhat-release-9.5-0.6.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/redhat-release@9.5-0.6.el9?arch=x86_64&upstream=redhat-release-9.5-0.6.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "9.5-0.6.el9" + }, + { + "bom-ref": "pkg:pypi/requests@2.28.2?package-id=8eca661d89455407", + "cpe": "cpe:2.3:a:python:requests:2.28.2:*:*:*:*:*:*:*", + "name": "requests", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "python" + }, + { + "name": "syft:package:type", + "value": "python" + }, + { + "name": "syft:package:metadataType", + "value": "python-pip-requirements-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:requests:2.28.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/pip-e2e-test.bom.json" + } + ], + "purl": "pkg:pypi/requests@2.28.2", + "type": "library", + "version": "2.28.2" + }, + { + "bom-ref": "pkg:npm/safe-buffer@5.2.1?package-id=c14cdb84f2504a67", + "cpe": "cpe:2.3:a:safe-buffer:safe-buffer:5.2.1:*:*:*:*:*:*:*", + "name": "safe-buffer", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safe-buffer:safe_buffer:5.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safe_buffer:safe-buffer:5.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safe_buffer:safe_buffer:5.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safe:safe-buffer:5.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safe:safe_buffer:5.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safe-buffer:safe-buffer:5.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safe-buffer:safe_buffer:5.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safe_buffer:safe-buffer:5.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safe_buffer:safe_buffer:5.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safe:safe-buffer:5.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safe:safe_buffer:5.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/safe-buffer@5.2.1", + "type": "library", + "version": "5.2.1" + }, + { + "bom-ref": "pkg:npm/safer-buffer@2.1.2?package-id=26fec411c89bb19d", + "cpe": "cpe:2.3:a:safer-buffer:safer-buffer:2.1.2:*:*:*:*:*:*:*", + "name": "safer-buffer", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safer-buffer:safer_buffer:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safer_buffer:safer-buffer:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safer_buffer:safer_buffer:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safer:safer-buffer:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safer:safer_buffer:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safer-buffer:safer-buffer:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safer-buffer:safer_buffer:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safer_buffer:safer-buffer:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safer_buffer:safer_buffer:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safer:safer-buffer:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safer:safer_buffer:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2", + "type": "library", + "version": "2.1.2" + }, + { + "bom-ref": "pkg:npm/sax@0.1.1?package-id=e7ea478afba60eb6", + "cpe": "cpe:2.3:a:sax:sax:0.1.1:*:*:*:*:*:*:*", + "name": "sax", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:sax:sax:0.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/sax@0.1.1", + "type": "library", + "version": "0.1.1" + }, + { + "bom-ref": "pkg:npm/send@0.18.0?package-id=38df1859cada1254", + "cpe": "cpe:2.3:a:send_project:send:0.18.0:*:*:*:*:node.js:*:*", + "name": "send", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:send_project:send:0.18.0:*:*:*:*:node.js:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/send@0.18.0", + "type": "library", + "version": "0.18.0" + }, + { + "bom-ref": "pkg:npm/serve-static@1.15.0?package-id=9106bccf98165b09", + "cpe": "cpe:2.3:a:serve-static:serve-static:1.15.0:*:*:*:*:*:*:*", + "name": "serve-static", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:serve-static:serve_static:1.15.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:serve_static:serve-static:1.15.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:serve_static:serve_static:1.15.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:serve:serve-static:1.15.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:serve:serve_static:1.15.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:serve-static:serve-static:1.15.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:serve-static:serve_static:1.15.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:serve_static:serve-static:1.15.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:serve_static:serve_static:1.15.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:serve:serve-static:1.15.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:serve:serve_static:1.15.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/serve-static@1.15.0", + "type": "library", + "version": "1.15.0" + }, + { + "bom-ref": "pkg:npm/setprototypeof@1.2.0?package-id=d03e7b87af09a521", + "cpe": "cpe:2.3:a:setprototypeof:setprototypeof:1.2.0:*:*:*:*:*:*:*", + "name": "setprototypeof", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:setprototypeof:setprototypeof:1.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/setprototypeof@1.2.0", + "type": "library", + "version": "1.2.0" + }, + { + "bom-ref": "pkg:rpm/rhel/setup@2.13.7-10.el9?arch=noarch&upstream=setup-2.13.7-10.el9.src.rpm&distro=rhel-9.5&package-id=88280d5fc8384d2e", + "cpe": "cpe:2.3:a:redhat:setup:2.13.7-10.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "Public Domain" + } + } + ], + "name": "setup", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:setup:setup:2.13.7-10.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:setup:2.13.7-10.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:setup:setup:2.13.7-10.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/ubi-micro.bom.json" + }, + { + "name": "syft:metadata:release", + "value": "10.el9" + }, + { + "name": "syft:metadata:size", + "value": "725932" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "setup-2.13.7-10.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/setup@2.13.7-10.el9?arch=noarch&upstream=setup-2.13.7-10.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2.13.7-10.el9" + }, + { + "bom-ref": "pkg:pypi/setuptools@67.1.0?package-id=3082b12936eaab8b", + "cpe": "cpe:2.3:a:python:setuptools:67.1.0:*:*:*:*:*:*:*", + "name": "setuptools", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "python" + }, + { + "name": "syft:package:type", + "value": "python" + }, + { + "name": "syft:package:metadataType", + "value": "python-pip-requirements-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:setuptools:67.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/pip-e2e-test.bom.json" + } + ], + "purl": "pkg:pypi/setuptools@67.1.0", + "type": "library", + "version": "67.1.0" + }, + { + "bom-ref": "pkg:npm/side-channel@1.0.4?package-id=134d20cf28a8c832", + "cpe": "cpe:2.3:a:side-channel:side-channel:1.0.4:*:*:*:*:*:*:*", + "name": "side-channel", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:side-channel:side_channel:1.0.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:side_channel:side-channel:1.0.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:side_channel:side_channel:1.0.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:side:side-channel:1.0.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:side:side_channel:1.0.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:side-channel:side-channel:1.0.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:side-channel:side_channel:1.0.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:side_channel:side-channel:1.0.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:side_channel:side_channel:1.0.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:side:side-channel:1.0.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:side:side_channel:1.0.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/side-channel@1.0.4", + "type": "library", + "version": "1.0.4" + }, + { + "bom-ref": "pkg:npm/spam?package-id=585f34ff21373c14", + "cpe": "cpe:2.3:a:spam:spam:*:*:*:*:*:*:*:*", + "name": "spam", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:spam:spam:*:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/spam", + "type": "library" + }, + { + "bom-ref": "pkg:npm/spam-packages/spam@1.0.0?package-id=8ad0ba47106e9eca", + "cpe": "cpe:2.3:a:spam-packages\\/spam:spam-packages\\/spam:1.0.0:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "name": "spam-packages/spam", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:spam-packages\\/spam:spam_packages\\/spam:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:spam_packages\\/spam:spam-packages\\/spam:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:spam_packages\\/spam:spam_packages\\/spam:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:spam:spam-packages\\/spam:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:spam:spam_packages\\/spam:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:spam-packages\\/spam:spam-packages\\/spam:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:spam-packages\\/spam:spam_packages\\/spam:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:spam_packages\\/spam:spam-packages\\/spam:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:spam_packages\\/spam:spam_packages\\/spam:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:spam:spam-packages\\/spam:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:spam:spam_packages\\/spam:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/spam-packages/spam@1.0.0", + "type": "library", + "version": "1.0.0" + }, + { + "bom-ref": "pkg:npm/statuses@2.0.1?package-id=ec4e9931d91ea370", + "cpe": "cpe:2.3:a:statuses:statuses:2.0.1:*:*:*:*:*:*:*", + "name": "statuses", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:statuses:statuses:2.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/statuses@2.0.1", + "type": "library", + "version": "2.0.1" + }, + { + "bom-ref": "pkg:npm/toidentifier@1.0.1?package-id=7c8c1fbb5b9237a3", + "cpe": "cpe:2.3:a:toidentifier:toidentifier:1.0.1:*:*:*:*:*:*:*", + "name": "toidentifier", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:toidentifier:toidentifier:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/toidentifier@1.0.1", + "type": "library", + "version": "1.0.1" + }, + { + "bom-ref": "pkg:npm/type-is@1.6.18?package-id=544d19e82eb6df9f", + "cpe": "cpe:2.3:a:type-is:type-is:1.6.18:*:*:*:*:*:*:*", + "name": "type-is", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:type-is:type_is:1.6.18:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:type_is:type-is:1.6.18:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:type_is:type_is:1.6.18:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:type:type-is:1.6.18:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:type:type_is:1.6.18:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:type-is:type-is:1.6.18:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:type-is:type_is:1.6.18:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:type_is:type-is:1.6.18:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:type_is:type_is:1.6.18:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:type:type-is:1.6.18:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:type:type_is:1.6.18:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/type-is@1.6.18", + "type": "library", + "version": "1.6.18" + }, + { + "bom-ref": "pkg:rpm/rhel/tzdata@2024b-2.el9?arch=noarch&upstream=tzdata-2024b-2.el9.src.rpm&distro=rhel-9.5&package-id=ef003e8e892d4bd5", + "cpe": "cpe:2.3:a:redhat:tzdata:2024b-2.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "Public Domain" + } + } + ], + "name": "tzdata", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:tzdata:tzdata:2024b-2.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:tzdata:2024b-2.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:tzdata:tzdata:2024b-2.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/ubi-micro.bom.json" + }, + { + "name": "syft:metadata:release", + "value": "2.el9" + }, + { + "name": "syft:metadata:size", + "value": "1654640" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "tzdata-2024b-2.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/tzdata@2024b-2.el9?arch=noarch&upstream=tzdata-2024b-2.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2024b-2.el9" + }, + { + "bom-ref": "pkg:npm/unpipe@1.0.0?package-id=18af6e401f8febdd", + "cpe": "cpe:2.3:a:unpipe:unpipe:1.0.0:*:*:*:*:*:*:*", + "name": "unpipe", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:unpipe:unpipe:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/unpipe@1.0.0", + "type": "library", + "version": "1.0.0" + }, + { + "bom-ref": "pkg:pypi/urllib3@1.26.14?package-id=165d67947de364d0", + "cpe": "cpe:2.3:a:python:urllib3:1.26.14:*:*:*:*:*:*:*", + "name": "urllib3", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "python" + }, + { + "name": "syft:package:type", + "value": "python" + }, + { + "name": "syft:package:metadataType", + "value": "python-pip-requirements-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:urllib3:1.26.14:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/pip-e2e-test.bom.json" + } + ], + "purl": "pkg:pypi/urllib3@1.26.14", + "type": "library", + "version": "1.26.14" + }, + { + "bom-ref": "pkg:npm/utils-merge@1.0.1?package-id=1a467c3b2924f3e5", + "cpe": "cpe:2.3:a:utils-merge:utils-merge:1.0.1:*:*:*:*:*:*:*", + "name": "utils-merge", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:utils-merge:utils_merge:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:utils_merge:utils-merge:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:utils_merge:utils_merge:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:utils:utils-merge:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:utils:utils_merge:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:utils-merge:utils-merge:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:utils-merge:utils_merge:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:utils_merge:utils-merge:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:utils_merge:utils_merge:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:utils:utils-merge:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:utils:utils_merge:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/utils-merge@1.0.1", + "type": "library", + "version": "1.0.1" + }, + { + "bom-ref": "pkg:npm/uuid@9.0.0?package-id=015bb708e8c45361", + "cpe": "cpe:2.3:a:uuid:uuid:9.0.0:*:*:*:*:*:*:*", + "name": "uuid", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:uuid:uuid:9.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/uuid@9.0.0", + "type": "library", + "version": "9.0.0" + }, + { + "bom-ref": "pkg:npm/vary@1.1.2?package-id=4925ea39a2ff7897", + "cpe": "cpe:2.3:a:vary:vary:1.1.2:*:*:*:*:*:*:*", + "name": "vary", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:vary:vary:1.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/npm-cachi2-smoketest.bom.json" + } + ], + "purl": "pkg:npm/vary@1.1.2", + "type": "library", + "version": "1.1.2" + }, + { + "bom-ref": "pkg:pypi/wheel@0.38.4?package-id=fc73be7c0436d4b5", + "cpe": "cpe:2.3:a:python-wheel:python-wheel:0.38.4:*:*:*:*:*:*:*", + "name": "wheel", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "sbom-cataloger" + }, + { + "name": "syft:package:language", + "value": "python" + }, + { + "name": "syft:package:type", + "value": "python" + }, + { + "name": "syft:package:metadataType", + "value": "python-pip-requirements-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-wheel:python_wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_wheel:python-wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_wheel:python_wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python-wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python_wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-wheel:wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_wheel:wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:wheel:python-wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:wheel:python_wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:wheel:wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-wheel:python-wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-wheel:python_wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_wheel:python-wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_wheel:python_wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python-wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python_wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-wheel:wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_wheel:wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:wheel:python-wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:wheel:python_wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:wheel:wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/pip-e2e-test.bom.json" + } + ], + "purl": "pkg:pypi/wheel@0.38.4", + "type": "library", + "version": "0.38.4" + } + ], + "metadata": { + "component": { + "bom-ref": "bb05696238c449df", + "name": "./syft-sboms", + "type": "file" + }, + "timestamp": "2024-12-18T11:08:00+01:00", + "tools": { + "components": [ + { + "author": "anchore", + "name": "syft", + "type": "application", + "version": "1.4.1" + } + ] + } + }, + "serialNumber": "urn:uuid:1d823647-6b64-41b3-a29b-1d09cfb3ba8a", + "specVersion": "1.5", + "version": 1 +} diff --git a/sbom-utility-scripts/scripts/merge-sboms-script/test_data/cyclonedx/syft.merged-by-us.bom.json b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/cyclonedx/syft.merged-by-us.bom.json new file mode 100644 index 0000000..00d1e18 --- /dev/null +++ b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/cyclonedx/syft.merged-by-us.bom.json @@ -0,0 +1,6459 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "bomFormat": "CycloneDX", + "components": [ + { + "bom-ref": "pkg:golang/./terminaltor?package-id=fb7b11a4b3fddcb6", + "name": "./terminaltor", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + } + ], + "purl": "pkg:golang/./terminaltor", + "type": "library" + }, + { + "bom-ref": "pkg:golang/./weird?package-id=ab3afc436e9979e6", + "name": "./weird", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + } + ], + "purl": "pkg:golang/./weird", + "type": "library" + }, + { + "bom-ref": "pkg:golang/github.com/azure/go-ansiterm@v0.0.0-20210617225240-d185dfc1b5a1?package-id=e56101171f13c2dd", + "cpe": "cpe:2.3:a:Azure:go-ansiterm:v0.0.0-20210617225240-d185dfc1b5a1:*:*:*:*:*:*:*", + "name": "github.com/Azure/go-ansiterm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:Azure:go_ansiterm:v0.0.0-20210617225240-d185dfc1b5a1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=" + } + ], + "purl": "pkg:golang/github.com/Azure/go-ansiterm@v0.0.0-20210617225240-d185dfc1b5a1", + "type": "library", + "version": "v0.0.0-20210617225240-d185dfc1b5a1" + }, + { + "bom-ref": "pkg:golang/github.com/masterminds/semver@v1.4.2?package-id=354d8d82b2da8793", + "cpe": "cpe:2.3:a:Masterminds:semver:v1.4.2:*:*:*:*:*:*:*", + "name": "github.com/Masterminds/semver", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:WBLTQ37jOCzSLtXNdoo8bNM8876KhNqOKvrlGITgsTc=" + } + ], + "purl": "pkg:golang/github.com/Masterminds/semver@v1.4.2", + "type": "library", + "version": "v1.4.2" + }, + { + "bom-ref": "pkg:golang/github.com/microsoft/go-winio@v0.6.0?package-id=c2a50d97cb0e4bfc", + "cpe": "cpe:2.3:a:Microsoft:go-winio:v0.6.0:*:*:*:*:*:*:*", + "name": "github.com/Microsoft/go-winio", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:Microsoft:go_winio:v0.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=" + } + ], + "purl": "pkg:golang/github.com/Microsoft/go-winio@v0.6.0", + "type": "library", + "version": "v0.6.0" + }, + { + "bom-ref": "pkg:golang/github.com/cachito-testing/gomod-pandemonium@v0.0.0?package-id=146c86ecdbb0cfe7#terminaltor", + "cpe": "cpe:2.3:a:cachito-testing:gomod-pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*", + "name": "github.com/cachito-testing/gomod-pandemonium/terminaltor", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-testing:gomod_pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_testing:gomod-pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_testing:gomod_pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito:gomod-pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito:gomod_pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/gomod-pandemonium@v0.0.0#terminaltor", + "type": "library", + "version": "v0.0.0" + }, + { + "bom-ref": "pkg:golang/github.com/cachito-testing/gomod-pandemonium@v0.0.0?package-id=fa2ffebd22241e0d#weird", + "cpe": "cpe:2.3:a:cachito-testing:gomod-pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*", + "name": "github.com/cachito-testing/gomod-pandemonium/weird", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-testing:gomod_pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_testing:gomod-pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_testing:gomod_pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito:gomod-pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito:gomod_pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/gomod-pandemonium@v0.0.0#weird", + "type": "library", + "version": "v0.0.0" + }, + { + "bom-ref": "pkg:golang/github.com/cachito-testing/retrodep@v2.1.1?package-id=6db993d8ef0e368a#v2", + "cpe": "cpe:2.3:a:cachito-testing:retrodep\\/v2:v2.1.1:*:*:*:*:*:*:*", + "name": "github.com/cachito-testing/retrodep/v2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_testing:retrodep\\/v2:v2.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito:retrodep\\/v2:v2.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:inziEuX1Zo/BJv1pgZ2tRPltfQVJaVpRmIlsomaKMb0=" + } + ], + "purl": "pkg:golang/github.com/cachito-testing/retrodep@v2.1.1#v2", + "type": "library", + "version": "v2.1.1" + }, + { + "bom-ref": "pkg:golang/github.com/go-logr/logr@v1.2.3?package-id=b07c55dbe14eb54f", + "cpe": "cpe:2.3:a:go-logr:logr:v1.2.3:*:*:*:*:*:*:*", + "name": "github.com/go-logr/logr", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go_logr:logr:v1.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go:logr:v1.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=" + } + ], + "purl": "pkg:golang/github.com/go-logr/logr@v1.2.3", + "type": "library", + "version": "v1.2.3" + }, + { + "bom-ref": "pkg:golang/github.com/go-task/slim-sprig@v0.0.0-20230315185526-52ccab3ef572?package-id=09ce847851ef4807", + "cpe": "cpe:2.3:a:go-task:slim-sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*", + "name": "github.com/go-task/slim-sprig", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go-task:slim_sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go_task:slim-sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go_task:slim_sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go:slim-sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:go:slim_sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=" + } + ], + "purl": "pkg:golang/github.com/go-task/slim-sprig@v0.0.0-20230315185526-52ccab3ef572", + "type": "library", + "version": "v0.0.0-20230315185526-52ccab3ef572" + }, + { + "bom-ref": "pkg:golang/github.com/google/go-cmp@v0.5.9?package-id=c2740da0f3c011dc", + "cpe": "cpe:2.3:a:google:go-cmp:v0.5.9:*:*:*:*:*:*:*", + "name": "github.com/google/go-cmp", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:google:go_cmp:v0.5.9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=" + } + ], + "purl": "pkg:golang/github.com/google/go-cmp@v0.5.9", + "type": "library", + "version": "v0.5.9" + }, + { + "bom-ref": "pkg:golang/github.com/google/pprof@v0.0.0-20210407192527-94a9f03dee38?package-id=768bdea76795da5e", + "cpe": "cpe:2.3:a:google:pprof:v0.0.0-20210407192527-94a9f03dee38:*:*:*:*:*:*:*", + "name": "github.com/google/pprof", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:yAJXTCF9TqKcTiHJAE8dj7HMvPfh66eeA2JYW7eFpSE=" + } + ], + "purl": "pkg:golang/github.com/google/pprof@v0.0.0-20210407192527-94a9f03dee38", + "type": "library", + "version": "v0.0.0-20210407192527-94a9f03dee38" + }, + { + "bom-ref": "pkg:golang/github.com/moby/term@v0.0.0-20221205130635-1aeaba878587?package-id=16768dd257ca9ea1", + "cpe": "cpe:2.3:a:moby:term:v0.0.0-20221205130635-1aeaba878587:*:*:*:*:*:*:*", + "name": "github.com/moby/term", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA=" + } + ], + "purl": "pkg:golang/github.com/moby/term@v0.0.0-20221205130635-1aeaba878587", + "type": "library", + "version": "v0.0.0-20221205130635-1aeaba878587" + }, + { + "bom-ref": "pkg:golang/github.com/onsi/ginkgo@v2.9.2?package-id=dbe722f079d05fed#v2", + "cpe": "cpe:2.3:a:onsi:ginkgo\\/v2:v2.9.2:*:*:*:*:*:*:*", + "name": "github.com/onsi/ginkgo/v2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:BA2GMJOtfGAfagzYtrAlufIP0lq6QERkFmHLMLPwFSU=" + } + ], + "purl": "pkg:golang/github.com/onsi/ginkgo@v2.9.2#v2", + "type": "library", + "version": "v2.9.2" + }, + { + "bom-ref": "pkg:golang/github.com/onsi/gomega@v1.27.4?package-id=33a8824de4d78c9f", + "cpe": "cpe:2.3:a:onsi:gomega:v1.27.4:*:*:*:*:*:*:*", + "name": "github.com/onsi/gomega", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:Z2AnStgsdSayCMDiCU42qIz+HLqEPcgiOCXjAU/w+8E=" + } + ], + "purl": "pkg:golang/github.com/onsi/gomega@v1.27.4", + "type": "library", + "version": "v1.27.4" + }, + { + "bom-ref": "pkg:golang/github.com/op/go-logging@v0.0.0-20160315200505-970db520ece7?package-id=d053202ebaedc3aa", + "cpe": "cpe:2.3:a:op:go-logging:v0.0.0-20160315200505-970db520ece7:*:*:*:*:*:*:*", + "name": "github.com/op/go-logging", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:op:go_logging:v0.0.0-20160315200505-970db520ece7:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:lDH9UUVJtmYCjyT0CI4q8xvlXPxeZ0gYCVvWbmPlp88=" + } + ], + "purl": "pkg:golang/github.com/op/go-logging@v0.0.0-20160315200505-970db520ece7", + "type": "library", + "version": "v0.0.0-20160315200505-970db520ece7" + }, + { + "bom-ref": "pkg:golang/github.com/pkg/errors@v0.8.1?package-id=e9a30d103cc846e1", + "cpe": "cpe:2.3:a:pkg:errors:v0.8.1:*:*:*:*:*:*:*", + "name": "github.com/pkg/errors", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=" + } + ], + "purl": "pkg:golang/github.com/pkg/errors@v0.8.1", + "type": "library", + "version": "v0.8.1" + }, + { + "bom-ref": "pkg:golang/github.com/release-engineering/retrodep@v2.1.0?package-id=b1aab99da74371f7#v2", + "cpe": "cpe:2.3:a:release-engineering:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*", + "name": "github.com/release-engineering/retrodep/v2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:release_engineering:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:release:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + } + ], + "purl": "pkg:golang/github.com/release-engineering/retrodep@v2.1.0#v2", + "type": "library", + "version": "v2.1.0" + }, + { + "bom-ref": "pkg:golang/golang.org/x/mod@v0.9.0?package-id=23b7926420819455", + "cpe": "cpe:2.3:a:golang:x\\/mod:v0.9.0:*:*:*:*:*:*:*", + "name": "golang.org/x/mod", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:KENHtAZL2y3NLMYZeHY9DW8HW8V+kQyJsY/V9JlKvCs=" + } + ], + "purl": "pkg:golang/golang.org/x/mod@v0.9.0", + "type": "library", + "version": "v0.9.0" + }, + { + "bom-ref": "pkg:golang/golang.org/x/net@v0.8.0?package-id=22fa1122214f7ae2", + "cpe": "cpe:2.3:a:golang:networking:v0.8.0:*:*:*:*:go:*:*", + "name": "golang.org/x/net", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=" + } + ], + "purl": "pkg:golang/golang.org/x/net@v0.8.0", + "type": "library", + "version": "v0.8.0" + }, + { + "bom-ref": "pkg:golang/golang.org/x/sys@v0.6.0?package-id=bf14db941e01d41c", + "cpe": "cpe:2.3:a:golang:x\\/sys:v0.6.0:*:*:*:*:*:*:*", + "name": "golang.org/x/sys", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=" + } + ], + "purl": "pkg:golang/golang.org/x/sys@v0.6.0", + "type": "library", + "version": "v0.6.0" + }, + { + "bom-ref": "pkg:golang/golang.org/x/text@v0.8.0?package-id=5f5f28df2a89cd2b", + "cpe": "cpe:2.3:a:golang:text:v0.8.0:*:*:*:*:*:*:*", + "name": "golang.org/x/text", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=" + } + ], + "purl": "pkg:golang/golang.org/x/text@v0.8.0", + "type": "library", + "version": "v0.8.0" + }, + { + "bom-ref": "pkg:golang/golang.org/x/tools@v0.7.0?package-id=f249a74f177d2a78", + "cpe": "cpe:2.3:a:golang:x\\/tools:v0.7.0:*:*:*:*:*:*:*", + "name": "golang.org/x/tools", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4=" + } + ], + "purl": "pkg:golang/golang.org/x/tools@v0.7.0", + "type": "library", + "version": "v0.7.0" + }, + { + "bom-ref": "pkg:golang/gopkg.in/yaml.v2@v2.2.2?package-id=c743bd971b07bf7f", + "name": "gopkg.in/yaml.v2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=" + } + ], + "purl": "pkg:golang/gopkg.in/yaml.v2@v2.2.2", + "type": "library", + "version": "v2.2.2" + }, + { + "bom-ref": "pkg:golang/gopkg.in/yaml.v3@v3.0.1?package-id=716c668b92999095", + "cpe": "cpe:2.3:a:yaml_project:yaml:v3.0.1:*:*:*:*:go:*:*", + "name": "gopkg.in/yaml.v3", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=" + } + ], + "purl": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", + "type": "library", + "version": "v3.0.1" + }, + { + "bom-ref": "pkg:npm/%40types/prop-types@15.7.5?package-id=38e27e44d41f52ce", + "cpe": "cpe:2.3:a:\\@types\\/prop-types:\\@types\\/prop-types:15.7.5:*:*:*:*:*:*:*", + "name": "@types/prop-types", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/prop-types:\\@types\\/prop_types:15.7.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/prop_types:\\@types\\/prop-types:15.7.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/prop_types:\\@types\\/prop_types:15.7.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/prop:\\@types\\/prop-types:15.7.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/prop:\\@types\\/prop_types:15.7.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/%40types/prop-types@15.7.5", + "type": "library", + "version": "15.7.5" + }, + { + "bom-ref": "pkg:npm/%40types/react@18.0.35?package-id=32822b9f11e1589a", + "cpe": "cpe:2.3:a:\\@types\\/react:\\@types\\/react:18.0.35:*:*:*:*:*:*:*", + "name": "@types/react", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/%40types/react@18.0.35", + "type": "library", + "version": "18.0.35" + }, + { + "bom-ref": "pkg:npm/%40types/react-dom@18.0.11?package-id=4c4ba8dfb825b32d", + "cpe": "cpe:2.3:a:\\@types\\/react-dom:\\@types\\/react-dom:18.0.11:*:*:*:*:*:*:*", + "name": "@types/react-dom", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/react-dom:\\@types\\/react_dom:18.0.11:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/react_dom:\\@types\\/react-dom:18.0.11:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/react_dom:\\@types\\/react_dom:18.0.11:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/react:\\@types\\/react-dom:18.0.11:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:\\@types\\/react:\\@types\\/react_dom:18.0.11:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/%40types/react-dom@18.0.11", + "type": "library", + "version": "18.0.11" + }, + { + "bom-ref": "pkg:npm/%40types/scheduler@0.16.3?package-id=9d26bede47ebfeea", + "cpe": "cpe:2.3:a:\\@types\\/scheduler:\\@types\\/scheduler:0.16.3:*:*:*:*:*:*:*", + "name": "@types/scheduler", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/%40types/scheduler@0.16.3", + "type": "library", + "version": "0.16.3" + }, + { + "bom-ref": "pkg:npm/abbrev@2.0.0?package-id=3be56342a35f1f05", + "cpe": "cpe:2.3:a:abbrev:abbrev:2.0.0:*:*:*:*:*:*:*", + "name": "abbrev", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/abbrev@2.0.0", + "type": "library", + "version": "2.0.0" + }, + { + "bom-ref": "pkg:npm/accepts@1.3.8?package-id=931d209532cf2470", + "cpe": "cpe:2.3:a:accepts:accepts:1.3.8:*:*:*:*:*:*:*", + "name": "accepts", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/accepts@1.3.8", + "type": "library", + "version": "1.3.8" + }, + { + "bom-ref": "pkg:npm/array-flatten@1.1.1?package-id=03addc097d0a6218", + "cpe": "cpe:2.3:a:array-flatten:array-flatten:1.1.1:*:*:*:*:*:*:*", + "name": "array-flatten", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:array-flatten:array_flatten:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:array_flatten:array-flatten:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:array_flatten:array_flatten:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:array:array-flatten:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:array:array_flatten:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/array-flatten@1.1.1", + "type": "library", + "version": "1.1.1" + }, + { + "bom-ref": "pkg:npm/bar?package-id=66cc4304f82b84df", + "cpe": "cpe:2.3:a:bar:bar:*:*:*:*:*:*:*:*", + "name": "bar", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/bar", + "type": "library" + }, + { + "bom-ref": "pkg:npm/bar@1.0.0?package-id=9cc7c48b54214fa1", + "cpe": "cpe:2.3:a:bar:bar:1.0.0:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "name": "bar", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/bar@1.0.0", + "type": "library", + "version": "1.0.0" + }, + { + "bom-ref": "pkg:npm/bitbucket-cachi2-npm-without-deps@1.0.0?package-id=06b6ba58ac830af0", + "cpe": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "name": "bitbucket-cachi2-npm-without-deps", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/bitbucket-cachi2-npm-without-deps@1.0.0", + "type": "library", + "version": "1.0.0" + }, + { + "bom-ref": "pkg:npm/bitbucket-cachi2-npm-without-deps-second@2.0.0?package-id=2beab3450e977bf2", + "cpe": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps-second:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "name": "bitbucket-cachi2-npm-without-deps-second", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps-second:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps_second:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps_second:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket-cachi2:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket_cachi2:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bitbucket:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/bitbucket-cachi2-npm-without-deps-second@2.0.0", + "type": "library", + "version": "2.0.0" + }, + { + "bom-ref": "pkg:npm/body-parser@1.20.1?package-id=2e6ddb0a13ebe1b5", + "cpe": "cpe:2.3:a:body-parser:body-parser:1.20.1:*:*:*:*:*:*:*", + "name": "body-parser", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:body-parser:body_parser:1.20.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:body_parser:body-parser:1.20.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:body_parser:body_parser:1.20.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:body:body-parser:1.20.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:body:body_parser:1.20.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/body-parser@1.20.1", + "type": "library", + "version": "1.20.1" + }, + { + "bom-ref": "pkg:npm/bytes@3.1.2?package-id=11b7c62df6dc5b1d", + "cpe": "cpe:2.3:a:bytes:bytes:3.1.2:*:*:*:*:*:*:*", + "name": "bytes", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/bytes@3.1.2", + "type": "library", + "version": "3.1.2" + }, + { + "bom-ref": "pkg:npm/cachito-npm-without-deps@1.0.0?package-id=2cab59eb6e472a37", + "cpe": "cpe:2.3:a:cachito-npm-without-deps:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "name": "cachito-npm-without-deps", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-npm-without-deps:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_npm_without_deps:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_npm_without_deps:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-npm-without:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-npm-without:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_npm_without:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_npm_without:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-npm:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito-npm:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_npm:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito_npm:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cachito:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/cachito-npm-without-deps@1.0.0", + "type": "library", + "version": "1.0.0" + }, + { + "bom-ref": "pkg:npm/call-bind@1.0.2?package-id=35adfcd784173f59", + "cpe": "cpe:2.3:a:call-bind:call-bind:1.0.2:*:*:*:*:*:*:*", + "name": "call-bind", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:call-bind:call_bind:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:call_bind:call-bind:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:call_bind:call_bind:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:call:call-bind:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:call:call_bind:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/call-bind@1.0.2", + "type": "library", + "version": "1.0.2" + }, + { + "bom-ref": "pkg:npm/classnames@2.3.2?package-id=02162ed8743e22f3", + "cpe": "cpe:2.3:a:classnames:classnames:2.3.2:*:*:*:*:*:*:*", + "name": "classnames", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/classnames@2.3.2", + "type": "library", + "version": "2.3.2" + }, + { + "bom-ref": "pkg:npm/colors@1.4.0?package-id=06a7d9e0197b39e0", + "cpe": "cpe:2.3:a:colors:colors:1.4.0:*:*:*:*:*:*:*", + "name": "colors", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/colors@1.4.0", + "type": "library", + "version": "1.4.0" + }, + { + "bom-ref": "pkg:npm/content-disposition@0.5.4?package-id=105471e28411dc70", + "cpe": "cpe:2.3:a:content-disposition:content-disposition:0.5.4:*:*:*:*:*:*:*", + "name": "content-disposition", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content-disposition:content_disposition:0.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content_disposition:content-disposition:0.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content_disposition:content_disposition:0.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content:content-disposition:0.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content:content_disposition:0.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/content-disposition@0.5.4", + "type": "library", + "version": "0.5.4" + }, + { + "bom-ref": "pkg:npm/content-type@1.0.5?package-id=ff50f3e9146f918a", + "cpe": "cpe:2.3:a:content-type:content-type:1.0.5:*:*:*:*:*:*:*", + "name": "content-type", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content-type:content_type:1.0.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content_type:content-type:1.0.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content_type:content_type:1.0.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content:content-type:1.0.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:content:content_type:1.0.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/content-type@1.0.5", + "type": "library", + "version": "1.0.5" + }, + { + "bom-ref": "pkg:npm/cookie@0.5.0?package-id=d6a8687d55fe9822", + "cpe": "cpe:2.3:a:cookie:cookie:0.5.0:*:*:*:*:*:*:*", + "name": "cookie", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/cookie@0.5.0", + "type": "library", + "version": "0.5.0" + }, + { + "bom-ref": "pkg:npm/cookie-signature@1.0.6?package-id=d1ddfc590683a178", + "cpe": "cpe:2.3:a:cookie-signature_project:cookie-signature:1.0.6:*:*:*:*:node.js:*:*", + "name": "cookie-signature", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/cookie-signature@1.0.6", + "type": "library", + "version": "1.0.6" + }, + { + "bom-ref": "pkg:npm/csstype@3.1.2?package-id=56cfd4aaf334efad", + "cpe": "cpe:2.3:a:csstype:csstype:3.1.2:*:*:*:*:*:*:*", + "name": "csstype", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/csstype@3.1.2", + "type": "library", + "version": "3.1.2" + }, + { + "bom-ref": "pkg:npm/dateformat@5.0.3?package-id=d074071dcc6a8350", + "cpe": "cpe:2.3:a:dateformat:dateformat:5.0.3:*:*:*:*:*:*:*", + "name": "dateformat", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/dateformat@5.0.3", + "type": "library", + "version": "5.0.3" + }, + { + "bom-ref": "pkg:npm/debug@2.6.9?package-id=92252ea21868a6d9", + "cpe": "cpe:2.3:a:debug_project:debug:2.6.9:*:*:*:*:node.js:*:*", + "name": "debug", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/debug@2.6.9", + "type": "library", + "version": "2.6.9" + }, + { + "bom-ref": "pkg:npm/depd@2.0.0?package-id=a0f4b2f715620506", + "cpe": "cpe:2.3:a:depd:depd:2.0.0:*:*:*:*:*:*:*", + "name": "depd", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/depd@2.0.0", + "type": "library", + "version": "2.0.0" + }, + { + "bom-ref": "pkg:npm/destroy@1.2.0?package-id=c0b574391f65a7f0", + "cpe": "cpe:2.3:a:destroy:destroy:1.2.0:*:*:*:*:*:*:*", + "name": "destroy", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/destroy@1.2.0", + "type": "library", + "version": "1.2.0" + }, + { + "bom-ref": "pkg:npm/ee-first@1.1.1?package-id=3b86eb35be74119c", + "cpe": "cpe:2.3:a:ee-first:ee-first:1.1.1:*:*:*:*:*:*:*", + "name": "ee-first", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ee-first:ee_first:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ee_first:ee-first:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ee_first:ee_first:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ee:ee-first:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ee:ee_first:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/ee-first@1.1.1", + "type": "library", + "version": "1.1.1" + }, + { + "bom-ref": "pkg:npm/eggs?package-id=2247fa00832a65ff", + "cpe": "cpe:2.3:a:eggs:eggs:*:*:*:*:*:*:*:*", + "name": "eggs", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/eggs", + "type": "library" + }, + { + "bom-ref": "pkg:npm/eggs-packages/eggs@1.0.0?package-id=af32220520b08aa3", + "cpe": "cpe:2.3:a:eggs-packages\\/eggs:eggs-packages\\/eggs:1.0.0:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "name": "eggs-packages/eggs", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:eggs-packages\\/eggs:eggs_packages\\/eggs:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:eggs_packages\\/eggs:eggs-packages\\/eggs:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:eggs_packages\\/eggs:eggs_packages\\/eggs:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:eggs:eggs-packages\\/eggs:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:eggs:eggs_packages\\/eggs:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/eggs-packages/eggs@1.0.0", + "type": "library", + "version": "1.0.0" + }, + { + "bom-ref": "pkg:npm/encodeurl@1.0.2?package-id=b77b63dcf4971d69", + "cpe": "cpe:2.3:a:encodeurl:encodeurl:1.0.2:*:*:*:*:*:*:*", + "name": "encodeurl", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/encodeurl@1.0.2", + "type": "library", + "version": "1.0.2" + }, + { + "bom-ref": "pkg:npm/escape-html@1.0.3?package-id=c0cdf8c952ce772a", + "cpe": "cpe:2.3:a:escape-html:escape-html:1.0.3:*:*:*:*:*:*:*", + "name": "escape-html", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:escape-html:escape_html:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:escape_html:escape-html:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:escape_html:escape_html:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:escape:escape-html:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:escape:escape_html:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/escape-html@1.0.3", + "type": "library", + "version": "1.0.3" + }, + { + "bom-ref": "pkg:npm/etag@1.8.1?package-id=7d0dc766870c2472", + "cpe": "cpe:2.3:a:etag:etag:1.8.1:*:*:*:*:*:*:*", + "name": "etag", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/etag@1.8.1", + "type": "library", + "version": "1.8.1" + }, + { + "bom-ref": "pkg:npm/express@4.18.2?package-id=843137561e387c44", + "cpe": "cpe:2.3:a:openjsf:express:4.18.2:*:*:*:*:node.js:*:*", + "name": "express", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/express@4.18.2", + "type": "library", + "version": "4.18.2" + }, + { + "bom-ref": "pkg:npm/fecha@4.2.3?package-id=0dbe723d51b71105", + "cpe": "cpe:2.3:a:fecha:fecha:4.2.3:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "name": "fecha", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/fecha@4.2.3", + "type": "library", + "version": "4.2.3" + }, + { + "bom-ref": "pkg:npm/finalhandler@1.2.0?package-id=b5cddb9ad2ad4516", + "cpe": "cpe:2.3:a:finalhandler:finalhandler:1.2.0:*:*:*:*:*:*:*", + "name": "finalhandler", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/finalhandler@1.2.0", + "type": "library", + "version": "1.2.0" + }, + { + "bom-ref": "pkg:npm/foo?package-id=352f1023dd02679f", + "cpe": "cpe:2.3:a:foo:foo:*:*:*:*:*:*:*:*", + "name": "foo", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/foo", + "type": "library" + }, + { + "bom-ref": "pkg:npm/foo@1.0.0?package-id=e577272d8af44a23", + "cpe": "cpe:2.3:a:foo:foo:1.0.0:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "name": "foo", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/foo@1.0.0", + "type": "library", + "version": "1.0.0" + }, + { + "bom-ref": "pkg:npm/forwarded@0.2.0?package-id=d07931fe109020ee", + "cpe": "cpe:2.3:a:forwarded_project:forwarded:0.2.0:*:*:*:*:node.js:*:*", + "name": "forwarded", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/forwarded@0.2.0", + "type": "library", + "version": "0.2.0" + }, + { + "bom-ref": "pkg:npm/fresh@0.5.2?package-id=a35427e837fe81b6", + "cpe": "cpe:2.3:a:fresh_project:fresh:0.5.2:*:*:*:*:node.js:*:*", + "name": "fresh", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/fresh@0.5.2", + "type": "library", + "version": "0.5.2" + }, + { + "bom-ref": "pkg:npm/function-bind@1.1.1?package-id=b0d705f9d55d98a8", + "cpe": "cpe:2.3:a:function-bind:function-bind:1.1.1:*:*:*:*:*:*:*", + "name": "function-bind", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:function-bind:function_bind:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:function_bind:function-bind:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:function_bind:function_bind:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:function:function-bind:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:function:function_bind:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/function-bind@1.1.1", + "type": "library", + "version": "1.1.1" + }, + { + "bom-ref": "pkg:npm/get-intrinsic@1.2.0?package-id=14d124688defa36a", + "cpe": "cpe:2.3:a:get-intrinsic:get-intrinsic:1.2.0:*:*:*:*:*:*:*", + "name": "get-intrinsic", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:get-intrinsic:get_intrinsic:1.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:get_intrinsic:get-intrinsic:1.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:get_intrinsic:get_intrinsic:1.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:get:get-intrinsic:1.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:get:get_intrinsic:1.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/get-intrinsic@1.2.0", + "type": "library", + "version": "1.2.0" + }, + { + "bom-ref": "pkg:npm/has@1.0.3?package-id=1756c590ddbbbf1f", + "cpe": "cpe:2.3:a:has:has:1.0.3:*:*:*:*:*:*:*", + "name": "has", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/has@1.0.3", + "type": "library", + "version": "1.0.3" + }, + { + "bom-ref": "pkg:npm/has-symbols@1.0.3?package-id=41af9f2eb5a7b313", + "cpe": "cpe:2.3:a:has-symbols:has-symbols:1.0.3:*:*:*:*:*:*:*", + "name": "has-symbols", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:has-symbols:has_symbols:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:has_symbols:has-symbols:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:has_symbols:has_symbols:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:has:has-symbols:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:has:has_symbols:1.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/has-symbols@1.0.3", + "type": "library", + "version": "1.0.3" + }, + { + "bom-ref": "pkg:npm/http-errors@2.0.0?package-id=1d02b487dab61965", + "cpe": "cpe:2.3:a:http-errors:http-errors:2.0.0:*:*:*:*:*:*:*", + "name": "http-errors", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:http-errors:http_errors:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:http_errors:http-errors:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:http_errors:http_errors:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:http:http-errors:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:http:http_errors:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/http-errors@2.0.0", + "type": "library", + "version": "2.0.0" + }, + { + "bom-ref": "pkg:npm/iconv-lite@0.4.24?package-id=c90cedf9e72dd0f0", + "cpe": "cpe:2.3:a:iconv-lite:iconv-lite:0.4.24:*:*:*:*:*:*:*", + "name": "iconv-lite", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:iconv-lite:iconv_lite:0.4.24:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:iconv_lite:iconv-lite:0.4.24:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:iconv_lite:iconv_lite:0.4.24:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:iconv:iconv-lite:0.4.24:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:iconv:iconv_lite:0.4.24:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/iconv-lite@0.4.24", + "type": "library", + "version": "0.4.24" + }, + { + "bom-ref": "pkg:npm/inherits@2.0.4?package-id=c4b3a63b476363af", + "cpe": "cpe:2.3:a:inherits:inherits:2.0.4:*:*:*:*:*:*:*", + "name": "inherits", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/inherits@2.0.4", + "type": "library", + "version": "2.0.4" + }, + { + "bom-ref": "pkg:npm/ipaddr.js@1.9.1?package-id=c680b64700b2337d", + "cpe": "cpe:2.3:a:ipaddr.js:ipaddr.js:1.9.1:*:*:*:*:*:*:*", + "name": "ipaddr.js", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/ipaddr.js@1.9.1", + "type": "library", + "version": "1.9.1" + }, + { + "bom-ref": "pkg:npm/is-positive@3.1.0?package-id=bc8e42cbdee7b510", + "cpe": "cpe:2.3:a:is-positive:is-positive:3.1.0:*:*:*:*:*:*:*", + "name": "is-positive", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:is-positive:is_positive:3.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:is_positive:is-positive:3.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:is_positive:is_positive:3.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:is:is-positive:3.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:is:is_positive:3.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/is-positive@3.1.0", + "type": "library", + "version": "3.1.0" + }, + { + "bom-ref": "pkg:npm/media-typer@0.3.0?package-id=0d0c9173b3765561", + "cpe": "cpe:2.3:a:media-typer:media-typer:0.3.0:*:*:*:*:*:*:*", + "name": "media-typer", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:media-typer:media_typer:0.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:media_typer:media-typer:0.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:media_typer:media_typer:0.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:media:media-typer:0.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:media:media_typer:0.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/media-typer@0.3.0", + "type": "library", + "version": "0.3.0" + }, + { + "bom-ref": "pkg:npm/merge-descriptors@1.0.1?package-id=4c25dffaba71b53f", + "cpe": "cpe:2.3:a:merge-descriptors:merge-descriptors:1.0.1:*:*:*:*:*:*:*", + "name": "merge-descriptors", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:merge-descriptors:merge_descriptors:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:merge_descriptors:merge-descriptors:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:merge_descriptors:merge_descriptors:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:merge:merge-descriptors:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:merge:merge_descriptors:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/merge-descriptors@1.0.1", + "type": "library", + "version": "1.0.1" + }, + { + "bom-ref": "pkg:npm/methods@1.1.2?package-id=9f5112a619f16ada", + "cpe": "cpe:2.3:a:methods:methods:1.1.2:*:*:*:*:*:*:*", + "name": "methods", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/methods@1.1.2", + "type": "library", + "version": "1.1.2" + }, + { + "bom-ref": "pkg:npm/mime@1.6.0?package-id=3a8f4690355983f8", + "cpe": "cpe:2.3:a:mime_project:mime:1.6.0:*:*:*:*:node.js:*:*", + "name": "mime", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/mime@1.6.0", + "type": "library", + "version": "1.6.0" + }, + { + "bom-ref": "pkg:npm/mime-db@1.52.0?package-id=65a378639eed7a8d", + "cpe": "cpe:2.3:a:mime-db:mime-db:1.52.0:*:*:*:*:*:*:*", + "name": "mime-db", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime-db:mime_db:1.52.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime_db:mime-db:1.52.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime_db:mime_db:1.52.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime:mime-db:1.52.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime:mime_db:1.52.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/mime-db@1.52.0", + "type": "library", + "version": "1.52.0" + }, + { + "bom-ref": "pkg:npm/mime-types@2.1.35?package-id=14ae2be2d517fcdc", + "cpe": "cpe:2.3:a:mime-types:mime-types:2.1.35:*:*:*:*:*:*:*", + "name": "mime-types", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime-types:mime_types:2.1.35:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime_types:mime-types:2.1.35:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime_types:mime_types:2.1.35:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime:mime-types:2.1.35:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mime:mime_types:2.1.35:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/mime-types@2.1.35", + "type": "library", + "version": "2.1.35" + }, + { + "bom-ref": "pkg:npm/ms@2.0.0?package-id=acfab536d1f4602c", + "cpe": "cpe:2.3:a:vercel:ms:2.0.0:*:*:*:*:node.js:*:*", + "name": "ms", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/ms@2.0.0", + "type": "library", + "version": "2.0.0" + }, + { + "bom-ref": "pkg:npm/ms@2.1.3?package-id=bca22b52057e7753", + "cpe": "cpe:2.3:a:vercel:ms:2.1.3:*:*:*:*:node.js:*:*", + "name": "ms", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/ms@2.1.3", + "type": "library", + "version": "2.1.3" + }, + { + "bom-ref": "pkg:npm/negotiator@0.6.3?package-id=af6245201061f5e2", + "cpe": "cpe:2.3:a:negotiator:negotiator:0.6.3:*:*:*:*:*:*:*", + "name": "negotiator", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/negotiator@0.6.3", + "type": "library", + "version": "0.6.3" + }, + { + "bom-ref": "pkg:npm/not-baz?package-id=b8327c159037e29a", + "cpe": "cpe:2.3:a:not-baz:not-baz:*:*:*:*:*:*:*:*", + "name": "not-baz", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not-baz:not_baz:*:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not_baz:not-baz:*:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not_baz:not_baz:*:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not:not-baz:*:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not:not_baz:*:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/not-baz", + "type": "library" + }, + { + "bom-ref": "pkg:npm/not-baz@1.0.0?package-id=3b1af970071fba18", + "cpe": "cpe:2.3:a:not-baz:not-baz:1.0.0:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "name": "not-baz", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not-baz:not_baz:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not_baz:not-baz:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not_baz:not_baz:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not:not-baz:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:not:not_baz:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/not-baz@1.0.0", + "type": "library", + "version": "1.0.0" + }, + { + "bom-ref": "pkg:npm/npm_test@1.1.0?package-id=34ba90ce6af47f8c", + "cpe": "cpe:2.3:a:npm-test:npm-test:1.1.0:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "name": "npm_test", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:npm-test:npm_test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:npm_test:npm-test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:npm_test:npm_test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:npm:npm-test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:npm:npm_test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/npm_test@1.1.0", + "type": "library", + "version": "1.1.0" + }, + { + "bom-ref": "pkg:npm/object-inspect@1.12.3?package-id=d4a5f46fefb0c652", + "cpe": "cpe:2.3:a:object-inspect:object-inspect:1.12.3:*:*:*:*:*:*:*", + "name": "object-inspect", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:object-inspect:object_inspect:1.12.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:object_inspect:object-inspect:1.12.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:object_inspect:object_inspect:1.12.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:object:object-inspect:1.12.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:object:object_inspect:1.12.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/object-inspect@1.12.3", + "type": "library", + "version": "1.12.3" + }, + { + "bom-ref": "pkg:npm/on-finished@2.4.1?package-id=025772e77611d88b", + "cpe": "cpe:2.3:a:on-finished:on-finished:2.4.1:*:*:*:*:*:*:*", + "name": "on-finished", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:on-finished:on_finished:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:on_finished:on-finished:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:on_finished:on_finished:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:on:on-finished:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:on:on_finished:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/on-finished@2.4.1", + "type": "library", + "version": "2.4.1" + }, + { + "bom-ref": "pkg:npm/parseurl@1.3.3?package-id=8957b9f80bfd7e48", + "cpe": "cpe:2.3:a:parseurl:parseurl:1.3.3:*:*:*:*:*:*:*", + "name": "parseurl", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/parseurl@1.3.3", + "type": "library", + "version": "1.3.3" + }, + { + "bom-ref": "pkg:npm/path-to-regexp@0.1.7?package-id=6fb024842a7b51c9", + "cpe": "cpe:2.3:a:path-to-regexp:path-to-regexp:0.1.7:*:*:*:*:*:*:*", + "name": "path-to-regexp", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path-to-regexp:path_to_regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path_to_regexp:path-to-regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path_to_regexp:path_to_regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path-to:path-to-regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path-to:path_to_regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path_to:path-to-regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path_to:path_to_regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path:path-to-regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:path:path_to_regexp:0.1.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/path-to-regexp@0.1.7", + "type": "library", + "version": "0.1.7" + }, + { + "bom-ref": "pkg:npm/proxy-addr@2.0.7?package-id=aa592d0a6f0e14e0", + "cpe": "cpe:2.3:a:proxy-addr:proxy-addr:2.0.7:*:*:*:*:*:*:*", + "name": "proxy-addr", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:proxy-addr:proxy_addr:2.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:proxy_addr:proxy-addr:2.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:proxy_addr:proxy_addr:2.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:proxy:proxy-addr:2.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:proxy:proxy_addr:2.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/proxy-addr@2.0.7", + "type": "library", + "version": "2.0.7" + }, + { + "bom-ref": "pkg:npm/qs@6.11.0?package-id=6e2c51e0e8fdd82a", + "cpe": "cpe:2.3:a:qs_project:qs:6.11.0:*:*:*:*:node.js:*:*", + "name": "qs", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/qs@6.11.0", + "type": "library", + "version": "6.11.0" + }, + { + "bom-ref": "pkg:npm/range-parser@1.2.1?package-id=a5ac7b9eddc291fe", + "cpe": "cpe:2.3:a:range-parser:range-parser:1.2.1:*:*:*:*:*:*:*", + "name": "range-parser", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:range-parser:range_parser:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:range_parser:range-parser:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:range_parser:range_parser:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:range:range-parser:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:range:range_parser:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/range-parser@1.2.1", + "type": "library", + "version": "1.2.1" + }, + { + "bom-ref": "pkg:npm/raw-body@2.5.1?package-id=c124e89ccbc8e1a9", + "cpe": "cpe:2.3:a:raw-body:raw-body:2.5.1:*:*:*:*:*:*:*", + "name": "raw-body", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:raw-body:raw_body:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:raw_body:raw-body:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:raw_body:raw_body:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:raw:raw-body:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:raw:raw_body:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/raw-body@2.5.1", + "type": "library", + "version": "2.5.1" + }, + { + "bom-ref": "pkg:npm/safe-buffer@5.2.1?package-id=f1a458d0a34a3e1e", + "cpe": "cpe:2.3:a:safe-buffer:safe-buffer:5.2.1:*:*:*:*:*:*:*", + "name": "safe-buffer", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safe-buffer:safe_buffer:5.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safe_buffer:safe-buffer:5.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safe_buffer:safe_buffer:5.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safe:safe-buffer:5.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safe:safe_buffer:5.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/safe-buffer@5.2.1", + "type": "library", + "version": "5.2.1" + }, + { + "bom-ref": "pkg:npm/safer-buffer@2.1.2?package-id=35e495695450988a", + "cpe": "cpe:2.3:a:safer-buffer:safer-buffer:2.1.2:*:*:*:*:*:*:*", + "name": "safer-buffer", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safer-buffer:safer_buffer:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safer_buffer:safer-buffer:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safer_buffer:safer_buffer:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safer:safer-buffer:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:safer:safer_buffer:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2", + "type": "library", + "version": "2.1.2" + }, + { + "bom-ref": "pkg:npm/sax@0.1.1?package-id=e5fe5e07946d7f0e", + "cpe": "cpe:2.3:a:sax:sax:0.1.1:*:*:*:*:*:*:*", + "name": "sax", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/sax@0.1.1", + "type": "library", + "version": "0.1.1" + }, + { + "bom-ref": "pkg:npm/send@0.18.0?package-id=eb7410154bfac325", + "cpe": "cpe:2.3:a:send_project:send:0.18.0:*:*:*:*:node.js:*:*", + "name": "send", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/send@0.18.0", + "type": "library", + "version": "0.18.0" + }, + { + "bom-ref": "pkg:npm/serve-static@1.15.0?package-id=73cf56576686cfde", + "cpe": "cpe:2.3:a:serve-static:serve-static:1.15.0:*:*:*:*:*:*:*", + "name": "serve-static", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:serve-static:serve_static:1.15.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:serve_static:serve-static:1.15.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:serve_static:serve_static:1.15.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:serve:serve-static:1.15.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:serve:serve_static:1.15.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/serve-static@1.15.0", + "type": "library", + "version": "1.15.0" + }, + { + "bom-ref": "pkg:npm/setprototypeof@1.2.0?package-id=547a0345595d4c22", + "cpe": "cpe:2.3:a:setprototypeof:setprototypeof:1.2.0:*:*:*:*:*:*:*", + "name": "setprototypeof", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/setprototypeof@1.2.0", + "type": "library", + "version": "1.2.0" + }, + { + "bom-ref": "pkg:npm/side-channel@1.0.4?package-id=cdb286823062a5b2", + "cpe": "cpe:2.3:a:side-channel:side-channel:1.0.4:*:*:*:*:*:*:*", + "name": "side-channel", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:side-channel:side_channel:1.0.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:side_channel:side-channel:1.0.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:side_channel:side_channel:1.0.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:side:side-channel:1.0.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:side:side_channel:1.0.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/side-channel@1.0.4", + "type": "library", + "version": "1.0.4" + }, + { + "bom-ref": "pkg:npm/spam?package-id=ee4212f669097a9b", + "cpe": "cpe:2.3:a:spam:spam:*:*:*:*:*:*:*:*", + "name": "spam", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/spam", + "type": "library" + }, + { + "bom-ref": "pkg:npm/spam-packages/spam@1.0.0?package-id=8ad0ba47106e9eca", + "cpe": "cpe:2.3:a:spam-packages\\/spam:spam-packages\\/spam:1.0.0:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "name": "spam-packages/spam", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:spam-packages\\/spam:spam_packages\\/spam:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:spam_packages\\/spam:spam-packages\\/spam:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:spam_packages\\/spam:spam_packages\\/spam:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:spam:spam-packages\\/spam:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:spam:spam_packages\\/spam:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/spam-packages/spam@1.0.0", + "type": "library", + "version": "1.0.0" + }, + { + "bom-ref": "pkg:npm/statuses@2.0.1?package-id=f8d7a7aac610252f", + "cpe": "cpe:2.3:a:statuses:statuses:2.0.1:*:*:*:*:*:*:*", + "name": "statuses", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/statuses@2.0.1", + "type": "library", + "version": "2.0.1" + }, + { + "bom-ref": "pkg:npm/toidentifier@1.0.1?package-id=f4b7c633380a689c", + "cpe": "cpe:2.3:a:toidentifier:toidentifier:1.0.1:*:*:*:*:*:*:*", + "name": "toidentifier", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/toidentifier@1.0.1", + "type": "library", + "version": "1.0.1" + }, + { + "bom-ref": "pkg:npm/type-is@1.6.18?package-id=d68517abe50bfeac", + "cpe": "cpe:2.3:a:type-is:type-is:1.6.18:*:*:*:*:*:*:*", + "name": "type-is", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:type-is:type_is:1.6.18:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:type_is:type-is:1.6.18:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:type_is:type_is:1.6.18:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:type:type-is:1.6.18:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:type:type_is:1.6.18:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/type-is@1.6.18", + "type": "library", + "version": "1.6.18" + }, + { + "bom-ref": "pkg:npm/unpipe@1.0.0?package-id=a69d83f063c5175d", + "cpe": "cpe:2.3:a:unpipe:unpipe:1.0.0:*:*:*:*:*:*:*", + "name": "unpipe", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/unpipe@1.0.0", + "type": "library", + "version": "1.0.0" + }, + { + "bom-ref": "pkg:npm/utils-merge@1.0.1?package-id=1909c40a9ae99753", + "cpe": "cpe:2.3:a:utils-merge:utils-merge:1.0.1:*:*:*:*:*:*:*", + "name": "utils-merge", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:utils-merge:utils_merge:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:utils_merge:utils-merge:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:utils_merge:utils_merge:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:utils:utils-merge:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:utils:utils_merge:1.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/utils-merge@1.0.1", + "type": "library", + "version": "1.0.1" + }, + { + "bom-ref": "pkg:npm/uuid@9.0.0?package-id=ccbce98fa2fd50bf", + "cpe": "cpe:2.3:a:uuid:uuid:9.0.0:*:*:*:*:*:*:*", + "name": "uuid", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/uuid@9.0.0", + "type": "library", + "version": "9.0.0" + }, + { + "bom-ref": "pkg:npm/vary@1.1.2?package-id=4bc84cbb6d76f2fa", + "cpe": "cpe:2.3:a:vary:vary:1.1.2:*:*:*:*:*:*:*", + "name": "vary", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "javascript-lock-cataloger" + }, + { + "name": "syft:package:language", + "value": "javascript" + }, + { + "name": "syft:package:type", + "value": "npm" + }, + { + "name": "syft:package:metadataType", + "value": "javascript-npm-package-lock-entry" + }, + { + "name": "syft:location:0:path", + "value": "/package-lock.json" + } + ], + "purl": "pkg:npm/vary@1.1.2", + "type": "library", + "version": "1.1.2" + }, + { + "bom-ref": "pkg:pypi/certifi@2022.12.7?package-id=605ce44010623730", + "cpe": "cpe:2.3:a:kennethreitz:certifi:2022.12.7:*:*:*:*:python:*:*", + "name": "certifi", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "python-package-cataloger" + }, + { + "name": "syft:package:language", + "value": "python" + }, + { + "name": "syft:package:type", + "value": "python" + }, + { + "name": "syft:package:metadataType", + "value": "python-pip-requirements-entry" + }, + { + "name": "syft:location:0:path", + "value": "/requirements.txt" + } + ], + "purl": "pkg:pypi/certifi@2022.12.7", + "type": "library", + "version": "2022.12.7" + }, + { + "bom-ref": "pkg:pypi/charset-normalizer@3.0.1?package-id=af8ef9b528d1324d", + "cpe": "cpe:2.3:a:python-charset-normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "name": "charset-normalizer", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "python-package-cataloger" + }, + { + "name": "syft:package:language", + "value": "python" + }, + { + "name": "syft:package:type", + "value": "python" + }, + { + "name": "syft:package:metadataType", + "value": "python-pip-requirements-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset-normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset_normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset_normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset-normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset-normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset_normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset_normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset-normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset-normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset_normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset_normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset-normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset-normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset_normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset_normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-charset:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_charset:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:charset:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:charset-normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:charset_normalizer:3.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/requirements.txt" + } + ], + "purl": "pkg:pypi/charset-normalizer@3.0.1", + "type": "library", + "version": "3.0.1" + }, + { + "bom-ref": "pkg:pypi/flit-core@3.8.0?package-id=24f242ce07794d00", + "cpe": "cpe:2.3:a:python-flit-core:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "name": "flit-core", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "python-package-cataloger" + }, + { + "name": "syft:package:language", + "value": "python" + }, + { + "name": "syft:package:type", + "value": "python" + }, + { + "name": "syft:package:metadataType", + "value": "python-pip-requirements-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit-core:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit_core:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit_core:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit-core:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit-core:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit_core:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit_core:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit-core:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit-core:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit_core:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit_core:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit:python-flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit:python_flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-flit:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_flit:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit-core:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit-core:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit_core:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit_core:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit:flit-core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:flit:flit_core:3.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/requirements-build.txt" + } + ], + "purl": "pkg:pypi/flit-core@3.8.0", + "type": "library", + "version": "3.8.0" + }, + { + "bom-ref": "pkg:pypi/idna@3.4?package-id=ff5d4caf61299680", + "cpe": "cpe:2.3:a:python-idna:python-idna:3.4:*:*:*:*:*:*:*", + "name": "idna", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "python-package-cataloger" + }, + { + "name": "syft:package:language", + "value": "python" + }, + { + "name": "syft:package:type", + "value": "python" + }, + { + "name": "syft:package:metadataType", + "value": "python-pip-requirements-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-idna:python_idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_idna:python-idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_idna:python_idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python-idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python_idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:idna:python-idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:idna:python_idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-idna:idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_idna:idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:idna:idna:3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/requirements.txt" + } + ], + "purl": "pkg:pypi/idna@3.4", + "type": "library", + "version": "3.4" + }, + { + "bom-ref": "pkg:pypi/requests@2.28.2?package-id=03176f57fdf54d1e", + "cpe": "cpe:2.3:a:python:requests:2.28.2:*:*:*:*:*:*:*", + "name": "requests", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "python-package-cataloger" + }, + { + "name": "syft:package:language", + "value": "python" + }, + { + "name": "syft:package:type", + "value": "python" + }, + { + "name": "syft:package:metadataType", + "value": "python-pip-requirements-entry" + }, + { + "name": "syft:location:0:path", + "value": "/requirements.txt" + } + ], + "purl": "pkg:pypi/requests@2.28.2", + "type": "library", + "version": "2.28.2" + }, + { + "bom-ref": "pkg:pypi/setuptools@67.1.0?package-id=7ae302e7223ecbbd", + "cpe": "cpe:2.3:a:python:setuptools:67.1.0:*:*:*:*:*:*:*", + "name": "setuptools", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "python-package-cataloger" + }, + { + "name": "syft:package:language", + "value": "python" + }, + { + "name": "syft:package:type", + "value": "python" + }, + { + "name": "syft:package:metadataType", + "value": "python-pip-requirements-entry" + }, + { + "name": "syft:location:0:path", + "value": "/requirements-build.txt" + } + ], + "purl": "pkg:pypi/setuptools@67.1.0", + "type": "library", + "version": "67.1.0" + }, + { + "bom-ref": "pkg:pypi/urllib3@1.26.14?package-id=531a10a07587b59c", + "cpe": "cpe:2.3:a:python:urllib3:1.26.14:*:*:*:*:*:*:*", + "name": "urllib3", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "python-package-cataloger" + }, + { + "name": "syft:package:language", + "value": "python" + }, + { + "name": "syft:package:type", + "value": "python" + }, + { + "name": "syft:package:metadataType", + "value": "python-pip-requirements-entry" + }, + { + "name": "syft:location:0:path", + "value": "/requirements.txt" + } + ], + "purl": "pkg:pypi/urllib3@1.26.14", + "type": "library", + "version": "1.26.14" + }, + { + "bom-ref": "pkg:pypi/wheel@0.38.4?package-id=3a9d5577afa1b279", + "cpe": "cpe:2.3:a:python-wheel:python-wheel:0.38.4:*:*:*:*:*:*:*", + "name": "wheel", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "python-package-cataloger" + }, + { + "name": "syft:package:language", + "value": "python" + }, + { + "name": "syft:package:type", + "value": "python" + }, + { + "name": "syft:package:metadataType", + "value": "python-pip-requirements-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-wheel:python_wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_wheel:python-wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_wheel:python_wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python-wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:python_wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python-wheel:wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python_wheel:wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:wheel:python-wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:wheel:python_wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:python:wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:wheel:wheel:0.38.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/requirements-build.txt" + } + ], + "purl": "pkg:pypi/wheel@0.38.4", + "type": "library", + "version": "0.38.4" + }, + { + "bom-ref": "pkg:rpm/rhel/basesystem@11-13.el9?arch=noarch&upstream=basesystem-11-13.el9.src.rpm&distro=rhel-9.5&package-id=fcabd006cb3bfe7d", + "cpe": "cpe:2.3:a:basesystem:basesystem:11-13.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "Public Domain" + } + } + ], + "name": "basesystem", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:basesystem:11-13.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "13.el9" + }, + { + "name": "syft:metadata:size", + "value": "0" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "basesystem-11-13.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/basesystem@11-13.el9?arch=noarch&upstream=basesystem-11-13.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "11-13.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/bash@5.1.8-9.el9?arch=x86_64&upstream=bash-5.1.8-9.el9.src.rpm&distro=rhel-9.5&package-id=a6062d7253817d9d", + "cpe": "cpe:2.3:a:redhat:bash:5.1.8-9.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "GPLv3+" + } + } + ], + "name": "bash", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bash:bash:5.1.8-9.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "9.el9" + }, + { + "name": "syft:metadata:size", + "value": "7738778" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "bash-5.1.8-9.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/bash@5.1.8-9.el9?arch=x86_64&upstream=bash-5.1.8-9.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "5.1.8-9.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/coreutils-single@8.32-36.el9?arch=x86_64&upstream=coreutils-8.32-36.el9.src.rpm&distro=rhel-9.5&package-id=bc07797a46d14a80", + "cpe": "cpe:2.3:a:coreutils-single:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "GPLv3+" + } + } + ], + "name": "coreutils-single", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils-single:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils_single:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils_single:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "36.el9" + }, + { + "name": "syft:metadata:size", + "value": "1403137" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "coreutils-8.32-36.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/coreutils-single@8.32-36.el9?arch=x86_64&upstream=coreutils-8.32-36.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "8.32-36.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/filesystem@3.16-5.el9?arch=x86_64&upstream=filesystem-3.16-5.el9.src.rpm&distro=rhel-9.5&package-id=5423c4a724c69dca", + "cpe": "cpe:2.3:a:filesystem:filesystem:3.16-5.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "Public Domain" + } + } + ], + "name": "filesystem", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:filesystem:3.16-5.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "5.el9" + }, + { + "name": "syft:metadata:size", + "value": "106" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "filesystem-3.16-5.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/filesystem@3.16-5.el9?arch=x86_64&upstream=filesystem-3.16-5.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "3.16-5.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/glibc@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5&package-id=ab6bbd6d165109d2", + "cpe": "cpe:2.3:a:redhat:glibc:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + } + } + ], + "name": "glibc", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "125.el9_5.1" + }, + { + "name": "syft:metadata:size", + "value": "6430227" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "glibc-2.34-125.el9_5.1.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/glibc@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2.34-125.el9_5.1" + }, + { + "bom-ref": "pkg:rpm/rhel/glibc-common@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5&package-id=5d2e03b4ae3e405b", + "cpe": "cpe:2.3:a:glibc-common:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + } + } + ], + "name": "glibc-common", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-common:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_common:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_common:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "125.el9_5.1" + }, + { + "name": "syft:metadata:size", + "value": "1083649" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "glibc-2.34-125.el9_5.1.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/glibc-common@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2.34-125.el9_5.1" + }, + { + "bom-ref": "pkg:rpm/rhel/glibc-minimal-langpack@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5&package-id=d35bdd9cfa0b8d62", + "cpe": "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + } + } + ], + "name": "glibc-minimal-langpack", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "125.el9_5.1" + }, + { + "name": "syft:metadata:size", + "value": "0" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "glibc-2.34-125.el9_5.1.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/glibc-minimal-langpack@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2.34-125.el9_5.1" + }, + { + "bom-ref": "pkg:rpm/rhel/gpg-pubkey@5a6340b3-6229229e?distro=rhel-9.5&package-id=6a4614b48b443e33", + "cpe": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "pubkey" + } + } + ], + "name": "gpg-pubkey", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg-pubkey:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg_pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg_pubkey:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "6229229e" + }, + { + "name": "syft:metadata:size", + "value": "0" + } + ], + "purl": "pkg:rpm/rhel/gpg-pubkey@5a6340b3-6229229e?distro=rhel-9.5", + "type": "library", + "version": "5a6340b3-6229229e" + }, + { + "bom-ref": "pkg:rpm/rhel/gpg-pubkey@fd431d51-4ae0493b?distro=rhel-9.5&package-id=0b9edfc7dd36b25d", + "cpe": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "pubkey" + } + } + ], + "name": "gpg-pubkey", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg-pubkey:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg_pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg_pubkey:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "4ae0493b" + }, + { + "name": "syft:metadata:size", + "value": "0" + } + ], + "purl": "pkg:rpm/rhel/gpg-pubkey@fd431d51-4ae0493b?distro=rhel-9.5", + "type": "library", + "version": "fd431d51-4ae0493b" + }, + { + "bom-ref": "pkg:rpm/rhel/libacl@2.3.1-4.el9?arch=x86_64&upstream=acl-2.3.1-4.el9.src.rpm&distro=rhel-9.5&package-id=6a12891a28711ed0", + "cpe": "cpe:2.3:a:libacl:libacl:2.3.1-4.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "name": "libacl", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libacl:2.3.1-4.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "4.el9" + }, + { + "name": "syft:metadata:size", + "value": "40554" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "acl-2.3.1-4.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/libacl@2.3.1-4.el9?arch=x86_64&upstream=acl-2.3.1-4.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2.3.1-4.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/libattr@2.5.1-3.el9?arch=x86_64&upstream=attr-2.5.1-3.el9.src.rpm&distro=rhel-9.5&package-id=246362466b6f01d4", + "cpe": "cpe:2.3:a:libattr:libattr:2.5.1-3.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "name": "libattr", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libattr:2.5.1-3.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "3.el9" + }, + { + "name": "syft:metadata:size", + "value": "29429" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "attr-2.5.1-3.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/libattr@2.5.1-3.el9?arch=x86_64&upstream=attr-2.5.1-3.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2.5.1-3.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/libcap@2.48-9.el9_2?arch=x86_64&upstream=libcap-2.48-9.el9_2.src.rpm&distro=rhel-9.5&package-id=e129417de8081c72", + "cpe": "cpe:2.3:a:libcap:libcap:2.48-9.el9_2:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "BSD or GPLv2" + } + } + ], + "name": "libcap", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libcap:2.48-9.el9_2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "9.el9_2" + }, + { + "name": "syft:metadata:size", + "value": "177471" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libcap-2.48-9.el9_2.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/libcap@2.48-9.el9_2?arch=x86_64&upstream=libcap-2.48-9.el9_2.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2.48-9.el9_2" + }, + { + "bom-ref": "pkg:rpm/rhel/libgcc@11.5.0-2.el9?arch=x86_64&upstream=gcc-11.5.0-2.el9.src.rpm&distro=rhel-9.5&package-id=492434936db2f877", + "cpe": "cpe:2.3:a:libgcc:libgcc:11.5.0-2.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + } + } + ], + "name": "libgcc", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libgcc:11.5.0-2.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "2.el9" + }, + { + "name": "syft:metadata:size", + "value": "198756" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "gcc-11.5.0-2.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/libgcc@11.5.0-2.el9?arch=x86_64&upstream=gcc-11.5.0-2.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "11.5.0-2.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/libselinux@3.6-1.el9?arch=x86_64&upstream=libselinux-3.6-1.el9.src.rpm&distro=rhel-9.5&package-id=79db8c526f87ba3b", + "cpe": "cpe:2.3:a:libselinux:libselinux:3.6-1.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "Public Domain" + } + } + ], + "name": "libselinux", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libselinux:3.6-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "1.el9" + }, + { + "name": "syft:metadata:size", + "value": "176853" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libselinux-3.6-1.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/libselinux@3.6-1.el9?arch=x86_64&upstream=libselinux-3.6-1.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "3.6-1.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/libsepol@3.6-1.el9?arch=x86_64&upstream=libsepol-3.6-1.el9.src.rpm&distro=rhel-9.5&package-id=9891839d8f699944", + "cpe": "cpe:2.3:a:libsepol:libsepol:3.6-1.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "name": "libsepol", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libsepol:3.6-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "1.el9" + }, + { + "name": "syft:metadata:size", + "value": "829251" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libsepol-3.6-1.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/libsepol@3.6-1.el9?arch=x86_64&upstream=libsepol-3.6-1.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "3.6-1.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/ncurses-base@6.2-10.20210508.el9?arch=noarch&upstream=ncurses-6.2-10.20210508.el9.src.rpm&distro=rhel-9.5&package-id=a0d19211c8c4589b", + "cpe": "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "name": "ncurses-base", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "10.20210508.el9" + }, + { + "name": "syft:metadata:size", + "value": "307293" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "ncurses-6.2-10.20210508.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/ncurses-base@6.2-10.20210508.el9?arch=noarch&upstream=ncurses-6.2-10.20210508.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "6.2-10.20210508.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&upstream=ncurses-6.2-10.20210508.el9.src.rpm&distro=rhel-9.5&package-id=31b40b2b21390159", + "cpe": "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "name": "ncurses-libs", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "10.20210508.el9" + }, + { + "name": "syft:metadata:size", + "value": "994375" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "ncurses-6.2-10.20210508.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&upstream=ncurses-6.2-10.20210508.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "6.2-10.20210508.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/pcre2@10.40-6.el9?arch=x86_64&upstream=pcre2-10.40-6.el9.src.rpm&distro=rhel-9.5&package-id=1a97d50a68b062d7", + "cpe": "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "BSD" + } + } + ], + "name": "pcre2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "6.el9" + }, + { + "name": "syft:metadata:size", + "value": "652298" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "pcre2-10.40-6.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/pcre2@10.40-6.el9?arch=x86_64&upstream=pcre2-10.40-6.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "10.40-6.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/pcre2-syntax@10.40-6.el9?arch=noarch&upstream=pcre2-10.40-6.el9.src.rpm&distro=rhel-9.5&package-id=8f3dd37865073b05", + "cpe": "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "BSD" + } + } + ], + "name": "pcre2-syntax", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "6.el9" + }, + { + "name": "syft:metadata:size", + "value": "234324" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "pcre2-10.40-6.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/pcre2-syntax@10.40-6.el9?arch=noarch&upstream=pcre2-10.40-6.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "10.40-6.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/redhat-release@9.5-0.6.el9?arch=x86_64&upstream=redhat-release-9.5-0.6.el9.src.rpm&distro=rhel-9.5&package-id=bbf1d165194eceb0", + "cpe": "cpe:2.3:a:redhat-release:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "GPLv2" + } + } + ], + "name": "redhat-release", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat-release:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat_release:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat_release:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "0.6.el9" + }, + { + "name": "syft:metadata:size", + "value": "58817" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "redhat-release-9.5-0.6.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/redhat-release@9.5-0.6.el9?arch=x86_64&upstream=redhat-release-9.5-0.6.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "9.5-0.6.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/setup@2.13.7-10.el9?arch=noarch&upstream=setup-2.13.7-10.el9.src.rpm&distro=rhel-9.5&package-id=befa3e6a19701472", + "cpe": "cpe:2.3:a:redhat:setup:2.13.7-10.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "Public Domain" + } + } + ], + "name": "setup", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:setup:setup:2.13.7-10.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "10.el9" + }, + { + "name": "syft:metadata:size", + "value": "725932" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "setup-2.13.7-10.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/setup@2.13.7-10.el9?arch=noarch&upstream=setup-2.13.7-10.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2.13.7-10.el9" + }, + { + "bom-ref": "pkg:rpm/rhel/tzdata@2024b-2.el9?arch=noarch&upstream=tzdata-2024b-2.el9.src.rpm&distro=rhel-9.5&package-id=f21803b5b9d9adef", + "cpe": "cpe:2.3:a:redhat:tzdata:2024b-2.el9:*:*:*:*:*:*:*", + "licenses": [ + { + "license": { + "name": "Public Domain" + } + } + ], + "name": "tzdata", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:tzdata:tzdata:2024b-2.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "2.el9" + }, + { + "name": "syft:metadata:size", + "value": "1654640" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "tzdata-2024b-2.el9.src.rpm" + } + ], + "publisher": "Red Hat, Inc.", + "purl": "pkg:rpm/rhel/tzdata@2024b-2.el9?arch=noarch&upstream=tzdata-2024b-2.el9.src.rpm&distro=rhel-9.5", + "type": "library", + "version": "2024b-2.el9" + }, + { + "bom-ref": "os:rhel@9.5", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", + "description": "Red Hat Enterprise Linux 9.5 (Plow)", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://issues.redhat.com/" + }, + { + "type": "website", + "url": "https://www.redhat.com/" + } + ], + "name": "rhel", + "properties": [ + { + "name": "syft:distro:id", + "value": "rhel" + }, + { + "name": "syft:distro:idLike:0", + "value": "fedora" + }, + { + "name": "syft:distro:prettyName", + "value": "Red Hat Enterprise Linux 9.5 (Plow)" + }, + { + "name": "syft:distro:versionID", + "value": "9.5" + } + ], + "swid": { + "name": "rhel", + "tagId": "rhel", + "version": "9.5" + }, + "type": "operating-system", + "version": "9.5" + } + ], + "metadata": { + "component": { + "bom-ref": "af63bd4c8601b7f1", + "name": ".", + "type": "file" + }, + "timestamp": "2024-12-18T11:08:00+01:00", + "tools": { + "components": [ + { + "author": "anchore", + "name": "syft", + "type": "application", + "version": "1.4.1" + } + ] + } + }, + "serialNumber": "urn:uuid:1d823647-6b64-41b3-a29b-1d09cfb3ba8a", + "specVersion": "1.5", + "version": 1 +} diff --git a/sbom-utility-scripts/scripts/merge-sboms-script/test_data/spdx/cachi2.bom.json b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/spdx/cachi2.bom.json new file mode 100644 index 0000000..acb5928 --- /dev/null +++ b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/spdx/cachi2.bom.json @@ -0,0 +1,7230 @@ +{ + "SPDXID": "SPDXRef-DOCUMENT", + "creationInfo": { + "created": "2024-12-18T11:27:10Z", + "creators": [ + "Tool: cachi2", + "Organization: red hat" + ] + }, + "dataLicense": "CC0-1.0", + "documentNamespace": "NOASSERTION", + "files": [], + "name": "", + "packages": [ + { + "SPDXID": "SPDXRef-DocumentRoot-File-", + "annotations": [], + "downloadLocation": "NOASSERTION", + "externalRefs": [], + "name": "", + "versionInfo": "" + }, + { + "SPDXID": "SPDXRef-Package-@types/prop-types-15.7.5-2d13fa1fda82a31e6ee9a07d7956586c1d91a3b859ff1dcfb40ccc1b4a3dd481", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/%40types/prop-types@15.7.5", + "referenceType": "purl" + } + ], + "name": "@types/prop-types", + "versionInfo": "15.7.5" + }, + { + "SPDXID": "SPDXRef-Package-@types/react-18.0.35-b9ed72f467423072bf84280dd8d6d95b03454eb99dd7e79344fb87ae1fd9b1df", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/%40types/react@18.0.35", + "referenceType": "purl" + } + ], + "name": "@types/react", + "versionInfo": "18.0.35" + }, + { + "SPDXID": "SPDXRef-Package-@types/react-dom-18.0.11-0695908f176f2057c391965487aaeb8beb94f9d61b26f9251fc5b0540c4fc5b8", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/%40types/react-dom@18.0.11", + "referenceType": "purl" + } + ], + "name": "@types/react-dom", + "versionInfo": "18.0.11" + }, + { + "SPDXID": "SPDXRef-Package-@types/scheduler-0.16.3-9203434a3e490164962e30f641d81c2a982ba1451fa895c04f8915303e36c4cd", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/%40types/scheduler@0.16.3", + "referenceType": "purl" + } + ], + "name": "@types/scheduler", + "versionInfo": "0.16.3" + }, + { + "SPDXID": "SPDXRef-Package-abbrev-2.0.0-1894f11f2fae86ef35389ca7eddfbe9ce2f0dac015bfa94c7aa018734ba3e849", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/abbrev@2.0.0", + "referenceType": "purl" + } + ], + "name": "abbrev", + "versionInfo": "2.0.0" + }, + { + "SPDXID": "SPDXRef-Package-accepts-1.3.8-9c22f6c6130717b834f1907e0ca1fba3dc8992aea7a646991e20d6a7b61ab711", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/accepts@1.3.8", + "referenceType": "purl" + } + ], + "name": "accepts", + "versionInfo": "1.3.8" + }, + { + "SPDXID": "SPDXRef-Package-array-flatten-1.1.1-2bbda85f1ca7a6b3a06dd56d05d19eea3fc2b3ea9e823f5beebf430b54ed8b27", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/array-flatten@1.1.1", + "referenceType": "purl" + } + ], + "name": "array-flatten", + "versionInfo": "1.1.1" + }, + { + "SPDXID": "SPDXRef-Package-bar-1.0.0-59bce6cc36eb7c521941d78806369a8891afc8867b655d8624db7b0bd61c0978", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/bar@1.0.0?vcs_url=git%2Bhttps://github.com/cachito-testing/npm-cachi2-smoketest%40f1d31c2b051b218c84399b12461e0957d87bd0cd#bar", + "referenceType": "purl" + } + ], + "name": "bar", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-bitbucket-cachi2-npm-without-deps-1.0.0-e35aeb8abd2f04d065c1c994ee122ed6a7986ad6856f3c0121043b14610ab051", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/bitbucket-cachi2-npm-without-deps@1.0.0?vcs_url=git%2Bssh://git%40bitbucket.org/cachi-testing/cachi2-without-deps.git%409e164b97043a2d91bbeb992f6cc68a3d1015086a", + "referenceType": "purl" + } + ], + "name": "bitbucket-cachi2-npm-without-deps", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-bitbucket-cachi2-npm-without-deps-second-2.0.0-81c15e90a3e55924473e46c408687efffa3c2c15a8b0f93cb526ee58a8e4d831", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/bitbucket-cachi2-npm-without-deps-second@2.0.0?vcs_url=git%2Bssh://git%40bitbucket.org/cachi-testing/cachi2-without-deps-second.git%4009992d418fc44a2895b7a9ff27c4e32d6f74a982", + "referenceType": "purl" + } + ], + "name": "bitbucket-cachi2-npm-without-deps-second", + "versionInfo": "2.0.0" + }, + { + "SPDXID": "SPDXRef-Package-body-parser-1.20.1-f1e3973bbe263c9fef6f05bb6e8c5d62863cb7723c4cdd3fcde7d305b586f781", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/body-parser@1.20.1", + "referenceType": "purl" + } + ], + "name": "body-parser", + "versionInfo": "1.20.1" + }, + { + "SPDXID": "SPDXRef-Package-bufio-None-50fdaec28e33e601d7d652bcd07106e339cb553fac4be5ff9d34de2d4cef23d8", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/bufio?type=package", + "referenceType": "purl" + } + ], + "name": "bufio" + }, + { + "SPDXID": "SPDXRef-Package-bytes-None-8a7568ccb42e145adcfbeb55d2458a82268b773075ce871653a85f1702c1759b", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/bytes?type=package", + "referenceType": "purl" + } + ], + "name": "bytes" + }, + { + "SPDXID": "SPDXRef-Package-bytes-3.1.2-6c35d8273701bdeb00c705c04d304e774a7a084d5da577d3048bba43a2e1d6f3", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/bytes@3.1.2", + "referenceType": "purl" + } + ], + "name": "bytes", + "versionInfo": "3.1.2" + }, + { + "SPDXID": "SPDXRef-Package-cachito-npm-without-deps-1.0.0-1c721b3db1237430a73952511a72cea21d08d1ef7758c3c97fcba93e2b78eba4", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/cachito-npm-without-deps@1.0.0?checksum=sha512:43e71f90ad5f9eb349ab18a283f8954994def373962ddc61b866bdea4d48249e67913c6b84dca1e8c519e981ca1fcc62b438292104a88ee9ed72db76a41efede&download_url=https://github.com/cachito-testing/cachito-npm-without-deps/raw/tarball/cachito-npm-without-deps-1.0.0.tgz", + "referenceType": "purl" + } + ], + "name": "cachito-npm-without-deps", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-call-bind-1.0.2-2da0a76c8a0a514b03483b3e876a26e670c7d5a9215ad870bbf88a997e4bc3a7", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/call-bind@1.0.2", + "referenceType": "purl" + } + ], + "name": "call-bind", + "versionInfo": "1.0.2" + }, + { + "SPDXID": "SPDXRef-Package-certifi-2022.12.7-a57cd5aa2a923c5620d6a157af0e7dd2404162d291f47d3ea58a56f7eabed47a", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/certifi@2022.12.7", + "referenceType": "purl" + } + ], + "name": "certifi", + "versionInfo": "2022.12.7" + }, + { + "SPDXID": "SPDXRef-Package-charset-normalizer-3.0.1-f8d91bc6b61ba49560dd447f0c648137fe413dff7c13fe1163bd5dab9ac8f9a9", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/charset-normalizer@3.0.1", + "referenceType": "purl" + } + ], + "name": "charset-normalizer", + "versionInfo": "3.0.1" + }, + { + "SPDXID": "SPDXRef-Package-classnames-2.3.2-ec4db75970d0c19420d3e774fa674397552c5562cac237dd908c8bacbfb4980a", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/classnames@2.3.2", + "referenceType": "purl" + } + ], + "name": "classnames", + "versionInfo": "2.3.2" + }, + { + "SPDXID": "SPDXRef-Package-colors-1.4.0-ea7fd773e7bf8d58d09e3256c69d9a8f0c496abf24179c2c8c9146e59e3f3912", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/colors@1.4.0", + "referenceType": "purl" + } + ], + "name": "colors", + "versionInfo": "1.4.0" + }, + { + "SPDXID": "SPDXRef-Package-compress/flate-None-9d146ce55d4d1fc078246490d294ef608f72a781d19f4ed107fc1264a0ef9edf", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/compress/flate?type=package", + "referenceType": "purl" + } + ], + "name": "compress/flate" + }, + { + "SPDXID": "SPDXRef-Package-compress/gzip-None-fe07f7a11777bc3223ca5dcd4418003440da1f7e5242714f1f152517421eccb7", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/compress/gzip?type=package", + "referenceType": "purl" + } + ], + "name": "compress/gzip" + }, + { + "SPDXID": "SPDXRef-Package-container/list-None-685451a0a7aee8920600cd482bffa5b155a5e0f6942b6f7d1d919f28a3f361b7", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/container/list?type=package", + "referenceType": "purl" + } + ], + "name": "container/list" + }, + { + "SPDXID": "SPDXRef-Package-content-disposition-0.5.4-94d613e00e5c81dcfd67143d3f081284fc1e578914e6f9579d5ba9173857520d", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/content-disposition@0.5.4", + "referenceType": "purl" + } + ], + "name": "content-disposition", + "versionInfo": "0.5.4" + }, + { + "SPDXID": "SPDXRef-Package-content-type-1.0.5-03f124b6782e6b209a6b92909d4158dfca5fc398bc0b8dd67ccadeacbef92b59", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/content-type@1.0.5", + "referenceType": "purl" + } + ], + "name": "content-type", + "versionInfo": "1.0.5" + }, + { + "SPDXID": "SPDXRef-Package-context-None-b84f72d7f2b8afebda6a3b97cc840cc1c4060e6db640f1fb0af8a7231e80de7d", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/context?type=package", + "referenceType": "purl" + } + ], + "name": "context" + }, + { + "SPDXID": "SPDXRef-Package-cookie-0.5.0-02bcf0b2fb295a63bb9861700bd212768302566a9bcd528b5684fee4cfa29ef1", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/cookie@0.5.0", + "referenceType": "purl" + } + ], + "name": "cookie", + "versionInfo": "0.5.0" + }, + { + "SPDXID": "SPDXRef-Package-cookie-signature-1.0.6-146f16319934f7394c628060076583d4aa8e4479d5df2d7518a44c369955d1cc", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/cookie-signature@1.0.6", + "referenceType": "purl" + } + ], + "name": "cookie-signature", + "versionInfo": "1.0.6" + }, + { + "SPDXID": "SPDXRef-Package-crypto-None-4137aa50bb490f937ab07379bb958d9701ffb43ee2d4ca5e65eeae80d7473a1e", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto?type=package", + "referenceType": "purl" + } + ], + "name": "crypto" + }, + { + "SPDXID": "SPDXRef-Package-crypto/aes-None-4b7159fc54e034ece944eb79bf8ec1d017435ab8cddadca9c481872c8552d88c", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/aes?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/aes" + }, + { + "SPDXID": "SPDXRef-Package-crypto/cipher-None-a7b309dd8cf5ed3a31559821ada58e343d0eb22798687b651714016251447b90", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/cipher?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/cipher" + }, + { + "SPDXID": "SPDXRef-Package-crypto/des-None-d0c916f3a927d847872c2b5a4424b4d44f83297dfab47eb4559d632bc02a356b", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/des?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/des" + }, + { + "SPDXID": "SPDXRef-Package-crypto/dsa-None-7ae1b92ddf8b786517ebb4a976ce5203f4df29303e13556b8f411679dad5e41f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/dsa?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/dsa" + }, + { + "SPDXID": "SPDXRef-Package-crypto/ecdh-None-2833a62747b8ae4cf2163a9eb58d71122a0cfcce49f8462a8bff3f52763343cf", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/ecdh?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/ecdh" + }, + { + "SPDXID": "SPDXRef-Package-crypto/ecdsa-None-aa85ddefbe331601a9108280fed8ab8f7a6619f0a7aefdda989fd5bdc66d1815", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/ecdsa?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/ecdsa" + }, + { + "SPDXID": "SPDXRef-Package-crypto/ed25519-None-a7a086360348d3355d530d502bdcbef8a9ce1b85051791d79aee8e94bab2d69a", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/ed25519?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/ed25519" + }, + { + "SPDXID": "SPDXRef-Package-crypto/elliptic-None-42c14da5e060676ebab57f1e644e78080891dc7e7ae1524ec064d959f3391e0b", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/elliptic?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/elliptic" + }, + { + "SPDXID": "SPDXRef-Package-crypto/hmac-None-90f4b32974f25c3e7fd78538df1793438e3adbbad355179229bfd2e6b323a9e3", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/hmac?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/hmac" + }, + { + "SPDXID": "SPDXRef-Package-crypto/internal/alias-None-b72e17ed348a15d861a8d6a517507932ed428364d043e0848384e16f50b6dbe1", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/internal/alias?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/internal/alias" + }, + { + "SPDXID": "SPDXRef-Package-crypto/internal/bigmod-None-ec1c42915ec4b13c93cd42d861596258beed863619038ba9ceba0e9738b58f50", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/internal/bigmod?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/internal/bigmod" + }, + { + "SPDXID": "SPDXRef-Package-crypto/internal/boring-None-0d09d6fe0d7dd4ae4bd0bd9e4571385167e8ec862caf728a974180abe1d8b910", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/internal/boring?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/internal/boring" + }, + { + "SPDXID": "SPDXRef-Package-crypto/internal/boring/bbig-None-1961facc167a00c28b440340bf887b0f19936f9079874528d14c4ec73f574ff6", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/internal/boring/bbig?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/internal/boring/bbig" + }, + { + "SPDXID": "SPDXRef-Package-crypto/internal/boring/sig-None-659c3ec829cf64be18d90fc4b65595d5ff5313c7a7fc07100f5a635cda5a1c53", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/internal/boring/sig?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/internal/boring/sig" + }, + { + "SPDXID": "SPDXRef-Package-crypto/internal/edwards25519-None-5ba839623a9ec2a4153687905946eb80be776e13e454e72e925ae3100237704f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/internal/edwards25519?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/internal/edwards25519" + }, + { + "SPDXID": "SPDXRef-Package-crypto/internal/edwards25519/field-None-afc497e72afd11be31fe5a953aafa19a4959a49ac13626f8f1dada65004482df", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/internal/edwards25519/field?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/internal/edwards25519/field" + }, + { + "SPDXID": "SPDXRef-Package-crypto/internal/nistec-None-36c10db1c3639955ec3b65ac8a5416661cd6453082331c684eaf47e1a0a9f6b0", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/internal/nistec?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/internal/nistec" + }, + { + "SPDXID": "SPDXRef-Package-crypto/internal/nistec/fiat-None-439c9e61a71cfce1ece26d4df703fa7dcb4d47abbedf242966c4c92f8a1e5a9e", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/internal/nistec/fiat?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/internal/nistec/fiat" + }, + { + "SPDXID": "SPDXRef-Package-crypto/internal/randutil-None-2b53b3fd6ad21340a19dbb67ff5b3588ea4ce6fd1fecf8574ad61252ca32d3c0", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/internal/randutil?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/internal/randutil" + }, + { + "SPDXID": "SPDXRef-Package-crypto/md5-None-f1d6ee6c4e3a6388b402c6bd50df796f699b3ad7fd831b5aae81adaf3e636178", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/md5?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/md5" + }, + { + "SPDXID": "SPDXRef-Package-crypto/rand-None-8034fbc7583154cf2c496e52e0e50888e58253e533efd316eb8f586b4e151352", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/rand?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/rand" + }, + { + "SPDXID": "SPDXRef-Package-crypto/rc4-None-3b23d9deeb0e755779c129e17aef3adc4e08759559c4723efd20f289251c9f0d", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/rc4?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/rc4" + }, + { + "SPDXID": "SPDXRef-Package-crypto/rsa-None-c68ec47c13582cc8c6595f177564e47e5ff2bc97644558e781b309634741eed6", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/rsa?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/rsa" + }, + { + "SPDXID": "SPDXRef-Package-crypto/sha1-None-5d04f13998510e8e9f25ac0063812b5bed581b41ab6924c0c666d159e4acbe2d", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/sha1?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/sha1" + }, + { + "SPDXID": "SPDXRef-Package-crypto/sha256-None-8947c345384e3e9aff8009caa754be26598788ca3eab22ee61f415566937dfa6", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/sha256?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/sha256" + }, + { + "SPDXID": "SPDXRef-Package-crypto/sha512-None-61b3f50b792f6a2b5c813528be0338152e1ff66f0e5c32c0e56fce88a70df05e", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/sha512?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/sha512" + }, + { + "SPDXID": "SPDXRef-Package-crypto/subtle-None-fd6d520ae750dc3bfe8b5f7cff2d089598f9c36bd9b9f823be704dbac5129126", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/subtle?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/subtle" + }, + { + "SPDXID": "SPDXRef-Package-crypto/tls-None-dd3d7486a13d36f076ba91b65f87d99bfdf556af4370260ff08f45263d177b10", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/tls?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/tls" + }, + { + "SPDXID": "SPDXRef-Package-crypto/x509-None-748926597edd9909db834c4c4490447961675cf3227ac69b36f4b8bee494651e", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/x509?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/x509" + }, + { + "SPDXID": "SPDXRef-Package-crypto/x509/pkix-None-f911e20d65ee26a0b61b8bc378bf68f5d2f9507e238de768c998fe62822f2914", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/x509/pkix?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/x509/pkix" + }, + { + "SPDXID": "SPDXRef-Package-csstype-3.1.2-f547c23e831832d43a45a76de10263e609d5e49cbc80a65365da2843d7aff728", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/csstype@3.1.2", + "referenceType": "purl" + } + ], + "name": "csstype", + "versionInfo": "3.1.2" + }, + { + "SPDXID": "SPDXRef-Package-dateformat-5.0.3-c314f4677cf674d970ab3fd6014f8db5e0b3fdfa2417c389392ef74cc7530bfb", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/dateformat@5.0.3", + "referenceType": "purl" + } + ], + "name": "dateformat", + "versionInfo": "5.0.3" + }, + { + "SPDXID": "SPDXRef-Package-debug-2.6.9-ec2bc8ae0f128b684ba998fb9bd2b09b15fafe2a2547f8f82f1efda16b16550e", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/debug@2.6.9", + "referenceType": "purl" + } + ], + "name": "debug", + "versionInfo": "2.6.9" + }, + { + "SPDXID": "SPDXRef-Package-depd-2.0.0-e3710807a07e4c99622b6be764295762cd3f5677210c95f3f4a96b79912af81a", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/depd@2.0.0", + "referenceType": "purl" + } + ], + "name": "depd", + "versionInfo": "2.0.0" + }, + { + "SPDXID": "SPDXRef-Package-destroy-1.2.0-59fc0b2c22a5d75a3ef12ce42ae4d28c1d2b3645996f56fef9438c08c2cf137a", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/destroy@1.2.0", + "referenceType": "purl" + } + ], + "name": "destroy", + "versionInfo": "1.2.0" + }, + { + "SPDXID": "SPDXRef-Package-dockerfile-parse-None-0026bbe355f42473a37c2c101676927dd90dee85ccb496b2348091c7c0d1f710", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/dockerfile-parse?checksum=sha256:36e4469abb0d96b0e3cd656284d5016e8a674cd57b8ebe5af64786fe63b8184d&download_url=https://github.com/containerbuildsystem/dockerfile-parse/archive/refs/tags/2.0.0.tar.gz", + "referenceType": "purl" + } + ], + "name": "dockerfile-parse" + }, + { + "SPDXID": "SPDXRef-Package-ee-first-1.1.1-b0a1fd3ccf6505a1e8943e940f6ffd2d57d544757365e46e62e71ccd6f3a95f1", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/ee-first@1.1.1", + "referenceType": "purl" + } + ], + "name": "ee-first", + "versionInfo": "1.1.1" + }, + { + "SPDXID": "SPDXRef-Package-eggs-1.0.0-1a78b4db4303f5bb20e7708262b8af398a7d6e4d3701d18966f3bd9c7e2fa3cf", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/eggs@1.0.0?vcs_url=git%2Bhttps://github.com/cachito-testing/npm-cachi2-smoketest%40f1d31c2b051b218c84399b12461e0957d87bd0cd#eggs-packages/eggs", + "referenceType": "purl" + } + ], + "name": "eggs", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-embed-None-3b0c4167bd021e80f33378dbb2047342f4703b3a4f98389e36f0bc0663a86ccb", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/embed?type=package", + "referenceType": "purl" + } + ], + "name": "embed" + }, + { + "SPDXID": "SPDXRef-Package-encodeurl-1.0.2-b09c2fb226276faa5522768464540ce24851adbe862b60e8822210f34143c769", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/encodeurl@1.0.2", + "referenceType": "purl" + } + ], + "name": "encodeurl", + "versionInfo": "1.0.2" + }, + { + "SPDXID": "SPDXRef-Package-encoding-None-a06c4a77b81ea33c968604e9b4bd258d63c9843bbbee2d4b9f380c10e9d06d69", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/encoding?type=package", + "referenceType": "purl" + } + ], + "name": "encoding" + }, + { + "SPDXID": "SPDXRef-Package-encoding/asn1-None-b51419836b77ec333ff739e9946db8ae09351db3c85b9a3dafae523fa12cb051", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/encoding/asn1?type=package", + "referenceType": "purl" + } + ], + "name": "encoding/asn1" + }, + { + "SPDXID": "SPDXRef-Package-encoding/base64-None-11801625e0ad51eb0da035bc0402d2e9173a5110323a018b895269a6d6f871b1", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/encoding/base64?type=package", + "referenceType": "purl" + } + ], + "name": "encoding/base64" + }, + { + "SPDXID": "SPDXRef-Package-encoding/binary-None-32b9d270662b96d2dbbec49e1678eaa7820453e21081a33a144d6ac0dc710577", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/encoding/binary?type=package", + "referenceType": "purl" + } + ], + "name": "encoding/binary" + }, + { + "SPDXID": "SPDXRef-Package-encoding/hex-None-f1d3bff874ad8044c7582003620ba1c6ec39ce223964e7a08d18a8cd3954b8c3", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/encoding/hex?type=package", + "referenceType": "purl" + } + ], + "name": "encoding/hex" + }, + { + "SPDXID": "SPDXRef-Package-encoding/json-None-7bd68ddb07d07844137bbed30e90f4a49657448938e01c63c351b969cb02840d", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/encoding/json?type=package", + "referenceType": "purl" + } + ], + "name": "encoding/json" + }, + { + "SPDXID": "SPDXRef-Package-encoding/pem-None-a3311085cfa6442a830dca069711e3c8831b909c1e88cd87b41eb30c2ddf18e7", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/encoding/pem?type=package", + "referenceType": "purl" + } + ], + "name": "encoding/pem" + }, + { + "SPDXID": "SPDXRef-Package-encoding/xml-None-9be966fe2f66775f2de1c083befcfc3db7d9cf1fab030701e6faa71268cdf373", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/encoding/xml?type=package", + "referenceType": "purl" + } + ], + "name": "encoding/xml" + }, + { + "SPDXID": "SPDXRef-Package-errors-None-2994a0ff92785ca0427da149a6e29ff4bd4ca86b759641eeca740713aa6b4aee", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/errors?type=package", + "referenceType": "purl" + } + ], + "name": "errors" + }, + { + "SPDXID": "SPDXRef-Package-escape-html-1.0.3-f90f767c023db5382b0d48919a7e1da8ead602a918b56da5325aeb736275a52d", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/escape-html@1.0.3", + "referenceType": "purl" + } + ], + "name": "escape-html", + "versionInfo": "1.0.3" + }, + { + "SPDXID": "SPDXRef-Package-etag-1.8.1-b69163297fa646fafb5b0b3163e1ff0adb4546dcb5572f6c16682f0dd70d89dc", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/etag@1.8.1", + "referenceType": "purl" + } + ], + "name": "etag", + "versionInfo": "1.8.1" + }, + { + "SPDXID": "SPDXRef-Package-express-4.18.2-9edf04cf81fd12fb830bf8f4119d58f8e41861a5463fac20e0978d1d7b92755a", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/express@4.18.2", + "referenceType": "purl" + } + ], + "name": "express", + "versionInfo": "4.18.2" + }, + { + "SPDXID": "SPDXRef-Package-fecha-4.2.3-19b43bb464398381f95bc87ca8d57c9a11893190af81b14ba932be3046a934d5", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/fecha@4.2.3?vcs_url=git%2Bhttps://github.com/cachito-testing/npm-cachi2-smoketest%40f1d31c2b051b218c84399b12461e0957d87bd0cd#fecha-4.2.3.tgz", + "referenceType": "purl" + } + ], + "name": "fecha", + "versionInfo": "4.2.3" + }, + { + "SPDXID": "SPDXRef-Package-finalhandler-1.2.0-2d3a95b2fde0705e2c0b56ab36cec01a648af5977dbe097b9f874cb72c3f9f10", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/finalhandler@1.2.0", + "referenceType": "purl" + } + ], + "name": "finalhandler", + "versionInfo": "1.2.0" + }, + { + "SPDXID": "SPDXRef-Package-flit-core-3.8.0-a1699442b770ac3f746ead63946e28229d640bdf802ba25f9c4c51689371e6f8", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/flit-core@3.8.0", + "referenceType": "purl" + } + ], + "name": "flit-core", + "versionInfo": "3.8.0" + }, + { + "SPDXID": "SPDXRef-Package-fmt-None-f1a19aa774307d4259395e684c08a092571c2616f5e8bf98bb11ef02b8da432f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/fmt?type=package", + "referenceType": "purl" + } + ], + "name": "fmt" + }, + { + "SPDXID": "SPDXRef-Package-foo-1.0.0-b7e7aecc5dbbd0a3c7e06a21cd4752f4460f207e2534074905241c8af27f23e0", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/foo@1.0.0?vcs_url=git%2Bhttps://github.com/cachito-testing/npm-cachi2-smoketest%40f1d31c2b051b218c84399b12461e0957d87bd0cd#foo", + "referenceType": "purl" + } + ], + "name": "foo", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-forwarded-0.2.0-290e7770b21ed5d3e51392422f063801bbee465fa86be49828df7232895401e6", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/forwarded@0.2.0", + "referenceType": "purl" + } + ], + "name": "forwarded", + "versionInfo": "0.2.0" + }, + { + "SPDXID": "SPDXRef-Package-fresh-0.5.2-39253143db3f788c24bb5b0b81f408fa6c635416bdcbcacc956edd51dfe3b3b6", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/fresh@0.5.2", + "referenceType": "purl" + } + ], + "name": "fresh", + "versionInfo": "0.5.2" + }, + { + "SPDXID": "SPDXRef-Package-function-bind-1.1.1-05dcde660736e6875dd2d66f584ad228028eaca7fe5477f17189151b6f342ad9", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/function-bind@1.1.1", + "referenceType": "purl" + } + ], + "name": "function-bind", + "versionInfo": "1.1.1" + }, + { + "SPDXID": "SPDXRef-Package-get-intrinsic-1.2.0-7d2bee525793890edff38c2514222da0267b6a6dcaf104a5e60ffe344167f1f9", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/get-intrinsic@1.2.0", + "referenceType": "purl" + } + ], + "name": "get-intrinsic", + "versionInfo": "1.2.0" + }, + { + "SPDXID": "SPDXRef-Package-github.com/Azure/go-ansiterm-v0.0.0-20210617225240-d185dfc1b5a1-58819e71792a0906f8ef00b344a66fb53a750a60a83b0e9cf6902462b432611b", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/Azure/go-ansiterm@v0.0.0-20210617225240-d185dfc1b5a1?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/Azure/go-ansiterm", + "versionInfo": "v0.0.0-20210617225240-d185dfc1b5a1" + }, + { + "SPDXID": "SPDXRef-Package-github.com/Masterminds/semver-v1.4.2-1160d2af59246b7be80ace7615339f4f826b6de1586871b2e4e6eb2def67585b", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/Masterminds/semver@v1.4.2?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/Masterminds/semver", + "versionInfo": "v1.4.2" + }, + { + "SPDXID": "SPDXRef-Package-github.com/Masterminds/semver-v1.4.2-3ce965d3eed349e8c186769314b7aab3b8285b154906063e8478a6be9e6dabf3", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/Masterminds/semver@v1.4.2?type=package", + "referenceType": "purl" + } + ], + "name": "github.com/Masterminds/semver", + "versionInfo": "v1.4.2" + }, + { + "SPDXID": "SPDXRef-Package-github.com/Microsoft/go-winio-v0.6.0-d1375201be7b09a009b9f06be7fc3c489b6e46a85af963efaaad69987722c598", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/Microsoft/go-winio@v0.6.0?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/Microsoft/go-winio", + "versionInfo": "v0.6.0" + }, + { + "SPDXID": "SPDXRef-Package-github.com/cachito-testing/gomod-pandemonium-v0.1.0-2dea1c96c4851061bea0a94d800fd34a3cfbb7b7cc06c999a85958a65a37ccbe", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/gomod-pandemonium@v0.1.0?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/cachito-testing/gomod-pandemonium", + "versionInfo": "v0.1.0" + }, + { + "SPDXID": "SPDXRef-Package-github.com/cachito-testing/gomod-pandemonium-v0.1.0-b4858626e2d62d1fe94b9eafbd4569a9b62ad0dc47cc2fe50cb29599b9972719", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/gomod-pandemonium@v0.1.0?type=package", + "referenceType": "purl" + } + ], + "name": "github.com/cachito-testing/gomod-pandemonium", + "versionInfo": "v0.1.0" + }, + { + "SPDXID": "SPDXRef-Package-github.com/cachito-testing/gomod-pandemonium/terminaltor-v1.0.0-d8864bb49f101f59e469c7df5ff6bb5a45a6ab6a534be17c1d6e3504d4391139", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/gomod-pandemonium/terminaltor@v1.0.0?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/cachito-testing/gomod-pandemonium/terminaltor", + "versionInfo": "v1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-github.com/cachito-testing/gomod-pandemonium/terminaltor-v1.0.0-3da8d12fd3bc541534bec9272c22d575ad899ce0d7c0a7dbefbeffa5cee11ad8", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/gomod-pandemonium/terminaltor@v1.0.0?type=package", + "referenceType": "purl" + } + ], + "name": "github.com/cachito-testing/gomod-pandemonium/terminaltor", + "versionInfo": "v1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-github.com/cachito-testing/gomod-pandemonium/weird-v0.0.0-20230417073518-0c6890c3280a-c94101d7adab6e667b902dff84696a6dcdf753c50232b98c42a6e627544686b7", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/gomod-pandemonium/weird@v0.0.0-20230417073518-0c6890c3280a?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/cachito-testing/gomod-pandemonium/weird", + "versionInfo": "v0.0.0-20230417073518-0c6890c3280a" + }, + { + "SPDXID": "SPDXRef-Package-github.com/cachito-testing/gomod-pandemonium/weird-v0.0.0-20230417073518-0c6890c3280a-1007202fe8d39bb04484757d8072c78e390a6d16df835e2a364cffb660b9636f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/gomod-pandemonium/weird@v0.0.0-20230417073518-0c6890c3280a?type=package", + "referenceType": "purl" + } + ], + "name": "github.com/cachito-testing/gomod-pandemonium/weird", + "versionInfo": "v0.0.0-20230417073518-0c6890c3280a" + }, + { + "SPDXID": "SPDXRef-Package-github.com/cachito-testing/gomod-pandemonium/where-was-i-built-v0.1.0-37c4dafb3a1b8381ba44ffeeac00226e2a6518da2b6662c343e251d951f21757", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/gomod-pandemonium/where-was-i-built@v0.1.0?type=package", + "referenceType": "purl" + } + ], + "name": "github.com/cachito-testing/gomod-pandemonium/where-was-i-built", + "versionInfo": "v0.1.0" + }, + { + "SPDXID": "SPDXRef-Package-github.com/cachito-testing/retrodep/v2-v2.1.1-d74f886a19574ad40c9af2a6c5c62148619dd57380e90576efc81de398a2ccb2", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/retrodep/v2@v2.1.1?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/cachito-testing/retrodep/v2", + "versionInfo": "v2.1.1" + }, + { + "SPDXID": "SPDXRef-Package-github.com/cachito-testing/retrodep/v2/retrodep-v2.1.1-7a627ad424ed497a60d20f1471174d2e10b7b19371247d8e01d66dce49907db4", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/retrodep/v2/retrodep@v2.1.1?type=package", + "referenceType": "purl" + } + ], + "name": "github.com/cachito-testing/retrodep/v2/retrodep", + "versionInfo": "v2.1.1" + }, + { + "SPDXID": "SPDXRef-Package-github.com/cachito-testing/retrodep/v2/retrodep/glide-v2.1.1-0b96cde354a75e6ed0044b30ef9fa81569063adaa077bf05002a6594d7a7a606", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/retrodep/v2/retrodep/glide@v2.1.1?type=package", + "referenceType": "purl" + } + ], + "name": "github.com/cachito-testing/retrodep/v2/retrodep/glide", + "versionInfo": "v2.1.1" + }, + { + "SPDXID": "SPDXRef-Package-github.com/go-logr/logr-v1.2.3-5853958c7aa3424f456a39e24eca5999b7d30ba2557b3f4cf259846ca9e1a838", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/go-logr/logr@v1.2.3?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/go-logr/logr", + "versionInfo": "v1.2.3" + }, + { + "SPDXID": "SPDXRef-Package-github.com/go-task/slim-sprig-v0.0.0-20230315185526-52ccab3ef572-534d57d10d628d80eb298821755c30a3d8c4aa4a8664e82206c9c7c577640335", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/go-task/slim-sprig@v0.0.0-20230315185526-52ccab3ef572?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/go-task/slim-sprig", + "versionInfo": "v0.0.0-20230315185526-52ccab3ef572" + }, + { + "SPDXID": "SPDXRef-Package-github.com/google/go-cmp-v0.5.9-cd66635c1c29cce2de09ae35f3b1420d2efe5cb95ec7893b0020da956a924c5b", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/google/go-cmp@v0.5.9?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/google/go-cmp", + "versionInfo": "v0.5.9" + }, + { + "SPDXID": "SPDXRef-Package-github.com/google/pprof-v0.0.0-20210407192527-94a9f03dee38-f25c592867038ca2cc9a5cc1d4988b3df97b4784772f68ab59ae74c97796321a", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/google/pprof@v0.0.0-20210407192527-94a9f03dee38?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/google/pprof", + "versionInfo": "v0.0.0-20210407192527-94a9f03dee38" + }, + { + "SPDXID": "SPDXRef-Package-github.com/moby/term-v0.0.0-20221205130635-1aeaba878587-9dc6d3a1dd21dcb7ed5ecc77e87f4d373f5e3d7c839acb6889c76eabb0c13f57", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/moby/term@v0.0.0-20221205130635-1aeaba878587?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/moby/term", + "versionInfo": "v0.0.0-20221205130635-1aeaba878587" + }, + { + "SPDXID": "SPDXRef-Package-github.com/moby/term-v0.0.0-20221205130635-1aeaba878587-9237f389fe389bc918ffe075c360c59147590fefdbf328f3d6c7d7ebb52927fe", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/moby/term@v0.0.0-20221205130635-1aeaba878587?type=package", + "referenceType": "purl" + } + ], + "name": "github.com/moby/term", + "versionInfo": "v0.0.0-20221205130635-1aeaba878587" + }, + { + "SPDXID": "SPDXRef-Package-github.com/onsi/ginkgo/v2-v2.9.2-02de87e32da2109c4e3002f89f4291c10edc05dbdaf98c66696d0293009df901", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/onsi/ginkgo/v2@v2.9.2?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/onsi/ginkgo/v2", + "versionInfo": "v2.9.2" + }, + { + "SPDXID": "SPDXRef-Package-github.com/onsi/gomega-v1.27.4-6b82d57af896aeb4173a5bb22c12b07ef596cbeae38526fa64a669dc8aeb9e54", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/onsi/gomega@v1.27.4?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/onsi/gomega", + "versionInfo": "v1.27.4" + }, + { + "SPDXID": "SPDXRef-Package-github.com/op/go-logging-v0.0.0-20160315200505-970db520ece7-9a81205ae17e45fbc99e650b64849a48b23a7568c8e848841c9086a8d0b0e99f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/op/go-logging@v0.0.0-20160315200505-970db520ece7?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/op/go-logging", + "versionInfo": "v0.0.0-20160315200505-970db520ece7" + }, + { + "SPDXID": "SPDXRef-Package-github.com/op/go-logging-v0.0.0-20160315200505-970db520ece7-14231968e65f8c6e81761a7f2a528bdb212e70b87a81f1a7e1eefcb9ef64fd6f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/op/go-logging@v0.0.0-20160315200505-970db520ece7?type=package", + "referenceType": "purl" + } + ], + "name": "github.com/op/go-logging", + "versionInfo": "v0.0.0-20160315200505-970db520ece7" + }, + { + "SPDXID": "SPDXRef-Package-github.com/pkg/errors-v0.8.1-9f9627991aec4009db449ae2f96f6c06116666ff3b4f82dccd84c51d10dfc727", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/pkg/errors@v0.8.1?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/pkg/errors", + "versionInfo": "v0.8.1" + }, + { + "SPDXID": "SPDXRef-Package-github.com/pkg/errors-v0.8.1-c8e423cf372ce5953d749be774ad49066f5ec6318cbe4cc089b71e7e5de386c9", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/pkg/errors@v0.8.1?type=package", + "referenceType": "purl" + } + ], + "name": "github.com/pkg/errors", + "versionInfo": "v0.8.1" + }, + { + "SPDXID": "SPDXRef-Package-go/ast-None-d34a7b35add57b69e88d868e69de08f65380708bf2b03e92673427ba6399fdc6", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/go/ast?type=package", + "referenceType": "purl" + } + ], + "name": "go/ast" + }, + { + "SPDXID": "SPDXRef-Package-go/build-None-729d26c5410943f8215552f4ac21cc7038764e054ca60295e680afb03f25129f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/go/build?type=package", + "referenceType": "purl" + } + ], + "name": "go/build" + }, + { + "SPDXID": "SPDXRef-Package-go/build/constraint-None-c5a58600325ff4bf595fd7d3b5cf73c4a390b9a945092901868b4f121c2367c3", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/go/build/constraint?type=package", + "referenceType": "purl" + } + ], + "name": "go/build/constraint" + }, + { + "SPDXID": "SPDXRef-Package-go/doc-None-27854d91ed2d04e8de4d4e0c62bc87ae1675a27e35f881ba930aad7dcc03fdda", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/go/doc?type=package", + "referenceType": "purl" + } + ], + "name": "go/doc" + }, + { + "SPDXID": "SPDXRef-Package-go/doc/comment-None-0eb990b44e156a3578853ceaaba8f196b0db22d4ef2ff818e4a2b3045b34968d", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/go/doc/comment?type=package", + "referenceType": "purl" + } + ], + "name": "go/doc/comment" + }, + { + "SPDXID": "SPDXRef-Package-go/internal/typeparams-None-d039f3851188a225b5ce113591179fc236481006e0266326e24b7075dddcbb40", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/go/internal/typeparams?type=package", + "referenceType": "purl" + } + ], + "name": "go/internal/typeparams" + }, + { + "SPDXID": "SPDXRef-Package-go/parser-None-11f6a8661d038319cb52c595fe3505e3e84ad8f4ab4e6d441e9ef31793181a46", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/go/parser?type=package", + "referenceType": "purl" + } + ], + "name": "go/parser" + }, + { + "SPDXID": "SPDXRef-Package-go/scanner-None-3ccd1c3548bdb796f3df1c5dd5db6bb0fa5a203d9753f64056fe0d5704d9465a", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/go/scanner?type=package", + "referenceType": "purl" + } + ], + "name": "go/scanner" + }, + { + "SPDXID": "SPDXRef-Package-go/token-None-ff113be2a399bf8a815f1e294191a68868e037d38a78eaed8697702f9ea240ec", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/go/token?type=package", + "referenceType": "purl" + } + ], + "name": "go/token" + }, + { + "SPDXID": "SPDXRef-Package-golang.org/x/mod-v0.9.0-bc2d1ce57f5057fdb5fbdc2b334fd2a64bf5512633955fb313b0017364804bd4", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/mod@v0.9.0?type=module", + "referenceType": "purl" + } + ], + "name": "golang.org/x/mod", + "versionInfo": "v0.9.0" + }, + { + "SPDXID": "SPDXRef-Package-golang.org/x/net-v0.8.0-2faecd5d0dc227bcd0c30c0f5821cc12e293aacd3400fdd65c5f3027048ac014", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/net@v0.8.0?type=module", + "referenceType": "purl" + } + ], + "name": "golang.org/x/net", + "versionInfo": "v0.8.0" + }, + { + "SPDXID": "SPDXRef-Package-golang.org/x/sys-v0.6.0-f175144385992277f9e80afbb03e532726173b255df38f82841c93ca31bc4078", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/sys@v0.6.0?type=module", + "referenceType": "purl" + } + ], + "name": "golang.org/x/sys", + "versionInfo": "v0.6.0" + }, + { + "SPDXID": "SPDXRef-Package-golang.org/x/sys/execabs-v0.6.0-aaab508709bce7d883f9f24aeac7a71463d7f0a9d4984617b35a268c111fe60b", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/sys/execabs@v0.6.0?type=package", + "referenceType": "purl" + } + ], + "name": "golang.org/x/sys/execabs", + "versionInfo": "v0.6.0" + }, + { + "SPDXID": "SPDXRef-Package-golang.org/x/sys/unix-v0.6.0-cf08060aa29fe9a9565026c1b4693b7f73ebf9a60b6e977a50b3a95607e2c0b0", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/sys/unix@v0.6.0?type=package", + "referenceType": "purl" + } + ], + "name": "golang.org/x/sys/unix", + "versionInfo": "v0.6.0" + }, + { + "SPDXID": "SPDXRef-Package-golang.org/x/text-v0.8.0-e01ce2057484987e7f043facb664dafcbbced83625fc3d6fe5293f58f3062088", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/text@v0.8.0?type=module", + "referenceType": "purl" + } + ], + "name": "golang.org/x/text", + "versionInfo": "v0.8.0" + }, + { + "SPDXID": "SPDXRef-Package-golang.org/x/tools-v0.7.0-1b7c3cd560dc750f0d0e7c7c2b57a72bd92a1f55658ca4d94ff09ece1df4d55a", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/tools@v0.7.0?type=module", + "referenceType": "purl" + } + ], + "name": "golang.org/x/tools", + "versionInfo": "v0.7.0" + }, + { + "SPDXID": "SPDXRef-Package-golang.org/x/tools/go/vcs-v0.7.0-1283820cd8cffe696b322ac38709ec2f338e6ec5aa31cbd0aba96fc7d0cc2fe5", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/tools/go/vcs@v0.7.0?type=package", + "referenceType": "purl" + } + ], + "name": "golang.org/x/tools/go/vcs", + "versionInfo": "v0.7.0" + }, + { + "SPDXID": "SPDXRef-Package-gopkg.in/yaml.v2-v2.2.2-c011779fe2b103d1a83845ea1b45dbea5829132a2e5dcb631b6e9460bf7e23b1", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/gopkg.in/yaml.v2@v2.2.2?type=module", + "referenceType": "purl" + } + ], + "name": "gopkg.in/yaml.v2", + "versionInfo": "v2.2.2" + }, + { + "SPDXID": "SPDXRef-Package-gopkg.in/yaml.v2-v2.2.2-2f321c248ff1cb791e6afb8f6013303004b317fb852ef16509077a787cbeeb39", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/gopkg.in/yaml.v2@v2.2.2?type=package", + "referenceType": "purl" + } + ], + "name": "gopkg.in/yaml.v2", + "versionInfo": "v2.2.2" + }, + { + "SPDXID": "SPDXRef-Package-gopkg.in/yaml.v3-v3.0.1-bdd07f97b77a6a7f760cce5f45ab63b470a43de6983a88c0bfd4b6258dc7dcb9", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/gopkg.in/yaml.v3@v3.0.1?type=module", + "referenceType": "purl" + } + ], + "name": "gopkg.in/yaml.v3", + "versionInfo": "v3.0.1" + }, + { + "SPDXID": "SPDXRef-Package-has-1.0.3-bf8dfc909a0a6d27780fd03a1cd8eb497a217174835a5b8619120c0858444860", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/has@1.0.3", + "referenceType": "purl" + } + ], + "name": "has", + "versionInfo": "1.0.3" + }, + { + "SPDXID": "SPDXRef-Package-has-symbols-1.0.3-db2f666c771d3f1a665b54ae840844bdb2b6f1aa5631f383673d06180b9f5ade", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/has-symbols@1.0.3", + "referenceType": "purl" + } + ], + "name": "has-symbols", + "versionInfo": "1.0.3" + }, + { + "SPDXID": "SPDXRef-Package-hash-None-b0296e2e3c833c14595a8d1d1cb10a53825bd771b5a9c86b666bd91faea10729", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/hash?type=package", + "referenceType": "purl" + } + ], + "name": "hash" + }, + { + "SPDXID": "SPDXRef-Package-hash/crc32-None-c2fc4cb71cbf1e97f8ba9555d2d41b260d0a912927f7ab202725b4012163e25b", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/hash/crc32?type=package", + "referenceType": "purl" + } + ], + "name": "hash/crc32" + }, + { + "SPDXID": "SPDXRef-Package-http-errors-2.0.0-1ccab6a096615c69b07104a5b332f81d5ed5cd2b6d49120096bd1ba132a22ee8", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/http-errors@2.0.0", + "referenceType": "purl" + } + ], + "name": "http-errors", + "versionInfo": "2.0.0" + }, + { + "SPDXID": "SPDXRef-Package-iconv-lite-0.4.24-fa93cdd43edb51240c414b8a6ec41ef5b614480ddcf20b1fa8b0ed9bcd3fa2d1", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/iconv-lite@0.4.24", + "referenceType": "purl" + } + ], + "name": "iconv-lite", + "versionInfo": "0.4.24" + }, + { + "SPDXID": "SPDXRef-Package-idna-3.4-8ed4181b079bf31ce5d74f20500d49dc9004025ae824fd0892fa5efd6c834fb1", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/idna@3.4", + "referenceType": "purl" + } + ], + "name": "idna", + "versionInfo": "3.4" + }, + { + "SPDXID": "SPDXRef-Package-inherits-2.0.4-5b15d59c03d2b532947513de6aabd11e052a2e7e662eb1723e5dc05c212e39d7", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/inherits@2.0.4", + "referenceType": "purl" + } + ], + "name": "inherits", + "versionInfo": "2.0.4" + }, + { + "SPDXID": "SPDXRef-Package-internal/abi-None-e9bf8f9b9b7604516c803ee364c89d58c5cb5e034e88129ac352de0d947062bf", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/abi?type=package", + "referenceType": "purl" + } + ], + "name": "internal/abi" + }, + { + "SPDXID": "SPDXRef-Package-internal/buildcfg-None-b2aab7b59f90ab1bac8732e4c84cb8a8dd7ebc3e8f66f29efc7d01d29071549b", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/buildcfg?type=package", + "referenceType": "purl" + } + ], + "name": "internal/buildcfg" + }, + { + "SPDXID": "SPDXRef-Package-internal/bytealg-None-00e7703f624b015b9a0b00aae1d124611995c0db0cbe8a3b99301d0d46115217", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/bytealg?type=package", + "referenceType": "purl" + } + ], + "name": "internal/bytealg" + }, + { + "SPDXID": "SPDXRef-Package-internal/coverage/rtcov-None-533afe8b86dd0d88975c72d08d054a6db8f46dbdb589fe1eb867ef2d12ca6a8f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/coverage/rtcov?type=package", + "referenceType": "purl" + } + ], + "name": "internal/coverage/rtcov" + }, + { + "SPDXID": "SPDXRef-Package-internal/cpu-None-42d4b2788f136ee992dea15d4d5ea5e651df2e03325eec2f5bc2dcd89b1f2698", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/cpu?type=package", + "referenceType": "purl" + } + ], + "name": "internal/cpu" + }, + { + "SPDXID": "SPDXRef-Package-internal/fmtsort-None-ccbfda59765250452128abb3427e52d01ccdbf30e8e23c364e88cd17bac396c5", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/fmtsort?type=package", + "referenceType": "purl" + } + ], + "name": "internal/fmtsort" + }, + { + "SPDXID": "SPDXRef-Package-internal/goarch-None-59e1c82486ebde860ef219d0a4a2a1f0f883e1b9dd5bc7ef915a280f5e7b5388", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/goarch?type=package", + "referenceType": "purl" + } + ], + "name": "internal/goarch" + }, + { + "SPDXID": "SPDXRef-Package-internal/godebug-None-406b22de31b59897d17fa17efc1a686f6ac994809ea94d8e8bc353d8d63f8613", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/godebug?type=package", + "referenceType": "purl" + } + ], + "name": "internal/godebug" + }, + { + "SPDXID": "SPDXRef-Package-internal/goexperiment-None-22e8c82d9ef866ee1ec7b2c637de456655ea2796ac0c47bdf21736ad29425cc9", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/goexperiment?type=package", + "referenceType": "purl" + } + ], + "name": "internal/goexperiment" + }, + { + "SPDXID": "SPDXRef-Package-internal/goos-None-be72ba0bd9e073695bc479d05f46f94959841540249640a3002af8dc2b5214fd", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/goos?type=package", + "referenceType": "purl" + } + ], + "name": "internal/goos" + }, + { + "SPDXID": "SPDXRef-Package-internal/goroot-None-2faa4afb2e7dd49b1c629532758d3f03489018a1e77b6c7132f7b1c389143f80", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/goroot?type=package", + "referenceType": "purl" + } + ], + "name": "internal/goroot" + }, + { + "SPDXID": "SPDXRef-Package-internal/goversion-None-4872d02f6c3e6028355182e68442394a9b77a7450d6efe1454672e8be50cf17d", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/goversion?type=package", + "referenceType": "purl" + } + ], + "name": "internal/goversion" + }, + { + "SPDXID": "SPDXRef-Package-internal/intern-None-9dc058fb0fbef857345574c966952fe27df2396e517654b87ac73585842e8569", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/intern?type=package", + "referenceType": "purl" + } + ], + "name": "internal/intern" + }, + { + "SPDXID": "SPDXRef-Package-internal/itoa-None-251330730123eb816338069eb3d3eb574f71be8a0891266a63bcfd3394b4c7fd", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/itoa?type=package", + "referenceType": "purl" + } + ], + "name": "internal/itoa" + }, + { + "SPDXID": "SPDXRef-Package-internal/lazyregexp-None-b9e28b3cffc457b34bfc89bde65bef9bdfa7290667106021729c60978237f1bb", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/lazyregexp?type=package", + "referenceType": "purl" + } + ], + "name": "internal/lazyregexp" + }, + { + "SPDXID": "SPDXRef-Package-internal/nettrace-None-cd55cbc06d1f48ac1000330d6d26475c72381aac19b187928b984c78cedbaa6d", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/nettrace?type=package", + "referenceType": "purl" + } + ], + "name": "internal/nettrace" + }, + { + "SPDXID": "SPDXRef-Package-internal/oserror-None-737110d8ef939aad4e7374a26e8cee0b37ef4b1b2900ad9fcedfe06886243957", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/oserror?type=package", + "referenceType": "purl" + } + ], + "name": "internal/oserror" + }, + { + "SPDXID": "SPDXRef-Package-internal/poll-None-5062d2227afbbab4478471c9cdb74550798d8ef0c83d716f575a1c71ae739a86", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/poll?type=package", + "referenceType": "purl" + } + ], + "name": "internal/poll" + }, + { + "SPDXID": "SPDXRef-Package-internal/race-None-ecf278b204f42be1dffdb2518f982739db2f1fa4a41519e9bb1aafc535430b58", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/race?type=package", + "referenceType": "purl" + } + ], + "name": "internal/race" + }, + { + "SPDXID": "SPDXRef-Package-internal/reflectlite-None-0130ba0b61c50e534eb4589345e62a04e7faa6e69cf7386641e062ca5246044e", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/reflectlite?type=package", + "referenceType": "purl" + } + ], + "name": "internal/reflectlite" + }, + { + "SPDXID": "SPDXRef-Package-internal/safefilepath-None-9e1ef1731e35129425d26a5254c34180669a68ae6bbc1ae4d67ac012eb8a90f6", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/safefilepath?type=package", + "referenceType": "purl" + } + ], + "name": "internal/safefilepath" + }, + { + "SPDXID": "SPDXRef-Package-internal/singleflight-None-4c9f5e65b604548320072fac39fcb3d671fa1ea01c968eca0d42c5d74a5af21f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/singleflight?type=package", + "referenceType": "purl" + } + ], + "name": "internal/singleflight" + }, + { + "SPDXID": "SPDXRef-Package-internal/syscall/execenv-None-c1541a0559d19f03be87ee5391ab59ae16dc1ac0a18305a95976403ac67d4dfc", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/syscall/execenv?type=package", + "referenceType": "purl" + } + ], + "name": "internal/syscall/execenv" + }, + { + "SPDXID": "SPDXRef-Package-internal/syscall/unix-None-4cc0fd820d1f97686fc80257c743f2c5203b642e294e38538e8657f4fd2241b8", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/syscall/unix?type=package", + "referenceType": "purl" + } + ], + "name": "internal/syscall/unix" + }, + { + "SPDXID": "SPDXRef-Package-internal/testlog-None-de80b247df32030fc72c24839ac09d1828f823d14f030136a13234e4341d7e8e", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/testlog?type=package", + "referenceType": "purl" + } + ], + "name": "internal/testlog" + }, + { + "SPDXID": "SPDXRef-Package-internal/unsafeheader-None-85767a17fdfd2e6ad7147303f8a27bd049f17e57a960332bf0312da2c1a4afc3", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/unsafeheader?type=package", + "referenceType": "purl" + } + ], + "name": "internal/unsafeheader" + }, + { + "SPDXID": "SPDXRef-Package-io-None-6c7a8c3b50224f00ac215c02c8fa0fc56abf06c501fa1e34d7e736ce578c0ff6", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/io?type=package", + "referenceType": "purl" + } + ], + "name": "io" + }, + { + "SPDXID": "SPDXRef-Package-io/fs-None-e1cc32e1c9b61aeed432ef90fe18c86dc539417a18476f58affc7d8059d35bfc", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/io/fs?type=package", + "referenceType": "purl" + } + ], + "name": "io/fs" + }, + { + "SPDXID": "SPDXRef-Package-io/ioutil-None-96965bb655e4c4512ab37ed042509f762d7a2481f983652dd25ed2dcc4a29335", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/io/ioutil?type=package", + "referenceType": "purl" + } + ], + "name": "io/ioutil" + }, + { + "SPDXID": "SPDXRef-Package-ipaddr.js-1.9.1-b2fa347461b0533601326c24b23d066734cffb1075bfe723182faab5bba9d804", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/ipaddr.js@1.9.1", + "referenceType": "purl" + } + ], + "name": "ipaddr.js", + "versionInfo": "1.9.1" + }, + { + "SPDXID": "SPDXRef-Package-is-positive-3.1.0-4716c87fda6843403486a0ea317561a7a3188fb04f6c5fadea411cb22202e101", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/is-positive@3.1.0?vcs_url=git%2Bssh://git%40github.com/kevva/is-positive.git%4097edff6f525f192a3f83cea1944765f769ae2678", + "referenceType": "purl" + } + ], + "name": "is-positive", + "versionInfo": "3.1.0" + }, + { + "SPDXID": "SPDXRef-Package-log-None-7f013a0a47929d2cb716cede42c4d88946a61ab03f1e7f79aa06268b21a62626", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/log?type=package", + "referenceType": "purl" + } + ], + "name": "log" + }, + { + "SPDXID": "SPDXRef-Package-log/syslog-None-dff81bb3e9d2e52734ccc2a8860046f16fa574f869281854c34d05bd7ce3613e", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/log/syslog?type=package", + "referenceType": "purl" + } + ], + "name": "log/syslog" + }, + { + "SPDXID": "SPDXRef-Package-math-None-eaf7850a09ee7619e7cb7156bb57144fd906b25cb1d3b7a68c104c7be9006662", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/math?type=package", + "referenceType": "purl" + } + ], + "name": "math" + }, + { + "SPDXID": "SPDXRef-Package-math/big-None-ea6408dbb3a7a85bd2d1a385adf5e6db52f1b34eea578f85b51022d1b1b20a2f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/math/big?type=package", + "referenceType": "purl" + } + ], + "name": "math/big" + }, + { + "SPDXID": "SPDXRef-Package-math/bits-None-9191b5cdac727fa3c1ad695495bb7b1bea72504b8757ba14091e0dea757268ac", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/math/bits?type=package", + "referenceType": "purl" + } + ], + "name": "math/bits" + }, + { + "SPDXID": "SPDXRef-Package-math/rand-None-a0c4b45dd5f2792e5216888b63bd47a2ebb250fb489b1bc74680c502cbf4daad", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/math/rand?type=package", + "referenceType": "purl" + } + ], + "name": "math/rand" + }, + { + "SPDXID": "SPDXRef-Package-media-typer-0.3.0-b967b658724ab58909c115f6d003abe6fef09941877fd9cccf26290b7bcff81f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/media-typer@0.3.0", + "referenceType": "purl" + } + ], + "name": "media-typer", + "versionInfo": "0.3.0" + }, + { + "SPDXID": "SPDXRef-Package-merge-descriptors-1.0.1-4a59755685696af573d3f6b5b233fba1b1e866616a12a85cdb273a86f4549775", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/merge-descriptors@1.0.1", + "referenceType": "purl" + } + ], + "name": "merge-descriptors", + "versionInfo": "1.0.1" + }, + { + "SPDXID": "SPDXRef-Package-methods-1.1.2-3837727455fbd4c44e4b91430fd17aa95be768f4b4e198b86ec88ec390392d91", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/methods@1.1.2", + "referenceType": "purl" + } + ], + "name": "methods", + "versionInfo": "1.1.2" + }, + { + "SPDXID": "SPDXRef-Package-mime-None-a01968977ebf83ae88ffda90e4e9a19db82a4c34957a9ab0733ffa45a0089aad", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/mime?type=package", + "referenceType": "purl" + } + ], + "name": "mime" + }, + { + "SPDXID": "SPDXRef-Package-mime-1.6.0-37d7f8fe4141c58b0813444bb3111999b33fb1b4c1644a92ec0428e2e945eec7", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/mime@1.6.0", + "referenceType": "purl" + } + ], + "name": "mime", + "versionInfo": "1.6.0" + }, + { + "SPDXID": "SPDXRef-Package-mime-db-1.52.0-9876a9da4499ff91b540f8f9bbd103cb049f2f1b331c29fcceeaa29b9a485528", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/mime-db@1.52.0", + "referenceType": "purl" + } + ], + "name": "mime-db", + "versionInfo": "1.52.0" + }, + { + "SPDXID": "SPDXRef-Package-mime-types-2.1.35-54675c038cfff25f571d7fd746be730a600f223eef00ed4f8d4c12dbaf3085d9", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/mime-types@2.1.35", + "referenceType": "purl" + } + ], + "name": "mime-types", + "versionInfo": "2.1.35" + }, + { + "SPDXID": "SPDXRef-Package-mime/multipart-None-f76bc9569dc84104606f24165ccc4d6449545bc6fb8711981deecf6913e6ee2f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/mime/multipart?type=package", + "referenceType": "purl" + } + ], + "name": "mime/multipart" + }, + { + "SPDXID": "SPDXRef-Package-mime/quotedprintable-None-27acabe50017bab18f73cc358fc615c84633900b20aa8740e744c673d76d5dab", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/mime/quotedprintable?type=package", + "referenceType": "purl" + } + ], + "name": "mime/quotedprintable" + }, + { + "SPDXID": "SPDXRef-Package-ms-2.0.0-38c53561eed16438b2fde00179d07b8731b617d4a2e2dc9ee80e34ba402f6938", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/ms@2.0.0", + "referenceType": "purl" + } + ], + "name": "ms", + "versionInfo": "2.0.0" + }, + { + "SPDXID": "SPDXRef-Package-ms-2.1.3-9177646ae782a3d460ddd9398bfe12380b2ba88127ba06ad19ed9499b4a438f9", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/ms@2.1.3", + "referenceType": "purl" + } + ], + "name": "ms", + "versionInfo": "2.1.3" + }, + { + "SPDXID": "SPDXRef-Package-negotiator-0.6.3-8ae431701f3858e125afdf2c152ffe8a63a6fe0e20205c66d3ff35de742be6b0", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/negotiator@0.6.3", + "referenceType": "purl" + } + ], + "name": "negotiator", + "versionInfo": "0.6.3" + }, + { + "SPDXID": "SPDXRef-Package-net-None-399ebbe833d45f60535b3418296b8b0da567bc27bc6530fff726d28aa4e37d74", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/net?type=package", + "referenceType": "purl" + } + ], + "name": "net" + }, + { + "SPDXID": "SPDXRef-Package-net/http-None-75d4a324535b915eb5512276ee643692b7890af00d68435c523b41c1613b7f3a", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/net/http?type=package", + "referenceType": "purl" + } + ], + "name": "net/http" + }, + { + "SPDXID": "SPDXRef-Package-net/http/httptrace-None-21b89c9f9385548695da242b4b7c7e5258f27d1c2e4c0750771875fbdbeab91c", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/net/http/httptrace?type=package", + "referenceType": "purl" + } + ], + "name": "net/http/httptrace" + }, + { + "SPDXID": "SPDXRef-Package-net/http/internal-None-2414d2e978a0d89593d319cb17114cd5b1f219285c3b0d65252262b4be6986c7", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/net/http/internal?type=package", + "referenceType": "purl" + } + ], + "name": "net/http/internal" + }, + { + "SPDXID": "SPDXRef-Package-net/http/internal/ascii-None-c54daf5e9619431df040d7fc0dbcb787223b4345738a2e2a7465d12690e66fb2", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/net/http/internal/ascii?type=package", + "referenceType": "purl" + } + ], + "name": "net/http/internal/ascii" + }, + { + "SPDXID": "SPDXRef-Package-net/netip-None-32ff85ffae2b961d720aeb44fa83d429557565714f20f63b085d5843a8ff9b7a", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/net/netip?type=package", + "referenceType": "purl" + } + ], + "name": "net/netip" + }, + { + "SPDXID": "SPDXRef-Package-net/textproto-None-9e77d202b002a3aa8e8d63943ba2e136f1dbb2ecf0dba24bca1dd3309c716b28", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/net/textproto?type=package", + "referenceType": "purl" + } + ], + "name": "net/textproto" + }, + { + "SPDXID": "SPDXRef-Package-net/url-None-5ab666245d0535b71d9e6bed725b2204ec599a72a8353b7cc9e37636d1f3c103", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/net/url?type=package", + "referenceType": "purl" + } + ], + "name": "net/url" + }, + { + "SPDXID": "SPDXRef-Package-not-baz-1.0.0-227266aa69ece398c90192708f2738ec5d37ff5a474f343bc9f1bda34e449c5d", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/not-baz@1.0.0?vcs_url=git%2Bhttps://github.com/cachito-testing/npm-cachi2-smoketest%40f1d31c2b051b218c84399b12461e0957d87bd0cd#baz", + "referenceType": "purl" + } + ], + "name": "not-baz", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm_test-1.1.0-b7f778b4b7de0bb6a51db30f7dfb79b5166d2fa051d04e40f3820fd88d03324c", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/npm_test@1.1.0?vcs_url=git%2Bhttps://github.com/cachito-testing/npm-cachi2-smoketest%40f1d31c2b051b218c84399b12461e0957d87bd0cd", + "referenceType": "purl" + } + ], + "name": "npm_test", + "versionInfo": "1.1.0" + }, + { + "SPDXID": "SPDXRef-Package-object-inspect-1.12.3-f47cd7182218ad0e1859508077cf1d5324491726fee8a251f9940f789d6ed7a1", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/object-inspect@1.12.3", + "referenceType": "purl" + } + ], + "name": "object-inspect", + "versionInfo": "1.12.3" + }, + { + "SPDXID": "SPDXRef-Package-on-finished-2.4.1-6d2ea6cb125c29592f15a9badb2de04a18fe55b8258b143d4cd1026ccd70be51", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/on-finished@2.4.1", + "referenceType": "purl" + } + ], + "name": "on-finished", + "versionInfo": "2.4.1" + }, + { + "SPDXID": "SPDXRef-Package-os-None-7861f8f9c8e2dfa2e902eef8379dd992fd79b009cb6388a22982ba2565a3a6b2", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/os?type=package", + "referenceType": "purl" + } + ], + "name": "os" + }, + { + "SPDXID": "SPDXRef-Package-os/exec-None-3885aafdb6c44787b718149cb035be05c73054259c81c4649f47eb495200d6b5", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/os/exec?type=package", + "referenceType": "purl" + } + ], + "name": "os/exec" + }, + { + "SPDXID": "SPDXRef-Package-parseurl-1.3.3-f072bfdc47f60d4d137306c960d3962a440ae13a205eb06fe0bc681b9ab48914", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/parseurl@1.3.3", + "referenceType": "purl" + } + ], + "name": "parseurl", + "versionInfo": "1.3.3" + }, + { + "SPDXID": "SPDXRef-Package-path-None-99b59def89a54055c3e6154165afa5dc48d9dd881c2064e35174b3bfaa13974b", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/path?type=package", + "referenceType": "purl" + } + ], + "name": "path" + }, + { + "SPDXID": "SPDXRef-Package-path-to-regexp-0.1.7-47b831656513ab0fd4589bf9592ccf717f146fa879c1611bf0614de58e19bf40", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/path-to-regexp@0.1.7", + "referenceType": "purl" + } + ], + "name": "path-to-regexp", + "versionInfo": "0.1.7" + }, + { + "SPDXID": "SPDXRef-Package-path/filepath-None-b8880c13ebe0194e38aad0757c4c45ab94802d71f947da8d97847b7c6ba49c59", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/path/filepath?type=package", + "referenceType": "purl" + } + ], + "name": "path/filepath" + }, + { + "SPDXID": "SPDXRef-Package-proxy-addr-2.0.7-11d271374c4ac9c0bdaf85c70c9d45b7a71a4e4c977c8db41009545a9a04795f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/proxy-addr@2.0.7", + "referenceType": "purl" + } + ], + "name": "proxy-addr", + "versionInfo": "2.0.7" + }, + { + "SPDXID": "SPDXRef-Package-qs-6.11.0-82ca49f1b909d51b59ed8f47b135247970b5123cd270011290e196fde0462931", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/qs@6.11.0", + "referenceType": "purl" + } + ], + "name": "qs", + "versionInfo": "6.11.0" + }, + { + "SPDXID": "SPDXRef-Package-range-parser-1.2.1-9ce2c23a0f6652dbf4f71b6615d18275cb65d378ad4fe2570729b3130ce511f9", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/range-parser@1.2.1", + "referenceType": "purl" + } + ], + "name": "range-parser", + "versionInfo": "1.2.1" + }, + { + "SPDXID": "SPDXRef-Package-raw-body-2.5.1-792f351f90ab19a67f913a0aec33598dc2c15627c538937e19bf4aa68882cb09", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/raw-body@2.5.1", + "referenceType": "purl" + } + ], + "name": "raw-body", + "versionInfo": "2.5.1" + }, + { + "SPDXID": "SPDXRef-Package-reflect-None-9a955f305e05fdd31b17ccb1d1ced397f70ab526671058e569a261a951af4b90", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/reflect?type=package", + "referenceType": "purl" + } + ], + "name": "reflect" + }, + { + "SPDXID": "SPDXRef-Package-regexp-None-d473e7c324c57d67860eeb61c277018ef331cd1a88542503d5e46eeefc60e776", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/regexp?type=package", + "referenceType": "purl" + } + ], + "name": "regexp" + }, + { + "SPDXID": "SPDXRef-Package-regexp/syntax-None-9c5ed35e04ca5dc40ae22e97a2842579f0870d2b7e7e0729b1fe67188b3a20c1", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/regexp/syntax?type=package", + "referenceType": "purl" + } + ], + "name": "regexp/syntax" + }, + { + "SPDXID": "SPDXRef-Package-requests-2.28.2-526bfa020f831d53fefa504db1971000b066b39602278b55b89534b40ee374fd", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/requests@2.28.2", + "referenceType": "purl" + } + ], + "name": "requests", + "versionInfo": "2.28.2" + }, + { + "SPDXID": "SPDXRef-Package-runtime-None-95f4c7777de104f01db95739031d028d21b9eea0ae0dbda9eef7466f94afa3f0", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/runtime?type=package", + "referenceType": "purl" + } + ], + "name": "runtime" + }, + { + "SPDXID": "SPDXRef-Package-runtime/cgo-None-6f567958057bd49b8f659eb2a7560168ec43a1bcdb74a71b01f079de4a97fbd8", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/runtime/cgo?type=package", + "referenceType": "purl" + } + ], + "name": "runtime/cgo" + }, + { + "SPDXID": "SPDXRef-Package-runtime/internal/atomic-None-89f5570ef95986df4d9bcd40be7bb37b9c95997cdacaff8c3b34f29544a9beaa", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/runtime/internal/atomic?type=package", + "referenceType": "purl" + } + ], + "name": "runtime/internal/atomic" + }, + { + "SPDXID": "SPDXRef-Package-runtime/internal/math-None-ddfc379809d7ed455bef2efeca421ff7b3ed4acedf5c10231e211454a58bd18b", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/runtime/internal/math?type=package", + "referenceType": "purl" + } + ], + "name": "runtime/internal/math" + }, + { + "SPDXID": "SPDXRef-Package-runtime/internal/sys-None-1ddcc4e84542227f6b61424f1eeb826e450505f710a3394a8c25582668a2062a", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/runtime/internal/sys?type=package", + "referenceType": "purl" + } + ], + "name": "runtime/internal/sys" + }, + { + "SPDXID": "SPDXRef-Package-runtime/internal/syscall-None-9fdf4b93aa94f7e6579a15cd67bbbf86196358f26fc70b1c04d7477af13c99f5", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/runtime/internal/syscall?type=package", + "referenceType": "purl" + } + ], + "name": "runtime/internal/syscall" + }, + { + "SPDXID": "SPDXRef-Package-safe-buffer-5.2.1-261a4c176907a47c47f63060bcc003b93800d864f8a38911f76d2273329321e1", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/safe-buffer@5.2.1", + "referenceType": "purl" + } + ], + "name": "safe-buffer", + "versionInfo": "5.2.1" + }, + { + "SPDXID": "SPDXRef-Package-safer-buffer-2.1.2-fc42b41ac695bc353dc5effd8f1e77593d3e6114290d2f6d698254e4c4321600", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/safer-buffer@2.1.2", + "referenceType": "purl" + } + ], + "name": "safer-buffer", + "versionInfo": "2.1.2" + }, + { + "SPDXID": "SPDXRef-Package-sax-0.1.1-80ef687cd5cbaa12ea192acd42bde81614b8650be18c1091533f7369d704faa2", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/sax@0.1.1", + "referenceType": "purl" + } + ], + "name": "sax", + "versionInfo": "0.1.1" + }, + { + "SPDXID": "SPDXRef-Package-send-0.18.0-76def8bc1d25c9db16cb5293344ab0b49ea8631e24bac9e079b878916b9a3cf8", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/send@0.18.0", + "referenceType": "purl" + } + ], + "name": "send", + "versionInfo": "0.18.0" + }, + { + "SPDXID": "SPDXRef-Package-serve-static-1.15.0-fdd6747beb95d9c65aef2bfc6247fda9c1a26585928008ead83b507ab866f109", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/serve-static@1.15.0", + "referenceType": "purl" + } + ], + "name": "serve-static", + "versionInfo": "1.15.0" + }, + { + "SPDXID": "SPDXRef-Package-setprototypeof-1.2.0-b8c47959b5627ede0c91f0fd952c364c88d16123e4b079a7cb171a5d17650cd4", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/setprototypeof@1.2.0", + "referenceType": "purl" + } + ], + "name": "setprototypeof", + "versionInfo": "1.2.0" + }, + { + "SPDXID": "SPDXRef-Package-setuptools-67.1.0-6e61b9bbcbc780a9d258d9b2e16d1449dadaac4ff738bc7675e42c655faca538", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/setuptools@67.1.0", + "referenceType": "purl" + } + ], + "name": "setuptools", + "versionInfo": "67.1.0" + }, + { + "SPDXID": "SPDXRef-Package-side-channel-1.0.4-c6ede974dcd2aeec29ab9e8ef17f3150e2e6000cd496ddb55cb1eb5351039342", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/side-channel@1.0.4", + "referenceType": "purl" + } + ], + "name": "side-channel", + "versionInfo": "1.0.4" + }, + { + "SPDXID": "SPDXRef-Package-sort-None-0b8e6b81bb6644cb79cdf8911e86c39d8be9ccfbc14cd87fa438959662eccf70", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/sort?type=package", + "referenceType": "purl" + } + ], + "name": "sort" + }, + { + "SPDXID": "SPDXRef-Package-spam-1.0.0-0943e6f0bc84b43ce1da5d0aa24da04e82fd5c4d0d80ae8e730b5344e0e34faa", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/spam@1.0.0?vcs_url=git%2Bhttps://github.com/cachito-testing/npm-cachi2-smoketest%40f1d31c2b051b218c84399b12461e0957d87bd0cd#spam-packages/spam", + "referenceType": "purl" + } + ], + "name": "spam", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-statuses-2.0.1-d3d359f03ec7e5f27a8b6a75ac209c06a6d7da76aae1cbcbd2868436439a6c2f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/statuses@2.0.1", + "referenceType": "purl" + } + ], + "name": "statuses", + "versionInfo": "2.0.1" + }, + { + "SPDXID": "SPDXRef-Package-strconv-None-9608f50df7493944c92c5a9c6c2bbb859271e74bb255a128c16de777a6ccae32", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/strconv?type=package", + "referenceType": "purl" + } + ], + "name": "strconv" + }, + { + "SPDXID": "SPDXRef-Package-strings-None-d1ecb450a30252ad261c7f69c481d55204b24e385a70fe091e94a5c64728c17a", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/strings?type=package", + "referenceType": "purl" + } + ], + "name": "strings" + }, + { + "SPDXID": "SPDXRef-Package-sync-None-96d0b290269d417115f37e7187333605d7c713561fe7e39432360b76b60ff821", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/sync?type=package", + "referenceType": "purl" + } + ], + "name": "sync" + }, + { + "SPDXID": "SPDXRef-Package-sync/atomic-None-5785933a83faf80ba2a4e02d9d3f171e70393e42520ff562834d8f972db36cfa", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/sync/atomic?type=package", + "referenceType": "purl" + } + ], + "name": "sync/atomic" + }, + { + "SPDXID": "SPDXRef-Package-syscall-None-1ea973160a6b6283a492c2774d044f3e5910fbc3d0fc9d1b8c2bcb476e6e27e5", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/syscall?type=package", + "referenceType": "purl" + } + ], + "name": "syscall" + }, + { + "SPDXID": "SPDXRef-Package-test_package_cachi2-1.0.0-f5bfef72c137ebb321c27ce7b8c71ac929e415f821bf501206833ec6b9f62b45", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/test-package-cachi2@1.0.0?vcs_url=git%2Bhttps://github.com/cachito-testing/pip-e2e-test%401ecda839ba9ca55070d75c86c26a1bb07d777bba", + "referenceType": "purl" + } + ], + "name": "test_package_cachi2", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-time-None-94157eee9cf0119380f34c0b022b66e631768f69d1f6fbdcf9f3182fc378aa7b", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/time?type=package", + "referenceType": "purl" + } + ], + "name": "time" + }, + { + "SPDXID": "SPDXRef-Package-toidentifier-1.0.1-6c73575a4de10e05fca2979e41c226a3e58dd63ec0dbe60480e519494195663c", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/toidentifier@1.0.1", + "referenceType": "purl" + } + ], + "name": "toidentifier", + "versionInfo": "1.0.1" + }, + { + "SPDXID": "SPDXRef-Package-type-is-1.6.18-bfdf2d355f51adb427ad64a27701365aeefad65d0ea471f36c7bb887a7514849", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/type-is@1.6.18", + "referenceType": "purl" + } + ], + "name": "type-is", + "versionInfo": "1.6.18" + }, + { + "SPDXID": "SPDXRef-Package-unicode-None-13554101a27f5cb4261a5f37d2ee9615b3181b8f40050afe0d1586c6c68ba356", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/unicode?type=package", + "referenceType": "purl" + } + ], + "name": "unicode" + }, + { + "SPDXID": "SPDXRef-Package-unicode/utf16-None-16f1aba8788f5cee11b523cf6cd2e6fd33bdcff234d37240aae5c889da38ad1c", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/unicode/utf16?type=package", + "referenceType": "purl" + } + ], + "name": "unicode/utf16" + }, + { + "SPDXID": "SPDXRef-Package-unicode/utf8-None-269bbb94230a4aa5b586dffc9c15a0ed7b7fc76ddcb218689e073becf3789664", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/unicode/utf8?type=package", + "referenceType": "purl" + } + ], + "name": "unicode/utf8" + }, + { + "SPDXID": "SPDXRef-Package-unpipe-1.0.0-2e2509688d8b9b842cb74912b6f25c4e9e9bf99d2f4e28134bb241709e249236", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/unpipe@1.0.0", + "referenceType": "purl" + } + ], + "name": "unpipe", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-unsafe-None-7824706ac8e16251ee849c71484ce4cf8ee4f9007f3075de5f45df3c793933bb", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/unsafe?type=package", + "referenceType": "purl" + } + ], + "name": "unsafe" + }, + { + "SPDXID": "SPDXRef-Package-urllib3-1.26.14-1cb9ebcba75d80bd3ee5e828b47f908066d763475086152c9e651b3319e6b120", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/urllib3@1.26.14", + "referenceType": "purl" + } + ], + "name": "urllib3", + "versionInfo": "1.26.14" + }, + { + "SPDXID": "SPDXRef-Package-utils-merge-1.0.1-da9a0b187ae52f9c7ce3aeb96b1647d54bd17dee043bc1a22896d4aced968e9c", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/utils-merge@1.0.1", + "referenceType": "purl" + } + ], + "name": "utils-merge", + "versionInfo": "1.0.1" + }, + { + "SPDXID": "SPDXRef-Package-uuid-9.0.0-3b6efe3c30f3e8210affd072a7838ae4e8de22b69a7cc19953e9594ca97c9214", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/uuid@9.0.0", + "referenceType": "purl" + } + ], + "name": "uuid", + "versionInfo": "9.0.0" + }, + { + "SPDXID": "SPDXRef-Package-vary-1.1.2-dd8f0457e50a7cd3a71255859f29b529db219b42c2308be0d3bb2bfa51acd224", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/vary@1.1.2", + "referenceType": "purl" + } + ], + "name": "vary", + "versionInfo": "1.1.2" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/crypto/chacha20-None-4f0ece9420409df54b3d0fa1eafeaa327b78a920ad2cfdc6cccdecac967c7fde", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/crypto/chacha20?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/crypto/chacha20" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/crypto/chacha20poly1305-None-0bbb65aa26ea438f8ec5db9ef44985dd04a4d7593842ae7d5879b7464c0414c2", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/crypto/chacha20poly1305?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/crypto/chacha20poly1305" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/crypto/cryptobyte-None-dad08431578d2388d1bc07ff910fc5a7e8edb8ce9aa43252621a9d1a6cb9eed9", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/crypto/cryptobyte?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/crypto/cryptobyte" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/crypto/cryptobyte/asn1-None-427eb362e8ffddc01ba6b1f15fa8059fb4ff5ebf25e37ff389a7b965c5c00e32", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/crypto/cryptobyte/asn1?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/crypto/cryptobyte/asn1" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/crypto/hkdf-None-88b5a07b0ba8afe3a4a6f4fa51c028a37d907630d508d7d3d6b232f5891e0c86", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/crypto/hkdf?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/crypto/hkdf" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/crypto/internal/alias-None-4395de82d42aac19662285b212d0e1426608000c4547135f6b21d3bdb739b989", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/crypto/internal/alias?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/crypto/internal/alias" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/crypto/internal/poly1305-None-64300d1d564249fedee9f26d894a8824443ab337f00753b9bef2b4859514eddf", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/crypto/internal/poly1305?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/crypto/internal/poly1305" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/net/dns/dnsmessage-None-6414d79d71bd3048482f73f7a4903a35d1ec431a5127660fcf3980f09499398d", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/net/dns/dnsmessage?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/net/dns/dnsmessage" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/net/http/httpguts-None-e36712132c749b18c581ed4fba456e3cea20c8018fc0e1137f7b2577c1e5a04c", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/net/http/httpguts?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/net/http/httpguts" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/net/http/httpproxy-None-981f57eb93ba94fdea568a8e440422363f3a56ee745e3e504127a36b44ec2d68", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/net/http/httpproxy?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/net/http/httpproxy" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/net/http2/hpack-None-f09ec956d218ef524c5c35541426d5afca145dda96c1863747d85843feb5eeba", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/net/http2/hpack?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/net/http2/hpack" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/net/idna-None-db6486c7e9f66df3c774b335ab0e8779dca0a284da0b5d5133c20d5b396e1e16", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/net/idna?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/net/idna" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/sys/cpu-None-fff45ff8a23684e4ba82a21914e5418abe0d79156f3d0d8f33925961edde6d19", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/sys/cpu?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/sys/cpu" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/text/secure/bidirule-None-0800f037bbd309d6c570ce855ebbb2eff9be9e7d55c7e9a88e43ed7d4edeae02", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/text/secure/bidirule?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/text/secure/bidirule" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/text/transform-None-cbdc93a92d77e7a164c809f251cd6571bc331a1cded63fd7ae4d7bb892813199", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/text/transform?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/text/transform" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/text/unicode/bidi-None-693b708536caf52f89dd75d8947467f4704bfc62c582c9fd91e90cc997f9caa6", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/text/unicode/bidi?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/text/unicode/bidi" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/text/unicode/norm-None-8eb33cca1c9d290b1b54d1a6aab69c94850137606ab6b2f5161e5791302ed95c", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/text/unicode/norm?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/text/unicode/norm" + }, + { + "SPDXID": "SPDXRef-Package-wheel-0.38.4-606bf02cfffccacd2677c454d0b8df4350fb5264adf89c37cd32e7128158ea9f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/wheel@0.38.4", + "referenceType": "purl" + } + ], + "name": "wheel", + "versionInfo": "0.38.4" + } + ], + "relationships": [ + { + "comment": "", + "relatedSpdxElement": "SPDXRef-DocumentRoot-File-", + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-@types/prop-types-15.7.5-2d13fa1fda82a31e6ee9a07d7956586c1d91a3b859ff1dcfb40ccc1b4a3dd481", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-@types/react-18.0.35-b9ed72f467423072bf84280dd8d6d95b03454eb99dd7e79344fb87ae1fd9b1df", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-@types/react-dom-18.0.11-0695908f176f2057c391965487aaeb8beb94f9d61b26f9251fc5b0540c4fc5b8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-@types/scheduler-0.16.3-9203434a3e490164962e30f641d81c2a982ba1451fa895c04f8915303e36c4cd", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-abbrev-2.0.0-1894f11f2fae86ef35389ca7eddfbe9ce2f0dac015bfa94c7aa018734ba3e849", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-accepts-1.3.8-9c22f6c6130717b834f1907e0ca1fba3dc8992aea7a646991e20d6a7b61ab711", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-array-flatten-1.1.1-2bbda85f1ca7a6b3a06dd56d05d19eea3fc2b3ea9e823f5beebf430b54ed8b27", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-bar-1.0.0-59bce6cc36eb7c521941d78806369a8891afc8867b655d8624db7b0bd61c0978", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-bitbucket-cachi2-npm-without-deps-1.0.0-e35aeb8abd2f04d065c1c994ee122ed6a7986ad6856f3c0121043b14610ab051", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-bitbucket-cachi2-npm-without-deps-second-2.0.0-81c15e90a3e55924473e46c408687efffa3c2c15a8b0f93cb526ee58a8e4d831", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-body-parser-1.20.1-f1e3973bbe263c9fef6f05bb6e8c5d62863cb7723c4cdd3fcde7d305b586f781", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-bufio-None-50fdaec28e33e601d7d652bcd07106e339cb553fac4be5ff9d34de2d4cef23d8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-bytes-3.1.2-6c35d8273701bdeb00c705c04d304e774a7a084d5da577d3048bba43a2e1d6f3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-bytes-None-8a7568ccb42e145adcfbeb55d2458a82268b773075ce871653a85f1702c1759b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-cachito-npm-without-deps-1.0.0-1c721b3db1237430a73952511a72cea21d08d1ef7758c3c97fcba93e2b78eba4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-call-bind-1.0.2-2da0a76c8a0a514b03483b3e876a26e670c7d5a9215ad870bbf88a997e4bc3a7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-certifi-2022.12.7-a57cd5aa2a923c5620d6a157af0e7dd2404162d291f47d3ea58a56f7eabed47a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-charset-normalizer-3.0.1-f8d91bc6b61ba49560dd447f0c648137fe413dff7c13fe1163bd5dab9ac8f9a9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-classnames-2.3.2-ec4db75970d0c19420d3e774fa674397552c5562cac237dd908c8bacbfb4980a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-colors-1.4.0-ea7fd773e7bf8d58d09e3256c69d9a8f0c496abf24179c2c8c9146e59e3f3912", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-compress/flate-None-9d146ce55d4d1fc078246490d294ef608f72a781d19f4ed107fc1264a0ef9edf", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-compress/gzip-None-fe07f7a11777bc3223ca5dcd4418003440da1f7e5242714f1f152517421eccb7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-container/list-None-685451a0a7aee8920600cd482bffa5b155a5e0f6942b6f7d1d919f28a3f361b7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-content-disposition-0.5.4-94d613e00e5c81dcfd67143d3f081284fc1e578914e6f9579d5ba9173857520d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-content-type-1.0.5-03f124b6782e6b209a6b92909d4158dfca5fc398bc0b8dd67ccadeacbef92b59", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-context-None-b84f72d7f2b8afebda6a3b97cc840cc1c4060e6db640f1fb0af8a7231e80de7d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-cookie-0.5.0-02bcf0b2fb295a63bb9861700bd212768302566a9bcd528b5684fee4cfa29ef1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-cookie-signature-1.0.6-146f16319934f7394c628060076583d4aa8e4479d5df2d7518a44c369955d1cc", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto-None-4137aa50bb490f937ab07379bb958d9701ffb43ee2d4ca5e65eeae80d7473a1e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/aes-None-4b7159fc54e034ece944eb79bf8ec1d017435ab8cddadca9c481872c8552d88c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/cipher-None-a7b309dd8cf5ed3a31559821ada58e343d0eb22798687b651714016251447b90", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/des-None-d0c916f3a927d847872c2b5a4424b4d44f83297dfab47eb4559d632bc02a356b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/dsa-None-7ae1b92ddf8b786517ebb4a976ce5203f4df29303e13556b8f411679dad5e41f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/ecdh-None-2833a62747b8ae4cf2163a9eb58d71122a0cfcce49f8462a8bff3f52763343cf", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/ecdsa-None-aa85ddefbe331601a9108280fed8ab8f7a6619f0a7aefdda989fd5bdc66d1815", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/ed25519-None-a7a086360348d3355d530d502bdcbef8a9ce1b85051791d79aee8e94bab2d69a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/elliptic-None-42c14da5e060676ebab57f1e644e78080891dc7e7ae1524ec064d959f3391e0b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/hmac-None-90f4b32974f25c3e7fd78538df1793438e3adbbad355179229bfd2e6b323a9e3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/internal/alias-None-b72e17ed348a15d861a8d6a517507932ed428364d043e0848384e16f50b6dbe1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/internal/bigmod-None-ec1c42915ec4b13c93cd42d861596258beed863619038ba9ceba0e9738b58f50", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/internal/boring-None-0d09d6fe0d7dd4ae4bd0bd9e4571385167e8ec862caf728a974180abe1d8b910", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/internal/boring/bbig-None-1961facc167a00c28b440340bf887b0f19936f9079874528d14c4ec73f574ff6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/internal/boring/sig-None-659c3ec829cf64be18d90fc4b65595d5ff5313c7a7fc07100f5a635cda5a1c53", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/internal/edwards25519-None-5ba839623a9ec2a4153687905946eb80be776e13e454e72e925ae3100237704f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/internal/edwards25519/field-None-afc497e72afd11be31fe5a953aafa19a4959a49ac13626f8f1dada65004482df", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/internal/nistec-None-36c10db1c3639955ec3b65ac8a5416661cd6453082331c684eaf47e1a0a9f6b0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/internal/nistec/fiat-None-439c9e61a71cfce1ece26d4df703fa7dcb4d47abbedf242966c4c92f8a1e5a9e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/internal/randutil-None-2b53b3fd6ad21340a19dbb67ff5b3588ea4ce6fd1fecf8574ad61252ca32d3c0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/md5-None-f1d6ee6c4e3a6388b402c6bd50df796f699b3ad7fd831b5aae81adaf3e636178", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/rand-None-8034fbc7583154cf2c496e52e0e50888e58253e533efd316eb8f586b4e151352", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/rc4-None-3b23d9deeb0e755779c129e17aef3adc4e08759559c4723efd20f289251c9f0d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/rsa-None-c68ec47c13582cc8c6595f177564e47e5ff2bc97644558e781b309634741eed6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/sha1-None-5d04f13998510e8e9f25ac0063812b5bed581b41ab6924c0c666d159e4acbe2d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/sha256-None-8947c345384e3e9aff8009caa754be26598788ca3eab22ee61f415566937dfa6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/sha512-None-61b3f50b792f6a2b5c813528be0338152e1ff66f0e5c32c0e56fce88a70df05e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/subtle-None-fd6d520ae750dc3bfe8b5f7cff2d089598f9c36bd9b9f823be704dbac5129126", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/tls-None-dd3d7486a13d36f076ba91b65f87d99bfdf556af4370260ff08f45263d177b10", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/x509-None-748926597edd9909db834c4c4490447961675cf3227ac69b36f4b8bee494651e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/x509/pkix-None-f911e20d65ee26a0b61b8bc378bf68f5d2f9507e238de768c998fe62822f2914", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-csstype-3.1.2-f547c23e831832d43a45a76de10263e609d5e49cbc80a65365da2843d7aff728", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-dateformat-5.0.3-c314f4677cf674d970ab3fd6014f8db5e0b3fdfa2417c389392ef74cc7530bfb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-debug-2.6.9-ec2bc8ae0f128b684ba998fb9bd2b09b15fafe2a2547f8f82f1efda16b16550e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-depd-2.0.0-e3710807a07e4c99622b6be764295762cd3f5677210c95f3f4a96b79912af81a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-destroy-1.2.0-59fc0b2c22a5d75a3ef12ce42ae4d28c1d2b3645996f56fef9438c08c2cf137a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-dockerfile-parse-None-0026bbe355f42473a37c2c101676927dd90dee85ccb496b2348091c7c0d1f710", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-ee-first-1.1.1-b0a1fd3ccf6505a1e8943e940f6ffd2d57d544757365e46e62e71ccd6f3a95f1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-eggs-1.0.0-1a78b4db4303f5bb20e7708262b8af398a7d6e4d3701d18966f3bd9c7e2fa3cf", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-embed-None-3b0c4167bd021e80f33378dbb2047342f4703b3a4f98389e36f0bc0663a86ccb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-encodeurl-1.0.2-b09c2fb226276faa5522768464540ce24851adbe862b60e8822210f34143c769", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-encoding-None-a06c4a77b81ea33c968604e9b4bd258d63c9843bbbee2d4b9f380c10e9d06d69", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-encoding/asn1-None-b51419836b77ec333ff739e9946db8ae09351db3c85b9a3dafae523fa12cb051", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-encoding/base64-None-11801625e0ad51eb0da035bc0402d2e9173a5110323a018b895269a6d6f871b1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-encoding/binary-None-32b9d270662b96d2dbbec49e1678eaa7820453e21081a33a144d6ac0dc710577", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-encoding/hex-None-f1d3bff874ad8044c7582003620ba1c6ec39ce223964e7a08d18a8cd3954b8c3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-encoding/json-None-7bd68ddb07d07844137bbed30e90f4a49657448938e01c63c351b969cb02840d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-encoding/pem-None-a3311085cfa6442a830dca069711e3c8831b909c1e88cd87b41eb30c2ddf18e7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-encoding/xml-None-9be966fe2f66775f2de1c083befcfc3db7d9cf1fab030701e6faa71268cdf373", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-errors-None-2994a0ff92785ca0427da149a6e29ff4bd4ca86b759641eeca740713aa6b4aee", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-escape-html-1.0.3-f90f767c023db5382b0d48919a7e1da8ead602a918b56da5325aeb736275a52d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-etag-1.8.1-b69163297fa646fafb5b0b3163e1ff0adb4546dcb5572f6c16682f0dd70d89dc", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-express-4.18.2-9edf04cf81fd12fb830bf8f4119d58f8e41861a5463fac20e0978d1d7b92755a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-fecha-4.2.3-19b43bb464398381f95bc87ca8d57c9a11893190af81b14ba932be3046a934d5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-finalhandler-1.2.0-2d3a95b2fde0705e2c0b56ab36cec01a648af5977dbe097b9f874cb72c3f9f10", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-flit-core-3.8.0-a1699442b770ac3f746ead63946e28229d640bdf802ba25f9c4c51689371e6f8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-fmt-None-f1a19aa774307d4259395e684c08a092571c2616f5e8bf98bb11ef02b8da432f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-foo-1.0.0-b7e7aecc5dbbd0a3c7e06a21cd4752f4460f207e2534074905241c8af27f23e0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-forwarded-0.2.0-290e7770b21ed5d3e51392422f063801bbee465fa86be49828df7232895401e6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-fresh-0.5.2-39253143db3f788c24bb5b0b81f408fa6c635416bdcbcacc956edd51dfe3b3b6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-function-bind-1.1.1-05dcde660736e6875dd2d66f584ad228028eaca7fe5477f17189151b6f342ad9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-get-intrinsic-1.2.0-7d2bee525793890edff38c2514222da0267b6a6dcaf104a5e60ffe344167f1f9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/Azure/go-ansiterm-v0.0.0-20210617225240-d185dfc1b5a1-58819e71792a0906f8ef00b344a66fb53a750a60a83b0e9cf6902462b432611b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/Masterminds/semver-v1.4.2-1160d2af59246b7be80ace7615339f4f826b6de1586871b2e4e6eb2def67585b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/Masterminds/semver-v1.4.2-3ce965d3eed349e8c186769314b7aab3b8285b154906063e8478a6be9e6dabf3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/Microsoft/go-winio-v0.6.0-d1375201be7b09a009b9f06be7fc3c489b6e46a85af963efaaad69987722c598", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/cachito-testing/gomod-pandemonium-v0.1.0-2dea1c96c4851061bea0a94d800fd34a3cfbb7b7cc06c999a85958a65a37ccbe", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/cachito-testing/gomod-pandemonium-v0.1.0-b4858626e2d62d1fe94b9eafbd4569a9b62ad0dc47cc2fe50cb29599b9972719", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/cachito-testing/gomod-pandemonium/terminaltor-v1.0.0-3da8d12fd3bc541534bec9272c22d575ad899ce0d7c0a7dbefbeffa5cee11ad8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/cachito-testing/gomod-pandemonium/terminaltor-v1.0.0-d8864bb49f101f59e469c7df5ff6bb5a45a6ab6a534be17c1d6e3504d4391139", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/cachito-testing/gomod-pandemonium/weird-v0.0.0-20230417073518-0c6890c3280a-1007202fe8d39bb04484757d8072c78e390a6d16df835e2a364cffb660b9636f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/cachito-testing/gomod-pandemonium/weird-v0.0.0-20230417073518-0c6890c3280a-c94101d7adab6e667b902dff84696a6dcdf753c50232b98c42a6e627544686b7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/cachito-testing/gomod-pandemonium/where-was-i-built-v0.1.0-37c4dafb3a1b8381ba44ffeeac00226e2a6518da2b6662c343e251d951f21757", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/cachito-testing/retrodep/v2-v2.1.1-d74f886a19574ad40c9af2a6c5c62148619dd57380e90576efc81de398a2ccb2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/cachito-testing/retrodep/v2/retrodep-v2.1.1-7a627ad424ed497a60d20f1471174d2e10b7b19371247d8e01d66dce49907db4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/cachito-testing/retrodep/v2/retrodep/glide-v2.1.1-0b96cde354a75e6ed0044b30ef9fa81569063adaa077bf05002a6594d7a7a606", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/go-logr/logr-v1.2.3-5853958c7aa3424f456a39e24eca5999b7d30ba2557b3f4cf259846ca9e1a838", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/go-task/slim-sprig-v0.0.0-20230315185526-52ccab3ef572-534d57d10d628d80eb298821755c30a3d8c4aa4a8664e82206c9c7c577640335", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/google/go-cmp-v0.5.9-cd66635c1c29cce2de09ae35f3b1420d2efe5cb95ec7893b0020da956a924c5b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/google/pprof-v0.0.0-20210407192527-94a9f03dee38-f25c592867038ca2cc9a5cc1d4988b3df97b4784772f68ab59ae74c97796321a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/moby/term-v0.0.0-20221205130635-1aeaba878587-9237f389fe389bc918ffe075c360c59147590fefdbf328f3d6c7d7ebb52927fe", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/moby/term-v0.0.0-20221205130635-1aeaba878587-9dc6d3a1dd21dcb7ed5ecc77e87f4d373f5e3d7c839acb6889c76eabb0c13f57", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/onsi/ginkgo/v2-v2.9.2-02de87e32da2109c4e3002f89f4291c10edc05dbdaf98c66696d0293009df901", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/onsi/gomega-v1.27.4-6b82d57af896aeb4173a5bb22c12b07ef596cbeae38526fa64a669dc8aeb9e54", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/op/go-logging-v0.0.0-20160315200505-970db520ece7-14231968e65f8c6e81761a7f2a528bdb212e70b87a81f1a7e1eefcb9ef64fd6f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/op/go-logging-v0.0.0-20160315200505-970db520ece7-9a81205ae17e45fbc99e650b64849a48b23a7568c8e848841c9086a8d0b0e99f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/pkg/errors-v0.8.1-9f9627991aec4009db449ae2f96f6c06116666ff3b4f82dccd84c51d10dfc727", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/pkg/errors-v0.8.1-c8e423cf372ce5953d749be774ad49066f5ec6318cbe4cc089b71e7e5de386c9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-go/ast-None-d34a7b35add57b69e88d868e69de08f65380708bf2b03e92673427ba6399fdc6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-go/build-None-729d26c5410943f8215552f4ac21cc7038764e054ca60295e680afb03f25129f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-go/build/constraint-None-c5a58600325ff4bf595fd7d3b5cf73c4a390b9a945092901868b4f121c2367c3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-go/doc-None-27854d91ed2d04e8de4d4e0c62bc87ae1675a27e35f881ba930aad7dcc03fdda", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-go/doc/comment-None-0eb990b44e156a3578853ceaaba8f196b0db22d4ef2ff818e4a2b3045b34968d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-go/internal/typeparams-None-d039f3851188a225b5ce113591179fc236481006e0266326e24b7075dddcbb40", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-go/parser-None-11f6a8661d038319cb52c595fe3505e3e84ad8f4ab4e6d441e9ef31793181a46", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-go/scanner-None-3ccd1c3548bdb796f3df1c5dd5db6bb0fa5a203d9753f64056fe0d5704d9465a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-go/token-None-ff113be2a399bf8a815f1e294191a68868e037d38a78eaed8697702f9ea240ec", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-golang.org/x/mod-v0.9.0-bc2d1ce57f5057fdb5fbdc2b334fd2a64bf5512633955fb313b0017364804bd4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-golang.org/x/net-v0.8.0-2faecd5d0dc227bcd0c30c0f5821cc12e293aacd3400fdd65c5f3027048ac014", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-golang.org/x/sys-v0.6.0-f175144385992277f9e80afbb03e532726173b255df38f82841c93ca31bc4078", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-golang.org/x/sys/execabs-v0.6.0-aaab508709bce7d883f9f24aeac7a71463d7f0a9d4984617b35a268c111fe60b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-golang.org/x/sys/unix-v0.6.0-cf08060aa29fe9a9565026c1b4693b7f73ebf9a60b6e977a50b3a95607e2c0b0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-golang.org/x/text-v0.8.0-e01ce2057484987e7f043facb664dafcbbced83625fc3d6fe5293f58f3062088", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-golang.org/x/tools-v0.7.0-1b7c3cd560dc750f0d0e7c7c2b57a72bd92a1f55658ca4d94ff09ece1df4d55a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-golang.org/x/tools/go/vcs-v0.7.0-1283820cd8cffe696b322ac38709ec2f338e6ec5aa31cbd0aba96fc7d0cc2fe5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-gopkg.in/yaml.v2-v2.2.2-2f321c248ff1cb791e6afb8f6013303004b317fb852ef16509077a787cbeeb39", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-gopkg.in/yaml.v2-v2.2.2-c011779fe2b103d1a83845ea1b45dbea5829132a2e5dcb631b6e9460bf7e23b1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-gopkg.in/yaml.v3-v3.0.1-bdd07f97b77a6a7f760cce5f45ab63b470a43de6983a88c0bfd4b6258dc7dcb9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-has-1.0.3-bf8dfc909a0a6d27780fd03a1cd8eb497a217174835a5b8619120c0858444860", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-has-symbols-1.0.3-db2f666c771d3f1a665b54ae840844bdb2b6f1aa5631f383673d06180b9f5ade", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-hash-None-b0296e2e3c833c14595a8d1d1cb10a53825bd771b5a9c86b666bd91faea10729", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-hash/crc32-None-c2fc4cb71cbf1e97f8ba9555d2d41b260d0a912927f7ab202725b4012163e25b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-http-errors-2.0.0-1ccab6a096615c69b07104a5b332f81d5ed5cd2b6d49120096bd1ba132a22ee8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-iconv-lite-0.4.24-fa93cdd43edb51240c414b8a6ec41ef5b614480ddcf20b1fa8b0ed9bcd3fa2d1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-idna-3.4-8ed4181b079bf31ce5d74f20500d49dc9004025ae824fd0892fa5efd6c834fb1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-inherits-2.0.4-5b15d59c03d2b532947513de6aabd11e052a2e7e662eb1723e5dc05c212e39d7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/abi-None-e9bf8f9b9b7604516c803ee364c89d58c5cb5e034e88129ac352de0d947062bf", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/buildcfg-None-b2aab7b59f90ab1bac8732e4c84cb8a8dd7ebc3e8f66f29efc7d01d29071549b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/bytealg-None-00e7703f624b015b9a0b00aae1d124611995c0db0cbe8a3b99301d0d46115217", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/coverage/rtcov-None-533afe8b86dd0d88975c72d08d054a6db8f46dbdb589fe1eb867ef2d12ca6a8f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/cpu-None-42d4b2788f136ee992dea15d4d5ea5e651df2e03325eec2f5bc2dcd89b1f2698", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/fmtsort-None-ccbfda59765250452128abb3427e52d01ccdbf30e8e23c364e88cd17bac396c5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/goarch-None-59e1c82486ebde860ef219d0a4a2a1f0f883e1b9dd5bc7ef915a280f5e7b5388", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/godebug-None-406b22de31b59897d17fa17efc1a686f6ac994809ea94d8e8bc353d8d63f8613", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/goexperiment-None-22e8c82d9ef866ee1ec7b2c637de456655ea2796ac0c47bdf21736ad29425cc9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/goos-None-be72ba0bd9e073695bc479d05f46f94959841540249640a3002af8dc2b5214fd", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/goroot-None-2faa4afb2e7dd49b1c629532758d3f03489018a1e77b6c7132f7b1c389143f80", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/goversion-None-4872d02f6c3e6028355182e68442394a9b77a7450d6efe1454672e8be50cf17d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/intern-None-9dc058fb0fbef857345574c966952fe27df2396e517654b87ac73585842e8569", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/itoa-None-251330730123eb816338069eb3d3eb574f71be8a0891266a63bcfd3394b4c7fd", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/lazyregexp-None-b9e28b3cffc457b34bfc89bde65bef9bdfa7290667106021729c60978237f1bb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/nettrace-None-cd55cbc06d1f48ac1000330d6d26475c72381aac19b187928b984c78cedbaa6d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/oserror-None-737110d8ef939aad4e7374a26e8cee0b37ef4b1b2900ad9fcedfe06886243957", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/poll-None-5062d2227afbbab4478471c9cdb74550798d8ef0c83d716f575a1c71ae739a86", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/race-None-ecf278b204f42be1dffdb2518f982739db2f1fa4a41519e9bb1aafc535430b58", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/reflectlite-None-0130ba0b61c50e534eb4589345e62a04e7faa6e69cf7386641e062ca5246044e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/safefilepath-None-9e1ef1731e35129425d26a5254c34180669a68ae6bbc1ae4d67ac012eb8a90f6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/singleflight-None-4c9f5e65b604548320072fac39fcb3d671fa1ea01c968eca0d42c5d74a5af21f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/syscall/execenv-None-c1541a0559d19f03be87ee5391ab59ae16dc1ac0a18305a95976403ac67d4dfc", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/syscall/unix-None-4cc0fd820d1f97686fc80257c743f2c5203b642e294e38538e8657f4fd2241b8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/testlog-None-de80b247df32030fc72c24839ac09d1828f823d14f030136a13234e4341d7e8e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/unsafeheader-None-85767a17fdfd2e6ad7147303f8a27bd049f17e57a960332bf0312da2c1a4afc3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-io-None-6c7a8c3b50224f00ac215c02c8fa0fc56abf06c501fa1e34d7e736ce578c0ff6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-io/fs-None-e1cc32e1c9b61aeed432ef90fe18c86dc539417a18476f58affc7d8059d35bfc", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-io/ioutil-None-96965bb655e4c4512ab37ed042509f762d7a2481f983652dd25ed2dcc4a29335", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-ipaddr.js-1.9.1-b2fa347461b0533601326c24b23d066734cffb1075bfe723182faab5bba9d804", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-is-positive-3.1.0-4716c87fda6843403486a0ea317561a7a3188fb04f6c5fadea411cb22202e101", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-log-None-7f013a0a47929d2cb716cede42c4d88946a61ab03f1e7f79aa06268b21a62626", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-log/syslog-None-dff81bb3e9d2e52734ccc2a8860046f16fa574f869281854c34d05bd7ce3613e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-math-None-eaf7850a09ee7619e7cb7156bb57144fd906b25cb1d3b7a68c104c7be9006662", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-math/big-None-ea6408dbb3a7a85bd2d1a385adf5e6db52f1b34eea578f85b51022d1b1b20a2f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-math/bits-None-9191b5cdac727fa3c1ad695495bb7b1bea72504b8757ba14091e0dea757268ac", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-math/rand-None-a0c4b45dd5f2792e5216888b63bd47a2ebb250fb489b1bc74680c502cbf4daad", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-media-typer-0.3.0-b967b658724ab58909c115f6d003abe6fef09941877fd9cccf26290b7bcff81f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-merge-descriptors-1.0.1-4a59755685696af573d3f6b5b233fba1b1e866616a12a85cdb273a86f4549775", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-methods-1.1.2-3837727455fbd4c44e4b91430fd17aa95be768f4b4e198b86ec88ec390392d91", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-mime-1.6.0-37d7f8fe4141c58b0813444bb3111999b33fb1b4c1644a92ec0428e2e945eec7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-mime-None-a01968977ebf83ae88ffda90e4e9a19db82a4c34957a9ab0733ffa45a0089aad", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-mime-db-1.52.0-9876a9da4499ff91b540f8f9bbd103cb049f2f1b331c29fcceeaa29b9a485528", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-mime-types-2.1.35-54675c038cfff25f571d7fd746be730a600f223eef00ed4f8d4c12dbaf3085d9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-mime/multipart-None-f76bc9569dc84104606f24165ccc4d6449545bc6fb8711981deecf6913e6ee2f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-mime/quotedprintable-None-27acabe50017bab18f73cc358fc615c84633900b20aa8740e744c673d76d5dab", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-ms-2.0.0-38c53561eed16438b2fde00179d07b8731b617d4a2e2dc9ee80e34ba402f6938", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-ms-2.1.3-9177646ae782a3d460ddd9398bfe12380b2ba88127ba06ad19ed9499b4a438f9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-negotiator-0.6.3-8ae431701f3858e125afdf2c152ffe8a63a6fe0e20205c66d3ff35de742be6b0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-net-None-399ebbe833d45f60535b3418296b8b0da567bc27bc6530fff726d28aa4e37d74", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-net/http-None-75d4a324535b915eb5512276ee643692b7890af00d68435c523b41c1613b7f3a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-net/http/httptrace-None-21b89c9f9385548695da242b4b7c7e5258f27d1c2e4c0750771875fbdbeab91c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-net/http/internal-None-2414d2e978a0d89593d319cb17114cd5b1f219285c3b0d65252262b4be6986c7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-net/http/internal/ascii-None-c54daf5e9619431df040d7fc0dbcb787223b4345738a2e2a7465d12690e66fb2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-net/netip-None-32ff85ffae2b961d720aeb44fa83d429557565714f20f63b085d5843a8ff9b7a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-net/textproto-None-9e77d202b002a3aa8e8d63943ba2e136f1dbb2ecf0dba24bca1dd3309c716b28", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-net/url-None-5ab666245d0535b71d9e6bed725b2204ec599a72a8353b7cc9e37636d1f3c103", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-not-baz-1.0.0-227266aa69ece398c90192708f2738ec5d37ff5a474f343bc9f1bda34e449c5d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-npm_test-1.1.0-b7f778b4b7de0bb6a51db30f7dfb79b5166d2fa051d04e40f3820fd88d03324c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-object-inspect-1.12.3-f47cd7182218ad0e1859508077cf1d5324491726fee8a251f9940f789d6ed7a1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-on-finished-2.4.1-6d2ea6cb125c29592f15a9badb2de04a18fe55b8258b143d4cd1026ccd70be51", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-os-None-7861f8f9c8e2dfa2e902eef8379dd992fd79b009cb6388a22982ba2565a3a6b2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-os/exec-None-3885aafdb6c44787b718149cb035be05c73054259c81c4649f47eb495200d6b5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-parseurl-1.3.3-f072bfdc47f60d4d137306c960d3962a440ae13a205eb06fe0bc681b9ab48914", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-path-None-99b59def89a54055c3e6154165afa5dc48d9dd881c2064e35174b3bfaa13974b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-path-to-regexp-0.1.7-47b831656513ab0fd4589bf9592ccf717f146fa879c1611bf0614de58e19bf40", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-path/filepath-None-b8880c13ebe0194e38aad0757c4c45ab94802d71f947da8d97847b7c6ba49c59", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-proxy-addr-2.0.7-11d271374c4ac9c0bdaf85c70c9d45b7a71a4e4c977c8db41009545a9a04795f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-qs-6.11.0-82ca49f1b909d51b59ed8f47b135247970b5123cd270011290e196fde0462931", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-range-parser-1.2.1-9ce2c23a0f6652dbf4f71b6615d18275cb65d378ad4fe2570729b3130ce511f9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-raw-body-2.5.1-792f351f90ab19a67f913a0aec33598dc2c15627c538937e19bf4aa68882cb09", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-reflect-None-9a955f305e05fdd31b17ccb1d1ced397f70ab526671058e569a261a951af4b90", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-regexp-None-d473e7c324c57d67860eeb61c277018ef331cd1a88542503d5e46eeefc60e776", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-regexp/syntax-None-9c5ed35e04ca5dc40ae22e97a2842579f0870d2b7e7e0729b1fe67188b3a20c1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-requests-2.28.2-526bfa020f831d53fefa504db1971000b066b39602278b55b89534b40ee374fd", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-runtime-None-95f4c7777de104f01db95739031d028d21b9eea0ae0dbda9eef7466f94afa3f0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-runtime/cgo-None-6f567958057bd49b8f659eb2a7560168ec43a1bcdb74a71b01f079de4a97fbd8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-runtime/internal/atomic-None-89f5570ef95986df4d9bcd40be7bb37b9c95997cdacaff8c3b34f29544a9beaa", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-runtime/internal/math-None-ddfc379809d7ed455bef2efeca421ff7b3ed4acedf5c10231e211454a58bd18b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-runtime/internal/sys-None-1ddcc4e84542227f6b61424f1eeb826e450505f710a3394a8c25582668a2062a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-runtime/internal/syscall-None-9fdf4b93aa94f7e6579a15cd67bbbf86196358f26fc70b1c04d7477af13c99f5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-safe-buffer-5.2.1-261a4c176907a47c47f63060bcc003b93800d864f8a38911f76d2273329321e1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-safer-buffer-2.1.2-fc42b41ac695bc353dc5effd8f1e77593d3e6114290d2f6d698254e4c4321600", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-sax-0.1.1-80ef687cd5cbaa12ea192acd42bde81614b8650be18c1091533f7369d704faa2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-send-0.18.0-76def8bc1d25c9db16cb5293344ab0b49ea8631e24bac9e079b878916b9a3cf8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-serve-static-1.15.0-fdd6747beb95d9c65aef2bfc6247fda9c1a26585928008ead83b507ab866f109", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-setprototypeof-1.2.0-b8c47959b5627ede0c91f0fd952c364c88d16123e4b079a7cb171a5d17650cd4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-setuptools-67.1.0-6e61b9bbcbc780a9d258d9b2e16d1449dadaac4ff738bc7675e42c655faca538", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-side-channel-1.0.4-c6ede974dcd2aeec29ab9e8ef17f3150e2e6000cd496ddb55cb1eb5351039342", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-sort-None-0b8e6b81bb6644cb79cdf8911e86c39d8be9ccfbc14cd87fa438959662eccf70", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-spam-1.0.0-0943e6f0bc84b43ce1da5d0aa24da04e82fd5c4d0d80ae8e730b5344e0e34faa", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-statuses-2.0.1-d3d359f03ec7e5f27a8b6a75ac209c06a6d7da76aae1cbcbd2868436439a6c2f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-strconv-None-9608f50df7493944c92c5a9c6c2bbb859271e74bb255a128c16de777a6ccae32", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-strings-None-d1ecb450a30252ad261c7f69c481d55204b24e385a70fe091e94a5c64728c17a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-sync-None-96d0b290269d417115f37e7187333605d7c713561fe7e39432360b76b60ff821", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-sync/atomic-None-5785933a83faf80ba2a4e02d9d3f171e70393e42520ff562834d8f972db36cfa", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-syscall-None-1ea973160a6b6283a492c2774d044f3e5910fbc3d0fc9d1b8c2bcb476e6e27e5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-test_package_cachi2-1.0.0-f5bfef72c137ebb321c27ce7b8c71ac929e415f821bf501206833ec6b9f62b45", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-time-None-94157eee9cf0119380f34c0b022b66e631768f69d1f6fbdcf9f3182fc378aa7b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-toidentifier-1.0.1-6c73575a4de10e05fca2979e41c226a3e58dd63ec0dbe60480e519494195663c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-type-is-1.6.18-bfdf2d355f51adb427ad64a27701365aeefad65d0ea471f36c7bb887a7514849", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-unicode-None-13554101a27f5cb4261a5f37d2ee9615b3181b8f40050afe0d1586c6c68ba356", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-unicode/utf16-None-16f1aba8788f5cee11b523cf6cd2e6fd33bdcff234d37240aae5c889da38ad1c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-unicode/utf8-None-269bbb94230a4aa5b586dffc9c15a0ed7b7fc76ddcb218689e073becf3789664", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-unpipe-1.0.0-2e2509688d8b9b842cb74912b6f25c4e9e9bf99d2f4e28134bb241709e249236", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-unsafe-None-7824706ac8e16251ee849c71484ce4cf8ee4f9007f3075de5f45df3c793933bb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-urllib3-1.26.14-1cb9ebcba75d80bd3ee5e828b47f908066d763475086152c9e651b3319e6b120", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-utils-merge-1.0.1-da9a0b187ae52f9c7ce3aeb96b1647d54bd17dee043bc1a22896d4aced968e9c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-uuid-9.0.0-3b6efe3c30f3e8210affd072a7838ae4e8de22b69a7cc19953e9594ca97c9214", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vary-1.1.2-dd8f0457e50a7cd3a71255859f29b529db219b42c2308be0d3bb2bfa51acd224", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/crypto/chacha20-None-4f0ece9420409df54b3d0fa1eafeaa327b78a920ad2cfdc6cccdecac967c7fde", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/crypto/chacha20poly1305-None-0bbb65aa26ea438f8ec5db9ef44985dd04a4d7593842ae7d5879b7464c0414c2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/crypto/cryptobyte-None-dad08431578d2388d1bc07ff910fc5a7e8edb8ce9aa43252621a9d1a6cb9eed9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/crypto/cryptobyte/asn1-None-427eb362e8ffddc01ba6b1f15fa8059fb4ff5ebf25e37ff389a7b965c5c00e32", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/crypto/hkdf-None-88b5a07b0ba8afe3a4a6f4fa51c028a37d907630d508d7d3d6b232f5891e0c86", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/crypto/internal/alias-None-4395de82d42aac19662285b212d0e1426608000c4547135f6b21d3bdb739b989", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/crypto/internal/poly1305-None-64300d1d564249fedee9f26d894a8824443ab337f00753b9bef2b4859514eddf", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/net/dns/dnsmessage-None-6414d79d71bd3048482f73f7a4903a35d1ec431a5127660fcf3980f09499398d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/net/http/httpguts-None-e36712132c749b18c581ed4fba456e3cea20c8018fc0e1137f7b2577c1e5a04c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/net/http/httpproxy-None-981f57eb93ba94fdea568a8e440422363f3a56ee745e3e504127a36b44ec2d68", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/net/http2/hpack-None-f09ec956d218ef524c5c35541426d5afca145dda96c1863747d85843feb5eeba", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/net/idna-None-db6486c7e9f66df3c774b335ab0e8779dca0a284da0b5d5133c20d5b396e1e16", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/sys/cpu-None-fff45ff8a23684e4ba82a21914e5418abe0d79156f3d0d8f33925961edde6d19", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/text/secure/bidirule-None-0800f037bbd309d6c570ce855ebbb2eff9be9e7d55c7e9a88e43ed7d4edeae02", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/text/transform-None-cbdc93a92d77e7a164c809f251cd6571bc331a1cded63fd7ae4d7bb892813199", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/text/unicode/bidi-None-693b708536caf52f89dd75d8947467f4704bfc62c582c9fd91e90cc997f9caa6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/text/unicode/norm-None-8eb33cca1c9d290b1b54d1a6aab69c94850137606ab6b2f5161e5791302ed95c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-wheel-0.38.4-606bf02cfffccacd2677c454d0b8df4350fb5264adf89c37cd32e7128158ea9f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + } + ], + "spdxVersion": "SPDX-2.3" +} diff --git a/sbom-utility-scripts/scripts/merge-sboms-script/test_data/spdx/merged.bom.json b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/spdx/merged.bom.json new file mode 100644 index 0000000..6a047f3 --- /dev/null +++ b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/spdx/merged.bom.json @@ -0,0 +1,8394 @@ +{ + "SPDXID": "SPDXRef-DOCUMENT", + "creationInfo": { + "created": "2024-12-18T11:28:00Z", + "creators": [ + "Organization: Anchore, Inc", + "Tool: syft-1.4.1", + "Tool: cachi2", + "Organization: red hat" + ], + "licenseListVersion": "3.23" + }, + "dataLicense": "CC0-1.0", + "documentNamespace": "https://anchore.com/syft/dir/syft-sboms-b66779b6-6e20-4128-9fad-da28250a1b82", + "name": ".", + "packages": [ + { + "SPDXID": "SPDXRef-Package-go-module-github.com-release-engineering-retrodep-v2-b1aab99da74371f7", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:release-engineering:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:release_engineering:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:release:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/release-engineering/retrodep@v2.1.0#v2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/release-engineering/retrodep/v2", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v2.1.0" + }, + { + "SPDXID": "SPDXRef-DocumentRoot-Directory-.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": ".", + "primaryPackagePurpose": "FILE", + "supplier": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-rpm-basesystem-fcabd006cb3bfe7d", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:basesystem:basesystem:11-13.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:basesystem:11-13.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/basesystem@11-13.el9?arch=noarch&upstream=basesystem-11-13.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Public-Domain", + "name": "basesystem", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "11-13.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-bash-a6062d7253817d9d", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:bash:5.1.8-9.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bash:bash:5.1.8-9.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/bash@5.1.8-9.el9?arch=x86_64&upstream=bash-5.1.8-9.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv3-", + "name": "bash", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "9295a01e788345a66a371467a1dd0c085d921f52" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "5.1.8-9.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils-single:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils-single:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils_single:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils_single:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/coreutils-single@8.32-36.el9?arch=x86_64&upstream=coreutils-8.32-36.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv3-", + "name": "coreutils-single", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "642d9f7db3fbba6ece69558b5c706930ec126584" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "8.32-36.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-filesystem-5423c4a724c69dca", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:filesystem:filesystem:3.16-5.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:filesystem:3.16-5.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/filesystem@3.16-5.el9?arch=x86_64&upstream=filesystem-3.16-5.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Public-Domain", + "name": "filesystem", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "3.16-5.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:glibc:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc:glibc:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/glibc@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-cedbc2fa4301332b3d3569627696d986a63b3f3a293a2759a611c7c3deebd428", + "name": "glibc", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "ed0c5417a07603087b40443f16c64c67a2d0ed45" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2.34-125.el9_5.1" + }, + { + "SPDXID": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-common:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-common:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_common:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_common:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/glibc-common@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-cedbc2fa4301332b3d3569627696d986a63b3f3a293a2759a611c7c3deebd428", + "name": "glibc-common", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "4ce35b5a588ee407a7e87d76e2a1301252a618c5" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2.34-125.el9_5.1" + }, + { + "SPDXID": "SPDXRef-Package-rpm-glibc-minimal-langpack-d35bdd9cfa0b8d62", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/glibc-minimal-langpack@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-cedbc2fa4301332b3d3569627696d986a63b3f3a293a2759a611c7c3deebd428", + "name": "glibc-minimal-langpack", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2.34-125.el9_5.1" + }, + { + "SPDXID": "SPDXRef-Package-rpm-gpg-pubkey-6a4614b48b443e33", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg-pubkey:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg_pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg_pubkey:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/gpg-pubkey@5a6340b3-6229229e?distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-pubkey", + "name": "gpg-pubkey", + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "NOASSERTION", + "versionInfo": "5a6340b3-6229229e" + }, + { + "SPDXID": "SPDXRef-Package-rpm-gpg-pubkey-0b9edfc7dd36b25d", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg-pubkey:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg_pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg_pubkey:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/gpg-pubkey@fd431d51-4ae0493b?distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-pubkey", + "name": "gpg-pubkey", + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "NOASSERTION", + "versionInfo": "fd431d51-4ae0493b" + }, + { + "SPDXID": "SPDXRef-Package-rpm-libacl-6a12891a28711ed0", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libacl:libacl:2.3.1-4.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libacl:2.3.1-4.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/libacl@2.3.1-4.el9?arch=x86_64&upstream=acl-2.3.1-4.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "name": "libacl", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "66c8d8a589a6f28bba41148d9ad13341e78a5a9e" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2.3.1-4.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-libattr-246362466b6f01d4", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libattr:libattr:2.5.1-3.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libattr:2.5.1-3.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/libattr@2.5.1-3.el9?arch=x86_64&upstream=attr-2.5.1-3.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "name": "libattr", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "a18d42a0a3759707cfea42ce8caa4761a5b3ad82" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2.5.1-3.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-libcap-e129417de8081c72", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libcap:libcap:2.48-9.el9_2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libcap:2.48-9.el9_2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/libcap@2.48-9.el9_2?arch=x86_64&upstream=libcap-2.48-9.el9_2.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-BSD-or-GPLv2", + "name": "libcap", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "6e666c18cd839e6632a9395ab154f116f10ebb65" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2.48-9.el9_2" + }, + { + "SPDXID": "SPDXRef-Package-rpm-libgcc-492434936db2f877", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libgcc:libgcc:11.5.0-2.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libgcc:11.5.0-2.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/libgcc@11.5.0-2.el9?arch=x86_64&upstream=gcc-11.5.0-2.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-0a20635703258c08665cede2a4166b90795ad1cb30dd85cfde1598463d68ebf5", + "name": "libgcc", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "e94494ca348ac9fc5b386d040fe90f0981971511" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "11.5.0-2.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-libselinux-79db8c526f87ba3b", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libselinux:libselinux:3.6-1.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libselinux:3.6-1.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/libselinux@3.6-1.el9?arch=x86_64&upstream=libselinux-3.6-1.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Public-Domain", + "name": "libselinux", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "1b498b7af44a22054ee36e80a252f403a74b1936" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "3.6-1.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-libsepol-9891839d8f699944", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libsepol:libsepol:3.6-1.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libsepol:3.6-1.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/libsepol@3.6-1.el9?arch=x86_64&upstream=libsepol-3.6-1.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "name": "libsepol", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "73cd4d33cfe1305a388f0126d6faeab4b2352da4" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "3.6-1.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/ncurses-base@6.2-10.20210508.el9?arch=noarch&upstream=ncurses-6.2-10.20210508.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "name": "ncurses-base", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "7318e5838debb2d923905e67f9e8830f2a1ff5f4" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "6.2-10.20210508.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-ncurses-libs-31b40b2b21390159", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&upstream=ncurses-6.2-10.20210508.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "name": "ncurses-libs", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "4c1a2e70da159a5c5750d9c16c50843bd216d5f4" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "6.2-10.20210508.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-pcre2-1a97d50a68b062d7", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/pcre2@10.40-6.el9?arch=x86_64&upstream=pcre2-10.40-6.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-BSD", + "name": "pcre2", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "c74f502aab3063ee72922a7735edbd2f32c92080" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "10.40-6.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-pcre2-syntax-8f3dd37865073b05", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/pcre2-syntax@10.40-6.el9?arch=noarch&upstream=pcre2-10.40-6.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-BSD", + "name": "pcre2-syntax", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "24e5a6c8ae65ef32012444c539eb087f1b59a11a" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "10.40-6.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-redhat-release-bbf1d165194eceb0", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat-release:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat-release:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat_release:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat_release:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/redhat-release@9.5-0.6.el9?arch=x86_64&upstream=redhat-release-9.5-0.6.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv2", + "name": "redhat-release", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "52b7a27197892b1c65e8cb823a69d488baad9e23" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "9.5-0.6.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-setup-befa3e6a19701472", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:setup:2.13.7-10.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:setup:setup:2.13.7-10.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/setup@2.13.7-10.el9?arch=noarch&upstream=setup-2.13.7-10.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Public-Domain", + "name": "setup", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "73e4e3231d55347f5e68ec3d299370ea45716056" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2.13.7-10.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-tzdata-f21803b5b9d9adef", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:tzdata:2024b-2.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:tzdata:tzdata:2024b-2.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/tzdata@2024b-2.el9?arch=noarch&upstream=tzdata-2024b-2.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Public-Domain", + "name": "tzdata", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "2a486eded3c62267c2c6a9f3e0afc9fcc9f71874" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2024b-2.el9" + }, + { + "SPDXID": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro", + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "71c7ec827876417693bd3feb615a5c70753b78667cb27c17cb3a5346a6955da5" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:oci/registry.access.redhat.com/ubi9/ubi-micro@sha256:71c7ec827876417693bd3feb615a5c70753b78667cb27c17cb3a5346a6955da5?arch=amd64&tag=9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "registry.access.redhat.com/ubi9/ubi-micro", + "primaryPackagePurpose": "CONTAINER", + "supplier": "NOASSERTION", + "versionInfo": "9.5" + }, + { + "SPDXID": "SPDXRef-DocumentRoot-File-", + "annotations": [], + "downloadLocation": "NOASSERTION", + "externalRefs": [], + "name": "", + "versionInfo": "" + }, + { + "SPDXID": "SPDXRef-Package-@types/prop-types-15.7.5-2d13fa1fda82a31e6ee9a07d7956586c1d91a3b859ff1dcfb40ccc1b4a3dd481", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/%40types/prop-types@15.7.5", + "referenceType": "purl" + } + ], + "name": "@types/prop-types", + "versionInfo": "15.7.5" + }, + { + "SPDXID": "SPDXRef-Package-@types/react-18.0.35-b9ed72f467423072bf84280dd8d6d95b03454eb99dd7e79344fb87ae1fd9b1df", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/%40types/react@18.0.35", + "referenceType": "purl" + } + ], + "name": "@types/react", + "versionInfo": "18.0.35" + }, + { + "SPDXID": "SPDXRef-Package-@types/react-dom-18.0.11-0695908f176f2057c391965487aaeb8beb94f9d61b26f9251fc5b0540c4fc5b8", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/%40types/react-dom@18.0.11", + "referenceType": "purl" + } + ], + "name": "@types/react-dom", + "versionInfo": "18.0.11" + }, + { + "SPDXID": "SPDXRef-Package-@types/scheduler-0.16.3-9203434a3e490164962e30f641d81c2a982ba1451fa895c04f8915303e36c4cd", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/%40types/scheduler@0.16.3", + "referenceType": "purl" + } + ], + "name": "@types/scheduler", + "versionInfo": "0.16.3" + }, + { + "SPDXID": "SPDXRef-Package-abbrev-2.0.0-1894f11f2fae86ef35389ca7eddfbe9ce2f0dac015bfa94c7aa018734ba3e849", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/abbrev@2.0.0", + "referenceType": "purl" + } + ], + "name": "abbrev", + "versionInfo": "2.0.0" + }, + { + "SPDXID": "SPDXRef-Package-accepts-1.3.8-9c22f6c6130717b834f1907e0ca1fba3dc8992aea7a646991e20d6a7b61ab711", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/accepts@1.3.8", + "referenceType": "purl" + } + ], + "name": "accepts", + "versionInfo": "1.3.8" + }, + { + "SPDXID": "SPDXRef-Package-array-flatten-1.1.1-2bbda85f1ca7a6b3a06dd56d05d19eea3fc2b3ea9e823f5beebf430b54ed8b27", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/array-flatten@1.1.1", + "referenceType": "purl" + } + ], + "name": "array-flatten", + "versionInfo": "1.1.1" + }, + { + "SPDXID": "SPDXRef-Package-bar-1.0.0-59bce6cc36eb7c521941d78806369a8891afc8867b655d8624db7b0bd61c0978", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/bar@1.0.0?vcs_url=git%2Bhttps://github.com/cachito-testing/npm-cachi2-smoketest%40f1d31c2b051b218c84399b12461e0957d87bd0cd#bar", + "referenceType": "purl" + } + ], + "name": "bar", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-bitbucket-cachi2-npm-without-deps-1.0.0-e35aeb8abd2f04d065c1c994ee122ed6a7986ad6856f3c0121043b14610ab051", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/bitbucket-cachi2-npm-without-deps@1.0.0?vcs_url=git%2Bssh://git%40bitbucket.org/cachi-testing/cachi2-without-deps.git%409e164b97043a2d91bbeb992f6cc68a3d1015086a", + "referenceType": "purl" + } + ], + "name": "bitbucket-cachi2-npm-without-deps", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-bitbucket-cachi2-npm-without-deps-second-2.0.0-81c15e90a3e55924473e46c408687efffa3c2c15a8b0f93cb526ee58a8e4d831", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/bitbucket-cachi2-npm-without-deps-second@2.0.0?vcs_url=git%2Bssh://git%40bitbucket.org/cachi-testing/cachi2-without-deps-second.git%4009992d418fc44a2895b7a9ff27c4e32d6f74a982", + "referenceType": "purl" + } + ], + "name": "bitbucket-cachi2-npm-without-deps-second", + "versionInfo": "2.0.0" + }, + { + "SPDXID": "SPDXRef-Package-body-parser-1.20.1-f1e3973bbe263c9fef6f05bb6e8c5d62863cb7723c4cdd3fcde7d305b586f781", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/body-parser@1.20.1", + "referenceType": "purl" + } + ], + "name": "body-parser", + "versionInfo": "1.20.1" + }, + { + "SPDXID": "SPDXRef-Package-bufio-None-50fdaec28e33e601d7d652bcd07106e339cb553fac4be5ff9d34de2d4cef23d8", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/bufio?type=package", + "referenceType": "purl" + } + ], + "name": "bufio" + }, + { + "SPDXID": "SPDXRef-Package-bytes-None-8a7568ccb42e145adcfbeb55d2458a82268b773075ce871653a85f1702c1759b", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/bytes?type=package", + "referenceType": "purl" + } + ], + "name": "bytes" + }, + { + "SPDXID": "SPDXRef-Package-bytes-3.1.2-6c35d8273701bdeb00c705c04d304e774a7a084d5da577d3048bba43a2e1d6f3", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/bytes@3.1.2", + "referenceType": "purl" + } + ], + "name": "bytes", + "versionInfo": "3.1.2" + }, + { + "SPDXID": "SPDXRef-Package-cachito-npm-without-deps-1.0.0-1c721b3db1237430a73952511a72cea21d08d1ef7758c3c97fcba93e2b78eba4", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/cachito-npm-without-deps@1.0.0?checksum=sha512:43e71f90ad5f9eb349ab18a283f8954994def373962ddc61b866bdea4d48249e67913c6b84dca1e8c519e981ca1fcc62b438292104a88ee9ed72db76a41efede&download_url=https://github.com/cachito-testing/cachito-npm-without-deps/raw/tarball/cachito-npm-without-deps-1.0.0.tgz", + "referenceType": "purl" + } + ], + "name": "cachito-npm-without-deps", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-call-bind-1.0.2-2da0a76c8a0a514b03483b3e876a26e670c7d5a9215ad870bbf88a997e4bc3a7", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/call-bind@1.0.2", + "referenceType": "purl" + } + ], + "name": "call-bind", + "versionInfo": "1.0.2" + }, + { + "SPDXID": "SPDXRef-Package-certifi-2022.12.7-a57cd5aa2a923c5620d6a157af0e7dd2404162d291f47d3ea58a56f7eabed47a", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/certifi@2022.12.7", + "referenceType": "purl" + } + ], + "name": "certifi", + "versionInfo": "2022.12.7" + }, + { + "SPDXID": "SPDXRef-Package-charset-normalizer-3.0.1-f8d91bc6b61ba49560dd447f0c648137fe413dff7c13fe1163bd5dab9ac8f9a9", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/charset-normalizer@3.0.1", + "referenceType": "purl" + } + ], + "name": "charset-normalizer", + "versionInfo": "3.0.1" + }, + { + "SPDXID": "SPDXRef-Package-classnames-2.3.2-ec4db75970d0c19420d3e774fa674397552c5562cac237dd908c8bacbfb4980a", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/classnames@2.3.2", + "referenceType": "purl" + } + ], + "name": "classnames", + "versionInfo": "2.3.2" + }, + { + "SPDXID": "SPDXRef-Package-colors-1.4.0-ea7fd773e7bf8d58d09e3256c69d9a8f0c496abf24179c2c8c9146e59e3f3912", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/colors@1.4.0", + "referenceType": "purl" + } + ], + "name": "colors", + "versionInfo": "1.4.0" + }, + { + "SPDXID": "SPDXRef-Package-compress/flate-None-9d146ce55d4d1fc078246490d294ef608f72a781d19f4ed107fc1264a0ef9edf", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/compress/flate?type=package", + "referenceType": "purl" + } + ], + "name": "compress/flate" + }, + { + "SPDXID": "SPDXRef-Package-compress/gzip-None-fe07f7a11777bc3223ca5dcd4418003440da1f7e5242714f1f152517421eccb7", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/compress/gzip?type=package", + "referenceType": "purl" + } + ], + "name": "compress/gzip" + }, + { + "SPDXID": "SPDXRef-Package-container/list-None-685451a0a7aee8920600cd482bffa5b155a5e0f6942b6f7d1d919f28a3f361b7", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/container/list?type=package", + "referenceType": "purl" + } + ], + "name": "container/list" + }, + { + "SPDXID": "SPDXRef-Package-content-disposition-0.5.4-94d613e00e5c81dcfd67143d3f081284fc1e578914e6f9579d5ba9173857520d", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/content-disposition@0.5.4", + "referenceType": "purl" + } + ], + "name": "content-disposition", + "versionInfo": "0.5.4" + }, + { + "SPDXID": "SPDXRef-Package-content-type-1.0.5-03f124b6782e6b209a6b92909d4158dfca5fc398bc0b8dd67ccadeacbef92b59", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/content-type@1.0.5", + "referenceType": "purl" + } + ], + "name": "content-type", + "versionInfo": "1.0.5" + }, + { + "SPDXID": "SPDXRef-Package-context-None-b84f72d7f2b8afebda6a3b97cc840cc1c4060e6db640f1fb0af8a7231e80de7d", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/context?type=package", + "referenceType": "purl" + } + ], + "name": "context" + }, + { + "SPDXID": "SPDXRef-Package-cookie-0.5.0-02bcf0b2fb295a63bb9861700bd212768302566a9bcd528b5684fee4cfa29ef1", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/cookie@0.5.0", + "referenceType": "purl" + } + ], + "name": "cookie", + "versionInfo": "0.5.0" + }, + { + "SPDXID": "SPDXRef-Package-cookie-signature-1.0.6-146f16319934f7394c628060076583d4aa8e4479d5df2d7518a44c369955d1cc", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/cookie-signature@1.0.6", + "referenceType": "purl" + } + ], + "name": "cookie-signature", + "versionInfo": "1.0.6" + }, + { + "SPDXID": "SPDXRef-Package-crypto-None-4137aa50bb490f937ab07379bb958d9701ffb43ee2d4ca5e65eeae80d7473a1e", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto?type=package", + "referenceType": "purl" + } + ], + "name": "crypto" + }, + { + "SPDXID": "SPDXRef-Package-crypto/aes-None-4b7159fc54e034ece944eb79bf8ec1d017435ab8cddadca9c481872c8552d88c", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/aes?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/aes" + }, + { + "SPDXID": "SPDXRef-Package-crypto/cipher-None-a7b309dd8cf5ed3a31559821ada58e343d0eb22798687b651714016251447b90", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/cipher?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/cipher" + }, + { + "SPDXID": "SPDXRef-Package-crypto/des-None-d0c916f3a927d847872c2b5a4424b4d44f83297dfab47eb4559d632bc02a356b", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/des?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/des" + }, + { + "SPDXID": "SPDXRef-Package-crypto/dsa-None-7ae1b92ddf8b786517ebb4a976ce5203f4df29303e13556b8f411679dad5e41f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/dsa?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/dsa" + }, + { + "SPDXID": "SPDXRef-Package-crypto/ecdh-None-2833a62747b8ae4cf2163a9eb58d71122a0cfcce49f8462a8bff3f52763343cf", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/ecdh?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/ecdh" + }, + { + "SPDXID": "SPDXRef-Package-crypto/ecdsa-None-aa85ddefbe331601a9108280fed8ab8f7a6619f0a7aefdda989fd5bdc66d1815", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/ecdsa?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/ecdsa" + }, + { + "SPDXID": "SPDXRef-Package-crypto/ed25519-None-a7a086360348d3355d530d502bdcbef8a9ce1b85051791d79aee8e94bab2d69a", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/ed25519?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/ed25519" + }, + { + "SPDXID": "SPDXRef-Package-crypto/elliptic-None-42c14da5e060676ebab57f1e644e78080891dc7e7ae1524ec064d959f3391e0b", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/elliptic?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/elliptic" + }, + { + "SPDXID": "SPDXRef-Package-crypto/hmac-None-90f4b32974f25c3e7fd78538df1793438e3adbbad355179229bfd2e6b323a9e3", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/hmac?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/hmac" + }, + { + "SPDXID": "SPDXRef-Package-crypto/internal/alias-None-b72e17ed348a15d861a8d6a517507932ed428364d043e0848384e16f50b6dbe1", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/internal/alias?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/internal/alias" + }, + { + "SPDXID": "SPDXRef-Package-crypto/internal/bigmod-None-ec1c42915ec4b13c93cd42d861596258beed863619038ba9ceba0e9738b58f50", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/internal/bigmod?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/internal/bigmod" + }, + { + "SPDXID": "SPDXRef-Package-crypto/internal/boring-None-0d09d6fe0d7dd4ae4bd0bd9e4571385167e8ec862caf728a974180abe1d8b910", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/internal/boring?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/internal/boring" + }, + { + "SPDXID": "SPDXRef-Package-crypto/internal/boring/bbig-None-1961facc167a00c28b440340bf887b0f19936f9079874528d14c4ec73f574ff6", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/internal/boring/bbig?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/internal/boring/bbig" + }, + { + "SPDXID": "SPDXRef-Package-crypto/internal/boring/sig-None-659c3ec829cf64be18d90fc4b65595d5ff5313c7a7fc07100f5a635cda5a1c53", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/internal/boring/sig?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/internal/boring/sig" + }, + { + "SPDXID": "SPDXRef-Package-crypto/internal/edwards25519-None-5ba839623a9ec2a4153687905946eb80be776e13e454e72e925ae3100237704f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/internal/edwards25519?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/internal/edwards25519" + }, + { + "SPDXID": "SPDXRef-Package-crypto/internal/edwards25519/field-None-afc497e72afd11be31fe5a953aafa19a4959a49ac13626f8f1dada65004482df", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/internal/edwards25519/field?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/internal/edwards25519/field" + }, + { + "SPDXID": "SPDXRef-Package-crypto/internal/nistec-None-36c10db1c3639955ec3b65ac8a5416661cd6453082331c684eaf47e1a0a9f6b0", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/internal/nistec?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/internal/nistec" + }, + { + "SPDXID": "SPDXRef-Package-crypto/internal/nistec/fiat-None-439c9e61a71cfce1ece26d4df703fa7dcb4d47abbedf242966c4c92f8a1e5a9e", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/internal/nistec/fiat?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/internal/nistec/fiat" + }, + { + "SPDXID": "SPDXRef-Package-crypto/internal/randutil-None-2b53b3fd6ad21340a19dbb67ff5b3588ea4ce6fd1fecf8574ad61252ca32d3c0", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/internal/randutil?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/internal/randutil" + }, + { + "SPDXID": "SPDXRef-Package-crypto/md5-None-f1d6ee6c4e3a6388b402c6bd50df796f699b3ad7fd831b5aae81adaf3e636178", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/md5?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/md5" + }, + { + "SPDXID": "SPDXRef-Package-crypto/rand-None-8034fbc7583154cf2c496e52e0e50888e58253e533efd316eb8f586b4e151352", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/rand?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/rand" + }, + { + "SPDXID": "SPDXRef-Package-crypto/rc4-None-3b23d9deeb0e755779c129e17aef3adc4e08759559c4723efd20f289251c9f0d", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/rc4?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/rc4" + }, + { + "SPDXID": "SPDXRef-Package-crypto/rsa-None-c68ec47c13582cc8c6595f177564e47e5ff2bc97644558e781b309634741eed6", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/rsa?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/rsa" + }, + { + "SPDXID": "SPDXRef-Package-crypto/sha1-None-5d04f13998510e8e9f25ac0063812b5bed581b41ab6924c0c666d159e4acbe2d", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/sha1?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/sha1" + }, + { + "SPDXID": "SPDXRef-Package-crypto/sha256-None-8947c345384e3e9aff8009caa754be26598788ca3eab22ee61f415566937dfa6", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/sha256?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/sha256" + }, + { + "SPDXID": "SPDXRef-Package-crypto/sha512-None-61b3f50b792f6a2b5c813528be0338152e1ff66f0e5c32c0e56fce88a70df05e", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/sha512?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/sha512" + }, + { + "SPDXID": "SPDXRef-Package-crypto/subtle-None-fd6d520ae750dc3bfe8b5f7cff2d089598f9c36bd9b9f823be704dbac5129126", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/subtle?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/subtle" + }, + { + "SPDXID": "SPDXRef-Package-crypto/tls-None-dd3d7486a13d36f076ba91b65f87d99bfdf556af4370260ff08f45263d177b10", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/tls?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/tls" + }, + { + "SPDXID": "SPDXRef-Package-crypto/x509-None-748926597edd9909db834c4c4490447961675cf3227ac69b36f4b8bee494651e", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/x509?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/x509" + }, + { + "SPDXID": "SPDXRef-Package-crypto/x509/pkix-None-f911e20d65ee26a0b61b8bc378bf68f5d2f9507e238de768c998fe62822f2914", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/crypto/x509/pkix?type=package", + "referenceType": "purl" + } + ], + "name": "crypto/x509/pkix" + }, + { + "SPDXID": "SPDXRef-Package-csstype-3.1.2-f547c23e831832d43a45a76de10263e609d5e49cbc80a65365da2843d7aff728", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/csstype@3.1.2", + "referenceType": "purl" + } + ], + "name": "csstype", + "versionInfo": "3.1.2" + }, + { + "SPDXID": "SPDXRef-Package-dateformat-5.0.3-c314f4677cf674d970ab3fd6014f8db5e0b3fdfa2417c389392ef74cc7530bfb", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/dateformat@5.0.3", + "referenceType": "purl" + } + ], + "name": "dateformat", + "versionInfo": "5.0.3" + }, + { + "SPDXID": "SPDXRef-Package-debug-2.6.9-ec2bc8ae0f128b684ba998fb9bd2b09b15fafe2a2547f8f82f1efda16b16550e", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/debug@2.6.9", + "referenceType": "purl" + } + ], + "name": "debug", + "versionInfo": "2.6.9" + }, + { + "SPDXID": "SPDXRef-Package-depd-2.0.0-e3710807a07e4c99622b6be764295762cd3f5677210c95f3f4a96b79912af81a", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/depd@2.0.0", + "referenceType": "purl" + } + ], + "name": "depd", + "versionInfo": "2.0.0" + }, + { + "SPDXID": "SPDXRef-Package-destroy-1.2.0-59fc0b2c22a5d75a3ef12ce42ae4d28c1d2b3645996f56fef9438c08c2cf137a", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/destroy@1.2.0", + "referenceType": "purl" + } + ], + "name": "destroy", + "versionInfo": "1.2.0" + }, + { + "SPDXID": "SPDXRef-Package-dockerfile-parse-None-0026bbe355f42473a37c2c101676927dd90dee85ccb496b2348091c7c0d1f710", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/dockerfile-parse?checksum=sha256:36e4469abb0d96b0e3cd656284d5016e8a674cd57b8ebe5af64786fe63b8184d&download_url=https://github.com/containerbuildsystem/dockerfile-parse/archive/refs/tags/2.0.0.tar.gz", + "referenceType": "purl" + } + ], + "name": "dockerfile-parse" + }, + { + "SPDXID": "SPDXRef-Package-ee-first-1.1.1-b0a1fd3ccf6505a1e8943e940f6ffd2d57d544757365e46e62e71ccd6f3a95f1", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/ee-first@1.1.1", + "referenceType": "purl" + } + ], + "name": "ee-first", + "versionInfo": "1.1.1" + }, + { + "SPDXID": "SPDXRef-Package-eggs-1.0.0-1a78b4db4303f5bb20e7708262b8af398a7d6e4d3701d18966f3bd9c7e2fa3cf", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/eggs@1.0.0?vcs_url=git%2Bhttps://github.com/cachito-testing/npm-cachi2-smoketest%40f1d31c2b051b218c84399b12461e0957d87bd0cd#eggs-packages/eggs", + "referenceType": "purl" + } + ], + "name": "eggs", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-embed-None-3b0c4167bd021e80f33378dbb2047342f4703b3a4f98389e36f0bc0663a86ccb", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/embed?type=package", + "referenceType": "purl" + } + ], + "name": "embed" + }, + { + "SPDXID": "SPDXRef-Package-encodeurl-1.0.2-b09c2fb226276faa5522768464540ce24851adbe862b60e8822210f34143c769", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/encodeurl@1.0.2", + "referenceType": "purl" + } + ], + "name": "encodeurl", + "versionInfo": "1.0.2" + }, + { + "SPDXID": "SPDXRef-Package-encoding-None-a06c4a77b81ea33c968604e9b4bd258d63c9843bbbee2d4b9f380c10e9d06d69", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/encoding?type=package", + "referenceType": "purl" + } + ], + "name": "encoding" + }, + { + "SPDXID": "SPDXRef-Package-encoding/asn1-None-b51419836b77ec333ff739e9946db8ae09351db3c85b9a3dafae523fa12cb051", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/encoding/asn1?type=package", + "referenceType": "purl" + } + ], + "name": "encoding/asn1" + }, + { + "SPDXID": "SPDXRef-Package-encoding/base64-None-11801625e0ad51eb0da035bc0402d2e9173a5110323a018b895269a6d6f871b1", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/encoding/base64?type=package", + "referenceType": "purl" + } + ], + "name": "encoding/base64" + }, + { + "SPDXID": "SPDXRef-Package-encoding/binary-None-32b9d270662b96d2dbbec49e1678eaa7820453e21081a33a144d6ac0dc710577", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/encoding/binary?type=package", + "referenceType": "purl" + } + ], + "name": "encoding/binary" + }, + { + "SPDXID": "SPDXRef-Package-encoding/hex-None-f1d3bff874ad8044c7582003620ba1c6ec39ce223964e7a08d18a8cd3954b8c3", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/encoding/hex?type=package", + "referenceType": "purl" + } + ], + "name": "encoding/hex" + }, + { + "SPDXID": "SPDXRef-Package-encoding/json-None-7bd68ddb07d07844137bbed30e90f4a49657448938e01c63c351b969cb02840d", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/encoding/json?type=package", + "referenceType": "purl" + } + ], + "name": "encoding/json" + }, + { + "SPDXID": "SPDXRef-Package-encoding/pem-None-a3311085cfa6442a830dca069711e3c8831b909c1e88cd87b41eb30c2ddf18e7", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/encoding/pem?type=package", + "referenceType": "purl" + } + ], + "name": "encoding/pem" + }, + { + "SPDXID": "SPDXRef-Package-encoding/xml-None-9be966fe2f66775f2de1c083befcfc3db7d9cf1fab030701e6faa71268cdf373", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/encoding/xml?type=package", + "referenceType": "purl" + } + ], + "name": "encoding/xml" + }, + { + "SPDXID": "SPDXRef-Package-errors-None-2994a0ff92785ca0427da149a6e29ff4bd4ca86b759641eeca740713aa6b4aee", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/errors?type=package", + "referenceType": "purl" + } + ], + "name": "errors" + }, + { + "SPDXID": "SPDXRef-Package-escape-html-1.0.3-f90f767c023db5382b0d48919a7e1da8ead602a918b56da5325aeb736275a52d", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/escape-html@1.0.3", + "referenceType": "purl" + } + ], + "name": "escape-html", + "versionInfo": "1.0.3" + }, + { + "SPDXID": "SPDXRef-Package-etag-1.8.1-b69163297fa646fafb5b0b3163e1ff0adb4546dcb5572f6c16682f0dd70d89dc", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/etag@1.8.1", + "referenceType": "purl" + } + ], + "name": "etag", + "versionInfo": "1.8.1" + }, + { + "SPDXID": "SPDXRef-Package-express-4.18.2-9edf04cf81fd12fb830bf8f4119d58f8e41861a5463fac20e0978d1d7b92755a", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/express@4.18.2", + "referenceType": "purl" + } + ], + "name": "express", + "versionInfo": "4.18.2" + }, + { + "SPDXID": "SPDXRef-Package-fecha-4.2.3-19b43bb464398381f95bc87ca8d57c9a11893190af81b14ba932be3046a934d5", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/fecha@4.2.3?vcs_url=git%2Bhttps://github.com/cachito-testing/npm-cachi2-smoketest%40f1d31c2b051b218c84399b12461e0957d87bd0cd#fecha-4.2.3.tgz", + "referenceType": "purl" + } + ], + "name": "fecha", + "versionInfo": "4.2.3" + }, + { + "SPDXID": "SPDXRef-Package-finalhandler-1.2.0-2d3a95b2fde0705e2c0b56ab36cec01a648af5977dbe097b9f874cb72c3f9f10", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/finalhandler@1.2.0", + "referenceType": "purl" + } + ], + "name": "finalhandler", + "versionInfo": "1.2.0" + }, + { + "SPDXID": "SPDXRef-Package-flit-core-3.8.0-a1699442b770ac3f746ead63946e28229d640bdf802ba25f9c4c51689371e6f8", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/flit-core@3.8.0", + "referenceType": "purl" + } + ], + "name": "flit-core", + "versionInfo": "3.8.0" + }, + { + "SPDXID": "SPDXRef-Package-fmt-None-f1a19aa774307d4259395e684c08a092571c2616f5e8bf98bb11ef02b8da432f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/fmt?type=package", + "referenceType": "purl" + } + ], + "name": "fmt" + }, + { + "SPDXID": "SPDXRef-Package-foo-1.0.0-b7e7aecc5dbbd0a3c7e06a21cd4752f4460f207e2534074905241c8af27f23e0", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/foo@1.0.0?vcs_url=git%2Bhttps://github.com/cachito-testing/npm-cachi2-smoketest%40f1d31c2b051b218c84399b12461e0957d87bd0cd#foo", + "referenceType": "purl" + } + ], + "name": "foo", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-forwarded-0.2.0-290e7770b21ed5d3e51392422f063801bbee465fa86be49828df7232895401e6", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/forwarded@0.2.0", + "referenceType": "purl" + } + ], + "name": "forwarded", + "versionInfo": "0.2.0" + }, + { + "SPDXID": "SPDXRef-Package-fresh-0.5.2-39253143db3f788c24bb5b0b81f408fa6c635416bdcbcacc956edd51dfe3b3b6", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/fresh@0.5.2", + "referenceType": "purl" + } + ], + "name": "fresh", + "versionInfo": "0.5.2" + }, + { + "SPDXID": "SPDXRef-Package-function-bind-1.1.1-05dcde660736e6875dd2d66f584ad228028eaca7fe5477f17189151b6f342ad9", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/function-bind@1.1.1", + "referenceType": "purl" + } + ], + "name": "function-bind", + "versionInfo": "1.1.1" + }, + { + "SPDXID": "SPDXRef-Package-get-intrinsic-1.2.0-7d2bee525793890edff38c2514222da0267b6a6dcaf104a5e60ffe344167f1f9", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/get-intrinsic@1.2.0", + "referenceType": "purl" + } + ], + "name": "get-intrinsic", + "versionInfo": "1.2.0" + }, + { + "SPDXID": "SPDXRef-Package-github.com/Azure/go-ansiterm-v0.0.0-20210617225240-d185dfc1b5a1-58819e71792a0906f8ef00b344a66fb53a750a60a83b0e9cf6902462b432611b", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/Azure/go-ansiterm@v0.0.0-20210617225240-d185dfc1b5a1?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/Azure/go-ansiterm", + "versionInfo": "v0.0.0-20210617225240-d185dfc1b5a1" + }, + { + "SPDXID": "SPDXRef-Package-github.com/Masterminds/semver-v1.4.2-1160d2af59246b7be80ace7615339f4f826b6de1586871b2e4e6eb2def67585b", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/Masterminds/semver@v1.4.2?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/Masterminds/semver", + "versionInfo": "v1.4.2" + }, + { + "SPDXID": "SPDXRef-Package-github.com/Masterminds/semver-v1.4.2-3ce965d3eed349e8c186769314b7aab3b8285b154906063e8478a6be9e6dabf3", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/Masterminds/semver@v1.4.2?type=package", + "referenceType": "purl" + } + ], + "name": "github.com/Masterminds/semver", + "versionInfo": "v1.4.2" + }, + { + "SPDXID": "SPDXRef-Package-github.com/Microsoft/go-winio-v0.6.0-d1375201be7b09a009b9f06be7fc3c489b6e46a85af963efaaad69987722c598", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/Microsoft/go-winio@v0.6.0?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/Microsoft/go-winio", + "versionInfo": "v0.6.0" + }, + { + "SPDXID": "SPDXRef-Package-github.com/cachito-testing/gomod-pandemonium-v0.1.0-2dea1c96c4851061bea0a94d800fd34a3cfbb7b7cc06c999a85958a65a37ccbe", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/gomod-pandemonium@v0.1.0?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/cachito-testing/gomod-pandemonium", + "versionInfo": "v0.1.0" + }, + { + "SPDXID": "SPDXRef-Package-github.com/cachito-testing/gomod-pandemonium-v0.1.0-b4858626e2d62d1fe94b9eafbd4569a9b62ad0dc47cc2fe50cb29599b9972719", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/gomod-pandemonium@v0.1.0?type=package", + "referenceType": "purl" + } + ], + "name": "github.com/cachito-testing/gomod-pandemonium", + "versionInfo": "v0.1.0" + }, + { + "SPDXID": "SPDXRef-Package-github.com/cachito-testing/gomod-pandemonium/terminaltor-v1.0.0-d8864bb49f101f59e469c7df5ff6bb5a45a6ab6a534be17c1d6e3504d4391139", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/gomod-pandemonium/terminaltor@v1.0.0?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/cachito-testing/gomod-pandemonium/terminaltor", + "versionInfo": "v1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-github.com/cachito-testing/gomod-pandemonium/terminaltor-v1.0.0-3da8d12fd3bc541534bec9272c22d575ad899ce0d7c0a7dbefbeffa5cee11ad8", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/gomod-pandemonium/terminaltor@v1.0.0?type=package", + "referenceType": "purl" + } + ], + "name": "github.com/cachito-testing/gomod-pandemonium/terminaltor", + "versionInfo": "v1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-github.com/cachito-testing/gomod-pandemonium/weird-v0.0.0-20230417073518-0c6890c3280a-c94101d7adab6e667b902dff84696a6dcdf753c50232b98c42a6e627544686b7", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/gomod-pandemonium/weird@v0.0.0-20230417073518-0c6890c3280a?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/cachito-testing/gomod-pandemonium/weird", + "versionInfo": "v0.0.0-20230417073518-0c6890c3280a" + }, + { + "SPDXID": "SPDXRef-Package-github.com/cachito-testing/gomod-pandemonium/weird-v0.0.0-20230417073518-0c6890c3280a-1007202fe8d39bb04484757d8072c78e390a6d16df835e2a364cffb660b9636f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/gomod-pandemonium/weird@v0.0.0-20230417073518-0c6890c3280a?type=package", + "referenceType": "purl" + } + ], + "name": "github.com/cachito-testing/gomod-pandemonium/weird", + "versionInfo": "v0.0.0-20230417073518-0c6890c3280a" + }, + { + "SPDXID": "SPDXRef-Package-github.com/cachito-testing/gomod-pandemonium/where-was-i-built-v0.1.0-37c4dafb3a1b8381ba44ffeeac00226e2a6518da2b6662c343e251d951f21757", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/gomod-pandemonium/where-was-i-built@v0.1.0?type=package", + "referenceType": "purl" + } + ], + "name": "github.com/cachito-testing/gomod-pandemonium/where-was-i-built", + "versionInfo": "v0.1.0" + }, + { + "SPDXID": "SPDXRef-Package-github.com/cachito-testing/retrodep/v2-v2.1.1-d74f886a19574ad40c9af2a6c5c62148619dd57380e90576efc81de398a2ccb2", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/retrodep/v2@v2.1.1?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/cachito-testing/retrodep/v2", + "versionInfo": "v2.1.1" + }, + { + "SPDXID": "SPDXRef-Package-github.com/cachito-testing/retrodep/v2/retrodep-v2.1.1-7a627ad424ed497a60d20f1471174d2e10b7b19371247d8e01d66dce49907db4", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/retrodep/v2/retrodep@v2.1.1?type=package", + "referenceType": "purl" + } + ], + "name": "github.com/cachito-testing/retrodep/v2/retrodep", + "versionInfo": "v2.1.1" + }, + { + "SPDXID": "SPDXRef-Package-github.com/cachito-testing/retrodep/v2/retrodep/glide-v2.1.1-0b96cde354a75e6ed0044b30ef9fa81569063adaa077bf05002a6594d7a7a606", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/retrodep/v2/retrodep/glide@v2.1.1?type=package", + "referenceType": "purl" + } + ], + "name": "github.com/cachito-testing/retrodep/v2/retrodep/glide", + "versionInfo": "v2.1.1" + }, + { + "SPDXID": "SPDXRef-Package-github.com/go-logr/logr-v1.2.3-5853958c7aa3424f456a39e24eca5999b7d30ba2557b3f4cf259846ca9e1a838", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/go-logr/logr@v1.2.3?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/go-logr/logr", + "versionInfo": "v1.2.3" + }, + { + "SPDXID": "SPDXRef-Package-github.com/go-task/slim-sprig-v0.0.0-20230315185526-52ccab3ef572-534d57d10d628d80eb298821755c30a3d8c4aa4a8664e82206c9c7c577640335", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/go-task/slim-sprig@v0.0.0-20230315185526-52ccab3ef572?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/go-task/slim-sprig", + "versionInfo": "v0.0.0-20230315185526-52ccab3ef572" + }, + { + "SPDXID": "SPDXRef-Package-github.com/google/go-cmp-v0.5.9-cd66635c1c29cce2de09ae35f3b1420d2efe5cb95ec7893b0020da956a924c5b", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/google/go-cmp@v0.5.9?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/google/go-cmp", + "versionInfo": "v0.5.9" + }, + { + "SPDXID": "SPDXRef-Package-github.com/google/pprof-v0.0.0-20210407192527-94a9f03dee38-f25c592867038ca2cc9a5cc1d4988b3df97b4784772f68ab59ae74c97796321a", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/google/pprof@v0.0.0-20210407192527-94a9f03dee38?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/google/pprof", + "versionInfo": "v0.0.0-20210407192527-94a9f03dee38" + }, + { + "SPDXID": "SPDXRef-Package-github.com/moby/term-v0.0.0-20221205130635-1aeaba878587-9dc6d3a1dd21dcb7ed5ecc77e87f4d373f5e3d7c839acb6889c76eabb0c13f57", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/moby/term@v0.0.0-20221205130635-1aeaba878587?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/moby/term", + "versionInfo": "v0.0.0-20221205130635-1aeaba878587" + }, + { + "SPDXID": "SPDXRef-Package-github.com/moby/term-v0.0.0-20221205130635-1aeaba878587-9237f389fe389bc918ffe075c360c59147590fefdbf328f3d6c7d7ebb52927fe", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/moby/term@v0.0.0-20221205130635-1aeaba878587?type=package", + "referenceType": "purl" + } + ], + "name": "github.com/moby/term", + "versionInfo": "v0.0.0-20221205130635-1aeaba878587" + }, + { + "SPDXID": "SPDXRef-Package-github.com/onsi/ginkgo/v2-v2.9.2-02de87e32da2109c4e3002f89f4291c10edc05dbdaf98c66696d0293009df901", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/onsi/ginkgo/v2@v2.9.2?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/onsi/ginkgo/v2", + "versionInfo": "v2.9.2" + }, + { + "SPDXID": "SPDXRef-Package-github.com/onsi/gomega-v1.27.4-6b82d57af896aeb4173a5bb22c12b07ef596cbeae38526fa64a669dc8aeb9e54", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/onsi/gomega@v1.27.4?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/onsi/gomega", + "versionInfo": "v1.27.4" + }, + { + "SPDXID": "SPDXRef-Package-github.com/op/go-logging-v0.0.0-20160315200505-970db520ece7-9a81205ae17e45fbc99e650b64849a48b23a7568c8e848841c9086a8d0b0e99f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/op/go-logging@v0.0.0-20160315200505-970db520ece7?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/op/go-logging", + "versionInfo": "v0.0.0-20160315200505-970db520ece7" + }, + { + "SPDXID": "SPDXRef-Package-github.com/op/go-logging-v0.0.0-20160315200505-970db520ece7-14231968e65f8c6e81761a7f2a528bdb212e70b87a81f1a7e1eefcb9ef64fd6f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/op/go-logging@v0.0.0-20160315200505-970db520ece7?type=package", + "referenceType": "purl" + } + ], + "name": "github.com/op/go-logging", + "versionInfo": "v0.0.0-20160315200505-970db520ece7" + }, + { + "SPDXID": "SPDXRef-Package-github.com/pkg/errors-v0.8.1-9f9627991aec4009db449ae2f96f6c06116666ff3b4f82dccd84c51d10dfc727", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/pkg/errors@v0.8.1?type=module", + "referenceType": "purl" + } + ], + "name": "github.com/pkg/errors", + "versionInfo": "v0.8.1" + }, + { + "SPDXID": "SPDXRef-Package-github.com/pkg/errors-v0.8.1-c8e423cf372ce5953d749be774ad49066f5ec6318cbe4cc089b71e7e5de386c9", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/pkg/errors@v0.8.1?type=package", + "referenceType": "purl" + } + ], + "name": "github.com/pkg/errors", + "versionInfo": "v0.8.1" + }, + { + "SPDXID": "SPDXRef-Package-go/ast-None-d34a7b35add57b69e88d868e69de08f65380708bf2b03e92673427ba6399fdc6", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/go/ast?type=package", + "referenceType": "purl" + } + ], + "name": "go/ast" + }, + { + "SPDXID": "SPDXRef-Package-go/build-None-729d26c5410943f8215552f4ac21cc7038764e054ca60295e680afb03f25129f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/go/build?type=package", + "referenceType": "purl" + } + ], + "name": "go/build" + }, + { + "SPDXID": "SPDXRef-Package-go/build/constraint-None-c5a58600325ff4bf595fd7d3b5cf73c4a390b9a945092901868b4f121c2367c3", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/go/build/constraint?type=package", + "referenceType": "purl" + } + ], + "name": "go/build/constraint" + }, + { + "SPDXID": "SPDXRef-Package-go/doc-None-27854d91ed2d04e8de4d4e0c62bc87ae1675a27e35f881ba930aad7dcc03fdda", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/go/doc?type=package", + "referenceType": "purl" + } + ], + "name": "go/doc" + }, + { + "SPDXID": "SPDXRef-Package-go/doc/comment-None-0eb990b44e156a3578853ceaaba8f196b0db22d4ef2ff818e4a2b3045b34968d", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/go/doc/comment?type=package", + "referenceType": "purl" + } + ], + "name": "go/doc/comment" + }, + { + "SPDXID": "SPDXRef-Package-go/internal/typeparams-None-d039f3851188a225b5ce113591179fc236481006e0266326e24b7075dddcbb40", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/go/internal/typeparams?type=package", + "referenceType": "purl" + } + ], + "name": "go/internal/typeparams" + }, + { + "SPDXID": "SPDXRef-Package-go/parser-None-11f6a8661d038319cb52c595fe3505e3e84ad8f4ab4e6d441e9ef31793181a46", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/go/parser?type=package", + "referenceType": "purl" + } + ], + "name": "go/parser" + }, + { + "SPDXID": "SPDXRef-Package-go/scanner-None-3ccd1c3548bdb796f3df1c5dd5db6bb0fa5a203d9753f64056fe0d5704d9465a", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/go/scanner?type=package", + "referenceType": "purl" + } + ], + "name": "go/scanner" + }, + { + "SPDXID": "SPDXRef-Package-go/token-None-ff113be2a399bf8a815f1e294191a68868e037d38a78eaed8697702f9ea240ec", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/go/token?type=package", + "referenceType": "purl" + } + ], + "name": "go/token" + }, + { + "SPDXID": "SPDXRef-Package-golang.org/x/mod-v0.9.0-bc2d1ce57f5057fdb5fbdc2b334fd2a64bf5512633955fb313b0017364804bd4", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/mod@v0.9.0?type=module", + "referenceType": "purl" + } + ], + "name": "golang.org/x/mod", + "versionInfo": "v0.9.0" + }, + { + "SPDXID": "SPDXRef-Package-golang.org/x/net-v0.8.0-2faecd5d0dc227bcd0c30c0f5821cc12e293aacd3400fdd65c5f3027048ac014", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/net@v0.8.0?type=module", + "referenceType": "purl" + } + ], + "name": "golang.org/x/net", + "versionInfo": "v0.8.0" + }, + { + "SPDXID": "SPDXRef-Package-golang.org/x/sys-v0.6.0-f175144385992277f9e80afbb03e532726173b255df38f82841c93ca31bc4078", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/sys@v0.6.0?type=module", + "referenceType": "purl" + } + ], + "name": "golang.org/x/sys", + "versionInfo": "v0.6.0" + }, + { + "SPDXID": "SPDXRef-Package-golang.org/x/sys/execabs-v0.6.0-aaab508709bce7d883f9f24aeac7a71463d7f0a9d4984617b35a268c111fe60b", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/sys/execabs@v0.6.0?type=package", + "referenceType": "purl" + } + ], + "name": "golang.org/x/sys/execabs", + "versionInfo": "v0.6.0" + }, + { + "SPDXID": "SPDXRef-Package-golang.org/x/sys/unix-v0.6.0-cf08060aa29fe9a9565026c1b4693b7f73ebf9a60b6e977a50b3a95607e2c0b0", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/sys/unix@v0.6.0?type=package", + "referenceType": "purl" + } + ], + "name": "golang.org/x/sys/unix", + "versionInfo": "v0.6.0" + }, + { + "SPDXID": "SPDXRef-Package-golang.org/x/text-v0.8.0-e01ce2057484987e7f043facb664dafcbbced83625fc3d6fe5293f58f3062088", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/text@v0.8.0?type=module", + "referenceType": "purl" + } + ], + "name": "golang.org/x/text", + "versionInfo": "v0.8.0" + }, + { + "SPDXID": "SPDXRef-Package-golang.org/x/tools-v0.7.0-1b7c3cd560dc750f0d0e7c7c2b57a72bd92a1f55658ca4d94ff09ece1df4d55a", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/tools@v0.7.0?type=module", + "referenceType": "purl" + } + ], + "name": "golang.org/x/tools", + "versionInfo": "v0.7.0" + }, + { + "SPDXID": "SPDXRef-Package-golang.org/x/tools/go/vcs-v0.7.0-1283820cd8cffe696b322ac38709ec2f338e6ec5aa31cbd0aba96fc7d0cc2fe5", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/tools/go/vcs@v0.7.0?type=package", + "referenceType": "purl" + } + ], + "name": "golang.org/x/tools/go/vcs", + "versionInfo": "v0.7.0" + }, + { + "SPDXID": "SPDXRef-Package-gopkg.in/yaml.v2-v2.2.2-c011779fe2b103d1a83845ea1b45dbea5829132a2e5dcb631b6e9460bf7e23b1", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/gopkg.in/yaml.v2@v2.2.2?type=module", + "referenceType": "purl" + } + ], + "name": "gopkg.in/yaml.v2", + "versionInfo": "v2.2.2" + }, + { + "SPDXID": "SPDXRef-Package-gopkg.in/yaml.v2-v2.2.2-2f321c248ff1cb791e6afb8f6013303004b317fb852ef16509077a787cbeeb39", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/gopkg.in/yaml.v2@v2.2.2?type=package", + "referenceType": "purl" + } + ], + "name": "gopkg.in/yaml.v2", + "versionInfo": "v2.2.2" + }, + { + "SPDXID": "SPDXRef-Package-gopkg.in/yaml.v3-v3.0.1-bdd07f97b77a6a7f760cce5f45ab63b470a43de6983a88c0bfd4b6258dc7dcb9", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/gopkg.in/yaml.v3@v3.0.1?type=module", + "referenceType": "purl" + } + ], + "name": "gopkg.in/yaml.v3", + "versionInfo": "v3.0.1" + }, + { + "SPDXID": "SPDXRef-Package-has-1.0.3-bf8dfc909a0a6d27780fd03a1cd8eb497a217174835a5b8619120c0858444860", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/has@1.0.3", + "referenceType": "purl" + } + ], + "name": "has", + "versionInfo": "1.0.3" + }, + { + "SPDXID": "SPDXRef-Package-has-symbols-1.0.3-db2f666c771d3f1a665b54ae840844bdb2b6f1aa5631f383673d06180b9f5ade", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/has-symbols@1.0.3", + "referenceType": "purl" + } + ], + "name": "has-symbols", + "versionInfo": "1.0.3" + }, + { + "SPDXID": "SPDXRef-Package-hash-None-b0296e2e3c833c14595a8d1d1cb10a53825bd771b5a9c86b666bd91faea10729", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/hash?type=package", + "referenceType": "purl" + } + ], + "name": "hash" + }, + { + "SPDXID": "SPDXRef-Package-hash/crc32-None-c2fc4cb71cbf1e97f8ba9555d2d41b260d0a912927f7ab202725b4012163e25b", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/hash/crc32?type=package", + "referenceType": "purl" + } + ], + "name": "hash/crc32" + }, + { + "SPDXID": "SPDXRef-Package-http-errors-2.0.0-1ccab6a096615c69b07104a5b332f81d5ed5cd2b6d49120096bd1ba132a22ee8", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/http-errors@2.0.0", + "referenceType": "purl" + } + ], + "name": "http-errors", + "versionInfo": "2.0.0" + }, + { + "SPDXID": "SPDXRef-Package-iconv-lite-0.4.24-fa93cdd43edb51240c414b8a6ec41ef5b614480ddcf20b1fa8b0ed9bcd3fa2d1", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/iconv-lite@0.4.24", + "referenceType": "purl" + } + ], + "name": "iconv-lite", + "versionInfo": "0.4.24" + }, + { + "SPDXID": "SPDXRef-Package-idna-3.4-8ed4181b079bf31ce5d74f20500d49dc9004025ae824fd0892fa5efd6c834fb1", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/idna@3.4", + "referenceType": "purl" + } + ], + "name": "idna", + "versionInfo": "3.4" + }, + { + "SPDXID": "SPDXRef-Package-inherits-2.0.4-5b15d59c03d2b532947513de6aabd11e052a2e7e662eb1723e5dc05c212e39d7", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/inherits@2.0.4", + "referenceType": "purl" + } + ], + "name": "inherits", + "versionInfo": "2.0.4" + }, + { + "SPDXID": "SPDXRef-Package-internal/abi-None-e9bf8f9b9b7604516c803ee364c89d58c5cb5e034e88129ac352de0d947062bf", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/abi?type=package", + "referenceType": "purl" + } + ], + "name": "internal/abi" + }, + { + "SPDXID": "SPDXRef-Package-internal/buildcfg-None-b2aab7b59f90ab1bac8732e4c84cb8a8dd7ebc3e8f66f29efc7d01d29071549b", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/buildcfg?type=package", + "referenceType": "purl" + } + ], + "name": "internal/buildcfg" + }, + { + "SPDXID": "SPDXRef-Package-internal/bytealg-None-00e7703f624b015b9a0b00aae1d124611995c0db0cbe8a3b99301d0d46115217", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/bytealg?type=package", + "referenceType": "purl" + } + ], + "name": "internal/bytealg" + }, + { + "SPDXID": "SPDXRef-Package-internal/coverage/rtcov-None-533afe8b86dd0d88975c72d08d054a6db8f46dbdb589fe1eb867ef2d12ca6a8f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/coverage/rtcov?type=package", + "referenceType": "purl" + } + ], + "name": "internal/coverage/rtcov" + }, + { + "SPDXID": "SPDXRef-Package-internal/cpu-None-42d4b2788f136ee992dea15d4d5ea5e651df2e03325eec2f5bc2dcd89b1f2698", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/cpu?type=package", + "referenceType": "purl" + } + ], + "name": "internal/cpu" + }, + { + "SPDXID": "SPDXRef-Package-internal/fmtsort-None-ccbfda59765250452128abb3427e52d01ccdbf30e8e23c364e88cd17bac396c5", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/fmtsort?type=package", + "referenceType": "purl" + } + ], + "name": "internal/fmtsort" + }, + { + "SPDXID": "SPDXRef-Package-internal/goarch-None-59e1c82486ebde860ef219d0a4a2a1f0f883e1b9dd5bc7ef915a280f5e7b5388", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/goarch?type=package", + "referenceType": "purl" + } + ], + "name": "internal/goarch" + }, + { + "SPDXID": "SPDXRef-Package-internal/godebug-None-406b22de31b59897d17fa17efc1a686f6ac994809ea94d8e8bc353d8d63f8613", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/godebug?type=package", + "referenceType": "purl" + } + ], + "name": "internal/godebug" + }, + { + "SPDXID": "SPDXRef-Package-internal/goexperiment-None-22e8c82d9ef866ee1ec7b2c637de456655ea2796ac0c47bdf21736ad29425cc9", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/goexperiment?type=package", + "referenceType": "purl" + } + ], + "name": "internal/goexperiment" + }, + { + "SPDXID": "SPDXRef-Package-internal/goos-None-be72ba0bd9e073695bc479d05f46f94959841540249640a3002af8dc2b5214fd", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/goos?type=package", + "referenceType": "purl" + } + ], + "name": "internal/goos" + }, + { + "SPDXID": "SPDXRef-Package-internal/goroot-None-2faa4afb2e7dd49b1c629532758d3f03489018a1e77b6c7132f7b1c389143f80", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/goroot?type=package", + "referenceType": "purl" + } + ], + "name": "internal/goroot" + }, + { + "SPDXID": "SPDXRef-Package-internal/goversion-None-4872d02f6c3e6028355182e68442394a9b77a7450d6efe1454672e8be50cf17d", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/goversion?type=package", + "referenceType": "purl" + } + ], + "name": "internal/goversion" + }, + { + "SPDXID": "SPDXRef-Package-internal/intern-None-9dc058fb0fbef857345574c966952fe27df2396e517654b87ac73585842e8569", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/intern?type=package", + "referenceType": "purl" + } + ], + "name": "internal/intern" + }, + { + "SPDXID": "SPDXRef-Package-internal/itoa-None-251330730123eb816338069eb3d3eb574f71be8a0891266a63bcfd3394b4c7fd", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/itoa?type=package", + "referenceType": "purl" + } + ], + "name": "internal/itoa" + }, + { + "SPDXID": "SPDXRef-Package-internal/lazyregexp-None-b9e28b3cffc457b34bfc89bde65bef9bdfa7290667106021729c60978237f1bb", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/lazyregexp?type=package", + "referenceType": "purl" + } + ], + "name": "internal/lazyregexp" + }, + { + "SPDXID": "SPDXRef-Package-internal/nettrace-None-cd55cbc06d1f48ac1000330d6d26475c72381aac19b187928b984c78cedbaa6d", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/nettrace?type=package", + "referenceType": "purl" + } + ], + "name": "internal/nettrace" + }, + { + "SPDXID": "SPDXRef-Package-internal/oserror-None-737110d8ef939aad4e7374a26e8cee0b37ef4b1b2900ad9fcedfe06886243957", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/oserror?type=package", + "referenceType": "purl" + } + ], + "name": "internal/oserror" + }, + { + "SPDXID": "SPDXRef-Package-internal/poll-None-5062d2227afbbab4478471c9cdb74550798d8ef0c83d716f575a1c71ae739a86", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/poll?type=package", + "referenceType": "purl" + } + ], + "name": "internal/poll" + }, + { + "SPDXID": "SPDXRef-Package-internal/race-None-ecf278b204f42be1dffdb2518f982739db2f1fa4a41519e9bb1aafc535430b58", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/race?type=package", + "referenceType": "purl" + } + ], + "name": "internal/race" + }, + { + "SPDXID": "SPDXRef-Package-internal/reflectlite-None-0130ba0b61c50e534eb4589345e62a04e7faa6e69cf7386641e062ca5246044e", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/reflectlite?type=package", + "referenceType": "purl" + } + ], + "name": "internal/reflectlite" + }, + { + "SPDXID": "SPDXRef-Package-internal/safefilepath-None-9e1ef1731e35129425d26a5254c34180669a68ae6bbc1ae4d67ac012eb8a90f6", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/safefilepath?type=package", + "referenceType": "purl" + } + ], + "name": "internal/safefilepath" + }, + { + "SPDXID": "SPDXRef-Package-internal/singleflight-None-4c9f5e65b604548320072fac39fcb3d671fa1ea01c968eca0d42c5d74a5af21f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/singleflight?type=package", + "referenceType": "purl" + } + ], + "name": "internal/singleflight" + }, + { + "SPDXID": "SPDXRef-Package-internal/syscall/execenv-None-c1541a0559d19f03be87ee5391ab59ae16dc1ac0a18305a95976403ac67d4dfc", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/syscall/execenv?type=package", + "referenceType": "purl" + } + ], + "name": "internal/syscall/execenv" + }, + { + "SPDXID": "SPDXRef-Package-internal/syscall/unix-None-4cc0fd820d1f97686fc80257c743f2c5203b642e294e38538e8657f4fd2241b8", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/syscall/unix?type=package", + "referenceType": "purl" + } + ], + "name": "internal/syscall/unix" + }, + { + "SPDXID": "SPDXRef-Package-internal/testlog-None-de80b247df32030fc72c24839ac09d1828f823d14f030136a13234e4341d7e8e", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/testlog?type=package", + "referenceType": "purl" + } + ], + "name": "internal/testlog" + }, + { + "SPDXID": "SPDXRef-Package-internal/unsafeheader-None-85767a17fdfd2e6ad7147303f8a27bd049f17e57a960332bf0312da2c1a4afc3", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/internal/unsafeheader?type=package", + "referenceType": "purl" + } + ], + "name": "internal/unsafeheader" + }, + { + "SPDXID": "SPDXRef-Package-io-None-6c7a8c3b50224f00ac215c02c8fa0fc56abf06c501fa1e34d7e736ce578c0ff6", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/io?type=package", + "referenceType": "purl" + } + ], + "name": "io" + }, + { + "SPDXID": "SPDXRef-Package-io/fs-None-e1cc32e1c9b61aeed432ef90fe18c86dc539417a18476f58affc7d8059d35bfc", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/io/fs?type=package", + "referenceType": "purl" + } + ], + "name": "io/fs" + }, + { + "SPDXID": "SPDXRef-Package-io/ioutil-None-96965bb655e4c4512ab37ed042509f762d7a2481f983652dd25ed2dcc4a29335", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/io/ioutil?type=package", + "referenceType": "purl" + } + ], + "name": "io/ioutil" + }, + { + "SPDXID": "SPDXRef-Package-ipaddr.js-1.9.1-b2fa347461b0533601326c24b23d066734cffb1075bfe723182faab5bba9d804", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/ipaddr.js@1.9.1", + "referenceType": "purl" + } + ], + "name": "ipaddr.js", + "versionInfo": "1.9.1" + }, + { + "SPDXID": "SPDXRef-Package-is-positive-3.1.0-4716c87fda6843403486a0ea317561a7a3188fb04f6c5fadea411cb22202e101", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/is-positive@3.1.0?vcs_url=git%2Bssh://git%40github.com/kevva/is-positive.git%4097edff6f525f192a3f83cea1944765f769ae2678", + "referenceType": "purl" + } + ], + "name": "is-positive", + "versionInfo": "3.1.0" + }, + { + "SPDXID": "SPDXRef-Package-log-None-7f013a0a47929d2cb716cede42c4d88946a61ab03f1e7f79aa06268b21a62626", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/log?type=package", + "referenceType": "purl" + } + ], + "name": "log" + }, + { + "SPDXID": "SPDXRef-Package-log/syslog-None-dff81bb3e9d2e52734ccc2a8860046f16fa574f869281854c34d05bd7ce3613e", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/log/syslog?type=package", + "referenceType": "purl" + } + ], + "name": "log/syslog" + }, + { + "SPDXID": "SPDXRef-Package-math-None-eaf7850a09ee7619e7cb7156bb57144fd906b25cb1d3b7a68c104c7be9006662", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/math?type=package", + "referenceType": "purl" + } + ], + "name": "math" + }, + { + "SPDXID": "SPDXRef-Package-math/big-None-ea6408dbb3a7a85bd2d1a385adf5e6db52f1b34eea578f85b51022d1b1b20a2f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/math/big?type=package", + "referenceType": "purl" + } + ], + "name": "math/big" + }, + { + "SPDXID": "SPDXRef-Package-math/bits-None-9191b5cdac727fa3c1ad695495bb7b1bea72504b8757ba14091e0dea757268ac", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/math/bits?type=package", + "referenceType": "purl" + } + ], + "name": "math/bits" + }, + { + "SPDXID": "SPDXRef-Package-math/rand-None-a0c4b45dd5f2792e5216888b63bd47a2ebb250fb489b1bc74680c502cbf4daad", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/math/rand?type=package", + "referenceType": "purl" + } + ], + "name": "math/rand" + }, + { + "SPDXID": "SPDXRef-Package-media-typer-0.3.0-b967b658724ab58909c115f6d003abe6fef09941877fd9cccf26290b7bcff81f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/media-typer@0.3.0", + "referenceType": "purl" + } + ], + "name": "media-typer", + "versionInfo": "0.3.0" + }, + { + "SPDXID": "SPDXRef-Package-merge-descriptors-1.0.1-4a59755685696af573d3f6b5b233fba1b1e866616a12a85cdb273a86f4549775", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/merge-descriptors@1.0.1", + "referenceType": "purl" + } + ], + "name": "merge-descriptors", + "versionInfo": "1.0.1" + }, + { + "SPDXID": "SPDXRef-Package-methods-1.1.2-3837727455fbd4c44e4b91430fd17aa95be768f4b4e198b86ec88ec390392d91", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/methods@1.1.2", + "referenceType": "purl" + } + ], + "name": "methods", + "versionInfo": "1.1.2" + }, + { + "SPDXID": "SPDXRef-Package-mime-None-a01968977ebf83ae88ffda90e4e9a19db82a4c34957a9ab0733ffa45a0089aad", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/mime?type=package", + "referenceType": "purl" + } + ], + "name": "mime" + }, + { + "SPDXID": "SPDXRef-Package-mime-1.6.0-37d7f8fe4141c58b0813444bb3111999b33fb1b4c1644a92ec0428e2e945eec7", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/mime@1.6.0", + "referenceType": "purl" + } + ], + "name": "mime", + "versionInfo": "1.6.0" + }, + { + "SPDXID": "SPDXRef-Package-mime-db-1.52.0-9876a9da4499ff91b540f8f9bbd103cb049f2f1b331c29fcceeaa29b9a485528", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/mime-db@1.52.0", + "referenceType": "purl" + } + ], + "name": "mime-db", + "versionInfo": "1.52.0" + }, + { + "SPDXID": "SPDXRef-Package-mime-types-2.1.35-54675c038cfff25f571d7fd746be730a600f223eef00ed4f8d4c12dbaf3085d9", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/mime-types@2.1.35", + "referenceType": "purl" + } + ], + "name": "mime-types", + "versionInfo": "2.1.35" + }, + { + "SPDXID": "SPDXRef-Package-mime/multipart-None-f76bc9569dc84104606f24165ccc4d6449545bc6fb8711981deecf6913e6ee2f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/mime/multipart?type=package", + "referenceType": "purl" + } + ], + "name": "mime/multipart" + }, + { + "SPDXID": "SPDXRef-Package-mime/quotedprintable-None-27acabe50017bab18f73cc358fc615c84633900b20aa8740e744c673d76d5dab", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/mime/quotedprintable?type=package", + "referenceType": "purl" + } + ], + "name": "mime/quotedprintable" + }, + { + "SPDXID": "SPDXRef-Package-ms-2.0.0-38c53561eed16438b2fde00179d07b8731b617d4a2e2dc9ee80e34ba402f6938", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/ms@2.0.0", + "referenceType": "purl" + } + ], + "name": "ms", + "versionInfo": "2.0.0" + }, + { + "SPDXID": "SPDXRef-Package-ms-2.1.3-9177646ae782a3d460ddd9398bfe12380b2ba88127ba06ad19ed9499b4a438f9", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/ms@2.1.3", + "referenceType": "purl" + } + ], + "name": "ms", + "versionInfo": "2.1.3" + }, + { + "SPDXID": "SPDXRef-Package-negotiator-0.6.3-8ae431701f3858e125afdf2c152ffe8a63a6fe0e20205c66d3ff35de742be6b0", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/negotiator@0.6.3", + "referenceType": "purl" + } + ], + "name": "negotiator", + "versionInfo": "0.6.3" + }, + { + "SPDXID": "SPDXRef-Package-net-None-399ebbe833d45f60535b3418296b8b0da567bc27bc6530fff726d28aa4e37d74", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/net?type=package", + "referenceType": "purl" + } + ], + "name": "net" + }, + { + "SPDXID": "SPDXRef-Package-net/http-None-75d4a324535b915eb5512276ee643692b7890af00d68435c523b41c1613b7f3a", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/net/http?type=package", + "referenceType": "purl" + } + ], + "name": "net/http" + }, + { + "SPDXID": "SPDXRef-Package-net/http/httptrace-None-21b89c9f9385548695da242b4b7c7e5258f27d1c2e4c0750771875fbdbeab91c", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/net/http/httptrace?type=package", + "referenceType": "purl" + } + ], + "name": "net/http/httptrace" + }, + { + "SPDXID": "SPDXRef-Package-net/http/internal-None-2414d2e978a0d89593d319cb17114cd5b1f219285c3b0d65252262b4be6986c7", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/net/http/internal?type=package", + "referenceType": "purl" + } + ], + "name": "net/http/internal" + }, + { + "SPDXID": "SPDXRef-Package-net/http/internal/ascii-None-c54daf5e9619431df040d7fc0dbcb787223b4345738a2e2a7465d12690e66fb2", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/net/http/internal/ascii?type=package", + "referenceType": "purl" + } + ], + "name": "net/http/internal/ascii" + }, + { + "SPDXID": "SPDXRef-Package-net/netip-None-32ff85ffae2b961d720aeb44fa83d429557565714f20f63b085d5843a8ff9b7a", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/net/netip?type=package", + "referenceType": "purl" + } + ], + "name": "net/netip" + }, + { + "SPDXID": "SPDXRef-Package-net/textproto-None-9e77d202b002a3aa8e8d63943ba2e136f1dbb2ecf0dba24bca1dd3309c716b28", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/net/textproto?type=package", + "referenceType": "purl" + } + ], + "name": "net/textproto" + }, + { + "SPDXID": "SPDXRef-Package-net/url-None-5ab666245d0535b71d9e6bed725b2204ec599a72a8353b7cc9e37636d1f3c103", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/net/url?type=package", + "referenceType": "purl" + } + ], + "name": "net/url" + }, + { + "SPDXID": "SPDXRef-Package-not-baz-1.0.0-227266aa69ece398c90192708f2738ec5d37ff5a474f343bc9f1bda34e449c5d", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/not-baz@1.0.0?vcs_url=git%2Bhttps://github.com/cachito-testing/npm-cachi2-smoketest%40f1d31c2b051b218c84399b12461e0957d87bd0cd#baz", + "referenceType": "purl" + } + ], + "name": "not-baz", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm_test-1.1.0-b7f778b4b7de0bb6a51db30f7dfb79b5166d2fa051d04e40f3820fd88d03324c", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/npm_test@1.1.0?vcs_url=git%2Bhttps://github.com/cachito-testing/npm-cachi2-smoketest%40f1d31c2b051b218c84399b12461e0957d87bd0cd", + "referenceType": "purl" + } + ], + "name": "npm_test", + "versionInfo": "1.1.0" + }, + { + "SPDXID": "SPDXRef-Package-object-inspect-1.12.3-f47cd7182218ad0e1859508077cf1d5324491726fee8a251f9940f789d6ed7a1", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/object-inspect@1.12.3", + "referenceType": "purl" + } + ], + "name": "object-inspect", + "versionInfo": "1.12.3" + }, + { + "SPDXID": "SPDXRef-Package-on-finished-2.4.1-6d2ea6cb125c29592f15a9badb2de04a18fe55b8258b143d4cd1026ccd70be51", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/on-finished@2.4.1", + "referenceType": "purl" + } + ], + "name": "on-finished", + "versionInfo": "2.4.1" + }, + { + "SPDXID": "SPDXRef-Package-os-None-7861f8f9c8e2dfa2e902eef8379dd992fd79b009cb6388a22982ba2565a3a6b2", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/os?type=package", + "referenceType": "purl" + } + ], + "name": "os" + }, + { + "SPDXID": "SPDXRef-Package-os/exec-None-3885aafdb6c44787b718149cb035be05c73054259c81c4649f47eb495200d6b5", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/os/exec?type=package", + "referenceType": "purl" + } + ], + "name": "os/exec" + }, + { + "SPDXID": "SPDXRef-Package-parseurl-1.3.3-f072bfdc47f60d4d137306c960d3962a440ae13a205eb06fe0bc681b9ab48914", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/parseurl@1.3.3", + "referenceType": "purl" + } + ], + "name": "parseurl", + "versionInfo": "1.3.3" + }, + { + "SPDXID": "SPDXRef-Package-path-None-99b59def89a54055c3e6154165afa5dc48d9dd881c2064e35174b3bfaa13974b", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/path?type=package", + "referenceType": "purl" + } + ], + "name": "path" + }, + { + "SPDXID": "SPDXRef-Package-path-to-regexp-0.1.7-47b831656513ab0fd4589bf9592ccf717f146fa879c1611bf0614de58e19bf40", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/path-to-regexp@0.1.7", + "referenceType": "purl" + } + ], + "name": "path-to-regexp", + "versionInfo": "0.1.7" + }, + { + "SPDXID": "SPDXRef-Package-path/filepath-None-b8880c13ebe0194e38aad0757c4c45ab94802d71f947da8d97847b7c6ba49c59", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/path/filepath?type=package", + "referenceType": "purl" + } + ], + "name": "path/filepath" + }, + { + "SPDXID": "SPDXRef-Package-proxy-addr-2.0.7-11d271374c4ac9c0bdaf85c70c9d45b7a71a4e4c977c8db41009545a9a04795f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/proxy-addr@2.0.7", + "referenceType": "purl" + } + ], + "name": "proxy-addr", + "versionInfo": "2.0.7" + }, + { + "SPDXID": "SPDXRef-Package-qs-6.11.0-82ca49f1b909d51b59ed8f47b135247970b5123cd270011290e196fde0462931", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/qs@6.11.0", + "referenceType": "purl" + } + ], + "name": "qs", + "versionInfo": "6.11.0" + }, + { + "SPDXID": "SPDXRef-Package-range-parser-1.2.1-9ce2c23a0f6652dbf4f71b6615d18275cb65d378ad4fe2570729b3130ce511f9", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/range-parser@1.2.1", + "referenceType": "purl" + } + ], + "name": "range-parser", + "versionInfo": "1.2.1" + }, + { + "SPDXID": "SPDXRef-Package-raw-body-2.5.1-792f351f90ab19a67f913a0aec33598dc2c15627c538937e19bf4aa68882cb09", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/raw-body@2.5.1", + "referenceType": "purl" + } + ], + "name": "raw-body", + "versionInfo": "2.5.1" + }, + { + "SPDXID": "SPDXRef-Package-reflect-None-9a955f305e05fdd31b17ccb1d1ced397f70ab526671058e569a261a951af4b90", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/reflect?type=package", + "referenceType": "purl" + } + ], + "name": "reflect" + }, + { + "SPDXID": "SPDXRef-Package-regexp-None-d473e7c324c57d67860eeb61c277018ef331cd1a88542503d5e46eeefc60e776", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/regexp?type=package", + "referenceType": "purl" + } + ], + "name": "regexp" + }, + { + "SPDXID": "SPDXRef-Package-regexp/syntax-None-9c5ed35e04ca5dc40ae22e97a2842579f0870d2b7e7e0729b1fe67188b3a20c1", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/regexp/syntax?type=package", + "referenceType": "purl" + } + ], + "name": "regexp/syntax" + }, + { + "SPDXID": "SPDXRef-Package-requests-2.28.2-526bfa020f831d53fefa504db1971000b066b39602278b55b89534b40ee374fd", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/requests@2.28.2", + "referenceType": "purl" + } + ], + "name": "requests", + "versionInfo": "2.28.2" + }, + { + "SPDXID": "SPDXRef-Package-runtime-None-95f4c7777de104f01db95739031d028d21b9eea0ae0dbda9eef7466f94afa3f0", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/runtime?type=package", + "referenceType": "purl" + } + ], + "name": "runtime" + }, + { + "SPDXID": "SPDXRef-Package-runtime/cgo-None-6f567958057bd49b8f659eb2a7560168ec43a1bcdb74a71b01f079de4a97fbd8", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/runtime/cgo?type=package", + "referenceType": "purl" + } + ], + "name": "runtime/cgo" + }, + { + "SPDXID": "SPDXRef-Package-runtime/internal/atomic-None-89f5570ef95986df4d9bcd40be7bb37b9c95997cdacaff8c3b34f29544a9beaa", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/runtime/internal/atomic?type=package", + "referenceType": "purl" + } + ], + "name": "runtime/internal/atomic" + }, + { + "SPDXID": "SPDXRef-Package-runtime/internal/math-None-ddfc379809d7ed455bef2efeca421ff7b3ed4acedf5c10231e211454a58bd18b", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/runtime/internal/math?type=package", + "referenceType": "purl" + } + ], + "name": "runtime/internal/math" + }, + { + "SPDXID": "SPDXRef-Package-runtime/internal/sys-None-1ddcc4e84542227f6b61424f1eeb826e450505f710a3394a8c25582668a2062a", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/runtime/internal/sys?type=package", + "referenceType": "purl" + } + ], + "name": "runtime/internal/sys" + }, + { + "SPDXID": "SPDXRef-Package-runtime/internal/syscall-None-9fdf4b93aa94f7e6579a15cd67bbbf86196358f26fc70b1c04d7477af13c99f5", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/runtime/internal/syscall?type=package", + "referenceType": "purl" + } + ], + "name": "runtime/internal/syscall" + }, + { + "SPDXID": "SPDXRef-Package-safe-buffer-5.2.1-261a4c176907a47c47f63060bcc003b93800d864f8a38911f76d2273329321e1", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/safe-buffer@5.2.1", + "referenceType": "purl" + } + ], + "name": "safe-buffer", + "versionInfo": "5.2.1" + }, + { + "SPDXID": "SPDXRef-Package-safer-buffer-2.1.2-fc42b41ac695bc353dc5effd8f1e77593d3e6114290d2f6d698254e4c4321600", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/safer-buffer@2.1.2", + "referenceType": "purl" + } + ], + "name": "safer-buffer", + "versionInfo": "2.1.2" + }, + { + "SPDXID": "SPDXRef-Package-sax-0.1.1-80ef687cd5cbaa12ea192acd42bde81614b8650be18c1091533f7369d704faa2", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/sax@0.1.1", + "referenceType": "purl" + } + ], + "name": "sax", + "versionInfo": "0.1.1" + }, + { + "SPDXID": "SPDXRef-Package-send-0.18.0-76def8bc1d25c9db16cb5293344ab0b49ea8631e24bac9e079b878916b9a3cf8", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/send@0.18.0", + "referenceType": "purl" + } + ], + "name": "send", + "versionInfo": "0.18.0" + }, + { + "SPDXID": "SPDXRef-Package-serve-static-1.15.0-fdd6747beb95d9c65aef2bfc6247fda9c1a26585928008ead83b507ab866f109", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/serve-static@1.15.0", + "referenceType": "purl" + } + ], + "name": "serve-static", + "versionInfo": "1.15.0" + }, + { + "SPDXID": "SPDXRef-Package-setprototypeof-1.2.0-b8c47959b5627ede0c91f0fd952c364c88d16123e4b079a7cb171a5d17650cd4", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/setprototypeof@1.2.0", + "referenceType": "purl" + } + ], + "name": "setprototypeof", + "versionInfo": "1.2.0" + }, + { + "SPDXID": "SPDXRef-Package-setuptools-67.1.0-6e61b9bbcbc780a9d258d9b2e16d1449dadaac4ff738bc7675e42c655faca538", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/setuptools@67.1.0", + "referenceType": "purl" + } + ], + "name": "setuptools", + "versionInfo": "67.1.0" + }, + { + "SPDXID": "SPDXRef-Package-side-channel-1.0.4-c6ede974dcd2aeec29ab9e8ef17f3150e2e6000cd496ddb55cb1eb5351039342", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/side-channel@1.0.4", + "referenceType": "purl" + } + ], + "name": "side-channel", + "versionInfo": "1.0.4" + }, + { + "SPDXID": "SPDXRef-Package-sort-None-0b8e6b81bb6644cb79cdf8911e86c39d8be9ccfbc14cd87fa438959662eccf70", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/sort?type=package", + "referenceType": "purl" + } + ], + "name": "sort" + }, + { + "SPDXID": "SPDXRef-Package-spam-1.0.0-0943e6f0bc84b43ce1da5d0aa24da04e82fd5c4d0d80ae8e730b5344e0e34faa", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/spam@1.0.0?vcs_url=git%2Bhttps://github.com/cachito-testing/npm-cachi2-smoketest%40f1d31c2b051b218c84399b12461e0957d87bd0cd#spam-packages/spam", + "referenceType": "purl" + } + ], + "name": "spam", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-statuses-2.0.1-d3d359f03ec7e5f27a8b6a75ac209c06a6d7da76aae1cbcbd2868436439a6c2f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/statuses@2.0.1", + "referenceType": "purl" + } + ], + "name": "statuses", + "versionInfo": "2.0.1" + }, + { + "SPDXID": "SPDXRef-Package-strconv-None-9608f50df7493944c92c5a9c6c2bbb859271e74bb255a128c16de777a6ccae32", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/strconv?type=package", + "referenceType": "purl" + } + ], + "name": "strconv" + }, + { + "SPDXID": "SPDXRef-Package-strings-None-d1ecb450a30252ad261c7f69c481d55204b24e385a70fe091e94a5c64728c17a", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/strings?type=package", + "referenceType": "purl" + } + ], + "name": "strings" + }, + { + "SPDXID": "SPDXRef-Package-sync-None-96d0b290269d417115f37e7187333605d7c713561fe7e39432360b76b60ff821", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/sync?type=package", + "referenceType": "purl" + } + ], + "name": "sync" + }, + { + "SPDXID": "SPDXRef-Package-sync/atomic-None-5785933a83faf80ba2a4e02d9d3f171e70393e42520ff562834d8f972db36cfa", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/sync/atomic?type=package", + "referenceType": "purl" + } + ], + "name": "sync/atomic" + }, + { + "SPDXID": "SPDXRef-Package-syscall-None-1ea973160a6b6283a492c2774d044f3e5910fbc3d0fc9d1b8c2bcb476e6e27e5", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/syscall?type=package", + "referenceType": "purl" + } + ], + "name": "syscall" + }, + { + "SPDXID": "SPDXRef-Package-test_package_cachi2-1.0.0-f5bfef72c137ebb321c27ce7b8c71ac929e415f821bf501206833ec6b9f62b45", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/test-package-cachi2@1.0.0?vcs_url=git%2Bhttps://github.com/cachito-testing/pip-e2e-test%401ecda839ba9ca55070d75c86c26a1bb07d777bba", + "referenceType": "purl" + } + ], + "name": "test_package_cachi2", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-time-None-94157eee9cf0119380f34c0b022b66e631768f69d1f6fbdcf9f3182fc378aa7b", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/time?type=package", + "referenceType": "purl" + } + ], + "name": "time" + }, + { + "SPDXID": "SPDXRef-Package-toidentifier-1.0.1-6c73575a4de10e05fca2979e41c226a3e58dd63ec0dbe60480e519494195663c", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/toidentifier@1.0.1", + "referenceType": "purl" + } + ], + "name": "toidentifier", + "versionInfo": "1.0.1" + }, + { + "SPDXID": "SPDXRef-Package-type-is-1.6.18-bfdf2d355f51adb427ad64a27701365aeefad65d0ea471f36c7bb887a7514849", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/type-is@1.6.18", + "referenceType": "purl" + } + ], + "name": "type-is", + "versionInfo": "1.6.18" + }, + { + "SPDXID": "SPDXRef-Package-unicode-None-13554101a27f5cb4261a5f37d2ee9615b3181b8f40050afe0d1586c6c68ba356", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/unicode?type=package", + "referenceType": "purl" + } + ], + "name": "unicode" + }, + { + "SPDXID": "SPDXRef-Package-unicode/utf16-None-16f1aba8788f5cee11b523cf6cd2e6fd33bdcff234d37240aae5c889da38ad1c", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/unicode/utf16?type=package", + "referenceType": "purl" + } + ], + "name": "unicode/utf16" + }, + { + "SPDXID": "SPDXRef-Package-unicode/utf8-None-269bbb94230a4aa5b586dffc9c15a0ed7b7fc76ddcb218689e073becf3789664", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/unicode/utf8?type=package", + "referenceType": "purl" + } + ], + "name": "unicode/utf8" + }, + { + "SPDXID": "SPDXRef-Package-unpipe-1.0.0-2e2509688d8b9b842cb74912b6f25c4e9e9bf99d2f4e28134bb241709e249236", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/unpipe@1.0.0", + "referenceType": "purl" + } + ], + "name": "unpipe", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-unsafe-None-7824706ac8e16251ee849c71484ce4cf8ee4f9007f3075de5f45df3c793933bb", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/unsafe?type=package", + "referenceType": "purl" + } + ], + "name": "unsafe" + }, + { + "SPDXID": "SPDXRef-Package-urllib3-1.26.14-1cb9ebcba75d80bd3ee5e828b47f908066d763475086152c9e651b3319e6b120", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/urllib3@1.26.14", + "referenceType": "purl" + } + ], + "name": "urllib3", + "versionInfo": "1.26.14" + }, + { + "SPDXID": "SPDXRef-Package-utils-merge-1.0.1-da9a0b187ae52f9c7ce3aeb96b1647d54bd17dee043bc1a22896d4aced968e9c", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/utils-merge@1.0.1", + "referenceType": "purl" + } + ], + "name": "utils-merge", + "versionInfo": "1.0.1" + }, + { + "SPDXID": "SPDXRef-Package-uuid-9.0.0-3b6efe3c30f3e8210affd072a7838ae4e8de22b69a7cc19953e9594ca97c9214", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/uuid@9.0.0", + "referenceType": "purl" + } + ], + "name": "uuid", + "versionInfo": "9.0.0" + }, + { + "SPDXID": "SPDXRef-Package-vary-1.1.2-dd8f0457e50a7cd3a71255859f29b529db219b42c2308be0d3bb2bfa51acd224", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/vary@1.1.2", + "referenceType": "purl" + } + ], + "name": "vary", + "versionInfo": "1.1.2" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/crypto/chacha20-None-4f0ece9420409df54b3d0fa1eafeaa327b78a920ad2cfdc6cccdecac967c7fde", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/crypto/chacha20?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/crypto/chacha20" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/crypto/chacha20poly1305-None-0bbb65aa26ea438f8ec5db9ef44985dd04a4d7593842ae7d5879b7464c0414c2", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/crypto/chacha20poly1305?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/crypto/chacha20poly1305" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/crypto/cryptobyte-None-dad08431578d2388d1bc07ff910fc5a7e8edb8ce9aa43252621a9d1a6cb9eed9", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/crypto/cryptobyte?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/crypto/cryptobyte" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/crypto/cryptobyte/asn1-None-427eb362e8ffddc01ba6b1f15fa8059fb4ff5ebf25e37ff389a7b965c5c00e32", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/crypto/cryptobyte/asn1?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/crypto/cryptobyte/asn1" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/crypto/hkdf-None-88b5a07b0ba8afe3a4a6f4fa51c028a37d907630d508d7d3d6b232f5891e0c86", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/crypto/hkdf?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/crypto/hkdf" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/crypto/internal/alias-None-4395de82d42aac19662285b212d0e1426608000c4547135f6b21d3bdb739b989", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/crypto/internal/alias?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/crypto/internal/alias" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/crypto/internal/poly1305-None-64300d1d564249fedee9f26d894a8824443ab337f00753b9bef2b4859514eddf", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/crypto/internal/poly1305?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/crypto/internal/poly1305" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/net/dns/dnsmessage-None-6414d79d71bd3048482f73f7a4903a35d1ec431a5127660fcf3980f09499398d", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/net/dns/dnsmessage?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/net/dns/dnsmessage" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/net/http/httpguts-None-e36712132c749b18c581ed4fba456e3cea20c8018fc0e1137f7b2577c1e5a04c", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/net/http/httpguts?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/net/http/httpguts" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/net/http/httpproxy-None-981f57eb93ba94fdea568a8e440422363f3a56ee745e3e504127a36b44ec2d68", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/net/http/httpproxy?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/net/http/httpproxy" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/net/http2/hpack-None-f09ec956d218ef524c5c35541426d5afca145dda96c1863747d85843feb5eeba", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/net/http2/hpack?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/net/http2/hpack" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/net/idna-None-db6486c7e9f66df3c774b335ab0e8779dca0a284da0b5d5133c20d5b396e1e16", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/net/idna?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/net/idna" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/sys/cpu-None-fff45ff8a23684e4ba82a21914e5418abe0d79156f3d0d8f33925961edde6d19", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/sys/cpu?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/sys/cpu" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/text/secure/bidirule-None-0800f037bbd309d6c570ce855ebbb2eff9be9e7d55c7e9a88e43ed7d4edeae02", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/text/secure/bidirule?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/text/secure/bidirule" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/text/transform-None-cbdc93a92d77e7a164c809f251cd6571bc331a1cded63fd7ae4d7bb892813199", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/text/transform?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/text/transform" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/text/unicode/bidi-None-693b708536caf52f89dd75d8947467f4704bfc62c582c9fd91e90cc997f9caa6", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/text/unicode/bidi?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/text/unicode/bidi" + }, + { + "SPDXID": "SPDXRef-Package-vendor/golang.org/x/text/unicode/norm-None-8eb33cca1c9d290b1b54d1a6aab69c94850137606ab6b2f5161e5791302ed95c", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/vendor/golang.org/x/text/unicode/norm?type=package", + "referenceType": "purl" + } + ], + "name": "vendor/golang.org/x/text/unicode/norm" + }, + { + "SPDXID": "SPDXRef-Package-wheel-0.38.4-606bf02cfffccacd2677c454d0b8df4350fb5264adf89c37cd32e7128158ea9f", + "annotations": [ + { + "annotationDate": "2024-12-18T11:27:10Z", + "annotationType": "OTHER", + "annotator": "Tool: cachi2:jsonencoded", + "comment": "{\"name\": \"cachi2:found_by\", \"value\": \"cachi2\"}" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/wheel@0.38.4", + "referenceType": "purl" + } + ], + "name": "wheel", + "versionInfo": "0.38.4" + } + ], + "relationships": [ + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-release-engineering-retrodep-v2-b1aab99da74371f7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-DocumentRoot-Directory-.", + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-basesystem-fcabd006cb3bfe7d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-bash-a6062d7253817d9d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-filesystem-5423c4a724c69dca", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-glibc-minimal-langpack-d35bdd9cfa0b8d62", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-gpg-pubkey-6a4614b48b443e33", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-gpg-pubkey-0b9edfc7dd36b25d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-libacl-6a12891a28711ed0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-libattr-246362466b6f01d4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-libcap-e129417de8081c72", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-libgcc-492434936db2f877", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-libselinux-79db8c526f87ba3b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-libsepol-9891839d8f699944", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-ncurses-libs-31b40b2b21390159", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-pcre2-1a97d50a68b062d7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-pcre2-syntax-8f3dd37865073b05", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-redhat-release-bbf1d165194eceb0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-setup-befa3e6a19701472", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-tzdata-f21803b5b9d9adef", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro", + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-DocumentRoot-File-", + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-@types/prop-types-15.7.5-2d13fa1fda82a31e6ee9a07d7956586c1d91a3b859ff1dcfb40ccc1b4a3dd481", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-@types/react-18.0.35-b9ed72f467423072bf84280dd8d6d95b03454eb99dd7e79344fb87ae1fd9b1df", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-@types/react-dom-18.0.11-0695908f176f2057c391965487aaeb8beb94f9d61b26f9251fc5b0540c4fc5b8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-@types/scheduler-0.16.3-9203434a3e490164962e30f641d81c2a982ba1451fa895c04f8915303e36c4cd", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-abbrev-2.0.0-1894f11f2fae86ef35389ca7eddfbe9ce2f0dac015bfa94c7aa018734ba3e849", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-accepts-1.3.8-9c22f6c6130717b834f1907e0ca1fba3dc8992aea7a646991e20d6a7b61ab711", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-array-flatten-1.1.1-2bbda85f1ca7a6b3a06dd56d05d19eea3fc2b3ea9e823f5beebf430b54ed8b27", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-bar-1.0.0-59bce6cc36eb7c521941d78806369a8891afc8867b655d8624db7b0bd61c0978", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-bitbucket-cachi2-npm-without-deps-1.0.0-e35aeb8abd2f04d065c1c994ee122ed6a7986ad6856f3c0121043b14610ab051", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-bitbucket-cachi2-npm-without-deps-second-2.0.0-81c15e90a3e55924473e46c408687efffa3c2c15a8b0f93cb526ee58a8e4d831", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-body-parser-1.20.1-f1e3973bbe263c9fef6f05bb6e8c5d62863cb7723c4cdd3fcde7d305b586f781", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-bufio-None-50fdaec28e33e601d7d652bcd07106e339cb553fac4be5ff9d34de2d4cef23d8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-bytes-3.1.2-6c35d8273701bdeb00c705c04d304e774a7a084d5da577d3048bba43a2e1d6f3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-bytes-None-8a7568ccb42e145adcfbeb55d2458a82268b773075ce871653a85f1702c1759b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-cachito-npm-without-deps-1.0.0-1c721b3db1237430a73952511a72cea21d08d1ef7758c3c97fcba93e2b78eba4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-call-bind-1.0.2-2da0a76c8a0a514b03483b3e876a26e670c7d5a9215ad870bbf88a997e4bc3a7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-certifi-2022.12.7-a57cd5aa2a923c5620d6a157af0e7dd2404162d291f47d3ea58a56f7eabed47a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-charset-normalizer-3.0.1-f8d91bc6b61ba49560dd447f0c648137fe413dff7c13fe1163bd5dab9ac8f9a9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-classnames-2.3.2-ec4db75970d0c19420d3e774fa674397552c5562cac237dd908c8bacbfb4980a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-colors-1.4.0-ea7fd773e7bf8d58d09e3256c69d9a8f0c496abf24179c2c8c9146e59e3f3912", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-compress/flate-None-9d146ce55d4d1fc078246490d294ef608f72a781d19f4ed107fc1264a0ef9edf", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-compress/gzip-None-fe07f7a11777bc3223ca5dcd4418003440da1f7e5242714f1f152517421eccb7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-container/list-None-685451a0a7aee8920600cd482bffa5b155a5e0f6942b6f7d1d919f28a3f361b7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-content-disposition-0.5.4-94d613e00e5c81dcfd67143d3f081284fc1e578914e6f9579d5ba9173857520d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-content-type-1.0.5-03f124b6782e6b209a6b92909d4158dfca5fc398bc0b8dd67ccadeacbef92b59", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-context-None-b84f72d7f2b8afebda6a3b97cc840cc1c4060e6db640f1fb0af8a7231e80de7d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-cookie-0.5.0-02bcf0b2fb295a63bb9861700bd212768302566a9bcd528b5684fee4cfa29ef1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-cookie-signature-1.0.6-146f16319934f7394c628060076583d4aa8e4479d5df2d7518a44c369955d1cc", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto-None-4137aa50bb490f937ab07379bb958d9701ffb43ee2d4ca5e65eeae80d7473a1e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/aes-None-4b7159fc54e034ece944eb79bf8ec1d017435ab8cddadca9c481872c8552d88c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/cipher-None-a7b309dd8cf5ed3a31559821ada58e343d0eb22798687b651714016251447b90", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/des-None-d0c916f3a927d847872c2b5a4424b4d44f83297dfab47eb4559d632bc02a356b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/dsa-None-7ae1b92ddf8b786517ebb4a976ce5203f4df29303e13556b8f411679dad5e41f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/ecdh-None-2833a62747b8ae4cf2163a9eb58d71122a0cfcce49f8462a8bff3f52763343cf", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/ecdsa-None-aa85ddefbe331601a9108280fed8ab8f7a6619f0a7aefdda989fd5bdc66d1815", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/ed25519-None-a7a086360348d3355d530d502bdcbef8a9ce1b85051791d79aee8e94bab2d69a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/elliptic-None-42c14da5e060676ebab57f1e644e78080891dc7e7ae1524ec064d959f3391e0b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/hmac-None-90f4b32974f25c3e7fd78538df1793438e3adbbad355179229bfd2e6b323a9e3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/internal/alias-None-b72e17ed348a15d861a8d6a517507932ed428364d043e0848384e16f50b6dbe1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/internal/bigmod-None-ec1c42915ec4b13c93cd42d861596258beed863619038ba9ceba0e9738b58f50", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/internal/boring-None-0d09d6fe0d7dd4ae4bd0bd9e4571385167e8ec862caf728a974180abe1d8b910", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/internal/boring/bbig-None-1961facc167a00c28b440340bf887b0f19936f9079874528d14c4ec73f574ff6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/internal/boring/sig-None-659c3ec829cf64be18d90fc4b65595d5ff5313c7a7fc07100f5a635cda5a1c53", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/internal/edwards25519-None-5ba839623a9ec2a4153687905946eb80be776e13e454e72e925ae3100237704f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/internal/edwards25519/field-None-afc497e72afd11be31fe5a953aafa19a4959a49ac13626f8f1dada65004482df", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/internal/nistec-None-36c10db1c3639955ec3b65ac8a5416661cd6453082331c684eaf47e1a0a9f6b0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/internal/nistec/fiat-None-439c9e61a71cfce1ece26d4df703fa7dcb4d47abbedf242966c4c92f8a1e5a9e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/internal/randutil-None-2b53b3fd6ad21340a19dbb67ff5b3588ea4ce6fd1fecf8574ad61252ca32d3c0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/md5-None-f1d6ee6c4e3a6388b402c6bd50df796f699b3ad7fd831b5aae81adaf3e636178", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/rand-None-8034fbc7583154cf2c496e52e0e50888e58253e533efd316eb8f586b4e151352", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/rc4-None-3b23d9deeb0e755779c129e17aef3adc4e08759559c4723efd20f289251c9f0d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/rsa-None-c68ec47c13582cc8c6595f177564e47e5ff2bc97644558e781b309634741eed6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/sha1-None-5d04f13998510e8e9f25ac0063812b5bed581b41ab6924c0c666d159e4acbe2d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/sha256-None-8947c345384e3e9aff8009caa754be26598788ca3eab22ee61f415566937dfa6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/sha512-None-61b3f50b792f6a2b5c813528be0338152e1ff66f0e5c32c0e56fce88a70df05e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/subtle-None-fd6d520ae750dc3bfe8b5f7cff2d089598f9c36bd9b9f823be704dbac5129126", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/tls-None-dd3d7486a13d36f076ba91b65f87d99bfdf556af4370260ff08f45263d177b10", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/x509-None-748926597edd9909db834c4c4490447961675cf3227ac69b36f4b8bee494651e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-crypto/x509/pkix-None-f911e20d65ee26a0b61b8bc378bf68f5d2f9507e238de768c998fe62822f2914", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-csstype-3.1.2-f547c23e831832d43a45a76de10263e609d5e49cbc80a65365da2843d7aff728", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-dateformat-5.0.3-c314f4677cf674d970ab3fd6014f8db5e0b3fdfa2417c389392ef74cc7530bfb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-debug-2.6.9-ec2bc8ae0f128b684ba998fb9bd2b09b15fafe2a2547f8f82f1efda16b16550e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-depd-2.0.0-e3710807a07e4c99622b6be764295762cd3f5677210c95f3f4a96b79912af81a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-destroy-1.2.0-59fc0b2c22a5d75a3ef12ce42ae4d28c1d2b3645996f56fef9438c08c2cf137a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-dockerfile-parse-None-0026bbe355f42473a37c2c101676927dd90dee85ccb496b2348091c7c0d1f710", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-ee-first-1.1.1-b0a1fd3ccf6505a1e8943e940f6ffd2d57d544757365e46e62e71ccd6f3a95f1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-eggs-1.0.0-1a78b4db4303f5bb20e7708262b8af398a7d6e4d3701d18966f3bd9c7e2fa3cf", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-embed-None-3b0c4167bd021e80f33378dbb2047342f4703b3a4f98389e36f0bc0663a86ccb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-encodeurl-1.0.2-b09c2fb226276faa5522768464540ce24851adbe862b60e8822210f34143c769", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-encoding-None-a06c4a77b81ea33c968604e9b4bd258d63c9843bbbee2d4b9f380c10e9d06d69", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-encoding/asn1-None-b51419836b77ec333ff739e9946db8ae09351db3c85b9a3dafae523fa12cb051", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-encoding/base64-None-11801625e0ad51eb0da035bc0402d2e9173a5110323a018b895269a6d6f871b1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-encoding/binary-None-32b9d270662b96d2dbbec49e1678eaa7820453e21081a33a144d6ac0dc710577", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-encoding/hex-None-f1d3bff874ad8044c7582003620ba1c6ec39ce223964e7a08d18a8cd3954b8c3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-encoding/json-None-7bd68ddb07d07844137bbed30e90f4a49657448938e01c63c351b969cb02840d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-encoding/pem-None-a3311085cfa6442a830dca069711e3c8831b909c1e88cd87b41eb30c2ddf18e7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-encoding/xml-None-9be966fe2f66775f2de1c083befcfc3db7d9cf1fab030701e6faa71268cdf373", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-errors-None-2994a0ff92785ca0427da149a6e29ff4bd4ca86b759641eeca740713aa6b4aee", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-escape-html-1.0.3-f90f767c023db5382b0d48919a7e1da8ead602a918b56da5325aeb736275a52d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-etag-1.8.1-b69163297fa646fafb5b0b3163e1ff0adb4546dcb5572f6c16682f0dd70d89dc", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-express-4.18.2-9edf04cf81fd12fb830bf8f4119d58f8e41861a5463fac20e0978d1d7b92755a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-fecha-4.2.3-19b43bb464398381f95bc87ca8d57c9a11893190af81b14ba932be3046a934d5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-finalhandler-1.2.0-2d3a95b2fde0705e2c0b56ab36cec01a648af5977dbe097b9f874cb72c3f9f10", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-flit-core-3.8.0-a1699442b770ac3f746ead63946e28229d640bdf802ba25f9c4c51689371e6f8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-fmt-None-f1a19aa774307d4259395e684c08a092571c2616f5e8bf98bb11ef02b8da432f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-foo-1.0.0-b7e7aecc5dbbd0a3c7e06a21cd4752f4460f207e2534074905241c8af27f23e0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-forwarded-0.2.0-290e7770b21ed5d3e51392422f063801bbee465fa86be49828df7232895401e6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-fresh-0.5.2-39253143db3f788c24bb5b0b81f408fa6c635416bdcbcacc956edd51dfe3b3b6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-function-bind-1.1.1-05dcde660736e6875dd2d66f584ad228028eaca7fe5477f17189151b6f342ad9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-get-intrinsic-1.2.0-7d2bee525793890edff38c2514222da0267b6a6dcaf104a5e60ffe344167f1f9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/Azure/go-ansiterm-v0.0.0-20210617225240-d185dfc1b5a1-58819e71792a0906f8ef00b344a66fb53a750a60a83b0e9cf6902462b432611b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/Masterminds/semver-v1.4.2-1160d2af59246b7be80ace7615339f4f826b6de1586871b2e4e6eb2def67585b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/Masterminds/semver-v1.4.2-3ce965d3eed349e8c186769314b7aab3b8285b154906063e8478a6be9e6dabf3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/Microsoft/go-winio-v0.6.0-d1375201be7b09a009b9f06be7fc3c489b6e46a85af963efaaad69987722c598", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/cachito-testing/gomod-pandemonium-v0.1.0-2dea1c96c4851061bea0a94d800fd34a3cfbb7b7cc06c999a85958a65a37ccbe", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/cachito-testing/gomod-pandemonium-v0.1.0-b4858626e2d62d1fe94b9eafbd4569a9b62ad0dc47cc2fe50cb29599b9972719", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/cachito-testing/gomod-pandemonium/terminaltor-v1.0.0-3da8d12fd3bc541534bec9272c22d575ad899ce0d7c0a7dbefbeffa5cee11ad8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/cachito-testing/gomod-pandemonium/terminaltor-v1.0.0-d8864bb49f101f59e469c7df5ff6bb5a45a6ab6a534be17c1d6e3504d4391139", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/cachito-testing/gomod-pandemonium/weird-v0.0.0-20230417073518-0c6890c3280a-1007202fe8d39bb04484757d8072c78e390a6d16df835e2a364cffb660b9636f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/cachito-testing/gomod-pandemonium/weird-v0.0.0-20230417073518-0c6890c3280a-c94101d7adab6e667b902dff84696a6dcdf753c50232b98c42a6e627544686b7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/cachito-testing/gomod-pandemonium/where-was-i-built-v0.1.0-37c4dafb3a1b8381ba44ffeeac00226e2a6518da2b6662c343e251d951f21757", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/cachito-testing/retrodep/v2-v2.1.1-d74f886a19574ad40c9af2a6c5c62148619dd57380e90576efc81de398a2ccb2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/cachito-testing/retrodep/v2/retrodep-v2.1.1-7a627ad424ed497a60d20f1471174d2e10b7b19371247d8e01d66dce49907db4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/cachito-testing/retrodep/v2/retrodep/glide-v2.1.1-0b96cde354a75e6ed0044b30ef9fa81569063adaa077bf05002a6594d7a7a606", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/go-logr/logr-v1.2.3-5853958c7aa3424f456a39e24eca5999b7d30ba2557b3f4cf259846ca9e1a838", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/go-task/slim-sprig-v0.0.0-20230315185526-52ccab3ef572-534d57d10d628d80eb298821755c30a3d8c4aa4a8664e82206c9c7c577640335", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/google/go-cmp-v0.5.9-cd66635c1c29cce2de09ae35f3b1420d2efe5cb95ec7893b0020da956a924c5b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/google/pprof-v0.0.0-20210407192527-94a9f03dee38-f25c592867038ca2cc9a5cc1d4988b3df97b4784772f68ab59ae74c97796321a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/moby/term-v0.0.0-20221205130635-1aeaba878587-9237f389fe389bc918ffe075c360c59147590fefdbf328f3d6c7d7ebb52927fe", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/moby/term-v0.0.0-20221205130635-1aeaba878587-9dc6d3a1dd21dcb7ed5ecc77e87f4d373f5e3d7c839acb6889c76eabb0c13f57", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/onsi/ginkgo/v2-v2.9.2-02de87e32da2109c4e3002f89f4291c10edc05dbdaf98c66696d0293009df901", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/onsi/gomega-v1.27.4-6b82d57af896aeb4173a5bb22c12b07ef596cbeae38526fa64a669dc8aeb9e54", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/op/go-logging-v0.0.0-20160315200505-970db520ece7-14231968e65f8c6e81761a7f2a528bdb212e70b87a81f1a7e1eefcb9ef64fd6f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/op/go-logging-v0.0.0-20160315200505-970db520ece7-9a81205ae17e45fbc99e650b64849a48b23a7568c8e848841c9086a8d0b0e99f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/pkg/errors-v0.8.1-9f9627991aec4009db449ae2f96f6c06116666ff3b4f82dccd84c51d10dfc727", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-github.com/pkg/errors-v0.8.1-c8e423cf372ce5953d749be774ad49066f5ec6318cbe4cc089b71e7e5de386c9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-go/ast-None-d34a7b35add57b69e88d868e69de08f65380708bf2b03e92673427ba6399fdc6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-go/build-None-729d26c5410943f8215552f4ac21cc7038764e054ca60295e680afb03f25129f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-go/build/constraint-None-c5a58600325ff4bf595fd7d3b5cf73c4a390b9a945092901868b4f121c2367c3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-go/doc-None-27854d91ed2d04e8de4d4e0c62bc87ae1675a27e35f881ba930aad7dcc03fdda", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-go/doc/comment-None-0eb990b44e156a3578853ceaaba8f196b0db22d4ef2ff818e4a2b3045b34968d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-go/internal/typeparams-None-d039f3851188a225b5ce113591179fc236481006e0266326e24b7075dddcbb40", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-go/parser-None-11f6a8661d038319cb52c595fe3505e3e84ad8f4ab4e6d441e9ef31793181a46", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-go/scanner-None-3ccd1c3548bdb796f3df1c5dd5db6bb0fa5a203d9753f64056fe0d5704d9465a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-go/token-None-ff113be2a399bf8a815f1e294191a68868e037d38a78eaed8697702f9ea240ec", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-golang.org/x/mod-v0.9.0-bc2d1ce57f5057fdb5fbdc2b334fd2a64bf5512633955fb313b0017364804bd4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-golang.org/x/net-v0.8.0-2faecd5d0dc227bcd0c30c0f5821cc12e293aacd3400fdd65c5f3027048ac014", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-golang.org/x/sys-v0.6.0-f175144385992277f9e80afbb03e532726173b255df38f82841c93ca31bc4078", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-golang.org/x/sys/execabs-v0.6.0-aaab508709bce7d883f9f24aeac7a71463d7f0a9d4984617b35a268c111fe60b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-golang.org/x/sys/unix-v0.6.0-cf08060aa29fe9a9565026c1b4693b7f73ebf9a60b6e977a50b3a95607e2c0b0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-golang.org/x/text-v0.8.0-e01ce2057484987e7f043facb664dafcbbced83625fc3d6fe5293f58f3062088", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-golang.org/x/tools-v0.7.0-1b7c3cd560dc750f0d0e7c7c2b57a72bd92a1f55658ca4d94ff09ece1df4d55a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-golang.org/x/tools/go/vcs-v0.7.0-1283820cd8cffe696b322ac38709ec2f338e6ec5aa31cbd0aba96fc7d0cc2fe5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-gopkg.in/yaml.v2-v2.2.2-2f321c248ff1cb791e6afb8f6013303004b317fb852ef16509077a787cbeeb39", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-gopkg.in/yaml.v2-v2.2.2-c011779fe2b103d1a83845ea1b45dbea5829132a2e5dcb631b6e9460bf7e23b1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-gopkg.in/yaml.v3-v3.0.1-bdd07f97b77a6a7f760cce5f45ab63b470a43de6983a88c0bfd4b6258dc7dcb9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-has-1.0.3-bf8dfc909a0a6d27780fd03a1cd8eb497a217174835a5b8619120c0858444860", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-has-symbols-1.0.3-db2f666c771d3f1a665b54ae840844bdb2b6f1aa5631f383673d06180b9f5ade", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-hash-None-b0296e2e3c833c14595a8d1d1cb10a53825bd771b5a9c86b666bd91faea10729", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-hash/crc32-None-c2fc4cb71cbf1e97f8ba9555d2d41b260d0a912927f7ab202725b4012163e25b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-http-errors-2.0.0-1ccab6a096615c69b07104a5b332f81d5ed5cd2b6d49120096bd1ba132a22ee8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-iconv-lite-0.4.24-fa93cdd43edb51240c414b8a6ec41ef5b614480ddcf20b1fa8b0ed9bcd3fa2d1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-idna-3.4-8ed4181b079bf31ce5d74f20500d49dc9004025ae824fd0892fa5efd6c834fb1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-inherits-2.0.4-5b15d59c03d2b532947513de6aabd11e052a2e7e662eb1723e5dc05c212e39d7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/abi-None-e9bf8f9b9b7604516c803ee364c89d58c5cb5e034e88129ac352de0d947062bf", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/buildcfg-None-b2aab7b59f90ab1bac8732e4c84cb8a8dd7ebc3e8f66f29efc7d01d29071549b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/bytealg-None-00e7703f624b015b9a0b00aae1d124611995c0db0cbe8a3b99301d0d46115217", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/coverage/rtcov-None-533afe8b86dd0d88975c72d08d054a6db8f46dbdb589fe1eb867ef2d12ca6a8f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/cpu-None-42d4b2788f136ee992dea15d4d5ea5e651df2e03325eec2f5bc2dcd89b1f2698", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/fmtsort-None-ccbfda59765250452128abb3427e52d01ccdbf30e8e23c364e88cd17bac396c5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/goarch-None-59e1c82486ebde860ef219d0a4a2a1f0f883e1b9dd5bc7ef915a280f5e7b5388", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/godebug-None-406b22de31b59897d17fa17efc1a686f6ac994809ea94d8e8bc353d8d63f8613", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/goexperiment-None-22e8c82d9ef866ee1ec7b2c637de456655ea2796ac0c47bdf21736ad29425cc9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/goos-None-be72ba0bd9e073695bc479d05f46f94959841540249640a3002af8dc2b5214fd", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/goroot-None-2faa4afb2e7dd49b1c629532758d3f03489018a1e77b6c7132f7b1c389143f80", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/goversion-None-4872d02f6c3e6028355182e68442394a9b77a7450d6efe1454672e8be50cf17d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/intern-None-9dc058fb0fbef857345574c966952fe27df2396e517654b87ac73585842e8569", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/itoa-None-251330730123eb816338069eb3d3eb574f71be8a0891266a63bcfd3394b4c7fd", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/lazyregexp-None-b9e28b3cffc457b34bfc89bde65bef9bdfa7290667106021729c60978237f1bb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/nettrace-None-cd55cbc06d1f48ac1000330d6d26475c72381aac19b187928b984c78cedbaa6d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/oserror-None-737110d8ef939aad4e7374a26e8cee0b37ef4b1b2900ad9fcedfe06886243957", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/poll-None-5062d2227afbbab4478471c9cdb74550798d8ef0c83d716f575a1c71ae739a86", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/race-None-ecf278b204f42be1dffdb2518f982739db2f1fa4a41519e9bb1aafc535430b58", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/reflectlite-None-0130ba0b61c50e534eb4589345e62a04e7faa6e69cf7386641e062ca5246044e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/safefilepath-None-9e1ef1731e35129425d26a5254c34180669a68ae6bbc1ae4d67ac012eb8a90f6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/singleflight-None-4c9f5e65b604548320072fac39fcb3d671fa1ea01c968eca0d42c5d74a5af21f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/syscall/execenv-None-c1541a0559d19f03be87ee5391ab59ae16dc1ac0a18305a95976403ac67d4dfc", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/syscall/unix-None-4cc0fd820d1f97686fc80257c743f2c5203b642e294e38538e8657f4fd2241b8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/testlog-None-de80b247df32030fc72c24839ac09d1828f823d14f030136a13234e4341d7e8e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-internal/unsafeheader-None-85767a17fdfd2e6ad7147303f8a27bd049f17e57a960332bf0312da2c1a4afc3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-io-None-6c7a8c3b50224f00ac215c02c8fa0fc56abf06c501fa1e34d7e736ce578c0ff6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-io/fs-None-e1cc32e1c9b61aeed432ef90fe18c86dc539417a18476f58affc7d8059d35bfc", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-io/ioutil-None-96965bb655e4c4512ab37ed042509f762d7a2481f983652dd25ed2dcc4a29335", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-ipaddr.js-1.9.1-b2fa347461b0533601326c24b23d066734cffb1075bfe723182faab5bba9d804", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-is-positive-3.1.0-4716c87fda6843403486a0ea317561a7a3188fb04f6c5fadea411cb22202e101", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-log-None-7f013a0a47929d2cb716cede42c4d88946a61ab03f1e7f79aa06268b21a62626", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-log/syslog-None-dff81bb3e9d2e52734ccc2a8860046f16fa574f869281854c34d05bd7ce3613e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-math-None-eaf7850a09ee7619e7cb7156bb57144fd906b25cb1d3b7a68c104c7be9006662", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-math/big-None-ea6408dbb3a7a85bd2d1a385adf5e6db52f1b34eea578f85b51022d1b1b20a2f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-math/bits-None-9191b5cdac727fa3c1ad695495bb7b1bea72504b8757ba14091e0dea757268ac", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-math/rand-None-a0c4b45dd5f2792e5216888b63bd47a2ebb250fb489b1bc74680c502cbf4daad", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-media-typer-0.3.0-b967b658724ab58909c115f6d003abe6fef09941877fd9cccf26290b7bcff81f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-merge-descriptors-1.0.1-4a59755685696af573d3f6b5b233fba1b1e866616a12a85cdb273a86f4549775", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-methods-1.1.2-3837727455fbd4c44e4b91430fd17aa95be768f4b4e198b86ec88ec390392d91", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-mime-1.6.0-37d7f8fe4141c58b0813444bb3111999b33fb1b4c1644a92ec0428e2e945eec7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-mime-None-a01968977ebf83ae88ffda90e4e9a19db82a4c34957a9ab0733ffa45a0089aad", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-mime-db-1.52.0-9876a9da4499ff91b540f8f9bbd103cb049f2f1b331c29fcceeaa29b9a485528", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-mime-types-2.1.35-54675c038cfff25f571d7fd746be730a600f223eef00ed4f8d4c12dbaf3085d9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-mime/multipart-None-f76bc9569dc84104606f24165ccc4d6449545bc6fb8711981deecf6913e6ee2f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-mime/quotedprintable-None-27acabe50017bab18f73cc358fc615c84633900b20aa8740e744c673d76d5dab", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-ms-2.0.0-38c53561eed16438b2fde00179d07b8731b617d4a2e2dc9ee80e34ba402f6938", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-ms-2.1.3-9177646ae782a3d460ddd9398bfe12380b2ba88127ba06ad19ed9499b4a438f9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-negotiator-0.6.3-8ae431701f3858e125afdf2c152ffe8a63a6fe0e20205c66d3ff35de742be6b0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-net-None-399ebbe833d45f60535b3418296b8b0da567bc27bc6530fff726d28aa4e37d74", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-net/http-None-75d4a324535b915eb5512276ee643692b7890af00d68435c523b41c1613b7f3a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-net/http/httptrace-None-21b89c9f9385548695da242b4b7c7e5258f27d1c2e4c0750771875fbdbeab91c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-net/http/internal-None-2414d2e978a0d89593d319cb17114cd5b1f219285c3b0d65252262b4be6986c7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-net/http/internal/ascii-None-c54daf5e9619431df040d7fc0dbcb787223b4345738a2e2a7465d12690e66fb2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-net/netip-None-32ff85ffae2b961d720aeb44fa83d429557565714f20f63b085d5843a8ff9b7a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-net/textproto-None-9e77d202b002a3aa8e8d63943ba2e136f1dbb2ecf0dba24bca1dd3309c716b28", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-net/url-None-5ab666245d0535b71d9e6bed725b2204ec599a72a8353b7cc9e37636d1f3c103", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-not-baz-1.0.0-227266aa69ece398c90192708f2738ec5d37ff5a474f343bc9f1bda34e449c5d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-npm_test-1.1.0-b7f778b4b7de0bb6a51db30f7dfb79b5166d2fa051d04e40f3820fd88d03324c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-object-inspect-1.12.3-f47cd7182218ad0e1859508077cf1d5324491726fee8a251f9940f789d6ed7a1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-on-finished-2.4.1-6d2ea6cb125c29592f15a9badb2de04a18fe55b8258b143d4cd1026ccd70be51", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-os-None-7861f8f9c8e2dfa2e902eef8379dd992fd79b009cb6388a22982ba2565a3a6b2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-os/exec-None-3885aafdb6c44787b718149cb035be05c73054259c81c4649f47eb495200d6b5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-parseurl-1.3.3-f072bfdc47f60d4d137306c960d3962a440ae13a205eb06fe0bc681b9ab48914", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-path-None-99b59def89a54055c3e6154165afa5dc48d9dd881c2064e35174b3bfaa13974b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-path-to-regexp-0.1.7-47b831656513ab0fd4589bf9592ccf717f146fa879c1611bf0614de58e19bf40", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-path/filepath-None-b8880c13ebe0194e38aad0757c4c45ab94802d71f947da8d97847b7c6ba49c59", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-proxy-addr-2.0.7-11d271374c4ac9c0bdaf85c70c9d45b7a71a4e4c977c8db41009545a9a04795f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-qs-6.11.0-82ca49f1b909d51b59ed8f47b135247970b5123cd270011290e196fde0462931", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-range-parser-1.2.1-9ce2c23a0f6652dbf4f71b6615d18275cb65d378ad4fe2570729b3130ce511f9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-raw-body-2.5.1-792f351f90ab19a67f913a0aec33598dc2c15627c538937e19bf4aa68882cb09", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-reflect-None-9a955f305e05fdd31b17ccb1d1ced397f70ab526671058e569a261a951af4b90", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-regexp-None-d473e7c324c57d67860eeb61c277018ef331cd1a88542503d5e46eeefc60e776", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-regexp/syntax-None-9c5ed35e04ca5dc40ae22e97a2842579f0870d2b7e7e0729b1fe67188b3a20c1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-requests-2.28.2-526bfa020f831d53fefa504db1971000b066b39602278b55b89534b40ee374fd", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-runtime-None-95f4c7777de104f01db95739031d028d21b9eea0ae0dbda9eef7466f94afa3f0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-runtime/cgo-None-6f567958057bd49b8f659eb2a7560168ec43a1bcdb74a71b01f079de4a97fbd8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-runtime/internal/atomic-None-89f5570ef95986df4d9bcd40be7bb37b9c95997cdacaff8c3b34f29544a9beaa", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-runtime/internal/math-None-ddfc379809d7ed455bef2efeca421ff7b3ed4acedf5c10231e211454a58bd18b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-runtime/internal/sys-None-1ddcc4e84542227f6b61424f1eeb826e450505f710a3394a8c25582668a2062a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-runtime/internal/syscall-None-9fdf4b93aa94f7e6579a15cd67bbbf86196358f26fc70b1c04d7477af13c99f5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-safe-buffer-5.2.1-261a4c176907a47c47f63060bcc003b93800d864f8a38911f76d2273329321e1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-safer-buffer-2.1.2-fc42b41ac695bc353dc5effd8f1e77593d3e6114290d2f6d698254e4c4321600", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-sax-0.1.1-80ef687cd5cbaa12ea192acd42bde81614b8650be18c1091533f7369d704faa2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-send-0.18.0-76def8bc1d25c9db16cb5293344ab0b49ea8631e24bac9e079b878916b9a3cf8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-serve-static-1.15.0-fdd6747beb95d9c65aef2bfc6247fda9c1a26585928008ead83b507ab866f109", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-setprototypeof-1.2.0-b8c47959b5627ede0c91f0fd952c364c88d16123e4b079a7cb171a5d17650cd4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-setuptools-67.1.0-6e61b9bbcbc780a9d258d9b2e16d1449dadaac4ff738bc7675e42c655faca538", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-side-channel-1.0.4-c6ede974dcd2aeec29ab9e8ef17f3150e2e6000cd496ddb55cb1eb5351039342", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-sort-None-0b8e6b81bb6644cb79cdf8911e86c39d8be9ccfbc14cd87fa438959662eccf70", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-spam-1.0.0-0943e6f0bc84b43ce1da5d0aa24da04e82fd5c4d0d80ae8e730b5344e0e34faa", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-statuses-2.0.1-d3d359f03ec7e5f27a8b6a75ac209c06a6d7da76aae1cbcbd2868436439a6c2f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-strconv-None-9608f50df7493944c92c5a9c6c2bbb859271e74bb255a128c16de777a6ccae32", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-strings-None-d1ecb450a30252ad261c7f69c481d55204b24e385a70fe091e94a5c64728c17a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-sync-None-96d0b290269d417115f37e7187333605d7c713561fe7e39432360b76b60ff821", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-sync/atomic-None-5785933a83faf80ba2a4e02d9d3f171e70393e42520ff562834d8f972db36cfa", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-syscall-None-1ea973160a6b6283a492c2774d044f3e5910fbc3d0fc9d1b8c2bcb476e6e27e5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-test_package_cachi2-1.0.0-f5bfef72c137ebb321c27ce7b8c71ac929e415f821bf501206833ec6b9f62b45", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-time-None-94157eee9cf0119380f34c0b022b66e631768f69d1f6fbdcf9f3182fc378aa7b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-toidentifier-1.0.1-6c73575a4de10e05fca2979e41c226a3e58dd63ec0dbe60480e519494195663c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-type-is-1.6.18-bfdf2d355f51adb427ad64a27701365aeefad65d0ea471f36c7bb887a7514849", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-unicode-None-13554101a27f5cb4261a5f37d2ee9615b3181b8f40050afe0d1586c6c68ba356", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-unicode/utf16-None-16f1aba8788f5cee11b523cf6cd2e6fd33bdcff234d37240aae5c889da38ad1c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-unicode/utf8-None-269bbb94230a4aa5b586dffc9c15a0ed7b7fc76ddcb218689e073becf3789664", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-unpipe-1.0.0-2e2509688d8b9b842cb74912b6f25c4e9e9bf99d2f4e28134bb241709e249236", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-unsafe-None-7824706ac8e16251ee849c71484ce4cf8ee4f9007f3075de5f45df3c793933bb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-urllib3-1.26.14-1cb9ebcba75d80bd3ee5e828b47f908066d763475086152c9e651b3319e6b120", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-utils-merge-1.0.1-da9a0b187ae52f9c7ce3aeb96b1647d54bd17dee043bc1a22896d4aced968e9c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-uuid-9.0.0-3b6efe3c30f3e8210affd072a7838ae4e8de22b69a7cc19953e9594ca97c9214", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vary-1.1.2-dd8f0457e50a7cd3a71255859f29b529db219b42c2308be0d3bb2bfa51acd224", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/crypto/chacha20-None-4f0ece9420409df54b3d0fa1eafeaa327b78a920ad2cfdc6cccdecac967c7fde", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/crypto/chacha20poly1305-None-0bbb65aa26ea438f8ec5db9ef44985dd04a4d7593842ae7d5879b7464c0414c2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/crypto/cryptobyte-None-dad08431578d2388d1bc07ff910fc5a7e8edb8ce9aa43252621a9d1a6cb9eed9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/crypto/cryptobyte/asn1-None-427eb362e8ffddc01ba6b1f15fa8059fb4ff5ebf25e37ff389a7b965c5c00e32", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/crypto/hkdf-None-88b5a07b0ba8afe3a4a6f4fa51c028a37d907630d508d7d3d6b232f5891e0c86", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/crypto/internal/alias-None-4395de82d42aac19662285b212d0e1426608000c4547135f6b21d3bdb739b989", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/crypto/internal/poly1305-None-64300d1d564249fedee9f26d894a8824443ab337f00753b9bef2b4859514eddf", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/net/dns/dnsmessage-None-6414d79d71bd3048482f73f7a4903a35d1ec431a5127660fcf3980f09499398d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/net/http/httpguts-None-e36712132c749b18c581ed4fba456e3cea20c8018fc0e1137f7b2577c1e5a04c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/net/http/httpproxy-None-981f57eb93ba94fdea568a8e440422363f3a56ee745e3e504127a36b44ec2d68", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/net/http2/hpack-None-f09ec956d218ef524c5c35541426d5afca145dda96c1863747d85843feb5eeba", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/net/idna-None-db6486c7e9f66df3c774b335ab0e8779dca0a284da0b5d5133c20d5b396e1e16", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/sys/cpu-None-fff45ff8a23684e4ba82a21914e5418abe0d79156f3d0d8f33925961edde6d19", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/text/secure/bidirule-None-0800f037bbd309d6c570ce855ebbb2eff9be9e7d55c7e9a88e43ed7d4edeae02", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/text/transform-None-cbdc93a92d77e7a164c809f251cd6571bc331a1cded63fd7ae4d7bb892813199", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/text/unicode/bidi-None-693b708536caf52f89dd75d8947467f4704bfc62c582c9fd91e90cc997f9caa6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-vendor/golang.org/x/text/unicode/norm-None-8eb33cca1c9d290b1b54d1a6aab69c94850137606ab6b2f5161e5791302ed95c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + }, + { + "comment": "", + "relatedSpdxElement": "SPDXRef-Package-wheel-0.38.4-606bf02cfffccacd2677c454d0b8df4350fb5264adf89c37cd32e7128158ea9f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-File-" + } + ], + "spdxVersion": "SPDX-2.3" +} diff --git a/sbom-utility-scripts/scripts/merge-sboms-script/test_data/spdx/syft-sboms/gomod-pandemonium.bom.json b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/spdx/syft-sboms/gomod-pandemonium.bom.json new file mode 100644 index 0000000..f9a1a39 --- /dev/null +++ b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/spdx/syft-sboms/gomod-pandemonium.bom.json @@ -0,0 +1,1159 @@ +{ + "SPDXID": "SPDXRef-DOCUMENT", + "creationInfo": { + "created": "2024-12-18T11:28:00Z", + "creators": [ + "Organization: Anchore, Inc", + "Tool: syft-1.4.1" + ], + "licenseListVersion": "3.23" + }, + "dataLicense": "CC0-1.0", + "documentNamespace": "https://anchore.com/syft/dir/syft-sboms-b66779b6-6e20-4128-9fad-da28250a1b82", + "files": [ + { + "SPDXID": "SPDXRef-File-go.mod-3fc5a8d3d86e9790", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "copyrightText": "", + "fileName": "/go.mod", + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-terminaltor-go.mod-2432707e94a3fa2f", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "copyrightText": "", + "fileName": "/terminaltor/go.mod", + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + } + ], + "name": ".", + "packages": [ + { + "SPDXID": "SPDXRef-Package-go-module-.-terminaltor-fb7b11a4b3fddcb6", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/./terminaltor", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "./terminaltor", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-go-module-.-weird-ab3afc436e9979e6", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/./weird", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "./weird", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-Azure-go-ansiterm-e56101171f13c2dd", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:Azure:go-ansiterm:v0.0.0-20210617225240-d185dfc1b5a1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:Azure:go_ansiterm:v0.0.0-20210617225240-d185dfc1b5a1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/Azure/go-ansiterm@v0.0.0-20210617225240-d185dfc1b5a1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/Azure/go-ansiterm", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.0.0-20210617225240-d185dfc1b5a1" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-Azure-go-ansiterm-2a664fb25458fc56", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:Azure:go-ansiterm:v0.0.0-20210617225240-d185dfc1b5a1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:Azure:go_ansiterm:v0.0.0-20210617225240-d185dfc1b5a1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/Azure/go-ansiterm@v0.0.0-20210617225240-d185dfc1b5a1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/Azure/go-ansiterm", + "sourceInfo": "acquired package info from go module information: /terminaltor/go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.0.0-20210617225240-d185dfc1b5a1" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-Masterminds-semver-354d8d82b2da8793", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:Masterminds:semver:v1.4.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/Masterminds/semver@v1.4.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/Masterminds/semver", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v1.4.2" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-Microsoft-go-winio-c2a50d97cb0e4bfc", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:Microsoft:go-winio:v0.6.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:Microsoft:go_winio:v0.6.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/Microsoft/go-winio@v0.6.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/Microsoft/go-winio", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.6.0" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-cachito-testing-gomod-pandemonium-terminaltor-146c86ecdbb0cfe7", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-testing:gomod-pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-testing:gomod_pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_testing:gomod-pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_testing:gomod_pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito:gomod-pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito:gomod_pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/gomod-pandemonium@v0.0.0#terminaltor", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/cachito-testing/gomod-pandemonium/terminaltor", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.0.0" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-cachito-testing-gomod-pandemonium-weird-fa2ffebd22241e0d", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-testing:gomod-pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-testing:gomod_pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_testing:gomod-pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_testing:gomod_pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito:gomod-pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito:gomod_pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/gomod-pandemonium@v0.0.0#weird", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/cachito-testing/gomod-pandemonium/weird", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.0.0" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-cachito-testing-retrodep-v2-6db993d8ef0e368a", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-testing:retrodep\\/v2:v2.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_testing:retrodep\\/v2:v2.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito:retrodep\\/v2:v2.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/retrodep@v2.1.1#v2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/cachito-testing/retrodep/v2", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v2.1.1" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-go-logr-logr-b07c55dbe14eb54f", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go-logr:logr:v1.2.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go_logr:logr:v1.2.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go:logr:v1.2.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/go-logr/logr@v1.2.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/go-logr/logr", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v1.2.3" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-go-task-slim-sprig-09ce847851ef4807", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go-task:slim-sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go-task:slim_sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go_task:slim-sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go_task:slim_sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go:slim-sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go:slim_sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/go-task/slim-sprig@v0.0.0-20230315185526-52ccab3ef572", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/go-task/slim-sprig", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.0.0-20230315185526-52ccab3ef572" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-google-go-cmp-c2740da0f3c011dc", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:google:go-cmp:v0.5.9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:google:go_cmp:v0.5.9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/google/go-cmp@v0.5.9", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/google/go-cmp", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.5.9" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-google-pprof-768bdea76795da5e", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:google:pprof:v0.0.0-20210407192527-94a9f03dee38:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/google/pprof@v0.0.0-20210407192527-94a9f03dee38", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/google/pprof", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.0.0-20210407192527-94a9f03dee38" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-moby-term-16768dd257ca9ea1", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:moby:term:v0.0.0-20221205130635-1aeaba878587:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/moby/term@v0.0.0-20221205130635-1aeaba878587", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/moby/term", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.0.0-20221205130635-1aeaba878587" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-moby-term-555434403d475809", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:moby:term:v0.0.0-20221205130635-1aeaba878587:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/moby/term@v0.0.0-20221205130635-1aeaba878587", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/moby/term", + "sourceInfo": "acquired package info from go module information: /terminaltor/go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.0.0-20221205130635-1aeaba878587" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-onsi-ginkgo-v2-dbe722f079d05fed", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:onsi:ginkgo\\/v2:v2.9.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/onsi/ginkgo@v2.9.2#v2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/onsi/ginkgo/v2", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v2.9.2" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-onsi-gomega-33a8824de4d78c9f", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:onsi:gomega:v1.27.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/onsi/gomega@v1.27.4", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/onsi/gomega", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v1.27.4" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-op-go-logging-d053202ebaedc3aa", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:op:go-logging:v0.0.0-20160315200505-970db520ece7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:op:go_logging:v0.0.0-20160315200505-970db520ece7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/op/go-logging@v0.0.0-20160315200505-970db520ece7", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/op/go-logging", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.0.0-20160315200505-970db520ece7" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-pkg-errors-e9a30d103cc846e1", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pkg:errors:v0.8.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/pkg/errors@v0.8.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/pkg/errors", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.8.1" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-release-engineering-retrodep-v2-b1aab99da74371f7", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:release-engineering:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:release_engineering:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:release:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/release-engineering/retrodep@v2.1.0#v2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/release-engineering/retrodep/v2", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v2.1.0" + }, + { + "SPDXID": "SPDXRef-Package-go-module-golang.org-x-mod-23b7926420819455", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:golang:x\\/mod:v0.9.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/mod@v0.9.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "golang.org/x/mod", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.9.0" + }, + { + "SPDXID": "SPDXRef-Package-go-module-golang.org-x-net-22fa1122214f7ae2", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:golang:networking:v0.8.0:*:*:*:*:go:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/net@v0.8.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "golang.org/x/net", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.8.0" + }, + { + "SPDXID": "SPDXRef-Package-go-module-golang.org-x-sys-bf14db941e01d41c", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:golang:x\\/sys:v0.6.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/sys@v0.6.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "golang.org/x/sys", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.6.0" + }, + { + "SPDXID": "SPDXRef-Package-go-module-golang.org-x-sys-16865a35dc8ec832", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:golang:x\\/sys:v0.6.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/sys@v0.6.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "golang.org/x/sys", + "sourceInfo": "acquired package info from go module information: /terminaltor/go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.6.0" + }, + { + "SPDXID": "SPDXRef-Package-go-module-golang.org-x-text-5f5f28df2a89cd2b", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:golang:text:v0.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/text@v0.8.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "golang.org/x/text", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.8.0" + }, + { + "SPDXID": "SPDXRef-Package-go-module-golang.org-x-tools-f249a74f177d2a78", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:golang:x\\/tools:v0.7.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/tools@v0.7.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "golang.org/x/tools", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.7.0" + }, + { + "SPDXID": "SPDXRef-Package-go-module-gopkg.in-yaml.v2-c743bd971b07bf7f", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/gopkg.in/yaml.v2@v2.2.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "gopkg.in/yaml.v2", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v2.2.2" + }, + { + "SPDXID": "SPDXRef-Package-go-module-gopkg.in-yaml.v3-716c668b92999095", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:yaml_project:yaml:v3.0.1:*:*:*:*:go:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "gopkg.in/yaml.v3", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v3.0.1" + }, + { + "SPDXID": "SPDXRef-DocumentRoot-Directory-.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": ".", + "primaryPackagePurpose": "FILE", + "supplier": "NOASSERTION" + } + ], + "relationships": [ + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-go.mod-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-go-task-slim-sprig-09ce847851ef4807" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-go.mod-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-cachito-testing-gomod-pandemonium-terminaltor-146c86ecdbb0cfe7" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-go.mod-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-moby-term-16768dd257ca9ea1" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-terminaltor-go.mod-2432707e94a3fa2f", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-golang.org-x-sys-16865a35dc8ec832" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-go.mod-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-golang.org-x-net-22fa1122214f7ae2" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-go.mod-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-golang.org-x-mod-23b7926420819455" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-terminaltor-go.mod-2432707e94a3fa2f", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-Azure-go-ansiterm-2a664fb25458fc56" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-go.mod-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-onsi-gomega-33a8824de4d78c9f" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-go.mod-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-Masterminds-semver-354d8d82b2da8793" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-terminaltor-go.mod-2432707e94a3fa2f", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-moby-term-555434403d475809" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-go.mod-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-golang.org-x-text-5f5f28df2a89cd2b" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-go.mod-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-cachito-testing-retrodep-v2-6db993d8ef0e368a" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-go.mod-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-gopkg.in-yaml.v3-716c668b92999095" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-go.mod-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-google-pprof-768bdea76795da5e" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-go.mod-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-.-weird-ab3afc436e9979e6" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-go.mod-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-go-logr-logr-b07c55dbe14eb54f" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-go.mod-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-release-engineering-retrodep-v2-b1aab99da74371f7" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-go.mod-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-golang.org-x-sys-bf14db941e01d41c" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-go.mod-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-google-go-cmp-c2740da0f3c011dc" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-go.mod-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-Microsoft-go-winio-c2a50d97cb0e4bfc" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-go.mod-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-gopkg.in-yaml.v2-c743bd971b07bf7f" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-go.mod-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-op-go-logging-d053202ebaedc3aa" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-go.mod-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-onsi-ginkgo-v2-dbe722f079d05fed" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-go.mod-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-Azure-go-ansiterm-e56101171f13c2dd" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-go.mod-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-pkg-errors-e9a30d103cc846e1" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-go.mod-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-golang.org-x-tools-f249a74f177d2a78" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-go.mod-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-cachito-testing-gomod-pandemonium-weird-fa2ffebd22241e0d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-go.mod-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-.-terminaltor-fb7b11a4b3fddcb6" + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-.-terminaltor-fb7b11a4b3fddcb6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-.-weird-ab3afc436e9979e6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-Azure-go-ansiterm-e56101171f13c2dd", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-Azure-go-ansiterm-2a664fb25458fc56", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-Masterminds-semver-354d8d82b2da8793", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-Microsoft-go-winio-c2a50d97cb0e4bfc", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-cachito-testing-gomod-pandemonium-terminaltor-146c86ecdbb0cfe7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-cachito-testing-gomod-pandemonium-weird-fa2ffebd22241e0d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-cachito-testing-retrodep-v2-6db993d8ef0e368a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-go-logr-logr-b07c55dbe14eb54f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-go-task-slim-sprig-09ce847851ef4807", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-google-go-cmp-c2740da0f3c011dc", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-google-pprof-768bdea76795da5e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-moby-term-16768dd257ca9ea1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-moby-term-555434403d475809", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-onsi-ginkgo-v2-dbe722f079d05fed", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-onsi-gomega-33a8824de4d78c9f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-op-go-logging-d053202ebaedc3aa", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-pkg-errors-e9a30d103cc846e1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-release-engineering-retrodep-v2-b1aab99da74371f7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-golang.org-x-mod-23b7926420819455", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-golang.org-x-net-22fa1122214f7ae2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-golang.org-x-sys-bf14db941e01d41c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-golang.org-x-sys-16865a35dc8ec832", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-golang.org-x-text-5f5f28df2a89cd2b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-golang.org-x-tools-f249a74f177d2a78", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-gopkg.in-yaml.v2-c743bd971b07bf7f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-gopkg.in-yaml.v3-716c668b92999095", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-DocumentRoot-Directory-.", + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT" + } + ], + "spdxVersion": "SPDX-2.3" +} diff --git a/sbom-utility-scripts/scripts/merge-sboms-script/test_data/spdx/syft-sboms/npm-cachi2-smoketest.bom.json b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/spdx/syft-sboms/npm-cachi2-smoketest.bom.json new file mode 100644 index 0000000..ded9c00 --- /dev/null +++ b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/spdx/syft-sboms/npm-cachi2-smoketest.bom.json @@ -0,0 +1,4161 @@ +{ + "SPDXID": "SPDXRef-DOCUMENT", + "creationInfo": { + "created": "2024-12-18T11:28:00Z", + "creators": [ + "Organization: Anchore, Inc", + "Tool: syft-1.4.1" + ], + "licenseListVersion": "3.23" + }, + "dataLicense": "CC0-1.0", + "documentNamespace": "https://anchore.com/syft/dir/syft-sboms-b66779b6-6e20-4128-9fad-da28250a1b82", + "files": [ + { + "SPDXID": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "copyrightText": "", + "fileName": "/package-lock.json", + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + } + ], + "name": ".", + "packages": [ + { + "SPDXID": "SPDXRef-Package-npm--types-prop-types-38e27e44d41f52ce", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/@types/prop-types/-/prop-types-15.7.5.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/prop-types:\\@types\\/prop-types:15.7.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/prop-types:\\@types\\/prop_types:15.7.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/prop_types:\\@types\\/prop-types:15.7.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/prop_types:\\@types\\/prop_types:15.7.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/prop:\\@types\\/prop-types:15.7.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/prop:\\@types\\/prop_types:15.7.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/%40types/prop-types@15.7.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "@types/prop-types", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "15.7.5" + }, + { + "SPDXID": "SPDXRef-Package-npm--types-react-32822b9f11e1589a", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/@types/react/-/react-18.0.35.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/react:\\@types\\/react:18.0.35:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/%40types/react@18.0.35", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "@types/react", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "18.0.35" + }, + { + "SPDXID": "SPDXRef-Package-npm--types-react-dom-4c4ba8dfb825b32d", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/@types/react-dom/-/react-dom-18.0.11.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/react-dom:\\@types\\/react-dom:18.0.11:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/react-dom:\\@types\\/react_dom:18.0.11:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/react_dom:\\@types\\/react-dom:18.0.11:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/react_dom:\\@types\\/react_dom:18.0.11:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/react:\\@types\\/react-dom:18.0.11:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/react:\\@types\\/react_dom:18.0.11:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/%40types/react-dom@18.0.11", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "@types/react-dom", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "18.0.11" + }, + { + "SPDXID": "SPDXRef-Package-npm--types-scheduler-9d26bede47ebfeea", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/@types/scheduler/-/scheduler-0.16.3.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/scheduler:\\@types\\/scheduler:0.16.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/%40types/scheduler@0.16.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "@types/scheduler", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "0.16.3" + }, + { + "SPDXID": "SPDXRef-Package-npm-abbrev-3be56342a35f1f05", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/abbrev/-/abbrev-2.0.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:abbrev:abbrev:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/abbrev@2.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "abbrev", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-accepts-931d209532cf2470", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:accepts:accepts:1.3.8:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/accepts@1.3.8", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "accepts", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.3.8" + }, + { + "SPDXID": "SPDXRef-Package-npm-array-flatten-03addc097d0a6218", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:array-flatten:array-flatten:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:array-flatten:array_flatten:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:array_flatten:array-flatten:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:array_flatten:array_flatten:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:array:array-flatten:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:array:array_flatten:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/array-flatten@1.1.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "array-flatten", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.1.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-bar-66cc4304f82b84df", + "copyrightText": "NOASSERTION", + "downloadLocation": "bar", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bar:bar:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/bar", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "bar", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-npm-bar-9cc7c48b54214fa1", + "copyrightText": "NOASSERTION", + "downloadLocation": "NONE", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bar:bar:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/bar@1.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "ISC", + "name": "bar", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-bitbucket-cachi2-npm-without-deps-06b6ba58ac830af0", + "copyrightText": "NOASSERTION", + "downloadLocation": "git+ssh://git@bitbucket.org/cachi-testing/cachi2-without-deps.git#9e164b97043a2d91bbeb992f6cc68a3d1015086a", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/bitbucket-cachi2-npm-without-deps@1.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "bitbucket-cachi2-npm-without-deps", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-bitbucket-cachi2-npm-without-deps-second-2beab3450e977bf2", + "copyrightText": "NOASSERTION", + "downloadLocation": "git+ssh://git@bitbucket.org/cachi-testing/cachi2-without-deps-second.git#09992d418fc44a2895b7a9ff27c4e32d6f74a982", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps-second:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps-second:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps_second:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps_second:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/bitbucket-cachi2-npm-without-deps-second@2.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "bitbucket-cachi2-npm-without-deps-second", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-body-parser-2e6ddb0a13ebe1b5", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:body-parser:body-parser:1.20.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:body-parser:body_parser:1.20.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:body_parser:body-parser:1.20.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:body_parser:body_parser:1.20.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:body:body-parser:1.20.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:body:body_parser:1.20.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/body-parser@1.20.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "body-parser", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.20.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-bytes-11b7c62df6dc5b1d", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bytes:bytes:3.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/bytes@3.1.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "bytes", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "3.1.2" + }, + { + "SPDXID": "SPDXRef-Package-npm-cachito-npm-without-deps-2cab59eb6e472a37", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://github.com/cachito-testing/cachito-npm-without-deps/raw/tarball/cachito-npm-without-deps-1.0.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-npm-without-deps:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-npm-without-deps:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_npm_without_deps:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_npm_without_deps:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-npm-without:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-npm-without:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_npm_without:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_npm_without:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-npm:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-npm:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_npm:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_npm:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/cachito-npm-without-deps@1.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "cachito-npm-without-deps", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-call-bind-35adfcd784173f59", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:call-bind:call-bind:1.0.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:call-bind:call_bind:1.0.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:call_bind:call-bind:1.0.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:call_bind:call_bind:1.0.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:call:call-bind:1.0.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:call:call_bind:1.0.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/call-bind@1.0.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "call-bind", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.2" + }, + { + "SPDXID": "SPDXRef-Package-npm-classnames-02162ed8743e22f3", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/classnames/-/classnames-2.3.2.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:classnames:classnames:2.3.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/classnames@2.3.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "classnames", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.3.2" + }, + { + "SPDXID": "SPDXRef-Package-npm-colors-06a7d9e0197b39e0", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/colors/-/colors-1.4.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:colors:colors:1.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/colors@1.4.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "colors", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.4.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-content-disposition-105471e28411dc70", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content-disposition:content-disposition:0.5.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content-disposition:content_disposition:0.5.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content_disposition:content-disposition:0.5.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content_disposition:content_disposition:0.5.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content:content-disposition:0.5.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content:content_disposition:0.5.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/content-disposition@0.5.4", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "content-disposition", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "0.5.4" + }, + { + "SPDXID": "SPDXRef-Package-npm-content-type-ff50f3e9146f918a", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content-type:content-type:1.0.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content-type:content_type:1.0.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content_type:content-type:1.0.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content_type:content_type:1.0.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content:content-type:1.0.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content:content_type:1.0.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/content-type@1.0.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "content-type", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.5" + }, + { + "SPDXID": "SPDXRef-Package-npm-cookie-d6a8687d55fe9822", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/cookie/-/cookie-0.5.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cookie:cookie:0.5.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/cookie@0.5.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "cookie", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "0.5.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-cookie-signature-d1ddfc590683a178", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cookie-signature_project:cookie-signature:1.0.6:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/cookie-signature@1.0.6", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "cookie-signature", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.6" + }, + { + "SPDXID": "SPDXRef-Package-npm-csstype-56cfd4aaf334efad", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/csstype/-/csstype-3.1.2.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:csstype:csstype:3.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/csstype@3.1.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "csstype", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "3.1.2" + }, + { + "SPDXID": "SPDXRef-Package-npm-dateformat-d074071dcc6a8350", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/dateformat/-/dateformat-5.0.3.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:dateformat:dateformat:5.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/dateformat@5.0.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "dateformat", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "5.0.3" + }, + { + "SPDXID": "SPDXRef-Package-npm-debug-92252ea21868a6d9", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:debug_project:debug:2.6.9:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/debug@2.6.9", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "debug", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.6.9" + }, + { + "SPDXID": "SPDXRef-Package-npm-depd-a0f4b2f715620506", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:depd:depd:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/depd@2.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "depd", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-destroy-c0b574391f65a7f0", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:destroy:destroy:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/destroy@1.2.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "destroy", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.2.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-ee-first-3b86eb35be74119c", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ee-first:ee-first:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ee-first:ee_first:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ee_first:ee-first:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ee_first:ee_first:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ee:ee-first:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ee:ee_first:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/ee-first@1.1.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "ee-first", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.1.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-eggs-2247fa00832a65ff", + "copyrightText": "NOASSERTION", + "downloadLocation": "eggs-packages/eggs", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:eggs:eggs:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/eggs", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "eggs", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-npm-eggs-packages-eggs-af32220520b08aa3", + "copyrightText": "NOASSERTION", + "downloadLocation": "NONE", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:eggs-packages\\/eggs:eggs-packages\\/eggs:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:eggs-packages\\/eggs:eggs_packages\\/eggs:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:eggs_packages\\/eggs:eggs-packages\\/eggs:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:eggs_packages\\/eggs:eggs_packages\\/eggs:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:eggs:eggs-packages\\/eggs:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:eggs:eggs_packages\\/eggs:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/eggs-packages/eggs@1.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "ISC", + "name": "eggs-packages/eggs", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-encodeurl-b77b63dcf4971d69", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:encodeurl:encodeurl:1.0.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/encodeurl@1.0.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "encodeurl", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.2" + }, + { + "SPDXID": "SPDXRef-Package-npm-escape-html-c0cdf8c952ce772a", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:escape-html:escape-html:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:escape-html:escape_html:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:escape_html:escape-html:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:escape_html:escape_html:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:escape:escape-html:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:escape:escape_html:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/escape-html@1.0.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "escape-html", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.3" + }, + { + "SPDXID": "SPDXRef-Package-npm-etag-7d0dc766870c2472", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:etag:etag:1.8.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/etag@1.8.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "etag", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.8.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-express-843137561e387c44", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/express/-/express-4.18.2.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:openjsf:express:4.18.2:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/express@4.18.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "express", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "4.18.2" + }, + { + "SPDXID": "SPDXRef-Package-npm-fecha-0dbe723d51b71105", + "copyrightText": "NOASSERTION", + "downloadLocation": "file:fecha-4.2.3.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:fecha:fecha:4.2.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/fecha@4.2.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "name": "fecha", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "4.2.3" + }, + { + "SPDXID": "SPDXRef-Package-npm-finalhandler-b5cddb9ad2ad4516", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:finalhandler:finalhandler:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/finalhandler@1.2.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "finalhandler", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.2.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-foo-352f1023dd02679f", + "copyrightText": "NOASSERTION", + "downloadLocation": "foo", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:foo:foo:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/foo", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "foo", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-npm-foo-e577272d8af44a23", + "copyrightText": "NOASSERTION", + "downloadLocation": "NONE", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:foo:foo:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/foo@1.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "ISC", + "name": "foo", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-forwarded-d07931fe109020ee", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:forwarded_project:forwarded:0.2.0:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/forwarded@0.2.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "forwarded", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "0.2.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-fresh-a35427e837fe81b6", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:fresh_project:fresh:0.5.2:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/fresh@0.5.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "fresh", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "0.5.2" + }, + { + "SPDXID": "SPDXRef-Package-npm-function-bind-b0d705f9d55d98a8", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:function-bind:function-bind:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:function-bind:function_bind:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:function_bind:function-bind:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:function_bind:function_bind:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:function:function-bind:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:function:function_bind:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/function-bind@1.1.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "function-bind", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.1.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-get-intrinsic-14d124688defa36a", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:get-intrinsic:get-intrinsic:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:get-intrinsic:get_intrinsic:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:get_intrinsic:get-intrinsic:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:get_intrinsic:get_intrinsic:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:get:get-intrinsic:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:get:get_intrinsic:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/get-intrinsic@1.2.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "get-intrinsic", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.2.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-has-1756c590ddbbbf1f", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:has:has:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/has@1.0.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "has", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.3" + }, + { + "SPDXID": "SPDXRef-Package-npm-has-symbols-41af9f2eb5a7b313", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:has-symbols:has-symbols:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:has-symbols:has_symbols:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:has_symbols:has-symbols:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:has_symbols:has_symbols:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:has:has-symbols:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:has:has_symbols:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/has-symbols@1.0.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "has-symbols", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.3" + }, + { + "SPDXID": "SPDXRef-Package-npm-http-errors-1d02b487dab61965", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:http-errors:http-errors:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:http-errors:http_errors:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:http_errors:http-errors:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:http_errors:http_errors:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:http:http-errors:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:http:http_errors:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/http-errors@2.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "http-errors", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-iconv-lite-c90cedf9e72dd0f0", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:iconv-lite:iconv-lite:0.4.24:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:iconv-lite:iconv_lite:0.4.24:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:iconv_lite:iconv-lite:0.4.24:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:iconv_lite:iconv_lite:0.4.24:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:iconv:iconv-lite:0.4.24:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:iconv:iconv_lite:0.4.24:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/iconv-lite@0.4.24", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "iconv-lite", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "0.4.24" + }, + { + "SPDXID": "SPDXRef-Package-npm-inherits-c4b3a63b476363af", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:inherits:inherits:2.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/inherits@2.0.4", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "inherits", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.0.4" + }, + { + "SPDXID": "SPDXRef-Package-npm-ipaddr.js-c680b64700b2337d", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ipaddr.js:ipaddr.js:1.9.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/ipaddr.js@1.9.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "ipaddr.js", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.9.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-is-positive-bc8e42cbdee7b510", + "copyrightText": "NOASSERTION", + "downloadLocation": "git+ssh://git@github.com/kevva/is-positive.git#97edff6f525f192a3f83cea1944765f769ae2678", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:is-positive:is-positive:3.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:is-positive:is_positive:3.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:is_positive:is-positive:3.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:is_positive:is_positive:3.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:is:is-positive:3.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:is:is_positive:3.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/is-positive@3.1.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "is-positive", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "3.1.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-media-typer-0d0c9173b3765561", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:media-typer:media-typer:0.3.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:media-typer:media_typer:0.3.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:media_typer:media-typer:0.3.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:media_typer:media_typer:0.3.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:media:media-typer:0.3.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:media:media_typer:0.3.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/media-typer@0.3.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "media-typer", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "0.3.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-merge-descriptors-4c25dffaba71b53f", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:merge-descriptors:merge-descriptors:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:merge-descriptors:merge_descriptors:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:merge_descriptors:merge-descriptors:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:merge_descriptors:merge_descriptors:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:merge:merge-descriptors:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:merge:merge_descriptors:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/merge-descriptors@1.0.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "merge-descriptors", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-methods-9f5112a619f16ada", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:methods:methods:1.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/methods@1.1.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "methods", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.1.2" + }, + { + "SPDXID": "SPDXRef-Package-npm-mime-3a8f4690355983f8", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime_project:mime:1.6.0:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/mime@1.6.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "mime", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.6.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-mime-db-65a378639eed7a8d", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime-db:mime-db:1.52.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime-db:mime_db:1.52.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime_db:mime-db:1.52.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime_db:mime_db:1.52.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime:mime-db:1.52.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime:mime_db:1.52.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/mime-db@1.52.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "mime-db", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.52.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-mime-types-14ae2be2d517fcdc", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime-types:mime-types:2.1.35:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime-types:mime_types:2.1.35:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime_types:mime-types:2.1.35:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime_types:mime_types:2.1.35:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime:mime-types:2.1.35:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime:mime_types:2.1.35:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/mime-types@2.1.35", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "mime-types", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.1.35" + }, + { + "SPDXID": "SPDXRef-Package-npm-ms-acfab536d1f4602c", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:vercel:ms:2.0.0:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/ms@2.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "ms", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-ms-bca22b52057e7753", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:vercel:ms:2.1.3:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/ms@2.1.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "ms", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.1.3" + }, + { + "SPDXID": "SPDXRef-Package-npm-negotiator-af6245201061f5e2", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:negotiator:negotiator:0.6.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/negotiator@0.6.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "negotiator", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "0.6.3" + }, + { + "SPDXID": "SPDXRef-Package-npm-not-baz-b8327c159037e29a", + "copyrightText": "NOASSERTION", + "downloadLocation": "baz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not-baz:not-baz:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not-baz:not_baz:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not_baz:not-baz:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not_baz:not_baz:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not:not-baz:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not:not_baz:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/not-baz", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "not-baz", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-npm-not-baz-3b1af970071fba18", + "copyrightText": "NOASSERTION", + "downloadLocation": "NONE", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not-baz:not-baz:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not-baz:not_baz:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not_baz:not-baz:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not_baz:not_baz:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not:not-baz:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not:not_baz:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/not-baz@1.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "ISC", + "name": "not-baz", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-npm-test-34ba90ce6af47f8c", + "copyrightText": "NOASSERTION", + "downloadLocation": "NONE", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:npm-test:npm-test:1.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:npm-test:npm_test:1.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:npm_test:npm-test:1.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:npm_test:npm_test:1.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:npm:npm-test:1.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:npm:npm_test:1.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/npm_test@1.1.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "ISC", + "name": "npm_test", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.1.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-object-inspect-d4a5f46fefb0c652", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.3.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:object-inspect:object-inspect:1.12.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:object-inspect:object_inspect:1.12.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:object_inspect:object-inspect:1.12.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:object_inspect:object_inspect:1.12.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:object:object-inspect:1.12.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:object:object_inspect:1.12.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/object-inspect@1.12.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "object-inspect", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.12.3" + }, + { + "SPDXID": "SPDXRef-Package-npm-on-finished-025772e77611d88b", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:on-finished:on-finished:2.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:on-finished:on_finished:2.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:on_finished:on-finished:2.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:on_finished:on_finished:2.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:on:on-finished:2.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:on:on_finished:2.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/on-finished@2.4.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "on-finished", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.4.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-parseurl-8957b9f80bfd7e48", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:parseurl:parseurl:1.3.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/parseurl@1.3.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "parseurl", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.3.3" + }, + { + "SPDXID": "SPDXRef-Package-npm-path-to-regexp-6fb024842a7b51c9", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path-to-regexp:path-to-regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path-to-regexp:path_to_regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path_to_regexp:path-to-regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path_to_regexp:path_to_regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path-to:path-to-regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path-to:path_to_regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path_to:path-to-regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path_to:path_to_regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path:path-to-regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path:path_to_regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/path-to-regexp@0.1.7", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "path-to-regexp", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "0.1.7" + }, + { + "SPDXID": "SPDXRef-Package-npm-proxy-addr-aa592d0a6f0e14e0", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proxy-addr:proxy-addr:2.0.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proxy-addr:proxy_addr:2.0.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proxy_addr:proxy-addr:2.0.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proxy_addr:proxy_addr:2.0.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proxy:proxy-addr:2.0.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proxy:proxy_addr:2.0.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/proxy-addr@2.0.7", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "proxy-addr", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.0.7" + }, + { + "SPDXID": "SPDXRef-Package-npm-qs-6e2c51e0e8fdd82a", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:qs_project:qs:6.11.0:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/qs@6.11.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "qs", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "6.11.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-range-parser-a5ac7b9eddc291fe", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:range-parser:range-parser:1.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:range-parser:range_parser:1.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:range_parser:range-parser:1.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:range_parser:range_parser:1.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:range:range-parser:1.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:range:range_parser:1.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/range-parser@1.2.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "range-parser", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.2.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-raw-body-c124e89ccbc8e1a9", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:raw-body:raw-body:2.5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:raw-body:raw_body:2.5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:raw_body:raw-body:2.5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:raw_body:raw_body:2.5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:raw:raw-body:2.5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:raw:raw_body:2.5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/raw-body@2.5.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "raw-body", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.5.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-safe-buffer-f1a458d0a34a3e1e", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safe-buffer:safe-buffer:5.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safe-buffer:safe_buffer:5.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safe_buffer:safe-buffer:5.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safe_buffer:safe_buffer:5.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safe:safe-buffer:5.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safe:safe_buffer:5.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/safe-buffer@5.2.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "safe-buffer", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "5.2.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-safer-buffer-35e495695450988a", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safer-buffer:safer-buffer:2.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safer-buffer:safer_buffer:2.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safer_buffer:safer-buffer:2.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safer_buffer:safer_buffer:2.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safer:safer-buffer:2.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safer:safer_buffer:2.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/safer-buffer@2.1.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "safer-buffer", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.1.2" + }, + { + "SPDXID": "SPDXRef-Package-npm-sax-e5fe5e07946d7f0e", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/sax/-/sax-0.1.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:sax:sax:0.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/sax@0.1.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "sax", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "0.1.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-send-eb7410154bfac325", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/send/-/send-0.18.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:send_project:send:0.18.0:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/send@0.18.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "send", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "0.18.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-serve-static-73cf56576686cfde", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/serve-static/-/serve-static-1.15.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:serve-static:serve-static:1.15.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:serve-static:serve_static:1.15.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:serve_static:serve-static:1.15.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:serve_static:serve_static:1.15.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:serve:serve-static:1.15.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:serve:serve_static:1.15.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/serve-static@1.15.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "serve-static", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.15.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-setprototypeof-547a0345595d4c22", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:setprototypeof:setprototypeof:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/setprototypeof@1.2.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "setprototypeof", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.2.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-side-channel-cdb286823062a5b2", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.4.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:side-channel:side-channel:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:side-channel:side_channel:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:side_channel:side-channel:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:side_channel:side_channel:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:side:side-channel:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:side:side_channel:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/side-channel@1.0.4", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "side-channel", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.4" + }, + { + "SPDXID": "SPDXRef-Package-npm-spam-ee4212f669097a9b", + "copyrightText": "NOASSERTION", + "downloadLocation": "spam-packages/spam", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spam:spam:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/spam", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "spam", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-npm-spam-packages-spam-8ad0ba47106e9eca", + "copyrightText": "NOASSERTION", + "downloadLocation": "NONE", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spam-packages\\/spam:spam-packages\\/spam:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spam-packages\\/spam:spam_packages\\/spam:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spam_packages\\/spam:spam-packages\\/spam:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spam_packages\\/spam:spam_packages\\/spam:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spam:spam-packages\\/spam:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spam:spam_packages\\/spam:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/spam-packages/spam@1.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "ISC", + "name": "spam-packages/spam", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-statuses-f8d7a7aac610252f", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:statuses:statuses:2.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/statuses@2.0.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "statuses", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.0.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-toidentifier-f4b7c633380a689c", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:toidentifier:toidentifier:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/toidentifier@1.0.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "toidentifier", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-type-is-d68517abe50bfeac", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:type-is:type-is:1.6.18:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:type-is:type_is:1.6.18:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:type_is:type-is:1.6.18:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:type_is:type_is:1.6.18:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:type:type-is:1.6.18:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:type:type_is:1.6.18:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/type-is@1.6.18", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "type-is", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.6.18" + }, + { + "SPDXID": "SPDXRef-Package-npm-unpipe-a69d83f063c5175d", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:unpipe:unpipe:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/unpipe@1.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "unpipe", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-utils-merge-1909c40a9ae99753", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:utils-merge:utils-merge:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:utils-merge:utils_merge:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:utils_merge:utils-merge:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:utils_merge:utils_merge:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:utils:utils-merge:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:utils:utils_merge:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/utils-merge@1.0.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "utils-merge", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-uuid-ccbce98fa2fd50bf", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/uuid/-/uuid-9.0.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:uuid:uuid:9.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/uuid@9.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "uuid", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "9.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-vary-4bc84cbb6d76f2fa", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:vary:vary:1.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/vary@1.1.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "vary", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.1.2" + }, + { + "SPDXID": "SPDXRef-DocumentRoot-Directory-.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": ".", + "primaryPackagePurpose": "FILE", + "supplier": "NOASSERTION" + } + ], + "relationships": [ + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-classnames-02162ed8743e22f3" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-on-finished-025772e77611d88b" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-array-flatten-03addc097d0a6218" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-colors-06a7d9e0197b39e0" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-bitbucket-cachi2-npm-without-deps-06b6ba58ac830af0" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-media-typer-0d0c9173b3765561" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-fecha-0dbe723d51b71105" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-content-disposition-105471e28411dc70" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-bytes-11b7c62df6dc5b1d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-mime-types-14ae2be2d517fcdc" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-get-intrinsic-14d124688defa36a" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-has-1756c590ddbbbf1f" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-utils-merge-1909c40a9ae99753" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-http-errors-1d02b487dab61965" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-eggs-2247fa00832a65ff" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-bitbucket-cachi2-npm-without-deps-second-2beab3450e977bf2" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-cachito-npm-without-deps-2cab59eb6e472a37" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-body-parser-2e6ddb0a13ebe1b5" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm--types-react-32822b9f11e1589a" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-npm-test-34ba90ce6af47f8c" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-foo-352f1023dd02679f" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-call-bind-35adfcd784173f59" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-safer-buffer-35e495695450988a" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm--types-prop-types-38e27e44d41f52ce" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-mime-3a8f4690355983f8" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-not-baz-3b1af970071fba18" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-ee-first-3b86eb35be74119c" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-abbrev-3be56342a35f1f05" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-has-symbols-41af9f2eb5a7b313" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-vary-4bc84cbb6d76f2fa" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-merge-descriptors-4c25dffaba71b53f" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm--types-react-dom-4c4ba8dfb825b32d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-setprototypeof-547a0345595d4c22" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-csstype-56cfd4aaf334efad" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-mime-db-65a378639eed7a8d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-bar-66cc4304f82b84df" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-qs-6e2c51e0e8fdd82a" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-path-to-regexp-6fb024842a7b51c9" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-serve-static-73cf56576686cfde" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-etag-7d0dc766870c2472" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-express-843137561e387c44" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-parseurl-8957b9f80bfd7e48" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-spam-packages-spam-8ad0ba47106e9eca" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-debug-92252ea21868a6d9" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-accepts-931d209532cf2470" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-bar-9cc7c48b54214fa1" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm--types-scheduler-9d26bede47ebfeea" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-methods-9f5112a619f16ada" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-depd-a0f4b2f715620506" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-fresh-a35427e837fe81b6" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-range-parser-a5ac7b9eddc291fe" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-unpipe-a69d83f063c5175d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-proxy-addr-aa592d0a6f0e14e0" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-ms-acfab536d1f4602c" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-eggs-packages-eggs-af32220520b08aa3" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-negotiator-af6245201061f5e2" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-function-bind-b0d705f9d55d98a8" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-finalhandler-b5cddb9ad2ad4516" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-encodeurl-b77b63dcf4971d69" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-not-baz-b8327c159037e29a" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-is-positive-bc8e42cbdee7b510" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-ms-bca22b52057e7753" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-destroy-c0b574391f65a7f0" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-escape-html-c0cdf8c952ce772a" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-raw-body-c124e89ccbc8e1a9" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-inherits-c4b3a63b476363af" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-ipaddr.js-c680b64700b2337d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-iconv-lite-c90cedf9e72dd0f0" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-uuid-ccbce98fa2fd50bf" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-side-channel-cdb286823062a5b2" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-dateformat-d074071dcc6a8350" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-forwarded-d07931fe109020ee" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-cookie-signature-d1ddfc590683a178" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-object-inspect-d4a5f46fefb0c652" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-type-is-d68517abe50bfeac" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-cookie-d6a8687d55fe9822" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-foo-e577272d8af44a23" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-sax-e5fe5e07946d7f0e" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-send-eb7410154bfac325" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-spam-ee4212f669097a9b" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-safe-buffer-f1a458d0a34a3e1e" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-toidentifier-f4b7c633380a689c" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-statuses-f8d7a7aac610252f" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-package-lock.json-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-content-type-ff50f3e9146f918a" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm--types-prop-types-38e27e44d41f52ce", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm--types-react-32822b9f11e1589a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm--types-react-dom-4c4ba8dfb825b32d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm--types-scheduler-9d26bede47ebfeea", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-abbrev-3be56342a35f1f05", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-accepts-931d209532cf2470", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-array-flatten-03addc097d0a6218", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-bar-66cc4304f82b84df", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-bar-9cc7c48b54214fa1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-bitbucket-cachi2-npm-without-deps-06b6ba58ac830af0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-bitbucket-cachi2-npm-without-deps-second-2beab3450e977bf2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-body-parser-2e6ddb0a13ebe1b5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-bytes-11b7c62df6dc5b1d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-cachito-npm-without-deps-2cab59eb6e472a37", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-call-bind-35adfcd784173f59", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-classnames-02162ed8743e22f3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-colors-06a7d9e0197b39e0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-content-disposition-105471e28411dc70", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-content-type-ff50f3e9146f918a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-cookie-d6a8687d55fe9822", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-cookie-signature-d1ddfc590683a178", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-csstype-56cfd4aaf334efad", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-dateformat-d074071dcc6a8350", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-debug-92252ea21868a6d9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-depd-a0f4b2f715620506", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-destroy-c0b574391f65a7f0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-ee-first-3b86eb35be74119c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-eggs-2247fa00832a65ff", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-eggs-packages-eggs-af32220520b08aa3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-encodeurl-b77b63dcf4971d69", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-escape-html-c0cdf8c952ce772a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-etag-7d0dc766870c2472", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-express-843137561e387c44", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-fecha-0dbe723d51b71105", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-finalhandler-b5cddb9ad2ad4516", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-foo-352f1023dd02679f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-foo-e577272d8af44a23", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-forwarded-d07931fe109020ee", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-fresh-a35427e837fe81b6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-function-bind-b0d705f9d55d98a8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-get-intrinsic-14d124688defa36a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-has-1756c590ddbbbf1f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-has-symbols-41af9f2eb5a7b313", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-http-errors-1d02b487dab61965", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-iconv-lite-c90cedf9e72dd0f0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-inherits-c4b3a63b476363af", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-ipaddr.js-c680b64700b2337d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-is-positive-bc8e42cbdee7b510", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-media-typer-0d0c9173b3765561", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-merge-descriptors-4c25dffaba71b53f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-methods-9f5112a619f16ada", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-mime-3a8f4690355983f8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-mime-db-65a378639eed7a8d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-mime-types-14ae2be2d517fcdc", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-ms-acfab536d1f4602c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-ms-bca22b52057e7753", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-negotiator-af6245201061f5e2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-not-baz-b8327c159037e29a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-not-baz-3b1af970071fba18", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-npm-test-34ba90ce6af47f8c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-object-inspect-d4a5f46fefb0c652", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-on-finished-025772e77611d88b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-parseurl-8957b9f80bfd7e48", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-path-to-regexp-6fb024842a7b51c9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-proxy-addr-aa592d0a6f0e14e0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-qs-6e2c51e0e8fdd82a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-range-parser-a5ac7b9eddc291fe", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-raw-body-c124e89ccbc8e1a9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-safe-buffer-f1a458d0a34a3e1e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-safer-buffer-35e495695450988a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-sax-e5fe5e07946d7f0e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-send-eb7410154bfac325", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-serve-static-73cf56576686cfde", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-setprototypeof-547a0345595d4c22", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-side-channel-cdb286823062a5b2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-spam-ee4212f669097a9b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-spam-packages-spam-8ad0ba47106e9eca", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-statuses-f8d7a7aac610252f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-toidentifier-f4b7c633380a689c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-type-is-d68517abe50bfeac", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-unpipe-a69d83f063c5175d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-utils-merge-1909c40a9ae99753", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-uuid-ccbce98fa2fd50bf", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-vary-4bc84cbb6d76f2fa", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-DocumentRoot-Directory-.", + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT" + } + ], + "spdxVersion": "SPDX-2.3" +} diff --git a/sbom-utility-scripts/scripts/merge-sboms-script/test_data/spdx/syft-sboms/pip-e2e-test.bom.json b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/spdx/syft-sboms/pip-e2e-test.bom.json new file mode 100644 index 0000000..bd852b1 --- /dev/null +++ b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/spdx/syft-sboms/pip-e2e-test.bom.json @@ -0,0 +1,766 @@ +{ + "SPDXID": "SPDXRef-DOCUMENT", + "creationInfo": { + "created": "2024-12-18T11:28:00Z", + "creators": [ + "Organization: Anchore, Inc", + "Tool: syft-1.4.1" + ], + "licenseListVersion": "3.23" + }, + "dataLicense": "CC0-1.0", + "documentNamespace": "https://anchore.com/syft/dir/syft-sboms-b66779b6-6e20-4128-9fad-da28250a1b82", + "files": [ + { + "SPDXID": "SPDXRef-File-requirements-build.txt-458596483a88d4e1", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "copyrightText": "", + "fileName": "/requirements-build.txt", + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-requirements.txt-26ca2b7dc025d550", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "copyrightText": "", + "fileName": "/requirements.txt", + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + } + ], + "name": ".", + "packages": [ + { + "SPDXID": "SPDXRef-Package-python-certifi-605ce44010623730", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:kennethreitz:certifi:2022.12.7:*:*:*:*:python:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/certifi@2022.12.7", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "certifi", + "sourceInfo": "acquired package info from installed python package manifest file: /requirements.txt", + "supplier": "NOASSERTION", + "versionInfo": "2022.12.7" + }, + { + "SPDXID": "SPDXRef-Package-python-charset-normalizer-af8ef9b528d1324d", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset-normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset-normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset_normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset_normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset-normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset-normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset_normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset_normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset-normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset-normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset_normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset_normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset-normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset-normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset_normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset_normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/charset-normalizer@3.0.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "charset-normalizer", + "sourceInfo": "acquired package info from installed python package manifest file: /requirements.txt", + "supplier": "NOASSERTION", + "versionInfo": "3.0.1" + }, + { + "SPDXID": "SPDXRef-Package-python-flit-core-24f242ce07794d00", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit-core:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit-core:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit_core:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit_core:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit-core:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit-core:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit_core:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit_core:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit-core:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit-core:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit_core:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit_core:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit-core:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit-core:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit_core:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit_core:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/flit-core@3.8.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "flit-core", + "sourceInfo": "acquired package info from installed python package manifest file: /requirements-build.txt", + "supplier": "NOASSERTION", + "versionInfo": "3.8.0" + }, + { + "SPDXID": "SPDXRef-Package-python-idna-ff5d4caf61299680", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-idna:python-idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-idna:python_idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_idna:python-idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_idna:python_idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python-idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python_idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:idna:python-idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:idna:python_idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-idna:idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_idna:idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:idna:idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/idna@3.4", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "idna", + "sourceInfo": "acquired package info from installed python package manifest file: /requirements.txt", + "supplier": "NOASSERTION", + "versionInfo": "3.4" + }, + { + "SPDXID": "SPDXRef-Package-python-requests-03176f57fdf54d1e", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:requests:2.28.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/requests@2.28.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "requests", + "sourceInfo": "acquired package info from installed python package manifest file: /requirements.txt", + "supplier": "NOASSERTION", + "versionInfo": "2.28.2" + }, + { + "SPDXID": "SPDXRef-Package-python-setuptools-7ae302e7223ecbbd", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:setuptools:67.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/setuptools@67.1.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "setuptools", + "sourceInfo": "acquired package info from installed python package manifest file: /requirements-build.txt", + "supplier": "NOASSERTION", + "versionInfo": "67.1.0" + }, + { + "SPDXID": "SPDXRef-Package-python-urllib3-531a10a07587b59c", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:urllib3:1.26.14:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/urllib3@1.26.14", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "urllib3", + "sourceInfo": "acquired package info from installed python package manifest file: /requirements.txt", + "supplier": "NOASSERTION", + "versionInfo": "1.26.14" + }, + { + "SPDXID": "SPDXRef-Package-python-wheel-3a9d5577afa1b279", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-wheel:python-wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-wheel:python_wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_wheel:python-wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_wheel:python_wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python-wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python_wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-wheel:wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_wheel:wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:wheel:python-wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:wheel:python_wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:wheel:wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/wheel@0.38.4", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "wheel", + "sourceInfo": "acquired package info from installed python package manifest file: /requirements-build.txt", + "supplier": "NOASSERTION", + "versionInfo": "0.38.4" + }, + { + "SPDXID": "SPDXRef-DocumentRoot-Directory-.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": ".", + "primaryPackagePurpose": "FILE", + "supplier": "NOASSERTION" + } + ], + "relationships": [ + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-requirements.txt-26ca2b7dc025d550", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-python-requests-03176f57fdf54d1e" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-requirements-build.txt-458596483a88d4e1", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-python-flit-core-24f242ce07794d00" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-requirements-build.txt-458596483a88d4e1", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-python-wheel-3a9d5577afa1b279" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-requirements.txt-26ca2b7dc025d550", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-python-urllib3-531a10a07587b59c" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-requirements.txt-26ca2b7dc025d550", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-python-certifi-605ce44010623730" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-requirements-build.txt-458596483a88d4e1", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-python-setuptools-7ae302e7223ecbbd" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-requirements.txt-26ca2b7dc025d550", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-python-charset-normalizer-af8ef9b528d1324d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-requirements.txt-26ca2b7dc025d550", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-python-idna-ff5d4caf61299680" + }, + { + "relatedSpdxElement": "SPDXRef-Package-python-certifi-605ce44010623730", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-python-charset-normalizer-af8ef9b528d1324d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-python-flit-core-24f242ce07794d00", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-python-idna-ff5d4caf61299680", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-python-requests-03176f57fdf54d1e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-python-setuptools-7ae302e7223ecbbd", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-python-urllib3-531a10a07587b59c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-python-wheel-3a9d5577afa1b279", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-DocumentRoot-Directory-.", + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT" + } + ], + "spdxVersion": "SPDX-2.3" +} diff --git a/sbom-utility-scripts/scripts/merge-sboms-script/test_data/spdx/syft-sboms/ubi-micro.bom.json b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/spdx/syft-sboms/ubi-micro.bom.json new file mode 100644 index 0000000..bb47560 --- /dev/null +++ b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/spdx/syft-sboms/ubi-micro.bom.json @@ -0,0 +1,12980 @@ +{ + "SPDXID": "SPDXRef-DOCUMENT", + "creationInfo": { + "created": "2024-12-18T11:28:00Z", + "creators": [ + "Organization: Anchore, Inc", + "Tool: syft-1.4.1" + ], + "licenseListVersion": "3.23" + }, + "dataLicense": "CC0-1.0", + "documentNamespace": "https://anchore.com/syft/dir/syft-sboms-b66779b6-6e20-4128-9fad-da28250a1b82", + "files": [ + { + "SPDXID": "SPDXRef-File-etc-aliases-3b106a4ceb41fa8a", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "41b96f30cc6b111373281bb4a549d252acff8d61" + }, + { + "algorithm": "SHA256", + "checksumValue": "a4c569569f893bc22fbe696c459f8fba0fe4565022637300b705b54a95c47bce" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/aliases", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-bashrc-9f080adee0f8cd58", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7743c11f20d32680eab82e12b8042792c263dd67" + }, + { + "algorithm": "SHA256", + "checksumValue": "bb091ed0ed1cbf1cd40cd3da60a4a994e2246c551ab086e96f43fefca197f75e" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/bashrc", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-csh.cshrc-d010f2b6ecbcec3d", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8107c5537407a77fe092c0431351c59a9f5b1a1f" + }, + { + "algorithm": "SHA256", + "checksumValue": "441b02ec287f3bd2b94e2df4462e29f1f2f49d5fa41b8cce9dddd7865775868d" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/csh.cshrc", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-csh.login-3c8c67ce970d943c", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5d131e943a6965da06cd60b4dce9a4fcbd77b371" + }, + { + "algorithm": "SHA256", + "checksumValue": "c9ea846975d2c90ac93c86ff6b04566f2b1d15c705ab62ec467c194b8a242f0e" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/csh.login", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-...dnf-protected.d-redhat-release.conf-4bfb5d89816ea952", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "058cfa312d9fd6a38756cea360ad03dbd6f2fcdd" + }, + { + "algorithm": "SHA256", + "checksumValue": "942298c770f9afd8303dffda64d89fb57c8d06e8a37fcc285951682afc5a88b7" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/dnf/protected.d/redhat-release.conf", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-dnf-protected.d-setup.conf-0e60b5f54e6783d8", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "da041fe15ae9d8b17172d1a52a6621b25436d1f8" + }, + { + "algorithm": "SHA256", + "checksumValue": "9752eb62a6845a78a9e2eaeb4a6eb2d93a1b654ee8665f71d516cfaca3e7cf57" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/dnf/protected.d/setup.conf", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-environment-bdc00b8f2846e41e", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/environment", + "fileTypes": [ + "OTHER" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-ethertypes-a20b8b5eb6252dd2", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "07eb268f4ccd95249f0e5b62e73c546d2d213cba" + }, + { + "algorithm": "SHA256", + "checksumValue": "ed38f9d644befc87eb41a8649c310073240d9a8cd75b2f9c115b5d9d7e5d033c" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/ethertypes", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-exports-feafa1df08fa0a8d", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/exports", + "fileTypes": [ + "OTHER" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-filesystems-7b2c0d164c096cb1", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f27be95d40c6cdd69350ca46e1d5a186d7212b9b" + }, + { + "algorithm": "SHA256", + "checksumValue": "ba1ed4fe76cd63c37dbd44a040921db7810c4b63f46ee6635779627a4a36a196" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/filesystems", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-group-97a2758b67a452b1", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "882845218b1cb4359f643d51a3341bb993f4ed77" + }, + { + "algorithm": "SHA256", + "checksumValue": "5be46faf83078411c18ce0f3cb5e5fc5b56b8cb214a7f5a65dbbef6cb8249e16" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/group", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-gshadow-85e3bf161980644c", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d2feecb72fa847dfc758eb963d99ccc2afb85931" + }, + { + "algorithm": "SHA256", + "checksumValue": "50b56bf2e0d5dd28900aa04478a9d4cc2ca1ea3452a76a71c71b5ade7f2221cd" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/gshadow", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-host.conf-9c2274ba4f682829", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b10cafadc043aec4056a948914f011bc39d2ec13" + }, + { + "algorithm": "SHA256", + "checksumValue": "380f5fe21d755923b44203b58ca3c8b9681c485d152bd5d7e3914f67d821d32a" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/host.conf", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-hosts-48d73557460f1b0c", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7335999eb54c15c67566186bdfc46f64e0d5a1aa" + }, + { + "algorithm": "SHA256", + "checksumValue": "498f494232085ec83303a2bc6f04bea840c2b210fbbeda31a46a6e5674d4fc0e" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/hosts", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-inputrc-e949a0e9793ef0f9", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9482ed88a6779f0c14eb00e2e667960664dfcb98" + }, + { + "algorithm": "SHA256", + "checksumValue": "e016c93c4ded93c7e08e92957345746618c5893eae0c8528b0392a6e0d6e447a" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/inputrc", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-issue-1304fc07a399262d", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5c76e3b565c91e21bee303f15c728c71e6b39540" + }, + { + "algorithm": "SHA256", + "checksumValue": "188029a4a5fc320b6157195899bf6d424610d385949a857a811d992602fa48c9" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/issue", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-issue.net-cce465ff5a74e112", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "95fee903a60d67d0bc0f1c11b909ec0527c2b39d" + }, + { + "algorithm": "SHA256", + "checksumValue": "17657f4ee63966a9c7687e97028b9ca514f6e9bcbefec4b7f4e81ac861eb3483" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/issue.net", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-ld.so.cache-3303d89935058cf0", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3688921699a7868dc33e7f31b58d06ac26182774" + }, + { + "algorithm": "SHA256", + "checksumValue": "0adf2987e4d127e2145f06d744cf1fa84aae85ac60d52109cbb12ae4552dcd96" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/ld.so.cache", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-ld.so.conf-282b8f0ef7667cde", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "52ab6b95985c3fb925765d081bc9b36a048ec825" + }, + { + "algorithm": "SHA256", + "checksumValue": "239c865e4c0746a01f82b03d38d620853bab2a2ba8e81d6f5606c503e0ea379f" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/ld.so.conf", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-motd-093b22943ed4c34a", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/motd", + "fileTypes": [ + "OTHER" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-networks-1dd9301a3f39bdc0", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5c3cb9c5e7b7f4a6a1929c35727da7651e6c5bf4" + }, + { + "algorithm": "SHA256", + "checksumValue": "ae89ab2e35076a070ae7cf5b0edf600c3ea6999e15db9b543ef35dfc76d37cb1" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/networks", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-nsswitch.conf-14b3989da6efda4a", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fd83b89496b69153bbb068a0479b7bf297da62c0" + }, + { + "algorithm": "SHA256", + "checksumValue": "780582abdc12675cf3c66feb5d5c190a9c77591b72ef427b325c8bb78762d8e1" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/nsswitch.conf", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-passwd-4f54b5b8e3df4744", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "32c3cfcfa6515fb1a5e7222653281e8a82a3e69d" + }, + { + "algorithm": "SHA256", + "checksumValue": "d137fa8bf6ca9020c35a5bf992f32d4c803497e856e0254618f5abcb2f2425c6" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/passwd", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-pki-product-default-479.pem-814094b5105175a0", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "adf5cc23c43374a926507c3e870dfced2706d372" + }, + { + "algorithm": "SHA256", + "checksumValue": "f9d958a8a917bfe0a71318e45ee53ace7e3aba57ec6678d905dd2fa0c45b552e" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/pki/product-default/479.pem", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-...pki-rpm-gpg-ISV-Container-signing-key-e47e72ccba5baab6", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "03c3761c23c90492c6cfc9d707440bf7241f374a" + }, + { + "algorithm": "SHA256", + "checksumValue": "ce344c927483de60ed60bf4956aaee0dfa7e9433e0f43c58ce64378d761bf724" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/pki/rpm-gpg/ISV-Container-signing-key", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-...pki-rpm-gpg-RPM-GPG-KEY-redhat-beta-ad862b12a46e228d", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a72daf8585b41529269cdffcca3a0b3d4e2f21cd" + }, + { + "algorithm": "SHA256", + "checksumValue": "3f8644b35db4197e7689d0a034bdef2039d92e330e6b22217abfa6b86a1fc0fa" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-...pki-rpm-gpg-RPM-GPG-KEY-redhat-release-d231fdcaea7d6630", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9333c0a06770787f21a1fe9f7c17484cfbd3a818" + }, + { + "algorithm": "SHA256", + "checksumValue": "0db3dc1b6228f29d60f37c5ad91d9f4cd3547895e8ebedb242469b1c0a0cdf08" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-...CA-redhat.com-redhatcodesignca.cert-f3e72b04220487f2", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d0748b117f3a53df2e67c8fa9586d7c67133a2be" + }, + { + "algorithm": "SHA256", + "checksumValue": "b0cf509b823e9b89c43bc373229f87d3cfee4264c35c6ac82b58e5251c3e8c39" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/pki/swid/CA/redhat.com/redhatcodesignca.cert", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-printcap-d4e47022fd81cec8", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "72ebd61cd29193f572f2f0f4aa8a5a121ae10dd4" + }, + { + "algorithm": "SHA256", + "checksumValue": "f809352567a37d932b014311cf626774b97b63ec06d4f7bdd8a9cfcc34c691d9" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/printcap", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-profile-4a600a29b1d01aae", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d862efffc6a2f64d3a065606fe23508e711e5adc" + }, + { + "algorithm": "SHA256", + "checksumValue": "304bbca429881a74f3e8f8b1c003b29020c635b83661492accd576c99baf9f30" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/profile", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-profile.d-csh.local-d4bfd3dedb9affb5", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "13f50b8589668cb1e668ece7d5907fc3a3b88901" + }, + { + "algorithm": "SHA256", + "checksumValue": "07a2a80f1386c89941b3da4cda68790afe19f7425a14e01acdc2fbddb73b5508" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/profile.d/csh.local", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-profile.d-lang.csh-6097a424159ffd12", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1acf946eb09ca7854cc0c2389b284a061a4fb0fc" + }, + { + "algorithm": "SHA256", + "checksumValue": "5486ae2358f54ba086017a5a7d89fc71855e4071c06fe1866a278838b465b161" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/profile.d/lang.csh", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-profile.d-lang.sh-9eca6e02c9ae5f64", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cda23d45cf45e4fdc5f907e460e35b502b9a4285" + }, + { + "algorithm": "SHA256", + "checksumValue": "58bf8b07428754b273560c5ea4040c672440b2bb04709842cf94163e15dc144f" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/profile.d/lang.sh", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-profile.d-sh.local-edcbf30f1466e9ca", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4008fb3787fe37f16b9530eccfdaa4563c93b920" + }, + { + "algorithm": "SHA256", + "checksumValue": "3c5de252d65ae8c40e54c21be09dc574ca3641d036d7b44174939a7e64863920" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/profile.d/sh.local", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-protocols-8b62a585637b8b5b", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f72135c1eae65b2eff3217cb656ec1101ddb892e" + }, + { + "algorithm": "SHA256", + "checksumValue": "d0e614d3ac7c6d9f6fe7b6c8ac678f26cca185de66f5dd34b56e634b2398a8cd" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/protocols", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-redhat-release-a6261911e94ff98a", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f456274ea5fcf410601ed6d99116d819cf9b36b9" + }, + { + "algorithm": "SHA256", + "checksumValue": "57aa0ad30076ba3471097cd9dee7c5173807cee09cbfb764b16e596812b7e0cd" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/redhat-release", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-rpc-92a0ad0f9e56cf54", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8c68c8283757db3e910865b245077387f9166a08" + }, + { + "algorithm": "SHA256", + "checksumValue": "3b24a975dcde688434258566813a83ce256a4c73efd7a8a9c3998327b0b4de68" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/rpc", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-services-3cbf00f0b164b17c", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2c36cb01508c1050c2f0e82a25e1dff777d58a25" + }, + { + "algorithm": "SHA256", + "checksumValue": "ac7ed9a0608f2ee925d17dfa8154102f56d863e0ab53f39053ff27120ce571ce" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/services", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-shadow-e4c8fba2d6e37bf3", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "552f79cbbe6ad0a46f07f0380baa2fd49ab992c4" + }, + { + "algorithm": "SHA256", + "checksumValue": "02773a6edfc62186d7c40f5782c8b1ade7c260fb9d0be3a7153b961758ea7fbf" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/shadow", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-shells-8d553efaf5216c48", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "23c79830c4c6cdaf90348347e9c982c28708b315" + }, + { + "algorithm": "SHA256", + "checksumValue": "4ec4e8c524a4f10ca5898ccfaa6d29e7e08aff3a681f6bafbb62e7bec91aa154" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/shells", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-skel-.bash-logout-599c25df6f626da6", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "66296908ae73bd0b72b71fb15b413e9c7b81c69d" + }, + { + "algorithm": "SHA256", + "checksumValue": "2584c4ba8b0d2a52d94023f420b7e356a1b1a3f2291ad5eba06683d58c48570d" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/skel/.bash_logout", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-skel-.bash-profile-b648a54d502454df", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3dd5fa8ddb34c23b4c2bac9754004e2a3aa01605" + }, + { + "algorithm": "SHA256", + "checksumValue": "28bc81aadfd6e6639675760dc11dddd4ed1fcbd08f423224a93c09802552b87e" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/skel/.bash_profile", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-skel-.bashrc-329bfd35243b3d50", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "80081f668a345bec7a41424edd6c60e82315ee6d" + }, + { + "algorithm": "SHA256", + "checksumValue": "b152cd21940a5775052414906ab7473a62b69da2300bbf541ce8e10f00c487d5" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/skel/.bashrc", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-subgid-e39d406381c59c32", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/subgid", + "fileTypes": [ + "OTHER" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-subuid-287d5200559a822d", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/subuid", + "fileTypes": [ + "OTHER" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-system-release-cpe-14a9a50d5b249756", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8a5a439873e6ead211cbdd78589eaafa1d4260e3" + }, + { + "algorithm": "SHA256", + "checksumValue": "ab138ea78c1167ddf9cd17736d43f89283e66c20ed4ff63183bfd2989bc7259a" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/system-release-cpe", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-etc-xattr.conf-678ec8bdcba04443", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cf60c512782375f738c3b989b24a72729693fcf2" + }, + { + "algorithm": "SHA256", + "checksumValue": "b159c32d33b2ef8a2edac38d0a1bb1254376ee9fef939af190e0535f1f4d06a0" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/etc/xattr.conf", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-run-motd-5c306b86c8a54142", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/run/motd", + "fileTypes": [ + "OTHER" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin---75628b804e454e0d", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9fdbd59f16ee61048ffd33b74dbecbe2fcecd4b8" + }, + { + "algorithm": "SHA256", + "checksumValue": "afd97bbd643bfe1473794af167cd5c6f44fe449681033e3584b40b836f624b4b" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/[", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-alias-f55de14a8e2e192a", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "289a406fd8600b2d75723e3757e88166ca880ca0" + }, + { + "algorithm": "SHA256", + "checksumValue": "c277897660adddce26a75871188bdae7ffa73f571a6fb779090a4c92df33988d" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/alias", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-arch-0e29a57cbdd6ed76", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8f9ffc9622acba141d93e11c0073ce5be588966f" + }, + { + "algorithm": "SHA256", + "checksumValue": "209bae4071910ef54b4a3bd302059bf7e00870d8bacffcd7c5489425f37ed16f" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/arch", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-b2sum-14cdc4287f825a65", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "575e3e627b7a9b8b421c41f8fd02cb2503345b3a" + }, + { + "algorithm": "SHA256", + "checksumValue": "9116333c88eee22e55e30db1ad088483f52a3024b624356416873bc14fad9359" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/b2sum", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-base32-6093de115bced1fd", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7a044297eb52cd4ed2b571bb07c6492b9fbbbc7a" + }, + { + "algorithm": "SHA256", + "checksumValue": "ff10172686b6db691ae57530dff6cd14b980cbba7ed81a8dcf81bd42dd7bb23b" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/base32", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-base64-12bdc54d751ff826", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "085d34b2ef36dca0183f79506543f5b905edf6c8" + }, + { + "algorithm": "SHA256", + "checksumValue": "fed1b291454a61812e605fd06b04f915ef7e5436cfc1ee17f96523f56c2fbebf" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/base64", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-basename-3cbefbcaae750b3a", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "af27f068e0edd9bacddc2f0c0bea723169c28272" + }, + { + "algorithm": "SHA256", + "checksumValue": "9a1e6804fef8ca36d39b008210b187dc4a82c456919574e61e17ab40c033589c" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/basename", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-basenc-f6ba024f90647bbe", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "116a0e1d7760f311c3476e9a1f579a60fd25c4b4" + }, + { + "algorithm": "SHA256", + "checksumValue": "cd8a131e0af4133b97da4adcca84ae61cc24c898d8d0e2b6aabac6d2d7a34094" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/basenc", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-bash-6fa9a77610a6424a", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "53d87a944dddbb3d8cbd26ff61e4753bdd989469" + }, + { + "algorithm": "SHA256", + "checksumValue": "97995faa249e5706dd0b0373c9da547709bf7349755d5fc8e52f97a4bd04feaf" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/bash", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-bashbug-64-c327e2c36384571a", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "246466f1716587250062fc2b3bd8d67a2f8c4600" + }, + { + "algorithm": "SHA256", + "checksumValue": "5588678b4cf9d513e85c908fad23ed079135656be7b79559570b23f4c3433022" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/bashbug-64", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-bg-e06d6334b1748390", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6acece014fee3a6a99a7c8127876e3ed5675aede" + }, + { + "algorithm": "SHA256", + "checksumValue": "5a864f2047a83aa767ac1a3fca577e5f3a8eb4d129b4b1974fb2009960a9a0be" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/bg", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-cat-4d08b7ddb80d2d2d", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1ff499e53c0920255403ee2ef06afa0873013e40" + }, + { + "algorithm": "SHA256", + "checksumValue": "c6138c9502337f42763d627e4b665dd4fd66f26a987891d0a7e8313783f689ad" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/cat", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-catchsegv-0759df524a156cc5", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "532b497ffd1c7d46417c1bee8fec87e0e5168a97" + }, + { + "algorithm": "SHA256", + "checksumValue": "6968647a65cbe670136c5657540debd96b257b168c2688dd8d34669b31e02111" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/catchsegv", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-cd-4d09709e1a0767cb", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "00c2f95c966b664793bb6b27b56b81a2fdd0a58d" + }, + { + "algorithm": "SHA256", + "checksumValue": "3f794988bc9b6e734d06c6507b4335054d01760a741b60104a49543cf7a964ed" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/cd", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-chcon-fc2ed4d716d9178c", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d16aa25fe4ed9eea2748e986aff5bfdad423838a" + }, + { + "algorithm": "SHA256", + "checksumValue": "c191edddab15fd046170527d27f5f2a864684e118020ae3cab9a8c4ce7e6cc8f" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/chcon", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-chgrp-09e3e4c2688b9525", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1402a8f010532c6f0bd76d0a91c908979fdf8bb7" + }, + { + "algorithm": "SHA256", + "checksumValue": "e1d37a0d06d1d5db7180b10eb367365214de3c458a356efa32960312dabf9bde" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/chgrp", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-chmod-ff13fc8c0587311f", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2dcb6e1e404323760e13dc1e5b805421878fc585" + }, + { + "algorithm": "SHA256", + "checksumValue": "8ee704ee6e399f29d23b37223b4c80a1a5a39fd0752c6d913d9bcb176b4bb930" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/chmod", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-chown-0cb3fbcbd2dd5cd5", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "29dcc6262461574c88126133c57f4f5318eb8420" + }, + { + "algorithm": "SHA256", + "checksumValue": "497a658c90080afd7bba33da8297fdb1be37cf36a3465a344164a8cb14390b53" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/chown", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-cksum-55db1a7e426872ee", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8299d2a22b65a2ed645906053bcd57a46c0f3cbd" + }, + { + "algorithm": "SHA256", + "checksumValue": "09eada4c0374c3c565ebe1f8965bce9943eb7c2790ef031d7b638b3f191b5592" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/cksum", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-comm-ef6f6422dd145c33", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "02bcebd4816b8bf09099e6e86044c3b7b105d531" + }, + { + "algorithm": "SHA256", + "checksumValue": "7449de734af6ab89331fc34dabfd40d10fa799369a52fd9df7c3829ded1d0261" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/comm", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-command-8c939e28ed090288", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "47e25f606eaf2eccca20ccb92aaf0ad751d6e49e" + }, + { + "algorithm": "SHA256", + "checksumValue": "aafc06c6657ccf32c0af350777aa38537ff90685345dc19078afaa26bbe4412a" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/command", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-coreutils-53b48ec4c592891a", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "eada9177c571a861b351e34b461300a6a104d10c" + }, + { + "algorithm": "SHA256", + "checksumValue": "88ee0f88cddd02c13d3f1de374119ccc23468ffa9e65433b3e9d390142c2cc0d" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/coreutils", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-cp-ea0da78f2e6c40fb", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a50e277b33a29f26b5b825ce041ac8e48df2280c" + }, + { + "algorithm": "SHA256", + "checksumValue": "79c39d67b7969b943045e80485f9dc3202a11ddfc5c9f7fdb4287216d0255a90" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/cp", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-csplit-ee98983da607a90a", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1e8b4a2d9443a650ebf84e483c92a30d14b06036" + }, + { + "algorithm": "SHA256", + "checksumValue": "406a678a5b17869b4d148ad1924dd9ff3f2496e6f8b1dde6572edb355ded6316" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/csplit", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-cut-a288191daac71d98", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5f7c6de6de871fc09ae32642219cb90ddea137e6" + }, + { + "algorithm": "SHA256", + "checksumValue": "7448d9549e82dc4aa8917fc2bc2c49ad3f99e85e0c4f9a0957926a1f33c60421" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/cut", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-date-24e937f12da00a5b", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "89a318bcea62a81b9328c0fa46d05dcb7e20c566" + }, + { + "algorithm": "SHA256", + "checksumValue": "71fb38657d2a08ad7fa8a7d6d44b54b4a63b2b0ca654e7865c0993443fe36608" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/date", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-dd-3199eee3197712c6", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "672fcb22508cfc162a7682100480856ada9263d7" + }, + { + "algorithm": "SHA256", + "checksumValue": "afc84e0b7f78721d72cc70e5207c0a948889401b1ae985f88fe5557010898d16" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/dd", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-df-0251bd9fc02e0270", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0f09ab63fa4ba2d4c24f32dd99e6d173e25d6625" + }, + { + "algorithm": "SHA256", + "checksumValue": "7140d87bcfc96e33d0e40e746734dfa02fb2973428059a83f267f490acf2924c" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/df", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-dir-1fea95d62467d732", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ee83b454e9faf9324e59bc11bd72d8ff79b8fb33" + }, + { + "algorithm": "SHA256", + "checksumValue": "9dfc129738cbf6c04a0a6bce388f6cabe0212abfb4f7011997477d657c552b2f" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/dir", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-dircolors-f3eb429bb84f6e99", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "527fc023104da8e34cb2b883a48fb4d9a0563f10" + }, + { + "algorithm": "SHA256", + "checksumValue": "db0b3071d1896d4cb925e2539b959071d3dd028501e989ae051a7cc2923a131d" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/dircolors", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-dirname-e9694d234553dca8", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dc3de909d1832ff6748cb739026407460280ca22" + }, + { + "algorithm": "SHA256", + "checksumValue": "79eb20166b1c6e3c720bbd9d1b7093dba753747f4a9c86c20efd24cfa1b7cd02" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/dirname", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-du-22201df6e59de74c", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "89891569832c12c079cdf123b5ab43ecafb72e28" + }, + { + "algorithm": "SHA256", + "checksumValue": "4f987dcb68ff9790a7da315f18dba495258e0689c9c145cba4ae33bbf1153ef1" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/du", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-echo-691db0f09237c546", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0f7c8d46f52cf0f9319631541c308471113cf022" + }, + { + "algorithm": "SHA256", + "checksumValue": "5e2e65807f2d7416260cc04c62a37b6aa14c3336632709406a6eb5e20a25676e" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/echo", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-env-1acc693ece00bcd3", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b84d0d2d85f4a9d818c4f9e8f61af524d7994601" + }, + { + "algorithm": "SHA256", + "checksumValue": "3164957405d820d74c59ce94cbe8e20eafa4d25366f53e4de9e3f4a149a9576c" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/env", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-expand-a842a425e8b987c8", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7c94424e1096ee9016cbf4ccf67affa7f001ddf2" + }, + { + "algorithm": "SHA256", + "checksumValue": "b2f2c111df45d87cb069e96a9152847d31a40d2357e770d4c943d04afe6e1acd" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/expand", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-expr-b93c0744925b06c4", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ef6ef0b52f22bfce633811b04704bb0dc2ea60cb" + }, + { + "algorithm": "SHA256", + "checksumValue": "27afd110fdd08ce37ae374cdb19348dc82db58b2a299d601b1a202e524ffad7c" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/expr", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-factor-1cde0c361cc14dcf", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "521757b7c3e1d1196a16227c8ae85150f94fe043" + }, + { + "algorithm": "SHA256", + "checksumValue": "ee9ee5a137e0591cd9cb7c833ea6d132715452b6e8ec15a521d5656825600a51" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/factor", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-false-cd6c00e954c6b9b5", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6a29a4f85de079ff81b73fb9662e691dbd36c313" + }, + { + "algorithm": "SHA256", + "checksumValue": "deeb84f2992538f7fadfc6946e4e34ce8b491c5d15aac723f2545fc53423609e" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/false", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-fc-dff600935f2b756b", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c4a74b311a6ea7e521c1abf779399fc8b3ac2270" + }, + { + "algorithm": "SHA256", + "checksumValue": "86495d1781eeec50764ce4e629f316087c2b53054b999308f40580633601b270" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/fc", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-fg-b4c286f3073457a6", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8edc00bfce83f8c865185c188a0643eeeefb8559" + }, + { + "algorithm": "SHA256", + "checksumValue": "0af28b724b8b1850fa6b4f232cf51229b2efed0333ebfb51d940798e28e0d625" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/fg", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-fmt-c00cfb94994cd346", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1dfbeba5c1b0e1c8ad8f0ec9b9d744320998baa9" + }, + { + "algorithm": "SHA256", + "checksumValue": "64eb499e5fcea80a3132b009285321317b2660173d3052ca3dc9c3871f07e0e8" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/fmt", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-fold-ead1fbc22936c919", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9599458a301ca99670389aa530baaf134a8a7814" + }, + { + "algorithm": "SHA256", + "checksumValue": "1af788b3e940772d2d061a2868af5e034faf977d2d7158cbefa3e56a05304049" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/fold", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-gencat-04a1ddd3855f10d2", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "325bfe2eae1c0af0b1dc2aa0836ffb9a3059d461" + }, + { + "algorithm": "SHA256", + "checksumValue": "574ac5cfb4e5445550d22e419773baff99955e224b7e4ca514413a05c78bb3de" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/gencat", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-getconf-042cdd286e6690f7", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4fcda8ccb45522c6d6fa8c4c7839888111468706" + }, + { + "algorithm": "SHA256", + "checksumValue": "cf74a1bf8788f67b8ed65d35f88b15b2b5aabebe13e43b7d42a2230696882685" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/getconf", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-getent-3ded0676f7352404", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c36cb05baec12ced06c970404b6598573f210082" + }, + { + "algorithm": "SHA256", + "checksumValue": "60747da4050c70b0077485a5a3e69dd2ed5c7a15581740005535e13bd78d1f40" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/getent", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-getopts-4504ca799ea14d27", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "25e71412ce313beaeed25e28ea82dca878eddfc8" + }, + { + "algorithm": "SHA256", + "checksumValue": "7f1a970be00f749e2c9a820592e8109ddb7efc76cd8f8f47b748a16feab8cabb" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/getopts", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-groups-7237d96811f2e6ee", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d687c82683c0a3df72e335fd33938476a6abb3c5" + }, + { + "algorithm": "SHA256", + "checksumValue": "80c0a1f602b5a30973ef4aff1549ab8f0c57415f1a1269c60fd463e51bc599f5" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/groups", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-hash-4edf0ef1bd6d64db", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "72baf7f3448f4cdccad27005032868973a557d29" + }, + { + "algorithm": "SHA256", + "checksumValue": "a5c3efd29eb134da49b68b78155c0338ab614eec99094bd07cdda7e99e53ddca" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/hash", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-head-c562bff015a5e88a", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b91a8a58197c97c537e2c6de70888b7ef72279c5" + }, + { + "algorithm": "SHA256", + "checksumValue": "d9265e0e806df2362b9e6b476b8b16cef39979c6e1ec9f51aae90f202b94a6d4" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/head", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-hostid-3735e1d949211fd0", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5e0ed73ba60f5bd2f9ade65c6ac229a5da8c0e06" + }, + { + "algorithm": "SHA256", + "checksumValue": "a755dbdf0e3c215642c5dad5c02c6b69f1c533fc253aa5206e634cae9a601fff" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/hostid", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-iconv-fea7c27abb2379a7", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6afa821e3eb4fe489b8352a62540c1d7e27d1098" + }, + { + "algorithm": "SHA256", + "checksumValue": "2a5024e63b2ccc96b8cff69b7d200540fb59d4fb9f12f4443481b88218f53ff8" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/iconv", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-id-e1320d675eea1128", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f9612c5a18e927cd54d137e938233210f0e7b6f9" + }, + { + "algorithm": "SHA256", + "checksumValue": "44cd8c4e4d7c0abda1cf8f4d3cb8c3eaa3a099e3583226a71b7b2717862293d3" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/id", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-install-4440c693304bdd69", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b3d17f305f320fefe148784928cb2d37c0314ae2" + }, + { + "algorithm": "SHA256", + "checksumValue": "a1e9d54276f52269bf3f3c4787159a8582d093acb918026a389bb03ae886424b" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/install", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-jobs-a2d1ef99a51082c3", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ed10dcf4f9065c771147428a413ddaf035d220d4" + }, + { + "algorithm": "SHA256", + "checksumValue": "1e4046021f3ae7abb820a995c8572cda3f3b4a4d14cb50e3bcb0f50f391a5bd2" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/jobs", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-join-1d0ed68dc53ce512", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b410ff0dde7f8d3c9b8a0c73d0171f9fb43ae8aa" + }, + { + "algorithm": "SHA256", + "checksumValue": "9b4380b504cfba01d655f9102279abc3fa6105a4e107aa409912de8407ce7514" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/join", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-ldd-1298cd5a74e6826f", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "45557090d4ddf6fe984027a45c6fbc193d21a649" + }, + { + "algorithm": "SHA256", + "checksumValue": "2e332feed7fe0d65afca81d83d07f997917c07d5c1f1fd5564e98330e78aa0b5" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/ldd", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-link-5a90803bc828932e", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0e33c18f86779f212affcefe9135769856c836ec" + }, + { + "algorithm": "SHA256", + "checksumValue": "821714203f91ff6532c52ae3f871e0130435b6ba1f1f08d2d1f7bbc6693c0caf" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/link", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-ln-00f4acaa8dc59e2e", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4f14c273cb9fc438b0917982131cf345049e3965" + }, + { + "algorithm": "SHA256", + "checksumValue": "085d5f728f31abf16f2e2b6f848b10e987c2ddcf160cb9a8f12378de2b6c6657" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/ln", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-locale-4b9ff5cd4da5b8fa", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ae711cb58f12c9786933f8cd3be0fced23e73f1c" + }, + { + "algorithm": "SHA256", + "checksumValue": "3a1266701672007cb329b81d2a1ababbf56a37e8b24bd0399370ba927d305839" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/locale", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-localedef-8b70a31f0cac693c", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "067f318d1ed49269f3498995a498d4c8bd92cda8" + }, + { + "algorithm": "SHA256", + "checksumValue": "e08edd554f2a4c83e678d58ddd7e8e0ba8c3355b7d570dbdceb271badfdd0709" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/localedef", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-logname-11f8cc18ba3f55d9", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ad619b65f76115eaa2fbae63f2be1f6f8d44ae05" + }, + { + "algorithm": "SHA256", + "checksumValue": "55fbba98b8cf7ccc3d0920e6630b525360603b1db4c72c955e6d3a09f8602b68" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/logname", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-ls-903a0f05a27e0800", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "27e9d6b6d89b0769569189f37f15b6389071d09c" + }, + { + "algorithm": "SHA256", + "checksumValue": "309b3c9a3246361ec0338641aed3c14e7f91e23e7cf10de000c75135ba99fddd" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/ls", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-md5sum-8adef0d2c945e765", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "59f153e6b32f1ec4d67cfb47bd3cde9c94edf86a" + }, + { + "algorithm": "SHA256", + "checksumValue": "ec74d410b372b48ef2b522cb903d48184f299c9290e5fa430fda73009e1ba468" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/md5sum", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-mkdir-4479450064f58594", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2f38e605397a87ba40254f1e643fd42aa484cabc" + }, + { + "algorithm": "SHA256", + "checksumValue": "3d79925b34d75033957c123dcdb7d9d74bbdf2135ae401aeecd1c7fdbec0541b" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/mkdir", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-mkfifo-562dfae3104460c6", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "32970bbb076f05e95d6d841a1659c621ccc84bcb" + }, + { + "algorithm": "SHA256", + "checksumValue": "3abebd9dd438dfffcd6f958488172a3b403dfa0eac1ac0e1b8c26e94b61472c4" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/mkfifo", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-mknod-cd5975a581a20d54", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a2838bb5f1c76580efd23567ea42b7eaabd3afcc" + }, + { + "algorithm": "SHA256", + "checksumValue": "e0aea7b102cdd165cf69e86c9b72bf9f1610f063a41379ff98e6abd7767a0f0c" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/mknod", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-mktemp-a873586e1f1964c1", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "96190da1106c4247f1b8e043862d44e0d254e90b" + }, + { + "algorithm": "SHA256", + "checksumValue": "79dab18e96e909ca19e901731bd14bbd182327ed34050ad15d3c22186c112601" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/mktemp", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-mv-125be635cd0bbc9a", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0e78f29dce6a6f93c05910f19530574452f774d7" + }, + { + "algorithm": "SHA256", + "checksumValue": "6ee04af6a9560da8304d298561d76ecc42ce167cd37496cbbee5f7975b2b6c83" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/mv", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-nice-63f79ec19e1b94ca", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4f2dcd17b39ad2ffa17e0e92ee766266f55abf9f" + }, + { + "algorithm": "SHA256", + "checksumValue": "05dd64c5d88a6308828a66bdf10fe43a1d762bdf9867eddd1613ed95abcd9eb8" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/nice", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-nl-1ec25a2e334ddb41", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e4eaac987f6b05b44e3bf898f549135dddef0aa0" + }, + { + "algorithm": "SHA256", + "checksumValue": "9cebdddb5c913efd5a2e2056790c58a4b1f0ea753ab776209f620c8aefaa88d4" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/nl", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-nohup-60ceddea44a3652b", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0a9e175d7640c094ac4992dccc3c60707b31b5d1" + }, + { + "algorithm": "SHA256", + "checksumValue": "1d120028b00ffd10dc5d2bdb8725cccd994206809a17897b7dfa7d9852b4a109" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/nohup", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-nproc-d08b3eda3bb0f423", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9de95968bee11e95d7431aaf61c83ba2a4468e75" + }, + { + "algorithm": "SHA256", + "checksumValue": "802d57a2bb4a148ce86b5987d42de833613df533033939621c98af7c83ed10a9" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/nproc", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-numfmt-ebb77e74644544c1", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "466de75850dd7c132427b2d022d06cdd095df214" + }, + { + "algorithm": "SHA256", + "checksumValue": "a2d0a24b66f7e706d20cdbf400f0fb170c9737de1f33707639ac83b0c6eb1fe7" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/numfmt", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-od-e0fd5015daca3aa1", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5fc21e046850c4dea847d10cf48de31df3e8a996" + }, + { + "algorithm": "SHA256", + "checksumValue": "28cee197c00cc74e4020bc2c63ef4a47269bfc42a0514e8ac39b93d1c9fb5c79" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/od", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-paste-8113452b5c9716ac", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6d14aa0f379322bc2099e2572dd5e69d74f3c9a9" + }, + { + "algorithm": "SHA256", + "checksumValue": "8bc3ecc3066cf717ff77c775897786c7ffbc96d8b4e7bf74ac0d1b1429840cbb" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/paste", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-pathchk-c95cb2db6f7ef3a7", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4a12dc81e91b470ee653874d8a16cbf0b77a847e" + }, + { + "algorithm": "SHA256", + "checksumValue": "c75cdb9159c70035a4fb0c266c75b7046a5e0c65770f1abd3955169ee84495cc" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/pathchk", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-pinky-33708b8bfc387de7", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9d5fbfd3630dab9361c7ba1360d0f57685c5cf21" + }, + { + "algorithm": "SHA256", + "checksumValue": "99376200da341d1d415806ebe99b80bdab70f8e9fecc9faf16b97dd9a0038062" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/pinky", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-pldd-055567cad892fab9", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b7ffc1a0031282323e8c6175d9592965062f491b" + }, + { + "algorithm": "SHA256", + "checksumValue": "e8129667c54b7e055ffa170af2508dc502fb1180650336b3f62cbbb24a502740" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/pldd", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-pr-adaa31120292d0e1", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4f81df2310ad8fa8a25291552d2223c7caa1b38f" + }, + { + "algorithm": "SHA256", + "checksumValue": "a01cee18df2195a84845ab441c0860ccd2e60fe8420165a46450c4215759c2a4" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/pr", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-printenv-f74c6fd74cfbdcc1", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e34f63c0fd760b82fdc2fb423a0ac9d86326ca74" + }, + { + "algorithm": "SHA256", + "checksumValue": "d28a352be84024a34f072b7c6a26b94aa87a2e76b90f437107d9b7eeebd0053c" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/printenv", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-printf-adb4ccdfd776d96e", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "72fe02a8bc6fb958c4181f15fbd7d821fb9d69ab" + }, + { + "algorithm": "SHA256", + "checksumValue": "129f7bcc2ae4d017b79e41c979ebfa18fc9052d4186538c25d736bfd2e397280" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/printf", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-ptx-cb05c7cc7d580a18", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cbad420a1f8db2821352f3a1b23cc9076fe064db" + }, + { + "algorithm": "SHA256", + "checksumValue": "4d3ecca846d94b352b5ba97887e413980af43df47f393f860ed07ed3af0ef681" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/ptx", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-pwd-5faacd44ff9fbfb7", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "48594a8abb7f13c85be045d8659a64a6fabad41e" + }, + { + "algorithm": "SHA256", + "checksumValue": "efabc0b34ff064d6a99456f5f74490573f8b9db6d1bf9450ad2e0aae0402b89c" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/pwd", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-read-3038e7cdd4f2457a", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bf8e3fc1852d2925f2cba52fb1be0c94a8e76ac5" + }, + { + "algorithm": "SHA256", + "checksumValue": "f0f717be7c907acc0c1c4b489d619663076e5f08ed56257d647d192d492a147b" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/read", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-readlink-b8fd4c93bdc2dc56", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "720b77521af81b3ec5738f6983fe5df2bd6e9358" + }, + { + "algorithm": "SHA256", + "checksumValue": "b84234996da12c81e5762285b91ae7681342e012612df920b94ae0bd1557884f" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/readlink", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-realpath-1c1877936aef4d1e", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4fbfcc77e12dcebef21b16a83af48201abb92c7e" + }, + { + "algorithm": "SHA256", + "checksumValue": "504d523de86fa1463b8d96abf3cdd7ec8e85571593bc95650130c83ee8ff20cf" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/realpath", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-rm-e49573c9128715cd", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "903a4aa5e26a0e53254b945e6ed66d1d6f6d11bb" + }, + { + "algorithm": "SHA256", + "checksumValue": "c909af3f4c8ae30d059b96a9cf7b097db39159d161622b95190d60d25a5db776" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/rm", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-rmdir-61cf5d4d97dea3ee", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7b6258ad372f3433582b24e8ea4d0bb5576aa3a0" + }, + { + "algorithm": "SHA256", + "checksumValue": "6e999e3d0c2ccfeb001f513f6a6f51c5121327894ea279e2682b4b8272c4bca8" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/rmdir", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-runcon-e558523be5608a79", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f0b74a6c7103b76887fd753be504ae3a16e2b9b5" + }, + { + "algorithm": "SHA256", + "checksumValue": "7ee2793317816a3898f317c53f3ae9324f9e245e52e9df7014553daeaf99b9f8" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/runcon", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-seq-adfd58add87f17eb", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3ac2fb84bf15e169527d7bdf55ad8b5e228af851" + }, + { + "algorithm": "SHA256", + "checksumValue": "bb11a10b8a0f5c8e974b844f2fb6c94f81d50ed2508f4583235d4cbe8bc0fbc6" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/seq", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-sha1sum-099b3b80e0d55e14", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bc8e4e25974ed24d035a193b9d73bfee54958003" + }, + { + "algorithm": "SHA256", + "checksumValue": "c5e5033951d2d051b6a8412aab455294f2ec529aec279e2bc1600d21dd242a7d" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/sha1sum", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-sha224sum-d2810e0008a20996", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7310a416702b8dc0c2af27d0750aa4916d1bd335" + }, + { + "algorithm": "SHA256", + "checksumValue": "7737b55fb338ea353ae400752f720edbcf38ef09b84ef9be9985195853a62d0d" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/sha224sum", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-sha256sum-8da81b57196be8e6", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f207dbd127187de6590a9b245b25982fcf241ccc" + }, + { + "algorithm": "SHA256", + "checksumValue": "377e96d9304a3e91119a58155becca958b4dc286c203ea2917ebeadba183db1c" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/sha256sum", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-sha384sum-44cbc0c3016ab504", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f93e81d3e93639913be9d934040e76471a2aca07" + }, + { + "algorithm": "SHA256", + "checksumValue": "94e88e0dcf5ee93b44fed867bf4e42e737dfac9ca957247489264bbf1b2f6ec7" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/sha384sum", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-sha512sum-c98b488a39cc46b1", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1ed28781164c4b0598f64edd9c9b68b8accff86b" + }, + { + "algorithm": "SHA256", + "checksumValue": "23809accfe32a32da5b0fdb65f6d638f96f3c48be4fa59c41a04067677daec6e" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/sha512sum", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-shred-ca299e004609c194", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1b6acb6267be464343dfde0809bc5ac5685484d1" + }, + { + "algorithm": "SHA256", + "checksumValue": "b06cd470398f9e5505b962475935ce2922ad8b8f24d469e55ca398c6a4c840fe" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/shred", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-shuf-8caa893d3ea3ff10", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bb2127fd4acf163e24acae97369b20591a0ade64" + }, + { + "algorithm": "SHA256", + "checksumValue": "76918b2e6df2cd31f4e6812766b003fb4a037507d12e089e4a513f8f13c312e1" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/shuf", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-sleep-0eb8f50913ea3f60", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a7d45326d7045b85cfe5eed8b7e5f6c3dd44078d" + }, + { + "algorithm": "SHA256", + "checksumValue": "96f0366d3535f1556981c0ccc68c160328eb6f2757971e15642d585b2cd1f344" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/sleep", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-sort-4da4e02973d88fc8", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cc55a192535438eecadeff31fc3a73f8a4050061" + }, + { + "algorithm": "SHA256", + "checksumValue": "7db440f4b4270d53050569407160d7f7c23fd7832394ce9bfbbc0b1d6e7e7dac" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/sort", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-sotruss-de28eb2e62d67253", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bb4d462d733966a97a40eabeb9094d98b68b0e69" + }, + { + "algorithm": "SHA256", + "checksumValue": "a01e33a22e131e727a069bfe82faeda8f58fede0dd4966f88300fe9ec1fa8496" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/sotruss", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-split-18c628e1581ef32f", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "996fd666370fba16add476d7d329273a3adbb2d9" + }, + { + "algorithm": "SHA256", + "checksumValue": "9b963841b57f729c71909fe9d4c5f1644aea4260b736b37050b35f18ab82b4ab" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/split", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-sprof-d44a620886ddc807", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c9b034f55b885713cc30e5e021392f0ed68203d1" + }, + { + "algorithm": "SHA256", + "checksumValue": "fe9891b04f1d07fefac7bc2822d98977f31f839dd876cf5985fa8ec172af6b96" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/sprof", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-stat-a01c2e35e4cd9dcf", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9f69f0ff28c5130a1f6456a67c0fc313250c074d" + }, + { + "algorithm": "SHA256", + "checksumValue": "9f6ffbf89d8463633790130b1d79999e1f5ef72fa63ac128eefc19101116b4d3" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/stat", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-stdbuf-6200262a8b800757", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9b3c7d4a67bbd37a222afa34fe7aa5cf5c23e92f" + }, + { + "algorithm": "SHA256", + "checksumValue": "64ca8854673bbe7597c0be2ebc1ea1248e16a022e07216fe5ff2af5af1408cd7" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/stdbuf", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-stty-df46e51677002d7e", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9307c56df9cb966f76a634c0746d42d5f8ce2ebe" + }, + { + "algorithm": "SHA256", + "checksumValue": "347183bf373a494eb701af0b8f2c2c7d296a6ac1a90fad3cfe4745d236bd0dc9" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/stty", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-sum-442756f97c0385ee", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9bdfc613fdc7339e6ea8e9810331beda4d794977" + }, + { + "algorithm": "SHA256", + "checksumValue": "4f443e4c6d5063c4affc2b9d12852eab4c4eb675e323603441b0cc96fb9c2389" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/sum", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-sync-87495cf5d2d47fda", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6ba9e0a1e2eed62ac07cb1a96debd492597c648b" + }, + { + "algorithm": "SHA256", + "checksumValue": "5f3ecf316cc8d0461cdc69e55f97c575a2c37f250e77461ac6241d049d65b177" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/sync", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-tac-671e7687831fbe6a", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "989e56cc65e99a8f17cd6c8c864301dce35682e8" + }, + { + "algorithm": "SHA256", + "checksumValue": "054324a3bf86ff8d7de940b38abfea90434de3f7e6dbfb68c28fef13ab194a4b" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/tac", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-tail-fabc98d06b8cab7f", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7268458ab70a426daf11cdaabe465db2f35d3eef" + }, + { + "algorithm": "SHA256", + "checksumValue": "c84b690e840c9297566787aa939370f9b2e181e01c91b727e77ae07865f06c1a" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/tail", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-tee-3a050951eac42194", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0da9a1b60462925e9afc05f3176c0a273623380f" + }, + { + "algorithm": "SHA256", + "checksumValue": "97a3eca66552d324751b1e8e5af6ca4295328b98fa57bc43f1f81cc0a53e197e" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/tee", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-test-4063805e2cb14bb4", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "be4c44bcf58a961241b8bed1dc43d5439b104e2d" + }, + { + "algorithm": "SHA256", + "checksumValue": "12f025e9fc03f2dde8653295c2c685c1a010120b768a5becc53f61a652469005" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/test", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-timeout-e9a6add62f58cbe4", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "935c4f99d23fb446cae51887710191f291b21619" + }, + { + "algorithm": "SHA256", + "checksumValue": "a58c5c3de98fedf0d7199e4e51e6d241169678259b99c21c75e5bbc17b885662" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/timeout", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-touch-3113715cd7c7652d", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5cfa434bfcb822d6b1251c802ba40f787c6f76da" + }, + { + "algorithm": "SHA256", + "checksumValue": "cc4165b10af3012c31ff266d74ec268c5f0ebf0521faf2596141d1b33b9c1309" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/touch", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-tr-ea9479d5ccdf69bd", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d0d23cc713deb1776203813369bdfb2e33873bbd" + }, + { + "algorithm": "SHA256", + "checksumValue": "e3bb9a0ff998a6452a2652ad9fe93913ed17426812718c0618b769c0a45859be" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/tr", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-true-584c36265a2ea13b", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c1722a4b217bfb26dc2196fbc12c772744d3f486" + }, + { + "algorithm": "SHA256", + "checksumValue": "c73afb60197c9c64805d2b4ab95efdee8646f8248ff800de2575a11eed8f9f08" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/true", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-truncate-ee3e17c720f2d89d", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "75e44a6f34c669cc3dc19093cd26ec9994d46f94" + }, + { + "algorithm": "SHA256", + "checksumValue": "e58155261499fd6ba41e6f6cf6b696529f929b2ea82d710b8d0467e28f9eb6b8" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/truncate", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-tsort-090b325103ea5c7e", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6a9933ff7c80153280caf8be59ab896a8cbe957f" + }, + { + "algorithm": "SHA256", + "checksumValue": "f93ec3a790a5f9283da66b22aa307a9289ba40a6a9f413c74dbb18d243c71da2" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/tsort", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-tty-20f0e0881f4f91b9", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ee1e0cedda425d84a7bf9819fc6fa3f1e7334059" + }, + { + "algorithm": "SHA256", + "checksumValue": "47fb87400000912b988e1a8708d99287751c976b942ffb5dacc21316d07fd6d0" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/tty", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-type-5be5c30ab6dbd6da", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "339eedcc50d7b24c3c15e056ca79a2a6394f0811" + }, + { + "algorithm": "SHA256", + "checksumValue": "36d5d35fee92010a0869fa9229d201b54f795217557105409e381f471a8038cd" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/type", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-tzselect-326f83eda515ade2", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bc409f72d805f31ce7b181e73ffa505ec6cd78f2" + }, + { + "algorithm": "SHA256", + "checksumValue": "895808da0dad628436ef6de05465978b7929fe017d186d7d626c2074e5c345b9" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/tzselect", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-ulimit-294ae7b1d8792003", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "09651176811817d03591ae8c4258d04a01562e67" + }, + { + "algorithm": "SHA256", + "checksumValue": "d66bfb63a8afcea2c6d17561f27f8d3ddb49062f221c9b18d64e7c846c34ff94" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/ulimit", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-umask-72ef05d9ecfdd9a0", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4e230e28dcb60d5587a12f9e7ad9920846cfb113" + }, + { + "algorithm": "SHA256", + "checksumValue": "975d986bf2124069a5781239ba169c894f3c0c152e3262cbddd64fff74e88171" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/umask", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-unalias-3c7a78190734ac2c", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f4a3cff8af1e0bdee91fe52da50c184e4c4db4c4" + }, + { + "algorithm": "SHA256", + "checksumValue": "9631a027d22e68cb01c9753dc6cd44b9b210007cb0c1162cab12a715a2bcef60" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/unalias", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-uname-2fae52fc2880ff83", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "67099ab009d2df7d42908c0f5b5688ed8af384a5" + }, + { + "algorithm": "SHA256", + "checksumValue": "050964cc46affadcf00d817106c47a6bde087fc483fa0643e168a816b76de608" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/uname", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-unexpand-77c849091ccf0af5", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0aadcf2c42c2d9e737adcf5a3cedd84d81d0c9ab" + }, + { + "algorithm": "SHA256", + "checksumValue": "9dd5e2f796993334c5d66b9d2258c48d447fcdc2762a6aa0987590f5384552cb" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/unexpand", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-uniq-c2991afcc7b64b3f", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1597d09bb83163173a908ef4f7184537cb9d09aa" + }, + { + "algorithm": "SHA256", + "checksumValue": "2e91d5ac599019cb960094ed9a9b9973d7c1980b209dcba3de2f1549e85a0cd2" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/uniq", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-unlink-aebe7ba7f1d173d9", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3f7e0a28583528e29da3ad65b9f5da7f7e913bd0" + }, + { + "algorithm": "SHA256", + "checksumValue": "d9a4afe24003912290d8a8fed7781afeeee64bb88a53cfd5b2f820ab6df355c2" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/unlink", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-users-64c3ef3ca25bde85", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "effbe20ec87e9e7676eaff14227b4ef2ef27d938" + }, + { + "algorithm": "SHA256", + "checksumValue": "d8f7ba3fd846a96259a17e8785a172d653fdfb03c1507f95aeeb8d5461407b5c" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/users", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-vdir-a2a7ca8c886b41cc", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b92e6ce604508591ce94d0e78057b7373d5c7f16" + }, + { + "algorithm": "SHA256", + "checksumValue": "fff208202d47a5ff1daec8820f11555149ec8d9d9b39235e14555c3a14bd8572" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/vdir", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-wait-b9b95b25728ed5e9", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5626cfe4711da11e9b207d8c920364138af94d3d" + }, + { + "algorithm": "SHA256", + "checksumValue": "238e0bce60ea5baff73d00fe4bb580335c5fb2c50fc3d9527f80fa57f5648550" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/wait", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-wc-7aa468a1496ac054", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5a675dff97cb212b7152fc080f8cb378ac3c98a9" + }, + { + "algorithm": "SHA256", + "checksumValue": "709f6b9228d11ea5bf6298c953c98a3d11ec89a50916646494661aca8c32a775" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/wc", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-who-213a833496f6970f", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "11316248c3582e03e77e2fa2d20a44a0f889838c" + }, + { + "algorithm": "SHA256", + "checksumValue": "5f2f1a73f39388b45a8ee56e44abe0a084d6849ba4c432130f9ef04bc6a58e4e" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/who", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-whoami-0fafedc4e6fd7cf0", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "36eb9262edf87f57d85e9b1dd1ee3ff2870451ea" + }, + { + "algorithm": "SHA256", + "checksumValue": "112e9bdfc8975c4413bb940c0ab36034902d0037b2b25d24f2d1b4f93a32bd6a" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/whoami", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-yes-f609f1cbc122d4a0", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0525fa3a805dcd1bf37ded7fc36ef84f80521847" + }, + { + "algorithm": "SHA256", + "checksumValue": "614d5aab2a46b047fb5160018dd4f1c7655f792a467dcb8abea75cbec5579b08" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/yes", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-bin-zdump-29828b308b7825dc", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "33c96235b54e0c294eb2d9bc33c402b18efc5100" + }, + { + "algorithm": "SHA256", + "checksumValue": "54f4e8c38fa2f5308edb85825a219ffe9fb4961e7eb2e315c6c024e3f2847259" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/bin/zdump", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib-locale-C.utf8-LC-ADDRESS-c802b681a8f250e3", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "12d0e0600557e0dcb3c64e56894b81230e2eaa72" + }, + { + "algorithm": "SHA256", + "checksumValue": "26e2800affab801cb36d4ff9625a95c3abceeda2b6553a7aecd0cfcf34c98099" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib/locale/C.utf8/LC_ADDRESS", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib-locale-C.utf8-LC-COLLATE-d3c342bee6dcb546", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f245e3207984879d0b736c9aa42f4268e27221b9" + }, + { + "algorithm": "SHA256", + "checksumValue": "47a5f5359a8f324abc39d69a7f6241a2ac0e2fbbeae5b9c3a756e682b75d087b" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib/locale/C.utf8/LC_COLLATE", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib-locale-C.utf8-LC-CTYPE-cdcaf220db009fa0", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2ef33b106c27612ac5a4864f3ba35db0c9a1d130" + }, + { + "algorithm": "SHA256", + "checksumValue": "2cb901c95a9fa81466d7878f81aa8eb52620df6f4420a0e219943ee6491c9334" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib/locale/C.utf8/LC_CTYPE", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-...lib-locale-C.utf8-LC-IDENTIFICATION-725fda6adbad0fbf", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1eeec3b2cb259530d76ef717e24af0fd34d94624" + }, + { + "algorithm": "SHA256", + "checksumValue": "38a1d8e5271c86f48910d9c684f64271955335736e71cec35eeac942f90eb091" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib/locale/C.utf8/LC_IDENTIFICATION", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib-locale-C.utf8-LC-MEASUREMENT-b58d2081a4969565", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0a7d0d264f9ded94057020e807bfaa13a7573821" + }, + { + "algorithm": "SHA256", + "checksumValue": "bb14a6f2cbd5092a755e8f272079822d3e842620dd4542a8dfa1e5e72fc6115b" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib/locale/C.utf8/LC_MEASUREMENT", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-...C.utf8-LC-MESSAGES-SYS-LC-MESSAGES-77bbe8ef6464a65a", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "574d7e92bedf1373ec9506859b0d55ee7babbf20" + }, + { + "algorithm": "SHA256", + "checksumValue": "f9ad02f1d8eba721d4cbd50c365b5c681c39aec008f90bfc2be2dc80bfbaddcb" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib/locale/C.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib-locale-C.utf8-LC-MONETARY-c17bf6ee94ebe658", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "110ed47e32d65c61ab8240202faa2114d025a009" + }, + { + "algorithm": "SHA256", + "checksumValue": "bfd9e9975443b834582493fe9a8d7aefcd989376789c17470a1e548aee76fd55" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib/locale/C.utf8/LC_MONETARY", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib-locale-C.utf8-LC-NAME-e1d8632b411ad09f", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b5d16f1042c3c1c4bef85766aa2c20c1b0d8cff6" + }, + { + "algorithm": "SHA256", + "checksumValue": "14507aad9f806112e464b9ca94c93b2e4d759ddc612b5f87922d7cac7170697d" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib/locale/C.utf8/LC_NAME", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib-locale-C.utf8-LC-NUMERIC-9967ec5443ba73a4", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1bd2f3db04022b8cfe5cd7a7f90176f191e19425" + }, + { + "algorithm": "SHA256", + "checksumValue": "f5976e6b3e6b24dfe03caad6a5b98d894d8110d8bd15507e690fd60fd3e04ab2" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib/locale/C.utf8/LC_NUMERIC", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib-locale-C.utf8-LC-PAPER-45c3f98d1964a3e8", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "567aaf639393135b76e22e72aaee1df95764e990" + }, + { + "algorithm": "SHA256", + "checksumValue": "cde048b81e2a026517cc707c906aebbd50f5ee3957b6f0c1c04699dffcb7c015" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib/locale/C.utf8/LC_PAPER", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib-locale-C.utf8-LC-TELEPHONE-8558a6f8bda0c485", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3316c99e183186c5cad97a71674ef7431c3da845" + }, + { + "algorithm": "SHA256", + "checksumValue": "f4caf0d12844219b65ba42edc7ec2f5ac1b2fc36a3c88c28887457275daca1ee" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib/locale/C.utf8/LC_TELEPHONE", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib-locale-C.utf8-LC-TIME-416b2f4ec2cb80ff", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e619a4db877e0b54fa14b8a3992da2b561b3239b" + }, + { + "algorithm": "SHA256", + "checksumValue": "0910b595d1d5d4e52cc0f415bbb1ff07c015d6860d34aae02505dd9973a63154" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib/locale/C.utf8/LC_TIME", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib-motd-d19d55a5de663610", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib/motd", + "fileTypes": [ + "OTHER" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib-os-release-60ae387f12bbdcfb", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fbeea8fb8d4561f7c8e9b2a0c7b9d85fe138dd91" + }, + { + "algorithm": "SHA256", + "checksumValue": "d577e5bc6e84d4c3aa951d0f72fac01e00215d73d72ba6377abda98a68b376a4" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib/os-release", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib-rpm-macros.d-macros.dist-ac288cbfb0ac99cf", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1d668745eebeec90036ed155e3ec36991ee9c35b" + }, + { + "algorithm": "SHA256", + "checksumValue": "5aeba8391625e61164053c0b44aa9e13f636987fe1962fecce23c8fc49fbc763" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib/rpm/macros.d/macros.dist", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-...com.redhat.RHEL-9-x86-64.swidtag-c6a282cf82cea475", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "68b18fb7002f6d32299e0d3bc253f188894e0b1d" + }, + { + "algorithm": "SHA256", + "checksumValue": "d6edae22d91b9a245159ebd816e61b855571c620cf56e68cbf6d0b177cf0cf06" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib/swidtag/redhat.com/com.redhat.RHEL-9-x86_64.swidtag", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-...com.redhat.RHEL-9.5-x86-64.swidtag-6d3677e4db85f55f", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "666311fc3c8eab646b11dcf3988667a77ef41e01" + }, + { + "algorithm": "SHA256", + "checksumValue": "9c179873ea2bb9b5c7c28adc01a2ccc59b72e692a1f088349d3866ef0dd2568b" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib/swidtag/redhat.com/com.redhat.RHEL-9.5-x86_64.swidtag", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib-sysctl.d-50-redhat.conf-7a133b6f93d1fa35", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d2656a46572e258b17c5703dd96f61f9338b2885" + }, + { + "algorithm": "SHA256", + "checksumValue": "cff0531af9151667207f590615894598494081fb3d6c4db0728fecfb41fbce92" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib/sysctl.d/50-redhat.conf", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-...85-display-manager.preset-e4ffecdd0b797b12", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "75c04345a5c262bae5f12b29c968e68a0dfbefad" + }, + { + "algorithm": "SHA256", + "checksumValue": "037ee720a5c511d7b257216cc81b55b5ebeb09775426288f2d46d614594d9e56" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib/systemd/system-preset/85-display-manager.preset", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-...system-preset-90-default.preset-121d57fa77de27a3", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6a488ea1d81bacddddbc30d4ae0f981dbb300d8f" + }, + { + "algorithm": "SHA256", + "checksumValue": "e55db1d90aba004366f9aef73047a03579ab2b4efe916d8f94605be5d3581102" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib/systemd/system-preset/90-default.preset", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-...99-default-disable.preset-4c8aa3bc542b4878", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b442ebba4890435070a7e468358b191883a71374" + }, + { + "algorithm": "SHA256", + "checksumValue": "3127b197b9eae62eb84eeed69b0413419612238332006183e36a3fba89578378" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib/systemd/system-preset/99-default-disable.preset", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-...user-preset-90-default-user.preset-a58bf7c45d2e7be1", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8379013fe884529a5adde637f5ae2bffe8cb2976" + }, + { + "algorithm": "SHA256", + "checksumValue": "ba8ff51494b993c5dd3fe73b82cb12abd2ff2212303c0929d879c990d2d85ec1" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib/systemd/user-preset/90-default-user.preset", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-...user-preset-99-default-disable.preset-e453479c4f575e2e", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b442ebba4890435070a7e468358b191883a71374" + }, + { + "algorithm": "SHA256", + "checksumValue": "3127b197b9eae62eb84eeed69b0413419612238332006183e36a3fba89578378" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib/systemd/user-preset/99-default-disable.preset", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib-tmpfiles.d-libselinux.conf-716de61452cc5971", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9115ba504c1790e26dc1078d4f549fb6f9c5a184" + }, + { + "algorithm": "SHA256", + "checksumValue": "afe23890fb2e12e6756e5d81bad3c3da33f38a95d072731c0422fbeb0b1fa1fc" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib/tmpfiles.d/libselinux.conf", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib-tmpfiles.d-setup.conf-4262ed2903a85bf2", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e4d485145026d758bcf51aa356aa1795981e3ab5" + }, + { + "algorithm": "SHA256", + "checksumValue": "b1a7958d03497b0e231f8f14ee501ebb4d15a822d096c180226af5429df15f78" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib/tmpfiles.d/setup.conf", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-audit-sotruss-lib.so-6235ef0643d4a14e", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b8c81bd968f24b145a58667faeca42f4aad5b689" + }, + { + "algorithm": "SHA256", + "checksumValue": "6184ce1199d5440384580f4ddfcd63f88a3eb49ccb4289a43fcb743c1034744b" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/audit/sotruss-lib.so", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-gconv-ANSI-X3.110.so-48dc10363ec04799", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "80eb2bded4fb3b7e4c63bb31d0646c3ff37fd3e6" + }, + { + "algorithm": "SHA256", + "checksumValue": "7fd565d89a501b7789f57587eebdd115d2bc56ea8f9e0ed8a87c63f3c3a57029" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/gconv/ANSI_X3.110.so", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-gconv-CP1252.so-7eae0e1a3e331c1d", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "60239497fefc019090c2998b008ad72aa1076712" + }, + { + "algorithm": "SHA256", + "checksumValue": "fa6c15332c8f4eabb90db81d69f4b486ce460d0c9468111305eadd0ea3ef5732" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/gconv/CP1252.so", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-gconv-ISO8859-1.so-862870f595274f40", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f7f0ad06f3669dc8d488e4a345bda0929ec9e9ca" + }, + { + "algorithm": "SHA256", + "checksumValue": "dde7e26f5bd6b26fc7eb6e9c6ca43ca807b1b2d6021c93bb048a0cc56f0fd360" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/gconv/ISO8859-1.so", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-gconv-ISO8859-15.so-3b41150404d45e56", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8581b9f4a0634b47f683ec92a58b1ab4c7f7cdc5" + }, + { + "algorithm": "SHA256", + "checksumValue": "19a55d25edfd2244e820c6173897768fe1809f9ccb74868338e95383f93e01a7" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/gconv/ISO8859-15.so", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-gconv-UNICODE.so-25f0f51c1f89d8f0", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e21fa5e2a34cde1a3998215d6c7b398531c87733" + }, + { + "algorithm": "SHA256", + "checksumValue": "963f0a8abc3b6f874d09b5ba5157f3bb8e14b45fe10346fcf14debbf4ea40098" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/gconv/UNICODE.so", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-gconv-UTF-16.so-477868edd8205945", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "60a6970a3a5ce6970440644d7c09b25f43266922" + }, + { + "algorithm": "SHA256", + "checksumValue": "6ce6e2b726b3fa1cacc585da48c94a79702019cee939e129cc44757d38cf2c40" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/gconv/UTF-16.so", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-gconv-UTF-32.so-0422a3de27ba8218", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5f1e92f7d16630b52980df8ecbb7c613c80c800b" + }, + { + "algorithm": "SHA256", + "checksumValue": "b2f0f9a75d990b6addd9509a26067c800e540014d7c48a6b9b036b576765ba58" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/gconv/UTF-32.so", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-gconv-UTF-7.so-9fe7e4964c757aeb", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "eaa874491f96c7e00b45d68f74837cb90a105435" + }, + { + "algorithm": "SHA256", + "checksumValue": "4058ca1fdd5003fead149f4b5d042263ae32eae1a948a12aa5009499c0135dae" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/gconv/UTF-7.so", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-gconv-gconv-modules-8842aea72f6aa015", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ab6ec0f61e3c8d08fa9ad986790557b78568138f" + }, + { + "algorithm": "SHA256", + "checksumValue": "9976193fd6fb671112a0f10486e50ad3bfb79e9a08429544c820365cdd3bfd35" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/gconv/gconv-modules", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-gconv-gconv-modules.cache-02c86f8b5782080d", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "422a05b8691abab797d08753f682060d0fd5fbff" + }, + { + "algorithm": "SHA256", + "checksumValue": "32be69bf0c00481b7279aeb8c0d7920f3da4d95f0743924c0c9cf63a20b9c9b1" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/gconv/gconv-modules.cache", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-ld-linux-x86-64.so.2-1747ebd22f83821b", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dcf3379e892abe7bc69b529307f059fcdd3955ab" + }, + { + "algorithm": "SHA256", + "checksumValue": "b2f1e393f2eac845e5a162f193f999402ac615d8a4eb1213038982e78db8eb94" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/ld-linux-x86-64.so.2", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libBrokenLocale.so.1-cf18627e23e984c4", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5cf9a7785f40aa5b718a2349da514eb785a8df18" + }, + { + "algorithm": "SHA256", + "checksumValue": "0021c1f29f580a27115bf6c8480e443ef23bc68f128e8eeaa11a0b58299d4958" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libBrokenLocale.so.1", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libSegFault.so-63c3f57d370dea27", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e0a0ca0d30eb9cb2391aeb9b531cdf28386259af" + }, + { + "algorithm": "SHA256", + "checksumValue": "704df5caf698a53086bd1c9170126725af18e505f7defbe15933d1ba5bdd1aa6" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libSegFault.so", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libacl.so.1.1.2301-0aed66c4c43d9b58", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "94d85a7ef951984cc7d9337ba6f4adf1b09a74dc" + }, + { + "algorithm": "SHA256", + "checksumValue": "4894d693ef1fd6acbd95a8ef1873716b6086523084fceca0b16f430acb2d67c7" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libacl.so.1.1.2301", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libanl.so.1-de6ce068dd8d2b3f", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e0944d1beb24b08084cf71cabec2d77bcc2b5616" + }, + { + "algorithm": "SHA256", + "checksumValue": "7f7c74a7e550f8863faa870d0194b4bcd3a0af96833281ab615304f9730186f8" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libanl.so.1", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libattr.so.1.1.2501-321c1be60f60c92e", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cf304368638fcb8aef50f0e1ded25deadb64b33c" + }, + { + "algorithm": "SHA256", + "checksumValue": "944c2763b2c727d3126e9f60edac6189d9ac072cb91538eda0f4cc55bc24a5a0" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libattr.so.1.1.2501", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libc.so.6-3deace09a409d0d0", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dc0a085fc61859e48885acd6d879023c864e80a3" + }, + { + "algorithm": "SHA256", + "checksumValue": "83154574f5316424018a0d460cbfa08edd2357be7c97bd942014792de0687651" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libc.so.6", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libc-malloc-debug.so.0-0cd5d3e0c713a5a3", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b2c41b669f57ce16affbebff629a6ca917906a20" + }, + { + "algorithm": "SHA256", + "checksumValue": "b2f8ef43635756c4a453f8e6b4e1b314c90a0a511a9db3f588bb08b9ab1dc1d5" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libc_malloc_debug.so.0", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libcap.so.2.48-c21818d7924866af", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b0ae269f466bcbcb930bfb99509af19d4f6a4e11" + }, + { + "algorithm": "SHA256", + "checksumValue": "6500f43eb752d95bd6cbcef501d0152ea678b8635b3b50914ab68c0d37d8b339" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libcap.so.2.48", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libdl.so.2-776266db8d5dfeaa", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6fa0e92bf161ec4be1af992fd00ac5d170d842c1" + }, + { + "algorithm": "SHA256", + "checksumValue": "22469f3f122d2f377cba30d0493ae06e8ebab045aea172ee9712ebfbd6a824bf" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libdl.so.2", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libform.so.6.2-8f6edbb4d1d74d74", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "936163e75bb24e1ecdad23828d8c60494e80ad9f" + }, + { + "algorithm": "SHA256", + "checksumValue": "1673770eac500d65e22f460754375131243461f140cada78f99fc4c4e3555286" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libform.so.6.2", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libformw.so.6.2-312210cb4564eb6c", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f7c2b0080bac1bdca25d64c275d83226fce90cb1" + }, + { + "algorithm": "SHA256", + "checksumValue": "87c9ef6c4fc505333b64b09898116515f6e384245805a1375bf2b381b1c989a0" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libformw.so.6.2", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libgcc-s-11-20240719.so.1-f66aed1874e19fc7", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9757b5ba0d85b73a707ad9badd8725caacf1d1b9" + }, + { + "algorithm": "SHA256", + "checksumValue": "7d3b32d8b024ce335b11523f42dd5242cfa07cf7245a9cbb6aea68e1515b7251" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libgcc_s-11-20240719.so.1", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libm.so.6-c476348290be58ba", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "56e0877e630568abf82e9753553c26ebcd96a6e3" + }, + { + "algorithm": "SHA256", + "checksumValue": "74fed9a97695e4382960fb8f608fee21741e47c3fffa61626e3166110e8e5382" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libm.so.6", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libmemusage.so-f6e217b5fe40dbc8", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2bf7077f2c25757d6e5c8c84c010b6983ec6123c" + }, + { + "algorithm": "SHA256", + "checksumValue": "25b43a260409a83cf8f60f915efcdbd9399c39c72275f059ec815f7ad675f808" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libmemusage.so", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libmenu.so.6.2-62c1cbb37e1e73e9", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "518d2092c7c0c2084673c10359684c37dfae4536" + }, + { + "algorithm": "SHA256", + "checksumValue": "40c6c6bb12cd1994f17a4f2cfdff4bb523d6ffb337d561aff45397d666a9d088" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libmenu.so.6.2", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libmenuw.so.6.2-c794ef08bd638d4a", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a480d9efbef73a85dfe0203b1411bfabe7103b16" + }, + { + "algorithm": "SHA256", + "checksumValue": "5b851135a1a47c5776300dabbdd91d921b567393b4bd18bba361c04a30511f8a" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libmenuw.so.6.2", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libmvec.so.1-252e895078577c0d", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "67a2ef708801131835c2e0a53486a4b43e190d4d" + }, + { + "algorithm": "SHA256", + "checksumValue": "22a5e18f8102cc8e105314013f45c2b8bbda30a7f1d82b799b2cf0fba976289b" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libmvec.so.1", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libncurses.so.6.2-93154dad42e34e27", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4e852431012fc9f75492d65b3e744e2233d3d3c4" + }, + { + "algorithm": "SHA256", + "checksumValue": "30ab92d046085308f0b5e0c5c85a43279d37407bce15da7a9500c570edd30864" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libncurses.so.6.2", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libncursesw.so.6.2-920a41048208b675", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d37fc4a8ff3e4d3cbf061446dc50c972ca754e8c" + }, + { + "algorithm": "SHA256", + "checksumValue": "c83a04b99ee93a6d916a67d0b99ad18c8907af125649687ddd552bf639baf862" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libncursesw.so.6.2", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libnss-compat.so.2-8f0188eaa6c06223", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "faee4bb4fecb41c8dda42b4568d570b677c31a6a" + }, + { + "algorithm": "SHA256", + "checksumValue": "e667693f9d960b05f4d0e6d7a590b8f0061a7e5fa9d08f7cd9c498fdadaa4a2f" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libnss_compat.so.2", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libnss-dns.so.2-45ade9708b31e632", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b01d6b935616b9d6e24ddadf76b0e8ad3c07fe9c" + }, + { + "algorithm": "SHA256", + "checksumValue": "91cedde95c45b0f54126b9c649c2458a5a9118f2afef1d2742bbbeb54c61b303" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libnss_dns.so.2", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libnss-files.so.2-cad72ad10f0eb4f8", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4c03cfd1a10c30eb556d23738cf3c8f9e6a70444" + }, + { + "algorithm": "SHA256", + "checksumValue": "e04aaf53c418100a05e2e0060db6b3d98e4ac8dc5d5c9bde3657d6dcab8656ee" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libnss_files.so.2", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libpanel.so.6.2-a166f911cefadc27", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6277585f73d89b1f2b940e459789f3b73c3fa035" + }, + { + "algorithm": "SHA256", + "checksumValue": "9ab9af6b096f70871833cc91c1207edeb6a4e2075eecd5e30fdde5286f4e3971" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libpanel.so.6.2", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libpanelw.so.6.2-71d861773b4886bc", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "272fc086526c527a008e46328da90aa46de8c3fb" + }, + { + "algorithm": "SHA256", + "checksumValue": "eb526e319a38d6fbc5fd9ee7f6ce8580d626174873bd4c92f6350371091a604c" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libpanelw.so.6.2", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libpcprofile.so-8251d69d2a1bdc02", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3181990336b4db8b7d4498d4c5ab1c3fa9f9aedd" + }, + { + "algorithm": "SHA256", + "checksumValue": "17bcb907d14e9bcb95bf697d12a86f452864a3c2fe19b2fc024a783829598450" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libpcprofile.so", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libpcre2-8.so.0.11.0-76508eee1c05a21f", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "db7a2cef3127771056ee892267c25685dc314eb9" + }, + { + "algorithm": "SHA256", + "checksumValue": "9a7c5324aa19b789ec6451fac312238ba8b266886e37f2dcad51b612deaae96c" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libpcre2-8.so.0.11.0", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libpcre2-posix.so.3.0.2-e532158c4b817c7e", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a3e8ef0589686f39054ecb031e75898288209b3d" + }, + { + "algorithm": "SHA256", + "checksumValue": "cd07b910ec2713c62bd756ca1b5b1b33822fe53b0c22b57bb21a7277c6d38664" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libpcre2-posix.so.3.0.2", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libpsx.so.2.48-afddc064db424ac5", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "abad0525000ade8d4d01ccb0d5970905d3348ecd" + }, + { + "algorithm": "SHA256", + "checksumValue": "8fd5568534f7689e726b5e9f742966d7e1d2f9cc963e40065fbdce936fe84668" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libpsx.so.2.48", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libpthread.so.0-6d0ecabe4efac702", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "07e356f5a80e8193de3f1bbfa3e1894df431f363" + }, + { + "algorithm": "SHA256", + "checksumValue": "12c749a723a0db36d4662b7d1133623169f5b3949137574ba04bc8e288545148" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libpthread.so.0", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libresolv.so.2-8e8a1e9e7cca96d3", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e2f68ba7e2c7add78e64f402bef676d1308e12eb" + }, + { + "algorithm": "SHA256", + "checksumValue": "2798158c3d88a127effeb92bd8e32c2bf87e0cca29162a7109b6950786dd7a35" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libresolv.so.2", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-librt.so.1-1413c9de68223115", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "af94815de34f14f9034275a3083da43615e5f244" + }, + { + "algorithm": "SHA256", + "checksumValue": "10291ca64ce775016196319431139ce9a53a75897f4b975d5847c161ef7e857d" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/librt.so.1", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libselinux.so.1-6eb381216b173c89", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e14aa251952f7a374bb6f0d77cca4eac6657e491" + }, + { + "algorithm": "SHA256", + "checksumValue": "cdfea19cb5ba5a4b4081ee1ebbed57f8702e065023b77fd4c0d294c603a00787" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libselinux.so.1", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libsepol.so.2-bb20e788149dc450", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "050115d9355eaa23ca6751e9219c4a2f74995c53" + }, + { + "algorithm": "SHA256", + "checksumValue": "2488c01b38a0ca5c104477c0aa339e3d88ad84ec6b06d9330e1d78d040865a20" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libsepol.so.2", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libthread-db.so.1-e29bc034e6b11ae7", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5dda40c36d651c94051e4946138c1e00dc4d84df" + }, + { + "algorithm": "SHA256", + "checksumValue": "ca91f9f2a1c222a604ad11c922fe8db8fb6a8109806924126c92bdb49c38497e" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libthread_db.so.1", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libtic.so.6.2-003fde36be0f67f6", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "388c401eb7a61ab7e5c21d82fb71c56eb25e8315" + }, + { + "algorithm": "SHA256", + "checksumValue": "bb9c8b289455a84a5255a27e5adb1d7694cb6c79937808be49175e44c325d29e" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libtic.so.6.2", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libtinfo.so.6.2-d99aa3abce462877", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6a8adcbdb4b74e0f370822119d48513ad8cfb2d2" + }, + { + "algorithm": "SHA256", + "checksumValue": "2a56af250aa89671f03b6aa1a76b9ac8528a3d6214bdd17f5208b6fff7d87132" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libtinfo.so.6.2", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-libutil.so.1-c09bb613b4315052", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "123cfa5841de7bac4656f2bda3cb85d0dd4587b4" + }, + { + "algorithm": "SHA256", + "checksumValue": "284b354070b70e58cdfca59ac2a118a2fd5c25666cd3e4c658615a0bb021825e" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/libutil.so.1", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-lib64-security-pam-cap.so-afbd982a53c5859b", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "da6c1a0a205a74272b4aa1a2acb922f761be6795" + }, + { + "algorithm": "SHA256", + "checksumValue": "5215997e318295953d99aa07f7ad7466b0eccf30adaafb16ab43bd7160801840" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/lib64/security/pam_cap.so", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-libexec-coreutils-libstdbuf.so-7e3301b473a2ca4c", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0dc288aeec9a26e1bf98aa1892a8933152575c80" + }, + { + "algorithm": "SHA256", + "checksumValue": "7b8844b4db4ec581dfe670066861d353393275abd8fda35dddbf0d9bc302b84e" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/libexec/coreutils/libstdbuf.so", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-...libexec-getconf-POSIX-V6-LP64-OFF64-f9bde8a44c9ad30d", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4fcda8ccb45522c6d6fa8c4c7839888111468706" + }, + { + "algorithm": "SHA256", + "checksumValue": "cf74a1bf8788f67b8ed65d35f88b15b2b5aabebe13e43b7d42a2230696882685" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/libexec/getconf/POSIX_V6_LP64_OFF64", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-sbin-capsh-93d2291b22fe3ffa", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "56ffbb13a805ca093237441cd32eddb9e81ff1c8" + }, + { + "algorithm": "SHA256", + "checksumValue": "74ada01ee6f64393ea52287ee1ab7c5ffccb741b080cc58ac886a5c6873b77c6" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/sbin/capsh", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-sbin-chroot-cda6749939d0cff4", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "47f6ebfa5a2e0ac5671332f3bf3fefdde5c8ed26" + }, + { + "algorithm": "SHA256", + "checksumValue": "739f7aeb037de1264e7801b4a2b01b6e98bf66b1fe81c751989241de6f878b19" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/sbin/chroot", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-sbin-getcap-a05f7b95464d0b21", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9cb6f6ac74ce39a0a897e94d665cbb98ccd32640" + }, + { + "algorithm": "SHA256", + "checksumValue": "a847e3ac88497c67d4e9aa7cfb0c71f8a9a068c169c9b7a106bf13023be1a8d7" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/sbin/getcap", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-sbin-getpcaps-0c50e936ee3494b7", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "637b0c99f27f24d59e646bd6c5546df9b5f9231c" + }, + { + "algorithm": "SHA256", + "checksumValue": "bf7bb05dd6fc57d6eca2801e146f0cfaf3665400f949ae6892a38a1b7b8ea6c7" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/sbin/getpcaps", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-sbin-iconvconfig-55cc6aefc3a45db5", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "aee60f729544259e11ef15332be84827a9c8fa4c" + }, + { + "algorithm": "SHA256", + "checksumValue": "9f9791d1e63995ed9fda166446997772d1c566a18b28ce7ea48bc3147236d389" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/sbin/iconvconfig", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-sbin-ldconfig-2470e805dcaf3337", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "817f4e459246b58060bd148ce94978bf05d2f003" + }, + { + "algorithm": "SHA256", + "checksumValue": "f6235157215dc526101c0b26209602d2cd76b9609bf2063fa48e3761ee989c1d" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/sbin/ldconfig", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-sbin-setcap-b8726263fe64c3fb", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "96c64605cc5e83601e1d8e08f8ae38d8ecdb824a" + }, + { + "algorithm": "SHA256", + "checksumValue": "5e22a0c223012a9b05a842fd87792d760a60627a41f43e51fb8f547ab5f30232" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/sbin/setcap", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-sbin-zic-b15b5d465aee7ab9", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dae16d7b4bc3fabf93528382771962412ec8e865" + }, + { + "algorithm": "SHA256", + "checksumValue": "d388c350301c25de412775891f664d14e1da5e030d7bb19da4b1d13f79e7ddd2" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/sbin/zic", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-licenses-bash-COPYING-364360e48d41c33c", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8624bcdae55baeef00cd11d5dfcfa60f68710a02" + }, + { + "algorithm": "SHA256", + "checksumValue": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/licenses/bash/COPYING", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-...licenses-coreutils-single-COPYING-f7aa12fe08136189", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "31a3d460bb3c7d98845187c716a30db81c44b615" + }, + { + "algorithm": "SHA256", + "checksumValue": "3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/licenses/coreutils-single/COPYING", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-licenses-glibc-COPYING-07761235abd23294", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "algorithm": "SHA256", + "checksumValue": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/licenses/glibc/COPYING", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-licenses-glibc-COPYING.LIB-cecc782aa7b1e7c9", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "SHA256", + "checksumValue": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/licenses/glibc/COPYING.LIB", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-licenses-glibc-LICENSES-ac733906db18789e", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7a61ff17323319d01ed2cae913a5febc968d29f3" + }, + { + "algorithm": "SHA256", + "checksumValue": "b33d0bd9f685b46853548814893a6135e74430d12f6d94ab3eba42fc591f83bc" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/licenses/glibc/LICENSES", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-licenses-libcap-License-73f5b11287ef6f7b", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1f65128ca2bb6715d81ca6c60f997c997d0ac69e" + }, + { + "algorithm": "SHA256", + "checksumValue": "088cabde4662b4121258d298b0b2967bc1abffa134457ed9bc4a359685ab92bc" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/licenses/libcap/License", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-licenses-libgcc-COPYING-b04696f2df942d64", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "68c94ffc34f8ad2d7bfae3f5a6b996409211c1b1" + }, + { + "algorithm": "SHA256", + "checksumValue": "231f7edcc7352d7734a96eef0b8030f77982678c516876fcb81e25b32d68564c" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/licenses/libgcc/COPYING", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-licenses-libgcc-COPYING.LIB-7203255ef40d4de4", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "597bf5f9c0904bd6c48ac3a3527685818d11246d" + }, + { + "algorithm": "SHA256", + "checksumValue": "32434afcc8666ba060e111d715bfdb6c2d5dd8a35fa4d3ab8ad67d8f850d2f2b" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/licenses/libgcc/COPYING.LIB", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-...share-licenses-libgcc-COPYING.RUNTIME-b0ec8fd7b73b87ac", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c0ad296b24f96e7c77ce564cad2fa1a4f76024d8" + }, + { + "algorithm": "SHA256", + "checksumValue": "9d6b43ce4d8de0c878bf16b54d8e7a10d9bd42b75178153e3af6a815bdc90f74" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/licenses/libgcc/COPYING.RUNTIME", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-licenses-libgcc-COPYING3-ec5729909c2cd646", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8624bcdae55baeef00cd11d5dfcfa60f68710a02" + }, + { + "algorithm": "SHA256", + "checksumValue": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/licenses/libgcc/COPYING3", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-licenses-libgcc-COPYING3.LIB-b89e765e63358c4a", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e7d563f52bf5295e6dba1d67ac23e9f6a160fab9" + }, + { + "algorithm": "SHA256", + "checksumValue": "a853c2ffec17057872340eee242ae4d96cbf2b520ae27d903e1b2fef1a5f9d1c" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/licenses/libgcc/COPYING3.LIB", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-licenses-libselinux-LICENSE-77f2cd76a94101c4", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "16900937e2ec3e0e96dee637f81ad8ef9265605f" + }, + { + "algorithm": "SHA256", + "checksumValue": "86657b4c0fe868d7cbd977cb04c63b6c667e08fa51595a7bc846ad4bed8fc364" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/licenses/libselinux/LICENSE", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-licenses-libsepol-LICENSE-ee5fd43ebf029ce7", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "545f380fb332eb41236596500913ff8d582e3ead" + }, + { + "algorithm": "SHA256", + "checksumValue": "6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/licenses/libsepol/LICENSE", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-...share-licenses-ncurses-base-COPYING-1bc6d1cd3d250368", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6fa46ec6c9af4633d29bdc2bf91e56c93c6431e3" + }, + { + "algorithm": "SHA256", + "checksumValue": "87a4c4442337b8968ef956031c406b74f9cb7149b7ba87311bdaba534816201c" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/licenses/ncurses-base/COPYING", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-...share-licenses-pcre2-syntax-COPYING-a8464dcec87bbee9", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "13294eaa0d7dc726a2fa73eef7a4a140cd9630f4" + }, + { + "algorithm": "SHA256", + "checksumValue": "99272c55f3dcfa07a8a7e15a5c1a33096e4727de74241d65fa049fccfdd59507" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/licenses/pcre2-syntax/COPYING", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-...share-licenses-pcre2-syntax-LICENCE-fb79b00ae0e44273", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1e8d975c810890664d6ed3700fa41e135563bda6" + }, + { + "algorithm": "SHA256", + "checksumValue": "87d884eceb7fc54611470ce9f74280d28612b0c877adfc767e9676892a638987" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/licenses/pcre2-syntax/LICENCE", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-licenses-setup-COPYING-116acb9eb7405672", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "205c331ae337b00f56204126f4e3195adba32c7b" + }, + { + "algorithm": "SHA256", + "checksumValue": "628095e1ef656bbe9034cf5bfa3c220880a16cd0ceea25b17cd2198ea3503e03" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/licenses/setup/COPYING", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-licenses-tzdata-LICENSE-ee9a3905115b2c10", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7067a61d3f4dae438636a8b29e41948fccb16a26" + }, + { + "algorithm": "SHA256", + "checksumValue": "0613408568889f5739e5ae252b722a2659c02002839ad970a63dc5e9174b27cf" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/licenses/tzdata/LICENSE", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-locale-locale.alias-e92b9052269bfc73", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c2d67b029449db667d732e86d319d4c4f3c9965c" + }, + { + "algorithm": "SHA256", + "checksumValue": "68020a80eea5366fbe60c2e812ebdebf4875a1b85a3f2f9dd4413306e41c796f" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/locale/locale.alias", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-tabset-std-407a9525a048dd46", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0969b2c95d9430c81b0d4b05d81146a6cced5f31" + }, + { + "algorithm": "SHA256", + "checksumValue": "fbadb5f608b355fe481c0c7d9c6265b2372bfa35250662f81f68d46540080770" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/tabset/std", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-tabset-stdcrt-d5bc983827edd4ef", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e1fae2fc4bba672fc26554780be21d74106a064b" + }, + { + "algorithm": "SHA256", + "checksumValue": "cf6c37b18ceea7c306f7e3a5e604a03b0dfb9c22ec99163e4b52f885ce063145" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/tabset/stdcrt", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-tabset-vt100-298a85211ecc4b47", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b84fb01263cd003588e9a164e80bd0b8ea2e56b5" + }, + { + "algorithm": "SHA256", + "checksumValue": "075251754239d9973945d82b95c18cd90997acd2017393e70c8832e9297de056" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/tabset/vt100", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-tabset-vt300-3d7a749c4462a840", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5246984995036718d05516acefc59c8bbd17b3ce" + }, + { + "algorithm": "SHA256", + "checksumValue": "61f8388cad6a381feb819bc6a8d299d06a853d15e1f4bfdfd6b6f40069ad4956" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/tabset/vt300", + "fileTypes": [ + "TEXT" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-A-Apple-Terminal-a07f6a51890c5947", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "961c492dc1577bd974ffea27a95c9829d5c1a586" + }, + { + "algorithm": "SHA256", + "checksumValue": "e0c164ffe1cd8dbbb8162f5f0925424c401fd2871c8e4556f6a67b2f95a1ac7c" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/A/Apple_Terminal", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-E-Eterm-4828a9729b5671d3", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "426a08e18cefeab7cb48760f7403433553cc7960" + }, + { + "algorithm": "SHA256", + "checksumValue": "9c6c23dd46de071e5f5ee24cb2144f82e46365c9011bd8574bf210f0c8245043" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/E/Eterm", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-E-Eterm-256color-6875874fb847f8d8", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a3dedac4ce00ae3b8a14f771d212116b8a6d212f" + }, + { + "algorithm": "SHA256", + "checksumValue": "6954921767095f6869584f352abe93a025c0a7b8babe3b100082f622e9f2e7c7" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/E/Eterm-256color", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-E-Eterm-88color-07bcb10c818e4099", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c1183fafbe090fac812f9167a8a6ce8f361388c9" + }, + { + "algorithm": "SHA256", + "checksumValue": "7c9db2ec3a75e199ea30cb5daf86fcc90c9a96a1ae30e941556b4b55bb8cc71c" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/E/Eterm-88color", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-a-alacritty-b8b845c276eb7585", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4814150f074b4f43052f1f51cbb088c6646ffac8" + }, + { + "algorithm": "SHA256", + "checksumValue": "d92bacc079ad7110ea07f405850bc5cb07e33a7b721bb609065e10a1b465d4c9" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/a/alacritty", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-a-ansi-18f17340b1c317ef", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b5211ae4c20d69e9913b175c3645c5ce97837ce3" + }, + { + "algorithm": "SHA256", + "checksumValue": "93ec8cb9beb0c898ebc7dda0f670de31addb605be9005735228680d592cff657" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/a/ansi", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-a-ansi80x25-4eb50a12d84f1db6", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b9fe14cf5f090381ae40637d02c3734b28fdd3ff" + }, + { + "algorithm": "SHA256", + "checksumValue": "acd69b88fbc9045037b562dd67c876e88cc5d2616af20b9ca6c41d33ee335606" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/a/ansi80x25", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-a-aterm-842e35a333e89a86", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fb7c8aebe3d8e6842067fb9615710603e28231fb" + }, + { + "algorithm": "SHA256", + "checksumValue": "ec91b6e46b961cf52e1138691886a2de4ba2807eedd3502e5f11da197bc7cf9e" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/a/aterm", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-b-bterm-7312425bb3c6aa61", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "367f109e38c891cfc1b00849a5fa25dd44e36352" + }, + { + "algorithm": "SHA256", + "checksumValue": "b5166019760429c4d6150180f1c2dd81136488e21c36b564e605c9dc7366f1db" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/b/bterm", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-c-cygwin-d407bb093bbe0ea0", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "76d9469b0fc8838dacfd5d3922bfc95a06a6ba1c" + }, + { + "algorithm": "SHA256", + "checksumValue": "3e04bfdcc0764f4e28655701864845752cd3f77d0c52390637ebe588f91665cf" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/c/cygwin", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-d-dumb-fb2d249b3d94b9c2", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "df4b4d8fa4137e85510ddb04c84cc7b0bfc518f6" + }, + { + "algorithm": "SHA256", + "checksumValue": "123c85a2812a517d967db5f31660db0e6aded4a0b95ed943c5ab435368e7a25c" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/d/dumb", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-e-eterm-637abb0fcfdeb47a", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a63bbca4434711cfa92bc50ee48ccaaff42ef178" + }, + { + "algorithm": "SHA256", + "checksumValue": "c79a54efd731abe696b0373d814c9a67839eb74229cb0f63ec436b43871b8a2a" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/e/eterm", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-e-eterm-color-86cc058f9fd927b4", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "306abed9b67901c310e15aa32627bf31b8384b5a" + }, + { + "algorithm": "SHA256", + "checksumValue": "718af703c538849e5b13ca124dc0416a60e05f1eed5208f6d72836c51c108f31" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/e/eterm-color", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-g-gnome-1a9c2d726b8c126a", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ed1d9b1864a262c2b9d5346943bd5e1169c58006" + }, + { + "algorithm": "SHA256", + "checksumValue": "9054b3a9afffd27c0fb4748f1181703168c8f0d0ce4dd0fa83af850a8672c2ab" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/g/gnome", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-g-gnome-256color-4a13da257a00aa55", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ed4c79cb7ead3eab7e776529d1d3336df1bfc926" + }, + { + "algorithm": "SHA256", + "checksumValue": "7c411676c7c6aa80510f711598786df0ef9ad986bbe9496b71d41da73734dab4" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/g/gnome-256color", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-h-hurd-adc28c372b7413e1", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "015da86ead4aed847658dfc1b2a583349d5e6632" + }, + { + "algorithm": "SHA256", + "checksumValue": "10aecfba156ec90c243267284da1f9d43b8e68813e58690c5870ae8d2a5ac9e9" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/h/hurd", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-j-jfbterm-283a1592f1cf50d9", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3525047500b2283571e883985f716c42c356450a" + }, + { + "algorithm": "SHA256", + "checksumValue": "4598cafe3bdb6a266fbe58846482e57cece634382a0b002f95780a72df37c86e" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/j/jfbterm", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-k-kitty-e8bd700df4d65667", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "81c84132b8a775fa53aa1ce16ab69778009b61cb" + }, + { + "algorithm": "SHA256", + "checksumValue": "bccaa15c12d7fcf33aea0d7205588141d32c63834fca2d87e25fa07e57927f00" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/k/kitty", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-k-konsole-96d77f7fbc16de85", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "af0724ef2ff3ed16f4ed6d83da22fecca584dd52" + }, + { + "algorithm": "SHA256", + "checksumValue": "f0300abc7f4b5f3ddb541c68c563171b4de742c9f1be1e0e06979ad50493b08e" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/k/konsole", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-k-konsole-256color-9ecdc44788dff863", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "52334c5cd1f77103d7078b126553d00cebc26b7d" + }, + { + "algorithm": "SHA256", + "checksumValue": "ffccaf526a120f9c52c7fbff5ac0c60a1ec1d803c562a3bb62c5ecb3ff41adae" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/k/konsole-256color", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-l-linux-da0cc1fde7929d04", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e2ab37cc907ba18540050f28ed8b2819665ea708" + }, + { + "algorithm": "SHA256", + "checksumValue": "3eacc0f9dcd8aac29a7935eb1f78be5c51b24a5dd38065789bb326015c9a9836" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/l/linux", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-m-mach-a777ddccda6725e2", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2164ebc6389b2eb81f855aff81dd512a9c0ef589" + }, + { + "algorithm": "SHA256", + "checksumValue": "ecd31c58040e5908eb434514e67620b2e4be538655126f427155760b273c7e9b" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/m/mach", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-m-mach-bold-52bba60615f7afba", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b31e68274d7e658c3d20302c10f3a8dee2d45a6a" + }, + { + "algorithm": "SHA256", + "checksumValue": "4e4400e3ad4df2dbbf90920860c540cd72552ca71a24b556a0b6ba62fa091b84" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/m/mach-bold", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-m-mach-color-c76a165128a5bcba", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "519df843a8d27ca36bb1703c3edc893135793dd1" + }, + { + "algorithm": "SHA256", + "checksumValue": "5caa825bd606e26c8b6c55a3206eccfea525e788f74da5e7cb48cc713db52239" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/m/mach-color", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-m-mach-gnu-7d51880bebab97e4", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bf9269b2a7a463c68e2ba9200b28ae3115f6b362" + }, + { + "algorithm": "SHA256", + "checksumValue": "99372cd399478be723230692595362004df345dee6c4145e4d109113a2357717" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/m/mach-gnu", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-m-mach-gnu-color-9a939e415f4bbacb", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4466e8a9353f3400cfba527abcf0d26c28f364c2" + }, + { + "algorithm": "SHA256", + "checksumValue": "e1c62541670d0e10fe46daabce8ce95d9fd77115a68106e5eb2c2a7647e40a13" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/m/mach-gnu-color", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-m-mlterm-0f284e167468b1b5", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "855ae490a8e1a2e788d973c57bd0bb81b547b2c3" + }, + { + "algorithm": "SHA256", + "checksumValue": "1334887ef2b3ca487e445ed9a0b03b3ec6750ed1617d8cad6416045a69d32cdf" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/m/mlterm", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-m-mrxvt-838e0fbc1da4f0ae", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ee1c75869778dca9cc90ebf7ca6f7f5ca619a973" + }, + { + "algorithm": "SHA256", + "checksumValue": "28e3b5820b9762eadf7201f9877f8e010fdeaf74a60ed12e94d3f39c24cc8d3f" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/m/mrxvt", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-n-nxterm-f2b20d58cbfc1460", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4ed36bad309da59504a894aafbb0bd2fab0e6819" + }, + { + "algorithm": "SHA256", + "checksumValue": "f74fe619914bfe650f6071bbbaf242c439de8a2f0ecefe9e80870216dfb844b4" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/n/nxterm", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-p-pcansi-0a19615ebeac30dd", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6867ac96a0cfed1d9df1e9a64f122c75cac71a99" + }, + { + "algorithm": "SHA256", + "checksumValue": "ecda9662049c96ee0a574f40cfb8950b0198b508b5b72a3de05774eb3cb3f34e" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/p/pcansi", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-p-putty-a3e0b9a9ee8f28ca", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7f0059c55c612f78d56c2326c7ebd7f40c94fd16" + }, + { + "algorithm": "SHA256", + "checksumValue": "61c517a78fe0e43e1dc0c46211e2c21caff28dde5faec6dcac1854f406a8f198" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/p/putty", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-p-putty-256color-3d7b8d77141a8b76", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "160d4ab98b0b21aec25b853141c516e947accd5c" + }, + { + "algorithm": "SHA256", + "checksumValue": "f300b4599e56d79862ae9b2564b9a1c6b80b1e97377caff9cf5c0d3c321da1cf" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/p/putty-256color", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-r-rxvt-84e831dcbb99da2f", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7ebae08a244978e66725578525b77e4c6681f9a5" + }, + { + "algorithm": "SHA256", + "checksumValue": "fd66cf403b6a6dc0a9fb1644f5e90a6c045e121a2039086bc105995dee951cca" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/r/rxvt", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-r-rxvt-16color-42a0754261a00928", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2031924bda14f0353b35c855bd0cd8e859c23d83" + }, + { + "algorithm": "SHA256", + "checksumValue": "6ab73ad1b0b5fc6e7d8bba94dd640dd1ac0af130977ec0343722f844b1dc731f" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/r/rxvt-16color", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-r-rxvt-256color-630c16df57ed6910", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "984f719ef802db986328ab24f87cd9c7f98bd67f" + }, + { + "algorithm": "SHA256", + "checksumValue": "04d0d3eff9bad452bb14b3758c4550d2541804c47418dd8962738c8b0af56900" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/r/rxvt-256color", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-r-rxvt-88color-f03c0e34e677dc6d", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1ceb9fdec92ed9a93e788606f7a30bf5c7517502" + }, + { + "algorithm": "SHA256", + "checksumValue": "970530f4391f38cdd940ba3260e3be762b0106ce9e6566e44bce78eb83ebf667" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/r/rxvt-88color", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-r-rxvt-basic-da12a4c7de2785b2", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9f0dd8d350f267d421e4ceb42ed496bd100b6ac2" + }, + { + "algorithm": "SHA256", + "checksumValue": "8d7df7d5b30ab517c857ec8dd8bc19353536e19a8b4dab9b32dab7515ccc67fc" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/r/rxvt-basic", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-r-rxvt-color-ca676836f6b499ba", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b0f9c33dffa72b5870816350bf9138b204b08b24" + }, + { + "algorithm": "SHA256", + "checksumValue": "dba804770a9c6832dd1ac4f2fd209f8053aa5d01a89f60b9e2428c59e3500fc0" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/r/rxvt-color", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-r-rxvt-cygwin-2d73eb9d846ad6f0", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3ee54f150e0f558069507db5d5faf9f6746acdc1" + }, + { + "algorithm": "SHA256", + "checksumValue": "524b0193a04a4f2d50d19846e47a36aac33161331e929820a5b229c73d0db700" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/r/rxvt-cygwin", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-...share-terminfo-r-rxvt-cygwin-native-195317f28204379e", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "69ab48190b1e8f39d0a43301e4e9fa5adb09ce92" + }, + { + "algorithm": "SHA256", + "checksumValue": "bc25e9fefa0e94ecc6892a987c7e8ed4331475e35049a134e5e3903d681a0b52" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/r/rxvt-cygwin-native", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-r-rxvt-unicode-81a02986ba0be4ba", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bb79402a4c07ef2bc1862da01aa85ff1c54712b8" + }, + { + "algorithm": "SHA256", + "checksumValue": "063264a85fd735a13028390c8d43cf38b5214417c6e48908eabb85bcdb9b7495" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/r/rxvt-unicode", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-...share-terminfo-r-rxvt-unicode-256color-9b8eb38925f3173c", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "53502733cd0469b40a4ae1e071096650cdc17798" + }, + { + "algorithm": "SHA256", + "checksumValue": "d713e450e914420493252afbde977cd3165ea649dfe5c33b0f518ec83b1afba1" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/r/rxvt-unicode-256color", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-r-rxvt-xpm-55f1e4c9bb973e56", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "54b5114a07a2196a308d285dae8f955e3e2b7237" + }, + { + "algorithm": "SHA256", + "checksumValue": "331dd75bad5d1a9dffd4fd1ad254edfca32780ace51a22b1d8d657aebf03663f" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/r/rxvt-xpm", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen-93514644a56eff98", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ae72fc57a69459885628f96cf46b8a8c55b293fb" + }, + { + "algorithm": "SHA256", + "checksumValue": "8c9f1ec5d39d497e23943171bbba511c07192392a673ec642b0f805e1496c242" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/s/screen", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen-16color-a0a10386a4688beb", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9bc9e2b411bbca518178fafcfaaedf038843ee1a" + }, + { + "algorithm": "SHA256", + "checksumValue": "04e2d2a20905a85daf8c652e6cb359a4c43c0df0da42079fa250a40860b501bb" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/s/screen-16color", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen-256color-950e795f9db4720a", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "df1d3a56010c9996a514c40e3b9f834a8c629bc2" + }, + { + "algorithm": "SHA256", + "checksumValue": "cbac29ca9641403d7c2e377f4c54c52f24e811f98d47c71b599707e00ad91f0c" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/s/screen-256color", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen.Eterm-d683aaba04e2d552", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0651e42e81446e751ad964a5e48554c5f924240f" + }, + { + "algorithm": "SHA256", + "checksumValue": "0cdc69a1a9d76f90782c9033fdaca7867d761dde7ae2cbd1277d8b1a2e84a859" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/s/screen.Eterm", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen.gnome-b320bfa47a547129", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fae5fa662a2775c936f772b9043f07c92c25bffd" + }, + { + "algorithm": "SHA256", + "checksumValue": "a3eaa12685b0c5dc1c1fd813d9413b35ee0559658b738a7518d5ef82048fdd90" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/s/screen.gnome", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen.konsole-e75a0fa363a8edb3", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5eabf0951c6b1664387c338048ef54d20f34c0c0" + }, + { + "algorithm": "SHA256", + "checksumValue": "3589347d84695a08fa10f5468540eace3b8d5efe0473cfad05823fb42a7f4200" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/s/screen.konsole", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-...terminfo-s-screen.konsole-256color-0678602f53228644", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f2186907191b3dee1e646177d88fa0f842c34e7a" + }, + { + "algorithm": "SHA256", + "checksumValue": "a6a490ec343cba7c36539dadfa3662f014c19b567bdf0bdd49524757ea5555e3" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/s/screen.konsole-256color", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen.linux-0106185c64870554", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0a94bcc700376d0092ab7da25b91b69e92a59a19" + }, + { + "algorithm": "SHA256", + "checksumValue": "f4cd95e072ac92d217e69b93d9da8209d6532bd67428b5f90395a02ba686d26b" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/s/screen.linux", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen.mlterm-5648281511bb9e68", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b0a2ed8af7d1f34d5ddc1dd44df404c32633052b" + }, + { + "algorithm": "SHA256", + "checksumValue": "f127db567ddf4fa0dc0aaf3d15dec44e876efb748ac6db252e2e9c716c925746" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/s/screen.mlterm", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-...terminfo-s-screen.mlterm-256color-b4677666e3daf1fb", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2f568837a14e73410a9608ff1654e66ba844c722" + }, + { + "algorithm": "SHA256", + "checksumValue": "82996e7e225aafe638618c97025a9c7452ae8d1f29d5e677d1bccde3571b3956" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/s/screen.mlterm-256color", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen.mrxvt-4961017c8f1c3c13", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0bd36300776980e25e41c18b000ef99dd9a959ab" + }, + { + "algorithm": "SHA256", + "checksumValue": "8f9718e189abece10bf6d2371ed0fdfb9cd2b62485edcddfcde5e40c6905bb1e" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/s/screen.mrxvt", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen.putty-a4e3694097594470", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "86263e54dd2fa24639462c60226bc384ba3a8db6" + }, + { + "algorithm": "SHA256", + "checksumValue": "79112ae95d9610b54e5f6e756cfc0dd95e8f126ac8f2b924df9818158c934b72" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/s/screen.putty", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-...share-terminfo-s-screen.putty-256color-3bcefe63df7a3182", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d4aab7ad9f0f234b16fa304b455a007bfb2de490" + }, + { + "algorithm": "SHA256", + "checksumValue": "1c06f6fa536cb53c00337c19062698ac20c1ec07bb7925a9cf4fe5f833554dff" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/s/screen.putty-256color", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen.rxvt-adca528768a3c9c7", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7208e1cb51192309e5b46b7a546e6437a8a7993e" + }, + { + "algorithm": "SHA256", + "checksumValue": "8983e116d7c302b9764918d14a3a1f48efc0475da61bc1d9d094cfc111d470fd" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/s/screen.rxvt", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen.teraterm-15c9d16bdfd03518", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0db862fbc9c8b47cf70a4c53d93f77a67ea1ff45" + }, + { + "algorithm": "SHA256", + "checksumValue": "e4167086215b313305bc5b19412c50ccc1bf794079b5ff459517a47574f625aa" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/s/screen.teraterm", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen.vte-46232dce5f9f1053", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "82766b952dc629bd9e667462383a3b2e0de7a30e" + }, + { + "algorithm": "SHA256", + "checksumValue": "a8304c19e96ef295020a0aad7f50e3fca43d1687ec4f1e238cbf2ac641b4a9b9" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/s/screen.vte", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-...share-terminfo-s-screen.vte-256color-613315bfb56706c7", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8154ab1ea7f3dd2fa3a9274eb9beb43c502a4cfa" + }, + { + "algorithm": "SHA256", + "checksumValue": "eb2a1590196eb9238e5d89b6c4e0fec0a4fe8cb4e45747a781fb7c84b35a8002" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/s/screen.vte-256color", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-...share-terminfo-s-screen.xterm-256color-dde4f69058210fbc", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c8ca10f4e38b4bde0a6e374710e1787da44fd579" + }, + { + "algorithm": "SHA256", + "checksumValue": "41464ca875edb94074f7f757d03c337daf45c3ef98258c6ab5113352b45c9599" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/s/screen.xterm-256color", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen.xterm-new-41e5b47d8b2451c4", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d16c714355802ee18656cc6bf46128231a123148" + }, + { + "algorithm": "SHA256", + "checksumValue": "50f7c84aeed647a706370427fb6833f9b069455f0479c5bceee310b1a603c1c3" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/s/screen.xterm-new", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen.xterm-r6-0d0cde67621a792a", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "51d961daa0f5ed51638197accab163e57ce8e0d5" + }, + { + "algorithm": "SHA256", + "checksumValue": "d7b2d447bde520f07fb34eafaa5a52475c6a573cd25ffece947538111a082697" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/s/screen.xterm-r6", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-st-e2f108b047fcd221", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "008c71d39a6f89a8deaa05e846fd40a4e14f167a" + }, + { + "algorithm": "SHA256", + "checksumValue": "04ec866bf3b2f7747f021870d7f3cfcc32b2c00933ed56da5f2c53276f98cc6d" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/s/st", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-st-16color-bd44fc19971990ca", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ae1db2c4f699b91c38021d80791cfbd3d5f7aedf" + }, + { + "algorithm": "SHA256", + "checksumValue": "9233dae204dcccbe231489b90e5a73b6960237cbdc66e5095a796687bbc98cad" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/s/st-16color", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-st-256color-acb513744458d668", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7ba52b715ca27d2b1cf7cdd36d9a1d4c489bb3e5" + }, + { + "algorithm": "SHA256", + "checksumValue": "1a0830080f6101ea005cad2f2dc14d7be90d6dd31bd2ef978717908b1f248732" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/s/st-256color", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-sun-f9c3e66fc5b9895f", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "faf6b1b33d6c3a6aae31f7b657810b6171d91a8d" + }, + { + "algorithm": "SHA256", + "checksumValue": "02e392161cb23f49a8fb1ba2f1a6583e013c0c26672f58c5eaca828db3b19914" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/s/sun", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-t-teraterm-342d83efb8e26d1e", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6f5a518f864e1b517b340db118202293d573aded" + }, + { + "algorithm": "SHA256", + "checksumValue": "4e45171106372b30d13e11934d5cd217aef45dfc0f2c065b4b0b1f7d9d2cbf9e" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/t/teraterm", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-t-teraterm2.3-8c5a575a66f8e977", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "722dd14fea3e528e555dd324b2549ce7ccc2e0e0" + }, + { + "algorithm": "SHA256", + "checksumValue": "6598b360cd87b5c3e3f99a5b0b4d462c59e754bad79968febc84c77b7acc3bdc" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/t/teraterm2.3", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-t-tmux-b6f08df66be89c38", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5dce89f95ed8f1253a105a887b54bf09822a91b8" + }, + { + "algorithm": "SHA256", + "checksumValue": "dfca8c55e27b29092119c636df3f294f91899c773cd88fd045211f33e4374b4e" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/t/tmux", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-t-tmux-256color-28de5a6ea420646d", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "602bb3f1c90195fdcecd0a1df7c01ba600633255" + }, + { + "algorithm": "SHA256", + "checksumValue": "0be91123144f84d33761a08e98ae0bef4fbf25ab73dac895d20f5baefa1e5f69" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/t/tmux-256color", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-t-tmux-direct-a4af0056caa2c57c", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "48a350b75f941a5c2d6cba8df1eb108b0502a5f6" + }, + { + "algorithm": "SHA256", + "checksumValue": "a60c23f2642905644aba59b21d70a0d86ac8b3efb66a500e316dee0c77dfd01a" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/t/tmux-direct", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-v-vs100-db81a31d38f0a099", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bfa87e9290d04805f82626a2d0371697d7f6f7e4" + }, + { + "algorithm": "SHA256", + "checksumValue": "2b1249158a7053eee58242625f79b29f35da721cbcf695a327521cfed3bec117" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/v/vs100", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-v-vt100-cf85ccca42a5a2b1", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "604682c15cc708fbd02fecf33d0d23bed5e735e6" + }, + { + "algorithm": "SHA256", + "checksumValue": "44fe1bfcc36f3a7669a387b623a44c360f9e150868f9924920182b44bcbbdba6" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/v/vt100", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-v-vt100-nav-3dab877bb9ef7a2a", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5a64f0f0ecbbb4db08aacb7f21041293b58a95ec" + }, + { + "algorithm": "SHA256", + "checksumValue": "e509a4ee7373ff884ef9b5b293fdffa88182711d6b0448fe99d2cbeb1939114a" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/v/vt100-nav", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-v-vt102-1f3435f3afd2d276", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0647b65463bb39b373e3fa4019249f2b2f84991b" + }, + { + "algorithm": "SHA256", + "checksumValue": "60e451f57c0308b79004ebc6189b49417b4ac11d783154072cae803a11af7d3f" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/v/vt102", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-v-vt200-d656b949092607b3", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ed09f848574a9e8f0d82951ab0ae4c8674d757bc" + }, + { + "algorithm": "SHA256", + "checksumValue": "9454527a74b80c5d3f8489137b9cf0cbb38c6d2a700c0ac5894164409e10f3ec" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/v/vt200", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-v-vt52-3842918a44b4288f", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3c42c0190e2097c89d02a33c3aae1baf365d35af" + }, + { + "algorithm": "SHA256", + "checksumValue": "e18f7a08c5e49f850f5673c1a393da8fce302dcbb960c546bb341ae858c953c9" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/v/vt52", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-v-vte-12c0b6fb77e4d61f", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "594d35295bd9d090172a081cd1c46a0ff7154e7c" + }, + { + "algorithm": "SHA256", + "checksumValue": "a59d832325bcaf79ee1e96dbabc05f82d576a3817e6295d151e8796a342ceb35" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/v/vte", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-v-vte-256color-aea610c4eeed8898", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "09fdc1b67a1a8bbfbdd70a9d3d83c0eb31d83fd5" + }, + { + "algorithm": "SHA256", + "checksumValue": "332a40dd7766bd6368ce500ecdff89b8ffec1022bd3d3e11e87ae4d68c95ff7d" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/v/vte-256color", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-v-vwmterm-270fa8938267a450", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c4732fbcd7e0406e8b72c0bb122e01654f6b495d" + }, + { + "algorithm": "SHA256", + "checksumValue": "eae3fe39004992478d09bdb5063c6609f8c6f5119053de8fca645002b993b535" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/v/vwmterm", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-w-wsvt25-75b970a9f7aeb473", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6e544110ee387257fad3048674d0b6cb5e81291c" + }, + { + "algorithm": "SHA256", + "checksumValue": "28d3410e6b83a3b78a41f108098ac8772a3af3ee2b627b9f9bb4b19b363a5be3" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/w/wsvt25", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-w-wsvt25m-3ee77dcd6e5793b4", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "74ef27fc6d81c6a43dd40f231777c0ffb485a559" + }, + { + "algorithm": "SHA256", + "checksumValue": "18c85db3b0ef0ab15b7eb8dc4ac6ea14a37d851628220c8bb61e2edfa4f81683" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/w/wsvt25m", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xfce-6da800c48d696606", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2295d08f2831f0e3323b9061ee797c134a14a8df" + }, + { + "algorithm": "SHA256", + "checksumValue": "390a5f18914c8c867a62637326b7a0f00ec72c746fe282efe55fa36746241c84" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xfce", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-ff4d73fa46b23733", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b3f26dd67868d19acca1e04c76e5c9796f1cf0cd" + }, + { + "algorithm": "SHA256", + "checksumValue": "e423b4b00aa50e3161ae0b0fca7c6019389a837bcdc29075dd40452aaff21579" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-1002-97ffea4cf903477d", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "17b4daee1d21145996d794280cf2fd2f7d8457eb" + }, + { + "algorithm": "SHA256", + "checksumValue": "6daca159799eeebe2100543a42e2931777a978e59fb2bcc17d1693c146c5670f" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-1002", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-1003-29af54678e28b363", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e6755e1610ad2ed419843459399707d9d88fc542" + }, + { + "algorithm": "SHA256", + "checksumValue": "35fa2e56262f3e1c790fc56846544b5385fc608a357989ef656b86c4f18aa042" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-1003", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-1005-f1da499593439bc8", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b6f6f128e4445ee37802db3190b26b9e90b2b5a7" + }, + { + "algorithm": "SHA256", + "checksumValue": "eff2d7f9eeaa5c20b0fabae9ce1a4637a15f2a1c3f732cf5f95fa98d19fd793b" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-1005", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-1006-0009c72c74d05586", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a052414b7718bded5e515d573065f42aa3bffdd2" + }, + { + "algorithm": "SHA256", + "checksumValue": "57afd1b3d2629e6ac46123b3eeb12b80e8b5aff415a9f18613f86d2871336e31" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-1006", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-16color-dfc5343fb815d321", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b502cd6300c553fb7be991b779c8e2ec587be2df" + }, + { + "algorithm": "SHA256", + "checksumValue": "262a09a0f9ea8f8ea53ef151ed0283e25544897a1dea89307ffd5e5c863570a7" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-16color", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-256color-e4e378830ff40ff8", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "70cda1040ca4254d8e41dda619ce653dee06b976" + }, + { + "algorithm": "SHA256", + "checksumValue": "680743a3e8a460e35683ba59e97b3579f6e25d5a104507040d256e703575de9b" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-256color", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-88color-283fc8e3ee96f437", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b12ea7da1cec1b83fad202e27d2a415e09cbe30a" + }, + { + "algorithm": "SHA256", + "checksumValue": "e096ba9743b994565fc98ce40ff37cc8a7fd30d0a48e83f58bf5fb3a6e8cde8d" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-88color", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-8bit-a8c318686ccec873", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6147b83c6a0616522ae0833646887b6b5e5565f0" + }, + { + "algorithm": "SHA256", + "checksumValue": "999ec07a74a5587da0966f9a361e587143aeab35212cbab6ad4a03451ef797d1" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-8bit", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-basic-f69988dd21e32a91", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a84a45e8d4f34c78094475d4a0a4d489a4a158fd" + }, + { + "algorithm": "SHA256", + "checksumValue": "5d54cb15056ae0a673ef75dcce8cc6966dbe74579808ea81180e84965871dca0" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-basic", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-bold-636521a3817f44ae", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4e889ac2d471114952b37ddcf1b6fc82321f58dc" + }, + { + "algorithm": "SHA256", + "checksumValue": "4296a878469b6bc5bab5acbce875e43bc501ab57a62d8d29cd34a424ba1e9de4" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-bold", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-direct-8bd24a65f67afdd2", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "21c521345e063c5ecfb8f7e99f8b15abdd984f34" + }, + { + "algorithm": "SHA256", + "checksumValue": "63a281b88bfa1d525432c712c68887f2b6a321bcf5c1600451d116f5f89babcf" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-direct", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-direct16-b59e8770a30c3b95", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "28be03201ca765e264dc9fdf630cbc44c8b45ff4" + }, + { + "algorithm": "SHA256", + "checksumValue": "767604eb2e2a242db60555bb2e4f801a045a3b03ec02f6aa318c321f7d29110d" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-direct16", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-direct2-0ecfb769c36a9ec1", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "06b536b9aa86e862e87fcd7d7d380980e8600198" + }, + { + "algorithm": "SHA256", + "checksumValue": "420b7a15d5023a4030742ccd48639de223cfbaeb675d4af7fc5882e822dfded8" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-direct2", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-direct256-83d05e339c3d35f9", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "37a4f04ab6ea0726ef48eb063ae89b2f93d3276a" + }, + { + "algorithm": "SHA256", + "checksumValue": "b80042a930fd54d642f2f4d194894c2b4344acaba4eb6032f30acb5d8b2d0a0c" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-direct256", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-hp-fdc254e3736fd19a", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "abc01a5137972b9587e7819f08ac6021a230f283" + }, + { + "algorithm": "SHA256", + "checksumValue": "f11650d98fd186dbeb717ec72a72c9a450a42ee0387d20f5408f75364f04c62b" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-hp", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-mono-f38e85a7902c8624", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "554f1f8aa440753daaae49b149a49b3e4c4cf848" + }, + { + "algorithm": "SHA256", + "checksumValue": "3024be4c36be53d6468fa1e48a0f584a410a17e26c3c6e7826c815b4ef56c595" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-mono", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-new-ded3c2465a3cbd7c", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "edaa0aad5eca10b8a97413b2a559ecf62b0dd10d" + }, + { + "algorithm": "SHA256", + "checksumValue": "7ba565ab3d4132d6cb3ee77d4f3a82f74755294b40f155f5fb0f96138dd77e7d" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-new", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-nic-08a29baae61ad386", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3717b448255e585338148342a97da63d29efc697" + }, + { + "algorithm": "SHA256", + "checksumValue": "d1ac522553500494c979be8912645b1b6036fb3803898e19d86b032f82ec98bc" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-nic", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-noapp-2d7a5e2a2d695d67", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fb1a830b20924764a0c66470ec96c0ade2214386" + }, + { + "algorithm": "SHA256", + "checksumValue": "e4e0c9f4c27f51504e5eb67aa1ce121c663a759b1e2102338c20ecf6259794d7" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-noapp", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-old-9058bd38928afffa", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "34923577f4a51dbe7a79d1d6274d10e207d28eb7" + }, + { + "algorithm": "SHA256", + "checksumValue": "927b8821c947b96b020ca7341dffb57bdfa2986fcaecd5fdbf2ca2369eacc285" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-old", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-pcolor-3ae28dbcb7ee1064", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "956b61f6a02ee955b5795e0f35937ef81bb4474e" + }, + { + "algorithm": "SHA256", + "checksumValue": "1fc3a8c307a46818870ad4313246f62c439ca3ef704a947c09471e8cf335e2fe" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-pcolor", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-r5-6b8a64f480281c19", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a4283a7cf44e9e4a4a9e5ac166328ba8d6ddf632" + }, + { + "algorithm": "SHA256", + "checksumValue": "82098ec067be6189e91e8264278bb85fe3b7bfdeaa3754be301313be140522ca" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-r5", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-r6-1100569b6917a099", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "97bfc10103a98e54eb646a2e9b39d9e23a983336" + }, + { + "algorithm": "SHA256", + "checksumValue": "ee12fe6d2d8e1d0b83d1042fe8a38f1aed6fd73e2c7316e6db5ec5b061b09ef8" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-r6", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-sco-71536d5336b7441f", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "afd94d9cec40a7e571619d06e4cf41854b2c6a19" + }, + { + "algorithm": "SHA256", + "checksumValue": "da57c8f3d66ce45f68d8c28dd360201c6e6918bb5da6947a80949129f5a93940" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-sco", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-sun-e9fdefdaf193a991", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0d4572d62c0d6a276e28f1466f77034913b8fa7d" + }, + { + "algorithm": "SHA256", + "checksumValue": "12a8b1c0907e5a1cd1aa1b8c8815dc85477c7f953113d127a2dfca5eaf04c90d" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-sun", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-utf8-9474f46cff0f1e05", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1faca6458b3a792e647147459a9149fd3c2fb7a8" + }, + { + "algorithm": "SHA256", + "checksumValue": "f00daefe425aeec94b657249dd6575b48a58b1a3db5feca318003799e9eac188" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-utf8", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-vt220-296a343547d250e1", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "732f3cba430675fad0760c774b9124c474f27572" + }, + { + "algorithm": "SHA256", + "checksumValue": "84a21605f8740519373ad315139195949c76cf63abd5a00f4315545c6b7f44be" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-vt220", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-vt52-18a0fc5b405f66bb", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "afd9b9c4a321327e4acbed97153bef23dfdf31b3" + }, + { + "algorithm": "SHA256", + "checksumValue": "b3113c9b349f1fa3ab9d141a67742a14edde60e06a98c6c9adf4aaaf15afbb65" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-vt52", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-x10mouse-4d13b99d826352fc", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0a84c286d399ddf22d3bc43d17124f3d9fbe20b8" + }, + { + "algorithm": "SHA256", + "checksumValue": "781b3399f614a9a456f266132e6da69a48a8974a2fef418ee0e546a001edc889" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-x10mouse", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-x11hilite-64a4feaa0dd6b2d9", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4659d0b5482fb2ae09ef31f59727954a53c84130" + }, + { + "algorithm": "SHA256", + "checksumValue": "bc1edd65d8437128d901c1e4534872b9a5cdfc0b1e959c7f90191f20d0b10037" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-x11hilite", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-x11mouse-67512a50a60b801f", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6b284ea695088d038e3727f6fca922d5d515ef7d" + }, + { + "algorithm": "SHA256", + "checksumValue": "9b8944e971bc60997823a6660c79de5fd47f259ebd427b971353f53ff2083ca7" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-x11mouse", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-xf86-v32-d9a45ec85a8d7ccc", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "19840e58a41b5f289c78073fe5eb0e83d0b002c4" + }, + { + "algorithm": "SHA256", + "checksumValue": "bf8cbc70b73992ca93b22f411bae2f71d613a69a9f0b59f0f9c2d5be12f982d8" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-xf86-v32", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-xf86-v33-5e9225de46c88a70", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b458625d264a9717e805f17e5415ad9554221e05" + }, + { + "algorithm": "SHA256", + "checksumValue": "d4127e626af189a2d56cc45e1c60e4e6ac32b4d55b9c417129bcc8369c347515" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-xf86-v33", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-xf86-v333-5ee1dc078962f011", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "93e84400f5ff9008cd64565d35630e3a121448fe" + }, + { + "algorithm": "SHA256", + "checksumValue": "24a1f8a18d96d544cef7c4427bee3f4b73fe12156e902ea214cf49d6807b3bb5" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-xf86-v333", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-xf86-v40-56dd811b0724a42c", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dfaacdc92a4bc1c13fddcc7279c9ac5f15233d27" + }, + { + "algorithm": "SHA256", + "checksumValue": "7da82a4679f772e87f3ca2b93740ee0d0e20f61a263bbfea31199566eab29536" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-xf86-v40", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-xf86-v43-2a01d7b4b0f99e19", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dd74540822b3982624d3f21fd53c37381c21240d" + }, + { + "algorithm": "SHA256", + "checksumValue": "0507f61ded223aa930b87d22255974423d73fdd860ea588d4fd0b895e5d9d2ea" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-xf86-v43", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-xf86-v44-29c4a2250a8e7099", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e17794a406f5afd3082a5a6d0218baae9531fe0b" + }, + { + "algorithm": "SHA256", + "checksumValue": "1111271420d735b74ecb175e9fcb79847e6c0e298c3abfb2224747502a854adf" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-xf86-v44", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-xfree86-8f87c54e33717d8e", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "735e300eaa0b79dcb0f6683e9861565fd3f884da" + }, + { + "algorithm": "SHA256", + "checksumValue": "0827497deddd4ec9e9515dd9530e6b0bf92762553d1c4eedbca3459c1931775e" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-xfree86", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-xi-f74c708d99ffd54e", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8fdba88c3930d0828f84c09ed998fbc431c0aa49" + }, + { + "algorithm": "SHA256", + "checksumValue": "d89c9fe77fa62d5df516089d11422ede4b78c167cf061e17a183b663f022c051" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/usr/share/terminfo/x/xterm-xi", + "fileTypes": [ + "APPLICATION" + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-3dcb008b5c517b81", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "comment": "layerID: sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1", + "copyrightText": "", + "fileName": "/var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + } + ], + "hasExtractedLicensingInfos": [ + { + "extractedText": "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD", + "licenseId": "LicenseRef-0a20635703258c08665cede2a4166b90795ad1cb30dd85cfde1598463d68ebf5" + }, + { + "extractedText": "BSD", + "licenseId": "LicenseRef-BSD" + }, + { + "extractedText": "BSD or GPLv2", + "licenseId": "LicenseRef-BSD-or-GPLv2" + }, + { + "extractedText": "GPLv2", + "licenseId": "LicenseRef-GPLv2" + }, + { + "extractedText": "GPLv3+", + "licenseId": "LicenseRef-GPLv3-" + }, + { + "extractedText": "LGPLv2+", + "licenseId": "LicenseRef-LGPLv2-" + }, + { + "extractedText": "Public Domain", + "licenseId": "LicenseRef-Public-Domain" + }, + { + "extractedText": "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL", + "licenseId": "LicenseRef-cedbc2fa4301332b3d3569627696d986a63b3f3a293a2759a611c7c3deebd428" + }, + { + "extractedText": "pubkey", + "licenseId": "LicenseRef-pubkey" + } + ], + "name": "registry.access.redhat.com/ubi9/ubi-micro", + "packages": [ + { + "SPDXID": "SPDXRef-Package-rpm-basesystem-fcabd006cb3bfe7d", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:basesystem:basesystem:11-13.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:basesystem:11-13.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/basesystem@11-13.el9?arch=noarch&upstream=basesystem-11-13.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Public-Domain", + "name": "basesystem", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "11-13.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-bash-a6062d7253817d9d", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:bash:5.1.8-9.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bash:bash:5.1.8-9.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/bash@5.1.8-9.el9?arch=x86_64&upstream=bash-5.1.8-9.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv3-", + "name": "bash", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "9295a01e788345a66a371467a1dd0c085d921f52" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "5.1.8-9.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils-single:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils-single:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils_single:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils_single:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/coreutils-single@8.32-36.el9?arch=x86_64&upstream=coreutils-8.32-36.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv3-", + "name": "coreutils-single", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "642d9f7db3fbba6ece69558b5c706930ec126584" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "8.32-36.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-filesystem-5423c4a724c69dca", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:filesystem:filesystem:3.16-5.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:filesystem:3.16-5.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/filesystem@3.16-5.el9?arch=x86_64&upstream=filesystem-3.16-5.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Public-Domain", + "name": "filesystem", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "3.16-5.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:glibc:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc:glibc:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/glibc@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-cedbc2fa4301332b3d3569627696d986a63b3f3a293a2759a611c7c3deebd428", + "name": "glibc", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "ed0c5417a07603087b40443f16c64c67a2d0ed45" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2.34-125.el9_5.1" + }, + { + "SPDXID": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-common:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-common:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_common:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_common:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/glibc-common@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-cedbc2fa4301332b3d3569627696d986a63b3f3a293a2759a611c7c3deebd428", + "name": "glibc-common", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "4ce35b5a588ee407a7e87d76e2a1301252a618c5" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2.34-125.el9_5.1" + }, + { + "SPDXID": "SPDXRef-Package-rpm-glibc-minimal-langpack-d35bdd9cfa0b8d62", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/glibc-minimal-langpack@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-cedbc2fa4301332b3d3569627696d986a63b3f3a293a2759a611c7c3deebd428", + "name": "glibc-minimal-langpack", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2.34-125.el9_5.1" + }, + { + "SPDXID": "SPDXRef-Package-rpm-gpg-pubkey-6a4614b48b443e33", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg-pubkey:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg_pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg_pubkey:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/gpg-pubkey@5a6340b3-6229229e?distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-pubkey", + "name": "gpg-pubkey", + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "NOASSERTION", + "versionInfo": "5a6340b3-6229229e" + }, + { + "SPDXID": "SPDXRef-Package-rpm-gpg-pubkey-0b9edfc7dd36b25d", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg-pubkey:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg_pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg_pubkey:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/gpg-pubkey@fd431d51-4ae0493b?distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-pubkey", + "name": "gpg-pubkey", + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "NOASSERTION", + "versionInfo": "fd431d51-4ae0493b" + }, + { + "SPDXID": "SPDXRef-Package-rpm-libacl-6a12891a28711ed0", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libacl:libacl:2.3.1-4.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libacl:2.3.1-4.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/libacl@2.3.1-4.el9?arch=x86_64&upstream=acl-2.3.1-4.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "name": "libacl", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "66c8d8a589a6f28bba41148d9ad13341e78a5a9e" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2.3.1-4.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-libattr-246362466b6f01d4", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libattr:libattr:2.5.1-3.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libattr:2.5.1-3.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/libattr@2.5.1-3.el9?arch=x86_64&upstream=attr-2.5.1-3.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "name": "libattr", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "a18d42a0a3759707cfea42ce8caa4761a5b3ad82" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2.5.1-3.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-libcap-e129417de8081c72", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libcap:libcap:2.48-9.el9_2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libcap:2.48-9.el9_2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/libcap@2.48-9.el9_2?arch=x86_64&upstream=libcap-2.48-9.el9_2.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-BSD-or-GPLv2", + "name": "libcap", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "6e666c18cd839e6632a9395ab154f116f10ebb65" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2.48-9.el9_2" + }, + { + "SPDXID": "SPDXRef-Package-rpm-libgcc-492434936db2f877", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libgcc:libgcc:11.5.0-2.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libgcc:11.5.0-2.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/libgcc@11.5.0-2.el9?arch=x86_64&upstream=gcc-11.5.0-2.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-0a20635703258c08665cede2a4166b90795ad1cb30dd85cfde1598463d68ebf5", + "name": "libgcc", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "e94494ca348ac9fc5b386d040fe90f0981971511" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "11.5.0-2.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-libselinux-79db8c526f87ba3b", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libselinux:libselinux:3.6-1.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libselinux:3.6-1.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/libselinux@3.6-1.el9?arch=x86_64&upstream=libselinux-3.6-1.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Public-Domain", + "name": "libselinux", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "1b498b7af44a22054ee36e80a252f403a74b1936" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "3.6-1.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-libsepol-9891839d8f699944", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libsepol:libsepol:3.6-1.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libsepol:3.6-1.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/libsepol@3.6-1.el9?arch=x86_64&upstream=libsepol-3.6-1.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "name": "libsepol", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "73cd4d33cfe1305a388f0126d6faeab4b2352da4" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "3.6-1.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/ncurses-base@6.2-10.20210508.el9?arch=noarch&upstream=ncurses-6.2-10.20210508.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "name": "ncurses-base", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "7318e5838debb2d923905e67f9e8830f2a1ff5f4" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "6.2-10.20210508.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-ncurses-libs-31b40b2b21390159", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&upstream=ncurses-6.2-10.20210508.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "name": "ncurses-libs", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "4c1a2e70da159a5c5750d9c16c50843bd216d5f4" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "6.2-10.20210508.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-pcre2-1a97d50a68b062d7", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/pcre2@10.40-6.el9?arch=x86_64&upstream=pcre2-10.40-6.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-BSD", + "name": "pcre2", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "c74f502aab3063ee72922a7735edbd2f32c92080" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "10.40-6.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-pcre2-syntax-8f3dd37865073b05", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/pcre2-syntax@10.40-6.el9?arch=noarch&upstream=pcre2-10.40-6.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-BSD", + "name": "pcre2-syntax", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "24e5a6c8ae65ef32012444c539eb087f1b59a11a" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "10.40-6.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-redhat-release-bbf1d165194eceb0", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat-release:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat-release:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat_release:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat_release:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/redhat-release@9.5-0.6.el9?arch=x86_64&upstream=redhat-release-9.5-0.6.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv2", + "name": "redhat-release", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "52b7a27197892b1c65e8cb823a69d488baad9e23" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "9.5-0.6.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-setup-befa3e6a19701472", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:setup:2.13.7-10.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:setup:setup:2.13.7-10.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/setup@2.13.7-10.el9?arch=noarch&upstream=setup-2.13.7-10.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Public-Domain", + "name": "setup", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "73e4e3231d55347f5e68ec3d299370ea45716056" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2.13.7-10.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-tzdata-f21803b5b9d9adef", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:tzdata:2024b-2.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:tzdata:tzdata:2024b-2.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/tzdata@2024b-2.el9?arch=noarch&upstream=tzdata-2024b-2.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Public-Domain", + "name": "tzdata", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "2a486eded3c62267c2c6a9f3e0afc9fcc9f71874" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2024b-2.el9" + }, + { + "SPDXID": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro", + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "71c7ec827876417693bd3feb615a5c70753b78667cb27c17cb3a5346a6955da5" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:oci/registry.access.redhat.com/ubi9/ubi-micro@sha256:71c7ec827876417693bd3feb615a5c70753b78667cb27c17cb3a5346a6955da5?arch=amd64&tag=9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "registry.access.redhat.com/ubi9/ubi-micro", + "primaryPackagePurpose": "CONTAINER", + "supplier": "NOASSERTION", + "versionInfo": "9.5" + } + ], + "relationships": [ + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-gpg-pubkey-0b9edfc7dd36b25d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-pcre2-1a97d50a68b062d7" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libpcre2-8.so.0.11.0-76508eee1c05a21f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-pcre2-1a97d50a68b062d7" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libpcre2-posix.so.3.0.2-e532158c4b817c7e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-pcre2-1a97d50a68b062d7" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libattr.so.1.1.2501-321c1be60f60c92e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libattr-246362466b6f01d4" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-libattr-246362466b6f01d4" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-xattr.conf-678ec8bdcba04443", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libattr-246362466b6f01d4" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libtic.so.6.2-003fde36be0f67f6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-31b40b2b21390159" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libformw.so.6.2-312210cb4564eb6c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-31b40b2b21390159" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-31b40b2b21390159" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libmenu.so.6.2-62c1cbb37e1e73e9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-31b40b2b21390159" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libpanelw.so.6.2-71d861773b4886bc", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-31b40b2b21390159" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libform.so.6.2-8f6edbb4d1d74d74", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-31b40b2b21390159" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libncursesw.so.6.2-920a41048208b675", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-31b40b2b21390159" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libncurses.so.6.2-93154dad42e34e27", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-31b40b2b21390159" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libpanel.so.6.2-a166f911cefadc27", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-31b40b2b21390159" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libmenuw.so.6.2-c794ef08bd638d4a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-31b40b2b21390159" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libtinfo.so.6.2-d99aa3abce462877", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-31b40b2b21390159" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-libgcc-492434936db2f877" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libgcc-COPYING.LIB-7203255ef40d4de4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libgcc-492434936db2f877" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libgcc-COPYING-b04696f2df942d64", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libgcc-492434936db2f877" + }, + { + "relatedSpdxElement": "SPDXRef-File-...share-licenses-libgcc-COPYING.RUNTIME-b0ec8fd7b73b87ac", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libgcc-492434936db2f877" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libgcc-COPYING3.LIB-b89e765e63358c4a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libgcc-492434936db2f877" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libgcc-COPYING3-ec5729909c2cd646", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libgcc-492434936db2f877" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libgcc-s-11-20240719.so.1-f66aed1874e19fc7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libgcc-492434936db2f877" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-filesystem-5423c4a724c69dca" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-getconf-042cdd286e6690f7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-gencat-04a1ddd3855f10d2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-pldd-055567cad892fab9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-catchsegv-0759df524a156cc5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-ldd-1298cd5a74e6826f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-ld-linux-x86-64.so.2-1747ebd22f83821b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-zdump-29828b308b7825dc", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-tzselect-326f83eda515ade2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-getent-3ded0676f7352404", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-C.utf8-LC-TIME-416b2f4ec2cb80ff", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-C.utf8-LC-PAPER-45c3f98d1964a3e8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-locale-4b9ff5cd4da5b8fa", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "relatedSpdxElement": "SPDXRef-File-...lib-locale-C.utf8-LC-IDENTIFICATION-725fda6adbad0fbf", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "relatedSpdxElement": "SPDXRef-File-...C.utf8-LC-MESSAGES-SYS-LC-MESSAGES-77bbe8ef6464a65a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-C.utf8-LC-TELEPHONE-8558a6f8bda0c485", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-localedef-8b70a31f0cac693c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-C.utf8-LC-NUMERIC-9967ec5443ba73a4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-sbin-zic-b15b5d465aee7ab9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-C.utf8-LC-MEASUREMENT-b58d2081a4969565", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-C.utf8-LC-MONETARY-c17bf6ee94ebe658", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-C.utf8-LC-ADDRESS-c802b681a8f250e3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-C.utf8-LC-CTYPE-cdcaf220db009fa0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-C.utf8-LC-COLLATE-d3c342bee6dcb546", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-sprof-d44a620886ddc807", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-sotruss-de28eb2e62d67253", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-C.utf8-LC-NAME-e1d8632b411ad09f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-locale-locale.alias-e92b9052269bfc73", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-iconv-fea7c27abb2379a7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libacl.so.1.1.2301-0aed66c4c43d9b58", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libacl-6a12891a28711ed0" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-libacl-6a12891a28711ed0" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-gpg-pubkey-6a4614b48b443e33" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-libselinux-79db8c526f87ba3b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libselinux.so.1-6eb381216b173c89", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libselinux-79db8c526f87ba3b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib-tmpfiles.d-libselinux.conf-716de61452cc5971", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libselinux-79db8c526f87ba3b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libselinux-LICENSE-77f2cd76a94101c4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libselinux-79db8c526f87ba3b" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-pcre2-syntax-8f3dd37865073b05" + }, + { + "relatedSpdxElement": "SPDXRef-File-...share-licenses-pcre2-syntax-COPYING-a8464dcec87bbee9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-pcre2-syntax-8f3dd37865073b05" + }, + { + "relatedSpdxElement": "SPDXRef-File-...share-licenses-pcre2-syntax-LICENCE-fb79b00ae0e44273", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-pcre2-syntax-8f3dd37865073b05" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-libsepol-9891839d8f699944" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libsepol.so.2-bb20e788149dc450", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libsepol-9891839d8f699944" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libsepol-LICENSE-ee5fd43ebf029ce7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libsepol-9891839d8f699944" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-1006-0009c72c74d05586", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen.linux-0106185c64870554", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-...terminfo-s-screen.konsole-256color-0678602f53228644", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-E-Eterm-88color-07bcb10c818e4099", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-nic-08a29baae61ad386", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-p-pcansi-0a19615ebeac30dd", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen.xterm-r6-0d0cde67621a792a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-direct2-0ecfb769c36a9ec1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-m-mlterm-0f284e167468b1b5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-r6-1100569b6917a099", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-v-vte-12c0b6fb77e4d61f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen.teraterm-15c9d16bdfd03518", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-vt52-18a0fc5b405f66bb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-a-ansi-18f17340b1c317ef", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-...share-terminfo-r-rxvt-cygwin-native-195317f28204379e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-g-gnome-1a9c2d726b8c126a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-...share-licenses-ncurses-base-COPYING-1bc6d1cd3d250368", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-v-vt102-1f3435f3afd2d276", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-v-vwmterm-270fa8938267a450", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-j-jfbterm-283a1592f1cf50d9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-88color-283fc8e3ee96f437", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-t-tmux-256color-28de5a6ea420646d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-vt220-296a343547d250e1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-tabset-vt100-298a85211ecc4b47", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-1003-29af54678e28b363", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-xf86-v44-29c4a2250a8e7099", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-xf86-v43-2a01d7b4b0f99e19", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-r-rxvt-cygwin-2d73eb9d846ad6f0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-noapp-2d7a5e2a2d695d67", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-t-teraterm-342d83efb8e26d1e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-v-vt52-3842918a44b4288f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-pcolor-3ae28dbcb7ee1064", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-...share-terminfo-s-screen.putty-256color-3bcefe63df7a3182", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-tabset-vt300-3d7a749c4462a840", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-p-putty-256color-3d7b8d77141a8b76", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-v-vt100-nav-3dab877bb9ef7a2a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-w-wsvt25m-3ee77dcd6e5793b4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-tabset-std-407a9525a048dd46", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen.xterm-new-41e5b47d8b2451c4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-r-rxvt-16color-42a0754261a00928", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen.vte-46232dce5f9f1053", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-E-Eterm-4828a9729b5671d3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen.mrxvt-4961017c8f1c3c13", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-g-gnome-256color-4a13da257a00aa55", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-x10mouse-4d13b99d826352fc", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-a-ansi80x25-4eb50a12d84f1db6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-m-mach-bold-52bba60615f7afba", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-r-rxvt-xpm-55f1e4c9bb973e56", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen.mlterm-5648281511bb9e68", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-xf86-v40-56dd811b0724a42c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-xf86-v33-5e9225de46c88a70", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-xf86-v333-5ee1dc078962f011", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-...share-terminfo-s-screen.vte-256color-613315bfb56706c7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-r-rxvt-256color-630c16df57ed6910", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-bold-636521a3817f44ae", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-e-eterm-637abb0fcfdeb47a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-x11hilite-64a4feaa0dd6b2d9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-x11mouse-67512a50a60b801f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-E-Eterm-256color-6875874fb847f8d8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-r5-6b8a64f480281c19", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xfce-6da800c48d696606", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-sco-71536d5336b7441f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-b-bterm-7312425bb3c6aa61", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-w-wsvt25-75b970a9f7aeb473", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-m-mach-gnu-7d51880bebab97e4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-r-rxvt-unicode-81a02986ba0be4ba", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-m-mrxvt-838e0fbc1da4f0ae", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-direct256-83d05e339c3d35f9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-a-aterm-842e35a333e89a86", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-r-rxvt-84e831dcbb99da2f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-e-eterm-color-86cc058f9fd927b4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-direct-8bd24a65f67afdd2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-t-teraterm2.3-8c5a575a66f8e977", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-xfree86-8f87c54e33717d8e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-old-9058bd38928afffa", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen-93514644a56eff98", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-utf8-9474f46cff0f1e05", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen-256color-950e795f9db4720a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-k-konsole-96d77f7fbc16de85", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-1002-97ffea4cf903477d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-m-mach-gnu-color-9a939e415f4bbacb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-...share-terminfo-r-rxvt-unicode-256color-9b8eb38925f3173c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-k-konsole-256color-9ecdc44788dff863", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-A-Apple-Terminal-a07f6a51890c5947", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen-16color-a0a10386a4688beb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-p-putty-a3e0b9a9ee8f28ca", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-t-tmux-direct-a4af0056caa2c57c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen.putty-a4e3694097594470", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-m-mach-a777ddccda6725e2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-8bit-a8c318686ccec873", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-st-256color-acb513744458d668", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-h-hurd-adc28c372b7413e1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen.rxvt-adca528768a3c9c7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-v-vte-256color-aea610c4eeed8898", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen.gnome-b320bfa47a547129", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-...terminfo-s-screen.mlterm-256color-b4677666e3daf1fb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-direct16-b59e8770a30c3b95", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-t-tmux-b6f08df66be89c38", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-a-alacritty-b8b845c276eb7585", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-st-16color-bd44fc19971990ca", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-m-mach-color-c76a165128a5bcba", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-r-rxvt-color-ca676836f6b499ba", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-v-vt100-cf85ccca42a5a2b1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-c-cygwin-d407bb093bbe0ea0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-tabset-stdcrt-d5bc983827edd4ef", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-v-vt200-d656b949092607b3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen.Eterm-d683aaba04e2d552", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-xf86-v32-d9a45ec85a8d7ccc", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-l-linux-da0cc1fde7929d04", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-r-rxvt-basic-da12a4c7de2785b2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-v-vs100-db81a31d38f0a099", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-...share-terminfo-s-screen.xterm-256color-dde4f69058210fbc", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-new-ded3c2465a3cbd7c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-16color-dfc5343fb815d321", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-st-e2f108b047fcd221", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-256color-e4e378830ff40ff8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen.konsole-e75a0fa363a8edb3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-k-kitty-e8bd700df4d65667", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-sun-e9fdefdaf193a991", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-r-rxvt-88color-f03c0e34e677dc6d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-1005-f1da499593439bc8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-n-nxterm-f2b20d58cbfc1460", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-mono-f38e85a7902c8624", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-basic-f69988dd21e32a91", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-xi-f74c708d99ffd54e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-sun-f9c3e66fc5b9895f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-d-dumb-fb2d249b3d94b9c2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-hp-fdc254e3736fd19a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-ff4d73fa46b23733", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-ulimit-294ae7b1d8792003", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-a6062d7253817d9d" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-read-3038e7cdd4f2457a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-a6062d7253817d9d" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-skel-.bashrc-329bfd35243b3d50", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-a6062d7253817d9d" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-bash-COPYING-364360e48d41c33c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-a6062d7253817d9d" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-unalias-3c7a78190734ac2c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-a6062d7253817d9d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-bash-a6062d7253817d9d" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-getopts-4504ca799ea14d27", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-a6062d7253817d9d" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-cd-4d09709e1a0767cb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-a6062d7253817d9d" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-hash-4edf0ef1bd6d64db", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-a6062d7253817d9d" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-skel-.bash-logout-599c25df6f626da6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-a6062d7253817d9d" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-type-5be5c30ab6dbd6da", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-a6062d7253817d9d" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-bash-6fa9a77610a6424a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-a6062d7253817d9d" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-umask-72ef05d9ecfdd9a0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-a6062d7253817d9d" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-command-8c939e28ed090288", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-a6062d7253817d9d" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-jobs-a2d1ef99a51082c3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-a6062d7253817d9d" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-fg-b4c286f3073457a6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-a6062d7253817d9d" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-skel-.bash-profile-b648a54d502454df", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-a6062d7253817d9d" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-wait-b9b95b25728ed5e9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-a6062d7253817d9d" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-bashbug-64-c327e2c36384571a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-a6062d7253817d9d" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-fc-dff600935f2b756b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-a6062d7253817d9d" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-bg-e06d6334b1748390", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-a6062d7253817d9d" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-alias-f55de14a8e2e192a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-a6062d7253817d9d" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gconv-gconv-modules.cache-02c86f8b5782080d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gconv-UTF-32.so-0422a3de27ba8218", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-glibc-COPYING-07761235abd23294", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libc-malloc-debug.so.0-0cd5d3e0c713a5a3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-librt.so.1-1413c9de68223115", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-nsswitch.conf-14b3989da6efda4a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-ld-linux-x86-64.so.2-1747ebd22f83821b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-sbin-ldconfig-2470e805dcaf3337", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libmvec.so.1-252e895078577c0d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gconv-UNICODE.so-25f0f51c1f89d8f0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-ld.so.conf-282b8f0ef7667cde", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-ld.so.cache-3303d89935058cf0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gconv-ISO8859-15.so-3b41150404d45e56", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libc.so.6-3deace09a409d0d0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libnss-dns.so.2-45ade9708b31e632", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gconv-UTF-16.so-477868edd8205945", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gconv-ANSI-X3.110.so-48dc10363ec04799", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-sbin-iconvconfig-55cc6aefc3a45db5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-audit-sotruss-lib.so-6235ef0643d4a14e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libSegFault.so-63c3f57d370dea27", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libpthread.so.0-6d0ecabe4efac702", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libdl.so.2-776266db8d5dfeaa", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gconv-CP1252.so-7eae0e1a3e331c1d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libpcprofile.so-8251d69d2a1bdc02", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gconv-ISO8859-1.so-862870f595274f40", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gconv-gconv-modules-8842aea72f6aa015", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libresolv.so.2-8e8a1e9e7cca96d3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libnss-compat.so.2-8f0188eaa6c06223", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-rpc-92a0ad0f9e56cf54", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gconv-UTF-7.so-9fe7e4964c757aeb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-glibc-LICENSES-ac733906db18789e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libutil.so.1-c09bb613b4315052", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libm.so.6-c476348290be58ba", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libnss-files.so.2-cad72ad10f0eb4f8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-glibc-COPYING.LIB-cecc782aa7b1e7c9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libBrokenLocale.so.1-cf18627e23e984c4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libanl.so.1-de6ce068dd8d2b3f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libthread-db.so.1-e29bc034e6b11ae7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libmemusage.so-f6e217b5fe40dbc8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-...libexec-getconf-POSIX-V6-LP64-OFF64-f9bde8a44c9ad30d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2" + }, + { + "relatedSpdxElement": "SPDXRef-File-...system-preset-90-default.preset-121d57fa77de27a3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-bbf1d165194eceb0" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-issue-1304fc07a399262d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-bbf1d165194eceb0" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-system-release-cpe-14a9a50d5b249756", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-bbf1d165194eceb0" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-bbf1d165194eceb0" + }, + { + "relatedSpdxElement": "SPDXRef-File-...dnf-protected.d-redhat-release.conf-4bfb5d89816ea952", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-bbf1d165194eceb0" + }, + { + "relatedSpdxElement": "SPDXRef-File-...99-default-disable.preset-4c8aa3bc542b4878", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-bbf1d165194eceb0" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib-os-release-60ae387f12bbdcfb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-bbf1d165194eceb0" + }, + { + "relatedSpdxElement": "SPDXRef-File-...com.redhat.RHEL-9.5-x86-64.swidtag-6d3677e4db85f55f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-bbf1d165194eceb0" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib-sysctl.d-50-redhat.conf-7a133b6f93d1fa35", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-bbf1d165194eceb0" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-pki-product-default-479.pem-814094b5105175a0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-bbf1d165194eceb0" + }, + { + "relatedSpdxElement": "SPDXRef-File-...user-preset-90-default-user.preset-a58bf7c45d2e7be1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-bbf1d165194eceb0" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-redhat-release-a6261911e94ff98a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-bbf1d165194eceb0" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib-rpm-macros.d-macros.dist-ac288cbfb0ac99cf", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-bbf1d165194eceb0" + }, + { + "relatedSpdxElement": "SPDXRef-File-...pki-rpm-gpg-RPM-GPG-KEY-redhat-beta-ad862b12a46e228d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-bbf1d165194eceb0" + }, + { + "relatedSpdxElement": "SPDXRef-File-...com.redhat.RHEL-9-x86-64.swidtag-c6a282cf82cea475", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-bbf1d165194eceb0" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-issue.net-cce465ff5a74e112", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-bbf1d165194eceb0" + }, + { + "relatedSpdxElement": "SPDXRef-File-...pki-rpm-gpg-RPM-GPG-KEY-redhat-release-d231fdcaea7d6630", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-bbf1d165194eceb0" + }, + { + "relatedSpdxElement": "SPDXRef-File-...user-preset-99-default-disable.preset-e453479c4f575e2e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-bbf1d165194eceb0" + }, + { + "relatedSpdxElement": "SPDXRef-File-...pki-rpm-gpg-ISV-Container-signing-key-e47e72ccba5baab6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-bbf1d165194eceb0" + }, + { + "relatedSpdxElement": "SPDXRef-File-...85-display-manager.preset-e4ffecdd0b797b12", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-bbf1d165194eceb0" + }, + { + "relatedSpdxElement": "SPDXRef-File-...CA-redhat.com-redhatcodesignca.cert-f3e72b04220487f2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-bbf1d165194eceb0" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-ln-00f4acaa8dc59e2e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-df-0251bd9fc02e0270", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-tsort-090b325103ea5c7e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-sha1sum-099b3b80e0d55e14", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-chgrp-09e3e4c2688b9525", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-chown-0cb3fbcbd2dd5cd5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-arch-0e29a57cbdd6ed76", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-sleep-0eb8f50913ea3f60", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-whoami-0fafedc4e6fd7cf0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-logname-11f8cc18ba3f55d9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-mv-125be635cd0bbc9a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-base64-12bdc54d751ff826", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-b2sum-14cdc4287f825a65", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-split-18c628e1581ef32f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-env-1acc693ece00bcd3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-realpath-1c1877936aef4d1e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-factor-1cde0c361cc14dcf", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-join-1d0ed68dc53ce512", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-nl-1ec25a2e334ddb41", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-dir-1fea95d62467d732", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-tty-20f0e0881f4f91b9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-who-213a833496f6970f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-du-22201df6e59de74c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-date-24e937f12da00a5b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-uname-2fae52fc2880ff83", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-touch-3113715cd7c7652d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-dd-3199eee3197712c6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-pinky-33708b8bfc387de7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-hostid-3735e1d949211fd0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-tee-3a050951eac42194", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-basename-3cbefbcaae750b3a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-test-4063805e2cb14bb4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-sum-442756f97c0385ee", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-install-4440c693304bdd69", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-mkdir-4479450064f58594", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-sha384sum-44cbc0c3016ab504", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-cat-4d08b7ddb80d2d2d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-sort-4da4e02973d88fc8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-coreutils-53b48ec4c592891a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-cksum-55db1a7e426872ee", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-mkfifo-562dfae3104460c6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-true-584c36265a2ea13b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-link-5a90803bc828932e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-pwd-5faacd44ff9fbfb7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-base32-6093de115bced1fd", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-nohup-60ceddea44a3652b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-rmdir-61cf5d4d97dea3ee", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-stdbuf-6200262a8b800757", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-nice-63f79ec19e1b94ca", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-users-64c3ef3ca25bde85", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-tac-671e7687831fbe6a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-echo-691db0f09237c546", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-groups-7237d96811f2e6ee", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin---75628b804e454e0d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-unexpand-77c849091ccf0af5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-wc-7aa468a1496ac054", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-libexec-coreutils-libstdbuf.so-7e3301b473a2ca4c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-paste-8113452b5c9716ac", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-sync-87495cf5d2d47fda", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-md5sum-8adef0d2c945e765", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-shuf-8caa893d3ea3ff10", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-sha256sum-8da81b57196be8e6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-ls-903a0f05a27e0800", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-stat-a01c2e35e4cd9dcf", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-cut-a288191daac71d98", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-vdir-a2a7ca8c886b41cc", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-expand-a842a425e8b987c8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-mktemp-a873586e1f1964c1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-pr-adaa31120292d0e1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-printf-adb4ccdfd776d96e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-seq-adfd58add87f17eb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-unlink-aebe7ba7f1d173d9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-readlink-b8fd4c93bdc2dc56", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-expr-b93c0744925b06c4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-fmt-c00cfb94994cd346", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-uniq-c2991afcc7b64b3f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-head-c562bff015a5e88a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-pathchk-c95cb2db6f7ef3a7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-sha512sum-c98b488a39cc46b1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-shred-ca299e004609c194", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-ptx-cb05c7cc7d580a18", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-mknod-cd5975a581a20d54", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-false-cd6c00e954c6b9b5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-sbin-chroot-cda6749939d0cff4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-nproc-d08b3eda3bb0f423", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-sha224sum-d2810e0008a20996", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-stty-df46e51677002d7e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-od-e0fd5015daca3aa1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-id-e1320d675eea1128", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-rm-e49573c9128715cd", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-runcon-e558523be5608a79", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-dirname-e9694d234553dca8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-timeout-e9a6add62f58cbe4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-cp-ea0da78f2e6c40fb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-tr-ea9479d5ccdf69bd", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-fold-ead1fbc22936c919", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-numfmt-ebb77e74644544c1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-truncate-ee3e17c720f2d89d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-csplit-ee98983da607a90a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-comm-ef6f6422dd145c33", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-dircolors-f3eb429bb84f6e99", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-yes-f609f1cbc122d4a0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-basenc-f6ba024f90647bbe", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-printenv-f74c6fd74cfbdcc1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-...licenses-coreutils-single-COPYING-f7aa12fe08136189", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-tail-fabc98d06b8cab7f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-chcon-fc2ed4d716d9178c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-bin-chmod-ff13fc8c0587311f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-motd-093b22943ed4c34a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-dnf-protected.d-setup.conf-0e60b5f54e6783d8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-setup-COPYING-116acb9eb7405672", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-networks-1dd9301a3f39bdc0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-subuid-287d5200559a822d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-aliases-3b106a4ceb41fa8a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-csh.login-3c8c67ce970d943c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-services-3cbf00f0b164b17c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib-tmpfiles.d-setup.conf-4262ed2903a85bf2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-hosts-48d73557460f1b0c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-profile-4a600a29b1d01aae", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-passwd-4f54b5b8e3df4744", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-run-motd-5c306b86c8a54142", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-profile.d-lang.csh-6097a424159ffd12", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-filesystems-7b2c0d164c096cb1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-gshadow-85e3bf161980644c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-protocols-8b62a585637b8b5b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-shells-8d553efaf5216c48", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-group-97a2758b67a452b1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-host.conf-9c2274ba4f682829", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-profile.d-lang.sh-9eca6e02c9ae5f64", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-bashrc-9f080adee0f8cd58", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-ethertypes-a20b8b5eb6252dd2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-environment-bdc00b8f2846e41e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-csh.cshrc-d010f2b6ecbcec3d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib-motd-d19d55a5de663610", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-profile.d-csh.local-d4bfd3dedb9affb5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-printcap-d4e47022fd81cec8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-subgid-e39d406381c59c32", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-shadow-e4c8fba2d6e37bf3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-inputrc-e949a0e9793ef0f9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-profile.d-sh.local-edcbf30f1466e9ca", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "relatedSpdxElement": "SPDXRef-File-etc-exports-feafa1df08fa0a8d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-befa3e6a19701472" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-glibc-minimal-langpack-d35bdd9cfa0b8d62" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-sbin-getpcaps-0c50e936ee3494b7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libcap-e129417de8081c72" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-libcap-e129417de8081c72" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libcap-License-73f5b11287ef6f7b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libcap-e129417de8081c72" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-sbin-capsh-93d2291b22fe3ffa", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libcap-e129417de8081c72" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-sbin-getcap-a05f7b95464d0b21", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libcap-e129417de8081c72" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-security-pam-cap.so-afbd982a53c5859b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libcap-e129417de8081c72" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libpsx.so.2.48-afddc064db424ac5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libcap-e129417de8081c72" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-sbin-setcap-b8726263fe64c3fb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libcap-e129417de8081c72" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libcap.so.2.48-c21818d7924866af", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libcap-e129417de8081c72" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-tzdata-f21803b5b9d9adef" + }, + { + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-tzdata-LICENSE-ee9a3905115b2c10", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-tzdata-f21803b5b9d9adef" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-basesystem-fcabd006cb3bfe7d" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-basesystem-fcabd006cb3bfe7d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-bash-a6062d7253817d9d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-filesystem-5423c4a724c69dca", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-glibc-minimal-langpack-d35bdd9cfa0b8d62", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-gpg-pubkey-6a4614b48b443e33", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-gpg-pubkey-0b9edfc7dd36b25d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-libacl-6a12891a28711ed0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-libattr-246362466b6f01d4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-libcap-e129417de8081c72", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-libgcc-492434936db2f877", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-libselinux-79db8c526f87ba3b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-libsepol-9891839d8f699944", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-ncurses-libs-31b40b2b21390159", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-pcre2-1a97d50a68b062d7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-pcre2-syntax-8f3dd37865073b05", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-redhat-release-bbf1d165194eceb0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-setup-befa3e6a19701472", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-tzdata-f21803b5b9d9adef", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro", + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT" + } + ], + "spdxVersion": "SPDX-2.3" +} diff --git a/sbom-utility-scripts/scripts/merge-sboms-script/test_data/spdx/syft.merged-by-syft.bom.json b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/spdx/syft.merged-by-syft.bom.json new file mode 100644 index 0000000..b1852e2 --- /dev/null +++ b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/spdx/syft.merged-by-syft.bom.json @@ -0,0 +1,12789 @@ +{ + "SPDXID": "SPDXRef-DOCUMENT", + "creationInfo": { + "created": "2024-12-18T11:28:00Z", + "creators": [ + "Organization: Anchore, Inc", + "Tool: syft-1.4.1" + ], + "licenseListVersion": "3.23" + }, + "dataLicense": "CC0-1.0", + "documentNamespace": "https://anchore.com/syft/dir/syft-sboms-b66779b6-6e20-4128-9fad-da28250a1b82", + "files": [ + { + "SPDXID": "SPDXRef-File-gomod-pandemonium.bom.json-f18ea85332ea2584", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "copyrightText": "", + "fileName": "/gomod-pandemonium.bom.json", + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "copyrightText": "", + "fileName": "/npm-cachi2-smoketest.bom.json", + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-pip-e2e-test.bom.json-b794676892416cab", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "copyrightText": "", + "fileName": "/pip-e2e-test.bom.json", + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + }, + { + "SPDXID": "SPDXRef-File-ubi-micro.bom.json-803beb9a045954db", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "copyrightText": "", + "fileName": "/ubi-micro.bom.json", + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ] + } + ], + "hasExtractedLicensingInfos": [ + { + "extractedText": "0a20635703258c08665cede2a4166b90795ad1cb30dd85cfde1598463d68ebf5", + "licenseId": "LicenseRef-0a20635703258c08665cede2a4166b90795ad1cb30dd85cfde1598463d68ebf5" + }, + { + "extractedText": "BSD", + "licenseId": "LicenseRef-BSD" + }, + { + "extractedText": "BSD-or-GPLv2", + "licenseId": "LicenseRef-BSD-or-GPLv2" + }, + { + "extractedText": "GPLv2", + "licenseId": "LicenseRef-GPLv2" + }, + { + "extractedText": "GPLv3-", + "licenseId": "LicenseRef-GPLv3-" + }, + { + "extractedText": "LGPLv2-", + "licenseId": "LicenseRef-LGPLv2-" + }, + { + "extractedText": "Public-Domain", + "licenseId": "LicenseRef-Public-Domain" + }, + { + "extractedText": "cedbc2fa4301332b3d3569627696d986a63b3f3a293a2759a611c7c3deebd428", + "licenseId": "LicenseRef-cedbc2fa4301332b3d3569627696d986a63b3f3a293a2759a611c7c3deebd428" + }, + { + "extractedText": "pubkey", + "licenseId": "LicenseRef-pubkey" + } + ], + "name": "./syft-sboms", + "packages": [ + { + "SPDXID": "SPDXRef-Package-go-module-.-terminaltor-1671ab40c14d0b34", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/./terminaltor", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "./terminaltor", + "sourceInfo": "acquired package info from SBOM: /gomod-pandemonium.bom.json", + "supplier": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-go-module-.-weird-3c6895ca4a5780ff", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/./weird", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "./weird", + "sourceInfo": "acquired package info from SBOM: /gomod-pandemonium.bom.json", + "supplier": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-npm--types-prop-types-a1fae41b0622df85", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/prop-types:\\@types\\/prop-types:15.7.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/prop-types:\\@types\\/prop_types:15.7.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/prop_types:\\@types\\/prop-types:15.7.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/prop_types:\\@types\\/prop_types:15.7.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/prop:\\@types\\/prop-types:15.7.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/prop:\\@types\\/prop_types:15.7.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/prop-types:\\@types\\/prop-types:15.7.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/prop-types:\\@types\\/prop_types:15.7.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/prop_types:\\@types\\/prop-types:15.7.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/prop_types:\\@types\\/prop_types:15.7.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/prop:\\@types\\/prop-types:15.7.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/prop:\\@types\\/prop_types:15.7.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/%40types/prop-types@15.7.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "@types/prop-types", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "15.7.5" + }, + { + "SPDXID": "SPDXRef-Package-npm--types-react-cc6308c01a151a0d", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/react:\\@types\\/react:18.0.35:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/react:\\@types\\/react:18.0.35:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/%40types/react@18.0.35", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "@types/react", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "18.0.35" + }, + { + "SPDXID": "SPDXRef-Package-npm--types-react-dom-066f90bcde616825", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/react-dom:\\@types\\/react-dom:18.0.11:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/react-dom:\\@types\\/react_dom:18.0.11:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/react_dom:\\@types\\/react-dom:18.0.11:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/react_dom:\\@types\\/react_dom:18.0.11:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/react:\\@types\\/react-dom:18.0.11:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/react:\\@types\\/react_dom:18.0.11:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/react-dom:\\@types\\/react-dom:18.0.11:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/react-dom:\\@types\\/react_dom:18.0.11:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/react_dom:\\@types\\/react-dom:18.0.11:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/react_dom:\\@types\\/react_dom:18.0.11:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/react:\\@types\\/react-dom:18.0.11:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/react:\\@types\\/react_dom:18.0.11:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/%40types/react-dom@18.0.11", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "@types/react-dom", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "18.0.11" + }, + { + "SPDXID": "SPDXRef-Package-npm--types-scheduler-6affbd71356d2e4e", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/scheduler:\\@types\\/scheduler:0.16.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/scheduler:\\@types\\/scheduler:0.16.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/%40types/scheduler@0.16.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "@types/scheduler", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "0.16.3" + }, + { + "SPDXID": "SPDXRef-Package-npm-abbrev-3f2c98629448bcde", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:abbrev:abbrev:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:abbrev:abbrev:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/abbrev@2.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "abbrev", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "2.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-accepts-8c90408f77776505", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:accepts:accepts:1.3.8:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:accepts:accepts:1.3.8:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/accepts@1.3.8", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "accepts", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.3.8" + }, + { + "SPDXID": "SPDXRef-Package-npm-array-flatten-196de035e586b40b", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:array-flatten:array-flatten:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:array-flatten:array_flatten:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:array_flatten:array-flatten:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:array_flatten:array_flatten:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:array:array-flatten:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:array:array_flatten:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:array-flatten:array-flatten:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:array-flatten:array_flatten:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:array_flatten:array-flatten:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:array_flatten:array_flatten:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:array:array-flatten:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:array:array_flatten:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/array-flatten@1.1.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "array-flatten", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.1.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-bar-79f0e750826367d3", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bar:bar:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bar:bar:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/bar", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "bar", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-npm-bar-98f7b0bedb98d9ce", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bar:bar:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bar:bar:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/bar@1.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "ISC", + "name": "bar", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-rpm-basesystem-2c317c7cf8a94c7e", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:basesystem:basesystem:11-13.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:basesystem:11-13.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:basesystem:basesystem:11-13.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:basesystem:11-13.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/basesystem@11-13.el9?arch=noarch&upstream=basesystem-11-13.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Public-Domain", + "name": "basesystem", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from SBOM: /ubi-micro.bom.json", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "11-13.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-bash-12ea3c2e4228ff95", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:bash:5.1.8-9.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bash:bash:5.1.8-9.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:bash:5.1.8-9.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bash:bash:5.1.8-9.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/bash@5.1.8-9.el9?arch=x86_64&upstream=bash-5.1.8-9.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv3-", + "name": "bash", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from SBOM: /ubi-micro.bom.json", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "5.1.8-9.el9" + }, + { + "SPDXID": "SPDXRef-Package-npm-bitbucket-cachi2-npm-without-deps-9f1e093abbcf70ca", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/bitbucket-cachi2-npm-without-deps@1.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "bitbucket-cachi2-npm-without-deps", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-bitbucket-cachi2-npm-without-deps-second-2f6775ac03ab8e1e", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps-second:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps-second:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps_second:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps_second:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps-second:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps-second:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps_second:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps_second:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/bitbucket-cachi2-npm-without-deps-second@2.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "bitbucket-cachi2-npm-without-deps-second", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "2.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-body-parser-f9dc933dfe04c993", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:body-parser:body-parser:1.20.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:body-parser:body_parser:1.20.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:body_parser:body-parser:1.20.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:body_parser:body_parser:1.20.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:body:body-parser:1.20.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:body:body_parser:1.20.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:body-parser:body-parser:1.20.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:body-parser:body_parser:1.20.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:body_parser:body-parser:1.20.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:body_parser:body_parser:1.20.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:body:body-parser:1.20.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:body:body_parser:1.20.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/body-parser@1.20.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "body-parser", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.20.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-bytes-5b1cf7149106e69b", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bytes:bytes:3.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bytes:bytes:3.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/bytes@3.1.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "bytes", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "3.1.2" + }, + { + "SPDXID": "SPDXRef-Package-npm-cachito-npm-without-deps-a38e41e36cf88bad", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-npm-without-deps:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-npm-without-deps:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_npm_without_deps:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_npm_without_deps:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-npm-without:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-npm-without:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_npm_without:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_npm_without:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-npm:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-npm:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_npm:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_npm:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-npm-without-deps:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-npm-without-deps:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_npm_without_deps:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_npm_without_deps:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-npm-without:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-npm-without:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_npm_without:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_npm_without:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-npm:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-npm:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_npm:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_npm:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/cachito-npm-without-deps@1.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "cachito-npm-without-deps", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-call-bind-58ed691ed411489f", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:call-bind:call-bind:1.0.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:call-bind:call_bind:1.0.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:call_bind:call-bind:1.0.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:call_bind:call_bind:1.0.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:call:call-bind:1.0.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:call:call_bind:1.0.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:call-bind:call-bind:1.0.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:call-bind:call_bind:1.0.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:call_bind:call-bind:1.0.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:call_bind:call_bind:1.0.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:call:call-bind:1.0.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:call:call_bind:1.0.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/call-bind@1.0.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "call-bind", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.2" + }, + { + "SPDXID": "SPDXRef-Package-python-certifi-e52809bc353be33d", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:kennethreitz:certifi:2022.12.7:*:*:*:*:python:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:kennethreitz:certifi:2022.12.7:*:*:*:*:python:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/certifi@2022.12.7", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "certifi", + "sourceInfo": "acquired package info from SBOM: /pip-e2e-test.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "2022.12.7" + }, + { + "SPDXID": "SPDXRef-Package-python-charset-normalizer-e1219ba0515f33fd", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset-normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset-normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset_normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset_normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset-normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset-normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset_normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset_normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset-normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset-normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset_normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset_normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset-normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset-normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset_normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset_normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset-normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset-normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset_normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset_normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset-normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset-normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset_normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset_normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset-normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset-normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset_normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset_normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset-normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset-normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset_normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset_normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/charset-normalizer@3.0.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "charset-normalizer", + "sourceInfo": "acquired package info from SBOM: /pip-e2e-test.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "3.0.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-classnames-53793bbaf4ff2702", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:classnames:classnames:2.3.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:classnames:classnames:2.3.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/classnames@2.3.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "classnames", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "2.3.2" + }, + { + "SPDXID": "SPDXRef-Package-npm-colors-1d1826d50905148c", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:colors:colors:1.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:colors:colors:1.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/colors@1.4.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "colors", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.4.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-content-disposition-fcafa5c6e147583a", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content-disposition:content-disposition:0.5.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content-disposition:content_disposition:0.5.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content_disposition:content-disposition:0.5.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content_disposition:content_disposition:0.5.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content:content-disposition:0.5.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content:content_disposition:0.5.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content-disposition:content-disposition:0.5.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content-disposition:content_disposition:0.5.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content_disposition:content-disposition:0.5.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content_disposition:content_disposition:0.5.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content:content-disposition:0.5.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content:content_disposition:0.5.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/content-disposition@0.5.4", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "content-disposition", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "0.5.4" + }, + { + "SPDXID": "SPDXRef-Package-npm-content-type-a826a235775c30fe", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content-type:content-type:1.0.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content-type:content_type:1.0.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content_type:content-type:1.0.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content_type:content_type:1.0.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content:content-type:1.0.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content:content_type:1.0.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content-type:content-type:1.0.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content-type:content_type:1.0.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content_type:content-type:1.0.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content_type:content_type:1.0.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content:content-type:1.0.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content:content_type:1.0.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/content-type@1.0.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "content-type", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.5" + }, + { + "SPDXID": "SPDXRef-Package-npm-cookie-810ba11741c1022d", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cookie:cookie:0.5.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cookie:cookie:0.5.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/cookie@0.5.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "cookie", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "0.5.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-cookie-signature-bc6d018ca9116d6f", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cookie-signature_project:cookie-signature:1.0.6:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cookie-signature_project:cookie-signature:1.0.6:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/cookie-signature@1.0.6", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "cookie-signature", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.6" + }, + { + "SPDXID": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils-single:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils-single:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils_single:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils_single:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils-single:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils-single:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils_single:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils_single:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/coreutils-single@8.32-36.el9?arch=x86_64&upstream=coreutils-8.32-36.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv3-", + "name": "coreutils-single", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from SBOM: /ubi-micro.bom.json", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "8.32-36.el9" + }, + { + "SPDXID": "SPDXRef-Package-npm-csstype-24b1a879e4d9eeb3", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:csstype:csstype:3.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:csstype:csstype:3.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/csstype@3.1.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "csstype", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "3.1.2" + }, + { + "SPDXID": "SPDXRef-Package-npm-dateformat-3a1dc749542163dd", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:dateformat:dateformat:5.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:dateformat:dateformat:5.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/dateformat@5.0.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "dateformat", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "5.0.3" + }, + { + "SPDXID": "SPDXRef-Package-npm-debug-c8d0e1208d789176", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:debug_project:debug:2.6.9:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:debug_project:debug:2.6.9:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/debug@2.6.9", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "debug", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "2.6.9" + }, + { + "SPDXID": "SPDXRef-Package-npm-depd-d73550777a1e57f6", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:depd:depd:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:depd:depd:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/depd@2.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "depd", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "2.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-destroy-10a5c85ca836d9e8", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:destroy:destroy:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:destroy:destroy:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/destroy@1.2.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "destroy", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.2.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-ee-first-fb516ddf71779a21", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ee-first:ee-first:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ee-first:ee_first:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ee_first:ee-first:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ee_first:ee_first:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ee:ee-first:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ee:ee_first:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ee-first:ee-first:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ee-first:ee_first:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ee_first:ee-first:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ee_first:ee_first:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ee:ee-first:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ee:ee_first:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/ee-first@1.1.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "ee-first", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.1.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-eggs-b2b294d7d191c8fe", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:eggs:eggs:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:eggs:eggs:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/eggs", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "eggs", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-npm-eggs-packages-eggs-9cd2a8b438e99a33", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:eggs-packages\\/eggs:eggs-packages\\/eggs:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:eggs-packages\\/eggs:eggs_packages\\/eggs:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:eggs_packages\\/eggs:eggs-packages\\/eggs:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:eggs_packages\\/eggs:eggs_packages\\/eggs:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:eggs:eggs-packages\\/eggs:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:eggs:eggs_packages\\/eggs:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:eggs-packages\\/eggs:eggs-packages\\/eggs:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:eggs-packages\\/eggs:eggs_packages\\/eggs:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:eggs_packages\\/eggs:eggs-packages\\/eggs:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:eggs_packages\\/eggs:eggs_packages\\/eggs:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:eggs:eggs-packages\\/eggs:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:eggs:eggs_packages\\/eggs:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/eggs-packages/eggs@1.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "ISC", + "name": "eggs-packages/eggs", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-encodeurl-d607763331c68509", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:encodeurl:encodeurl:1.0.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:encodeurl:encodeurl:1.0.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/encodeurl@1.0.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "encodeurl", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.2" + }, + { + "SPDXID": "SPDXRef-Package-npm-escape-html-5ec3e61bff1d689b", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:escape-html:escape-html:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:escape-html:escape_html:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:escape_html:escape-html:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:escape_html:escape_html:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:escape:escape-html:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:escape:escape_html:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:escape-html:escape-html:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:escape-html:escape_html:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:escape_html:escape-html:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:escape_html:escape_html:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:escape:escape-html:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:escape:escape_html:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/escape-html@1.0.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "escape-html", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.3" + }, + { + "SPDXID": "SPDXRef-Package-npm-etag-59fd55ac302a84dd", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:etag:etag:1.8.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:etag:etag:1.8.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/etag@1.8.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "etag", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.8.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-express-e31504920cb0b66f", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:openjsf:express:4.18.2:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:openjsf:express:4.18.2:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/express@4.18.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "express", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "4.18.2" + }, + { + "SPDXID": "SPDXRef-Package-npm-fecha-b7907543ae6e117b", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:fecha:fecha:4.2.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:fecha:fecha:4.2.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/fecha@4.2.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "name": "fecha", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "4.2.3" + }, + { + "SPDXID": "SPDXRef-Package-rpm-filesystem-161b9671f12c19da", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:filesystem:filesystem:3.16-5.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:filesystem:3.16-5.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:filesystem:filesystem:3.16-5.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:filesystem:3.16-5.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/filesystem@3.16-5.el9?arch=x86_64&upstream=filesystem-3.16-5.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Public-Domain", + "name": "filesystem", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from SBOM: /ubi-micro.bom.json", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "3.16-5.el9" + }, + { + "SPDXID": "SPDXRef-Package-npm-finalhandler-6d52233d96a858c0", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:finalhandler:finalhandler:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:finalhandler:finalhandler:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/finalhandler@1.2.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "finalhandler", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.2.0" + }, + { + "SPDXID": "SPDXRef-Package-python-flit-core-de93cd3cdf60a4ec", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit-core:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit-core:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit_core:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit_core:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit-core:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit-core:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit_core:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit_core:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit-core:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit-core:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit_core:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit_core:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit-core:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit-core:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit_core:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit_core:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit-core:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit-core:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit_core:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit_core:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit-core:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit-core:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit_core:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit_core:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit-core:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit-core:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit_core:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit_core:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit-core:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit-core:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit_core:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit_core:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/flit-core@3.8.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "flit-core", + "sourceInfo": "acquired package info from SBOM: /pip-e2e-test.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "3.8.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-foo-1d813e18e8c26050", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:foo:foo:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:foo:foo:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/foo", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "foo", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-npm-foo-a251fe49069fb925", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:foo:foo:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:foo:foo:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/foo@1.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "ISC", + "name": "foo", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-forwarded-e1faef01df7b508d", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:forwarded_project:forwarded:0.2.0:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:forwarded_project:forwarded:0.2.0:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/forwarded@0.2.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "forwarded", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "0.2.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-fresh-b182f50e5537b058", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:fresh_project:fresh:0.5.2:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:fresh_project:fresh:0.5.2:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/fresh@0.5.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "fresh", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "0.5.2" + }, + { + "SPDXID": "SPDXRef-Package-npm-function-bind-00191865e9951ee0", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:function-bind:function-bind:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:function-bind:function_bind:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:function_bind:function-bind:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:function_bind:function_bind:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:function:function-bind:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:function:function_bind:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:function-bind:function-bind:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:function-bind:function_bind:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:function_bind:function-bind:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:function_bind:function_bind:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:function:function-bind:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:function:function_bind:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/function-bind@1.1.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "function-bind", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.1.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-get-intrinsic-2dd848007eb3935c", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:get-intrinsic:get-intrinsic:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:get-intrinsic:get_intrinsic:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:get_intrinsic:get-intrinsic:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:get_intrinsic:get_intrinsic:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:get:get-intrinsic:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:get:get_intrinsic:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:get-intrinsic:get-intrinsic:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:get-intrinsic:get_intrinsic:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:get_intrinsic:get-intrinsic:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:get_intrinsic:get_intrinsic:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:get:get-intrinsic:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:get:get_intrinsic:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/get-intrinsic@1.2.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "get-intrinsic", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.2.0" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-Azure-go-ansiterm-1829ebb636ec78cd", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:Azure:go-ansiterm:v0.0.0-20210617225240-d185dfc1b5a1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:Azure:go_ansiterm:v0.0.0-20210617225240-d185dfc1b5a1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:Azure:go-ansiterm:v0.0.0-20210617225240-d185dfc1b5a1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:Azure:go_ansiterm:v0.0.0-20210617225240-d185dfc1b5a1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/azure/go-ansiterm@v0.0.0-20210617225240-d185dfc1b5a1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/Azure/go-ansiterm", + "sourceInfo": "acquired package info from SBOM: /gomod-pandemonium.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "v0.0.0-20210617225240-d185dfc1b5a1" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-Masterminds-semver-173062b40aeacc93", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:Masterminds:semver:v1.4.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:Masterminds:semver:v1.4.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/masterminds/semver@v1.4.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/Masterminds/semver", + "sourceInfo": "acquired package info from SBOM: /gomod-pandemonium.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "v1.4.2" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-Microsoft-go-winio-825a41013698e18b", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:Microsoft:go-winio:v0.6.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:Microsoft:go_winio:v0.6.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:Microsoft:go-winio:v0.6.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:Microsoft:go_winio:v0.6.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/microsoft/go-winio@v0.6.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/Microsoft/go-winio", + "sourceInfo": "acquired package info from SBOM: /gomod-pandemonium.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "v0.6.0" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-cachito-testing-gomod-pandemonium-terminaltor-678a651734b3b388", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-testing:gomod-pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-testing:gomod_pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_testing:gomod-pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_testing:gomod_pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito:gomod-pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito:gomod_pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-testing:gomod-pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-testing:gomod_pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_testing:gomod-pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_testing:gomod_pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito:gomod-pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito:gomod_pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/gomod-pandemonium@v0.0.0#terminaltor", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/cachito-testing/gomod-pandemonium/terminaltor", + "sourceInfo": "acquired package info from SBOM: /gomod-pandemonium.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "v0.0.0" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-cachito-testing-gomod-pandemonium-weird-b513d6176869c4b0", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-testing:gomod-pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-testing:gomod_pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_testing:gomod-pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_testing:gomod_pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito:gomod-pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito:gomod_pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-testing:gomod-pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-testing:gomod_pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_testing:gomod-pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_testing:gomod_pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito:gomod-pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito:gomod_pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/gomod-pandemonium@v0.0.0#weird", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/cachito-testing/gomod-pandemonium/weird", + "sourceInfo": "acquired package info from SBOM: /gomod-pandemonium.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "v0.0.0" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-cachito-testing-retrodep-v2-1a2838ae474dcb2f", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-testing:retrodep\\/v2:v2.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_testing:retrodep\\/v2:v2.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito:retrodep\\/v2:v2.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-testing:retrodep\\/v2:v2.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_testing:retrodep\\/v2:v2.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito:retrodep\\/v2:v2.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/retrodep@v2.1.1#v2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/cachito-testing/retrodep/v2", + "sourceInfo": "acquired package info from SBOM: /gomod-pandemonium.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "v2.1.1" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-go-logr-logr-c2bdea48efc37856", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go-logr:logr:v1.2.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go_logr:logr:v1.2.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go:logr:v1.2.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go-logr:logr:v1.2.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go_logr:logr:v1.2.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go:logr:v1.2.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/go-logr/logr@v1.2.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/go-logr/logr", + "sourceInfo": "acquired package info from SBOM: /gomod-pandemonium.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "v1.2.3" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-go-task-slim-sprig-c25ef0705c14f227", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go-task:slim-sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go-task:slim_sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go_task:slim-sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go_task:slim_sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go:slim-sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go:slim_sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go-task:slim-sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go-task:slim_sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go_task:slim-sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go_task:slim_sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go:slim-sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go:slim_sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/go-task/slim-sprig@v0.0.0-20230315185526-52ccab3ef572", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/go-task/slim-sprig", + "sourceInfo": "acquired package info from SBOM: /gomod-pandemonium.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "v0.0.0-20230315185526-52ccab3ef572" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-google-go-cmp-93c257f0147a8717", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:google:go-cmp:v0.5.9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:google:go_cmp:v0.5.9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:google:go-cmp:v0.5.9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:google:go_cmp:v0.5.9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/google/go-cmp@v0.5.9", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/google/go-cmp", + "sourceInfo": "acquired package info from SBOM: /gomod-pandemonium.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "v0.5.9" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-google-pprof-ecd070ef9549a5bf", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:google:pprof:v0.0.0-20210407192527-94a9f03dee38:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:google:pprof:v0.0.0-20210407192527-94a9f03dee38:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/google/pprof@v0.0.0-20210407192527-94a9f03dee38", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/google/pprof", + "sourceInfo": "acquired package info from SBOM: /gomod-pandemonium.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "v0.0.0-20210407192527-94a9f03dee38" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-moby-term-50fec4b596f1b5a4", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:moby:term:v0.0.0-20221205130635-1aeaba878587:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:moby:term:v0.0.0-20221205130635-1aeaba878587:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/moby/term@v0.0.0-20221205130635-1aeaba878587", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/moby/term", + "sourceInfo": "acquired package info from SBOM: /gomod-pandemonium.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "v0.0.0-20221205130635-1aeaba878587" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-onsi-ginkgo-v2-f795d07fcda05a3a", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:onsi:ginkgo\\/v2:v2.9.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:onsi:ginkgo\\/v2:v2.9.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/onsi/ginkgo@v2.9.2#v2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/onsi/ginkgo/v2", + "sourceInfo": "acquired package info from SBOM: /gomod-pandemonium.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "v2.9.2" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-onsi-gomega-e29d37d2ba5864e9", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:onsi:gomega:v1.27.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:onsi:gomega:v1.27.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/onsi/gomega@v1.27.4", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/onsi/gomega", + "sourceInfo": "acquired package info from SBOM: /gomod-pandemonium.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "v1.27.4" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-op-go-logging-d73e1840fa60eec5", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:op:go-logging:v0.0.0-20160315200505-970db520ece7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:op:go_logging:v0.0.0-20160315200505-970db520ece7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:op:go-logging:v0.0.0-20160315200505-970db520ece7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:op:go_logging:v0.0.0-20160315200505-970db520ece7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/op/go-logging@v0.0.0-20160315200505-970db520ece7", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/op/go-logging", + "sourceInfo": "acquired package info from SBOM: /gomod-pandemonium.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "v0.0.0-20160315200505-970db520ece7" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-pkg-errors-ed9b103c21db80ea", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pkg:errors:v0.8.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pkg:errors:v0.8.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/pkg/errors@v0.8.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/pkg/errors", + "sourceInfo": "acquired package info from SBOM: /gomod-pandemonium.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "v0.8.1" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-release-engineering-retrodep-v2-feea6f8e1b27768e", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:release-engineering:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:release_engineering:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:release:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:release-engineering:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:release_engineering:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:release:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/release-engineering/retrodep@v2.1.0#v2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/release-engineering/retrodep/v2", + "sourceInfo": "acquired package info from SBOM: /gomod-pandemonium.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "v2.1.0" + }, + { + "SPDXID": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:glibc:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc:glibc:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:glibc:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc:glibc:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/glibc@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-cedbc2fa4301332b3d3569627696d986a63b3f3a293a2759a611c7c3deebd428", + "name": "glibc", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from SBOM: /ubi-micro.bom.json", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2.34-125.el9_5.1" + }, + { + "SPDXID": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-common:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-common:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_common:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_common:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-common:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-common:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_common:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_common:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/glibc-common@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-cedbc2fa4301332b3d3569627696d986a63b3f3a293a2759a611c7c3deebd428", + "name": "glibc-common", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from SBOM: /ubi-micro.bom.json", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2.34-125.el9_5.1" + }, + { + "SPDXID": "SPDXRef-Package-rpm-glibc-minimal-langpack-f647e36d1c1ff3ed", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/glibc-minimal-langpack@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-cedbc2fa4301332b3d3569627696d986a63b3f3a293a2759a611c7c3deebd428", + "name": "glibc-minimal-langpack", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from SBOM: /ubi-micro.bom.json", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2.34-125.el9_5.1" + }, + { + "SPDXID": "SPDXRef-Package-go-module-golang.org-x-mod-4c1cbf2e0cd50676", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:golang:x\\/mod:v0.9.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:golang:x\\/mod:v0.9.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/mod@v0.9.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "golang.org/x/mod", + "sourceInfo": "acquired package info from SBOM: /gomod-pandemonium.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "v0.9.0" + }, + { + "SPDXID": "SPDXRef-Package-go-module-golang.org-x-net-256d29980cc16d6b", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:golang:networking:v0.8.0:*:*:*:*:go:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:golang:networking:v0.8.0:*:*:*:*:go:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/net@v0.8.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "golang.org/x/net", + "sourceInfo": "acquired package info from SBOM: /gomod-pandemonium.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "v0.8.0" + }, + { + "SPDXID": "SPDXRef-Package-go-module-golang.org-x-sys-057b6417ab20d0bd", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:golang:x\\/sys:v0.6.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:golang:x\\/sys:v0.6.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/sys@v0.6.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "golang.org/x/sys", + "sourceInfo": "acquired package info from SBOM: /gomod-pandemonium.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "v0.6.0" + }, + { + "SPDXID": "SPDXRef-Package-go-module-golang.org-x-text-790158d1c3559ad9", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:golang:text:v0.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:golang:text:v0.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/text@v0.8.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "golang.org/x/text", + "sourceInfo": "acquired package info from SBOM: /gomod-pandemonium.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "v0.8.0" + }, + { + "SPDXID": "SPDXRef-Package-go-module-golang.org-x-tools-a9584feeb7bb8402", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:golang:x\\/tools:v0.7.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:golang:x\\/tools:v0.7.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/tools@v0.7.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "golang.org/x/tools", + "sourceInfo": "acquired package info from SBOM: /gomod-pandemonium.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "v0.7.0" + }, + { + "SPDXID": "SPDXRef-Package-go-module-gopkg.in-yaml.v2-8a21c71703471107", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/gopkg.in/yaml.v2@v2.2.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "gopkg.in/yaml.v2", + "sourceInfo": "acquired package info from SBOM: /gomod-pandemonium.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "v2.2.2" + }, + { + "SPDXID": "SPDXRef-Package-go-module-gopkg.in-yaml.v3-c260bc6047ae5541", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:yaml_project:yaml:v3.0.1:*:*:*:*:go:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:yaml_project:yaml:v3.0.1:*:*:*:*:go:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "gopkg.in/yaml.v3", + "sourceInfo": "acquired package info from SBOM: /gomod-pandemonium.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "v3.0.1" + }, + { + "SPDXID": "SPDXRef-Package-rpm-gpg-pubkey-435a6e9b3d6a9138", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg-pubkey:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg_pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg_pubkey:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg-pubkey:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg_pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg_pubkey:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/gpg-pubkey@5a6340b3-6229229e?distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-pubkey", + "name": "gpg-pubkey", + "sourceInfo": "acquired package info from SBOM: /ubi-micro.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "5a6340b3-6229229e" + }, + { + "SPDXID": "SPDXRef-Package-rpm-gpg-pubkey-d7813f956aa46728", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg-pubkey:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg_pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg_pubkey:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg-pubkey:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg_pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg_pubkey:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/gpg-pubkey@fd431d51-4ae0493b?distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-pubkey", + "name": "gpg-pubkey", + "sourceInfo": "acquired package info from SBOM: /ubi-micro.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "fd431d51-4ae0493b" + }, + { + "SPDXID": "SPDXRef-Package-npm-has-ff8218d04b334cc6", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:has:has:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:has:has:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/has@1.0.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "has", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.3" + }, + { + "SPDXID": "SPDXRef-Package-npm-has-symbols-c969acbcd417229f", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:has-symbols:has-symbols:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:has-symbols:has_symbols:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:has_symbols:has-symbols:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:has_symbols:has_symbols:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:has:has-symbols:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:has:has_symbols:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:has-symbols:has-symbols:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:has-symbols:has_symbols:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:has_symbols:has-symbols:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:has_symbols:has_symbols:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:has:has-symbols:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:has:has_symbols:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/has-symbols@1.0.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "has-symbols", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.3" + }, + { + "SPDXID": "SPDXRef-Package-npm-http-errors-0201e00ccf18b29b", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:http-errors:http-errors:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:http-errors:http_errors:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:http_errors:http-errors:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:http_errors:http_errors:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:http:http-errors:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:http:http_errors:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:http-errors:http-errors:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:http-errors:http_errors:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:http_errors:http-errors:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:http_errors:http_errors:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:http:http-errors:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:http:http_errors:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/http-errors@2.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "http-errors", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "2.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-iconv-lite-953118c68dfc7c58", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:iconv-lite:iconv-lite:0.4.24:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:iconv-lite:iconv_lite:0.4.24:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:iconv_lite:iconv-lite:0.4.24:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:iconv_lite:iconv_lite:0.4.24:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:iconv:iconv-lite:0.4.24:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:iconv:iconv_lite:0.4.24:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:iconv-lite:iconv-lite:0.4.24:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:iconv-lite:iconv_lite:0.4.24:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:iconv_lite:iconv-lite:0.4.24:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:iconv_lite:iconv_lite:0.4.24:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:iconv:iconv-lite:0.4.24:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:iconv:iconv_lite:0.4.24:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/iconv-lite@0.4.24", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "iconv-lite", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "0.4.24" + }, + { + "SPDXID": "SPDXRef-Package-python-idna-bcf6372381760aaf", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-idna:python-idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-idna:python_idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_idna:python-idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_idna:python_idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python-idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python_idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:idna:python-idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:idna:python_idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-idna:idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_idna:idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:idna:idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-idna:python-idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-idna:python_idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_idna:python-idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_idna:python_idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python-idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python_idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:idna:python-idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:idna:python_idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-idna:idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_idna:idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:idna:idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/idna@3.4", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "idna", + "sourceInfo": "acquired package info from SBOM: /pip-e2e-test.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "3.4" + }, + { + "SPDXID": "SPDXRef-Package-npm-inherits-3db1d8369b9e03f5", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:inherits:inherits:2.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:inherits:inherits:2.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/inherits@2.0.4", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "inherits", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "2.0.4" + }, + { + "SPDXID": "SPDXRef-Package-npm-ipaddr.js-92d3c56463c6450c", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ipaddr.js:ipaddr.js:1.9.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ipaddr.js:ipaddr.js:1.9.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/ipaddr.js@1.9.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "ipaddr.js", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.9.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-is-positive-baf149b41f1c97d2", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:is-positive:is-positive:3.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:is-positive:is_positive:3.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:is_positive:is-positive:3.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:is_positive:is_positive:3.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:is:is-positive:3.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:is:is_positive:3.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:is-positive:is-positive:3.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:is-positive:is_positive:3.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:is_positive:is-positive:3.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:is_positive:is_positive:3.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:is:is-positive:3.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:is:is_positive:3.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/is-positive@3.1.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "is-positive", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "3.1.0" + }, + { + "SPDXID": "SPDXRef-Package-rpm-libacl-d5ee4e13e90d4e54", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libacl:libacl:2.3.1-4.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libacl:2.3.1-4.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libacl:libacl:2.3.1-4.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libacl:2.3.1-4.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/libacl@2.3.1-4.el9?arch=x86_64&upstream=acl-2.3.1-4.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "name": "libacl", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from SBOM: /ubi-micro.bom.json", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2.3.1-4.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-libattr-0bd98744b2ae9cb0", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libattr:libattr:2.5.1-3.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libattr:2.5.1-3.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libattr:libattr:2.5.1-3.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libattr:2.5.1-3.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/libattr@2.5.1-3.el9?arch=x86_64&upstream=attr-2.5.1-3.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "name": "libattr", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from SBOM: /ubi-micro.bom.json", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2.5.1-3.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-libcap-a855d73e45bf400d", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libcap:libcap:2.48-9.el9_2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libcap:2.48-9.el9_2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libcap:libcap:2.48-9.el9_2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libcap:2.48-9.el9_2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/libcap@2.48-9.el9_2?arch=x86_64&upstream=libcap-2.48-9.el9_2.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-BSD-or-GPLv2", + "name": "libcap", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from SBOM: /ubi-micro.bom.json", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2.48-9.el9_2" + }, + { + "SPDXID": "SPDXRef-Package-rpm-libgcc-7f0fb014edf241b2", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libgcc:libgcc:11.5.0-2.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libgcc:11.5.0-2.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libgcc:libgcc:11.5.0-2.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libgcc:11.5.0-2.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/libgcc@11.5.0-2.el9?arch=x86_64&upstream=gcc-11.5.0-2.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-0a20635703258c08665cede2a4166b90795ad1cb30dd85cfde1598463d68ebf5", + "name": "libgcc", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from SBOM: /ubi-micro.bom.json", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "11.5.0-2.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-libselinux-42e128b451e8a7f2", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libselinux:libselinux:3.6-1.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libselinux:3.6-1.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libselinux:libselinux:3.6-1.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libselinux:3.6-1.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/libselinux@3.6-1.el9?arch=x86_64&upstream=libselinux-3.6-1.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Public-Domain", + "name": "libselinux", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from SBOM: /ubi-micro.bom.json", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "3.6-1.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-libsepol-0a3c35afbfe1f07a", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libsepol:libsepol:3.6-1.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libsepol:3.6-1.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libsepol:libsepol:3.6-1.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libsepol:3.6-1.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/libsepol@3.6-1.el9?arch=x86_64&upstream=libsepol-3.6-1.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "name": "libsepol", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from SBOM: /ubi-micro.bom.json", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "3.6-1.el9" + }, + { + "SPDXID": "SPDXRef-Package-npm-media-typer-b74086a3d478e830", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:media-typer:media-typer:0.3.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:media-typer:media_typer:0.3.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:media_typer:media-typer:0.3.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:media_typer:media_typer:0.3.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:media:media-typer:0.3.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:media:media_typer:0.3.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:media-typer:media-typer:0.3.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:media-typer:media_typer:0.3.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:media_typer:media-typer:0.3.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:media_typer:media_typer:0.3.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:media:media-typer:0.3.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:media:media_typer:0.3.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/media-typer@0.3.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "media-typer", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "0.3.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-merge-descriptors-f03fb0654ef59b58", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:merge-descriptors:merge-descriptors:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:merge-descriptors:merge_descriptors:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:merge_descriptors:merge-descriptors:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:merge_descriptors:merge_descriptors:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:merge:merge-descriptors:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:merge:merge_descriptors:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:merge-descriptors:merge-descriptors:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:merge-descriptors:merge_descriptors:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:merge_descriptors:merge-descriptors:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:merge_descriptors:merge_descriptors:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:merge:merge-descriptors:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:merge:merge_descriptors:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/merge-descriptors@1.0.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "merge-descriptors", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-methods-58ba89a4743603d1", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:methods:methods:1.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:methods:methods:1.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/methods@1.1.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "methods", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.1.2" + }, + { + "SPDXID": "SPDXRef-Package-npm-mime-735a8b4424a29ddd", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime_project:mime:1.6.0:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime_project:mime:1.6.0:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/mime@1.6.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "mime", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.6.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-mime-db-e5a2bcdda2ada6ef", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime-db:mime-db:1.52.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime-db:mime_db:1.52.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime_db:mime-db:1.52.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime_db:mime_db:1.52.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime:mime-db:1.52.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime:mime_db:1.52.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime-db:mime-db:1.52.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime-db:mime_db:1.52.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime_db:mime-db:1.52.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime_db:mime_db:1.52.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime:mime-db:1.52.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime:mime_db:1.52.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/mime-db@1.52.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "mime-db", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.52.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-mime-types-3d83e7d7cdab343b", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime-types:mime-types:2.1.35:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime-types:mime_types:2.1.35:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime_types:mime-types:2.1.35:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime_types:mime_types:2.1.35:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime:mime-types:2.1.35:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime:mime_types:2.1.35:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime-types:mime-types:2.1.35:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime-types:mime_types:2.1.35:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime_types:mime-types:2.1.35:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime_types:mime_types:2.1.35:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime:mime-types:2.1.35:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime:mime_types:2.1.35:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/mime-types@2.1.35", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "mime-types", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "2.1.35" + }, + { + "SPDXID": "SPDXRef-Package-npm-ms-53ba9ea2a4da7025", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:vercel:ms:2.0.0:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:vercel:ms:2.0.0:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/ms@2.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "ms", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "2.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-ms-1098d0aa0a75e840", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:vercel:ms:2.1.3:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:vercel:ms:2.1.3:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/ms@2.1.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "ms", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "2.1.3" + }, + { + "SPDXID": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/ncurses-base@6.2-10.20210508.el9?arch=noarch&upstream=ncurses-6.2-10.20210508.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "name": "ncurses-base", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from SBOM: /ubi-micro.bom.json", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "6.2-10.20210508.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-ncurses-libs-199db5642246dabb", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&upstream=ncurses-6.2-10.20210508.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "name": "ncurses-libs", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from SBOM: /ubi-micro.bom.json", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "6.2-10.20210508.el9" + }, + { + "SPDXID": "SPDXRef-Package-npm-negotiator-b532621e5d3e3143", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:negotiator:negotiator:0.6.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:negotiator:negotiator:0.6.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/negotiator@0.6.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "negotiator", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "0.6.3" + }, + { + "SPDXID": "SPDXRef-Package-npm-not-baz-96d13d9e06d83d34", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not-baz:not-baz:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not-baz:not_baz:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not_baz:not-baz:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not_baz:not_baz:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not:not-baz:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not:not_baz:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not-baz:not-baz:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not-baz:not_baz:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not_baz:not-baz:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not_baz:not_baz:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not:not-baz:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not:not_baz:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/not-baz", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "not-baz", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-npm-not-baz-5bf0970cf22e1061", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not-baz:not-baz:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not-baz:not_baz:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not_baz:not-baz:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not_baz:not_baz:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not:not-baz:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not:not_baz:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not-baz:not-baz:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not-baz:not_baz:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not_baz:not-baz:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not_baz:not_baz:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not:not-baz:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not:not_baz:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/not-baz@1.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "ISC", + "name": "not-baz", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-npm-test-b1704174e0c32776", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:npm-test:npm-test:1.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:npm-test:npm_test:1.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:npm_test:npm-test:1.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:npm_test:npm_test:1.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:npm:npm-test:1.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:npm:npm_test:1.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:npm-test:npm-test:1.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:npm-test:npm_test:1.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:npm_test:npm-test:1.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:npm_test:npm_test:1.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:npm:npm-test:1.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:npm:npm_test:1.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/npm_test@1.1.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "ISC", + "name": "npm_test", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.1.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-object-inspect-66f18435fd24c73e", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:object-inspect:object-inspect:1.12.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:object-inspect:object_inspect:1.12.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:object_inspect:object-inspect:1.12.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:object_inspect:object_inspect:1.12.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:object:object-inspect:1.12.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:object:object_inspect:1.12.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:object-inspect:object-inspect:1.12.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:object-inspect:object_inspect:1.12.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:object_inspect:object-inspect:1.12.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:object_inspect:object_inspect:1.12.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:object:object-inspect:1.12.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:object:object_inspect:1.12.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/object-inspect@1.12.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "object-inspect", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.12.3" + }, + { + "SPDXID": "SPDXRef-Package-npm-on-finished-5856d1658d5cf57d", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:on-finished:on-finished:2.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:on-finished:on_finished:2.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:on_finished:on-finished:2.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:on_finished:on_finished:2.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:on:on-finished:2.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:on:on_finished:2.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:on-finished:on-finished:2.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:on-finished:on_finished:2.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:on_finished:on-finished:2.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:on_finished:on_finished:2.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:on:on-finished:2.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:on:on_finished:2.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/on-finished@2.4.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "on-finished", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "2.4.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-parseurl-96845723b477f90d", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:parseurl:parseurl:1.3.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:parseurl:parseurl:1.3.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/parseurl@1.3.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "parseurl", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.3.3" + }, + { + "SPDXID": "SPDXRef-Package-npm-path-to-regexp-b78118279957fc5d", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path-to-regexp:path-to-regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path-to-regexp:path_to_regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path_to_regexp:path-to-regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path_to_regexp:path_to_regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path-to:path-to-regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path-to:path_to_regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path_to:path-to-regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path_to:path_to_regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path:path-to-regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path:path_to_regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path-to-regexp:path-to-regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path-to-regexp:path_to_regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path_to_regexp:path-to-regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path_to_regexp:path_to_regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path-to:path-to-regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path-to:path_to_regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path_to:path-to-regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path_to:path_to_regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path:path-to-regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path:path_to_regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/path-to-regexp@0.1.7", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "path-to-regexp", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "0.1.7" + }, + { + "SPDXID": "SPDXRef-Package-rpm-pcre2-7307f102d1407a34", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/pcre2@10.40-6.el9?arch=x86_64&upstream=pcre2-10.40-6.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-BSD", + "name": "pcre2", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from SBOM: /ubi-micro.bom.json", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "10.40-6.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-pcre2-syntax-27e4f551dc1a98e9", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/pcre2-syntax@10.40-6.el9?arch=noarch&upstream=pcre2-10.40-6.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-BSD", + "name": "pcre2-syntax", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from SBOM: /ubi-micro.bom.json", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "10.40-6.el9" + }, + { + "SPDXID": "SPDXRef-Package-npm-proxy-addr-a4aff90a3c80b6b4", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proxy-addr:proxy-addr:2.0.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proxy-addr:proxy_addr:2.0.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proxy_addr:proxy-addr:2.0.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proxy_addr:proxy_addr:2.0.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proxy:proxy-addr:2.0.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proxy:proxy_addr:2.0.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proxy-addr:proxy-addr:2.0.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proxy-addr:proxy_addr:2.0.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proxy_addr:proxy-addr:2.0.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proxy_addr:proxy_addr:2.0.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proxy:proxy-addr:2.0.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proxy:proxy_addr:2.0.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/proxy-addr@2.0.7", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "proxy-addr", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "2.0.7" + }, + { + "SPDXID": "SPDXRef-Package-npm-qs-7b24038737f71e82", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:qs_project:qs:6.11.0:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:qs_project:qs:6.11.0:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/qs@6.11.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "qs", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "6.11.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-range-parser-ba1915578bf2b327", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:range-parser:range-parser:1.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:range-parser:range_parser:1.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:range_parser:range-parser:1.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:range_parser:range_parser:1.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:range:range-parser:1.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:range:range_parser:1.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:range-parser:range-parser:1.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:range-parser:range_parser:1.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:range_parser:range-parser:1.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:range_parser:range_parser:1.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:range:range-parser:1.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:range:range_parser:1.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/range-parser@1.2.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "range-parser", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.2.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-raw-body-1b79e27f8dbc1b0f", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:raw-body:raw-body:2.5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:raw-body:raw_body:2.5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:raw_body:raw-body:2.5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:raw_body:raw_body:2.5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:raw:raw-body:2.5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:raw:raw_body:2.5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:raw-body:raw-body:2.5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:raw-body:raw_body:2.5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:raw_body:raw-body:2.5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:raw_body:raw_body:2.5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:raw:raw-body:2.5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:raw:raw_body:2.5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/raw-body@2.5.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "raw-body", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "2.5.1" + }, + { + "SPDXID": "SPDXRef-Package-rpm-redhat-release-3a2f9b899623fcef", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat-release:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat-release:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat_release:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat_release:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat-release:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat-release:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat_release:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat_release:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/redhat-release@9.5-0.6.el9?arch=x86_64&upstream=redhat-release-9.5-0.6.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv2", + "name": "redhat-release", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from SBOM: /ubi-micro.bom.json", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "9.5-0.6.el9" + }, + { + "SPDXID": "SPDXRef-Package-python-requests-5b96d4bf85903dbc", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:requests:2.28.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:requests:2.28.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/requests@2.28.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "requests", + "sourceInfo": "acquired package info from SBOM: /pip-e2e-test.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "2.28.2" + }, + { + "SPDXID": "SPDXRef-Package-npm-safe-buffer-a35b9ee95a4c4a47", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safe-buffer:safe-buffer:5.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safe-buffer:safe_buffer:5.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safe_buffer:safe-buffer:5.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safe_buffer:safe_buffer:5.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safe:safe-buffer:5.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safe:safe_buffer:5.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safe-buffer:safe-buffer:5.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safe-buffer:safe_buffer:5.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safe_buffer:safe-buffer:5.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safe_buffer:safe_buffer:5.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safe:safe-buffer:5.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safe:safe_buffer:5.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/safe-buffer@5.2.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "safe-buffer", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "5.2.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-safer-buffer-74143338506776a9", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safer-buffer:safer-buffer:2.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safer-buffer:safer_buffer:2.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safer_buffer:safer-buffer:2.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safer_buffer:safer_buffer:2.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safer:safer-buffer:2.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safer:safer_buffer:2.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safer-buffer:safer-buffer:2.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safer-buffer:safer_buffer:2.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safer_buffer:safer-buffer:2.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safer_buffer:safer_buffer:2.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safer:safer-buffer:2.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safer:safer_buffer:2.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/safer-buffer@2.1.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "safer-buffer", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "2.1.2" + }, + { + "SPDXID": "SPDXRef-Package-npm-sax-c18d20041695a129", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:sax:sax:0.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:sax:sax:0.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/sax@0.1.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "sax", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "0.1.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-send-8d443fecc18de69f", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:send_project:send:0.18.0:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:send_project:send:0.18.0:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/send@0.18.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "send", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "0.18.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-serve-static-4032ddabe466a722", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:serve-static:serve-static:1.15.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:serve-static:serve_static:1.15.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:serve_static:serve-static:1.15.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:serve_static:serve_static:1.15.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:serve:serve-static:1.15.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:serve:serve_static:1.15.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:serve-static:serve-static:1.15.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:serve-static:serve_static:1.15.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:serve_static:serve-static:1.15.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:serve_static:serve_static:1.15.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:serve:serve-static:1.15.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:serve:serve_static:1.15.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/serve-static@1.15.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "serve-static", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.15.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-setprototypeof-7bb18c8771be16cb", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:setprototypeof:setprototypeof:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:setprototypeof:setprototypeof:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/setprototypeof@1.2.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "setprototypeof", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.2.0" + }, + { + "SPDXID": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:setup:2.13.7-10.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:setup:setup:2.13.7-10.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:setup:2.13.7-10.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:setup:setup:2.13.7-10.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/setup@2.13.7-10.el9?arch=noarch&upstream=setup-2.13.7-10.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Public-Domain", + "name": "setup", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from SBOM: /ubi-micro.bom.json", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2.13.7-10.el9" + }, + { + "SPDXID": "SPDXRef-Package-python-setuptools-b8feebd65f08122d", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:setuptools:67.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:setuptools:67.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/setuptools@67.1.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "setuptools", + "sourceInfo": "acquired package info from SBOM: /pip-e2e-test.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "67.1.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-side-channel-d11e131a09f4882e", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:side-channel:side-channel:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:side-channel:side_channel:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:side_channel:side-channel:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:side_channel:side_channel:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:side:side-channel:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:side:side_channel:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:side-channel:side-channel:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:side-channel:side_channel:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:side_channel:side-channel:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:side_channel:side_channel:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:side:side-channel:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:side:side_channel:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/side-channel@1.0.4", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "side-channel", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.4" + }, + { + "SPDXID": "SPDXRef-Package-npm-spam-bdf6a887ecdfc7d0", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spam:spam:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spam:spam:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/spam", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "spam", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-npm-spam-packages-spam-9bd159a38c7ff9f8", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spam-packages\\/spam:spam-packages\\/spam:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spam-packages\\/spam:spam_packages\\/spam:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spam_packages\\/spam:spam-packages\\/spam:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spam_packages\\/spam:spam_packages\\/spam:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spam:spam-packages\\/spam:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spam:spam_packages\\/spam:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spam-packages\\/spam:spam-packages\\/spam:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spam-packages\\/spam:spam_packages\\/spam:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spam_packages\\/spam:spam-packages\\/spam:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spam_packages\\/spam:spam_packages\\/spam:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spam:spam-packages\\/spam:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spam:spam_packages\\/spam:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/spam-packages/spam@1.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "ISC", + "name": "spam-packages/spam", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-statuses-ebbcd1ef014fcc61", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:statuses:statuses:2.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:statuses:statuses:2.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/statuses@2.0.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "statuses", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "2.0.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-toidentifier-8b376d5729e6bbdc", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:toidentifier:toidentifier:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:toidentifier:toidentifier:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/toidentifier@1.0.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "toidentifier", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-type-is-cd1cc2ecb63740f5", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:type-is:type-is:1.6.18:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:type-is:type_is:1.6.18:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:type_is:type-is:1.6.18:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:type_is:type_is:1.6.18:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:type:type-is:1.6.18:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:type:type_is:1.6.18:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:type-is:type-is:1.6.18:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:type-is:type_is:1.6.18:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:type_is:type-is:1.6.18:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:type_is:type_is:1.6.18:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:type:type-is:1.6.18:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:type:type_is:1.6.18:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/type-is@1.6.18", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "type-is", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.6.18" + }, + { + "SPDXID": "SPDXRef-Package-rpm-tzdata-f021feb4247538f9", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:tzdata:2024b-2.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:tzdata:tzdata:2024b-2.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:tzdata:2024b-2.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:tzdata:tzdata:2024b-2.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/tzdata@2024b-2.el9?arch=noarch&upstream=tzdata-2024b-2.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Public-Domain", + "name": "tzdata", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from SBOM: /ubi-micro.bom.json", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2024b-2.el9" + }, + { + "SPDXID": "SPDXRef-Package-npm-unpipe-0fbdbdbec11b3a71", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:unpipe:unpipe:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:unpipe:unpipe:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/unpipe@1.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "unpipe", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-python-urllib3-cde789a71facd36d", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:urllib3:1.26.14:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:urllib3:1.26.14:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/urllib3@1.26.14", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "urllib3", + "sourceInfo": "acquired package info from SBOM: /pip-e2e-test.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.26.14" + }, + { + "SPDXID": "SPDXRef-Package-npm-utils-merge-443403d64f0dada6", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:utils-merge:utils-merge:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:utils-merge:utils_merge:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:utils_merge:utils-merge:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:utils_merge:utils_merge:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:utils:utils-merge:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:utils:utils_merge:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:utils-merge:utils-merge:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:utils-merge:utils_merge:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:utils_merge:utils-merge:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:utils_merge:utils_merge:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:utils:utils-merge:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:utils:utils_merge:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/utils-merge@1.0.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "utils-merge", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-uuid-0465525001e1e6ab", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:uuid:uuid:9.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:uuid:uuid:9.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/uuid@9.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "uuid", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "9.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-vary-1fcda930f44d7a88", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:vary:vary:1.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:vary:vary:1.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/vary@1.1.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "vary", + "sourceInfo": "acquired package info from SBOM: /npm-cachi2-smoketest.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "1.1.2" + }, + { + "SPDXID": "SPDXRef-Package-python-wheel-206cb57d1f94b605", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-wheel:python-wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-wheel:python_wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_wheel:python-wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_wheel:python_wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python-wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python_wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-wheel:wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_wheel:wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:wheel:python-wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:wheel:python_wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:wheel:wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-wheel:python-wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-wheel:python_wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_wheel:python-wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_wheel:python_wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python-wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python_wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-wheel:wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_wheel:wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:wheel:python-wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:wheel:python_wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:wheel:wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/wheel@0.38.4", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "wheel", + "sourceInfo": "acquired package info from SBOM: /pip-e2e-test.bom.json", + "supplier": "NOASSERTION", + "versionInfo": "0.38.4" + }, + { + "SPDXID": "SPDXRef-DocumentRoot-Directory-.-syft-sboms", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "./syft-sboms", + "primaryPackagePurpose": "FILE", + "supplier": "NOASSERTION" + } + ], + "relationships": [ + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-function-bind-00191865e9951ee0" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-function-bind-00191865e9951ee0" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-http-errors-0201e00ccf18b29b" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-http-errors-0201e00ccf18b29b" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-uuid-0465525001e1e6ab" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-uuid-0465525001e1e6ab" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-2432707e94a3fa2f", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-golang.org-x-sys-057b6417ab20d0bd" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-golang.org-x-sys-057b6417ab20d0bd" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-gomod-pandemonium.bom.json-f18ea85332ea2584", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-golang.org-x-sys-057b6417ab20d0bd" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm--types-react-dom-066f90bcde616825" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm--types-react-dom-066f90bcde616825" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-libsepol-0a3c35afbfe1f07a" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-ubi-micro.bom.json-803beb9a045954db", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-libsepol-0a3c35afbfe1f07a" + }, + { + "relatedSpdxElement": "SPDXRef-bb20e788149dc450", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libsepol-0a3c35afbfe1f07a" + }, + { + "relatedSpdxElement": "SPDXRef-ee5fd43ebf029ce7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libsepol-0a3c35afbfe1f07a" + }, + { + "relatedSpdxElement": "SPDXRef-321c1be60f60c92e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libattr-0bd98744b2ae9cb0" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-libattr-0bd98744b2ae9cb0" + }, + { + "relatedSpdxElement": "SPDXRef-678ec8bdcba04443", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libattr-0bd98744b2ae9cb0" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-ubi-micro.bom.json-803beb9a045954db", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-libattr-0bd98744b2ae9cb0" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-unpipe-0fbdbdbec11b3a71" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-unpipe-0fbdbdbec11b3a71" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-ms-1098d0aa0a75e840" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-ms-1098d0aa0a75e840" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-destroy-10a5c85ca836d9e8" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-destroy-10a5c85ca836d9e8" + }, + { + "relatedSpdxElement": "SPDXRef-294ae7b1d8792003", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-12ea3c2e4228ff95" + }, + { + "relatedSpdxElement": "SPDXRef-3038e7cdd4f2457a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-12ea3c2e4228ff95" + }, + { + "relatedSpdxElement": "SPDXRef-329bfd35243b3d50", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-12ea3c2e4228ff95" + }, + { + "relatedSpdxElement": "SPDXRef-364360e48d41c33c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-12ea3c2e4228ff95" + }, + { + "relatedSpdxElement": "SPDXRef-3c7a78190734ac2c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-12ea3c2e4228ff95" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-bash-12ea3c2e4228ff95" + }, + { + "relatedSpdxElement": "SPDXRef-4504ca799ea14d27", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-12ea3c2e4228ff95" + }, + { + "relatedSpdxElement": "SPDXRef-4d09709e1a0767cb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-12ea3c2e4228ff95" + }, + { + "relatedSpdxElement": "SPDXRef-4edf0ef1bd6d64db", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-12ea3c2e4228ff95" + }, + { + "relatedSpdxElement": "SPDXRef-599c25df6f626da6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-12ea3c2e4228ff95" + }, + { + "relatedSpdxElement": "SPDXRef-5be5c30ab6dbd6da", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-12ea3c2e4228ff95" + }, + { + "relatedSpdxElement": "SPDXRef-6fa9a77610a6424a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-12ea3c2e4228ff95" + }, + { + "relatedSpdxElement": "SPDXRef-72ef05d9ecfdd9a0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-12ea3c2e4228ff95" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-ubi-micro.bom.json-803beb9a045954db", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-bash-12ea3c2e4228ff95" + }, + { + "relatedSpdxElement": "SPDXRef-8c939e28ed090288", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-12ea3c2e4228ff95" + }, + { + "relatedSpdxElement": "SPDXRef-a2d1ef99a51082c3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-12ea3c2e4228ff95" + }, + { + "relatedSpdxElement": "SPDXRef-b4c286f3073457a6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-12ea3c2e4228ff95" + }, + { + "relatedSpdxElement": "SPDXRef-b648a54d502454df", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-12ea3c2e4228ff95" + }, + { + "relatedSpdxElement": "SPDXRef-b9b95b25728ed5e9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-12ea3c2e4228ff95" + }, + { + "relatedSpdxElement": "SPDXRef-c327e2c36384571a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-12ea3c2e4228ff95" + }, + { + "relatedSpdxElement": "SPDXRef-dff600935f2b756b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-12ea3c2e4228ff95" + }, + { + "relatedSpdxElement": "SPDXRef-e06d6334b1748390", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-12ea3c2e4228ff95" + }, + { + "relatedSpdxElement": "SPDXRef-f55de14a8e2e192a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-bash-12ea3c2e4228ff95" + }, + { + "relatedSpdxElement": "SPDXRef-0009c72c74d05586", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-0106185c64870554", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-0678602f53228644", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-07bcb10c818e4099", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-08a29baae61ad386", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-0a19615ebeac30dd", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-0d0cde67621a792a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-0ecfb769c36a9ec1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-0f284e167468b1b5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-1100569b6917a099", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-12c0b6fb77e4d61f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-15c9d16bdfd03518", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-18a0fc5b405f66bb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-18f17340b1c317ef", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-195317f28204379e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-1a9c2d726b8c126a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-1bc6d1cd3d250368", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-1f3435f3afd2d276", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-270fa8938267a450", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-283a1592f1cf50d9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-283fc8e3ee96f437", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-28de5a6ea420646d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-296a343547d250e1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-298a85211ecc4b47", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-29af54678e28b363", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-29c4a2250a8e7099", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-2a01d7b4b0f99e19", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-2d73eb9d846ad6f0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-2d7a5e2a2d695d67", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-342d83efb8e26d1e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-3842918a44b4288f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-3ae28dbcb7ee1064", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-3bcefe63df7a3182", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-3d7a749c4462a840", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-3d7b8d77141a8b76", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-3dab877bb9ef7a2a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-3ee77dcd6e5793b4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-407a9525a048dd46", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-41e5b47d8b2451c4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-42a0754261a00928", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-46232dce5f9f1053", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-4828a9729b5671d3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-4961017c8f1c3c13", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-4a13da257a00aa55", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-4d13b99d826352fc", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-4eb50a12d84f1db6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-52bba60615f7afba", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-55f1e4c9bb973e56", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-5648281511bb9e68", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-56dd811b0724a42c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-5e9225de46c88a70", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-5ee1dc078962f011", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-613315bfb56706c7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-630c16df57ed6910", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-636521a3817f44ae", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-637abb0fcfdeb47a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-64a4feaa0dd6b2d9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-67512a50a60b801f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-6875874fb847f8d8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-6b8a64f480281c19", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-6da800c48d696606", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-71536d5336b7441f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-7312425bb3c6aa61", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-75b970a9f7aeb473", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-7d51880bebab97e4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-ubi-micro.bom.json-803beb9a045954db", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-81a02986ba0be4ba", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-838e0fbc1da4f0ae", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-83d05e339c3d35f9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-842e35a333e89a86", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-84e831dcbb99da2f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-86cc058f9fd927b4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-8bd24a65f67afdd2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-8c5a575a66f8e977", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-8f87c54e33717d8e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-9058bd38928afffa", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-93514644a56eff98", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-9474f46cff0f1e05", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-950e795f9db4720a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-96d77f7fbc16de85", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-97ffea4cf903477d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-9a939e415f4bbacb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-9b8eb38925f3173c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-9ecdc44788dff863", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-a07f6a51890c5947", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-a0a10386a4688beb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-a3e0b9a9ee8f28ca", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-a4af0056caa2c57c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-a4e3694097594470", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-a777ddccda6725e2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-a8c318686ccec873", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-acb513744458d668", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-adc28c372b7413e1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-adca528768a3c9c7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-aea610c4eeed8898", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-b320bfa47a547129", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-b4677666e3daf1fb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-b59e8770a30c3b95", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-b6f08df66be89c38", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-b8b845c276eb7585", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-bd44fc19971990ca", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-c76a165128a5bcba", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-ca676836f6b499ba", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-cf85ccca42a5a2b1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-d407bb093bbe0ea0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-d5bc983827edd4ef", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-d656b949092607b3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-d683aaba04e2d552", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-d9a45ec85a8d7ccc", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-da0cc1fde7929d04", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-da12a4c7de2785b2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-db81a31d38f0a099", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-dde4f69058210fbc", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-ded3c2465a3cbd7c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-dfc5343fb815d321", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-e2f108b047fcd221", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-e4e378830ff40ff8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-e75a0fa363a8edb3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-e8bd700df4d65667", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-e9fdefdaf193a991", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-f03c0e34e677dc6d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-f1da499593439bc8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-f2b20d58cbfc1460", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-f38e85a7902c8624", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-f69988dd21e32a91", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-f74c708d99ffd54e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-f9c3e66fc5b9895f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-fb2d249b3d94b9c2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-fdc254e3736fd19a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "relatedSpdxElement": "SPDXRef-ff4d73fa46b23733", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-filesystem-161b9671f12c19da" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-ubi-micro.bom.json-803beb9a045954db", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-filesystem-161b9671f12c19da" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-.-terminaltor-1671ab40c14d0b34" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-gomod-pandemonium.bom.json-f18ea85332ea2584", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-.-terminaltor-1671ab40c14d0b34" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-Masterminds-semver-173062b40aeacc93" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-gomod-pandemonium.bom.json-f18ea85332ea2584", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-Masterminds-semver-173062b40aeacc93" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-2432707e94a3fa2f", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-Azure-go-ansiterm-1829ebb636ec78cd" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-Azure-go-ansiterm-1829ebb636ec78cd" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-gomod-pandemonium.bom.json-f18ea85332ea2584", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-Azure-go-ansiterm-1829ebb636ec78cd" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-array-flatten-196de035e586b40b" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-array-flatten-196de035e586b40b" + }, + { + "relatedSpdxElement": "SPDXRef-003fde36be0f67f6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-199db5642246dabb" + }, + { + "relatedSpdxElement": "SPDXRef-312210cb4564eb6c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-199db5642246dabb" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-199db5642246dabb" + }, + { + "relatedSpdxElement": "SPDXRef-62c1cbb37e1e73e9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-199db5642246dabb" + }, + { + "relatedSpdxElement": "SPDXRef-71d861773b4886bc", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-199db5642246dabb" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-ubi-micro.bom.json-803beb9a045954db", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-199db5642246dabb" + }, + { + "relatedSpdxElement": "SPDXRef-8f6edbb4d1d74d74", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-199db5642246dabb" + }, + { + "relatedSpdxElement": "SPDXRef-920a41048208b675", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-199db5642246dabb" + }, + { + "relatedSpdxElement": "SPDXRef-93154dad42e34e27", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-199db5642246dabb" + }, + { + "relatedSpdxElement": "SPDXRef-a166f911cefadc27", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-199db5642246dabb" + }, + { + "relatedSpdxElement": "SPDXRef-c794ef08bd638d4a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-199db5642246dabb" + }, + { + "relatedSpdxElement": "SPDXRef-d99aa3abce462877", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-199db5642246dabb" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-cachito-testing-retrodep-v2-1a2838ae474dcb2f" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-gomod-pandemonium.bom.json-f18ea85332ea2584", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-cachito-testing-retrodep-v2-1a2838ae474dcb2f" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-raw-body-1b79e27f8dbc1b0f" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-raw-body-1b79e27f8dbc1b0f" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-colors-1d1826d50905148c" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-colors-1d1826d50905148c" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-foo-1d813e18e8c26050" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-foo-1d813e18e8c26050" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-vary-1fcda930f44d7a88" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-vary-1fcda930f44d7a88" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-458596483a88d4e1", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-python-wheel-206cb57d1f94b605" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-pip-e2e-test.bom.json-b794676892416cab", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-python-wheel-206cb57d1f94b605" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-csstype-24b1a879e4d9eeb3" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-csstype-24b1a879e4d9eeb3" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-golang.org-x-net-256d29980cc16d6b" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-gomod-pandemonium.bom.json-f18ea85332ea2584", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-golang.org-x-net-256d29980cc16d6b" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-pcre2-syntax-27e4f551dc1a98e9" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-ubi-micro.bom.json-803beb9a045954db", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-pcre2-syntax-27e4f551dc1a98e9" + }, + { + "relatedSpdxElement": "SPDXRef-a8464dcec87bbee9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-pcre2-syntax-27e4f551dc1a98e9" + }, + { + "relatedSpdxElement": "SPDXRef-fb79b00ae0e44273", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-pcre2-syntax-27e4f551dc1a98e9" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-basesystem-2c317c7cf8a94c7e" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-ubi-micro.bom.json-803beb9a045954db", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-basesystem-2c317c7cf8a94c7e" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-get-intrinsic-2dd848007eb3935c" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-get-intrinsic-2dd848007eb3935c" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-bitbucket-cachi2-npm-without-deps-second-2f6775ac03ab8e1e" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-bitbucket-cachi2-npm-without-deps-second-2f6775ac03ab8e1e" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-dateformat-3a1dc749542163dd" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-dateformat-3a1dc749542163dd" + }, + { + "relatedSpdxElement": "SPDXRef-121d57fa77de27a3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-3a2f9b899623fcef" + }, + { + "relatedSpdxElement": "SPDXRef-1304fc07a399262d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-3a2f9b899623fcef" + }, + { + "relatedSpdxElement": "SPDXRef-14a9a50d5b249756", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-3a2f9b899623fcef" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-3a2f9b899623fcef" + }, + { + "relatedSpdxElement": "SPDXRef-4bfb5d89816ea952", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-3a2f9b899623fcef" + }, + { + "relatedSpdxElement": "SPDXRef-4c8aa3bc542b4878", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-3a2f9b899623fcef" + }, + { + "relatedSpdxElement": "SPDXRef-60ae387f12bbdcfb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-3a2f9b899623fcef" + }, + { + "relatedSpdxElement": "SPDXRef-6d3677e4db85f55f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-3a2f9b899623fcef" + }, + { + "relatedSpdxElement": "SPDXRef-7a133b6f93d1fa35", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-3a2f9b899623fcef" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-ubi-micro.bom.json-803beb9a045954db", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-3a2f9b899623fcef" + }, + { + "relatedSpdxElement": "SPDXRef-814094b5105175a0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-3a2f9b899623fcef" + }, + { + "relatedSpdxElement": "SPDXRef-a58bf7c45d2e7be1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-3a2f9b899623fcef" + }, + { + "relatedSpdxElement": "SPDXRef-a6261911e94ff98a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-3a2f9b899623fcef" + }, + { + "relatedSpdxElement": "SPDXRef-ac288cbfb0ac99cf", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-3a2f9b899623fcef" + }, + { + "relatedSpdxElement": "SPDXRef-ad862b12a46e228d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-3a2f9b899623fcef" + }, + { + "relatedSpdxElement": "SPDXRef-c6a282cf82cea475", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-3a2f9b899623fcef" + }, + { + "relatedSpdxElement": "SPDXRef-cce465ff5a74e112", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-3a2f9b899623fcef" + }, + { + "relatedSpdxElement": "SPDXRef-d231fdcaea7d6630", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-3a2f9b899623fcef" + }, + { + "relatedSpdxElement": "SPDXRef-e453479c4f575e2e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-3a2f9b899623fcef" + }, + { + "relatedSpdxElement": "SPDXRef-e47e72ccba5baab6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-3a2f9b899623fcef" + }, + { + "relatedSpdxElement": "SPDXRef-e4ffecdd0b797b12", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-3a2f9b899623fcef" + }, + { + "relatedSpdxElement": "SPDXRef-f3e72b04220487f2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-3a2f9b899623fcef" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-.-weird-3c6895ca4a5780ff" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-gomod-pandemonium.bom.json-f18ea85332ea2584", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-.-weird-3c6895ca4a5780ff" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-mime-types-3d83e7d7cdab343b" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-mime-types-3d83e7d7cdab343b" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-inherits-3db1d8369b9e03f5" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-inherits-3db1d8369b9e03f5" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-abbrev-3f2c98629448bcde" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-abbrev-3f2c98629448bcde" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-serve-static-4032ddabe466a722" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-serve-static-4032ddabe466a722" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-libselinux-42e128b451e8a7f2" + }, + { + "relatedSpdxElement": "SPDXRef-6eb381216b173c89", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libselinux-42e128b451e8a7f2" + }, + { + "relatedSpdxElement": "SPDXRef-716de61452cc5971", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libselinux-42e128b451e8a7f2" + }, + { + "relatedSpdxElement": "SPDXRef-77f2cd76a94101c4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libselinux-42e128b451e8a7f2" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-ubi-micro.bom.json-803beb9a045954db", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-libselinux-42e128b451e8a7f2" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-gpg-pubkey-435a6e9b3d6a9138" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-ubi-micro.bom.json-803beb9a045954db", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-gpg-pubkey-435a6e9b3d6a9138" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-utils-merge-443403d64f0dada6" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-utils-merge-443403d64f0dada6" + }, + { + "relatedSpdxElement": "SPDXRef-093b22943ed4c34a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-0e60b5f54e6783d8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-116acb9eb7405672", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-1dd9301a3f39bdc0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-287d5200559a822d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-3b106a4ceb41fa8a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-3c8c67ce970d943c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-3cbf00f0b164b17c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-4262ed2903a85bf2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-48d73557460f1b0c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-4a600a29b1d01aae", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-4f54b5b8e3df4744", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-5c306b86c8a54142", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-6097a424159ffd12", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-7b2c0d164c096cb1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-ubi-micro.bom.json-803beb9a045954db", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-85e3bf161980644c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-8b62a585637b8b5b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-8d553efaf5216c48", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-97a2758b67a452b1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-9c2274ba4f682829", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-9eca6e02c9ae5f64", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-9f080adee0f8cd58", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-a20b8b5eb6252dd2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-bdc00b8f2846e41e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-d010f2b6ecbcec3d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-d19d55a5de663610", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-d4bfd3dedb9affb5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-d4e47022fd81cec8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-e39d406381c59c32", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-e4c8fba2d6e37bf3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-e949a0e9793ef0f9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-edcbf30f1466e9ca", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "relatedSpdxElement": "SPDXRef-feafa1df08fa0a8d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-golang.org-x-mod-4c1cbf2e0cd50676" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-gomod-pandemonium.bom.json-f18ea85332ea2584", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-golang.org-x-mod-4c1cbf2e0cd50676" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-2432707e94a3fa2f", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-moby-term-50fec4b596f1b5a4" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-moby-term-50fec4b596f1b5a4" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-gomod-pandemonium.bom.json-f18ea85332ea2584", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-moby-term-50fec4b596f1b5a4" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-classnames-53793bbaf4ff2702" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-classnames-53793bbaf4ff2702" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-ms-53ba9ea2a4da7025" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-ms-53ba9ea2a4da7025" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-on-finished-5856d1658d5cf57d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-on-finished-5856d1658d5cf57d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-methods-58ba89a4743603d1" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-methods-58ba89a4743603d1" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-call-bind-58ed691ed411489f" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-call-bind-58ed691ed411489f" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-etag-59fd55ac302a84dd" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-etag-59fd55ac302a84dd" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-bytes-5b1cf7149106e69b" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-bytes-5b1cf7149106e69b" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-26ca2b7dc025d550", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-python-requests-5b96d4bf85903dbc" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-pip-e2e-test.bom.json-b794676892416cab", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-python-requests-5b96d4bf85903dbc" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-not-baz-5bf0970cf22e1061" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-not-baz-5bf0970cf22e1061" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-escape-html-5ec3e61bff1d689b" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-escape-html-5ec3e61bff1d689b" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-object-inspect-66f18435fd24c73e" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-object-inspect-66f18435fd24c73e" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-cachito-testing-gomod-pandemonium-terminaltor-678a651734b3b388" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-gomod-pandemonium.bom.json-f18ea85332ea2584", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-cachito-testing-gomod-pandemonium-terminaltor-678a651734b3b388" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm--types-scheduler-6affbd71356d2e4e" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm--types-scheduler-6affbd71356d2e4e" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-finalhandler-6d52233d96a858c0" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-finalhandler-6d52233d96a858c0" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-pcre2-7307f102d1407a34" + }, + { + "relatedSpdxElement": "SPDXRef-76508eee1c05a21f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-pcre2-7307f102d1407a34" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-ubi-micro.bom.json-803beb9a045954db", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-pcre2-7307f102d1407a34" + }, + { + "relatedSpdxElement": "SPDXRef-e532158c4b817c7e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-pcre2-7307f102d1407a34" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-mime-735a8b4424a29ddd" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-mime-735a8b4424a29ddd" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-safer-buffer-74143338506776a9" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-safer-buffer-74143338506776a9" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-golang.org-x-text-790158d1c3559ad9" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-gomod-pandemonium.bom.json-f18ea85332ea2584", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-golang.org-x-text-790158d1c3559ad9" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-bar-79f0e750826367d3" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-bar-79f0e750826367d3" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-qs-7b24038737f71e82" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-qs-7b24038737f71e82" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-setprototypeof-7bb18c8771be16cb" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-setprototypeof-7bb18c8771be16cb" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-libgcc-7f0fb014edf241b2" + }, + { + "relatedSpdxElement": "SPDXRef-7203255ef40d4de4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libgcc-7f0fb014edf241b2" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-ubi-micro.bom.json-803beb9a045954db", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-libgcc-7f0fb014edf241b2" + }, + { + "relatedSpdxElement": "SPDXRef-b04696f2df942d64", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libgcc-7f0fb014edf241b2" + }, + { + "relatedSpdxElement": "SPDXRef-b0ec8fd7b73b87ac", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libgcc-7f0fb014edf241b2" + }, + { + "relatedSpdxElement": "SPDXRef-b89e765e63358c4a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libgcc-7f0fb014edf241b2" + }, + { + "relatedSpdxElement": "SPDXRef-ec5729909c2cd646", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libgcc-7f0fb014edf241b2" + }, + { + "relatedSpdxElement": "SPDXRef-f66aed1874e19fc7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libgcc-7f0fb014edf241b2" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-cookie-810ba11741c1022d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-cookie-810ba11741c1022d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-Microsoft-go-winio-825a41013698e18b" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-gomod-pandemonium.bom.json-f18ea85332ea2584", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-Microsoft-go-winio-825a41013698e18b" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-gopkg.in-yaml.v2-8a21c71703471107" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-gomod-pandemonium.bom.json-f18ea85332ea2584", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-gopkg.in-yaml.v2-8a21c71703471107" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-toidentifier-8b376d5729e6bbdc" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-toidentifier-8b376d5729e6bbdc" + }, + { + "relatedSpdxElement": "SPDXRef-00f4acaa8dc59e2e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-0251bd9fc02e0270", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-090b325103ea5c7e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-099b3b80e0d55e14", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-09e3e4c2688b9525", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-0cb3fbcbd2dd5cd5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-0e29a57cbdd6ed76", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-0eb8f50913ea3f60", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-0fafedc4e6fd7cf0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-11f8cc18ba3f55d9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-125be635cd0bbc9a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-12bdc54d751ff826", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-14cdc4287f825a65", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-18c628e1581ef32f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-1acc693ece00bcd3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-1c1877936aef4d1e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-1cde0c361cc14dcf", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-1d0ed68dc53ce512", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-1ec25a2e334ddb41", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-1fea95d62467d732", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-20f0e0881f4f91b9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-213a833496f6970f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-22201df6e59de74c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-24e937f12da00a5b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-2fae52fc2880ff83", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-3113715cd7c7652d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-3199eee3197712c6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-33708b8bfc387de7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-3735e1d949211fd0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-3a050951eac42194", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-3cbefbcaae750b3a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-4063805e2cb14bb4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-442756f97c0385ee", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-4440c693304bdd69", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-4479450064f58594", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-44cbc0c3016ab504", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-4d08b7ddb80d2d2d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-4da4e02973d88fc8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-53b48ec4c592891a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-55db1a7e426872ee", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-562dfae3104460c6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-584c36265a2ea13b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-5a90803bc828932e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-5faacd44ff9fbfb7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-6093de115bced1fd", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-60ceddea44a3652b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-61cf5d4d97dea3ee", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-6200262a8b800757", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-63f79ec19e1b94ca", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-64c3ef3ca25bde85", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-671e7687831fbe6a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-691db0f09237c546", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-7237d96811f2e6ee", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-75628b804e454e0d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-77c849091ccf0af5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-7aa468a1496ac054", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-7e3301b473a2ca4c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-ubi-micro.bom.json-803beb9a045954db", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-8113452b5c9716ac", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-87495cf5d2d47fda", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-8adef0d2c945e765", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-8caa893d3ea3ff10", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-8da81b57196be8e6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-903a0f05a27e0800", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-a01c2e35e4cd9dcf", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-a288191daac71d98", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-a2a7ca8c886b41cc", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-a842a425e8b987c8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-a873586e1f1964c1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-adaa31120292d0e1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-adb4ccdfd776d96e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-adfd58add87f17eb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-aebe7ba7f1d173d9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-b8fd4c93bdc2dc56", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-b93c0744925b06c4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-c00cfb94994cd346", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-c2991afcc7b64b3f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-c562bff015a5e88a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-c95cb2db6f7ef3a7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-c98b488a39cc46b1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-ca299e004609c194", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-cb05c7cc7d580a18", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-cd5975a581a20d54", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-cd6c00e954c6b9b5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-cda6749939d0cff4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-d08b3eda3bb0f423", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-d2810e0008a20996", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-df46e51677002d7e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-e0fd5015daca3aa1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-e1320d675eea1128", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-e49573c9128715cd", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-e558523be5608a79", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-e9694d234553dca8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-e9a6add62f58cbe4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-ea0da78f2e6c40fb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-ea9479d5ccdf69bd", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-ead1fbc22936c919", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-ebb77e74644544c1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-ee3e17c720f2d89d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-ee98983da607a90a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-ef6f6422dd145c33", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-f3eb429bb84f6e99", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-f609f1cbc122d4a0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-f6ba024f90647bbe", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-f74c6fd74cfbdcc1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-f7aa12fe08136189", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-fabc98d06b8cab7f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-fc2ed4d716d9178c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "relatedSpdxElement": "SPDXRef-ff13fc8c0587311f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-accepts-8c90408f77776505" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-accepts-8c90408f77776505" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-send-8d443fecc18de69f" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-send-8d443fecc18de69f" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-ipaddr.js-92d3c56463c6450c" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-ipaddr.js-92d3c56463c6450c" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-google-go-cmp-93c257f0147a8717" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-gomod-pandemonium.bom.json-f18ea85332ea2584", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-google-go-cmp-93c257f0147a8717" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-iconv-lite-953118c68dfc7c58" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-iconv-lite-953118c68dfc7c58" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-parseurl-96845723b477f90d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-parseurl-96845723b477f90d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-not-baz-96d13d9e06d83d34" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-not-baz-96d13d9e06d83d34" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-bar-98f7b0bedb98d9ce" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-bar-98f7b0bedb98d9ce" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-spam-packages-spam-9bd159a38c7ff9f8" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-spam-packages-spam-9bd159a38c7ff9f8" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-eggs-packages-eggs-9cd2a8b438e99a33" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-eggs-packages-eggs-9cd2a8b438e99a33" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-bitbucket-cachi2-npm-without-deps-9f1e093abbcf70ca" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-bitbucket-cachi2-npm-without-deps-9f1e093abbcf70ca" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm--types-prop-types-a1fae41b0622df85" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm--types-prop-types-a1fae41b0622df85" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-foo-a251fe49069fb925" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-foo-a251fe49069fb925" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-safe-buffer-a35b9ee95a4c4a47" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-safe-buffer-a35b9ee95a4c4a47" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-cachito-npm-without-deps-a38e41e36cf88bad" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-cachito-npm-without-deps-a38e41e36cf88bad" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-proxy-addr-a4aff90a3c80b6b4" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-proxy-addr-a4aff90a3c80b6b4" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-content-type-a826a235775c30fe" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-content-type-a826a235775c30fe" + }, + { + "relatedSpdxElement": "SPDXRef-0c50e936ee3494b7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libcap-a855d73e45bf400d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-libcap-a855d73e45bf400d" + }, + { + "relatedSpdxElement": "SPDXRef-73f5b11287ef6f7b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libcap-a855d73e45bf400d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-ubi-micro.bom.json-803beb9a045954db", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-libcap-a855d73e45bf400d" + }, + { + "relatedSpdxElement": "SPDXRef-93d2291b22fe3ffa", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libcap-a855d73e45bf400d" + }, + { + "relatedSpdxElement": "SPDXRef-a05f7b95464d0b21", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libcap-a855d73e45bf400d" + }, + { + "relatedSpdxElement": "SPDXRef-afbd982a53c5859b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libcap-a855d73e45bf400d" + }, + { + "relatedSpdxElement": "SPDXRef-afddc064db424ac5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libcap-a855d73e45bf400d" + }, + { + "relatedSpdxElement": "SPDXRef-b8726263fe64c3fb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libcap-a855d73e45bf400d" + }, + { + "relatedSpdxElement": "SPDXRef-c21818d7924866af", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libcap-a855d73e45bf400d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-golang.org-x-tools-a9584feeb7bb8402" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-gomod-pandemonium.bom.json-f18ea85332ea2584", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-golang.org-x-tools-a9584feeb7bb8402" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-npm-test-b1704174e0c32776" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-npm-test-b1704174e0c32776" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-fresh-b182f50e5537b058" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-fresh-b182f50e5537b058" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-eggs-b2b294d7d191c8fe" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-eggs-b2b294d7d191c8fe" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-cachito-testing-gomod-pandemonium-weird-b513d6176869c4b0" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-gomod-pandemonium.bom.json-f18ea85332ea2584", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-cachito-testing-gomod-pandemonium-weird-b513d6176869c4b0" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-negotiator-b532621e5d3e3143" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-negotiator-b532621e5d3e3143" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-media-typer-b74086a3d478e830" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-media-typer-b74086a3d478e830" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-path-to-regexp-b78118279957fc5d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-path-to-regexp-b78118279957fc5d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-fecha-b7907543ae6e117b" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-fecha-b7907543ae6e117b" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-458596483a88d4e1", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-python-setuptools-b8feebd65f08122d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-pip-e2e-test.bom.json-b794676892416cab", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-python-setuptools-b8feebd65f08122d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-range-parser-ba1915578bf2b327" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-range-parser-ba1915578bf2b327" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-is-positive-baf149b41f1c97d2" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-is-positive-baf149b41f1c97d2" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-cookie-signature-bc6d018ca9116d6f" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-cookie-signature-bc6d018ca9116d6f" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-26ca2b7dc025d550", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-python-idna-bcf6372381760aaf" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-pip-e2e-test.bom.json-b794676892416cab", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-python-idna-bcf6372381760aaf" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-spam-bdf6a887ecdfc7d0" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-spam-bdf6a887ecdfc7d0" + }, + { + "relatedSpdxElement": "SPDXRef-042cdd286e6690f7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "relatedSpdxElement": "SPDXRef-04a1ddd3855f10d2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "relatedSpdxElement": "SPDXRef-055567cad892fab9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "relatedSpdxElement": "SPDXRef-0759df524a156cc5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "relatedSpdxElement": "SPDXRef-1298cd5a74e6826f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "relatedSpdxElement": "SPDXRef-1747ebd22f83821b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "relatedSpdxElement": "SPDXRef-29828b308b7825dc", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "relatedSpdxElement": "SPDXRef-326f83eda515ade2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "relatedSpdxElement": "SPDXRef-3ded0676f7352404", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "relatedSpdxElement": "SPDXRef-416b2f4ec2cb80ff", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "relatedSpdxElement": "SPDXRef-45c3f98d1964a3e8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "relatedSpdxElement": "SPDXRef-4b9ff5cd4da5b8fa", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "relatedSpdxElement": "SPDXRef-725fda6adbad0fbf", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "relatedSpdxElement": "SPDXRef-77bbe8ef6464a65a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-ubi-micro.bom.json-803beb9a045954db", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "relatedSpdxElement": "SPDXRef-8558a6f8bda0c485", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "relatedSpdxElement": "SPDXRef-8b70a31f0cac693c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "relatedSpdxElement": "SPDXRef-9967ec5443ba73a4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "relatedSpdxElement": "SPDXRef-b15b5d465aee7ab9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "relatedSpdxElement": "SPDXRef-b58d2081a4969565", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "relatedSpdxElement": "SPDXRef-c17bf6ee94ebe658", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "relatedSpdxElement": "SPDXRef-c802b681a8f250e3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "relatedSpdxElement": "SPDXRef-cdcaf220db009fa0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "relatedSpdxElement": "SPDXRef-d3c342bee6dcb546", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "relatedSpdxElement": "SPDXRef-d44a620886ddc807", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "relatedSpdxElement": "SPDXRef-de28eb2e62d67253", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "relatedSpdxElement": "SPDXRef-e1d8632b411ad09f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "relatedSpdxElement": "SPDXRef-e92b9052269bfc73", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "relatedSpdxElement": "SPDXRef-fea7c27abb2379a7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-sax-c18d20041695a129" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-sax-c18d20041695a129" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-go-task-slim-sprig-c25ef0705c14f227" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-gomod-pandemonium.bom.json-f18ea85332ea2584", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-go-task-slim-sprig-c25ef0705c14f227" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-gopkg.in-yaml.v3-c260bc6047ae5541" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-gomod-pandemonium.bom.json-f18ea85332ea2584", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-gopkg.in-yaml.v3-c260bc6047ae5541" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-go-logr-logr-c2bdea48efc37856" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-gomod-pandemonium.bom.json-f18ea85332ea2584", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-go-logr-logr-c2bdea48efc37856" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-debug-c8d0e1208d789176" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-debug-c8d0e1208d789176" + }, + { + "relatedSpdxElement": "SPDXRef-02c86f8b5782080d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-0422a3de27ba8218", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-07761235abd23294", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-0cd5d3e0c713a5a3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-1413c9de68223115", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-14b3989da6efda4a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-1747ebd22f83821b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-2470e805dcaf3337", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-252e895078577c0d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-25f0f51c1f89d8f0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-282b8f0ef7667cde", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-3303d89935058cf0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-3b41150404d45e56", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-3deace09a409d0d0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-45ade9708b31e632", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-477868edd8205945", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-48dc10363ec04799", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-55cc6aefc3a45db5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-6235ef0643d4a14e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-63c3f57d370dea27", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-6d0ecabe4efac702", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-776266db8d5dfeaa", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-7eae0e1a3e331c1d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-ubi-micro.bom.json-803beb9a045954db", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-8251d69d2a1bdc02", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-862870f595274f40", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-8842aea72f6aa015", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-8e8a1e9e7cca96d3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-8f0188eaa6c06223", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-92a0ad0f9e56cf54", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-9fe7e4964c757aeb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-ac733906db18789e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-c09bb613b4315052", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-c476348290be58ba", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-cad72ad10f0eb4f8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-cecc782aa7b1e7c9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-cf18627e23e984c4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-de6ce068dd8d2b3f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-e29bc034e6b11ae7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-f6e217b5fe40dbc8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "relatedSpdxElement": "SPDXRef-f9bde8a44c9ad30d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-has-symbols-c969acbcd417229f" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-has-symbols-c969acbcd417229f" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm--types-react-cc6308c01a151a0d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm--types-react-cc6308c01a151a0d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-type-is-cd1cc2ecb63740f5" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-type-is-cd1cc2ecb63740f5" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-26ca2b7dc025d550", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-python-urllib3-cde789a71facd36d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-pip-e2e-test.bom.json-b794676892416cab", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-python-urllib3-cde789a71facd36d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-side-channel-d11e131a09f4882e" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-side-channel-d11e131a09f4882e" + }, + { + "relatedSpdxElement": "SPDXRef-0aed66c4c43d9b58", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-libacl-d5ee4e13e90d4e54" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-libacl-d5ee4e13e90d4e54" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-ubi-micro.bom.json-803beb9a045954db", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-libacl-d5ee4e13e90d4e54" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-encodeurl-d607763331c68509" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-encodeurl-d607763331c68509" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-depd-d73550777a1e57f6" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-depd-d73550777a1e57f6" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-op-go-logging-d73e1840fa60eec5" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-gomod-pandemonium.bom.json-f18ea85332ea2584", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-op-go-logging-d73e1840fa60eec5" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-gpg-pubkey-d7813f956aa46728" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-ubi-micro.bom.json-803beb9a045954db", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-gpg-pubkey-d7813f956aa46728" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-458596483a88d4e1", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-python-flit-core-de93cd3cdf60a4ec" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-pip-e2e-test.bom.json-b794676892416cab", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-python-flit-core-de93cd3cdf60a4ec" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-26ca2b7dc025d550", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-python-charset-normalizer-e1219ba0515f33fd" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-pip-e2e-test.bom.json-b794676892416cab", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-python-charset-normalizer-e1219ba0515f33fd" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-forwarded-e1faef01df7b508d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-forwarded-e1faef01df7b508d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-onsi-gomega-e29d37d2ba5864e9" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-gomod-pandemonium.bom.json-f18ea85332ea2584", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-onsi-gomega-e29d37d2ba5864e9" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-express-e31504920cb0b66f" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-express-e31504920cb0b66f" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-26ca2b7dc025d550", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-python-certifi-e52809bc353be33d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-pip-e2e-test.bom.json-b794676892416cab", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-python-certifi-e52809bc353be33d" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-mime-db-e5a2bcdda2ada6ef" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-mime-db-e5a2bcdda2ada6ef" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-statuses-ebbcd1ef014fcc61" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-statuses-ebbcd1ef014fcc61" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-google-pprof-ecd070ef9549a5bf" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-gomod-pandemonium.bom.json-f18ea85332ea2584", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-google-pprof-ecd070ef9549a5bf" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-pkg-errors-ed9b103c21db80ea" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-gomod-pandemonium.bom.json-f18ea85332ea2584", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-pkg-errors-ed9b103c21db80ea" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-tzdata-f021feb4247538f9" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-ubi-micro.bom.json-803beb9a045954db", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-tzdata-f021feb4247538f9" + }, + { + "relatedSpdxElement": "SPDXRef-ee9a3905115b2c10", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-Package-rpm-tzdata-f021feb4247538f9" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-merge-descriptors-f03fb0654ef59b58" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-merge-descriptors-f03fb0654ef59b58" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3dcb008b5c517b81", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-glibc-minimal-langpack-f647e36d1c1ff3ed" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-ubi-micro.bom.json-803beb9a045954db", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-rpm-glibc-minimal-langpack-f647e36d1c1ff3ed" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-onsi-ginkgo-v2-f795d07fcda05a3a" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-gomod-pandemonium.bom.json-f18ea85332ea2584", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-onsi-ginkgo-v2-f795d07fcda05a3a" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-body-parser-f9dc933dfe04c993" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-body-parser-f9dc933dfe04c993" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-ee-first-fb516ddf71779a21" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-ee-first-fb516ddf71779a21" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-content-disposition-fcafa5c6e147583a" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-content-disposition-fcafa5c6e147583a" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-3fc5a8d3d86e9790", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-release-engineering-retrodep-v2-feea6f8e1b27768e" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-gomod-pandemonium.bom.json-f18ea85332ea2584", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-go-module-github.com-release-engineering-retrodep-v2-feea6f8e1b27768e" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-File-npm-cachi2-smoketest.bom.json-8ce96589bcecbc2c", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-has-ff8218d04b334cc6" + }, + { + "comment": "evident-by: indicates the package's existence is evident by the given file", + "relatedSpdxElement": "SPDXRef-fd71c2238fc07657", + "relationshipType": "OTHER", + "spdxElementId": "SPDXRef-Package-npm-has-ff8218d04b334cc6" + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-.-terminaltor-1671ab40c14d0b34", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-.-weird-3c6895ca4a5780ff", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm--types-prop-types-a1fae41b0622df85", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm--types-react-cc6308c01a151a0d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm--types-react-dom-066f90bcde616825", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm--types-scheduler-6affbd71356d2e4e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-abbrev-3f2c98629448bcde", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-accepts-8c90408f77776505", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-array-flatten-196de035e586b40b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-bar-79f0e750826367d3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-bar-98f7b0bedb98d9ce", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-basesystem-2c317c7cf8a94c7e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-bash-12ea3c2e4228ff95", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-bitbucket-cachi2-npm-without-deps-9f1e093abbcf70ca", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-bitbucket-cachi2-npm-without-deps-second-2f6775ac03ab8e1e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-body-parser-f9dc933dfe04c993", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-bytes-5b1cf7149106e69b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-cachito-npm-without-deps-a38e41e36cf88bad", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-call-bind-58ed691ed411489f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-python-certifi-e52809bc353be33d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-python-charset-normalizer-e1219ba0515f33fd", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-classnames-53793bbaf4ff2702", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-colors-1d1826d50905148c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-content-disposition-fcafa5c6e147583a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-content-type-a826a235775c30fe", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-cookie-810ba11741c1022d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-cookie-signature-bc6d018ca9116d6f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-coreutils-single-8bf5964093a3878a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-csstype-24b1a879e4d9eeb3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-dateformat-3a1dc749542163dd", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-debug-c8d0e1208d789176", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-depd-d73550777a1e57f6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-destroy-10a5c85ca836d9e8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-ee-first-fb516ddf71779a21", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-eggs-b2b294d7d191c8fe", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-eggs-packages-eggs-9cd2a8b438e99a33", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-encodeurl-d607763331c68509", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-escape-html-5ec3e61bff1d689b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-etag-59fd55ac302a84dd", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-express-e31504920cb0b66f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-fecha-b7907543ae6e117b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-filesystem-161b9671f12c19da", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-finalhandler-6d52233d96a858c0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-python-flit-core-de93cd3cdf60a4ec", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-foo-1d813e18e8c26050", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-foo-a251fe49069fb925", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-forwarded-e1faef01df7b508d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-fresh-b182f50e5537b058", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-function-bind-00191865e9951ee0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-get-intrinsic-2dd848007eb3935c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-Azure-go-ansiterm-1829ebb636ec78cd", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-Masterminds-semver-173062b40aeacc93", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-Microsoft-go-winio-825a41013698e18b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-cachito-testing-gomod-pandemonium-terminaltor-678a651734b3b388", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-cachito-testing-gomod-pandemonium-weird-b513d6176869c4b0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-cachito-testing-retrodep-v2-1a2838ae474dcb2f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-go-logr-logr-c2bdea48efc37856", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-go-task-slim-sprig-c25ef0705c14f227", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-google-go-cmp-93c257f0147a8717", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-google-pprof-ecd070ef9549a5bf", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-moby-term-50fec4b596f1b5a4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-onsi-ginkgo-v2-f795d07fcda05a3a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-onsi-gomega-e29d37d2ba5864e9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-op-go-logging-d73e1840fa60eec5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-pkg-errors-ed9b103c21db80ea", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-release-engineering-retrodep-v2-feea6f8e1b27768e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-glibc-c95323ce6f1e9387", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-glibc-common-c15bad3a41259d52", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-glibc-minimal-langpack-f647e36d1c1ff3ed", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-golang.org-x-mod-4c1cbf2e0cd50676", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-golang.org-x-net-256d29980cc16d6b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-golang.org-x-sys-057b6417ab20d0bd", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-golang.org-x-text-790158d1c3559ad9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-golang.org-x-tools-a9584feeb7bb8402", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-gopkg.in-yaml.v2-8a21c71703471107", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-gopkg.in-yaml.v3-c260bc6047ae5541", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-gpg-pubkey-435a6e9b3d6a9138", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-gpg-pubkey-d7813f956aa46728", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-has-ff8218d04b334cc6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-has-symbols-c969acbcd417229f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-http-errors-0201e00ccf18b29b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-iconv-lite-953118c68dfc7c58", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-python-idna-bcf6372381760aaf", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-inherits-3db1d8369b9e03f5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-ipaddr.js-92d3c56463c6450c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-is-positive-baf149b41f1c97d2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-libacl-d5ee4e13e90d4e54", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-libattr-0bd98744b2ae9cb0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-libcap-a855d73e45bf400d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-libgcc-7f0fb014edf241b2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-libselinux-42e128b451e8a7f2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-libsepol-0a3c35afbfe1f07a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-media-typer-b74086a3d478e830", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-merge-descriptors-f03fb0654ef59b58", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-methods-58ba89a4743603d1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-mime-735a8b4424a29ddd", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-mime-db-e5a2bcdda2ada6ef", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-mime-types-3d83e7d7cdab343b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-ms-53ba9ea2a4da7025", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-ms-1098d0aa0a75e840", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-ncurses-base-1439f27b60a564fd", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-ncurses-libs-199db5642246dabb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-negotiator-b532621e5d3e3143", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-not-baz-96d13d9e06d83d34", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-not-baz-5bf0970cf22e1061", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-npm-test-b1704174e0c32776", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-object-inspect-66f18435fd24c73e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-on-finished-5856d1658d5cf57d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-parseurl-96845723b477f90d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-path-to-regexp-b78118279957fc5d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-pcre2-7307f102d1407a34", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-pcre2-syntax-27e4f551dc1a98e9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-proxy-addr-a4aff90a3c80b6b4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-qs-7b24038737f71e82", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-range-parser-ba1915578bf2b327", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-raw-body-1b79e27f8dbc1b0f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-redhat-release-3a2f9b899623fcef", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-python-requests-5b96d4bf85903dbc", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-safe-buffer-a35b9ee95a4c4a47", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-safer-buffer-74143338506776a9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-sax-c18d20041695a129", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-send-8d443fecc18de69f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-serve-static-4032ddabe466a722", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-setprototypeof-7bb18c8771be16cb", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-setup-459eaf7fd4ed8782", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-python-setuptools-b8feebd65f08122d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-side-channel-d11e131a09f4882e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-spam-bdf6a887ecdfc7d0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-spam-packages-spam-9bd159a38c7ff9f8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-statuses-ebbcd1ef014fcc61", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-toidentifier-8b376d5729e6bbdc", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-type-is-cd1cc2ecb63740f5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-tzdata-f021feb4247538f9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-unpipe-0fbdbdbec11b3a71", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-python-urllib3-cde789a71facd36d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-utils-merge-443403d64f0dada6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-uuid-0465525001e1e6ab", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-vary-1fcda930f44d7a88", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-Package-python-wheel-206cb57d1f94b605", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-.-syft-sboms" + }, + { + "relatedSpdxElement": "SPDXRef-DocumentRoot-Directory-.-syft-sboms", + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT" + } + ], + "spdxVersion": "SPDX-2.3" +} diff --git a/sbom-utility-scripts/scripts/merge-sboms-script/test_data/spdx/syft.merged-by-us.bom.json b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/spdx/syft.merged-by-us.bom.json new file mode 100644 index 0000000..8fbb54c --- /dev/null +++ b/sbom-utility-scripts/scripts/merge-sboms-script/test_data/spdx/syft.merged-by-us.bom.json @@ -0,0 +1,6233 @@ +{ + "SPDXID": "SPDXRef-DOCUMENT", + "creationInfo": { + "created": "2024-12-18T11:28:00Z", + "creators": [ + "Organization: Anchore, Inc", + "Tool: syft-1.4.1" + ], + "licenseListVersion": "3.23" + }, + "dataLicense": "CC0-1.0", + "documentNamespace": "https://anchore.com/syft/dir/syft-sboms-b66779b6-6e20-4128-9fad-da28250a1b82", + "name": ".", + "packages": [ + { + "SPDXID": "SPDXRef-Package-go-module-.-terminaltor-fb7b11a4b3fddcb6", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/./terminaltor", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "./terminaltor", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-go-module-.-weird-ab3afc436e9979e6", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/./weird", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "./weird", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-Azure-go-ansiterm-e56101171f13c2dd", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:Azure:go-ansiterm:v0.0.0-20210617225240-d185dfc1b5a1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:Azure:go_ansiterm:v0.0.0-20210617225240-d185dfc1b5a1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/Azure/go-ansiterm@v0.0.0-20210617225240-d185dfc1b5a1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/Azure/go-ansiterm", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.0.0-20210617225240-d185dfc1b5a1" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-Masterminds-semver-354d8d82b2da8793", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:Masterminds:semver:v1.4.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/Masterminds/semver@v1.4.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/Masterminds/semver", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v1.4.2" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-Microsoft-go-winio-c2a50d97cb0e4bfc", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:Microsoft:go-winio:v0.6.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:Microsoft:go_winio:v0.6.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/Microsoft/go-winio@v0.6.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/Microsoft/go-winio", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.6.0" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-cachito-testing-gomod-pandemonium-terminaltor-146c86ecdbb0cfe7", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-testing:gomod-pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-testing:gomod_pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_testing:gomod-pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_testing:gomod_pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito:gomod-pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito:gomod_pandemonium\\/terminaltor:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/gomod-pandemonium@v0.0.0#terminaltor", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/cachito-testing/gomod-pandemonium/terminaltor", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.0.0" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-cachito-testing-gomod-pandemonium-weird-fa2ffebd22241e0d", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-testing:gomod-pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-testing:gomod_pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_testing:gomod-pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_testing:gomod_pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito:gomod-pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito:gomod_pandemonium\\/weird:v0.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/gomod-pandemonium@v0.0.0#weird", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/cachito-testing/gomod-pandemonium/weird", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.0.0" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-cachito-testing-retrodep-v2-6db993d8ef0e368a", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-testing:retrodep\\/v2:v2.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_testing:retrodep\\/v2:v2.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito:retrodep\\/v2:v2.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/cachito-testing/retrodep@v2.1.1#v2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/cachito-testing/retrodep/v2", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v2.1.1" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-go-logr-logr-b07c55dbe14eb54f", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go-logr:logr:v1.2.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go_logr:logr:v1.2.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go:logr:v1.2.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/go-logr/logr@v1.2.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/go-logr/logr", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v1.2.3" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-go-task-slim-sprig-09ce847851ef4807", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go-task:slim-sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go-task:slim_sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go_task:slim-sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go_task:slim_sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go:slim-sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:go:slim_sprig:v0.0.0-20230315185526-52ccab3ef572:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/go-task/slim-sprig@v0.0.0-20230315185526-52ccab3ef572", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/go-task/slim-sprig", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.0.0-20230315185526-52ccab3ef572" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-google-go-cmp-c2740da0f3c011dc", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:google:go-cmp:v0.5.9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:google:go_cmp:v0.5.9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/google/go-cmp@v0.5.9", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/google/go-cmp", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.5.9" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-google-pprof-768bdea76795da5e", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:google:pprof:v0.0.0-20210407192527-94a9f03dee38:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/google/pprof@v0.0.0-20210407192527-94a9f03dee38", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/google/pprof", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.0.0-20210407192527-94a9f03dee38" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-moby-term-16768dd257ca9ea1", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:moby:term:v0.0.0-20221205130635-1aeaba878587:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/moby/term@v0.0.0-20221205130635-1aeaba878587", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/moby/term", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.0.0-20221205130635-1aeaba878587" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-onsi-ginkgo-v2-dbe722f079d05fed", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:onsi:ginkgo\\/v2:v2.9.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/onsi/ginkgo@v2.9.2#v2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/onsi/ginkgo/v2", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v2.9.2" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-onsi-gomega-33a8824de4d78c9f", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:onsi:gomega:v1.27.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/onsi/gomega@v1.27.4", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/onsi/gomega", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v1.27.4" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-op-go-logging-d053202ebaedc3aa", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:op:go-logging:v0.0.0-20160315200505-970db520ece7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:op:go_logging:v0.0.0-20160315200505-970db520ece7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/op/go-logging@v0.0.0-20160315200505-970db520ece7", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/op/go-logging", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.0.0-20160315200505-970db520ece7" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-pkg-errors-e9a30d103cc846e1", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pkg:errors:v0.8.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/pkg/errors@v0.8.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/pkg/errors", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.8.1" + }, + { + "SPDXID": "SPDXRef-Package-go-module-github.com-release-engineering-retrodep-v2-b1aab99da74371f7", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:release-engineering:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:release_engineering:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:release:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/github.com/release-engineering/retrodep@v2.1.0#v2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "github.com/release-engineering/retrodep/v2", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v2.1.0" + }, + { + "SPDXID": "SPDXRef-Package-go-module-golang.org-x-mod-23b7926420819455", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:golang:x\\/mod:v0.9.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/mod@v0.9.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "golang.org/x/mod", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.9.0" + }, + { + "SPDXID": "SPDXRef-Package-go-module-golang.org-x-net-22fa1122214f7ae2", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:golang:networking:v0.8.0:*:*:*:*:go:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/net@v0.8.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "golang.org/x/net", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.8.0" + }, + { + "SPDXID": "SPDXRef-Package-go-module-golang.org-x-sys-bf14db941e01d41c", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:golang:x\\/sys:v0.6.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/sys@v0.6.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "golang.org/x/sys", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.6.0" + }, + { + "SPDXID": "SPDXRef-Package-go-module-golang.org-x-text-5f5f28df2a89cd2b", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:golang:text:v0.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/text@v0.8.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "golang.org/x/text", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.8.0" + }, + { + "SPDXID": "SPDXRef-Package-go-module-golang.org-x-tools-f249a74f177d2a78", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:golang:x\\/tools:v0.7.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/tools@v0.7.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "golang.org/x/tools", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v0.7.0" + }, + { + "SPDXID": "SPDXRef-Package-go-module-gopkg.in-yaml.v2-c743bd971b07bf7f", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/gopkg.in/yaml.v2@v2.2.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "gopkg.in/yaml.v2", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v2.2.2" + }, + { + "SPDXID": "SPDXRef-Package-go-module-gopkg.in-yaml.v3-716c668b92999095", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:yaml_project:yaml:v3.0.1:*:*:*:*:go:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "gopkg.in/yaml.v3", + "sourceInfo": "acquired package info from go module information: /go.mod", + "supplier": "NOASSERTION", + "versionInfo": "v3.0.1" + }, + { + "SPDXID": "SPDXRef-DocumentRoot-Directory-.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": ".", + "primaryPackagePurpose": "FILE", + "supplier": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-npm--types-prop-types-38e27e44d41f52ce", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/@types/prop-types/-/prop-types-15.7.5.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/prop-types:\\@types\\/prop-types:15.7.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/prop-types:\\@types\\/prop_types:15.7.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/prop_types:\\@types\\/prop-types:15.7.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/prop_types:\\@types\\/prop_types:15.7.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/prop:\\@types\\/prop-types:15.7.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/prop:\\@types\\/prop_types:15.7.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/%40types/prop-types@15.7.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "@types/prop-types", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "15.7.5" + }, + { + "SPDXID": "SPDXRef-Package-npm--types-react-32822b9f11e1589a", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/@types/react/-/react-18.0.35.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/react:\\@types\\/react:18.0.35:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/%40types/react@18.0.35", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "@types/react", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "18.0.35" + }, + { + "SPDXID": "SPDXRef-Package-npm--types-react-dom-4c4ba8dfb825b32d", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/@types/react-dom/-/react-dom-18.0.11.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/react-dom:\\@types\\/react-dom:18.0.11:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/react-dom:\\@types\\/react_dom:18.0.11:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/react_dom:\\@types\\/react-dom:18.0.11:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/react_dom:\\@types\\/react_dom:18.0.11:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/react:\\@types\\/react-dom:18.0.11:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/react:\\@types\\/react_dom:18.0.11:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/%40types/react-dom@18.0.11", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "@types/react-dom", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "18.0.11" + }, + { + "SPDXID": "SPDXRef-Package-npm--types-scheduler-9d26bede47ebfeea", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/@types/scheduler/-/scheduler-0.16.3.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:\\@types\\/scheduler:\\@types\\/scheduler:0.16.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/%40types/scheduler@0.16.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "@types/scheduler", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "0.16.3" + }, + { + "SPDXID": "SPDXRef-Package-npm-abbrev-3be56342a35f1f05", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/abbrev/-/abbrev-2.0.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:abbrev:abbrev:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/abbrev@2.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "abbrev", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-accepts-931d209532cf2470", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:accepts:accepts:1.3.8:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/accepts@1.3.8", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "accepts", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.3.8" + }, + { + "SPDXID": "SPDXRef-Package-npm-array-flatten-03addc097d0a6218", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:array-flatten:array-flatten:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:array-flatten:array_flatten:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:array_flatten:array-flatten:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:array_flatten:array_flatten:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:array:array-flatten:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:array:array_flatten:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/array-flatten@1.1.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "array-flatten", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.1.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-bar-66cc4304f82b84df", + "copyrightText": "NOASSERTION", + "downloadLocation": "bar", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bar:bar:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/bar", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "bar", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-npm-bar-9cc7c48b54214fa1", + "copyrightText": "NOASSERTION", + "downloadLocation": "NONE", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bar:bar:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/bar@1.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "ISC", + "name": "bar", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-bitbucket-cachi2-npm-without-deps-06b6ba58ac830af0", + "copyrightText": "NOASSERTION", + "downloadLocation": "git+ssh://git@bitbucket.org/cachi-testing/cachi2-without-deps.git#9e164b97043a2d91bbeb992f6cc68a3d1015086a", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket:bitbucket-cachi2-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket:bitbucket_cachi2_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/bitbucket-cachi2-npm-without-deps@1.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "bitbucket-cachi2-npm-without-deps", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-bitbucket-cachi2-npm-without-deps-second-2beab3450e977bf2", + "copyrightText": "NOASSERTION", + "downloadLocation": "git+ssh://git@bitbucket.org/cachi-testing/cachi2-without-deps-second.git#09992d418fc44a2895b7a9ff27c4e32d6f74a982", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps-second:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps-second:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps_second:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps_second:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without-deps:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without_deps:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm-without:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm_without:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2-npm:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2_npm:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket-cachi2:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket_cachi2:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket:bitbucket-cachi2-npm-without-deps-second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitbucket:bitbucket_cachi2_npm_without_deps_second:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/bitbucket-cachi2-npm-without-deps-second@2.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "bitbucket-cachi2-npm-without-deps-second", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-body-parser-2e6ddb0a13ebe1b5", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:body-parser:body-parser:1.20.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:body-parser:body_parser:1.20.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:body_parser:body-parser:1.20.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:body_parser:body_parser:1.20.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:body:body-parser:1.20.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:body:body_parser:1.20.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/body-parser@1.20.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "body-parser", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.20.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-bytes-11b7c62df6dc5b1d", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bytes:bytes:3.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/bytes@3.1.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "bytes", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "3.1.2" + }, + { + "SPDXID": "SPDXRef-Package-npm-cachito-npm-without-deps-2cab59eb6e472a37", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://github.com/cachito-testing/cachito-npm-without-deps/raw/tarball/cachito-npm-without-deps-1.0.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-npm-without-deps:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-npm-without-deps:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_npm_without_deps:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_npm_without_deps:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-npm-without:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-npm-without:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_npm_without:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_npm_without:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-npm:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito-npm:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_npm:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito_npm:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito:cachito-npm-without-deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cachito:cachito_npm_without_deps:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/cachito-npm-without-deps@1.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "cachito-npm-without-deps", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-call-bind-35adfcd784173f59", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:call-bind:call-bind:1.0.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:call-bind:call_bind:1.0.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:call_bind:call-bind:1.0.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:call_bind:call_bind:1.0.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:call:call-bind:1.0.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:call:call_bind:1.0.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/call-bind@1.0.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "call-bind", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.2" + }, + { + "SPDXID": "SPDXRef-Package-npm-classnames-02162ed8743e22f3", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/classnames/-/classnames-2.3.2.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:classnames:classnames:2.3.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/classnames@2.3.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "classnames", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.3.2" + }, + { + "SPDXID": "SPDXRef-Package-npm-colors-06a7d9e0197b39e0", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/colors/-/colors-1.4.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:colors:colors:1.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/colors@1.4.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "colors", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.4.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-content-disposition-105471e28411dc70", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content-disposition:content-disposition:0.5.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content-disposition:content_disposition:0.5.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content_disposition:content-disposition:0.5.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content_disposition:content_disposition:0.5.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content:content-disposition:0.5.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content:content_disposition:0.5.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/content-disposition@0.5.4", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "content-disposition", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "0.5.4" + }, + { + "SPDXID": "SPDXRef-Package-npm-content-type-ff50f3e9146f918a", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content-type:content-type:1.0.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content-type:content_type:1.0.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content_type:content-type:1.0.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content_type:content_type:1.0.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content:content-type:1.0.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:content:content_type:1.0.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/content-type@1.0.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "content-type", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.5" + }, + { + "SPDXID": "SPDXRef-Package-npm-cookie-d6a8687d55fe9822", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/cookie/-/cookie-0.5.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cookie:cookie:0.5.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/cookie@0.5.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "cookie", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "0.5.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-cookie-signature-d1ddfc590683a178", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cookie-signature_project:cookie-signature:1.0.6:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/cookie-signature@1.0.6", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "cookie-signature", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.6" + }, + { + "SPDXID": "SPDXRef-Package-npm-csstype-56cfd4aaf334efad", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/csstype/-/csstype-3.1.2.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:csstype:csstype:3.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/csstype@3.1.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "csstype", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "3.1.2" + }, + { + "SPDXID": "SPDXRef-Package-npm-dateformat-d074071dcc6a8350", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/dateformat/-/dateformat-5.0.3.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:dateformat:dateformat:5.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/dateformat@5.0.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "dateformat", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "5.0.3" + }, + { + "SPDXID": "SPDXRef-Package-npm-debug-92252ea21868a6d9", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:debug_project:debug:2.6.9:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/debug@2.6.9", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "debug", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.6.9" + }, + { + "SPDXID": "SPDXRef-Package-npm-depd-a0f4b2f715620506", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:depd:depd:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/depd@2.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "depd", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-destroy-c0b574391f65a7f0", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:destroy:destroy:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/destroy@1.2.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "destroy", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.2.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-ee-first-3b86eb35be74119c", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ee-first:ee-first:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ee-first:ee_first:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ee_first:ee-first:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ee_first:ee_first:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ee:ee-first:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ee:ee_first:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/ee-first@1.1.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "ee-first", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.1.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-eggs-2247fa00832a65ff", + "copyrightText": "NOASSERTION", + "downloadLocation": "eggs-packages/eggs", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:eggs:eggs:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/eggs", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "eggs", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-npm-eggs-packages-eggs-af32220520b08aa3", + "copyrightText": "NOASSERTION", + "downloadLocation": "NONE", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:eggs-packages\\/eggs:eggs-packages\\/eggs:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:eggs-packages\\/eggs:eggs_packages\\/eggs:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:eggs_packages\\/eggs:eggs-packages\\/eggs:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:eggs_packages\\/eggs:eggs_packages\\/eggs:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:eggs:eggs-packages\\/eggs:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:eggs:eggs_packages\\/eggs:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/eggs-packages/eggs@1.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "ISC", + "name": "eggs-packages/eggs", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-encodeurl-b77b63dcf4971d69", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:encodeurl:encodeurl:1.0.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/encodeurl@1.0.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "encodeurl", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.2" + }, + { + "SPDXID": "SPDXRef-Package-npm-escape-html-c0cdf8c952ce772a", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:escape-html:escape-html:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:escape-html:escape_html:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:escape_html:escape-html:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:escape_html:escape_html:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:escape:escape-html:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:escape:escape_html:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/escape-html@1.0.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "escape-html", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.3" + }, + { + "SPDXID": "SPDXRef-Package-npm-etag-7d0dc766870c2472", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:etag:etag:1.8.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/etag@1.8.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "etag", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.8.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-express-843137561e387c44", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/express/-/express-4.18.2.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:openjsf:express:4.18.2:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/express@4.18.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "express", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "4.18.2" + }, + { + "SPDXID": "SPDXRef-Package-npm-fecha-0dbe723d51b71105", + "copyrightText": "NOASSERTION", + "downloadLocation": "file:fecha-4.2.3.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:fecha:fecha:4.2.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/fecha@4.2.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "name": "fecha", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "4.2.3" + }, + { + "SPDXID": "SPDXRef-Package-npm-finalhandler-b5cddb9ad2ad4516", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:finalhandler:finalhandler:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/finalhandler@1.2.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "finalhandler", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.2.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-foo-352f1023dd02679f", + "copyrightText": "NOASSERTION", + "downloadLocation": "foo", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:foo:foo:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/foo", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "foo", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-npm-foo-e577272d8af44a23", + "copyrightText": "NOASSERTION", + "downloadLocation": "NONE", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:foo:foo:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/foo@1.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "ISC", + "name": "foo", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-forwarded-d07931fe109020ee", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:forwarded_project:forwarded:0.2.0:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/forwarded@0.2.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "forwarded", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "0.2.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-fresh-a35427e837fe81b6", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:fresh_project:fresh:0.5.2:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/fresh@0.5.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "fresh", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "0.5.2" + }, + { + "SPDXID": "SPDXRef-Package-npm-function-bind-b0d705f9d55d98a8", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:function-bind:function-bind:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:function-bind:function_bind:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:function_bind:function-bind:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:function_bind:function_bind:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:function:function-bind:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:function:function_bind:1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/function-bind@1.1.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "function-bind", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.1.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-get-intrinsic-14d124688defa36a", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:get-intrinsic:get-intrinsic:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:get-intrinsic:get_intrinsic:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:get_intrinsic:get-intrinsic:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:get_intrinsic:get_intrinsic:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:get:get-intrinsic:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:get:get_intrinsic:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/get-intrinsic@1.2.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "get-intrinsic", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.2.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-has-1756c590ddbbbf1f", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:has:has:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/has@1.0.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "has", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.3" + }, + { + "SPDXID": "SPDXRef-Package-npm-has-symbols-41af9f2eb5a7b313", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:has-symbols:has-symbols:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:has-symbols:has_symbols:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:has_symbols:has-symbols:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:has_symbols:has_symbols:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:has:has-symbols:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:has:has_symbols:1.0.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/has-symbols@1.0.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "has-symbols", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.3" + }, + { + "SPDXID": "SPDXRef-Package-npm-http-errors-1d02b487dab61965", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:http-errors:http-errors:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:http-errors:http_errors:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:http_errors:http-errors:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:http_errors:http_errors:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:http:http-errors:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:http:http_errors:2.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/http-errors@2.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "http-errors", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-iconv-lite-c90cedf9e72dd0f0", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:iconv-lite:iconv-lite:0.4.24:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:iconv-lite:iconv_lite:0.4.24:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:iconv_lite:iconv-lite:0.4.24:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:iconv_lite:iconv_lite:0.4.24:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:iconv:iconv-lite:0.4.24:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:iconv:iconv_lite:0.4.24:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/iconv-lite@0.4.24", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "iconv-lite", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "0.4.24" + }, + { + "SPDXID": "SPDXRef-Package-npm-inherits-c4b3a63b476363af", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:inherits:inherits:2.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/inherits@2.0.4", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "inherits", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.0.4" + }, + { + "SPDXID": "SPDXRef-Package-npm-ipaddr.js-c680b64700b2337d", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ipaddr.js:ipaddr.js:1.9.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/ipaddr.js@1.9.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "ipaddr.js", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.9.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-is-positive-bc8e42cbdee7b510", + "copyrightText": "NOASSERTION", + "downloadLocation": "git+ssh://git@github.com/kevva/is-positive.git#97edff6f525f192a3f83cea1944765f769ae2678", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:is-positive:is-positive:3.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:is-positive:is_positive:3.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:is_positive:is-positive:3.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:is_positive:is_positive:3.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:is:is-positive:3.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:is:is_positive:3.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/is-positive@3.1.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "is-positive", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "3.1.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-media-typer-0d0c9173b3765561", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:media-typer:media-typer:0.3.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:media-typer:media_typer:0.3.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:media_typer:media-typer:0.3.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:media_typer:media_typer:0.3.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:media:media-typer:0.3.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:media:media_typer:0.3.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/media-typer@0.3.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "media-typer", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "0.3.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-merge-descriptors-4c25dffaba71b53f", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:merge-descriptors:merge-descriptors:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:merge-descriptors:merge_descriptors:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:merge_descriptors:merge-descriptors:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:merge_descriptors:merge_descriptors:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:merge:merge-descriptors:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:merge:merge_descriptors:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/merge-descriptors@1.0.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "merge-descriptors", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-methods-9f5112a619f16ada", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:methods:methods:1.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/methods@1.1.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "methods", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.1.2" + }, + { + "SPDXID": "SPDXRef-Package-npm-mime-3a8f4690355983f8", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime_project:mime:1.6.0:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/mime@1.6.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "mime", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.6.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-mime-db-65a378639eed7a8d", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime-db:mime-db:1.52.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime-db:mime_db:1.52.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime_db:mime-db:1.52.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime_db:mime_db:1.52.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime:mime-db:1.52.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime:mime_db:1.52.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/mime-db@1.52.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "mime-db", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.52.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-mime-types-14ae2be2d517fcdc", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime-types:mime-types:2.1.35:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime-types:mime_types:2.1.35:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime_types:mime-types:2.1.35:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime_types:mime_types:2.1.35:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime:mime-types:2.1.35:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:mime:mime_types:2.1.35:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/mime-types@2.1.35", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "mime-types", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.1.35" + }, + { + "SPDXID": "SPDXRef-Package-npm-ms-acfab536d1f4602c", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:vercel:ms:2.0.0:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/ms@2.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "ms", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-ms-bca22b52057e7753", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:vercel:ms:2.1.3:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/ms@2.1.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "ms", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.1.3" + }, + { + "SPDXID": "SPDXRef-Package-npm-negotiator-af6245201061f5e2", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:negotiator:negotiator:0.6.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/negotiator@0.6.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "negotiator", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "0.6.3" + }, + { + "SPDXID": "SPDXRef-Package-npm-not-baz-b8327c159037e29a", + "copyrightText": "NOASSERTION", + "downloadLocation": "baz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not-baz:not-baz:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not-baz:not_baz:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not_baz:not-baz:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not_baz:not_baz:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not:not-baz:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not:not_baz:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/not-baz", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "not-baz", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-npm-not-baz-3b1af970071fba18", + "copyrightText": "NOASSERTION", + "downloadLocation": "NONE", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not-baz:not-baz:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not-baz:not_baz:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not_baz:not-baz:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not_baz:not_baz:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not:not-baz:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:not:not_baz:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/not-baz@1.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "ISC", + "name": "not-baz", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-npm-test-34ba90ce6af47f8c", + "copyrightText": "NOASSERTION", + "downloadLocation": "NONE", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:npm-test:npm-test:1.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:npm-test:npm_test:1.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:npm_test:npm-test:1.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:npm_test:npm_test:1.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:npm:npm-test:1.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:npm:npm_test:1.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/npm_test@1.1.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "ISC", + "name": "npm_test", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.1.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-object-inspect-d4a5f46fefb0c652", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.3.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:object-inspect:object-inspect:1.12.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:object-inspect:object_inspect:1.12.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:object_inspect:object-inspect:1.12.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:object_inspect:object_inspect:1.12.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:object:object-inspect:1.12.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:object:object_inspect:1.12.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/object-inspect@1.12.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "object-inspect", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.12.3" + }, + { + "SPDXID": "SPDXRef-Package-npm-on-finished-025772e77611d88b", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:on-finished:on-finished:2.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:on-finished:on_finished:2.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:on_finished:on-finished:2.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:on_finished:on_finished:2.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:on:on-finished:2.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:on:on_finished:2.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/on-finished@2.4.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "on-finished", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.4.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-parseurl-8957b9f80bfd7e48", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:parseurl:parseurl:1.3.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/parseurl@1.3.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "parseurl", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.3.3" + }, + { + "SPDXID": "SPDXRef-Package-npm-path-to-regexp-6fb024842a7b51c9", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path-to-regexp:path-to-regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path-to-regexp:path_to_regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path_to_regexp:path-to-regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path_to_regexp:path_to_regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path-to:path-to-regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path-to:path_to_regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path_to:path-to-regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path_to:path_to_regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path:path-to-regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:path:path_to_regexp:0.1.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/path-to-regexp@0.1.7", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "path-to-regexp", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "0.1.7" + }, + { + "SPDXID": "SPDXRef-Package-npm-proxy-addr-aa592d0a6f0e14e0", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proxy-addr:proxy-addr:2.0.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proxy-addr:proxy_addr:2.0.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proxy_addr:proxy-addr:2.0.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proxy_addr:proxy_addr:2.0.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proxy:proxy-addr:2.0.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proxy:proxy_addr:2.0.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/proxy-addr@2.0.7", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "proxy-addr", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.0.7" + }, + { + "SPDXID": "SPDXRef-Package-npm-qs-6e2c51e0e8fdd82a", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:qs_project:qs:6.11.0:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/qs@6.11.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "qs", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "6.11.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-range-parser-a5ac7b9eddc291fe", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:range-parser:range-parser:1.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:range-parser:range_parser:1.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:range_parser:range-parser:1.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:range_parser:range_parser:1.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:range:range-parser:1.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:range:range_parser:1.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/range-parser@1.2.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "range-parser", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.2.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-raw-body-c124e89ccbc8e1a9", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:raw-body:raw-body:2.5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:raw-body:raw_body:2.5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:raw_body:raw-body:2.5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:raw_body:raw_body:2.5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:raw:raw-body:2.5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:raw:raw_body:2.5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/raw-body@2.5.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "raw-body", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.5.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-safe-buffer-f1a458d0a34a3e1e", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safe-buffer:safe-buffer:5.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safe-buffer:safe_buffer:5.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safe_buffer:safe-buffer:5.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safe_buffer:safe_buffer:5.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safe:safe-buffer:5.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safe:safe_buffer:5.2.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/safe-buffer@5.2.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "safe-buffer", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "5.2.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-safer-buffer-35e495695450988a", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safer-buffer:safer-buffer:2.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safer-buffer:safer_buffer:2.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safer_buffer:safer-buffer:2.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safer_buffer:safer_buffer:2.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safer:safer-buffer:2.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:safer:safer_buffer:2.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/safer-buffer@2.1.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "safer-buffer", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.1.2" + }, + { + "SPDXID": "SPDXRef-Package-npm-sax-e5fe5e07946d7f0e", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/sax/-/sax-0.1.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:sax:sax:0.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/sax@0.1.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "sax", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "0.1.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-send-eb7410154bfac325", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/send/-/send-0.18.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:send_project:send:0.18.0:*:*:*:*:node.js:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/send@0.18.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "send", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "0.18.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-serve-static-73cf56576686cfde", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/serve-static/-/serve-static-1.15.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:serve-static:serve-static:1.15.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:serve-static:serve_static:1.15.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:serve_static:serve-static:1.15.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:serve_static:serve_static:1.15.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:serve:serve-static:1.15.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:serve:serve_static:1.15.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/serve-static@1.15.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "serve-static", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.15.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-setprototypeof-547a0345595d4c22", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:setprototypeof:setprototypeof:1.2.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/setprototypeof@1.2.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "setprototypeof", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.2.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-side-channel-cdb286823062a5b2", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.4.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:side-channel:side-channel:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:side-channel:side_channel:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:side_channel:side-channel:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:side_channel:side_channel:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:side:side-channel:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:side:side_channel:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/side-channel@1.0.4", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "side-channel", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.4" + }, + { + "SPDXID": "SPDXRef-Package-npm-spam-ee4212f669097a9b", + "copyrightText": "NOASSERTION", + "downloadLocation": "spam-packages/spam", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spam:spam:*:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/spam", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "spam", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION" + }, + { + "SPDXID": "SPDXRef-Package-npm-spam-packages-spam-8ad0ba47106e9eca", + "copyrightText": "NOASSERTION", + "downloadLocation": "NONE", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spam-packages\\/spam:spam-packages\\/spam:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spam-packages\\/spam:spam_packages\\/spam:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spam_packages\\/spam:spam-packages\\/spam:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spam_packages\\/spam:spam_packages\\/spam:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spam:spam-packages\\/spam:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spam:spam_packages\\/spam:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/spam-packages/spam@1.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "ISC", + "name": "spam-packages/spam", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-statuses-f8d7a7aac610252f", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:statuses:statuses:2.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/statuses@2.0.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "statuses", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "2.0.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-toidentifier-f4b7c633380a689c", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:toidentifier:toidentifier:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/toidentifier@1.0.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "toidentifier", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-type-is-d68517abe50bfeac", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:type-is:type-is:1.6.18:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:type-is:type_is:1.6.18:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:type_is:type-is:1.6.18:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:type_is:type_is:1.6.18:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:type:type-is:1.6.18:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:type:type_is:1.6.18:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/type-is@1.6.18", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "type-is", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.6.18" + }, + { + "SPDXID": "SPDXRef-Package-npm-unpipe-a69d83f063c5175d", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:unpipe:unpipe:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/unpipe@1.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "unpipe", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-utils-merge-1909c40a9ae99753", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:utils-merge:utils-merge:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:utils-merge:utils_merge:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:utils_merge:utils-merge:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:utils_merge:utils_merge:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:utils:utils-merge:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:utils:utils_merge:1.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/utils-merge@1.0.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "utils-merge", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.0.1" + }, + { + "SPDXID": "SPDXRef-Package-npm-uuid-ccbce98fa2fd50bf", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/uuid/-/uuid-9.0.0.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:uuid:uuid:9.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/uuid@9.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "uuid", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "9.0.0" + }, + { + "SPDXID": "SPDXRef-Package-npm-vary-4bc84cbb6d76f2fa", + "copyrightText": "NOASSERTION", + "downloadLocation": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:vary:vary:1.1.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:npm/vary@1.1.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "vary", + "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", + "supplier": "NOASSERTION", + "versionInfo": "1.1.2" + }, + { + "SPDXID": "SPDXRef-Package-python-certifi-605ce44010623730", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:kennethreitz:certifi:2022.12.7:*:*:*:*:python:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/certifi@2022.12.7", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "certifi", + "sourceInfo": "acquired package info from installed python package manifest file: /requirements.txt", + "supplier": "NOASSERTION", + "versionInfo": "2022.12.7" + }, + { + "SPDXID": "SPDXRef-Package-python-charset-normalizer-af8ef9b528d1324d", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset-normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset-normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset_normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset_normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset-normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset-normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset_normalizer:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset_normalizer:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset-normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset-normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset_normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset_normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset-normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset-normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset_normalizer:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset_normalizer:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-charset:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_charset:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python-charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python_charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:charset:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:charset-normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:charset_normalizer:3.0.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/charset-normalizer@3.0.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "charset-normalizer", + "sourceInfo": "acquired package info from installed python package manifest file: /requirements.txt", + "supplier": "NOASSERTION", + "versionInfo": "3.0.1" + }, + { + "SPDXID": "SPDXRef-Package-python-flit-core-24f242ce07794d00", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit-core:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit-core:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit_core:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit_core:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit-core:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit-core:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit_core:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit_core:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit-core:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit-core:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit_core:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit_core:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit:python-flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit:python_flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-flit:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_flit:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit-core:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit-core:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit_core:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit_core:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit:flit-core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:flit:flit_core:3.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/flit-core@3.8.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "flit-core", + "sourceInfo": "acquired package info from installed python package manifest file: /requirements-build.txt", + "supplier": "NOASSERTION", + "versionInfo": "3.8.0" + }, + { + "SPDXID": "SPDXRef-Package-python-idna-ff5d4caf61299680", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-idna:python-idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-idna:python_idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_idna:python-idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_idna:python_idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python-idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python_idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:idna:python-idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:idna:python_idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-idna:idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_idna:idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:idna:idna:3.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/idna@3.4", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "idna", + "sourceInfo": "acquired package info from installed python package manifest file: /requirements.txt", + "supplier": "NOASSERTION", + "versionInfo": "3.4" + }, + { + "SPDXID": "SPDXRef-Package-python-requests-03176f57fdf54d1e", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:requests:2.28.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/requests@2.28.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "requests", + "sourceInfo": "acquired package info from installed python package manifest file: /requirements.txt", + "supplier": "NOASSERTION", + "versionInfo": "2.28.2" + }, + { + "SPDXID": "SPDXRef-Package-python-setuptools-7ae302e7223ecbbd", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:setuptools:67.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/setuptools@67.1.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "setuptools", + "sourceInfo": "acquired package info from installed python package manifest file: /requirements-build.txt", + "supplier": "NOASSERTION", + "versionInfo": "67.1.0" + }, + { + "SPDXID": "SPDXRef-Package-python-urllib3-531a10a07587b59c", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:urllib3:1.26.14:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/urllib3@1.26.14", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "urllib3", + "sourceInfo": "acquired package info from installed python package manifest file: /requirements.txt", + "supplier": "NOASSERTION", + "versionInfo": "1.26.14" + }, + { + "SPDXID": "SPDXRef-Package-python-wheel-3a9d5577afa1b279", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-wheel:python-wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-wheel:python_wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_wheel:python-wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_wheel:python_wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python-wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:python_wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python-wheel:wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python_wheel:wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:wheel:python-wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:wheel:python_wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:python:wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:wheel:wheel:0.38.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:pypi/wheel@0.38.4", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "wheel", + "sourceInfo": "acquired package info from installed python package manifest file: /requirements-build.txt", + "supplier": "NOASSERTION", + "versionInfo": "0.38.4" + }, + { + "SPDXID": "SPDXRef-Package-rpm-basesystem-fcabd006cb3bfe7d", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:basesystem:basesystem:11-13.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:basesystem:11-13.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/basesystem@11-13.el9?arch=noarch&upstream=basesystem-11-13.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Public-Domain", + "name": "basesystem", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "11-13.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-bash-a6062d7253817d9d", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:bash:5.1.8-9.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bash:bash:5.1.8-9.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/bash@5.1.8-9.el9?arch=x86_64&upstream=bash-5.1.8-9.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv3-", + "name": "bash", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "9295a01e788345a66a371467a1dd0c085d921f52" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "5.1.8-9.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils-single:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils-single:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils_single:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils_single:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:coreutils:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/coreutils-single@8.32-36.el9?arch=x86_64&upstream=coreutils-8.32-36.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv3-", + "name": "coreutils-single", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "642d9f7db3fbba6ece69558b5c706930ec126584" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "8.32-36.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-filesystem-5423c4a724c69dca", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:filesystem:filesystem:3.16-5.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:filesystem:3.16-5.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/filesystem@3.16-5.el9?arch=x86_64&upstream=filesystem-3.16-5.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Public-Domain", + "name": "filesystem", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "3.16-5.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:glibc:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc:glibc:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/glibc@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-cedbc2fa4301332b3d3569627696d986a63b3f3a293a2759a611c7c3deebd428", + "name": "glibc", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "ed0c5417a07603087b40443f16c64c67a2d0ed45" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2.34-125.el9_5.1" + }, + { + "SPDXID": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-common:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-common:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_common:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_common:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/glibc-common@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-cedbc2fa4301332b3d3569627696d986a63b3f3a293a2759a611c7c3deebd428", + "name": "glibc-common", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "4ce35b5a588ee407a7e87d76e2a1301252a618c5" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2.34-125.el9_5.1" + }, + { + "SPDXID": "SPDXRef-Package-rpm-glibc-minimal-langpack-d35bdd9cfa0b8d62", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/glibc-minimal-langpack@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-cedbc2fa4301332b3d3569627696d986a63b3f3a293a2759a611c7c3deebd428", + "name": "glibc-minimal-langpack", + "originator": "Organization: Red Hat, Inc.", + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2.34-125.el9_5.1" + }, + { + "SPDXID": "SPDXRef-Package-rpm-gpg-pubkey-6a4614b48b443e33", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg-pubkey:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg_pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg_pubkey:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/gpg-pubkey@5a6340b3-6229229e?distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-pubkey", + "name": "gpg-pubkey", + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "NOASSERTION", + "versionInfo": "5a6340b3-6229229e" + }, + { + "SPDXID": "SPDXRef-Package-rpm-gpg-pubkey-0b9edfc7dd36b25d", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg-pubkey:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg_pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg_pubkey:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gpg:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/gpg-pubkey@fd431d51-4ae0493b?distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-pubkey", + "name": "gpg-pubkey", + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "NOASSERTION", + "versionInfo": "fd431d51-4ae0493b" + }, + { + "SPDXID": "SPDXRef-Package-rpm-libacl-6a12891a28711ed0", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libacl:libacl:2.3.1-4.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libacl:2.3.1-4.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/libacl@2.3.1-4.el9?arch=x86_64&upstream=acl-2.3.1-4.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "name": "libacl", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "66c8d8a589a6f28bba41148d9ad13341e78a5a9e" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2.3.1-4.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-libattr-246362466b6f01d4", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libattr:libattr:2.5.1-3.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libattr:2.5.1-3.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/libattr@2.5.1-3.el9?arch=x86_64&upstream=attr-2.5.1-3.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "name": "libattr", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "a18d42a0a3759707cfea42ce8caa4761a5b3ad82" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2.5.1-3.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-libcap-e129417de8081c72", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libcap:libcap:2.48-9.el9_2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libcap:2.48-9.el9_2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/libcap@2.48-9.el9_2?arch=x86_64&upstream=libcap-2.48-9.el9_2.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-BSD-or-GPLv2", + "name": "libcap", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "6e666c18cd839e6632a9395ab154f116f10ebb65" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2.48-9.el9_2" + }, + { + "SPDXID": "SPDXRef-Package-rpm-libgcc-492434936db2f877", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libgcc:libgcc:11.5.0-2.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libgcc:11.5.0-2.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/libgcc@11.5.0-2.el9?arch=x86_64&upstream=gcc-11.5.0-2.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-0a20635703258c08665cede2a4166b90795ad1cb30dd85cfde1598463d68ebf5", + "name": "libgcc", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "e94494ca348ac9fc5b386d040fe90f0981971511" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "11.5.0-2.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-libselinux-79db8c526f87ba3b", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libselinux:libselinux:3.6-1.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libselinux:3.6-1.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/libselinux@3.6-1.el9?arch=x86_64&upstream=libselinux-3.6-1.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Public-Domain", + "name": "libselinux", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "1b498b7af44a22054ee36e80a252f403a74b1936" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "3.6-1.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-libsepol-9891839d8f699944", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libsepol:libsepol:3.6-1.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:libsepol:3.6-1.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/libsepol@3.6-1.el9?arch=x86_64&upstream=libsepol-3.6-1.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "name": "libsepol", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "73cd4d33cfe1305a388f0126d6faeab4b2352da4" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "3.6-1.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/ncurses-base@6.2-10.20210508.el9?arch=noarch&upstream=ncurses-6.2-10.20210508.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "name": "ncurses-base", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "7318e5838debb2d923905e67f9e8830f2a1ff5f4" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "6.2-10.20210508.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-ncurses-libs-31b40b2b21390159", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&upstream=ncurses-6.2-10.20210508.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "name": "ncurses-libs", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "4c1a2e70da159a5c5750d9c16c50843bd216d5f4" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "6.2-10.20210508.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-pcre2-1a97d50a68b062d7", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/pcre2@10.40-6.el9?arch=x86_64&upstream=pcre2-10.40-6.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-BSD", + "name": "pcre2", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "c74f502aab3063ee72922a7735edbd2f32c92080" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "10.40-6.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-pcre2-syntax-8f3dd37865073b05", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/pcre2-syntax@10.40-6.el9?arch=noarch&upstream=pcre2-10.40-6.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-BSD", + "name": "pcre2-syntax", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "24e5a6c8ae65ef32012444c539eb087f1b59a11a" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "10.40-6.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-redhat-release-bbf1d165194eceb0", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat-release:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat-release:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat_release:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat_release:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/redhat-release@9.5-0.6.el9?arch=x86_64&upstream=redhat-release-9.5-0.6.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv2", + "name": "redhat-release", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "52b7a27197892b1c65e8cb823a69d488baad9e23" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "9.5-0.6.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-setup-befa3e6a19701472", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:setup:2.13.7-10.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:setup:setup:2.13.7-10.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/setup@2.13.7-10.el9?arch=noarch&upstream=setup-2.13.7-10.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Public-Domain", + "name": "setup", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "73e4e3231d55347f5e68ec3d299370ea45716056" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2.13.7-10.el9" + }, + { + "SPDXID": "SPDXRef-Package-rpm-tzdata-f21803b5b9d9adef", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redhat:tzdata:2024b-2.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:tzdata:tzdata:2024b-2.el9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:rpm/rhel/tzdata@2024b-2.el9?arch=noarch&upstream=tzdata-2024b-2.el9.src.rpm&distro=rhel-9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": true, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Public-Domain", + "name": "tzdata", + "originator": "Organization: Red Hat, Inc.", + "packageVerificationCode": { + "packageVerificationCodeValue": "2a486eded3c62267c2c6a9f3e0afc9fcc9f71874" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "supplier": "Organization: Red Hat, Inc.", + "versionInfo": "2024b-2.el9" + }, + { + "SPDXID": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro", + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "71c7ec827876417693bd3feb615a5c70753b78667cb27c17cb3a5346a6955da5" + } + ], + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:oci/registry.access.redhat.com/ubi9/ubi-micro@sha256:71c7ec827876417693bd3feb615a5c70753b78667cb27c17cb3a5346a6955da5?arch=amd64&tag=9.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "registry.access.redhat.com/ubi9/ubi-micro", + "primaryPackagePurpose": "CONTAINER", + "supplier": "NOASSERTION", + "versionInfo": "9.5" + } + ], + "relationships": [ + { + "relatedSpdxElement": "SPDXRef-Package-go-module-.-terminaltor-fb7b11a4b3fddcb6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-.-weird-ab3afc436e9979e6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-Azure-go-ansiterm-e56101171f13c2dd", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-Masterminds-semver-354d8d82b2da8793", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-Microsoft-go-winio-c2a50d97cb0e4bfc", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-cachito-testing-gomod-pandemonium-terminaltor-146c86ecdbb0cfe7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-cachito-testing-gomod-pandemonium-weird-fa2ffebd22241e0d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-cachito-testing-retrodep-v2-6db993d8ef0e368a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-go-logr-logr-b07c55dbe14eb54f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-go-task-slim-sprig-09ce847851ef4807", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-google-go-cmp-c2740da0f3c011dc", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-google-pprof-768bdea76795da5e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-moby-term-16768dd257ca9ea1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-onsi-ginkgo-v2-dbe722f079d05fed", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-onsi-gomega-33a8824de4d78c9f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-op-go-logging-d053202ebaedc3aa", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-pkg-errors-e9a30d103cc846e1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-github.com-release-engineering-retrodep-v2-b1aab99da74371f7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-golang.org-x-mod-23b7926420819455", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-golang.org-x-net-22fa1122214f7ae2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-golang.org-x-sys-bf14db941e01d41c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-golang.org-x-text-5f5f28df2a89cd2b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-golang.org-x-tools-f249a74f177d2a78", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-gopkg.in-yaml.v2-c743bd971b07bf7f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-go-module-gopkg.in-yaml.v3-716c668b92999095", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-DocumentRoot-Directory-.", + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT" + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm--types-prop-types-38e27e44d41f52ce", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm--types-react-32822b9f11e1589a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm--types-react-dom-4c4ba8dfb825b32d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm--types-scheduler-9d26bede47ebfeea", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-abbrev-3be56342a35f1f05", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-accepts-931d209532cf2470", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-array-flatten-03addc097d0a6218", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-bar-66cc4304f82b84df", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-bar-9cc7c48b54214fa1", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-bitbucket-cachi2-npm-without-deps-06b6ba58ac830af0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-bitbucket-cachi2-npm-without-deps-second-2beab3450e977bf2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-body-parser-2e6ddb0a13ebe1b5", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-bytes-11b7c62df6dc5b1d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-cachito-npm-without-deps-2cab59eb6e472a37", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-call-bind-35adfcd784173f59", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-classnames-02162ed8743e22f3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-colors-06a7d9e0197b39e0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-content-disposition-105471e28411dc70", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-content-type-ff50f3e9146f918a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-cookie-d6a8687d55fe9822", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-cookie-signature-d1ddfc590683a178", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-csstype-56cfd4aaf334efad", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-dateformat-d074071dcc6a8350", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-debug-92252ea21868a6d9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-depd-a0f4b2f715620506", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-destroy-c0b574391f65a7f0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-ee-first-3b86eb35be74119c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-eggs-2247fa00832a65ff", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-eggs-packages-eggs-af32220520b08aa3", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-encodeurl-b77b63dcf4971d69", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-escape-html-c0cdf8c952ce772a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-etag-7d0dc766870c2472", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-express-843137561e387c44", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-fecha-0dbe723d51b71105", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-finalhandler-b5cddb9ad2ad4516", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-foo-352f1023dd02679f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-foo-e577272d8af44a23", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-forwarded-d07931fe109020ee", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-fresh-a35427e837fe81b6", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-function-bind-b0d705f9d55d98a8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-get-intrinsic-14d124688defa36a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-has-1756c590ddbbbf1f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-has-symbols-41af9f2eb5a7b313", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-http-errors-1d02b487dab61965", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-iconv-lite-c90cedf9e72dd0f0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-inherits-c4b3a63b476363af", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-ipaddr.js-c680b64700b2337d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-is-positive-bc8e42cbdee7b510", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-media-typer-0d0c9173b3765561", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-merge-descriptors-4c25dffaba71b53f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-methods-9f5112a619f16ada", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-mime-3a8f4690355983f8", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-mime-db-65a378639eed7a8d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-mime-types-14ae2be2d517fcdc", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-ms-acfab536d1f4602c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-ms-bca22b52057e7753", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-negotiator-af6245201061f5e2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-not-baz-b8327c159037e29a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-not-baz-3b1af970071fba18", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-npm-test-34ba90ce6af47f8c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-object-inspect-d4a5f46fefb0c652", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-on-finished-025772e77611d88b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-parseurl-8957b9f80bfd7e48", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-path-to-regexp-6fb024842a7b51c9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-proxy-addr-aa592d0a6f0e14e0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-qs-6e2c51e0e8fdd82a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-range-parser-a5ac7b9eddc291fe", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-raw-body-c124e89ccbc8e1a9", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-safe-buffer-f1a458d0a34a3e1e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-safer-buffer-35e495695450988a", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-sax-e5fe5e07946d7f0e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-send-eb7410154bfac325", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-serve-static-73cf56576686cfde", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-setprototypeof-547a0345595d4c22", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-side-channel-cdb286823062a5b2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-spam-ee4212f669097a9b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-spam-packages-spam-8ad0ba47106e9eca", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-statuses-f8d7a7aac610252f", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-toidentifier-f4b7c633380a689c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-type-is-d68517abe50bfeac", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-unpipe-a69d83f063c5175d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-utils-merge-1909c40a9ae99753", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-uuid-ccbce98fa2fd50bf", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-npm-vary-4bc84cbb6d76f2fa", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-python-certifi-605ce44010623730", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-python-charset-normalizer-af8ef9b528d1324d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-python-flit-core-24f242ce07794d00", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-python-idna-ff5d4caf61299680", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-python-requests-03176f57fdf54d1e", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-python-setuptools-7ae302e7223ecbbd", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-python-urllib3-531a10a07587b59c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-python-wheel-3a9d5577afa1b279", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Directory-." + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-basesystem-fcabd006cb3bfe7d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-bash-a6062d7253817d9d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-coreutils-single-bc07797a46d14a80", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-filesystem-5423c4a724c69dca", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-glibc-ab6bbd6d165109d2", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-glibc-common-5d2e03b4ae3e405b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-glibc-minimal-langpack-d35bdd9cfa0b8d62", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-gpg-pubkey-6a4614b48b443e33", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-gpg-pubkey-0b9edfc7dd36b25d", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-libacl-6a12891a28711ed0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-libattr-246362466b6f01d4", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-libcap-e129417de8081c72", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-libgcc-492434936db2f877", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-libselinux-79db8c526f87ba3b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-libsepol-9891839d8f699944", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-ncurses-base-a0d19211c8c4589b", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-ncurses-libs-31b40b2b21390159", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-pcre2-1a97d50a68b062d7", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-pcre2-syntax-8f3dd37865073b05", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-redhat-release-bbf1d165194eceb0", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-setup-befa3e6a19701472", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-Package-rpm-tzdata-f21803b5b9d9adef", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro" + }, + { + "relatedSpdxElement": "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro", + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT" + } + ], + "spdxVersion": "SPDX-2.3" +} diff --git a/sbom-utility-scripts/scripts/merge-sboms-script/test_merge_sboms.py b/sbom-utility-scripts/scripts/merge-sboms-script/test_merge_sboms.py new file mode 100644 index 0000000..f9e3eb8 --- /dev/null +++ b/sbom-utility-scripts/scripts/merge-sboms-script/test_merge_sboms.py @@ -0,0 +1,407 @@ +import json +import sys +from collections import Counter +from pathlib import Path +from typing import Any + +import pytest + +from merge_sboms import ( + SBOMItem, + detect_sbom_type, + fallback_key, + main, + merge_by_apparent_sameness, + merge_cyclonedx_sboms, + wrap_as_cdx, + wrap_as_spdx, +) + +TOOLS_METADATA = { + "syft-cyclonedx-1.4": { + "name": "syft", + "vendor": "anchore", + "version": "0.47.0", + }, + "syft-cyclonedx-1.5": { + "type": "application", + "author": "anchore", + "name": "syft", + "version": "0.100.0", + }, + "cachi2-cyclonedx-1.4": { + "name": "cachi2", + "vendor": "red hat", + }, + "cachi2-cyclonedx-1.5": { + "type": "application", + "author": "red hat", + "name": "cachi2", + }, +} + +# relative to data_dir/{sbom_type} +INDIVIDUAL_SYFT_SBOMS = [ + "syft-sboms/gomod-pandemonium.bom.json", + "syft-sboms/npm-cachi2-smoketest.bom.json", + "syft-sboms/pip-e2e-test.bom.json", + "syft-sboms/ubi-micro.bom.json", +] + + +@pytest.fixture +def data_dir() -> Path: + """Path to the directory for storing unit test data.""" + return Path(__file__).parent / "test_data" + + +def count_components(sbom: dict[str, Any]) -> Counter[str]: + def key(component: SBOMItem) -> str: + purl = component.purl() + if purl: + return purl.to_string() + return fallback_key(component) + + if detect_sbom_type(sbom) == "cyclonedx": + components = wrap_as_cdx(sbom["components"]) + else: + components = wrap_as_spdx(sbom["packages"]) + + return Counter(map(key, components)) + + +def count_relationships(spdx_sbom: dict[str, Any]) -> Counter[str]: + package_spdxids = {p["SPDXID"] for p in spdx_sbom["packages"]} + + def relationship_key(r: dict[str, Any]) -> str | None: + element = r["spdxElementId"] + relationship = r["relationshipType"] + related_element = r["relatedSpdxElement"] + + if related_element not in package_spdxids: + # The Syft SBOM also contains relationships referencing elements of the .files array, + # for which we have no handling. As well as relationships referencing non-existent + # SPDXIDs. Exclude those from the comparison, keep only those we care about. + return None + + if relationship == "DESCRIBES": + return f"{element} {relationship} {related_element}" + else: + return f"{element} {relationship} *" + + return Counter(filter(None, map(relationship_key, spdx_sbom["relationships"]))) + + +def diff_counts(a: Counter[str], b: Counter[str]) -> dict[str, int]: + a = a.copy() + a.subtract(b) + return {key: count for key, count in a.items() if count != 0} + + +def run_main(args: list[str], monkeypatch: pytest.MonkeyPatch, capsys: pytest.CaptureFixture) -> tuple[str, str]: + monkeypatch.setattr(sys, "argv", ["unused_script_name", *args]) + main() + return capsys.readouterr() + + +@pytest.mark.parametrize( + "sbom_type, expect_diff", + [ + ( + "cyclonedx", + { + # All of these golang purls appear twice in the SBOM merged by syft + # (they already appear twice in the individual gomod SBOM). + # They only appear once in the SBOM merged by us, which seems better. + "pkg:golang/github.com/Azure/go-ansiterm@v0.0.0-20210617225240-d185dfc1b5a1": -1, + "pkg:golang/github.com/moby/term@v0.0.0-20221205130635-1aeaba878587": -1, + "pkg:golang/golang.org/x/sys@v0.6.0": -1, + # The rhel@9.5 component doesn't have a purl. Syft drops it when merging, we keep it. + "rhel@9.5": 1, + }, + ), + ( + "spdx", + { + # This is the "made-up root" that Syft uses for the merged SBOM + "SPDXRef-DocumentRoot-Directory-.-syft-sboms": -1, + # We instead keep the original "made-up root", as well as the root of the + # ubi-micro.bom.json document (which has an actual root, not a made-up one, + # because it comes from scanning a container image, not a directory). + "SPDXRef-DocumentRoot-Directory-.": 1, + "pkg:oci/registry.access.redhat.com/ubi9/ubi-micro@sha256:71c7ec827876417693bd3feb615a5c70753b78667cb27c17cb3a5346a6955da5?arch=amd64&tag=9.5": 1, + # For some reason, Syft lowercases the purls when merging. We do not. + "pkg:golang/github.com/masterminds/semver@v1.4.2": -1, + "pkg:golang/github.com/Masterminds/semver@v1.4.2": 1, + "pkg:golang/github.com/microsoft/go-winio@v0.6.0": -1, + "pkg:golang/github.com/Microsoft/go-winio@v0.6.0": 1, + "pkg:golang/github.com/azure/go-ansiterm@v0.0.0-20210617225240-d185dfc1b5a1": -1, + "pkg:golang/github.com/Azure/go-ansiterm@v0.0.0-20210617225240-d185dfc1b5a1": 1, + }, + ), + ], +) +def test_merge_n_syft_sboms( + sbom_type: str, + expect_diff: dict[str, int], + data_dir: Path, + monkeypatch: pytest.MonkeyPatch, + capsys: pytest.CaptureFixture, +) -> None: + monkeypatch.chdir(data_dir / sbom_type) + + args = [f"syft:{sbom_path}" for sbom_path in INDIVIDUAL_SYFT_SBOMS] + result, _ = run_main(args, monkeypatch, capsys) + + with open("syft.merged-by-us.bom.json") as f: + merged_by_us = json.load(f) + + assert json.loads(result) == merged_by_us + + with open("syft.merged-by-syft.bom.json") as f: + merged_by_syft = json.load(f) + + compared_to_syft = diff_counts(count_components(merged_by_us), count_components(merged_by_syft)) + assert compared_to_syft == expect_diff + + if sbom_type == "spdx": + relationships_diff = diff_counts(count_relationships(merged_by_us), count_relationships(merged_by_syft)) + assert relationships_diff == { + "SPDXRef-DOCUMENT DESCRIBES SPDXRef-DocumentRoot-Directory-.-syft-sboms": -1, + "SPDXRef-DOCUMENT DESCRIBES SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro": 1, + "SPDXRef-DOCUMENT DESCRIBES SPDXRef-DocumentRoot-Directory-.": 1, + # In the Syft-merged SBOM, the ./syft-sboms element contains everything + # In our merged SBOM, the same set of packages is split between two roots + "SPDXRef-DocumentRoot-Directory-.-syft-sboms CONTAINS *": -139, + "SPDXRef-DocumentRoot-Directory-. CONTAINS *": 117, + "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro CONTAINS *": 22, + } + + +@pytest.mark.parametrize( + "args", + [ + ["cachi2.bom.json", "syft.merged-by-us.bom.json"], + ["cachi2:cachi2.bom.json", "syft:syft.merged-by-us.bom.json"], + ["syft:syft.merged-by-us.bom.json", "cachi2:cachi2.bom.json"], + [ + "cachi2:cachi2.bom.json", + # merging these 4 should result in syft.merged-by-us.bom.json + # merging the result with the cachi2.bom.json should be the same as the cases above + *INDIVIDUAL_SYFT_SBOMS, + ], + ], +) +@pytest.mark.parametrize( + "sbom_type, should_take_from_syft", + [ + ( + "cyclonedx", + { + # The operating system component appears only in CycloneDX Syft SBOMs, not SPDX + "rhel@9.5": 1, + # vvv Identical between CycloneDX and SPDX + "pkg:golang/github.com/release-engineering/retrodep@v2.1.0#v2": 1, + "pkg:rpm/rhel/basesystem@11-13.el9?arch=noarch&distro=rhel-9.5&upstream=basesystem-11-13.el9.src.rpm": 1, + "pkg:rpm/rhel/bash@5.1.8-9.el9?arch=x86_64&distro=rhel-9.5&upstream=bash-5.1.8-9.el9.src.rpm": 1, + "pkg:rpm/rhel/coreutils-single@8.32-36.el9?arch=x86_64&distro=rhel-9.5&upstream=coreutils-8.32-36.el9.src.rpm": 1, + "pkg:rpm/rhel/filesystem@3.16-5.el9?arch=x86_64&distro=rhel-9.5&upstream=filesystem-3.16-5.el9.src.rpm": 1, + "pkg:rpm/rhel/glibc@2.34-125.el9_5.1?arch=x86_64&distro=rhel-9.5&upstream=glibc-2.34-125.el9_5.1.src.rpm": 1, + "pkg:rpm/rhel/glibc-common@2.34-125.el9_5.1?arch=x86_64&distro=rhel-9.5&upstream=glibc-2.34-125.el9_5.1.src.rpm": 1, + "pkg:rpm/rhel/glibc-minimal-langpack@2.34-125.el9_5.1?arch=x86_64&distro=rhel-9.5&upstream=glibc-2.34-125.el9_5.1.src.rpm": 1, + "pkg:rpm/rhel/gpg-pubkey@5a6340b3-6229229e?distro=rhel-9.5": 1, + "pkg:rpm/rhel/gpg-pubkey@fd431d51-4ae0493b?distro=rhel-9.5": 1, + "pkg:rpm/rhel/libacl@2.3.1-4.el9?arch=x86_64&distro=rhel-9.5&upstream=acl-2.3.1-4.el9.src.rpm": 1, + "pkg:rpm/rhel/libattr@2.5.1-3.el9?arch=x86_64&distro=rhel-9.5&upstream=attr-2.5.1-3.el9.src.rpm": 1, + "pkg:rpm/rhel/libcap@2.48-9.el9_2?arch=x86_64&distro=rhel-9.5&upstream=libcap-2.48-9.el9_2.src.rpm": 1, + "pkg:rpm/rhel/libgcc@11.5.0-2.el9?arch=x86_64&distro=rhel-9.5&upstream=gcc-11.5.0-2.el9.src.rpm": 1, + "pkg:rpm/rhel/libselinux@3.6-1.el9?arch=x86_64&distro=rhel-9.5&upstream=libselinux-3.6-1.el9.src.rpm": 1, + "pkg:rpm/rhel/libsepol@3.6-1.el9?arch=x86_64&distro=rhel-9.5&upstream=libsepol-3.6-1.el9.src.rpm": 1, + "pkg:rpm/rhel/ncurses-base@6.2-10.20210508.el9?arch=noarch&distro=rhel-9.5&upstream=ncurses-6.2-10.20210508.el9.src.rpm": 1, + "pkg:rpm/rhel/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&distro=rhel-9.5&upstream=ncurses-6.2-10.20210508.el9.src.rpm": 1, + "pkg:rpm/rhel/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.5&upstream=pcre2-10.40-6.el9.src.rpm": 1, + "pkg:rpm/rhel/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.5&upstream=pcre2-10.40-6.el9.src.rpm": 1, + "pkg:rpm/rhel/redhat-release@9.5-0.6.el9?arch=x86_64&distro=rhel-9.5&upstream=redhat-release-9.5-0.6.el9.src.rpm": 1, + "pkg:rpm/rhel/setup@2.13.7-10.el9?arch=noarch&distro=rhel-9.5&upstream=setup-2.13.7-10.el9.src.rpm": 1, + "pkg:rpm/rhel/tzdata@2024b-2.el9?arch=noarch&distro=rhel-9.5&upstream=tzdata-2024b-2.el9.src.rpm": 1, + }, + ), + ( + "spdx", + { + # These root packages appear only in SPDX Syft SBOMs, not CycloneDX + "SPDXRef-DocumentRoot-Directory-.": 1, + "pkg:oci/registry.access.redhat.com/ubi9/ubi-micro@sha256:71c7ec827876417693bd3feb615a5c70753b78667cb27c17cb3a5346a6955da5?arch=amd64&tag=9.5": 1, + # vvv Identical between CycloneDX and SPDX + "pkg:golang/github.com/release-engineering/retrodep@v2.1.0#v2": 1, + "pkg:rpm/rhel/basesystem@11-13.el9?arch=noarch&distro=rhel-9.5&upstream=basesystem-11-13.el9.src.rpm": 1, + "pkg:rpm/rhel/bash@5.1.8-9.el9?arch=x86_64&distro=rhel-9.5&upstream=bash-5.1.8-9.el9.src.rpm": 1, + "pkg:rpm/rhel/coreutils-single@8.32-36.el9?arch=x86_64&distro=rhel-9.5&upstream=coreutils-8.32-36.el9.src.rpm": 1, + "pkg:rpm/rhel/filesystem@3.16-5.el9?arch=x86_64&distro=rhel-9.5&upstream=filesystem-3.16-5.el9.src.rpm": 1, + "pkg:rpm/rhel/glibc@2.34-125.el9_5.1?arch=x86_64&distro=rhel-9.5&upstream=glibc-2.34-125.el9_5.1.src.rpm": 1, + "pkg:rpm/rhel/glibc-common@2.34-125.el9_5.1?arch=x86_64&distro=rhel-9.5&upstream=glibc-2.34-125.el9_5.1.src.rpm": 1, + "pkg:rpm/rhel/glibc-minimal-langpack@2.34-125.el9_5.1?arch=x86_64&distro=rhel-9.5&upstream=glibc-2.34-125.el9_5.1.src.rpm": 1, + "pkg:rpm/rhel/gpg-pubkey@5a6340b3-6229229e?distro=rhel-9.5": 1, + "pkg:rpm/rhel/gpg-pubkey@fd431d51-4ae0493b?distro=rhel-9.5": 1, + "pkg:rpm/rhel/libacl@2.3.1-4.el9?arch=x86_64&distro=rhel-9.5&upstream=acl-2.3.1-4.el9.src.rpm": 1, + "pkg:rpm/rhel/libattr@2.5.1-3.el9?arch=x86_64&distro=rhel-9.5&upstream=attr-2.5.1-3.el9.src.rpm": 1, + "pkg:rpm/rhel/libcap@2.48-9.el9_2?arch=x86_64&distro=rhel-9.5&upstream=libcap-2.48-9.el9_2.src.rpm": 1, + "pkg:rpm/rhel/libgcc@11.5.0-2.el9?arch=x86_64&distro=rhel-9.5&upstream=gcc-11.5.0-2.el9.src.rpm": 1, + "pkg:rpm/rhel/libselinux@3.6-1.el9?arch=x86_64&distro=rhel-9.5&upstream=libselinux-3.6-1.el9.src.rpm": 1, + "pkg:rpm/rhel/libsepol@3.6-1.el9?arch=x86_64&distro=rhel-9.5&upstream=libsepol-3.6-1.el9.src.rpm": 1, + "pkg:rpm/rhel/ncurses-base@6.2-10.20210508.el9?arch=noarch&distro=rhel-9.5&upstream=ncurses-6.2-10.20210508.el9.src.rpm": 1, + "pkg:rpm/rhel/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&distro=rhel-9.5&upstream=ncurses-6.2-10.20210508.el9.src.rpm": 1, + "pkg:rpm/rhel/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.5&upstream=pcre2-10.40-6.el9.src.rpm": 1, + "pkg:rpm/rhel/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.5&upstream=pcre2-10.40-6.el9.src.rpm": 1, + "pkg:rpm/rhel/redhat-release@9.5-0.6.el9?arch=x86_64&distro=rhel-9.5&upstream=redhat-release-9.5-0.6.el9.src.rpm": 1, + "pkg:rpm/rhel/setup@2.13.7-10.el9?arch=noarch&distro=rhel-9.5&upstream=setup-2.13.7-10.el9.src.rpm": 1, + "pkg:rpm/rhel/tzdata@2024b-2.el9?arch=noarch&distro=rhel-9.5&upstream=tzdata-2024b-2.el9.src.rpm": 1, + }, + ), + ], +) +def test_merge_cachi2_and_syft_sbom( + args: list[str], + sbom_type: str, + should_take_from_syft: dict[str, int], + data_dir: Path, + monkeypatch: pytest.MonkeyPatch, + capsys: pytest.CaptureFixture, +) -> None: + monkeypatch.chdir(data_dir / sbom_type) + result, _ = run_main(args, monkeypatch, capsys) + + with open("merged.bom.json") as file: + expected_sbom = json.load(file) + + assert json.loads(result) == expected_sbom + + with open("cachi2.bom.json") as f: + cachi2_sbom = json.load(f) + + taken_from_syft = diff_counts(count_components(expected_sbom), count_components(cachi2_sbom)) + assert taken_from_syft == should_take_from_syft + + if sbom_type == "spdx": + relationships_from_syft = diff_counts(count_relationships(expected_sbom), count_relationships(cachi2_sbom)) + assert relationships_from_syft == { + "SPDXRef-DOCUMENT DESCRIBES SPDXRef-DocumentRoot-Directory-.": 1, + "SPDXRef-DOCUMENT DESCRIBES SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro": 1, + # The one pkg:golang package + "SPDXRef-DocumentRoot-Directory-. CONTAINS *": 1, + # All the pkg:rpm packages + "SPDXRef-DocumentRoot-Image-registry.access.redhat.com-ubi9-ubi-micro CONTAINS *": 22, + } + + +@pytest.mark.parametrize( + "args", + [ + ["foo:x.json", "bar:y.json"], + ["syft:x.json", "bar:y.json"], + ["cachi2:x.json", "cachi2:y.json"], + # invalid because left defaults to cachi2 + ["x.json", "cachi2:y.json"], + ], +) +def test_invalid_flavours_combination( + args: list[str], monkeypatch: pytest.MonkeyPatch, capsys: pytest.CaptureFixture +) -> None: + with pytest.raises(ValueError, match="Unsupported combination of SBOM flavours"): + run_main(args, monkeypatch, capsys) + + +@pytest.mark.parametrize( + "syft_tools_metadata, cachi2_tools_metadata, expected_result", + [ + ( + [TOOLS_METADATA["syft-cyclonedx-1.4"]], + [TOOLS_METADATA["cachi2-cyclonedx-1.4"]], + [ + TOOLS_METADATA["syft-cyclonedx-1.4"], + TOOLS_METADATA["cachi2-cyclonedx-1.4"], + ], + ), + ( + [TOOLS_METADATA["syft-cyclonedx-1.4"]], + { + "components": [TOOLS_METADATA["cachi2-cyclonedx-1.5"]], + }, + [ + TOOLS_METADATA["syft-cyclonedx-1.4"], + TOOLS_METADATA["cachi2-cyclonedx-1.4"], + ], + ), + ( + { + "components": [TOOLS_METADATA["syft-cyclonedx-1.5"]], + }, + { + "components": [TOOLS_METADATA["cachi2-cyclonedx-1.5"]], + }, + { + "components": [ + TOOLS_METADATA["syft-cyclonedx-1.5"], + TOOLS_METADATA["cachi2-cyclonedx-1.5"], + ], + }, + ), + ( + { + "components": [TOOLS_METADATA["syft-cyclonedx-1.5"]], + }, + [TOOLS_METADATA["cachi2-cyclonedx-1.4"]], + { + "components": [ + TOOLS_METADATA["syft-cyclonedx-1.5"], + TOOLS_METADATA["cachi2-cyclonedx-1.5"], + ], + }, + ), + ], +) +def test_merging_tools_metadata(syft_tools_metadata: Any, cachi2_tools_metadata: Any, expected_result: Any) -> None: + syft_sbom = { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "metadata": { + "tools": syft_tools_metadata, + }, + "components": [], + } + + cachi2_sbom = { + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "metadata": { + "tools": cachi2_tools_metadata, + }, + "components": [], + } + + result = merge_cyclonedx_sboms(syft_sbom, cachi2_sbom, merge_by_apparent_sameness) + + assert result["metadata"]["tools"] == expected_result + + +def test_invalid_tools_format() -> None: + syft_sbom = { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "metadata": { + "tools": "invalid", + }, + "components": [], + } + + cachi2_sbom = { + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "metadata": { + "tools": [TOOLS_METADATA["cachi2-cyclonedx-1.4"]], + }, + "components": [], + } + + with pytest.raises(RuntimeError): + merge_cyclonedx_sboms(syft_sbom, cachi2_sbom, merge_by_apparent_sameness) diff --git a/sbom-utility-scripts/scripts/merge-sboms-script/tox.ini b/sbom-utility-scripts/scripts/merge-sboms-script/tox.ini new file mode 100644 index 0000000..9aca6bd --- /dev/null +++ b/sbom-utility-scripts/scripts/merge-sboms-script/tox.ini @@ -0,0 +1,22 @@ +[tox] +env_list = flake8,black,test + +[testenv:test] +basepython = 3.12 +deps = + -r requirements.txt + -r requirements-test.txt +commands = pytest test_merge_sboms.py + +[testenv:flake8] +basepython = 3.12 +deps = flake8 +commands = flake8 --max-line-length 120 merge_sboms.py test_merge_sboms.py + +[testenv:black] +deps = black +commands = black --line-length 120 --check --diff . + +[flake8] +# line-length check is useless since we have auto-formatting +extend-ignore = E501 diff --git a/source-container-build/Dockerfile b/source-container-build/Dockerfile index a1ae6a2..ab2df4b 100644 --- a/source-container-build/Dockerfile +++ b/source-container-build/Dockerfile @@ -1,4 +1,4 @@ -FROM registry.access.redhat.com/ubi9/ubi:9.4-1214.1725849297 +FROM registry.access.redhat.com/ubi9/ubi:9.5-1736404036 ARG BSI_VERSION=0.2.0 ARG bsi_source=https://github.com/containers/BuildSourceImage/archive/refs/tags/v${BSI_VERSION}.tar.gz diff --git a/task-toolset/Dockerfile b/task-toolset/Dockerfile deleted file mode 100644 index 1881300..0000000 --- a/task-toolset/Dockerfile +++ /dev/null @@ -1,4 +0,0 @@ -# https://catalog.redhat.com/software/containers/ubi9/ubi-minimal/615bd9b4075b022acc111bf5 -FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4-1227.1725849298 -RUN microdnf install -y git jq && \ - microdnf clean all && rm -rf /var/cache/dnf/* diff --git a/task-toolset/README.md b/task-toolset/README.md deleted file mode 100644 index 1563265..0000000 --- a/task-toolset/README.md +++ /dev/null @@ -1,8 +0,0 @@ -# task-toolset image - -`task-toolset` is an image with different CLIs/tools installed and designed to be used as base image for Tekton tasks. - -Curently the image contains: - - curl - - git - - jq