-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Compliance rating (BSI TR-03183) using CycloneDX 1.6 #55
Comments
@LungTim thanks for your suggestion are you talking about sbomqs or sbomasm ?? |
Hey @LungTim , a good catch as you mentioned on point 3. I have fixed this one in this PR. And the components only includes dependencies of type "depends on". Here is how it looks like: BSI TR-03183-2 v1.1 Compliance Report
Compliance score by Interlynk Score:4.8 RequiredScore:5.4 OptionalScore:4.2 for /home/linuzz/sbom/sbomqs-cyclonedx-gomod.json
* indicates optional fields
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| ELEMENTID | SECTION | DATAFIELD | ELEMENT RESULT | SCORE |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/anchore/go-struct-converter | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | github.com/anchore/go-struct-converter | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v0.0.0-20230627203149-c72ef8859ca9 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | no-relationships | 0.0 |
| | | components | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | e823a95d6a476e158cd7081c40df794ddb26acb4db6bc2907cf8089815f39230 | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | https://github.com/anchore/go-struct-converter | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/github.com/anchore/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| golang.org/x/sync | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | golang.org/x/sync | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v0.7.0 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | no-relationships | 0.0 |
| | | components | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | 62c2267d20683fd40f60bd31c8a24fab481c689746deb227a2ac5359b7d0bbd3 | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/golang.org/x/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/common-nighthawk/go-figure | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | github.com/common-nighthawk/go-figure | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v0.0.0-20210622060536-734e95fb86be | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | no-relationships | 0.0 |
| | | components | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | 27904bda4b2402557d724804b0d417b1c8c868b88e62267be5de1ef7813a75c4 | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | https://github.com/common-nighthawk/go-figure | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/github.com/common-nighthawk/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| sigs.k8s.io/yaml | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | sigs.k8s.io/yaml | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v1.4.0 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | no-relationships | 0.0 |
| | | components | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | 324d7009cda0cbf1744c71f44c0a75418c89373466d8a08bcb7a390125d52391 | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/sigs.k8s.io/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/spdx/tools-golang | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | github.com/spdx/tools-golang | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v0.5.5 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | github.com/anchore/go-struct-converter, | 5.0 |
| | | components | github.com/spdx/gordf, sigs.k8s.io/yaml | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | eb573428b7c070da808e583a50d31d930a4c7ab9e1c37cd54700d9db1f573a69 | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | https://github.com/spdx/tools-golang | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/github.com/spdx/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| golang.org/x/tools | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | golang.org/x/tools | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v0.22.0 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | golang.org/x/mod, | 5.0 |
| | | components | golang.org/x/sync, | |
| | | | golang.org/x/sys | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | 82a4862d9aaff8023d9484339e22749d90d11b91813ec4a2f8344d1d6373eb20 | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/golang.org/x/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/google/uuid | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | github.com/google/uuid | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v1.6.0 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | no-relationships | 0.0 |
| | | components | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | 348bda24330eb231c0f27d630212d2833ac0cf2d4782bfa136b6f9edefbde05d | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | https://github.com/google/uuid | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/github.com/google/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/mattn/go-runewidth | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | github.com/mattn/go-runewidth | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v0.0.15 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | github.com/rivo/uniseg | 5.0 |
| | | components | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | 50d023c1b53d979e130372b3bea2c6c705a31e63200545610624e37a56608375 | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | https://github.com/mattn/go-runewidth | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/github.com/mattn/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/spf13/pflag | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | github.com/spf13/pflag | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v1.0.5 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | no-relationships | 0.0 |
| | | components | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | 8b2f951543823f56bef3216da3f76b836089e6ed3246807b7d9c370cabff2570 | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | https://github.com/spf13/pflag | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/github.com/spf13/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| sbom | 4 | specification | cyclonedx | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 4 | specification version | 1.5 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.1 | build process | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.1 | depth | doc has 15 dependencies | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.1 | creator of sbom | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.1 | timestamp | 2024-09-01T11:12:11+05:30 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.1* | SBOM-URI | urn:uuid:36744bcf-0c34-40dc-b0d6-438952e8b643/1 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | components | present | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/package-url/packageurl-go | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | github.com/package-url/packageurl-go | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v0.1.3 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | no-relationships | 0.0 |
| | | components | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | e23b8c103de11e2cf4b1eb7756adca790ef9283d5abed8685cbb661372343cbb | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | https://github.com/package-url/packageurl-go | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/github.com/package-url/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/inconshreveable/mousetrap | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | github.com/inconshreveable/mousetrap | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v1.1.0 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | no-relationships | 0.0 |
| | | components | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | c0dfb1e0d546a4cb0eec4ad49ff994237bc4a04e89b75dd7dacd1bab0a7db5cf | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | https://github.com/inconshreveable/mousetrap | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/github.com/inconshreveable/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/Masterminds/semver/v3 | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | github.com/Masterminds/semver/v3 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v3.2.1 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | no-relationships | 0.0 |
| | | components | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | 44df70ebeed0a0c789546c9f99b720b36f01afc72f9a7b9c1179d8d2b6175a0d | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | https://github.com/Masterminds/semver | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/github.com/Masterminds/semver/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/rivo/uniseg | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | github.com/rivo/uniseg | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v0.4.7 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | no-relationships | 0.0 |
| | | components | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | 59476f916f2e121ad87cb0b8673769236cedc4fd48e7cdbee3d39ce4cabae154 | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | https://github.com/rivo/uniseg | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/github.com/rivo/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/cloudflare/circl | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | github.com/cloudflare/circl | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v1.3.9 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | golang.org/x/crypto, | 5.0 |
| | | components | golang.org/x/sys | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | 405ae580561fd90a62f1b4a954f2b51c1bd6a71d7abffd53662bf2a3ba46b811 | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | https://github.com/cloudflare/circl | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/github.com/cloudflare/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| sigs.k8s.io/release-utils | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | sigs.k8s.io/release-utils | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v0.8.3 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | github.com/Masterminds/semver/v3, | 5.0 |
| | | components | github.com/common-nighthawk/go-figure, | |
| | | | github.com/inconshreveable/mousetrap, | |
| | | | github.com/maxbrunsfeld/counterfeiter/v6, | |
| | | | github.com/spf13/cobra, | |
| | | | github.com/spf13/pflag, golang.org/x/mod, | |
| | | | golang.org/x/sync, golang.org/x/sys, | |
| | | | golang.org/x/text, golang.org/x/tools | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | 2ad3ad038a839b3272790db3903b05548db9f8d562c26b3fa3978bd8d7ed15d0 | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/sigs.k8s.io/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| golang.org/x/oauth2 | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | golang.org/x/oauth2 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v0.21.0 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | no-relationships | 0.0 |
| | | components | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | b6c8a633be70d6d17fbb0b39adb787cc85b112a12531e86773e896efddf3b19b | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/golang.org/x/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/google/go-querystring | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | github.com/google/go-querystring | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v1.1.0 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | no-relationships | 0.0 |
| | | components | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | 0270aba21ddfbf864181521fd48c2da2f8236b0fc688a268f0cf320ff7e1c89f | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | https://github.com/google/go-querystring | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/github.com/google/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/spdx/gordf | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | github.com/spdx/gordf | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v0.0.0-20221230105357-b735bd5aac89 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | no-relationships | 0.0 |
| | | components | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | 740ae433067b31fd89894f0e7dd9aa22ff106874f8a3289f2c87b5521b05d526 | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | https://github.com/spdx/gordf | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/github.com/spdx/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| gopkg.in/yaml.v2 | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | gopkg.in/yaml.v2 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v2.4.0 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | no-relationships | 0.0 |
| | | components | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | 0fcc60c04098ec262fc7e6369f8b01cfddc99fd251bf1762cb2a3c0937ee29a6 | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | https://github.com/go-yaml/yaml | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/gopkg.in/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/CycloneDX/cyclonedx-go | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | github.com/CycloneDX/cyclonedx-go | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v0.9.0 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | no-relationships | 0.0 |
| | | components | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | 8a76a27fba83f1b8afcb1a7b5cb831518b4e5d6b437b3efe8fbdaa2933104dbf | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | https://github.com/CycloneDX/cyclonedx-go | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/github.com/CycloneDX/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| go.uber.org/multierr | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | go.uber.org/multierr | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v1.11.0 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | no-relationships | 0.0 |
| | | components | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | 6e55d72644b14927c1541942efaa71a9e3be2cddda0df2d0a3edf4f7126cb4ed | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/go.uber.org/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/maxbrunsfeld/counterfeiter/v6 | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | github.com/maxbrunsfeld/counterfeiter/v6 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v6.8.1 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | golang.org/x/mod, | 5.0 |
| | | components | golang.org/x/text, | |
| | | | golang.org/x/tools | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | 362726aeec647aa1e30efd3749f4b1aa668bba2b1d76e75f3f7879c1d5c56e13 | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | https://github.com/maxbrunsfeld/counterfeiter | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/github.com/maxbrunsfeld/counterfeiter/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| golang.org/x/crypto | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | golang.org/x/crypto | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v0.24.0 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | golang.org/x/sys, | 5.0 |
| | | components | golang.org/x/text | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | 9a797c0ccd28e75dd7f1f748926c8513fe614d8c5bc183a30d2ffeacaeaaa512 | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/golang.org/x/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/interlynk-io/sbomqs | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | github.com/interlynk-io/sbomqs | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v1.0.1-0.20240806165718-6099e923b043 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | github.com/CycloneDX/cyclonedx-go, | 5.0 |
| | | components | github.com/DependencyTrack/client-go, | |
| | | | github.com/Masterminds/semver/v3, | |
| | | | github.com/github/go-spdx/v2, | |
| | | | github.com/google/go-github/v52, | |
| | | | github.com/google/uuid, | |
| | | | github.com/maxbrunsfeld/counterfeiter/v6, | |
| | | | github.com/olekukonko/tablewriter, | |
| | | | github.com/package-url/packageurl-go, | |
| | | | github.com/samber/lo, | |
| | | | github.com/spdx/tools-golang, | |
| | | | github.com/spf13/cobra, | |
| | | | go.uber.org/zap, gopkg.in/yaml.v2, | |
| | | | sigs.k8s.io/release-utils | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | | 0.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | https://github.com/interlynk-io/sbomqs | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/github.com/interlynk-io/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| golang.org/x/text | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | golang.org/x/text | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v0.16.0 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | golang.org/x/mod, | 5.0 |
| | | components | golang.org/x/sync, | |
| | | | golang.org/x/tools | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | 6bde04c6711736d13060b1894885319d6a31a11cff65c0ac57add13aea482e1e | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/golang.org/x/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/spf13/cobra | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | github.com/spf13/cobra | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v1.8.1 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | github.com/inconshreveable/mousetrap, | 5.0 |
| | | components | github.com/spf13/pflag | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | 7b9fefc4a77fad9b1f4893145f56a0b637930dffaabf5fc974117c820e64f593 | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | https://github.com/spf13/cobra | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/github.com/spf13/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/samber/lo | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | github.com/samber/lo | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v1.46.0 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | golang.org/x/text | 5.0 |
| | | components | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | c3c1bea1a08f833d4fa02273b6aca608568ac17b7ee5c0979f9d6e3f113115f4 | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | https://github.com/samber/lo | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/github.com/samber/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/ProtonMail/go-crypto | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | github.com/ProtonMail/go-crypto | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v1.0.0 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | github.com/cloudflare/circl, | 5.0 |
| | | components | golang.org/x/crypto | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | 2d1baf2138d0597f9621fafddf46071b61cd7e3475b8e7f27f9bc4d240b653bf | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | https://github.com/ProtonMail/go-crypto | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/github.com/ProtonMail/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/google/go-github/v52 | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | github.com/google/go-github/v52 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v52.0.0 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | github.com/ProtonMail/go-crypto, | 5.0 |
| | | components | github.com/cloudflare/circl, | |
| | | | github.com/google/go-querystring, | |
| | | | golang.org/x/crypto, | |
| | | | golang.org/x/oauth2, | |
| | | | golang.org/x/sys | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | bb2196398fa3310f06546497f1d912c02ce57a153759f77143b1b078efc93fb3 | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | https://github.com/google/go-github | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/github.com/google/go-github/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/olekukonko/tablewriter | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | github.com/olekukonko/tablewriter | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v0.0.5 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | github.com/mattn/go-runewidth | 5.0 |
| | | components | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | 3f619af370f7e308b5a3d27a5a1d6646ea9de2617fc7f960052ecdec06c385e7 | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | https://github.com/olekukonko/tablewriter | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/github.com/olekukonko/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/DependencyTrack/client-go | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | github.com/DependencyTrack/client-go | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v0.13.0 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | github.com/google/uuid | 5.0 |
| | | components | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | c364efb9dac16e006d4b6a0c6e2b1fa3d02fe2b2674b583d56c742a59e8f53ff | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | https://github.com/DependencyTrack/client-go | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/github.com/DependencyTrack/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| go.uber.org/zap | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | go.uber.org/zap | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v1.27.0 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | go.uber.org/multierr | 5.0 |
| | | components | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | 689321606adde504a69692ccaf631fb512a5eedf09f0f4d93c0ef7dae77f5d1f | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/go.uber.org/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| golang.org/x/mod | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | golang.org/x/mod | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v0.18.0 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | golang.org/x/tools | 5.0 |
| | | components | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | e7ef6549b1333d2756907df6bd83c1c04a57f0ac036cce7651df71054bcd95bd | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/golang.org/x/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| golang.org/x/sys | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | golang.org/x/sys | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v0.21.0 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | no-relationships | 0.0 |
| | | components | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | ac5fa9633dc300649003102ed426c2edc6ad660e1e6c2e1421e2212b1059bf0b | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/golang.org/x/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/github/go-spdx/v2 | 5.2.2 | component creator | | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component name | github.com/github/go-spdx/v2 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | component version | v2.3.1 | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | License | not-compliant | 0.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Dependencies on other | no-relationships | 0.0 |
| | | components | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.2.2 | Hash value of the executable | 7df1ae1d36c7b87cd63ede779fc7fda3c7251aeb6e2cf39ba37cc1e09023c54f | 10.0 |
| | | component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Source code URI | https://github.com/github/go-spdx | 10.0 |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | URI of the executable form of | | 0.0 |
| | | the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Hash value of the source code | | 0.0 |
| | | of the component | | |
+ +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| | 5.3.2* | Other unique identifiers | pkg:golang/github.com/github/go-spdx/[email protected]?type=module&goos=linux&goarch=amd64 | 10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I noticed three things:
"externalReferences": [ { "type": "vcs", "url": "https://URL/artifact", "hashes": [ { "alg": "SHA-256", "content": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaddd" } ] }
"compositions": [ { "aggregate": "complete", "assemblies": [ "com:product:system:subsystem:component:componentname" ] } ]
The text was updated successfully, but these errors were encountered: