diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 2c5244f..4e3c28f 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -11,7 +11,8 @@ "golang.org/x/vuln/cmd/govulncheck@latest", "honnef.co/go/tools/cmd/staticcheck@latest" ] - } + }, + "ghcr.io/dasiths/devcontainer-features/syft:1": {} }, "customizations": { "vscode": { diff --git a/.vscode/launch.json b/.vscode/launch.json index 5744e8d..3fe4f45 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -14,7 +14,7 @@ "--provider=github", "--debug=true", "scan", - "./_TESTDATA_/sbom/small.cyclonedx.json" + "./_TESTDATA_/sbom/merged/sbom_specver1.6.json" ] }, { @@ -27,7 +27,7 @@ "--provider=ossindex", "--debug=true", "scan", - "./_TESTDATA_/sbom/small.cyclonedx.json" + "./_TESTDATA_/sbom/jena-kafka-1.4.0-SNAPSHOT-bom.json" ] }, { @@ -40,7 +40,7 @@ "--provider=osv", "--debug=true", "scan", - "./_TESTDATA_/sbom/small.cyclonedx.json" + "./_TESTDATA_/sbom/jena-kafka-1.4.0-SNAPSHOT-bom.json" ] }, { diff --git a/_TESTDATA_/sbom/bomber.cyclonedx.1.6.json b/_TESTDATA_/sbom/bomber.cyclonedx.1.6.json new file mode 100644 index 0000000..46e51fd --- /dev/null +++ b/_TESTDATA_/sbom/bomber.cyclonedx.1.6.json @@ -0,0 +1 @@ +{"$schema":"http://cyclonedx.org/schema/bom-1.6.schema.json","bomFormat":"CycloneDX","specVersion":"1.6","serialNumber":"urn:uuid:aaaae8ff-57f1-4d45-819e-bb3f291218c8","version":1,"metadata":{"timestamp":"2024-09-23T14:21:19Z","tools":{"components":[{"type":"application","author":"anchore","name":"syft","version":"1.12.2"}]},"component":{"bom-ref":"af63bd4c8601b7f1","type":"file","name":"."}},"components":[{"bom-ref":"pkg:github/actions/checkout@v4?package-id=5421346e039ebf12","type":"library","name":"actions/checkout","version":"v4","cpe":"cpe:2.3:a:actions\\/checkout:actions\\/checkout:v4:*:*:*:*:*:*:*","purl":"pkg:github/actions/checkout@v4","properties":[{"name":"syft:package:foundBy","value":"github-actions-usage-cataloger"},{"name":"syft:package:type","value":"github-action"},{"name":"syft:location:0:path","value":"/.github/workflows/go-quality.yml"}]},{"bom-ref":"pkg:github/actions/checkout@v4?package-id=217f4cdc0ac4dc24","type":"library","name":"actions/checkout","version":"v4","cpe":"cpe:2.3:a:actions\\/checkout:actions\\/checkout:v4:*:*:*:*:*:*:*","purl":"pkg:github/actions/checkout@v4","properties":[{"name":"syft:package:foundBy","value":"github-actions-usage-cataloger"},{"name":"syft:package:type","value":"github-action"},{"name":"syft:location:0:path","value":"/.github/workflows/release.yml"}]},{"bom-ref":"pkg:github/actions/setup-go@v5?package-id=b58871c9569a328b","type":"library","name":"actions/setup-go","version":"v5","cpe":"cpe:2.3:a:actions\\/setup-go:actions\\/setup-go:v5:*:*:*:*:*:*:*","purl":"pkg:github/actions/setup-go@v5","properties":[{"name":"syft:package:foundBy","value":"github-actions-usage-cataloger"},{"name":"syft:package:type","value":"github-action"},{"name":"syft:cpe23","value":"cpe:2.3:a:actions\\/setup-go:actions\\/setup_go:v5:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:actions\\/setup_go:actions\\/setup-go:v5:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:actions\\/setup_go:actions\\/setup_go:v5:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:actions\\/setup:actions\\/setup-go:v5:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:actions\\/setup:actions\\/setup_go:v5:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/.github/workflows/go-quality.yml"}]},{"bom-ref":"pkg:github/actions/setup-go@v5?package-id=bd4de646e6b4e78f","type":"library","name":"actions/setup-go","version":"v5","cpe":"cpe:2.3:a:actions\\/setup-go:actions\\/setup-go:v5:*:*:*:*:*:*:*","purl":"pkg:github/actions/setup-go@v5","properties":[{"name":"syft:package:foundBy","value":"github-actions-usage-cataloger"},{"name":"syft:package:type","value":"github-action"},{"name":"syft:cpe23","value":"cpe:2.3:a:actions\\/setup-go:actions\\/setup_go:v5:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:actions\\/setup_go:actions\\/setup-go:v5:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:actions\\/setup_go:actions\\/setup_go:v5:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:actions\\/setup:actions\\/setup-go:v5:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:actions\\/setup:actions\\/setup_go:v5:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/.github/workflows/release.yml"}]},{"bom-ref":"pkg:github/anchore/sbom-action@v0?package-id=c2856799f7b8ebbb","type":"library","name":"anchore/sbom-action","version":"v0","cpe":"cpe:2.3:a:anchore\\/sbom-action:anchore\\/sbom-action:v0:*:*:*:*:*:*:*","purl":"pkg:github/anchore/sbom-action@v0","properties":[{"name":"syft:package:foundBy","value":"github-actions-usage-cataloger"},{"name":"syft:package:type","value":"github-action"},{"name":"syft:cpe23","value":"cpe:2.3:a:anchore\\/sbom-action:anchore\\/sbom_action:v0:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:anchore\\/sbom_action:anchore\\/sbom-action:v0:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:anchore\\/sbom_action:anchore\\/sbom_action:v0:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:anchore\\/sbom:anchore\\/sbom-action:v0:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:anchore\\/sbom:anchore\\/sbom_action:v0:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/.github/workflows/release.yml"}]},{"bom-ref":"pkg:github/anchore/sbom-action@v0?package-id=6a5f2f5cec1ea72c#publish-sbom","type":"library","name":"anchore/sbom-action/publish-sbom","version":"v0","cpe":"cpe:2.3:a:anchore\\/sbom-action\\/publish-sbom:anchore\\/sbom-action\\/publish-sbom:v0:*:*:*:*:*:*:*","purl":"pkg:github/anchore/sbom-action@v0#publish-sbom","properties":[{"name":"syft:package:foundBy","value":"github-actions-usage-cataloger"},{"name":"syft:package:type","value":"github-action"},{"name":"syft:cpe23","value":"cpe:2.3:a:anchore\\/sbom-action\\/publish-sbom:anchore\\/sbom_action\\/publish_sbom:v0:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:anchore\\/sbom_action\\/publish_sbom:anchore\\/sbom-action\\/publish-sbom:v0:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:anchore\\/sbom_action\\/publish_sbom:anchore\\/sbom_action\\/publish_sbom:v0:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:anchore\\/sbom-action\\/publish:anchore\\/sbom-action\\/publish-sbom:v0:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:anchore\\/sbom-action\\/publish:anchore\\/sbom_action\\/publish_sbom:v0:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:anchore\\/sbom_action\\/publish:anchore\\/sbom-action\\/publish-sbom:v0:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:anchore\\/sbom_action\\/publish:anchore\\/sbom_action\\/publish_sbom:v0:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:anchore\\/sbom:anchore\\/sbom-action\\/publish-sbom:v0:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:anchore\\/sbom:anchore\\/sbom_action\\/publish_sbom:v0:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/.github/workflows/release.yml"}]},{"bom-ref":"pkg:golang/github.com/burntsushi/toml@v1.4.0?package-id=c313ec46e7831681","type":"library","name":"github.com/BurntSushi/toml","version":"v1.4.0","cpe":"cpe:2.3:a:BurntSushi:toml:v1.4.0:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/BurntSushi/toml@v1.4.0","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/github.com/burntsushi/toml@v1.4.0?package-id=69f9d4b20a337f2b","type":"library","name":"github.com/BurntSushi/toml","version":"v1.4.0","cpe":"cpe:2.3:a:BurntSushi:toml:v1.4.0:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/BurntSushi/toml@v1.4.0","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0="}]},{"bom-ref":"pkg:golang/github.com/cyclonedx/cyclonedx-go@v0.9.1?package-id=d7dd67ec4f835cf2","type":"library","name":"github.com/CycloneDX/cyclonedx-go","version":"v0.9.1","cpe":"cpe:2.3:a:CycloneDX:cyclonedx-go:v0.9.1:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/CycloneDX/cyclonedx-go@v0.9.1","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:cpe23","value":"cpe:2.3:a:CycloneDX:cyclonedx_go:v0.9.1:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:yffaWOZsv77oTJa/SdVZYdgAgFioCeycBUKkqS2qzQM="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/github.com/cyclonedx/cyclonedx-go@v0.9.1?package-id=9ac42c8b101e5bb2","type":"library","name":"github.com/CycloneDX/cyclonedx-go","version":"v0.9.1","cpe":"cpe:2.3:a:CycloneDX:cyclonedx-go:v0.9.1:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/CycloneDX/cyclonedx-go@v0.9.1","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:cpe23","value":"cpe:2.3:a:CycloneDX:cyclonedx_go:v0.9.1:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:yffaWOZsv77oTJa/SdVZYdgAgFioCeycBUKkqS2qzQM="}]},{"bom-ref":"pkg:golang/github.com/aymerick/douceur@v0.2.0?package-id=414429a824bb051f","type":"library","name":"github.com/aymerick/douceur","version":"v0.2.0","cpe":"cpe:2.3:a:aymerick:douceur:v0.2.0:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/aymerick/douceur@v0.2.0","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/github.com/aymerick/douceur@v0.2.0?package-id=bd11718e529f0384","type":"library","name":"github.com/aymerick/douceur","version":"v0.2.0","cpe":"cpe:2.3:a:aymerick:douceur:v0.2.0:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/aymerick/douceur@v0.2.0","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk="}]},{"bom-ref":"pkg:golang/github.com/briandowns/spinner@v1.23.1?package-id=fca0b4f17ca8d602","type":"library","name":"github.com/briandowns/spinner","version":"v1.23.1","cpe":"cpe:2.3:a:briandowns:spinner:v1.23.1:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/briandowns/spinner@v1.23.1","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:t5fDPmScwUjozhDj4FA46p5acZWIPXYE30qW2Ptu650="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/github.com/briandowns/spinner@v1.23.1?package-id=644e3e1460270da6","type":"library","name":"github.com/briandowns/spinner","version":"v1.23.1","cpe":"cpe:2.3:a:briandowns:spinner:v1.23.1:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/briandowns/spinner@v1.23.1","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:t5fDPmScwUjozhDj4FA46p5acZWIPXYE30qW2Ptu650="}]},{"bom-ref":"pkg:golang/github.com/davecgh/go-spew@v1.1.1?package-id=4fff1eaa0bc0be66","type":"library","name":"github.com/davecgh/go-spew","version":"v1.1.1","cpe":"cpe:2.3:a:davecgh:go-spew:v1.1.1:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/davecgh/go-spew@v1.1.1","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:cpe23","value":"cpe:2.3:a:davecgh:go_spew:v1.1.1:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c="}]},{"bom-ref":"pkg:golang/github.com/devops-kung-fu/bomber@v0.0.0-20240922225924-556d47a9a0fe?package-id=549742ef6abef2fc","type":"library","name":"github.com/devops-kung-fu/bomber","version":"v0.0.0-20240922225924-556d47a9a0fe","cpe":"cpe:2.3:a:devops-kung-fu:bomber:v0.0.0-20240922225924-556d47a9a0fe:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/devops-kung-fu/bomber@v0.0.0-20240922225924-556d47a9a0fe","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:cpe23","value":"cpe:2.3:a:devops_kung_fu:bomber:v0.0.0-20240922225924-556d47a9a0fe:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:devops-kung:bomber:v0.0.0-20240922225924-556d47a9a0fe:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:devops_kung:bomber:v0.0.0-20240922225924-556d47a9a0fe:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:devops:bomber:v0.0.0-20240922225924-556d47a9a0fe:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/github.com/devops-kung-fu/common@v0.2.6?package-id=7a77aa6ef7a8db5b","type":"library","name":"github.com/devops-kung-fu/common","version":"v0.2.6","cpe":"cpe:2.3:a:devops-kung-fu:common:v0.2.6:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/devops-kung-fu/common@v0.2.6","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:cpe23","value":"cpe:2.3:a:devops_kung_fu:common:v0.2.6:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:devops-kung:common:v0.2.6:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:devops_kung:common:v0.2.6:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:devops:common:v0.2.6:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:HNL9suXELXHiSg7Ze0VinNkbngrBjovKYWPOckuarKc="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/github.com/devops-kung-fu/common@v0.2.6?package-id=b55a7be3bbabdab0","type":"library","name":"github.com/devops-kung-fu/common","version":"v0.2.6","cpe":"cpe:2.3:a:devops-kung-fu:common:v0.2.6:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/devops-kung-fu/common@v0.2.6","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:cpe23","value":"cpe:2.3:a:devops_kung_fu:common:v0.2.6:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:devops-kung:common:v0.2.6:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:devops_kung:common:v0.2.6:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:devops:common:v0.2.6:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:HNL9suXELXHiSg7Ze0VinNkbngrBjovKYWPOckuarKc="}]},{"bom-ref":"pkg:golang/github.com/fatih/color@v1.17.0?package-id=b1b528abae178afd","type":"library","name":"github.com/fatih/color","version":"v1.17.0","cpe":"cpe:2.3:a:fatih:color:v1.17.0:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/fatih/color@v1.17.0","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/github.com/fatih/color@v1.17.0?package-id=e8d71339217567f5","type":"library","name":"github.com/fatih/color","version":"v1.17.0","cpe":"cpe:2.3:a:fatih:color:v1.17.0:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/fatih/color@v1.17.0","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4="}]},{"bom-ref":"pkg:golang/github.com/go-resty/resty@v2.15.2?package-id=1e3c9fb4938d5e15#v2","type":"library","name":"github.com/go-resty/resty/v2","version":"v2.15.2","cpe":"cpe:2.3:a:resty_project:resty:v2.15.2:*:*:*:*:go:*:*","purl":"pkg:golang/github.com/go-resty/resty@v2.15.2#v2","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:wLGqKU9l9tOIa2RyePoyu4ZUnDkUWfp2LZ0u6fMXExc="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/github.com/go-resty/resty@v2.15.2?package-id=90547ee9b2b360ec#v2","type":"library","name":"github.com/go-resty/resty/v2","version":"v2.15.2","cpe":"cpe:2.3:a:resty_project:resty:v2.15.2:*:*:*:*:go:*:*","purl":"pkg:golang/github.com/go-resty/resty@v2.15.2#v2","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:wLGqKU9l9tOIa2RyePoyu4ZUnDkUWfp2LZ0u6fMXExc="}]},{"bom-ref":"pkg:golang/github.com/gomarkdown/markdown@v0.0.0-20240730141124-034f12af3bf6?package-id=2bf11987fae76888","type":"library","name":"github.com/gomarkdown/markdown","version":"v0.0.0-20240730141124-034f12af3bf6","cpe":"cpe:2.3:a:gomarkdown:markdown:v0.0.0-20240730141124-034f12af3bf6:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/gomarkdown/markdown@v0.0.0-20240730141124-034f12af3bf6","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:ZPy+2XJ8u0bB3sNFi+I72gMEMS7MTg7aZCCXPOjV8iw="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/github.com/gomarkdown/markdown@v0.0.0-20240730141124-034f12af3bf6?package-id=f10337617d742bd0","type":"library","name":"github.com/gomarkdown/markdown","version":"v0.0.0-20240730141124-034f12af3bf6","cpe":"cpe:2.3:a:gomarkdown:markdown:v0.0.0-20240730141124-034f12af3bf6:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/gomarkdown/markdown@v0.0.0-20240730141124-034f12af3bf6","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:ZPy+2XJ8u0bB3sNFi+I72gMEMS7MTg7aZCCXPOjV8iw="}]},{"bom-ref":"pkg:golang/github.com/google/go-github@v17.0.0%2Bincompatible?package-id=8e179c2b22c00af9","type":"library","name":"github.com/google/go-github","version":"v17.0.0+incompatible","cpe":"cpe:2.3:a:google:go-github:v17.0.0\\+incompatible:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/google/go-github@v17.0.0%2Bincompatible","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:cpe23","value":"cpe:2.3:a:google:go_github:v17.0.0\\+incompatible:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/github.com/google/go-github@v17.0.0%2Bincompatible?package-id=1a7031072d62d6d6","type":"library","name":"github.com/google/go-github","version":"v17.0.0+incompatible","cpe":"cpe:2.3:a:google:go-github:v17.0.0\\+incompatible:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/google/go-github@v17.0.0%2Bincompatible","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:cpe23","value":"cpe:2.3:a:google:go_github:v17.0.0\\+incompatible:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY="}]},{"bom-ref":"pkg:golang/github.com/google/go-querystring@v1.1.0?package-id=78be9547099afe2a","type":"library","name":"github.com/google/go-querystring","version":"v1.1.0","cpe":"cpe:2.3:a:google:go-querystring:v1.1.0:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/google/go-querystring@v1.1.0","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:cpe23","value":"cpe:2.3:a:google:go_querystring:v1.1.0:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/github.com/google/go-querystring@v1.1.0?package-id=eaef197a46ea3fb0","type":"library","name":"github.com/google/go-querystring","version":"v1.1.0","cpe":"cpe:2.3:a:google:go-querystring:v1.1.0:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/google/go-querystring@v1.1.0","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:cpe23","value":"cpe:2.3:a:google:go_querystring:v1.1.0:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8="}]},{"bom-ref":"pkg:golang/github.com/google/osv-scanner@v1.8.5?package-id=36431d941acc57b0","type":"library","name":"github.com/google/osv-scanner","version":"v1.8.5","cpe":"cpe:2.3:a:google:osv-scanner:v1.8.5:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/google/osv-scanner@v1.8.5","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:cpe23","value":"cpe:2.3:a:google:osv_scanner:v1.8.5:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:zKg12vmj2A0FZ0fscTjVpKVeDhLICVlAOsLe0HZtyXU="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/github.com/google/osv-scanner@v1.8.5?package-id=285b3a5c3dae1596","type":"library","name":"github.com/google/osv-scanner","version":"v1.8.5","cpe":"cpe:2.3:a:google:osv-scanner:v1.8.5:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/google/osv-scanner@v1.8.5","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:cpe23","value":"cpe:2.3:a:google:osv_scanner:v1.8.5:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:zKg12vmj2A0FZ0fscTjVpKVeDhLICVlAOsLe0HZtyXU="}]},{"bom-ref":"pkg:golang/github.com/gookit/color@v1.5.4?package-id=4f809bffb9683fea","type":"library","name":"github.com/gookit/color","version":"v1.5.4","cpe":"cpe:2.3:a:gookit:color:v1.5.4:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/gookit/color@v1.5.4","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:FZmqs7XOyGgCAxmWyPslpiok1k05wmY3SJTytgvYFs0="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/github.com/gookit/color@v1.5.4?package-id=1317002b687ff42e","type":"library","name":"github.com/gookit/color","version":"v1.5.4","cpe":"cpe:2.3:a:gookit:color:v1.5.4:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/gookit/color@v1.5.4","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:FZmqs7XOyGgCAxmWyPslpiok1k05wmY3SJTytgvYFs0="}]},{"bom-ref":"pkg:golang/github.com/gorilla/css@v1.0.1?package-id=79b92a95616f9f12","type":"library","name":"github.com/gorilla/css","version":"v1.0.1","cpe":"cpe:2.3:a:gorilla:css:v1.0.1:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/gorilla/css@v1.0.1","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:ntNaBIghp6JmvWnxbZKANoLyuXTPZ4cAMlo6RyhlbO8="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/github.com/gorilla/css@v1.0.1?package-id=c0c657c3696a9fc8","type":"library","name":"github.com/gorilla/css","version":"v1.0.1","cpe":"cpe:2.3:a:gorilla:css:v1.0.1:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/gorilla/css@v1.0.1","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:ntNaBIghp6JmvWnxbZKANoLyuXTPZ4cAMlo6RyhlbO8="}]},{"bom-ref":"pkg:golang/github.com/inconshreveable/mousetrap@v1.1.0?package-id=f6300927a9f6b106","type":"library","name":"github.com/inconshreveable/mousetrap","version":"v1.1.0","cpe":"cpe:2.3:a:inconshreveable:mousetrap:v1.1.0:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/inconshreveable/mousetrap@v1.1.0","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8="}]},{"bom-ref":"pkg:golang/github.com/jarcoal/httpmock@v1.3.1?package-id=80beefff3f36db31","type":"library","name":"github.com/jarcoal/httpmock","version":"v1.3.1","cpe":"cpe:2.3:a:jarcoal:httpmock:v1.3.1:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/jarcoal/httpmock@v1.3.1","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:iUx3whfZWVf3jT01hQTO/Eo5sAYtB2/rqaUuOtpInww="}]},{"bom-ref":"pkg:golang/github.com/jedib0t/go-pretty@v6.5.9?package-id=5a9ac7991abbcd65#v6","type":"library","name":"github.com/jedib0t/go-pretty/v6","version":"v6.5.9","cpe":"cpe:2.3:a:jedib0t:go-pretty\\/v6:v6.5.9:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/jedib0t/go-pretty@v6.5.9#v6","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:cpe23","value":"cpe:2.3:a:jedib0t:go_pretty\\/v6:v6.5.9:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:ACteMBRrrmm1gMsXe9PSTOClQ63IXDUt03H5U+UV8OU="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/github.com/jedib0t/go-pretty@v6.5.9?package-id=e51fe453cb53bdf9#v6","type":"library","name":"github.com/jedib0t/go-pretty/v6","version":"v6.5.9","cpe":"cpe:2.3:a:jedib0t:go-pretty\\/v6:v6.5.9:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/jedib0t/go-pretty@v6.5.9#v6","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:cpe23","value":"cpe:2.3:a:jedib0t:go_pretty\\/v6:v6.5.9:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:ACteMBRrrmm1gMsXe9PSTOClQ63IXDUt03H5U+UV8OU="}]},{"bom-ref":"pkg:golang/github.com/mattn/go-colorable@v0.1.13?package-id=9a0ae047462cc822","type":"library","name":"github.com/mattn/go-colorable","version":"v0.1.13","cpe":"cpe:2.3:a:mattn:go-colorable:v0.1.13:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/mattn/go-colorable@v0.1.13","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:cpe23","value":"cpe:2.3:a:mattn:go_colorable:v0.1.13:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/github.com/mattn/go-colorable@v0.1.13?package-id=898b7c8b52706e63","type":"library","name":"github.com/mattn/go-colorable","version":"v0.1.13","cpe":"cpe:2.3:a:mattn:go-colorable:v0.1.13:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/mattn/go-colorable@v0.1.13","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:cpe23","value":"cpe:2.3:a:mattn:go_colorable:v0.1.13:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA="}]},{"bom-ref":"pkg:golang/github.com/mattn/go-isatty@v0.0.20?package-id=749cfff4ce4288e5","type":"library","name":"github.com/mattn/go-isatty","version":"v0.0.20","cpe":"cpe:2.3:a:mattn:go-isatty:v0.0.20:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/mattn/go-isatty@v0.0.20","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:cpe23","value":"cpe:2.3:a:mattn:go_isatty:v0.0.20:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/github.com/mattn/go-isatty@v0.0.20?package-id=f4619afab7c4111c","type":"library","name":"github.com/mattn/go-isatty","version":"v0.0.20","cpe":"cpe:2.3:a:mattn:go-isatty:v0.0.20:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/mattn/go-isatty@v0.0.20","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:cpe23","value":"cpe:2.3:a:mattn:go_isatty:v0.0.20:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY="}]},{"bom-ref":"pkg:golang/github.com/mattn/go-runewidth@v0.0.16?package-id=b4c7d2005135365a","type":"library","name":"github.com/mattn/go-runewidth","version":"v0.0.16","cpe":"cpe:2.3:a:mattn:go-runewidth:v0.0.16:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/mattn/go-runewidth@v0.0.16","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:cpe23","value":"cpe:2.3:a:mattn:go_runewidth:v0.0.16:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/github.com/mattn/go-runewidth@v0.0.16?package-id=898c0bba93674d22","type":"library","name":"github.com/mattn/go-runewidth","version":"v0.0.16","cpe":"cpe:2.3:a:mattn:go-runewidth:v0.0.16:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/mattn/go-runewidth@v0.0.16","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:cpe23","value":"cpe:2.3:a:mattn:go_runewidth:v0.0.16:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc="}]},{"bom-ref":"pkg:golang/github.com/microcosm-cc/bluemonday@v1.0.27?package-id=3e2b70441b8c7690","type":"library","name":"github.com/microcosm-cc/bluemonday","version":"v1.0.27","cpe":"cpe:2.3:a:microcosm-cc:bluemonday:v1.0.27:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/microcosm-cc/bluemonday@v1.0.27","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:cpe23","value":"cpe:2.3:a:microcosm_cc:bluemonday:v1.0.27:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:microcosm:bluemonday:v1.0.27:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:MpEUotklkwCSLeH+Qdx1VJgNqLlpY2KXwXFM08ygZfk="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/github.com/microcosm-cc/bluemonday@v1.0.27?package-id=72b841f6456c6cb6","type":"library","name":"github.com/microcosm-cc/bluemonday","version":"v1.0.27","cpe":"cpe:2.3:a:microcosm-cc:bluemonday:v1.0.27:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/microcosm-cc/bluemonday@v1.0.27","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:cpe23","value":"cpe:2.3:a:microcosm_cc:bluemonday:v1.0.27:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:microcosm:bluemonday:v1.0.27:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:MpEUotklkwCSLeH+Qdx1VJgNqLlpY2KXwXFM08ygZfk="}]},{"bom-ref":"pkg:golang/github.com/package-url/packageurl-go@v0.1.3?package-id=0af6b9a8e3387596","type":"library","name":"github.com/package-url/packageurl-go","version":"v0.1.3","cpe":"cpe:2.3:a:package-url:packageurl-go:v0.1.3:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/package-url/packageurl-go@v0.1.3","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:cpe23","value":"cpe:2.3:a:package-url:packageurl_go:v0.1.3:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:package_url:packageurl-go:v0.1.3:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:package_url:packageurl_go:v0.1.3:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:package:packageurl-go:v0.1.3:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:package:packageurl_go:v0.1.3:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:4juMED3hHiz0set3Vq3KeQ75KD1avthoXLtmE3I0PLs="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/github.com/package-url/packageurl-go@v0.1.3?package-id=0233e14d43cef3a8","type":"library","name":"github.com/package-url/packageurl-go","version":"v0.1.3","cpe":"cpe:2.3:a:package-url:packageurl-go:v0.1.3:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/package-url/packageurl-go@v0.1.3","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:cpe23","value":"cpe:2.3:a:package-url:packageurl_go:v0.1.3:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:package_url:packageurl-go:v0.1.3:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:package_url:packageurl_go:v0.1.3:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:package:packageurl-go:v0.1.3:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:package:packageurl_go:v0.1.3:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:4juMED3hHiz0set3Vq3KeQ75KD1avthoXLtmE3I0PLs="}]},{"bom-ref":"pkg:golang/github.com/pmezard/go-difflib@v1.0.0?package-id=2e9153c8c5a4f906","type":"library","name":"github.com/pmezard/go-difflib","version":"v1.0.0","cpe":"cpe:2.3:a:pmezard:go-difflib:v1.0.0:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/pmezard/go-difflib@v1.0.0","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:cpe23","value":"cpe:2.3:a:pmezard:go_difflib:v1.0.0:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM="}]},{"bom-ref":"pkg:golang/github.com/remeh/sizedwaitgroup@v1.0.0?package-id=17db827b61bc2220","type":"library","name":"github.com/remeh/sizedwaitgroup","version":"v1.0.0","cpe":"cpe:2.3:a:remeh:sizedwaitgroup:v1.0.0:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/remeh/sizedwaitgroup@v1.0.0","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:VNGGFwNo/R5+MJBf6yrsr110p0m4/OX4S3DCy7Kyl5E="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/github.com/remeh/sizedwaitgroup@v1.0.0?package-id=0ec9233dfa27690e","type":"library","name":"github.com/remeh/sizedwaitgroup","version":"v1.0.0","cpe":"cpe:2.3:a:remeh:sizedwaitgroup:v1.0.0:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/remeh/sizedwaitgroup@v1.0.0","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:VNGGFwNo/R5+MJBf6yrsr110p0m4/OX4S3DCy7Kyl5E="}]},{"bom-ref":"pkg:golang/github.com/rivo/uniseg@v0.4.7?package-id=a91eccdff0c24eb5","type":"library","name":"github.com/rivo/uniseg","version":"v0.4.7","cpe":"cpe:2.3:a:rivo:uniseg:v0.4.7:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/rivo/uniseg@v0.4.7","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/github.com/rivo/uniseg@v0.4.7?package-id=2c0de3c260aa0d91","type":"library","name":"github.com/rivo/uniseg","version":"v0.4.7","cpe":"cpe:2.3:a:rivo:uniseg:v0.4.7:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/rivo/uniseg@v0.4.7","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ="}]},{"bom-ref":"pkg:golang/github.com/sashabaranov/go-openai@v1.30.3?package-id=4fff34844cdaf7ad","type":"library","name":"github.com/sashabaranov/go-openai","version":"v1.30.3","cpe":"cpe:2.3:a:sashabaranov:go-openai:v1.30.3:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/sashabaranov/go-openai@v1.30.3","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:cpe23","value":"cpe:2.3:a:sashabaranov:go_openai:v1.30.3:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:TEdRP3otRXX2A7vLoU+kI5XpoSo7VUUlM/rEttUqgek="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/github.com/sashabaranov/go-openai@v1.30.3?package-id=8fdd964b6781636c","type":"library","name":"github.com/sashabaranov/go-openai","version":"v1.30.3","cpe":"cpe:2.3:a:sashabaranov:go-openai:v1.30.3:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/sashabaranov/go-openai@v1.30.3","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:cpe23","value":"cpe:2.3:a:sashabaranov:go_openai:v1.30.3:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:TEdRP3otRXX2A7vLoU+kI5XpoSo7VUUlM/rEttUqgek="}]},{"bom-ref":"pkg:golang/github.com/spf13/afero@v1.11.0?package-id=7c737516b3910d9f","type":"library","name":"github.com/spf13/afero","version":"v1.11.0","cpe":"cpe:2.3:a:spf13:afero:v1.11.0:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/spf13/afero@v1.11.0","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/github.com/spf13/afero@v1.11.0?package-id=f55db4944dda030e","type":"library","name":"github.com/spf13/afero","version":"v1.11.0","cpe":"cpe:2.3:a:spf13:afero:v1.11.0:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/spf13/afero@v1.11.0","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8="}]},{"bom-ref":"pkg:golang/github.com/spf13/cobra@v1.8.1?package-id=d351b118de6f7cd0","type":"library","name":"github.com/spf13/cobra","version":"v1.8.1","cpe":"cpe:2.3:a:spf13:cobra:v1.8.1:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/spf13/cobra@v1.8.1","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/github.com/spf13/cobra@v1.8.1?package-id=ff8b95e290b08cab","type":"library","name":"github.com/spf13/cobra","version":"v1.8.1","cpe":"cpe:2.3:a:spf13:cobra:v1.8.1:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/spf13/cobra@v1.8.1","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM="}]},{"bom-ref":"pkg:golang/github.com/spf13/pflag@v1.0.5?package-id=1a9d6b4259ced8a5","type":"library","name":"github.com/spf13/pflag","version":"v1.0.5","cpe":"cpe:2.3:a:spf13:pflag:v1.0.5:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/spf13/pflag@v1.0.5","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/github.com/spf13/pflag@v1.0.5?package-id=b7053341eda23113","type":"library","name":"github.com/spf13/pflag","version":"v1.0.5","cpe":"cpe:2.3:a:spf13:pflag:v1.0.5:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/spf13/pflag@v1.0.5","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA="}]},{"bom-ref":"pkg:golang/github.com/stretchr/testify@v1.9.0?package-id=1e92eaf826745a46","type":"library","name":"github.com/stretchr/testify","version":"v1.9.0","cpe":"cpe:2.3:a:stretchr:testify:v1.9.0:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/stretchr/testify@v1.9.0","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg="}]},{"bom-ref":"pkg:golang/github.com/xo/terminfo@v0.0.0-20220910002029-abceb7e1c41e?package-id=debae7fe1aabcd33","type":"library","name":"github.com/xo/terminfo","version":"v0.0.0-20220910002029-abceb7e1c41e","cpe":"cpe:2.3:a:xo:terminfo:v0.0.0-20220910002029-abceb7e1c41e:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/xo/terminfo@v0.0.0-20220910002029-abceb7e1c41e","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/github.com/xo/terminfo@v0.0.0-20220910002029-abceb7e1c41e?package-id=470cccbaad5c75a4","type":"library","name":"github.com/xo/terminfo","version":"v0.0.0-20220910002029-abceb7e1c41e","cpe":"cpe:2.3:a:xo:terminfo:v0.0.0-20220910002029-abceb7e1c41e:*:*:*:*:*:*:*","purl":"pkg:golang/github.com/xo/terminfo@v0.0.0-20220910002029-abceb7e1c41e","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no="}]},{"bom-ref":"pkg:golang/golang.org/x/exp@v0.0.0-20240909161429-701f63a606c0?package-id=cda1c2a2dc81f2e9","type":"library","name":"golang.org/x/exp","version":"v0.0.0-20240909161429-701f63a606c0","cpe":"cpe:2.3:a:golang:x\\/exp:v0.0.0-20240909161429-701f63a606c0:*:*:*:*:*:*:*","purl":"pkg:golang/golang.org/x/exp@v0.0.0-20240909161429-701f63a606c0","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:e66Fs6Z+fZTbFBAxKfP3PALWBtpfqks2bwGcexMxgtk="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/golang.org/x/exp@v0.0.0-20240909161429-701f63a606c0?package-id=16f8778747b5d753","type":"library","name":"golang.org/x/exp","version":"v0.0.0-20240909161429-701f63a606c0","cpe":"cpe:2.3:a:golang:x\\/exp:v0.0.0-20240909161429-701f63a606c0:*:*:*:*:*:*:*","purl":"pkg:golang/golang.org/x/exp@v0.0.0-20240909161429-701f63a606c0","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:e66Fs6Z+fZTbFBAxKfP3PALWBtpfqks2bwGcexMxgtk="}]},{"bom-ref":"pkg:golang/golang.org/x/mod@v0.21.0?package-id=071625fbe581cc7e","type":"library","name":"golang.org/x/mod","version":"v0.21.0","cpe":"cpe:2.3:a:golang:x\\/mod:v0.21.0:*:*:*:*:*:*:*","purl":"pkg:golang/golang.org/x/mod@v0.21.0","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/golang.org/x/mod@v0.21.0?package-id=3f5468cdd228ca24","type":"library","name":"golang.org/x/mod","version":"v0.21.0","cpe":"cpe:2.3:a:golang:x\\/mod:v0.21.0:*:*:*:*:*:*:*","purl":"pkg:golang/golang.org/x/mod@v0.21.0","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0="}]},{"bom-ref":"pkg:golang/golang.org/x/net@v0.29.0?package-id=f0f6af76c81eba4d","type":"library","name":"golang.org/x/net","version":"v0.29.0","cpe":"cpe:2.3:a:golang:networking:v0.29.0:*:*:*:*:go:*:*","purl":"pkg:golang/golang.org/x/net@v0.29.0","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/golang.org/x/net@v0.29.0?package-id=54ee9db42318ea26","type":"library","name":"golang.org/x/net","version":"v0.29.0","cpe":"cpe:2.3:a:golang:networking:v0.29.0:*:*:*:*:go:*:*","purl":"pkg:golang/golang.org/x/net@v0.29.0","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo="}]},{"bom-ref":"pkg:golang/golang.org/x/sync@v0.8.0?package-id=d9732dca2021dcbb","type":"library","name":"golang.org/x/sync","version":"v0.8.0","cpe":"cpe:2.3:a:golang:x\\/sync:v0.8.0:*:*:*:*:*:*:*","purl":"pkg:golang/golang.org/x/sync@v0.8.0","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/golang.org/x/sync@v0.8.0?package-id=6ed10f6c5bd5d7b0","type":"library","name":"golang.org/x/sync","version":"v0.8.0","cpe":"cpe:2.3:a:golang:x\\/sync:v0.8.0:*:*:*:*:*:*:*","purl":"pkg:golang/golang.org/x/sync@v0.8.0","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ="}]},{"bom-ref":"pkg:golang/golang.org/x/sys@v0.25.0?package-id=14579be396b97beb","type":"library","name":"golang.org/x/sys","version":"v0.25.0","cpe":"cpe:2.3:a:golang:x\\/sys:v0.25.0:*:*:*:*:*:*:*","purl":"pkg:golang/golang.org/x/sys@v0.25.0","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/golang.org/x/sys@v0.25.0?package-id=1e8c7467caf8d2dc","type":"library","name":"golang.org/x/sys","version":"v0.25.0","cpe":"cpe:2.3:a:golang:x\\/sys:v0.25.0:*:*:*:*:*:*:*","purl":"pkg:golang/golang.org/x/sys@v0.25.0","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34="}]},{"bom-ref":"pkg:golang/golang.org/x/term@v0.24.0?package-id=a8d0f96ddf816af1","type":"library","name":"golang.org/x/term","version":"v0.24.0","cpe":"cpe:2.3:a:golang:x\\/term:v0.24.0:*:*:*:*:*:*:*","purl":"pkg:golang/golang.org/x/term@v0.24.0","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/golang.org/x/term@v0.24.0?package-id=eed7cec5e8136648","type":"library","name":"golang.org/x/term","version":"v0.24.0","cpe":"cpe:2.3:a:golang:x\\/term:v0.24.0:*:*:*:*:*:*:*","purl":"pkg:golang/golang.org/x/term@v0.24.0","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM="}]},{"bom-ref":"pkg:golang/golang.org/x/text@v0.18.0?package-id=6c2998de3728760e","type":"library","name":"golang.org/x/text","version":"v0.18.0","cpe":"cpe:2.3:a:golang:text:v0.18.0:*:*:*:*:*:*:*","purl":"pkg:golang/golang.org/x/text@v0.18.0","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/golang.org/x/text@v0.18.0?package-id=c3b2b6317226c3b2","type":"library","name":"golang.org/x/text","version":"v0.18.0","cpe":"cpe:2.3:a:golang:text:v0.18.0:*:*:*:*:*:*:*","purl":"pkg:golang/golang.org/x/text@v0.18.0","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224="}]},{"bom-ref":"pkg:golang/gopkg.in/yaml.v3@v3.0.1?package-id=633ef3e4903fa10b","type":"library","name":"gopkg.in/yaml.v3","version":"v3.0.1","cpe":"cpe:2.3:a:yaml_project:yaml:v3.0.1:*:*:*:*:go:*:*","purl":"pkg:golang/gopkg.in/yaml.v3@v3.0.1","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:architecture","value":"amd64"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"},{"name":"syft:metadata:goCryptoSettings:0","value":"standard-crypto"},{"name":"syft:metadata:h1Digest","value":"h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA="},{"name":"syft:metadata:mainModule","value":"github.com/devops-kung-fu/bomber"}]},{"bom-ref":"pkg:golang/gopkg.in/yaml.v3@v3.0.1?package-id=716c668b92999095","type":"library","name":"gopkg.in/yaml.v3","version":"v3.0.1","cpe":"cpe:2.3:a:yaml_project:yaml:v3.0.1:*:*:*:*:go:*:*","purl":"pkg:golang/gopkg.in/yaml.v3@v3.0.1","properties":[{"name":"syft:package:foundBy","value":"go-module-file-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-entry"},{"name":"syft:location:0:path","value":"/go.mod"},{"name":"syft:metadata:h1Digest","value":"h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA="}]},{"bom-ref":"pkg:github/goreleaser/goreleaser-action@v5.1.0?package-id=0992f766992fc467","type":"library","name":"goreleaser/goreleaser-action","version":"v5.1.0","cpe":"cpe:2.3:a:goreleaser\\/goreleaser-action:goreleaser\\/goreleaser-action:v5.1.0:*:*:*:*:*:*:*","purl":"pkg:github/goreleaser/goreleaser-action@v5.1.0","properties":[{"name":"syft:package:foundBy","value":"github-actions-usage-cataloger"},{"name":"syft:package:type","value":"github-action"},{"name":"syft:cpe23","value":"cpe:2.3:a:goreleaser\\/goreleaser-action:goreleaser\\/goreleaser_action:v5.1.0:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:goreleaser\\/goreleaser_action:goreleaser\\/goreleaser-action:v5.1.0:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:goreleaser\\/goreleaser_action:goreleaser\\/goreleaser_action:v5.1.0:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:goreleaser\\/goreleaser:goreleaser\\/goreleaser-action:v5.1.0:*:*:*:*:*:*:*"},{"name":"syft:cpe23","value":"cpe:2.3:a:goreleaser\\/goreleaser:goreleaser\\/goreleaser_action:v5.1.0:*:*:*:*:*:*:*"},{"name":"syft:location:0:path","value":"/.github/workflows/release.yml"}]},{"bom-ref":"pkg:golang/stdlib@1.22.7?package-id=1ce398fcb12c3a4d","type":"library","name":"stdlib","version":"go1.22.7","licenses":[{"license":{"id":"BSD-3-Clause"}}],"cpe":"cpe:2.3:a:golang:go:1.22.7:-:*:*:*:*:*:*","purl":"pkg:golang/stdlib@1.22.7","properties":[{"name":"syft:package:foundBy","value":"go-module-binary-cataloger"},{"name":"syft:package:language","value":"go"},{"name":"syft:package:type","value":"go-module"},{"name":"syft:package:metadataType","value":"go-module-buildinfo-entry"},{"name":"syft:location:0:path","value":"/bomber"},{"name":"syft:metadata:goCompiledVersion","value":"go1.22.7"}]}],"dependencies":[{"ref":"pkg:golang/github.com/devops-kung-fu/bomber@v0.0.0-20240922225924-556d47a9a0fe?package-id=549742ef6abef2fc","dependsOn":["pkg:golang/github.com/aymerick/douceur@v0.2.0?package-id=414429a824bb051f","pkg:golang/github.com/briandowns/spinner@v1.23.1?package-id=fca0b4f17ca8d602","pkg:golang/github.com/burntsushi/toml@v1.4.0?package-id=c313ec46e7831681","pkg:golang/github.com/cyclonedx/cyclonedx-go@v0.9.1?package-id=d7dd67ec4f835cf2","pkg:golang/github.com/devops-kung-fu/common@v0.2.6?package-id=7a77aa6ef7a8db5b","pkg:golang/github.com/fatih/color@v1.17.0?package-id=b1b528abae178afd","pkg:golang/github.com/go-resty/resty@v2.15.2?package-id=1e3c9fb4938d5e15#v2","pkg:golang/github.com/gomarkdown/markdown@v0.0.0-20240730141124-034f12af3bf6?package-id=2bf11987fae76888","pkg:golang/github.com/google/go-github@v17.0.0%2Bincompatible?package-id=8e179c2b22c00af9","pkg:golang/github.com/google/go-querystring@v1.1.0?package-id=78be9547099afe2a","pkg:golang/github.com/google/osv-scanner@v1.8.5?package-id=36431d941acc57b0","pkg:golang/github.com/gookit/color@v1.5.4?package-id=4f809bffb9683fea","pkg:golang/github.com/gorilla/css@v1.0.1?package-id=79b92a95616f9f12","pkg:golang/github.com/jedib0t/go-pretty@v6.5.9?package-id=5a9ac7991abbcd65#v6","pkg:golang/github.com/mattn/go-colorable@v0.1.13?package-id=9a0ae047462cc822","pkg:golang/github.com/mattn/go-isatty@v0.0.20?package-id=749cfff4ce4288e5","pkg:golang/github.com/mattn/go-runewidth@v0.0.16?package-id=b4c7d2005135365a","pkg:golang/github.com/microcosm-cc/bluemonday@v1.0.27?package-id=3e2b70441b8c7690","pkg:golang/github.com/package-url/packageurl-go@v0.1.3?package-id=0af6b9a8e3387596","pkg:golang/github.com/remeh/sizedwaitgroup@v1.0.0?package-id=17db827b61bc2220","pkg:golang/github.com/rivo/uniseg@v0.4.7?package-id=a91eccdff0c24eb5","pkg:golang/github.com/sashabaranov/go-openai@v1.30.3?package-id=4fff34844cdaf7ad","pkg:golang/github.com/spf13/afero@v1.11.0?package-id=7c737516b3910d9f","pkg:golang/github.com/spf13/cobra@v1.8.1?package-id=d351b118de6f7cd0","pkg:golang/github.com/spf13/pflag@v1.0.5?package-id=1a9d6b4259ced8a5","pkg:golang/github.com/xo/terminfo@v0.0.0-20220910002029-abceb7e1c41e?package-id=debae7fe1aabcd33","pkg:golang/golang.org/x/exp@v0.0.0-20240909161429-701f63a606c0?package-id=cda1c2a2dc81f2e9","pkg:golang/golang.org/x/mod@v0.21.0?package-id=071625fbe581cc7e","pkg:golang/golang.org/x/net@v0.29.0?package-id=f0f6af76c81eba4d","pkg:golang/golang.org/x/sync@v0.8.0?package-id=d9732dca2021dcbb","pkg:golang/golang.org/x/sys@v0.25.0?package-id=14579be396b97beb","pkg:golang/golang.org/x/term@v0.24.0?package-id=a8d0f96ddf816af1","pkg:golang/golang.org/x/text@v0.18.0?package-id=6c2998de3728760e","pkg:golang/gopkg.in/yaml.v3@v3.0.1?package-id=633ef3e4903fa10b","pkg:golang/stdlib@1.22.7?package-id=1ce398fcb12c3a4d"]}]} diff --git a/_TESTDATA_/sbom/jena-kafka-1.4.0-SNAPSHOT-bom.json b/_TESTDATA_/sbom/jena-kafka-1.4.0-SNAPSHOT-bom.json new file mode 100644 index 0000000..2f4107c --- /dev/null +++ b/_TESTDATA_/sbom/jena-kafka-1.4.0-SNAPSHOT-bom.json @@ -0,0 +1,6054 @@ +{ + "bomFormat" : "CycloneDX", + "specVersion" : "1.5", + "serialNumber" : "urn:uuid:29cba971-058f-35f8-ac9d-9d798dfc3fef", + "version" : 1, + "metadata" : { + "lifecycles" : [ + { + "phase" : "build" + } + ], + "tools" : { + "components" : [ + { + "author" : "OWASP Foundation", + "group" : "org.cyclonedx", + "name" : "cyclonedx-maven-plugin", + "version" : "2.8.1", + "description" : "CycloneDX Maven plugin", + "hashes" : [ + { + "alg" : "MD5", + "content" : "42c73e70d517b359d40b757c368d68fc" + }, + { + "alg" : "SHA-1", + "content" : "c66892e13fb7ed7b8105cb5a280fa767d9e0bf12" + }, + { + "alg" : "SHA-256", + "content" : "566681b9fcb1b0178e101cd899d2ea399e2039255e208a1a477bc079158dbdc5" + }, + { + "alg" : "SHA-512", + "content" : "93d7b7421ee2d91f84930e75a52864952f26fee96114740dab477ee5f0e62b6448759ad5a160f1749650379f771941100c7fd84ed523b2407d2004b928998ecb" + }, + { + "alg" : "SHA-384", + "content" : "04b0c71c1b79f77e723e7db96c72705f50172e94df5a7f28edbd96024b886fff65f61f37fc77abb1d12b0809813ae665" + }, + { + "alg" : "SHA3-384", + "content" : "eafa68c2c25670f0b77c5db3acdfd97cfe97dfc50c47bba2103353327b049b9bbac0d8b621b1168200ddf21719048c73" + }, + { + "alg" : "SHA3-256", + "content" : "2c07b6997ba0e40ca3b66e39cfcf101fcebdceaa19fce0baf12e013cf392466e" + }, + { + "alg" : "SHA3-512", + "content" : "636f068843bad92259885cd4d427630619864c0172bd1b41df15c33a7d411767ab09cf2ff339a97fda149ee44c95a162fdf6cb12de19e2dc0250c2fadc80d882" + } + ], + "type" : "library" + } + ] + }, + "component" : { + "group" : "io.telicent.jena", + "name" : "jena-kafka", + "version" : "1.4.0-SNAPSHOT", + "description" : "Fuseki Module : Kafka Connector", + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/io.telicent.jena/jena-kafka@1.4.0-SNAPSHOT?type=pom", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://github.com/telicent-oss/jena-fuseki-kafka" + }, + { + "type" : "distribution-intake", + "url" : "https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type" : "issue-tracker", + "url" : "https://github.com/telicent-oss/jena-fuseki-kafka" + }, + { + "type" : "vcs", + "url" : "https://github.com/telicent-oss/jena-fuseki-kafka" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/io.telicent.jena/jena-kafka@1.4.0-SNAPSHOT?type=pom" + }, + "properties" : [ + { + "name" : "maven.goal", + "value" : "makeAggregateBom" + }, + { + "name" : "maven.scopes", + "value" : "compile,provided,runtime,system" + }, + { + "name" : "cdx:reproducible", + "value" : "enabled" + } + ] + }, + "components" : [ + { + "group" : "io.telicent.jena", + "name" : "jena-kafka-connector", + "version" : "1.4.0-SNAPSHOT", + "description" : "Jena-Kafka : Connector", + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/io.telicent.jena/jena-kafka-connector@1.4.0-SNAPSHOT", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://github.com/telicent-oss/jena-fuseki-kafka/jena-kafka-connector" + }, + { + "type" : "distribution-intake", + "url" : "https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type" : "issue-tracker", + "url" : "https://github.com/telicent-oss/jena-fuseki-kafka" + }, + { + "type" : "vcs", + "url" : "https://github.com/telicent-oss/jena-fuseki-kafka/jena-kafka-connector" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/io.telicent.jena/jena-kafka-connector@1.4.0-SNAPSHOT" + }, + { + "group" : "org.apache.kafka", + "name" : "kafka-clients", + "version" : "3.8.0", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "71595773ee274b1ba0791e81d7181653" + }, + { + "alg" : "SHA-1", + "content" : "84425f801af2df5355b8736e36c1496f172adcf3" + }, + { + "alg" : "SHA-256", + "content" : "68877a34a19b5f7ef1c3e2ee0abf727e0be626556dc0dbbf20527380252f1745" + }, + { + "alg" : "SHA-512", + "content" : "e61c2ab5e7d3daa1e546904512815ee9b3e3ac1cd887aa44ce920bc1597f13cc5f097dfc0c011b4dea23650a5394ba8e060104f0064d1ad37b589b11dcb0fa3c" + }, + { + "alg" : "SHA-384", + "content" : "793d1ffd8144cbe2c57dad54a6a73f7db4b72af336df45d6ee3c9f09823b775220cde3e085a97bb9c211e6bb829d9116" + }, + { + "alg" : "SHA3-384", + "content" : "d5750cef7934405539a997e9f77a59cd17cf1b020b0a3c9beff6bebbcc2f9753ecced1cef98195a6da82088c4124d5ff" + }, + { + "alg" : "SHA3-256", + "content" : "3ccb06d0da8b0a531821e656cdddf8637e84853c5742a8946b968be0fe65d7df" + }, + { + "alg" : "SHA3-512", + "content" : "9011b0e6a02a581d3fcb14b9a5bed6494632784e4ae30bb2e6690a31e57bdecf58be0424e1ddae74c73af4a8fbc0790d14fa4c4a1b572b8355cb08a358d1d49f" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.kafka/kafka-clients@3.8.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://kafka.apache.org" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.kafka/kafka-clients@3.8.0" + }, + { + "publisher" : "com.github.luben", + "group" : "com.github.luben", + "name" : "zstd-jni", + "version" : "1.5.6-3", + "description" : "JNI bindings for Zstd native library that provides fast and high compression lossless algorithm for Java and all JVM languages.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "67b722d1bc7f256235ddf32a320c1d0c" + }, + { + "alg" : "SHA-1", + "content" : "823b794106e4bcb80110f49408d1641231f25927" + }, + { + "alg" : "SHA-256", + "content" : "f72ede1b39258faf81277dc58de30c71cbae4253732558d2ce10b53d8b5763d5" + }, + { + "alg" : "SHA-512", + "content" : "bf237e2eb5bf0318a082e8dd480d89887a7c3fa068264b99313f84460a30203649505a293500949f588148a9074a54a4a4a324e9d8aa80475536c4260091ce61" + }, + { + "alg" : "SHA-384", + "content" : "3885377295270021f4a46667ec6a3c36bfac2290caac17e42a9e557a3f9675357abc78576e61b721e1a91cec765322e4" + }, + { + "alg" : "SHA3-384", + "content" : "50a38ba8067882eeb564ef85f9b8bf23e51951886ed99085fc2e422027dccd293cde20a02594a1670ca7e37ad67effdf" + }, + { + "alg" : "SHA3-256", + "content" : "4cc4540bd0916125870a9fb810eb9fb16c061fac6b8becc2abc9c69a83e130bd" + }, + { + "alg" : "SHA3-512", + "content" : "5404f0198118ebd9f7b05acce4f02051eaa8e0a04fdfee75b0581e61ab688a91761038471d1d364306ceb8ac5ec545dad60a4d09fc0c5fdbcd4fa7c8e50f7f94" + } + ], + "licenses" : [ + { + "license" : { + "id" : "BSD-2-Clause" + } + } + ], + "purl" : "pkg:maven/com.github.luben/zstd-jni@1.5.6-3", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://github.com/luben/zstd-jni" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/com.github.luben/zstd-jni@1.5.6-3" + }, + { + "group" : "org.lz4", + "name" : "lz4-java", + "version" : "1.8.0", + "description" : "Java ports and bindings of the LZ4 compression algorithm and the xxHash hashing algorithm", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "936a927700aa8fc3b75d21d7571171f6" + }, + { + "alg" : "SHA-1", + "content" : "4b986a99445e49ea5fbf5d149c4b63f6ed6c6780" + }, + { + "alg" : "SHA-256", + "content" : "d74a3334fb35195009b338a951f918203d6bbca3d1d359033dc33edd1cadc9ef" + }, + { + "alg" : "SHA-512", + "content" : "98d59086a6021ca571d9c1d64b715e43044c730e1ac563f514c40cf44302615d30378b6d5cc69990446522de6260dc8e7b303e3990a3139dc326d058dfb6dbd9" + }, + { + "alg" : "SHA-384", + "content" : "8e3f2acdbb41a00c4d9cc5f328e63fb626ac7c6c84e1bf9502e2fcc76a591b2b819b2d27b29925ff986b95c297b30e2c" + }, + { + "alg" : "SHA3-384", + "content" : "ec0d6a00760d0a4ecba13a41785d6ae57a64552b1687eaa3e292b3054bb1348e49ab8a938197ff126f9218c6cb96ee1c" + }, + { + "alg" : "SHA3-256", + "content" : "7be684c102891105f66d378b61ea1297a392c1618b5aebf7e0b281f55217c206" + }, + { + "alg" : "SHA3-512", + "content" : "0b2294570ea2bfbb50ced21dfa4bad956467ca447e9ab2dd602a3478371bcd0e9f13d2dff74d06827a28882409612cdde00bd91267be05bd3510c68268bf3166" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.lz4/lz4-java@1.8.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://github.com/lz4/lz4-java" + }, + { + "type" : "vcs", + "url" : "git://github.com/lz4/lz4-java.git" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.lz4/lz4-java@1.8.0" + }, + { + "publisher" : "xerial.org", + "group" : "org.xerial.snappy", + "name" : "snappy-java", + "version" : "1.1.10.5", + "description" : "snappy-java: A fast compression/decompression library", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "a52ffcdbbe525b486237a7098e5c5ff7" + }, + { + "alg" : "SHA-1", + "content" : "ac605269f3598506196e469f1fb0d7ed5c55059e" + }, + { + "alg" : "SHA-256", + "content" : "0f3f1857ed33116583f480b4df5c0218836c47bfbc9c6221c0d73f356decf37b" + }, + { + "alg" : "SHA-512", + "content" : "36c288aa84017b52362a49a20d1702151a16b9f58518b6877f11122941a549d94fab8d515f7f1ad6384fb94be569328abf862edaf970c10a16832498dfda853b" + }, + { + "alg" : "SHA-384", + "content" : "693a542ca2471dec4da5fe582563aff1bf5238e1a8d1a1f79cd8138334f94f1112094fbd270b1637d983c9290084a6e1" + }, + { + "alg" : "SHA3-384", + "content" : "41cbbb20b4bc0bd9a80521904568335fb131602a6931783f5bf6a1c8287b8ccd92c8169b8bb2399d27208fc067ef2321" + }, + { + "alg" : "SHA3-256", + "content" : "38dc41c5a0d827c58e1409a63e902d0568a03d67cdb99708ccc63921000ddc55" + }, + { + "alg" : "SHA3-512", + "content" : "b07d178cc94f6385d5f09d7730d2dd161c6f7d6815ae779e742421c0c1fb92043c8ec8ce5ee67660760f5287bd959eba1028924257a6ff36fb5439d8f81bd049" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0", + "url" : "https://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl" : "pkg:maven/org.xerial.snappy/snappy-java@1.1.10.5", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://github.com/xerial/snappy-java" + }, + { + "type" : "vcs", + "url" : "https://github.com/xerial/snappy-java" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.xerial.snappy/snappy-java@1.1.10.5" + }, + { + "publisher" : "QOS.ch", + "group" : "org.slf4j", + "name" : "slf4j-api", + "version" : "2.0.7", + "description" : "The slf4j API", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "403dffa46cdd2e3c82da19df4f394a4c" + }, + { + "alg" : "SHA-1", + "content" : "41eb7184ea9d556f23e18b5cb99cad1f8581fc00" + }, + { + "alg" : "SHA-256", + "content" : "5d6298b93a1905c32cda6478808ac14c2d4a47e91535e53c41f7feeb85d946f4" + }, + { + "alg" : "SHA-512", + "content" : "216d2cac27d501972c888f94dfa747d700b80d60813884b6ab4b12c6a3b17ed0c21a1d27e1aa4332c97c828f20039e3913d2763d7e1a3cef36ae4389a276e7a8" + }, + { + "alg" : "SHA-384", + "content" : "c25b39f418aa726ba8405dfd9b356131f89984e2ef5a55a724a2abf3b7c78443f671105835161d2414d602cf03da9f2d" + }, + { + "alg" : "SHA3-384", + "content" : "f33abfaac21badae6f85d3ebbc6c1204fd7fda3bb15173e763fa8cee95bce6a8270eec2c8f49343c66c8d2767bc317e1" + }, + { + "alg" : "SHA3-256", + "content" : "6e00d4b264a2afc4ca4e98f716ecece66c32c626ca3f8c5d56b22092b6fe417b" + }, + { + "alg" : "SHA3-512", + "content" : "ad7b9142d370fc532a07cdd43881a129b012ff50e2bede3ac27d9bd31ec707bf2f45e82002fa59e962955cc38ab73cdd77713fca50cedc926c046f5617c1285b" + } + ], + "licenses" : [ + { + "license" : { + "id" : "MIT", + "url" : "https://opensource.org/licenses/MIT" + } + } + ], + "purl" : "pkg:maven/org.slf4j/slf4j-api@2.0.7", + "externalReferences" : [ + { + "type" : "website", + "url" : "http://www.slf4j.org" + }, + { + "type" : "distribution-intake", + "url" : "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type" : "vcs", + "url" : "https://github.com/qos-ch/slf4j/slf4j-api" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.slf4j/slf4j-api@2.0.7" + }, + { + "publisher" : "The Apache Software Foundation", + "group" : "org.apache.jena", + "name" : "jena-arq", + "version" : "5.1.0", + "description" : "SPARQL 1.1 query engine and RDF parsers for Apache Jena", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "09603132411b67c4e32156236604d1d1" + }, + { + "alg" : "SHA-1", + "content" : "12ebbc3ac798ed7eafeb9340718d6554db768c43" + }, + { + "alg" : "SHA-256", + "content" : "e45d9dc564984c451b96eb9d61cc28bf5bdd4cc745d3b84c58fa612e46c6c621" + }, + { + "alg" : "SHA-512", + "content" : "c35e6865cdd9be006d7dcfd6893333e8d14a24d0337f757348b47e0bfe30cbeca51b6142774ba3d7606a6a945990a589151ea74499a4cd9525e35b5443a99d51" + }, + { + "alg" : "SHA-384", + "content" : "2c9a9413d82e2a0a5c2e117837bb80af835c3806c245459fe77720af161ee86f1fa443a2c46f278b401cf17952590e2b" + }, + { + "alg" : "SHA3-384", + "content" : "95ca76500b8e0e9716b72f994dc9278ef05bd0ba52c55f30f536dd8b3c4046976f1bb434f9bb5e68073036e085018741" + }, + { + "alg" : "SHA3-256", + "content" : "2e4eaa9eb6349e235d831289848b542d1e982769634dff55672072e13d9f53fb" + }, + { + "alg" : "SHA3-512", + "content" : "529eb0e7cb1cc0e9be86080cc8855142a4e5fb75c0fcdd4b1e164fb73db5e42d40eeecccc38429e287e702db3e65db40c6aa2afd1c4454c0ce2e44fbd2db2ec7" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.jena/jena-arq@5.1.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://jena.apache.org/jena-arq/" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/JENA" + }, + { + "type" : "mailing-list", + "url" : "https://lists.apache.org/list.html?users@jena.apache.org" + }, + { + "type" : "vcs", + "url" : "https://gitbox.apache.org/repos/asf/jena.git/jena-arq" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.jena/jena-arq@5.1.0" + }, + { + "publisher" : "The Apache Software Foundation", + "group" : "org.apache.jena", + "name" : "jena-core", + "version" : "5.1.0", + "description" : "Jena is a Java framework for building Semantic Web applications. It provides a programmatic environment for RDF, RDFS and OWL, SPARQL and includes a rule-based inference engine.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "e7af1739fa0a29a66e30251dc21bf3ec" + }, + { + "alg" : "SHA-1", + "content" : "2d5b118b22bb719744f3f13de537dbcdb22a9763" + }, + { + "alg" : "SHA-256", + "content" : "722999d43f86f9f81aadf8bb8913e461b64c02022f26b74487c0fb834fc0d7fd" + }, + { + "alg" : "SHA-512", + "content" : "6993f0ccf0ea0e8470a8d181b7e2aec7b01f04d1412d19cd81f911b65d645bb643735785db479de672a418df96b5a2b802e328efa3ad666d73fdba1872e18db3" + }, + { + "alg" : "SHA-384", + "content" : "838b224505c24d1aa095bc1943f5013ba997c9806401daf6dc52d055953af35f2228236cef70a0df4a3a579f5f5bf47d" + }, + { + "alg" : "SHA3-384", + "content" : "6647d1eade5030613c5fedd7990d5243ddf910b1d7ae92236dd0a1dd5e651b2860711bc5e3431484d50237cf02ff4d47" + }, + { + "alg" : "SHA3-256", + "content" : "8a61de0fe83269892d042a172d03e1b6a6229578493850cc40cd25ff9f2f37c7" + }, + { + "alg" : "SHA3-512", + "content" : "7153c9128a31eda8d2b9b4d683aa115a04f833a80e8b80ba8654a457cdc07f46749f1488ed38577dada2c7bc21e19f1a09810adecf6dd26baebf3ad720535a85" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.jena/jena-core@5.1.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://jena.apache.org/jena-core/" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/JENA" + }, + { + "type" : "mailing-list", + "url" : "https://lists.apache.org/list.html?users@jena.apache.org" + }, + { + "type" : "vcs", + "url" : "https://gitbox.apache.org/repos/asf/jena.git/jena-core" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.jena/jena-core@5.1.0" + }, + { + "publisher" : "The Apache Software Foundation", + "group" : "org.apache.jena", + "name" : "jena-base", + "version" : "5.1.0", + "description" : "This module contains non-RDF library code and the common system runtime.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "ee305413bedbda9f6cc5601b4b373ad8" + }, + { + "alg" : "SHA-1", + "content" : "7b04bd5ba4aa4625d9d5f8ff237fa5b4766b39b1" + }, + { + "alg" : "SHA-256", + "content" : "4144acdcccc39b60a44c43bca56046e802c14f1ed6d76f884d2c214ce7924ccf" + }, + { + "alg" : "SHA-512", + "content" : "8bc8b7e42eeabb08b8c23203b0b669ad036795f6d9da3baf88f14a00deadadf0b12c3b4f4759ceff730c5fabaae54fcfe283a6d843c3b0d24ab78383b85a5294" + }, + { + "alg" : "SHA-384", + "content" : "5b4a5091713f30a98c2bd17139baaaa4576c6963e7030a894df9a413dbd281bddeb0a98a9885984ab9caecdcbd11dad1" + }, + { + "alg" : "SHA3-384", + "content" : "0fc547e89559b003802e7311f8f95ecb6b4b1a4a4102d6711deb49e0225eda9a11fdb20395b2f0f59be6a0f073bd10ad" + }, + { + "alg" : "SHA3-256", + "content" : "9f918ebdf7e0daf2822dd5d68ffbf3c5110d88f516a857c8500590e92d8407f2" + }, + { + "alg" : "SHA3-512", + "content" : "62dc1576f785d8dbe4e9ec82f68c5e8d400ad66940f7bab57632123f024d5de037fce3a5923241593a3d204539bd4ec7b90ca4f1e38b791a1ed773db618f2933" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.jena/jena-base@5.1.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://jena.apache.org/jena-base/" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/JENA" + }, + { + "type" : "mailing-list", + "url" : "https://lists.apache.org/list.html?users@jena.apache.org" + }, + { + "type" : "vcs", + "url" : "https://gitbox.apache.org/repos/asf/jena.git/jena-base" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.jena/jena-base@5.1.0" + }, + { + "publisher" : "The Apache Software Foundation", + "group" : "org.apache.commons", + "name" : "commons-csv", + "version" : "1.11.0", + "description" : "The Apache Commons CSV library provides a simple interface for reading and writing CSV files of various types.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "670327702ca6f22103531d20d140bc9e" + }, + { + "alg" : "SHA-1", + "content" : "8f2dc805097da534612128b7cdf491a5a76752bf" + }, + { + "alg" : "SHA-256", + "content" : "b697fe3f94cfc4f7e2a87bddf78d15cd10d8c86cbe56ae9196a62d6edbf6b76d" + }, + { + "alg" : "SHA-512", + "content" : "a2778e0c92e858e10b10d00c4fcee0ad5e5113208ecdbec91239b5ce27ac8bdd75abc224d2138d555657f27d34e9e6e80f386d9229737a0474582a5fe7419961" + }, + { + "alg" : "SHA-384", + "content" : "7c54e09fdfd7a16a704f94c0a3232e1cffef65ae5a95d58ad6157329bb639afd3adad4da1a96a04c4f2e4d894bad4d57" + }, + { + "alg" : "SHA3-384", + "content" : "82f1c8fddf576befbc07b598c57cf8c08c586e737ddd6437d10e903825eb2fa68d493f063386dd2384636a35e3a783e8" + }, + { + "alg" : "SHA3-256", + "content" : "b7cd34dba41399b1e9e2747189b7f870bdf473169a590c0a17de191a6203a0c2" + }, + { + "alg" : "SHA3-512", + "content" : "9bb4227b127c9022f7e50e2d23d2b2c07db8b1152bbcd7346c3b4378d4df9f880e053f5def0d6ec23611bc631ef452b9e65bd8aba6e239f1e4c2456303638109" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0", + "url" : "https://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.commons/commons-csv@1.11.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://commons.apache.org/proper/commons-csv/" + }, + { + "type" : "build-system", + "url" : "https://github.com/apache/commons-csv/actions" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/CSV" + }, + { + "type" : "mailing-list", + "url" : "https://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type" : "vcs", + "url" : "https://gitbox.apache.org/repos/asf?p=commons-csv.git" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.commons/commons-csv@1.11.0" + }, + { + "publisher" : "The Apache Software Foundation", + "group" : "commons-io", + "name" : "commons-io", + "version" : "2.16.1", + "description" : "The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "ed8191a5a217940140001b0acfed18d9" + }, + { + "alg" : "SHA-1", + "content" : "377d592e740dc77124e0901291dbfaa6810a200e" + }, + { + "alg" : "SHA-256", + "content" : "f41f7baacd716896447ace9758621f62c1c6b0a91d89acee488da26fc477c84f" + }, + { + "alg" : "SHA-512", + "content" : "97eab31b073c5c57c8bcfaa2fec7b481a15a9a1f9ed864dfdc63b57f062b230557caa734c3133aca1165facb588c58db0185c07832241d70159e87a4bcf48008" + }, + { + "alg" : "SHA-384", + "content" : "bd78e2eb3d005046d1329557d3a77529e98384d4d87940374eef432d73d5a06ef20fb7b0c44389de64496fe134dcf199" + }, + { + "alg" : "SHA3-384", + "content" : "f9acc2f04f076328d17e2d0615da4367470b45b15f828008d8df57033401ae6b3b83b21cf9bc1745ff3cfe5a102bc48e" + }, + { + "alg" : "SHA3-256", + "content" : "5d4bbe43356c92e3970b69892b44a10cc736ef8cb1bedfc753cc8df050520161" + }, + { + "alg" : "SHA3-512", + "content" : "29440ccf2551b383c7e6cbdf78ef7784a421322e418da1be3fcd3251c8a826ffd5c6d1bea32b9c80e74744c035cc9cd8483e629e407110ff3133a05cb34bef93" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0", + "url" : "https://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl" : "pkg:maven/commons-io/commons-io@2.16.1", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://commons.apache.org/proper/commons-io/" + }, + { + "type" : "build-system", + "url" : "https://github.com/apache/commons-parent/actions" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/IO" + }, + { + "type" : "mailing-list", + "url" : "https://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type" : "vcs", + "url" : "https://gitbox.apache.org/repos/asf?p=commons-io.git" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/commons-io/commons-io@2.16.1" + }, + { + "publisher" : "The Apache Software Foundation", + "group" : "commons-codec", + "name" : "commons-codec", + "version" : "1.17.0", + "description" : "The Apache Commons Codec component contains encoder and decoders for various formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "ca1f080782f7e77cb3aec451e7a7f02d" + }, + { + "alg" : "SHA-1", + "content" : "0dbe8eef6e14460e73da07f7b11bf994d6626355" + }, + { + "alg" : "SHA-256", + "content" : "f700de80ac270d0344fdea7468201d8b9c805e5c648331c3619f2ee067ccfc59" + }, + { + "alg" : "SHA-512", + "content" : "cb9c3b2055d0b31d106293f0bc3696f90a11a30953e5b05a1a3c453e98a563475c93d7c6d1707e75f59d0806fba5fd8e4486b8bd72e58bb6ae995bdbbeeb7e17" + }, + { + "alg" : "SHA-384", + "content" : "a0fd174b2f8a21b43828371a7ee03c915b79e69d7b0e16cfe6367f794e2f8e6bbebc261e8a4ba35a79779b2338a774a4" + }, + { + "alg" : "SHA3-384", + "content" : "803fb227bd6770cc21c701b9529606f95ba05c30ea3d807b18b3681fde0c7cabd0e2f40ab36567832f63e0c42b77d0f2" + }, + { + "alg" : "SHA3-256", + "content" : "41b9b86fd0b19ff44d19d108302d7b0111ed86d07a65a90efe1023537fad8748" + }, + { + "alg" : "SHA3-512", + "content" : "eaacc9eafccf4bda0c72c5151dbd7e99954842782c91b501af8c7ca462a04b6c59d7ab8e1ef43b3ebc1b12ca62f4574544bc31df10f33f4a15cd3c3399bd808b" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0", + "url" : "https://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl" : "pkg:maven/commons-codec/commons-codec@1.17.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://commons.apache.org/proper/commons-codec/" + }, + { + "type" : "build-system", + "url" : "https://github.com/apache/commons-parent/actions" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/CODEC" + }, + { + "type" : "mailing-list", + "url" : "https://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type" : "vcs", + "url" : "https://github.com/apache/commons-codec" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/commons-codec/commons-codec@1.17.0" + }, + { + "publisher" : "The Apache Software Foundation", + "group" : "org.apache.commons", + "name" : "commons-compress", + "version" : "1.26.2", + "description" : "Apache Commons Compress defines an API for working with compression and archive formats. These include bzip2, gzip, pack200, LZMA, XZ, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4, Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "d2c5abbd0a822c0b79cf4f03ead483ee" + }, + { + "alg" : "SHA-1", + "content" : "eb1f823447af685208e684fce84783b43517960c" + }, + { + "alg" : "SHA-256", + "content" : "9168a03141d8fc7eda21a2360d83cc0412bcbb1d6204d992bd48c2573cb3c6b8" + }, + { + "alg" : "SHA-512", + "content" : "7106a722d26da945f6d6eea6f0c61b420bff45749bf60c572d992c545b10ccd926dc4b9a9f366ff29d5940c99f26dfeca98f6c1c4b630632a65f04c2d7b94b26" + }, + { + "alg" : "SHA-384", + "content" : "8422ef0d5e9ca419a8b3a33a4c330348f4495b9edded4fde38636d11e99fc3f725df11769d310edc233beed2401daf53" + }, + { + "alg" : "SHA3-384", + "content" : "b32406c91771cfc12e61722add9ab2ef8efa32bf16bdcf80b415f5604bb9b61977c08e6f87f2ef59705c761caca4ffb8" + }, + { + "alg" : "SHA3-256", + "content" : "26c54771c66adc967a167306982bded1fc36a6a2d590401fc435303c9e6256a7" + }, + { + "alg" : "SHA3-512", + "content" : "3f4054fd56ae8d4f012f2cae5469215010123c1ada8931bdcd634551027816afefd8bd871b2ee99f168e2d5a347e0e28c31427dd79e3f42cefcff2662a5603ff" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0", + "url" : "https://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.commons/commons-compress@1.26.2", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://commons.apache.org/proper/commons-compress/" + }, + { + "type" : "build-system", + "url" : "https://github.com/apache/commons-parent/actions" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/COMPRESS" + }, + { + "type" : "mailing-list", + "url" : "https://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type" : "vcs", + "url" : "https://gitbox.apache.org/repos/asf?p=commons-compress.git" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.commons/commons-compress@1.26.2" + }, + { + "publisher" : "The Apache Software Foundation", + "group" : "org.apache.commons", + "name" : "commons-collections4", + "version" : "4.4", + "description" : "The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "4a37023740719b391f10030362c86be6" + }, + { + "alg" : "SHA-1", + "content" : "62ebe7544cb7164d87e0637a2a6a2bdc981395e8" + }, + { + "alg" : "SHA-256", + "content" : "1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1" + }, + { + "alg" : "SHA-512", + "content" : "5939c9931eb9557caee3b45fe1dd9ce54cabdc4e6182ed7faac77e1a866dd0cb602bfa4ece2f3316d769913366106bd2b61bf3bb5faad1fa7d808124c06dec0f" + }, + { + "alg" : "SHA-384", + "content" : "74059fd8f61c366ed448e102256fdbd1db0d690501c2c296c80f3657a2c0d8ade3dd9533b1431cc29786bbb624195f46" + }, + { + "alg" : "SHA3-384", + "content" : "15034fb39842620bf3b152cd90bce252644ebc6a29fafd6dcf5e1f3925f09ccea2ae4e195817450f996b25a7081a9a3f" + }, + { + "alg" : "SHA3-256", + "content" : "1716630a207a8f4a83bf9ef19245f46c87d62bfebbcfa1227101e6dd51da8fa5" + }, + { + "alg" : "SHA3-512", + "content" : "c290c98c7b5825d024644ec1162804a1f9ad4da3bb5324d147ddffee6cc79e3c0ecc3825d6116502f2ca292ec80c4e7f8d49a03542dda8f4d58b0dc8228923c5" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.commons/commons-collections4@4.4", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://commons.apache.org/proper/commons-collections/" + }, + { + "type" : "build-system", + "url" : "https://builds.apache.org/" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "http://issues.apache.org/jira/browse/COLLECTIONS" + }, + { + "type" : "mailing-list", + "url" : "https://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type" : "vcs", + "url" : "https://git-wip-us.apache.org/repos/asf?p=commons-collections.git" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.commons/commons-collections4@4.4" + }, + { + "group" : "com.github.ben-manes.caffeine", + "name" : "caffeine", + "version" : "3.1.8", + "description" : "A high performance caching library", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "b19301179903e8781776397d9923f7c8" + }, + { + "alg" : "SHA-1", + "content" : "24795585df8afaf70a2cd534786904ea5889c047" + }, + { + "alg" : "SHA-256", + "content" : "7dd15f9df1be238ffaa367ce6f556737a88031de4294dad18eef57c474ddf1d3" + }, + { + "alg" : "SHA-512", + "content" : "66195ac8ec62e5425344a51ab671a136618b8658a1e91bb1d1cd1aea5a51fdc12eb7fe5131a00e18ee330d6b0cad14f6743937c23baa50fb21e40eb76d82a777" + }, + { + "alg" : "SHA-384", + "content" : "bb1447801069938c709220002e2489c589f3a12e411a902983d1120785265b5b2716614b0612b6ab732978fdfe492399" + }, + { + "alg" : "SHA3-384", + "content" : "e0455cea493f7d299cc9cb4dafa42b184ddc35927985537ad8119057621f988c3165f1bec62715054bd9de802d91e1eb" + }, + { + "alg" : "SHA3-256", + "content" : "a197fd5b92f9d15ee3a9efac322eb201b47bd8dc20304a0c6d85986199ec03ca" + }, + { + "alg" : "SHA3-512", + "content" : "4fb700794e520bb3bc81ef156bedf696894ebf2d2bf0f25efdfd56dde4cd89b76c45b4a80d7eacb2ed0a6220718f1f9552547fecfb7d3fd319fa5145b4f20cab" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/com.github.ben-manes.caffeine/caffeine@3.1.8", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://github.com/ben-manes/caffeine" + }, + { + "type" : "vcs", + "url" : "https://github.com/ben-manes/caffeine" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/com.github.ben-manes.caffeine/caffeine@3.1.8" + }, + { + "group" : "com.github.andrewoma.dexx", + "name" : "collection", + "version" : "0.7", + "description" : "Persistent (immutable) collection library", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "6e1baaccf9e57842c7e944cef39bc680" + }, + { + "alg" : "SHA-1", + "content" : "264efc08bdcd22126bd429aaea9efaf5158b2b90" + }, + { + "alg" : "SHA-256", + "content" : "e50cbc8379325ee17e8127eed7eb88fb70b94ba16e5e3d97e12401a1fc248fb8" + }, + { + "alg" : "SHA-512", + "content" : "0708323a51db1dd3b4768ee844be5c83523ebc61c4e2ff07e6f952d8891dbc0f8e499f5d9bfb09bf48c99e492dc1804807a2e518b464d1a986407522e9dfea0d" + }, + { + "alg" : "SHA-384", + "content" : "19f9b9011d7f94d975b14b97aef8df35fb1a5cd215c35f3b3283d5cf0effdd8de3315907bce35bc9c12e006b6fcf8990" + }, + { + "alg" : "SHA3-384", + "content" : "38954676b168659dd560568f62cdd8fedd3a8ef7d54bb430d64311b7b3b21cfb481fb7a16ad1efabc5c586b66b20eed7" + }, + { + "alg" : "SHA3-256", + "content" : "3545d1a0d3d9dee1bcfb2c4aac44e013910fd117e6cd6417e26217bad8014a7a" + }, + { + "alg" : "SHA3-512", + "content" : "cc5998ac73b9d795c70690a6a83c633143ca1bb997091fb332134d94f095f89f7e581d20a89afb21455a143f824304c7eeb206d34ce8b8edd43e76606058b71b" + } + ], + "licenses" : [ + { + "license" : { + "id" : "MIT", + "url" : "https://opensource.org/licenses/MIT" + } + } + ], + "purl" : "pkg:maven/com.github.andrewoma.dexx/collection@0.7", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://github.com/andrewoma/dexx" + }, + { + "type" : "vcs", + "url" : "https://github.com/andrewoma/dexx" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/com.github.andrewoma.dexx/collection@0.7" + }, + { + "publisher" : "The Apache Software Foundation", + "group" : "org.apache.jena", + "name" : "jena-iri", + "version" : "5.1.0", + "description" : "The IRI module provides an implementation of the IRI and URI specifications (RFC 3987 and 3986) which are used across Jena in order to comply with relevant W3C specifications for RDF and SPARQL which require conformance to these specifications.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "67dbb429a4afba52ea207a2568cb9b5b" + }, + { + "alg" : "SHA-1", + "content" : "2c190ea773e47ea7914f03a977a4b36af0566869" + }, + { + "alg" : "SHA-256", + "content" : "1c0bcdfe7b95c5dceb243477a8d6c0050c0e701c30a8aafaf52fe2c9f9c0b796" + }, + { + "alg" : "SHA-512", + "content" : "3379e482231c8e5beeb006775b979b89619b2cbf618572d06a652c651c0f2f984eeeece478081e62aa2c835530daf888d7996a72b76efd42e0d2bf362760eaf0" + }, + { + "alg" : "SHA-384", + "content" : "5e96a2fb8a50faefe63524a944b969c01bda560883a3700c31f4ddee81627f06c4d758f9edb04241a80fa3706ad97ba3" + }, + { + "alg" : "SHA3-384", + "content" : "496924c0407d02584afd2d0a596983f71e31f9c651621533a4f4a1023bfabd8c264fb267ac57cf91bf98535317eb3a7a" + }, + { + "alg" : "SHA3-256", + "content" : "b518c85ddee69ff740f9ca21c329f22d39918e6e44c9a2e60684521cc3ed4918" + }, + { + "alg" : "SHA3-512", + "content" : "1eefe216352b189684328ff162bbcb90d355d602dc8f5f1a096f3ec5731e9b47c508d287c9aee2e7d4f1563858ceaab9edd85049582beb74f5179e6af7102b90" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.jena/jena-iri@5.1.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://jena.apache.org/jena-iri/" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/JENA" + }, + { + "type" : "mailing-list", + "url" : "https://lists.apache.org/list.html?users@jena.apache.org" + }, + { + "type" : "vcs", + "url" : "https://gitbox.apache.org/repos/asf/jena.git/jena-iri" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.jena/jena-iri@5.1.0" + }, + { + "group" : "org.roaringbitmap", + "name" : "RoaringBitmap", + "version" : "1.2.0", + "description" : "Roaring bitmaps are compressed bitmaps (also called bitsets) which tend to outperform conventional compressed bitmaps such as WAH or Concise.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "a721438efdc94bb9d6a0e508a9b4cb33" + }, + { + "alg" : "SHA-1", + "content" : "0040d89533167a49555079da9fe5857338eba3d1" + }, + { + "alg" : "SHA-256", + "content" : "2f3e57b9a9598e53e5b33c94ca9c1ba7ff9c3610992900d6cc7d68e89028ee05" + }, + { + "alg" : "SHA-512", + "content" : "f4cb665645cfdd9ff8402648d29813da61443b77b083b8413701a35b110317506ad27c6945844265476036afbae49ea5dec5f92111972a26c6077511eb4d8f17" + }, + { + "alg" : "SHA-384", + "content" : "4371d696b62a10e0b953d80a773986f1f4a91931879d262a593d64516dc7b9560b37ebd4f1593e6a2c1745c08335d044" + }, + { + "alg" : "SHA3-384", + "content" : "a9d82b724f42670cb513c4d53c22a5f969cf108ebf2e3fb7c9c148095ea2f8e880139786b18487b07a71719c12fab8d9" + }, + { + "alg" : "SHA3-256", + "content" : "51688a981e535d4bb84f6c35bced2e41c5c944ed91ac0f392a401c6b39638a7c" + }, + { + "alg" : "SHA3-512", + "content" : "b3f6674a96afc0e4eb56dd346c89278f97dac737c7d380450182e39fcef43981f244591f49d77b0eae47ea89e75807f9d93115483460a6d8912e28186b7aa440" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.roaringbitmap/RoaringBitmap@1.2.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://github.com/RoaringBitmap/RoaringBitmap" + }, + { + "type" : "issue-tracker", + "url" : "https://github.com/RoaringBitmap/RoaringBitmap/issues" + }, + { + "type" : "vcs", + "url" : "https://github.com/RoaringBitmap/RoaringBitmap" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.roaringbitmap/RoaringBitmap@1.2.0" + }, + { + "group" : "com.google.code.gson", + "name" : "gson", + "version" : "2.11.0", + "description" : "Gson JSON library", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "0c69b9199d3a4e6c34dc03619ff7feee" + }, + { + "alg" : "SHA-1", + "content" : "527175ca6d81050b53bdd4c457a6d6e017626b0e" + }, + { + "alg" : "SHA-256", + "content" : "57928d6e5a6edeb2abd3770a8f95ba44dce45f3b23b7a9dc2b309c581552a78b" + }, + { + "alg" : "SHA-512", + "content" : "b8c91426a8275b42ea5c55b104308ffbe656ae3354bc661f62173352e53a4818a009e4dd82bc6cf518c77fda5a4d2eab0d3ad832581a8f0d87966ef04e6c025a" + }, + { + "alg" : "SHA-384", + "content" : "8720df1ca6f2258a71b7f2307e2b49f0ad2379bc93e93be6a6c619e52b95dbe5a080a49149e8708ce1890e97b47b9bbf" + }, + { + "alg" : "SHA3-384", + "content" : "e3e268c6f8c75f018c7c8160fba7fe373242d45a2313b5c7823f3f75fcc04bbf93cb43c08ba2998b01b8a3c685d77280" + }, + { + "alg" : "SHA3-256", + "content" : "aa4162683be07c5de9c962e88301054ea42a9bed2257a5e4e650545624a2c094" + }, + { + "alg" : "SHA3-512", + "content" : "31730c961b8920673ac3e973a16272752a46df479bfc0ce4dfb6dd324e32d34e5006247d6b5508b8fdc785ba5ffb42534ea3fa2d7094191febcac60654230e24" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0", + "url" : "https://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl" : "pkg:maven/com.google.code.gson/gson@2.11.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://github.com/google/gson" + }, + { + "type" : "distribution-intake", + "url" : "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type" : "issue-tracker", + "url" : "https://github.com/google/gson/issues" + }, + { + "type" : "vcs", + "url" : "https://github.com/google/gson/" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/com.google.code.gson/gson@2.11.0" + }, + { + "group" : "com.apicatalog", + "name" : "titanium-json-ld", + "version" : "1.4.0", + "description" : "A JSON-LD 1.1 Processor & API", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "0e27f266c1cd33bf33095f9a1baa3283" + }, + { + "alg" : "SHA-1", + "content" : "57b0f09b4ac30e08480f4fd05fff70ddb342563b" + }, + { + "alg" : "SHA-256", + "content" : "d4fc261db866be5c5731f0a6a30e025553b211fd3f3ec186614497c280356029" + }, + { + "alg" : "SHA-512", + "content" : "aaaefa446739b107ee6a3add199616d5cb2d63720fe30cee83379f5b90ceae66bae36e555eccbb7163efb561416d460fa01a833ad4b32b53cfc49dedf809a852" + }, + { + "alg" : "SHA-384", + "content" : "4d8c728537ee80187c96cbadb208e37cf18f3c0802eb3e053c1b77a12157c6773dbaca8821741cb3c3d42cc631f33c46" + }, + { + "alg" : "SHA3-384", + "content" : "25945ea9c43e38163144e4044502aad67343ad75955e93fe62e2ca9df5f3db9681448dab0fd0b3e8f7f0cea9b0f558cd" + }, + { + "alg" : "SHA3-256", + "content" : "78ca80da8322b7577f75c37a0db122040a0816edebd70055daae575f039e9415" + }, + { + "alg" : "SHA3-512", + "content" : "12c46c3480b614a4bc032910690fe7f75a9d03dd164eff9d5de2fcf68ec0049799cb6acae8f746b3c743b01eeaeae554b2213c46b36248c1d25e8596b461d699" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/com.apicatalog/titanium-json-ld@1.4.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://github.com/filip26/titanium-json-ld" + }, + { + "type" : "vcs", + "url" : "https://github.com/filip26/titanium-json-ld/tree/main" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/com.apicatalog/titanium-json-ld@1.4.0" + }, + { + "publisher" : "Eclipse Foundation", + "group" : "org.glassfish", + "name" : "jakarta.json", + "version" : "2.0.1", + "description" : "Default provider for Jakarta JSON Processing", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "217370baa683188d6085c079a0988909" + }, + { + "alg" : "SHA-1", + "content" : "da6c75e591cf2a89ddc479cbdbd8fe5f41d3efc9" + }, + { + "alg" : "SHA-256", + "content" : "52539b39498b86ca9910b0eacc608a8c78de8db3842caa84bc87169372202cc0" + }, + { + "alg" : "SHA-512", + "content" : "3a7240c34098be4fc81769ec528a5afcc90e509d092a5e4edca27b2e92a3edfd6814bf60598fe6b856bec42c3002e64af286b6b8cae90cad06db276c6cbc10dc" + }, + { + "alg" : "SHA-384", + "content" : "aef48cccd89f11a491844d85be814ee882e760fe384d76c74259269c7c514115665f7ce1711124577079024a7b2127e2" + }, + { + "alg" : "SHA3-384", + "content" : "b35d0fe7b5fb661733c6dda6c09cef82a48db6358d2c26d15935c713e3873307add4ea0fd01df7ef5fd762da380ab0d5" + }, + { + "alg" : "SHA3-256", + "content" : "2d8d3ccc88d35b0254c3967f7fbe1c22b581ad9b25a92954570395ee1680a034" + }, + { + "alg" : "SHA3-512", + "content" : "a96804fb8d283352d133f05624aeaafca23e349ff3a55c4d1843a9dca9665bd941862bb27990d0f73f99ab9aadab3ab768b333ecb445830fc6cb8c704ca9ee8b" + } + ], + "licenses" : [ + { + "license" : { + "id" : "EPL-2.0", + "url" : "https://www.eclipse.org/legal/epl-2.0" + } + }, + { + "license" : { + "name" : "GNU General Public License, version 2 with the GNU Classpath Exception", + "url" : "https://projects.eclipse.org/license/secondary-gpl-2.0-cp" + } + } + ], + "purl" : "pkg:maven/org.glassfish/jakarta.json@2.0.1", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://github.com/eclipse-ee4j/jsonp" + }, + { + "type" : "distribution-intake", + "url" : "https://jakarta.oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type" : "issue-tracker", + "url" : "https://github.com/eclipse-ee4j/ee4j/issues" + }, + { + "type" : "mailing-list", + "url" : "https://dev.eclipse.org/mhonarc/lists/jakarta.ee-community/" + }, + { + "type" : "vcs", + "url" : "https://github.com/eclipse-ee4j/jsonp/jakarta.json" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.glassfish/jakarta.json@2.0.1" + }, + { + "group" : "org.apache.thrift", + "name" : "libthrift", + "version" : "0.20.0", + "description" : "Thrift is a software framework for scalable cross-language services development.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "88a81cac19a20b37e6b6ae64ab497af3" + }, + { + "alg" : "SHA-1", + "content" : "fdb4b0accc44b3617e53eb7e1cf7e990cc07ab70" + }, + { + "alg" : "SHA-256", + "content" : "52b4ccf7d4cd5cab6429b2507c31d8c1a358ea9d8ae0ba109dd2d865856e7c12" + }, + { + "alg" : "SHA-512", + "content" : "78884c60d74295d010ca42570ff4cd59196ab0d96e245525a9d5f419142580252fc61f6b01d010eda6bbc72752bd2bdfdc2aab40d5af860f6fa3136a85aef506" + }, + { + "alg" : "SHA-384", + "content" : "bcbd7f41c1dc3ace4acea858a9c1780a4eb3cd4f73b291afa404b989fe67e27935e4f4ba2e4903d8ff11614f23dfad27" + }, + { + "alg" : "SHA3-384", + "content" : "450e00d8444338decb5dc689759000e6672c29f1b7b6bab7debd75a5a81d2ef42c55bcc47d193ce5e082d2f47c10cca9" + }, + { + "alg" : "SHA3-256", + "content" : "91e683b2597b5119e4146ddfd2ee3e7bf41a15fce9c299bde7b5e5e9dcd158cd" + }, + { + "alg" : "SHA3-512", + "content" : "864128cd8d9f3e65c816c741ed4b06ea2dbbe51b00af51b4d3f27eaaaa077cb0a3860ecb2223343e75d7704ab61aea698e133febc71ba6b8db7010f87f0569dd" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.thrift/libthrift@0.20.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "http://thrift.apache.org" + }, + { + "type" : "vcs", + "url" : "https://github.com/apache/thrift" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.thrift/libthrift@0.20.0" + }, + { + "publisher" : "The Apache Software Foundation", + "group" : "org.apache.commons", + "name" : "commons-lang3", + "version" : "3.14.0", + "description" : "Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "4e5c3f5e6b0b965ef241d7d72ac8971f" + }, + { + "alg" : "SHA-1", + "content" : "1ed471194b02f2c6cb734a0cd6f6f107c673afae" + }, + { + "alg" : "SHA-256", + "content" : "7b96bf3ee68949abb5bc465559ac270e0551596fa34523fddf890ec418dde13c" + }, + { + "alg" : "SHA-512", + "content" : "0338b50767166e5746ada6d6aa2e071e7221d699323bfb629f7f204b294c1dc4cad140610a129ed751798443b43e74e0818989c7df7d33c5915aa29742be9ba8" + }, + { + "alg" : "SHA-384", + "content" : "908d0a22dc17aaa04caa5104cff7cad5b88b77eecb78dd5b3b3fefa22ff71ac50a4fb9e31c897ac243f9d841e4b3453d" + }, + { + "alg" : "SHA3-384", + "content" : "8a7f2e061b998780870eddd571620fbf3d3c70bcb54e24539d0db504f59d65bc6bda58136284498babe29fcc5eabb7a6" + }, + { + "alg" : "SHA3-256", + "content" : "022bf1f8039fcea717e9e34dd96eb80cfff05b43c9cbb76e9739b2421e2d027c" + }, + { + "alg" : "SHA3-512", + "content" : "0bcbc4edce974ea970c46e2da12ec98d9fd962c2cf64f757ac97136dec5623ca52af0c225895303c17ffabb57090e6772d7bd326d5e7438cef5454f8bbaeecfa" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0", + "url" : "https://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.commons/commons-lang3@3.14.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://commons.apache.org/proper/commons-lang/" + }, + { + "type" : "build-system", + "url" : "https://github.com/apache/commons-parent/actions" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/LANG" + }, + { + "type" : "mailing-list", + "url" : "https://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type" : "vcs", + "url" : "https://gitbox.apache.org/repos/asf?p=commons-lang.git" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.commons/commons-lang3@3.14.0" + }, + { + "group" : "org.junit.platform", + "name" : "junit-platform-suite-engine", + "version" : "1.11.0", + "description" : "Module \"junit-platform-suite-engine\" of JUnit 5.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "86c01dcfef9ec5a8088c0b7df415a218" + }, + { + "alg" : "SHA-1", + "content" : "729e811ba91dc21fc5fdae8c17098b3b9aad1feb" + }, + { + "alg" : "SHA-256", + "content" : "f818fd53a13dfa341bb3205ce5baf78a768904db639b8ec751ae63339c697da7" + }, + { + "alg" : "SHA-512", + "content" : "121f1ed5a5c74baf2da45dd09c3724c77a38402f8034917166ad962de7424cc1c549274ccd3203442f78dd350895b7170f0906b81b7b5db4b8d8bc3cf978020d" + }, + { + "alg" : "SHA-384", + "content" : "cf46aef6b551b76e8693b18c13a866a0634fbd8fbc5caa59d451735efc1d7794703deb4941a03645ad55a83431c2f755" + }, + { + "alg" : "SHA3-384", + "content" : "009506468e8c2a5b87691af90e8d8afdcaf6e4ee1e39073764ed37b6feec795a9fcdbcbe3a9cb0831c6c6a66953cd62f" + }, + { + "alg" : "SHA3-256", + "content" : "2600a5ecd193df9ec3b03fb73b474664000129e268401d8d46f756fdd85f916b" + }, + { + "alg" : "SHA3-512", + "content" : "6a365f75bde83cf3cf62e890d0e5262df0a2d609a43519dc32f70b3e5550202226ca25bb614a49adc66b4bc06f94c89c426f165c3b31c0dfe1a28188250a96e3" + } + ], + "licenses" : [ + { + "license" : { + "id" : "EPL-2.0" + } + } + ], + "purl" : "pkg:maven/org.junit.platform/junit-platform-suite-engine@1.11.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://junit.org/junit5/" + }, + { + "type" : "vcs", + "url" : "https://github.com/junit-team/junit5" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.junit.platform/junit-platform-suite-engine@1.11.0" + }, + { + "group" : "org.junit.platform", + "name" : "junit-platform-suite-commons", + "version" : "1.11.0", + "description" : "Module \"junit-platform-suite-commons\" of JUnit 5.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "88c781c20d2283bcd2ead55a1bd5196a" + }, + { + "alg" : "SHA-1", + "content" : "f27578ff83bcceed6da832cd2efb0300378066ef" + }, + { + "alg" : "SHA-256", + "content" : "18d4deb308c8aa47886b6a5fe95439ac6d8480f450da1722fb670527cc8e4854" + }, + { + "alg" : "SHA-512", + "content" : "eff438e8d1b80470e125908e49ec1af986c60b9bfa7ff0384b72de9e49df2ec2b8100e004f95d420536b751b842491e99bbb00c260e2939c438deba3ff5a7497" + }, + { + "alg" : "SHA-384", + "content" : "7ff1ea9c6f269aa939589d6fc58b3342d5f31e9df4c297b99c5c332494227abddf2f81f6a162f67114cca8a855a75792" + }, + { + "alg" : "SHA3-384", + "content" : "911379c0bfb3faaab37384547ce91f49457f5c23d3a3ab292704c172ca6ae78783f0f5a3c921977fc280e772fab2fd87" + }, + { + "alg" : "SHA3-256", + "content" : "17aaf94cc1b1356fea3f2b106959729cd49518d66ddf1c7786c02a293ae4eb5f" + }, + { + "alg" : "SHA3-512", + "content" : "60e180d38761c0d2b5f42774fa6e22866ef65c9c9bd28818dbca10e9044d586824d2bcfccf836171b07cb6c117921d5b3d245fe154b5f3d67bde1af571f971dd" + } + ], + "licenses" : [ + { + "license" : { + "id" : "EPL-2.0" + } + } + ], + "purl" : "pkg:maven/org.junit.platform/junit-platform-suite-commons@1.11.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://junit.org/junit5/" + }, + { + "type" : "vcs", + "url" : "https://github.com/junit-team/junit5" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.junit.platform/junit-platform-suite-commons@1.11.0" + }, + { + "group" : "org.junit.platform", + "name" : "junit-platform-launcher", + "version" : "1.11.0", + "description" : "Module \"junit-platform-launcher\" of JUnit 5.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "02195ffe0fad4206e3fe9a3447890d2c" + }, + { + "alg" : "SHA-1", + "content" : "605624a277ab3b02317765e1111ad577676648e1" + }, + { + "alg" : "SHA-256", + "content" : "a44535e639814236844e2247204f89247d13af0cebdea53a42314100dfde19ce" + }, + { + "alg" : "SHA-512", + "content" : "66a079940401ea9afbaa8050ae38e061255c3bfdb18d290dd2cac1e7cd6bc5d632d0c80e7fdabdc054cf30891ef657d2758b3b3d2fce9357ccd7e6f08aedfbfc" + }, + { + "alg" : "SHA-384", + "content" : "ddb00fbc6dac61a0d75c9b70d5f437e40d6fb91e4878fb8743a552a6c912bf6010068bfb5a1f08df82c2f6f3fad14c92" + }, + { + "alg" : "SHA3-384", + "content" : "d122f0bbd47c08292ddef81084b030947586980e0dcf29e8e551780b480473e0b1f3c8cc8f9da50a5dc92c3a14433367" + }, + { + "alg" : "SHA3-256", + "content" : "983ae95cb22f2059a5fbe6acb788c34a467bf05f5039c42005f114679beaa7b9" + }, + { + "alg" : "SHA3-512", + "content" : "93e077afb1509bbd884b3cf0decc74087e3e6f1b19612b6c2f73aa78fb3cfa4ecb8bac57b37b715506a8930f7c1775caf2d22241e6236ca413f90753f9e57d46" + } + ], + "licenses" : [ + { + "license" : { + "id" : "EPL-2.0" + } + } + ], + "purl" : "pkg:maven/org.junit.platform/junit-platform-launcher@1.11.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://junit.org/junit5/" + }, + { + "type" : "vcs", + "url" : "https://github.com/junit-team/junit5" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.junit.platform/junit-platform-launcher@1.11.0" + }, + { + "group" : "org.junit.platform", + "name" : "junit-platform-suite-api", + "version" : "1.11.0", + "description" : "Module \"junit-platform-suite-api\" of JUnit 5.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "0b5097c12325af8b3b5f847faaa2e413" + }, + { + "alg" : "SHA-1", + "content" : "7b39985784c88379305fbfdc48ef3f980255bb53" + }, + { + "alg" : "SHA-256", + "content" : "4e007a34fabc491f4c460ad7430bd9a7bd2cc00b5ad579067c3e7d19ca1af944" + }, + { + "alg" : "SHA-512", + "content" : "bfc52580dd793bee7e5e2e459caf67865d672f86887cfa53f0263462edb1c791d36433d24fc67954900c2245bbc1ad9ef468b5bf4496f3d8a40adb51a1f4d6a0" + }, + { + "alg" : "SHA-384", + "content" : "dc3e40895c3f6bc1b8c120ead1e124a0703a7c2e89ebac8504af1c5239a026dc6d0dd20d7d7d02238a6fc96ab5ee1614" + }, + { + "alg" : "SHA3-384", + "content" : "e687fbf8ccde816f55e9c550149429dcf0ae9becb9d294eb3516dff8c1f2dc7833312b4ce3c0a6d5ab395e07805b1f18" + }, + { + "alg" : "SHA3-256", + "content" : "83e89848bd3fa2bc00f96e2e525abb219e3ecd77ee9027d18212f9bb1fa69024" + }, + { + "alg" : "SHA3-512", + "content" : "03a7b54314f133ad63fd431767f6bad76c1626c403539c49f532ae22dd8f0a911275714023221b64080132ebf06352df09abed2b1da497391fd6d7653aedc749" + } + ], + "licenses" : [ + { + "license" : { + "id" : "EPL-2.0" + } + } + ], + "purl" : "pkg:maven/org.junit.platform/junit-platform-suite-api@1.11.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://junit.org/junit5/" + }, + { + "type" : "vcs", + "url" : "https://github.com/junit-team/junit5" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.junit.platform/junit-platform-suite-api@1.11.0" + }, + { + "group" : "org.junit.platform", + "name" : "junit-platform-commons", + "version" : "1.11.0", + "description" : "Module \"junit-platform-commons\" of JUnit 5.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "00f120150f50572c9a0500d3812a4cba" + }, + { + "alg" : "SHA-1", + "content" : "9bb41eff52781584798c487b68782ae3b4126f14" + }, + { + "alg" : "SHA-256", + "content" : "609333a4545f9018eb0c59071efd30663a9e9fdce528121b65a04c27e5fc26a7" + }, + { + "alg" : "SHA-512", + "content" : "2ffa55c14ba25911852406e1974f11e956fd9afd6b4854f9c4db9b85f46e7f1678ab7ebc4780b26f1cb23b41abbf12e568e011d7f47e42b92622a838a8a0c4b0" + }, + { + "alg" : "SHA-384", + "content" : "4380108050b0837cb8b43c6e00fa9a49e8e4a74aa076c346a23b3dbbc06a79bdabdcc6d4e77cf66ed648df1472343e5c" + }, + { + "alg" : "SHA3-384", + "content" : "c6c19146a0cf452a502b9c8140e6f943f3bc06ff0211c07b6239b1e67e9e651c9d6e882abf60d28c356ce2b4ccd4ab6c" + }, + { + "alg" : "SHA3-256", + "content" : "5d1ab7bfee383633f99130e14b7bf71df744cdf4ef541651b4d739f038cb5808" + }, + { + "alg" : "SHA3-512", + "content" : "0e7fee2a41ae61406c019f342f1a04a0ee7d37a599aab86fbaa7a24523ba43814c2d51d64b7076752e35085e8600bd058b408fb1ff56668f48c3792abb4c0daf" + } + ], + "licenses" : [ + { + "license" : { + "id" : "EPL-2.0" + } + } + ], + "purl" : "pkg:maven/org.junit.platform/junit-platform-commons@1.11.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://junit.org/junit5/" + }, + { + "type" : "vcs", + "url" : "https://github.com/junit-team/junit5" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.junit.platform/junit-platform-commons@1.11.0" + }, + { + "group" : "org.opentest4j", + "name" : "opentest4j", + "version" : "1.3.0", + "description" : "Open Test Alliance for the JVM", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "03c404f727531f3fd3b4c73997899327" + }, + { + "alg" : "SHA-1", + "content" : "152ea56b3a72f655d4fd677fc0ef2596c3dd5e6e" + }, + { + "alg" : "SHA-256", + "content" : "48e2df636cab6563ced64dcdff8abb2355627cb236ef0bf37598682ddf742f1b" + }, + { + "alg" : "SHA-512", + "content" : "78fc698a7871bb50305e3657893c10500595f043348d875f57bc39ca4a6a51eda3967b7c8c8a7ec3e8f85f2171bca4aa98823e912e416e87e81c6ba5b70a37c3" + }, + { + "alg" : "SHA-384", + "content" : "10398b6998c9202a0731e2e19ae1c3f9d8a83582c2663fe7bdda15794ee6fa816727dbd8f7c7164bd5395ee1cfe7c97e" + }, + { + "alg" : "SHA3-384", + "content" : "3abe706fd78509c25a402c7bbf6f9ddf71ffb5b35054864ba0fdf7902207115f888a0ba728fd71d2e87a9360d2498121" + }, + { + "alg" : "SHA3-256", + "content" : "d961907a1bfa1dcda329dca494ffbc251b31fabcaca5ab7095661a8ce3c1d654" + }, + { + "alg" : "SHA3-512", + "content" : "0ad661617bcac51bcd26f7ad4611c69b1fd9811b50dbf734e041a3243ab1f845e7796620e8a7c40c4a2df3946864598b1251396c7d9bd813203d82710788cce0" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.opentest4j/opentest4j@1.3.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://github.com/ota4j-team/opentest4j" + }, + { + "type" : "vcs", + "url" : "https://github.com/ota4j-team/opentest4j" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.opentest4j/opentest4j@1.3.0" + }, + { + "group" : "org.junit.platform", + "name" : "junit-platform-engine", + "version" : "1.11.0", + "description" : "Module \"junit-platform-engine\" of JUnit 5.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "652737294f52a90d1b0048cd7b3ca081" + }, + { + "alg" : "SHA-1", + "content" : "b981f322be92fe343d4a79f28208bb4475806019" + }, + { + "alg" : "SHA-256", + "content" : "a7e67279c651c516949512b506916475a6d9e284cd4f4c30d029b4ad73a944d8" + }, + { + "alg" : "SHA-512", + "content" : "fdabaf2df1bfe7caf63cb0878f9bb6141f71803c5a554b3accf5816a6d1644b5fcc36b1d328875eb0a1c9d448ecea5237636faced8b25b77d70b3d046c82e014" + }, + { + "alg" : "SHA-384", + "content" : "708525856146b3df457b4872f6100496c5f3c7ddfef44e8d22e60724588bcff48e1c3b8dbf251cd42349618facd9fbc0" + }, + { + "alg" : "SHA3-384", + "content" : "06b649b780c4fad439c88c945e164cb90de51849d747ab1dd7395c5429ad4ececc6bcf104ba6d85ee30f724297f80285" + }, + { + "alg" : "SHA3-256", + "content" : "f5af53c15032e4ee47b5405d5083d6337a30221d79729b31610476d57c660875" + }, + { + "alg" : "SHA3-512", + "content" : "e4b552200c0cca0ed16164988f5f1d6f9134d23700a8b3e6ce697fcc22cc1c291300d623da28136f30cb7b4fb79346b5fae48052b5677de4ff4d576d18e4b057" + } + ], + "licenses" : [ + { + "license" : { + "id" : "EPL-2.0" + } + } + ], + "purl" : "pkg:maven/org.junit.platform/junit-platform-engine@1.11.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://junit.org/junit5/" + }, + { + "type" : "vcs", + "url" : "https://github.com/junit-team/junit5" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.junit.platform/junit-platform-engine@1.11.0" + }, + { + "group" : "org.apiguardian", + "name" : "apiguardian-api", + "version" : "1.1.2", + "description" : "@API Guardian", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "8c7de3f82037fa4a2e8be2a2f13092af" + }, + { + "alg" : "SHA-1", + "content" : "a231e0d844d2721b0fa1b238006d15c6ded6842a" + }, + { + "alg" : "SHA-256", + "content" : "b509448ac506d607319f182537f0b35d71007582ec741832a1f111e5b5b70b38" + }, + { + "alg" : "SHA-512", + "content" : "d7ccd0e7019f1a997de39d66dc0ad4efe150428fdd7f4c743c93884f1602a3e90135ad34baea96d5b6d925ad6c0c8487c8e78304f0a089a12383d4a62e2c9a61" + }, + { + "alg" : "SHA-384", + "content" : "5ae11cfedcee7da43a506a67946ddc8a7a2622284a924ba78f74541e9a22db6868a15f5d84edb91a541e38afded734ea" + }, + { + "alg" : "SHA3-384", + "content" : "c146116b3dfd969200b2ce52d96b92dd02d6f5a45a86e7e85edf35600ddbc2f3c6e8a1ad7e2db4dcd2c398c09fad0927" + }, + { + "alg" : "SHA3-256", + "content" : "b4b436d7f615fc0b820204e69f83c517d1c1ccc5f6b99e459209ede4482268de" + }, + { + "alg" : "SHA3-512", + "content" : "7b95b7ac68a6891b8901b5507acd2c24a0c1e20effa63cd513764f513eab4eb55f8de5178edbe0a400c11f3a18d3f56243569d6d663100f06dd98288504c09c5" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.apiguardian/apiguardian-api@1.1.2", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://github.com/apiguardian-team/apiguardian" + }, + { + "type" : "vcs", + "url" : "https://github.com/apiguardian-team/apiguardian" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apiguardian/apiguardian-api@1.1.2" + }, + { + "group" : "io.telicent.jena", + "name" : "jena-fuseki-kafka-module", + "version" : "1.4.0-SNAPSHOT", + "description" : "Apache Jena Fuseki module for Kafka connector", + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/io.telicent.jena/jena-fuseki-kafka-module@1.4.0-SNAPSHOT", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://github.com/telicent-oss/jena-fuseki-kafka/jena-fuseki-kafka-module" + }, + { + "type" : "distribution-intake", + "url" : "https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type" : "issue-tracker", + "url" : "https://github.com/telicent-oss/jena-fuseki-kafka" + }, + { + "type" : "vcs", + "url" : "https://github.com/telicent-oss/jena-fuseki-kafka/jena-fuseki-kafka-module" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/io.telicent.jena/jena-fuseki-kafka-module@1.4.0-SNAPSHOT" + }, + { + "publisher" : "Apache Jena", + "group" : "org.apache.jena", + "name" : "jena-fuseki-main", + "version" : "5.1.0", + "description" : "Fuseki is a SPARQL 1.1 Server which provides the SPARQL query, SPARQL update and SPARQL graph store protocols.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "4ae72c5b0394cb16e271a4a2a2a3931b" + }, + { + "alg" : "SHA-1", + "content" : "b8ad58098c74be358916ec4b95002489b68bc3a4" + }, + { + "alg" : "SHA-256", + "content" : "072678773d2c3a58229014fe4903fcabe9cbcf56dc08cde8bccc5d2edbed7776" + }, + { + "alg" : "SHA-512", + "content" : "20765436d2e56ec25d19a77dcdb0fa2f5c945ca17745477ab01a09301bd94c36e51cd19b1261a30a5408eaff4801d1ef4d799c7e35972c0990ce110a26358c82" + }, + { + "alg" : "SHA-384", + "content" : "5b69268751c176b63d028dfb950b3f0479d921b07d673d7b8a96bf8986b8f9dd00456fe5f64a2aee9f477047270a6db5" + }, + { + "alg" : "SHA3-384", + "content" : "8685935326e0aadfacbf08850557b94dadb4fa4aa3c775041d88314a0b732f0a816ef9d8a4f6acbecce3aef091fe4d34" + }, + { + "alg" : "SHA3-256", + "content" : "e5dc5e03d77bc4a3f94a26ecb943ad7818949cf810b5bb3a6906656086fbbb74" + }, + { + "alg" : "SHA3-512", + "content" : "2c54c32caf501ba67515c9e22e3c0f86a6f4c305891830e30a109010b86407263da76b71aeab7153f318d0f1709cb8a39ffc854f3edb65953811ad9069dad1b8" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.jena/jena-fuseki-main@5.1.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://jena.apache.org/jena-fuseki-main/" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/JENA" + }, + { + "type" : "mailing-list", + "url" : "https://lists.apache.org/list.html?users@jena.apache.org" + }, + { + "type" : "vcs", + "url" : "https://gitbox.apache.org/repos/asf/jena.git/jena-fuseki/jena-fuseki-main" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.jena/jena-fuseki-main@5.1.0" + }, + { + "publisher" : "Apache Jena", + "group" : "org.apache.jena", + "name" : "jena-fuseki-core", + "version" : "5.1.0", + "description" : "Fuseki is a SPARQL 1.1 Server which provides the SPARQL query, SPARQL update and SPARQL graph store protocols.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "374a2ec3f0f8729f5f2e65765970e562" + }, + { + "alg" : "SHA-1", + "content" : "0e2fa88314a2b91fe5d9e275ebc0daa36cd0f306" + }, + { + "alg" : "SHA-256", + "content" : "9840fea56ffeab3f8edd102e90d1da77b00321df8a448a87668658233b83f039" + }, + { + "alg" : "SHA-512", + "content" : "7a25165e6d6335d303dc15e98e73398cd6310bb889c2d85f5e862ebd74bffa372ff11dfbd8a9f350d97423114fe9d6d01448e1c8107fe5bd0ece0961e75387c1" + }, + { + "alg" : "SHA-384", + "content" : "9db71720c17b0060a4a904f27d564b186c23118fd0a30fd257670b387160f07ce3cdefccf462a9dc7c407bd58bf6218e" + }, + { + "alg" : "SHA3-384", + "content" : "490d979b5b5f0068c9f1ba888f44d7e6af8b220dedbd006ce7b60a698adb14805522c47ee1ed0dd98299efa9cbd43f0b" + }, + { + "alg" : "SHA3-256", + "content" : "1319c16af80583c58b8adfb3021b2406f138e1dbbc2cb244f333c869ad58fe9a" + }, + { + "alg" : "SHA3-512", + "content" : "dfd143ad1a41a4728f965e6bc050385bde2918873e05f5225f0fb2bc3e502477576effda997dd2b07e4a3c0830ce983f95badec02dc9df6992c15616efdd2045" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.jena/jena-fuseki-core@5.1.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://jena.apache.org/jena-fuseki-core/" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/JENA" + }, + { + "type" : "mailing-list", + "url" : "https://lists.apache.org/list.html?users@jena.apache.org" + }, + { + "type" : "vcs", + "url" : "https://gitbox.apache.org/repos/asf/jena.git/jena-fuseki/jena-fuseki-core" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.jena/jena-fuseki-core@5.1.0" + }, + { + "publisher" : "The Apache Software Foundation", + "group" : "org.apache.jena", + "name" : "jena-rdfpatch", + "version" : "5.1.0", + "description" : "The Apache Software Foundation provides support for the Apache community of open-source software projects. The Apache projects are characterized by a collaborative, consensus based development process, an open and pragmatic software license, and a desire to create high quality software that leads the way in its field. We consider ourselves not simply a group of projects sharing a server, but rather a community of developers and users.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "b126289932055e72f74e418b38c8f0c6" + }, + { + "alg" : "SHA-1", + "content" : "c81d618d75edd021d7f5be8fb5a8f79c25ab0234" + }, + { + "alg" : "SHA-256", + "content" : "592017b3120b1b27b5930cada971a1aa546d6380c2bdc56840669eba0b83511a" + }, + { + "alg" : "SHA-512", + "content" : "7f424cd3c5dd6a9985706b41ad2a6b4f54efd5fcc9f3dfa9352e8820322ea34a050eae91c94ce298dca28b4a5921f39e598f43decb66715648d473c6ee188209" + }, + { + "alg" : "SHA-384", + "content" : "80fb303854e4a7a8baffa98ba2c421791577a3782920f07174aa78c947a34c339743b4296e27f38538190b2734c77391" + }, + { + "alg" : "SHA3-384", + "content" : "8cd282fe2559bcb68dc5f2b8d851f3764887fc849ad7ca2b72757caed392903784cf54df14510c44bff56fe41d27e7d3" + }, + { + "alg" : "SHA3-256", + "content" : "40a269c2b2539ce86a54703bd4719612a7ec95b8a09e65834a4d93a644121a1c" + }, + { + "alg" : "SHA3-512", + "content" : "0382372eccbe14aa0fcb5098dd303d1ae053195803dda827332e1772ef5a7aa813d5e92cd3b359503f79b4bcc5664064426a66b2da64ef52898f6e2bc1a5d33e" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.jena/jena-rdfpatch@5.1.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://jena.apache.org/jena-rdfpatch/" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/JENA" + }, + { + "type" : "mailing-list", + "url" : "https://lists.apache.org/list.html?users@jena.apache.org" + }, + { + "type" : "vcs", + "url" : "https://gitbox.apache.org/repos/asf/jena.git/jena-rdfpatch" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.jena/jena-rdfpatch@5.1.0" + }, + { + "publisher" : "The Apache Software Foundation", + "group" : "org.apache.jena", + "name" : "jena-shacl", + "version" : "5.1.0", + "description" : "SHACL engine for Apache Jena", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "aaf3a769e38679f27446bea96709365c" + }, + { + "alg" : "SHA-1", + "content" : "2949e1345335ede3a461270da99f775c849107a9" + }, + { + "alg" : "SHA-256", + "content" : "79a6f8731aad39881652693cdb4cfebe2f5e046497d53edfc1757f81a7fd8318" + }, + { + "alg" : "SHA-512", + "content" : "25984ef0bf0a3a3a737fd40eb7500516e6313e165812bca023c38b73bcb16515780a69c80666fbe7a1dbe57af4ba2b3cb383bff1f6f184c23277acb75bfa082f" + }, + { + "alg" : "SHA-384", + "content" : "ff69d4ea8e06521b29f02505aeba6607dd184c15c29ea85ea2ee0baae6d3030f196b88f86bf2d8defd73ed067595ffb2" + }, + { + "alg" : "SHA3-384", + "content" : "79d204dc309fc591c592c7168b00c33f9cea64c71b1978c19a57cb28aeeff0014e66529ce483830c0d33510eb8b9e7df" + }, + { + "alg" : "SHA3-256", + "content" : "6700a85cc6e6fa709e7a595db81d268703d1f5356482d29135ff35b15bfb57c5" + }, + { + "alg" : "SHA3-512", + "content" : "765dd00093ce3d26e999bd97996a2e63708d58ae71cad8a62fe896035d42a97b212f2c8e92922c50811eee82720173e506fe6b57dd12ea94f7bccf2aa3e40448" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.jena/jena-shacl@5.1.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://jena.apache.org/jena-shacl/" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/JENA" + }, + { + "type" : "mailing-list", + "url" : "https://lists.apache.org/list.html?users@jena.apache.org" + }, + { + "type" : "vcs", + "url" : "https://gitbox.apache.org/repos/asf/jena.git/jena-shacl" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.jena/jena-shacl@5.1.0" + }, + { + "publisher" : "The Apache Software Foundation", + "group" : "org.apache.jena", + "name" : "jena-shex", + "version" : "5.1.0", + "description" : "ShEx", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "8bbebdbff90f2e82f25407eeec0d6e82" + }, + { + "alg" : "SHA-1", + "content" : "7ce9eaec558f2a2492f590b6ceb787eefa699416" + }, + { + "alg" : "SHA-256", + "content" : "50ae8b1cbc6fa0dd497fbc5e3f940264893ca6f61ea88699cb4af348bd8304ec" + }, + { + "alg" : "SHA-512", + "content" : "45d53d9d1d9ed8d309987892d1509b834ea255112dcb9c1eb3d3314002747e94da9ce0ff007989054fef75905e48d431adcd4fd00eb582fea60d50ee9b623d59" + }, + { + "alg" : "SHA-384", + "content" : "aeca0de36d1fea96c340a4c9e416fb7dc91cf1ef22e9a53e8063be2e16b589b9c9577e22fda5c607f045b5273643b659" + }, + { + "alg" : "SHA3-384", + "content" : "0ee10ea100149d874e839cd82d23ddf3cc288069d701fd79b154fd34cfb832ca79a133774636d9f5e5e9532d5bdb7e1e" + }, + { + "alg" : "SHA3-256", + "content" : "f17fce9371dead07ae72bb274dfb22eb03d154b1335db0a9381e8e7a6037b32f" + }, + { + "alg" : "SHA3-512", + "content" : "eb9e69db6b64e8a02f1f2e85927319e390fc07624b9fc75fdf25cc8d4a8213a1ecc7ed9bf34f0227c9939e23a6666b5d1f16f8f96aab1242b4fb7cb9a89ae3a2" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.jena/jena-shex@5.1.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://jena.apache.org/jena-shex/" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/JENA" + }, + { + "type" : "mailing-list", + "url" : "https://lists.apache.org/list.html?users@jena.apache.org" + }, + { + "type" : "vcs", + "url" : "https://gitbox.apache.org/repos/asf/jena.git/jena-shex" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.jena/jena-shex@5.1.0" + }, + { + "publisher" : "The Apache Software Foundation", + "group" : "org.apache.jena", + "name" : "jena-tdb1", + "version" : "5.1.0", + "description" : "TDB is a storage subsystem for Jena and ARQ, it is a native triple store providing persistent storage of triples/quads.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "87f9efc23cd2dedc51717b5902d33fff" + }, + { + "alg" : "SHA-1", + "content" : "347c6d16bcf42c71502003c94a8afd211dcf4d43" + }, + { + "alg" : "SHA-256", + "content" : "c3c5845cb10e2ad0b64eb7f8c82761f840991a33e60e5da22ab5b65f77fdea53" + }, + { + "alg" : "SHA-512", + "content" : "4d00ccecfe7cc09878781866e77e90f64643ec27204e03185727ea9e9a845e8f75b4ce771473d83eaa0d3ff8466a6573dd33dfc2dac5ac2d338c972191983e7e" + }, + { + "alg" : "SHA-384", + "content" : "32666ae3eb400bda9fd39b8879a882be817f2d778aecd9d40b2b92e4749c9e17c49563331654db1a93193861ae56fa06" + }, + { + "alg" : "SHA3-384", + "content" : "ee0735f20f7ab4a9516de0c912006ed938b72641c2d87771df6b14d52694bc2ca1190fb1a7c5488c13db7485c8626020" + }, + { + "alg" : "SHA3-256", + "content" : "4ba5eaefc8be2228b26499d1965edb4b983b52ca6856867f6e0106db40febd6b" + }, + { + "alg" : "SHA3-512", + "content" : "1ccd8c20811ea5979bd30ef88e5b48655de19b2f52325f34782db744e0d3647327bef8cb8421cd7fcd61f3ebae1397ef29273821b3799938be930b11b4dd6f20" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.jena/jena-tdb1@5.1.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://jena.apache.org/jena-tdb1/" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/JENA" + }, + { + "type" : "mailing-list", + "url" : "https://lists.apache.org/list.html?users@jena.apache.org" + }, + { + "type" : "vcs", + "url" : "https://gitbox.apache.org/repos/asf/jena.git/jena-tdb1" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.jena/jena-tdb1@5.1.0" + }, + { + "publisher" : "The Apache Software Foundation", + "group" : "org.apache.jena", + "name" : "jena-tdb2", + "version" : "5.1.0", + "description" : "The Apache Software Foundation provides support for the Apache community of open-source software projects. The Apache projects are characterized by a collaborative, consensus based development process, an open and pragmatic software license, and a desire to create high quality software that leads the way in its field. We consider ourselves not simply a group of projects sharing a server, but rather a community of developers and users.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "a5afc315315370dc37cd35df9fa8652f" + }, + { + "alg" : "SHA-1", + "content" : "fcf8e856a9af255d888781ee8f1cb64af9dd5b5b" + }, + { + "alg" : "SHA-256", + "content" : "2e14bd44c5f3f96db412b503ef857e01f33cb673a8f29b4136550cfc210f306a" + }, + { + "alg" : "SHA-512", + "content" : "c19fbe6fef71879746488b7f02fe3a16624e5daf7d6a7f25026098054b072c9298ed9b7f9f485704941982c7a9c55781e1912aa631ae484b6bd223acab458ea9" + }, + { + "alg" : "SHA-384", + "content" : "1ca67d8f80a331021f96e0b12eadaa0ae7135a34ced42f3057030617b0db1559a0fd298264c2f6a17d8956c188ed7507" + }, + { + "alg" : "SHA3-384", + "content" : "0c03a7f46ac96cbed94f2ba7d8d9bd4dbffbc42b2d22af5713bfcbb87b1ceed11b2285e2e6a14533414f8dbe7d4b43da" + }, + { + "alg" : "SHA3-256", + "content" : "0c7d3065660b0afd0ee9ce853adbb8e64e5a6f8211ee6d7b6d01e6a1cbab6c9c" + }, + { + "alg" : "SHA3-512", + "content" : "cc59f51ab0e118f0e7bf2fc6736f776874f67b9dae566127f048391d1cfc5ea0beb317f072fe1f2132aced97d8bdccaa7b215f98e26c9090ee7446f7137b282d" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.jena/jena-tdb2@5.1.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://jena.apache.org/jena-tdb2/" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/JENA" + }, + { + "type" : "mailing-list", + "url" : "https://lists.apache.org/list.html?users@jena.apache.org" + }, + { + "type" : "vcs", + "url" : "https://gitbox.apache.org/repos/asf/jena.git/jena-tdb2" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.jena/jena-tdb2@5.1.0" + }, + { + "publisher" : "The Apache Software Foundation", + "group" : "org.apache.jena", + "name" : "jena-dboe-storage", + "version" : "5.1.0", + "description" : "Triplestore database storage", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "baeedc23ec963b1e1566475760e8f9a9" + }, + { + "alg" : "SHA-1", + "content" : "ade43417b06c37235ad5558002613b9d116c6c7b" + }, + { + "alg" : "SHA-256", + "content" : "d9b787a7e1db4c4753b4573580aaa3f1350d0b16e269f8797e56eb8af33d6cca" + }, + { + "alg" : "SHA-512", + "content" : "9d2d727e632e8766f3cfb41cb6d0051a61a4de8a3cdd378fc4e171b2a049cef961c536d494c03e4e911530ad17642d0bcaadaae96dc691601484a1a6307eeafe" + }, + { + "alg" : "SHA-384", + "content" : "91db3ded78f588d776b3e6f69d5a4c92133e039560f4bf0ebd4356dea00fd91322398066c0e1c47aad7e391ad29eb807" + }, + { + "alg" : "SHA3-384", + "content" : "c87ce4738ddf51518e6bfc0d37a6c27d62d5cbc7d527cc14afadf68e1a429745d3e3b8aa58576c1a1dee57f62da0f4ba" + }, + { + "alg" : "SHA3-256", + "content" : "c868ebd01e50e9839d231826a7a6945ca274e668f19ae34dadeec8e8645d6712" + }, + { + "alg" : "SHA3-512", + "content" : "501515bfef8a8146c27c6972b8bed42beb990bacd6dede29795e0f0f5fc1cdd0cf6dca79742236309bc5c204e3cccb9c810e1a8f832af123c87a8cdb5bdd8ef4" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0", + "url" : "https://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.jena/jena-dboe-storage@5.1.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://jena.apache.org/jena-dboe-storage/" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/JENA" + }, + { + "type" : "mailing-list", + "url" : "https://lists.apache.org/list.html?users@jena.apache.org" + }, + { + "type" : "vcs", + "url" : "https://gitbox.apache.org/repos/asf/jena.git/jena-db/jena-dboe-storage" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.jena/jena-dboe-storage@5.1.0" + }, + { + "publisher" : "The Apache Software Foundation", + "group" : "org.apache.jena", + "name" : "jena-dboe-trans-data", + "version" : "5.1.0", + "description" : "The Apache Software Foundation provides support for the Apache community of open-source software projects. The Apache projects are characterized by a collaborative, consensus based development process, an open and pragmatic software license, and a desire to create high quality software that leads the way in its field. We consider ourselves not simply a group of projects sharing a server, but rather a community of developers and users.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "93da58096461816e6ea448897ca1012c" + }, + { + "alg" : "SHA-1", + "content" : "5bbf92e2a5b5f4a0f7334b68e67ccae828f4cc71" + }, + { + "alg" : "SHA-256", + "content" : "168128376e3c2318f3debdbffef014adf4d8c4431093e21443d4ada63c2b772c" + }, + { + "alg" : "SHA-512", + "content" : "a3321787250a5ae000b1acc4c864b620050577f65450838138a5cd9971d52ef6e7336630cf2bb010fd62df28d240d43b7b7f2c1e5a46382c621d037e53f90627" + }, + { + "alg" : "SHA-384", + "content" : "ac1ccdc4d1b38bcc77df8cf9816d72fae5746e0212e9dd8d2a1a8b47077be3a9d7f276bbb04389f5333f689251fec63d" + }, + { + "alg" : "SHA3-384", + "content" : "f91335ac7707bda334497ff0f3ddc01a74495eefb7c930cab92632150749cda3380a3ca3ce1fd2267cbd44c3fefe55bc" + }, + { + "alg" : "SHA3-256", + "content" : "5e470df7e9986fecf8e006a0913f0472f62e09727c1d1cd616ae154b85c32507" + }, + { + "alg" : "SHA3-512", + "content" : "300fc55a848bcfd8d8c92bdc9f95bc9643858c98dac75430554d56354af5029700b805d8a42a88c619459909e074588842b5a0e2271516a0254fcf104d521090" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0", + "url" : "https://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.jena/jena-dboe-trans-data@5.1.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://jena.apache.org/jena-dboe-trans-data/" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/JENA" + }, + { + "type" : "mailing-list", + "url" : "https://lists.apache.org/list.html?users@jena.apache.org" + }, + { + "type" : "vcs", + "url" : "https://gitbox.apache.org/repos/asf/jena.git/jena-db/jena-dboe-trans-data" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.jena/jena-dboe-trans-data@5.1.0" + }, + { + "publisher" : "The Apache Software Foundation", + "group" : "org.apache.jena", + "name" : "jena-dboe-transaction", + "version" : "5.1.0", + "description" : "The Apache Software Foundation provides support for the Apache community of open-source software projects. The Apache projects are characterized by a collaborative, consensus based development process, an open and pragmatic software license, and a desire to create high quality software that leads the way in its field. We consider ourselves not simply a group of projects sharing a server, but rather a community of developers and users.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "854bb11ad354ee98973a998fe0b723e9" + }, + { + "alg" : "SHA-1", + "content" : "113173e6bad404a16a53e9a2b80cd8451721c48e" + }, + { + "alg" : "SHA-256", + "content" : "451afc11209139a16b7ae74e848560b166af115a05e24b5eb6812782c5b423fe" + }, + { + "alg" : "SHA-512", + "content" : "54ab7299dd71ab78dc0aab97035dff9ad0e3aaac8c4938482da5c61691a5918384b02b59c56ec39220b4bbe6de07812e531dac2842ff579a44da64a4db995d97" + }, + { + "alg" : "SHA-384", + "content" : "ade30603a71abcf78d2c7403312c13deb5cd6876e125d16a072b30c047b1c028220d0cc464448bc2b8154155f7b0cc4c" + }, + { + "alg" : "SHA3-384", + "content" : "311ab7aa7a8cc9da7cc2686d45a105941325ecbea6fc9f81814b6d6e431a06977309876227d799a06e27caae39be333b" + }, + { + "alg" : "SHA3-256", + "content" : "674bb0fa477c5c84e360a28f499f29e801fd85b16eb94e07c9f9ff64d349035e" + }, + { + "alg" : "SHA3-512", + "content" : "ea3903d613eb0d316e214bafc9b282c1f9289191f1f237ca02ae77ccb8873cbc3d5c4fe95d09e0565b89997709d6e6d064a065bb91d4117ef73fea003fc42ac1" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0", + "url" : "https://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.jena/jena-dboe-transaction@5.1.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://jena.apache.org/jena-dboe-transaction/" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/JENA" + }, + { + "type" : "mailing-list", + "url" : "https://lists.apache.org/list.html?users@jena.apache.org" + }, + { + "type" : "vcs", + "url" : "https://gitbox.apache.org/repos/asf/jena.git/jena-db/jena-dboe-transaction" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.jena/jena-dboe-transaction@5.1.0" + }, + { + "publisher" : "The Apache Software Foundation", + "group" : "org.apache.jena", + "name" : "jena-dboe-base", + "version" : "5.1.0", + "description" : "The Apache Software Foundation provides support for the Apache community of open-source software projects. The Apache projects are characterized by a collaborative, consensus based development process, an open and pragmatic software license, and a desire to create high quality software that leads the way in its field. We consider ourselves not simply a group of projects sharing a server, but rather a community of developers and users.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "e3190bb2360e439b31bee4dbf263a4ee" + }, + { + "alg" : "SHA-1", + "content" : "781f853333e7a35e6ccc7bc05ae9dc43bf77b03a" + }, + { + "alg" : "SHA-256", + "content" : "d1378495f6acd4a4d78e465ee693199454cbfde7da02580b106f04adf4a6590c" + }, + { + "alg" : "SHA-512", + "content" : "59bfbbae82632d444e8a1bed0f0bdc6142a723ba25e0d2d99c0b0f2ebb57f2cf971f7dcdee41ea79e4957894c0e9f5cfd911ae6786d2f33fe67f5510ebd4d0af" + }, + { + "alg" : "SHA-384", + "content" : "a894c86fe8473a246be80fe3c3024d2faa3c5fa36c91320f6a460de69d312176050367e0c965de92d4b3080d6d6315ef" + }, + { + "alg" : "SHA3-384", + "content" : "01ab85547af6d8019642806ffee138200d8d3f12136d1b92526ee315e59574af24d8dddf9bd886fd2523a85c5a044912" + }, + { + "alg" : "SHA3-256", + "content" : "1572f718b0008789a8a0f948d8b3824965b7a05b67c2cee09e45f75d1a6a1017" + }, + { + "alg" : "SHA3-512", + "content" : "4bef37f341ddc139af57f9608258580dd95ce9ca6042163db7c2016834cfc8dadd0d035f45867c5397f0adfbb2b142645ec303b5caeb1771cef12b3460bdb8a8" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0", + "url" : "https://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.jena/jena-dboe-base@5.1.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://jena.apache.org/jena-dboe-base/" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/JENA" + }, + { + "type" : "mailing-list", + "url" : "https://lists.apache.org/list.html?users@jena.apache.org" + }, + { + "type" : "vcs", + "url" : "https://gitbox.apache.org/repos/asf/jena.git/jena-db/jena-dboe-base" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.jena/jena-dboe-base@5.1.0" + }, + { + "publisher" : "The Apache Software Foundation", + "group" : "org.apache.jena", + "name" : "jena-dboe-index", + "version" : "5.1.0", + "description" : "The Apache Software Foundation provides support for the Apache community of open-source software projects. The Apache projects are characterized by a collaborative, consensus based development process, an open and pragmatic software license, and a desire to create high quality software that leads the way in its field. We consider ourselves not simply a group of projects sharing a server, but rather a community of developers and users.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "83ed0f0637d49692c029edf8e0560e67" + }, + { + "alg" : "SHA-1", + "content" : "c4210bb905935140605cb202061270d6bcabe9d3" + }, + { + "alg" : "SHA-256", + "content" : "ced64c511ba56a7be1d3a5c3aa292005c7f5ac964604c65f9d38a703c6603717" + }, + { + "alg" : "SHA-512", + "content" : "14abbedf4b361874ac5aeaa69713bed1d70d8b0829792478810f86c225993c30ffa0481559925cd6fbec0cbdcc89fa64bf885c8f65ae1417847501471a76d34c" + }, + { + "alg" : "SHA-384", + "content" : "cf3cb3b25b1cd9e9dacf06b8fcecd55e67f655c182a58b9dbbd589359fdb1f60e5354f08ea62664d9c96e4ad2ed8a75a" + }, + { + "alg" : "SHA3-384", + "content" : "933f6ca1cebb76e11e6df47920c17c573c3549a87cc624e635408ea7627fbeafd91c6b167483712b9294a53853d6c6a7" + }, + { + "alg" : "SHA3-256", + "content" : "24d5ea262aaf4769b29af83e6778586a5e50454318494f1310ce1da04dbb46eb" + }, + { + "alg" : "SHA3-512", + "content" : "455d62b87de00bc94534d7a177a1849966eab3e1a2d790304338086376b4b6412f92b6c5cfc9fb5679d386d1fc22a3671d9af826a34e9b8bea994820f0590a00" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0", + "url" : "https://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.jena/jena-dboe-index@5.1.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://jena.apache.org/jena-dboe-index/" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/JENA" + }, + { + "type" : "mailing-list", + "url" : "https://lists.apache.org/list.html?users@jena.apache.org" + }, + { + "type" : "vcs", + "url" : "https://gitbox.apache.org/repos/asf/jena.git/jena-db/jena-dboe-index" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.jena/jena-dboe-index@5.1.0" + }, + { + "publisher" : "The Apache Software Foundation", + "group" : "org.apache.jena", + "name" : "jena-rdfconnection", + "version" : "5.1.0", + "description" : "RDF Connection", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "c1ee5cab41e804a9ef3c8651324bb642" + }, + { + "alg" : "SHA-1", + "content" : "2c5a58f7a472e5513c65efcee4f22a24a9856fe6" + }, + { + "alg" : "SHA-256", + "content" : "7e1996e07f2c633c0b904840d206e4086d5c6a037e5236308c5106f32b075d5c" + }, + { + "alg" : "SHA-512", + "content" : "6a62aa547e4fbb1f55fb7d917402f94ed39c191a22da761058891adb57823a070f6273ed2af21abf52f3aa4decc5a1f8aaac034475dc56751d54b3bd18a6a550" + }, + { + "alg" : "SHA-384", + "content" : "5617751914d749cce2590c7c094be6e0d4d5dda19de37abcccf3abc89cb94417ef23293637a74bfe43a7cdca36b5c31b" + }, + { + "alg" : "SHA3-384", + "content" : "40243b0eb839ddf87b08826ad7514456103310671fff0c83331caa268ec08ec775c408d40b3e87dcc973d0e61212c401" + }, + { + "alg" : "SHA3-256", + "content" : "b9109418b2e5dc8b124beb0254b59330afcf684243a99f82c2afd1d6515a2ea5" + }, + { + "alg" : "SHA3-512", + "content" : "fd5ff75c75c5d6ebd157bc2052941fc36d775f31c67cc9b17422e6350682cee423f5f91ece877e986ddd0829d9ca346876d75aaad84a9006c385d97c64d4ea12" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.jena/jena-rdfconnection@5.1.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://jena.apache.org/jena-rdfconnection/" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/JENA" + }, + { + "type" : "mailing-list", + "url" : "https://lists.apache.org/list.html?users@jena.apache.org" + }, + { + "type" : "vcs", + "url" : "https://gitbox.apache.org/repos/asf/jena.git/jena-rdfconnection" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.jena/jena-rdfconnection@5.1.0" + }, + { + "publisher" : "The Apache Software Foundation", + "group" : "org.apache.commons", + "name" : "commons-fileupload2-jakarta-servlet6", + "version" : "2.0.0-M2", + "description" : "The Apache Commons FileUpload Jakarta component provides a simple yet flexible means of adding support for multipart file upload functionality to Jakarta servlets and web applications.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "90a1857034b763783a49294f53626919" + }, + { + "alg" : "SHA-1", + "content" : "de8ac10c2fcf051714db8c23754cce58eacdcdb6" + }, + { + "alg" : "SHA-256", + "content" : "c045806fa350a9280f743757d7aeeec5c236a2f47ea4dc6a4622a4638c58acda" + }, + { + "alg" : "SHA-512", + "content" : "b13157d90c56b1ed53b4cbcbe7d6900ec0a1c83bed50329fdfef448462581e5334853344b9248a8c510a57a7f47a023cce0fd213395a9514160a045aad3981a6" + }, + { + "alg" : "SHA-384", + "content" : "7530dc53cee22ea17b29fb4af75dc042c58e2427ffdc14ecfb539d11c64eebd2ab919bbb2a48b47ea2a46bd820482a27" + }, + { + "alg" : "SHA3-384", + "content" : "a3839efcb95d4129ab7bcea0ca0629a49650d7e61cf0c6e1b9d2ac322b1dc628a548e540d6b71fc6da7ecb6e65487cd6" + }, + { + "alg" : "SHA3-256", + "content" : "6f88ff35205e667922583ee60df617d80bb65fa803d48807f9ede89481376a96" + }, + { + "alg" : "SHA3-512", + "content" : "2bf725d87ea7233de96124bb96acd10581320d70348a3367e366a6d5f252aec05205d3f23895a6cf98ba899393d110dac3cfe40f090b62b6ea458c4893ec84f5" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0", + "url" : "https://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.commons/commons-fileupload2-jakarta-servlet6@2.0.0-M2", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://commons.apache.org/proper/commons-fileupload/commons-fileupload2-jakarta-servlet6/" + }, + { + "type" : "build-system", + "url" : "https://github.com/apache/commons-parent/actions" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/FILEUPLOAD" + }, + { + "type" : "mailing-list", + "url" : "https://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type" : "vcs", + "url" : "https://gitbox.apache.org/repos/asf?p=commons-fileupload.git/commons-fileupload2-jakarta-servlet6" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.commons/commons-fileupload2-jakarta-servlet6@2.0.0-M2" + }, + { + "publisher" : "The Apache Software Foundation", + "group" : "org.apache.commons", + "name" : "commons-fileupload2-core", + "version" : "2.0.0-M2", + "description" : "The Apache Commons FileUpload Core component provides the framework for a simple yet flexible means of adding support for multipart file upload functionality to servlets, portlets, and web applications.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "6180d94509d26d293bd2d04389156e4b" + }, + { + "alg" : "SHA-1", + "content" : "5b16aec91c2e0b0e6052bff9795045c2704f6ca7" + }, + { + "alg" : "SHA-256", + "content" : "85f249414c2d34349442447b7ee36fc6be55eef1c571a73f8aebaaf81ec74551" + }, + { + "alg" : "SHA-512", + "content" : "b15fe7bb86110c96e8effca97b3de44191cb31aa50aec254cf171e5d714b60686936759336df25c248bbcdfce9c2e56561f03620770b626977a47a2d5ea16b47" + }, + { + "alg" : "SHA-384", + "content" : "f57f0116068774f1eed99b52dfb2d3058cf82320d34c78583dabf97f82cf460a7ec3c92b7681031dc8a0bfdc755a09ce" + }, + { + "alg" : "SHA3-384", + "content" : "e801aef99ec3ad39e963d29a5dd1ea44441fa7cd2547dae46330240c10fbd6c3df41507a4820ecff3a844bdca4eafd5d" + }, + { + "alg" : "SHA3-256", + "content" : "29c0d73e1592877be88e39659d1d2c890ceac176c96734ce792f61463c832929" + }, + { + "alg" : "SHA3-512", + "content" : "fe1ce1d5d4104de16b24cd043bf07c7eb958cb5cf9118b462d5c901763b430e1bc14e459fb3d20e1034227633215d058cca383afed12ec565c66cb5b04e88268" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0", + "url" : "https://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.commons/commons-fileupload2-core@2.0.0-M2", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://commons.apache.org/proper/commons-fileupload/commons-fileupload2-core/" + }, + { + "type" : "build-system", + "url" : "https://github.com/apache/commons-parent/actions" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/FILEUPLOAD" + }, + { + "type" : "mailing-list", + "url" : "https://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type" : "vcs", + "url" : "https://gitbox.apache.org/repos/asf?p=commons-fileupload.git/commons-fileupload2-core" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.commons/commons-fileupload2-core@2.0.0-M2" + }, + { + "publisher" : "The Apache Software Foundation", + "group" : "commons-io", + "name" : "commons-io", + "version" : "2.15.1", + "description" : "The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "84351f7991a0e6722f00e96a4ccc376f" + }, + { + "alg" : "SHA-1", + "content" : "f11560da189ab563a5c8e351941415430e9304ea" + }, + { + "alg" : "SHA-256", + "content" : "a58af12ee1b68cfd2ebb0c27caef164f084381a00ec81a48cc275fd7ea54e154" + }, + { + "alg" : "SHA-512", + "content" : "e9adaeed2d715ac0ae44de056ba165a743a92acbeb9871b535f7e58e0b3bc4fba276495b50429be195098a559f3adb7294048479754a0ee4d397da2efda5f81c" + }, + { + "alg" : "SHA-384", + "content" : "028c72b59373d3894da22f9eb2c731aabd00f670993973f71a354d722670c12ca659686b83bbf8db32d060ca180f50b2" + }, + { + "alg" : "SHA3-384", + "content" : "73cd585ab3736b4be50ec0f10dfe5ebfc3390eea8d56f07f29055f1fddb2dff8084310eaa6fb9f97ea639ed1abd7bc33" + }, + { + "alg" : "SHA3-256", + "content" : "daf39bc99f1a3dc0075714a4a342a58d69a4cd62c25bc39a581f657ca72b1044" + }, + { + "alg" : "SHA3-512", + "content" : "b003f8971d1536ea0fc4320dbfe17d7259d49e59314739f9fc83134e511facbff048b0ef4f86a9d0893781ca09c95cebc3b181a6c89a2d41e851870b96e76839" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0", + "url" : "https://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl" : "pkg:maven/commons-io/commons-io@2.15.1", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://commons.apache.org/proper/commons-io/" + }, + { + "type" : "build-system", + "url" : "https://github.com/apache/commons-parent/actions" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/IO" + }, + { + "type" : "mailing-list", + "url" : "https://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type" : "vcs", + "url" : "https://gitbox.apache.org/repos/asf?p=commons-io.git" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/commons-io/commons-io@2.15.1" + }, + { + "publisher" : "Eclipse Foundation", + "group" : "jakarta.servlet", + "name" : "jakarta.servlet-api", + "version" : "6.1.0", + "description" : "Eclipse Enterprise for Java (EE4J) is an open source initiative to create standard APIs, implementations of those APIs, and technology compatibility kits for Java runtimes that enable development, deployment, and management of server-side and cloud-native applications.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "314c930b3e40ac1abc3529c7c9942f09" + }, + { + "alg" : "SHA-1", + "content" : "1169a246913fe3823782af7943e7a103634867c5" + }, + { + "alg" : "SHA-256", + "content" : "8a31f465f3593bf2351531a5c952014eb839da96a605b5825b93dd54714c48c4" + }, + { + "alg" : "SHA-512", + "content" : "8651fc14b79e284fe29dff5b2cadbf6748615ececde798c42687472f4f6fd1f80ee05ec53794021c62a11abed0c0170bb08b28d3f9cd7f562eb320bc9870ddec" + }, + { + "alg" : "SHA-384", + "content" : "48b2a26351619286ffe41d25e5e61cbc0eb8a5a648a205d0f8db48178278cb16850469fe8dbc219aee0ee37f4081c248" + }, + { + "alg" : "SHA3-384", + "content" : "2047f0b88a12619fb3f07a98048fc405e9cec4ddee6af2a2efc06c1172d2bebefc6c23bdb4df0a1054060f91d5cc5617" + }, + { + "alg" : "SHA3-256", + "content" : "4b506d06772f32251cadc40251623ebd4f3144531249ce4821787b1a9c4a55b3" + }, + { + "alg" : "SHA3-512", + "content" : "07632a67f7ca7b460cfc3042ecf97f9097e7d7638209434def89a3bd55da5a31e287f32def27ce776d5775ec0629979abb08fe2836d88d638802194af0320fe0" + } + ], + "licenses" : [ + { + "license" : { + "id" : "EPL-2.0" + } + }, + { + "license" : { + "id" : "GPL-2.0-with-classpath-exception" + } + } + ], + "purl" : "pkg:maven/jakarta.servlet/jakarta.servlet-api@6.1.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://projects.eclipse.org/projects/ee4j.servlet" + }, + { + "type" : "distribution-intake", + "url" : "https://jakarta.oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type" : "issue-tracker", + "url" : "https://github.com/eclipse-ee4j/servlet-api/issues" + }, + { + "type" : "mailing-list", + "url" : "https://dev.eclipse.org/mhonarc/lists/servlet-dev" + }, + { + "type" : "vcs", + "url" : "https://github.com/eclipse-ee4j/servlet-api" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/jakarta.servlet/jakarta.servlet-api@6.1.0" + }, + { + "group" : "io.micrometer", + "name" : "micrometer-core", + "version" : "1.13.1", + "description" : "Core module of Micrometer containing instrumentation API and implementation", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "9a3b89081945a490273ffd35985074f7" + }, + { + "alg" : "SHA-1", + "content" : "b00758ad616bd820d793f305215f0b80b9a08fd8" + }, + { + "alg" : "SHA-256", + "content" : "bdd0d72e6d7fffac2499ba3a00ddf3391ebbe336902608a229775ae0ace1d07a" + }, + { + "alg" : "SHA-512", + "content" : "dc5fda7e31cebcd625b5c61abb0f7acf7c0d124778e8b9e24254aef62fe07cb41bacf74e6d89ebb3903144c5dee3b3be6225395f96f5d1b8442a0d90ff580ed4" + }, + { + "alg" : "SHA-384", + "content" : "c1972f0b11e341b0c30a064b774107beccfdfee2c721fb1b2045a7043196be026ff5f277d947e4664d6c49518cf9c6be" + }, + { + "alg" : "SHA3-384", + "content" : "c3530a403c3edceb395cd567326bb89c3d65f19a66b6f03f6d26418062b7fa44411919da277827e506e636ff9917da14" + }, + { + "alg" : "SHA3-256", + "content" : "a1dbdd1ff5b1e23ff73f2b01ee01001a122c758215418f39252cfe4d5fd2b082" + }, + { + "alg" : "SHA3-512", + "content" : "6e110cba11abe752dc01e678b92c18ea6cafc485b7464ebf12380ef9d516d598f99a941f7c8c0867809a0bd6997a0cb7870629161e29ce02effa78690468b87b" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/io.micrometer/micrometer-core@1.13.1", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://github.com/micrometer-metrics/micrometer" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/io.micrometer/micrometer-core@1.13.1" + }, + { + "group" : "io.micrometer", + "name" : "micrometer-commons", + "version" : "1.13.1", + "description" : "Module containing common code", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "83685c696cad6a4d9b22d2ef8eca316d" + }, + { + "alg" : "SHA-1", + "content" : "5629ecbcc84a9f29e1cf976718de2497e50932bf" + }, + { + "alg" : "SHA-256", + "content" : "8eb28fa69518ab89324d09c86ad113e76b648b8adaab0e8a245c669fc0a4d7c1" + }, + { + "alg" : "SHA-512", + "content" : "fe0a5aaf1428318732584e50f4b6fd7940a923f8e78f413816b4c064f9f6bc4490804df5f63c22ac83b21b4c24cfbed934600920ca6629b91237194b689f462d" + }, + { + "alg" : "SHA-384", + "content" : "f90a9885c64534ec8f4b9adff1fc0f869a876e4599a9539ffae951c9ff5c738634f178848fd3d29f54b705cc2eca9961" + }, + { + "alg" : "SHA3-384", + "content" : "fd450cb006f6009ef9136ceb4bda284a2ec98cc5008a5c7de4252e8fc8b0ee5c604e2b88946fe786b2191a5aba5bceb0" + }, + { + "alg" : "SHA3-256", + "content" : "001d92c7d9a7f208cd328240e780da2eada632635f3bc42830778b93b93e7d9e" + }, + { + "alg" : "SHA3-512", + "content" : "2c3154a1d029343c322286012f989b6a77fd51dd69a1041492311552a20880a4b8042afe79706bffd9dc96c94f590f9d39f438e5c0e00fc214064603e0bc3248" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/io.micrometer/micrometer-commons@1.13.1", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://github.com/micrometer-metrics/micrometer" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/io.micrometer/micrometer-commons@1.13.1" + }, + { + "group" : "io.micrometer", + "name" : "micrometer-observation", + "version" : "1.13.1", + "description" : "Module containing Observation related code", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "7490803ddb99151d8f33d104ada53a4f" + }, + { + "alg" : "SHA-1", + "content" : "f6f5fa79e482431531cc253a7204e5c085c7bb20" + }, + { + "alg" : "SHA-256", + "content" : "56dfc33db0b09725ed3edb23e5f9f050b7e86f2cbbdad3c0958733310fdfe660" + }, + { + "alg" : "SHA-512", + "content" : "02bdd944765400753d39e41d1f2f7ad4d61bcec1e0c205e838f8a88cfd2aa0117ceeec05d613aa630697bb43f1ba2b40dce450998517776d96ccac47600bbd23" + }, + { + "alg" : "SHA-384", + "content" : "1fa44bef2be293f57b15b8ed98c21a4b4cd535362e357fc677b344e9bb1d7375f5167e0960c69b384367b93870a9dd55" + }, + { + "alg" : "SHA3-384", + "content" : "95aa67f1f1d2138e52ec0fd947dee23eec4bf25b3c2bd4c59f6a7d89480f9ef93b032bfa09737ed99509fdc5a2ef707c" + }, + { + "alg" : "SHA3-256", + "content" : "ac37fecb341f085736c7ce1b3583676b9d87706d05edee87ceb1017843f8727b" + }, + { + "alg" : "SHA3-512", + "content" : "78c2612f6d87eb87fa1604ffd82aeceaefc163c89f736c934da2f81b7f54940ce8be218d2a1e7101914cc84fe4427cc9dfa29e07f94d9e518c0f29625898ad2c" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/io.micrometer/micrometer-observation@1.13.1", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://github.com/micrometer-metrics/micrometer" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/io.micrometer/micrometer-observation@1.13.1" + }, + { + "group" : "org.hdrhistogram", + "name" : "HdrHistogram", + "version" : "2.2.2", + "description" : "HdrHistogram supports the recording and analyzing sampled data value counts across a configurable integer value range with configurable value precision within the range. Value precision is expressed as the number of significant digits in the value recording, and provides control over value quantization behavior across the value range and the subsequent value resolution at any given level.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "41f807bf0c681d6f692c408a6e217eaf" + }, + { + "alg" : "SHA-1", + "content" : "7959933ebcc0f05b2eaa5af0a0c8689fa257b15c" + }, + { + "alg" : "SHA-256", + "content" : "22d1d4316c4ec13a68b559e98c8256d69071593731da96136640f864fa14fad8" + }, + { + "alg" : "SHA-512", + "content" : "fb28f1bc3a3d4430474ea87a0833d56dc3d1303c98918122d93c630ebdb0d1323bbf8feb9ffdc7dddd1908105858e6959bdfdd3889ca5803cecde93a974ab6b7" + }, + { + "alg" : "SHA-384", + "content" : "fa19cf4674dee37cb5114689cccafeadbb7989e17768b814cb431806a0f69c7b37093b6e100430bd571a45d87a319758" + }, + { + "alg" : "SHA3-384", + "content" : "fc0a9e2e5284bc2f911c5e2fdf9eec6cfa1973b6cfb1362822580d6c8768c73ebd1c8056b6e4e5302940f6b5ec4c74b7" + }, + { + "alg" : "SHA3-256", + "content" : "79af553410abf4d3bbfa64374dfdf8777ce49d28b4c67a615e6d4a78e97d0498" + }, + { + "alg" : "SHA3-512", + "content" : "5b2b1795ed1ea55b5a3566bb1f4170a4367b7893256809fdb428df9405857c8454196badf3681abaf536260ed6f293c096a3f3c9d72f0f04830e8fe71d49410a" + } + ], + "licenses" : [ + { + "license" : { + "id" : "CC0-1.0" + } + }, + { + "license" : { + "id" : "BSD-2-Clause", + "url" : "https://opensource.org/licenses/BSD-2-Clause" + } + } + ], + "purl" : "pkg:maven/org.hdrhistogram/HdrHistogram@2.2.2", + "externalReferences" : [ + { + "type" : "website", + "url" : "http://hdrhistogram.github.io/HdrHistogram/" + }, + { + "type" : "issue-tracker", + "url" : "https://github.com/HdrHistogram/HdrHistogram/issues" + }, + { + "type" : "vcs", + "url" : "scm:git:git://github.com/HdrHistogram/HdrHistogram.git" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.hdrhistogram/HdrHistogram@2.2.2" + }, + { + "group" : "org.latencyutils", + "name" : "LatencyUtils", + "version" : "2.0.3", + "description" : "LatencyUtils is a package that provides latency recording and reporting utilities.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "2ad12e1ef7614cecfb0483fa9ac6da73" + }, + { + "alg" : "SHA-1", + "content" : "769c0b82cb2421c8256300e907298a9410a2a3d3" + }, + { + "alg" : "SHA-256", + "content" : "a32a9ffa06b2f4e01c5360f8f9df7bc5d9454a5d373cd8f361347fa5a57165ec" + }, + { + "alg" : "SHA-512", + "content" : "bb81a42498c65389366205f4e07cee336920e2f05cc0daae213f2784b1d0ce9a908b038daec20478f23eb00b2bf704f96c5b00f63c99615193ab2a3cc4a9f890" + }, + { + "alg" : "SHA-384", + "content" : "16ca4640dc9d848e6c6d15441897e1b5a9f27f34207b0bb456dd54d8f267b73b348092e548e78634144de44ba3515205" + }, + { + "alg" : "SHA3-384", + "content" : "406c2b5c6f64b0c090568e479b5e6136a04a4e77f8eea65d32b4e2b01deebcdf6a0a851240cdb740c25b5a5e61e6c179" + }, + { + "alg" : "SHA3-256", + "content" : "50ae828358301033542fd7c412e86ee318d5451f89a182e2a679aaf18099d26d" + }, + { + "alg" : "SHA3-512", + "content" : "456c337b9fb385579aae707409ed6a04d08e5fc87b1a46733dca617c22c625bf253dc4747e0cdbf5e7d8b48102d2938cb482b6b688a79aab645a7459c592258f" + } + ], + "licenses" : [ + { + "license" : { + "id" : "CC0-1.0" + } + } + ], + "purl" : "pkg:maven/org.latencyutils/LatencyUtils@2.0.3", + "externalReferences" : [ + { + "type" : "website", + "url" : "http://latencyutils.github.io/LatencyUtils/" + }, + { + "type" : "distribution-intake", + "url" : "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type" : "issue-tracker", + "url" : "https://github.com/LatencyUtils/LatencyUtils/issues" + }, + { + "type" : "vcs", + "url" : "scm:git:git://github.com/LatencyUtils/LatencyUtils.git" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.latencyutils/LatencyUtils@2.0.3" + }, + { + "group" : "io.micrometer", + "name" : "micrometer-registry-prometheus", + "version" : "1.13.1", + "description" : "MeterRegistry implementation for Prometheus using io.prometheus:prometheus-metrics-core. If you have compatibility issues with this module, you can go back to io.micrometer:micrometer-registry-prometheus-simpleclient that uses io.prometheus:simpleclient_common", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "f21a5764002327da6d9543ca8e25ca36" + }, + { + "alg" : "SHA-1", + "content" : "153cf08090f3743154be84a3bc02c33ebfcd3d9d" + }, + { + "alg" : "SHA-256", + "content" : "1495ac5ffb2a0aa8dfa90d10fb5402be9e7fc402841db632d9a8a6d1a098b022" + }, + { + "alg" : "SHA-512", + "content" : "600c31e47ead1903c8297e1f39a102453bad8c374a48daacaf08544d4b3f9390e8f51f390cb2aa27247c133e0fea0789bf3b1078b6a8b9c2ed2709a2a8576b7e" + }, + { + "alg" : "SHA-384", + "content" : "8ede01be1c6cfeb091bdfdcc3c2990c56686550d8aa67fbe1b0a1fbd05880d3879805384c78fc4b56baf64402fa92737" + }, + { + "alg" : "SHA3-384", + "content" : "5564da10067f37d5ada291d9838da6f46abccd164c002ca8be4e7ff8492bd527de4e20c17930c16d07487225525fab5f" + }, + { + "alg" : "SHA3-256", + "content" : "f00aa710ac96f90e8b6a914aebded3a0e6f07781609b26800d191264ec848ffd" + }, + { + "alg" : "SHA3-512", + "content" : "030b881acff6caa5583defc22793b4cfa3424a89888dc11ff08ae5712712eb8ddc2545c1234d95daa2e7c7f133d77278791973f7c65b1806e4ee8b592cd3740c" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/io.micrometer/micrometer-registry-prometheus@1.13.1", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://github.com/micrometer-metrics/micrometer" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/io.micrometer/micrometer-registry-prometheus@1.13.1" + }, + { + "group" : "io.prometheus", + "name" : "prometheus-metrics-core", + "version" : "1.2.1", + "description" : "Core Prometheus metric types", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "ad9629ea22769f13aff56afaecd8a28b" + }, + { + "alg" : "SHA-1", + "content" : "362330b5934a128e91e331f1497cd275fec1a81c" + }, + { + "alg" : "SHA-256", + "content" : "47ae6ba7f38550637c9d6a0e83b7959cd974ace32b60beb948f91d2edb35461b" + }, + { + "alg" : "SHA-512", + "content" : "066764c24db14bfe104765ba27cf34944d9009df6a87f5ec0c1b64819ca92dba70be6c63548cf942f55de19f442286891363115acc79432de307010b882d564b" + }, + { + "alg" : "SHA-384", + "content" : "ed82880b124bbb0e5483c40afcdf2dede45984e2b7c5b9071190d652365dc70259d54dc28460bae4daca9b5350181550" + }, + { + "alg" : "SHA3-384", + "content" : "a8503e48627f98b34eaabd934e971b2f2d1c67a6e6b1af6785efbcbab9e589909738c46ed8b025c44bf797831b7c29b4" + }, + { + "alg" : "SHA3-256", + "content" : "94dcfa9e6d9479eb03e89eb937f97c76cfaf49291a4bd23dcc0454bb7d4fc400" + }, + { + "alg" : "SHA3-512", + "content" : "77b8715e305c5f84cec8cec720a9c8fa98100ed8f8329388afd0dfe199752450f5ec9a7db9e6acb1befcf65f5dc9d4ae9fa2534d9819ddc3ba53cdc5b86a619c" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/io.prometheus/prometheus-metrics-core@1.2.1", + "externalReferences" : [ + { + "type" : "website", + "url" : "http://github.com/prometheus/client_java/prometheus-metrics-core" + }, + { + "type" : "distribution-intake", + "url" : "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/io.prometheus/prometheus-metrics-core@1.2.1" + }, + { + "group" : "io.prometheus", + "name" : "prometheus-metrics-model", + "version" : "1.2.1", + "description" : "Data model for read-only immutable Prometheus metrics snapshots.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "3183f9c7748cf28ef38ac7bdcb441e05" + }, + { + "alg" : "SHA-1", + "content" : "99caac1a3f974de6bc9882fbf6a09ea055733c7b" + }, + { + "alg" : "SHA-256", + "content" : "3520279e1fa7fbf0febd32b3a68863e389f32a152062e6627aff5a20c8408061" + }, + { + "alg" : "SHA-512", + "content" : "be7d6e8bd14ddb59ad19cec4103d9f66b9dfdc9054feca0947fe32aa51dcead67fb97e4ee8db79e579fc56e70568e5623bcbcc25b20f966b421bb44a355e46f0" + }, + { + "alg" : "SHA-384", + "content" : "3e14fb6f797ed52f44587c8ca1c674a974aef2499e48ed3ee4d40126d95217e3bcfa5c6af0cdc9861c5be4abfa13ab98" + }, + { + "alg" : "SHA3-384", + "content" : "882e280336ea20a9e4779a75eddfbe46a25f68c6b14a11948ecc40a370dd3caf9f5a0152fc2f95bd8df7a65b39dc8740" + }, + { + "alg" : "SHA3-256", + "content" : "4718bd967a2d73cf6287d6bf1183f635b0f1e46822452abaa853e5154ac2be4a" + }, + { + "alg" : "SHA3-512", + "content" : "6853e5bb9216d6381fc30c3b3139bbbb97f6c908cf78e817aca41d6e63049ba3c64e2794a3fef045c8d0773ebb96fa83fe6f20e18295b02833ca5328067edb57" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/io.prometheus/prometheus-metrics-model@1.2.1", + "externalReferences" : [ + { + "type" : "website", + "url" : "http://github.com/prometheus/client_java/prometheus-metrics-model" + }, + { + "type" : "distribution-intake", + "url" : "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/io.prometheus/prometheus-metrics-model@1.2.1" + }, + { + "group" : "io.prometheus", + "name" : "prometheus-metrics-config", + "version" : "1.2.1", + "description" : "Configuration for Prometheus metrics and exposition formats.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "88d8f9b9640588bac87e27ea61513050" + }, + { + "alg" : "SHA-1", + "content" : "bcccb14176161671c4cb858b0ca50d680237fdbe" + }, + { + "alg" : "SHA-256", + "content" : "b9fb02ef15e63d02aedea7fc57b3bdeae4dcfc91c905af60fffe66b8950f951f" + }, + { + "alg" : "SHA-512", + "content" : "d1a430108a30c8b997101b62e9ad892b2b2db2c7b54e44fd1d5df85647c6e000e418c5757d3e0e6ff04edad34397dd450b8164dd46dbbbacfc9748d172dded5c" + }, + { + "alg" : "SHA-384", + "content" : "c5b2375af6cf03855554a5fbd9118b38ee0ec9d06cf2a2fffd7e44420e6be19287bd33e12c0a14373293613e1f4ee19b" + }, + { + "alg" : "SHA3-384", + "content" : "f5a640a2022a17646d572bf76b8413465dac6e712c490e762217d0284cc9d3c53081df550b0b97b09e363eaf03121df8" + }, + { + "alg" : "SHA3-256", + "content" : "a768bdd4e92737d98c8ceb7195cd964ae704aeea9ec84a827668fe92736cab64" + }, + { + "alg" : "SHA3-512", + "content" : "6bac3bfd615c158b2f79aff59813a8dbab6bcd6c33bb46613e5a7d02109de474d49763cc3f830a24b0ae5077d4973edfdf0b4282f9165eaafe05924eb8ace5b3" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/io.prometheus/prometheus-metrics-config@1.2.1", + "externalReferences" : [ + { + "type" : "website", + "url" : "http://github.com/prometheus/client_java/prometheus-metrics-config" + }, + { + "type" : "distribution-intake", + "url" : "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/io.prometheus/prometheus-metrics-config@1.2.1" + }, + { + "group" : "io.prometheus", + "name" : "prometheus-metrics-tracer-common", + "version" : "1.2.1", + "description" : "Common Module for Prometheus integrations with distributed tracing libraries.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "a0818de6ef86484d332d9cc3dede9d9b" + }, + { + "alg" : "SHA-1", + "content" : "74cc4ac3226a3937d6e5c74c06454258e7901cec" + }, + { + "alg" : "SHA-256", + "content" : "c55e5d5272518e9cb468b13f252f828565b976ec78b8470cd7c622dc201ca82d" + }, + { + "alg" : "SHA-512", + "content" : "10c5ecf2dea8027a38714c58db541dd9709fc6966778a5176985ac1afdec113f6c741d010d2b95969d5f9bd520d7bc63888cd4fa547ab5dfda55f77c545f1ab1" + }, + { + "alg" : "SHA-384", + "content" : "aebf3c0cd1bd00a4603f19e5de314095e620341635676d1aaa872dd32172af79ce7dedf4c79629b41608471d4b4eaa81" + }, + { + "alg" : "SHA3-384", + "content" : "6ad0ad0081bef8106ab6f9510a6483204964c0114419ebaab9af65493fcdfa52f877bbdcf0ff2a267fc2218de7717a80" + }, + { + "alg" : "SHA3-256", + "content" : "6606f6610f87264aa75cfece6d631e81b2f3e2a45624f485ab3d3471bee4bcaf" + }, + { + "alg" : "SHA3-512", + "content" : "2b533e5c2f58dda0963c4a3f757a61bb0541655fe59f13f3ebc9492b3b0451c44d055b176fc903a39c586bbd9cd27ec156b96e0a06cfe136e91190c477e00b32" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/io.prometheus/prometheus-metrics-tracer-common@1.2.1", + "externalReferences" : [ + { + "type" : "website", + "url" : "http://github.com/prometheus/client_java/prometheus-metrics-tracer/prometheus-metrics-tracer-common" + }, + { + "type" : "distribution-intake", + "url" : "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/io.prometheus/prometheus-metrics-tracer-common@1.2.1" + }, + { + "group" : "io.prometheus", + "name" : "prometheus-metrics-exposition-formats", + "version" : "1.2.1", + "description" : "Prometheus exposition formats.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "153a1d7a7e61f0cda873a7c1782d6819" + }, + { + "alg" : "SHA-1", + "content" : "64190364467197c39bcc296ec80a99f6c979a7dc" + }, + { + "alg" : "SHA-256", + "content" : "c618f0210980d6272fefcd76b2964883380a828ba6fc399a9bf84253d5d39107" + }, + { + "alg" : "SHA-512", + "content" : "13cd72573753779fb16bd266573e0ed4aaabe82c831a4f3713337ce7ada30d74a1efd874e0f5a2a096d6999dc6b7435e5eb869b3be2542512d7b2966b3399a91" + }, + { + "alg" : "SHA-384", + "content" : "befcd31e081c01fad9663b95c608848776014c93256d7cebd43ee41d0159117299de48a7f21aec294c3f08ababa0d8c7" + }, + { + "alg" : "SHA3-384", + "content" : "d973c9a27c887480f1c9f628466f45a2d34e0c49fafcee30cd9b4d310704cc13cd4b0fe99cc8a0eaf3d83b59c5f17c2d" + }, + { + "alg" : "SHA3-256", + "content" : "c047625439815d48b36bedd31e8830069a06f015cf76201fb8eada7b87eff4d2" + }, + { + "alg" : "SHA3-512", + "content" : "2fc04837e8603da19c595bc324cd1ec3503e58453639ce67e5e3e86b57c8e692d364c6b4fe2382fd30f16ca419ac06562ad7b66eb0c443826393af156b64fa1b" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/io.prometheus/prometheus-metrics-exposition-formats@1.2.1", + "externalReferences" : [ + { + "type" : "website", + "url" : "http://github.com/prometheus/client_java/prometheus-metrics-exposition-formats" + }, + { + "type" : "distribution-intake", + "url" : "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/io.prometheus/prometheus-metrics-exposition-formats@1.2.1" + }, + { + "group" : "io.prometheus", + "name" : "prometheus-metrics-shaded-protobuf", + "version" : "1.2.1", + "description" : "Shaded (reolocated to another package) dependencies for the Protobuf library used to create the Prometheus Protobuf format", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "798d9caf489a86be67e3b0e1eba6e3c5" + }, + { + "alg" : "SHA-1", + "content" : "2b8ace486645dbaba1f3a694bd3a081f4d7a3aa5" + }, + { + "alg" : "SHA-256", + "content" : "e6060c7ef59fcf1c110677b01a96e4a08ab23d138700a6e2d0999163122750e1" + }, + { + "alg" : "SHA-512", + "content" : "d7c6efeb79d7928353c5301a713ec74428ffea76786003158db74f2615f1a3fad4f0e83c1d64be7097fe6800cd30d18486fc9bbc6651420d1359044b282180f6" + }, + { + "alg" : "SHA-384", + "content" : "3b7847309cfe54f129b3cab921963d5b3c63b2566ea5184bebb8a880f23f3922197c9d440ba4b4b43588ef6f47f31e54" + }, + { + "alg" : "SHA3-384", + "content" : "0c6cea060da6b020b9aea759a8cbbb1beeaf6c06582ccb248c09aac7a1d9ab604c5892db8e8f2d0a66b494d5e14d7273" + }, + { + "alg" : "SHA3-256", + "content" : "6974469dc8ec56d283946116c2d7f4b7ad4683f0aa07d145827446faa0a5b434" + }, + { + "alg" : "SHA3-512", + "content" : "b31372f4d9c93df2814a64bb8b6e26a280dcff0ce66340f47b9538711581e70005f36e3f47dde9de49fed7a714b9ded709e8a7c8eda64d423d619559c6422155" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/io.prometheus/prometheus-metrics-shaded-protobuf@1.2.1", + "externalReferences" : [ + { + "type" : "website", + "url" : "http://github.com/prometheus/client_java/prometheus-metrics-shaded-dependencies/prometheus-metrics-shaded-protobuf" + }, + { + "type" : "distribution-intake", + "url" : "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/io.prometheus/prometheus-metrics-shaded-protobuf@1.2.1" + }, + { + "publisher" : "Apache Jena", + "group" : "org.apache.jena", + "name" : "jena-fuseki-access", + "version" : "5.1.0", + "description" : "Fuseki is a SPARQL 1.1 Server which provides the SPARQL query, SPARQL update and SPARQL graph store protocols.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "9d20c5205bcedbc676b1eb6884c73cdd" + }, + { + "alg" : "SHA-1", + "content" : "330aa2964348eec993bd3358356aeb5e7b2ce5e4" + }, + { + "alg" : "SHA-256", + "content" : "c83d92bbe82e23f7746b699374d9e810bfc612f553f66873def2f2f83ca9bc63" + }, + { + "alg" : "SHA-512", + "content" : "ae7598890a41788df3257fdc94ac303c3cf8c08cab64fcd7d0d601a9e47fadbf53a8cd8e6436af0d7136881586a8e1580b592201070e63ee010aee9a4f23bbd2" + }, + { + "alg" : "SHA-384", + "content" : "9f04904f6a0fd01114d43a361f7bf40d214a2eb68c7b509968c2110584a4f1c5286ddc43d2c0ae27da2415ba52f7d603" + }, + { + "alg" : "SHA3-384", + "content" : "b859706ba04dfe6ecdaced59d1042a3b2bdd8a72f92064863baae372f6c4efb7afc41b147f699ea7276abede688eec9a" + }, + { + "alg" : "SHA3-256", + "content" : "66eaf24ed0a2cfe2ffc43f30754f9699649ac046e63c1d11a39b2863eceb97a0" + }, + { + "alg" : "SHA3-512", + "content" : "b9d3fc576bad303c40711b82bf8d4790f7d5bbab8100498bdcabfa7282df546234bd9c3458da90df86bf23f594e215d6a091643777f3b0c5f00e4fb94472c4c4" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.jena/jena-fuseki-access@5.1.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://jena.apache.org/jena-fuseki-access/" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/JENA" + }, + { + "type" : "mailing-list", + "url" : "https://lists.apache.org/list.html?users@jena.apache.org" + }, + { + "type" : "vcs", + "url" : "https://gitbox.apache.org/repos/asf/jena.git/jena-fuseki/jena-fuseki-access" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.jena/jena-fuseki-access@5.1.0" + }, + { + "publisher" : "Apache Jena", + "group" : "org.apache.jena", + "name" : "jena-cmds", + "version" : "5.1.0", + "description" : "Command line tools", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "3f171253dd82d2b3f4ac88117a364d59" + }, + { + "alg" : "SHA-1", + "content" : "c585fc8190f640755cfd5593e876fd66af4acc8b" + }, + { + "alg" : "SHA-256", + "content" : "956a5a8fff8375631866c46b3810f9a419f636e7f07bc60726d6def8e416ed76" + }, + { + "alg" : "SHA-512", + "content" : "bbdfe4ed41b81d793809c195505a3c4ba2670c326829284594a1d63f93c245dbb23e35197268b844add142a9b6166d563863a933b1429d9cc1a9accfd4c8d158" + }, + { + "alg" : "SHA-384", + "content" : "0cb13cc78482de8155e084efd561a77d34d200991a315cff8268753ccfdcbcf865bbf116a0aa33a14a0902f3ecc35852" + }, + { + "alg" : "SHA3-384", + "content" : "a30e0b11b09d5c3f5ad8bd33efefbdba0fa6bd7c14e59643bd6a3996df729f1d49b50e4491d0b0861fd2d6ac2a096088" + }, + { + "alg" : "SHA3-256", + "content" : "ababf740a1fff27919cacc4443e19e7815ac83ad22b88e1f24270d33994e8b91" + }, + { + "alg" : "SHA3-512", + "content" : "3ba0b7a101a8f68c3c42b9b28532579a56dcfc0f9298f6c92e0a3ee2de5f53c3daedcd0d2b6aa969d0d415a4dc34701682a5acfbd5b1f49514c0a7b618c33cb1" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.jena/jena-cmds@5.1.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://jena.apache.org/" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/JENA" + }, + { + "type" : "mailing-list", + "url" : "https://lists.apache.org/list.html?users@jena.apache.org" + }, + { + "type" : "vcs", + "url" : "https://gitbox.apache.org/repos/asf/jena.git/jena-cmds" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.jena/jena-cmds@5.1.0" + }, + { + "publisher" : "The Apache Software Foundation", + "group" : "commons-cli", + "name" : "commons-cli", + "version" : "1.8.0", + "description" : "Apache Commons CLI provides a simple API for presenting, processing and validating a Command Line Interface.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "631937816bd22302ae49828e9b764313" + }, + { + "alg" : "SHA-1", + "content" : "41a4bff12057eecb6daaf9c7f36c237815be3da1" + }, + { + "alg" : "SHA-256", + "content" : "f94c98bbcfa1c1dac6956d6c3f494ec40265c67bf54ddefc95df4ffdd73ae6d5" + }, + { + "alg" : "SHA-512", + "content" : "2e5e547709e8ad35be44927382a0862467dcacc87e0351d092fd128fa7097a3b4c900fe452be50ace2e80c198d38f48e94fdb2da86e1480096de4a5580c28534" + }, + { + "alg" : "SHA-384", + "content" : "f979529b54592eaa479b4a0f7dd73d87127dc19254dc2a6da628ec17a9ed25cdfea4b9e3cda66b5b819b0cc3540eb0b1" + }, + { + "alg" : "SHA3-384", + "content" : "d1eee9c0d18566c81a93e1652145a7aabd0abaf17c06aeb734df74c949479b0c93396fbf622341b1ce61118d1ec2a5bc" + }, + { + "alg" : "SHA3-256", + "content" : "d74c8b30995668a5f69f05922396b5641f1e4023d8cecabc0aabd9dc6fa533db" + }, + { + "alg" : "SHA3-512", + "content" : "b6b3f493756e8a7d17633018354e7050f0d8344008cc0ff92f642132836ac7a0d92a6c7044d023ce95ed3479e1affd29d1eb8b58f1fb8b7410ceb3bd9cc38e6f" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0", + "url" : "https://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl" : "pkg:maven/commons-cli/commons-cli@1.8.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://commons.apache.org/proper/commons-cli/" + }, + { + "type" : "build-system", + "url" : "https://github.com/apache/commons-parent/actions" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/CLI" + }, + { + "type" : "mailing-list", + "url" : "https://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type" : "vcs", + "url" : "https://gitbox.apache.org/repos/asf?p=commons-cli.git" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/commons-cli/commons-cli@1.8.0" + }, + { + "publisher" : "Webtide", + "group" : "org.eclipse.jetty.ee10", + "name" : "jetty-ee10-servlet", + "version" : "12.0.11", + "description" : "Jetty Servlet Container", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "ef2130f1aaeb8b58ef98dc1bda0a0f5e" + }, + { + "alg" : "SHA-1", + "content" : "be0e9ac6f980c521bc1668403e33383aee2726e1" + }, + { + "alg" : "SHA-256", + "content" : "31293a92b3e989d5d577e5dd9e8a3b6fcc030c787617b699a783b571f6ae7339" + }, + { + "alg" : "SHA-512", + "content" : "63e533f494f930cd654cb758d87cbf2b41cfc0b1b854dcf53c7f1a057d02dba55429658d3da7c68c0474ba442e89ae656cfecd52624a5ff8b310a74d9d51f16a" + }, + { + "alg" : "SHA-384", + "content" : "3125c0de5e91a75c1b2f0b1f6f4dc6564fd8528b605981e8e970e07130469c2e61941077c4035bc615b46fe5a78bb129" + }, + { + "alg" : "SHA3-384", + "content" : "adb72409c9631de7eea7658b2aec800c00c5c5d82bcd537a1de4e6ef2b75675225343127eb40b430d0d1cfa3a106c3ce" + }, + { + "alg" : "SHA3-256", + "content" : "0ecb246216a544b2318da3c45d756371bad3974a77e8f6256c4b70c8fa7015bf" + }, + { + "alg" : "SHA3-512", + "content" : "5f0775498b362ac94adf5346ccd2ffd2dbd38eca678fa500b87dfd25f672cffe6b48a5228765bf7fa1b7f718ee1578281ff4aa86907a4fda2349c15fc88e258c" + } + ], + "licenses" : [ + { + "license" : { + "id" : "EPL-2.0" + } + }, + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.eclipse.jetty.ee10/jetty-ee10-servlet@12.0.11", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://eclipse.dev/jetty/jetty-ee10/jetty-ee10-servlet" + }, + { + "type" : "distribution-intake", + "url" : "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type" : "issue-tracker", + "url" : "https://github.com/jetty/jetty.project/issues" + }, + { + "type" : "mailing-list", + "url" : "https://www.eclipse.org/lists/jetty-dev/" + }, + { + "type" : "vcs", + "url" : "https://github.com/jetty/jetty.project/jetty-ee10/jetty-ee10-servlet" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.eclipse.jetty.ee10/jetty-ee10-servlet@12.0.11" + }, + { + "publisher" : "Webtide", + "group" : "org.eclipse.jetty", + "name" : "jetty-server", + "version" : "12.0.11", + "description" : "The legacy jetty server artifact.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "b4b9338b52ed63c260ef26b5caa483f7" + }, + { + "alg" : "SHA-1", + "content" : "29bbd9455c7c94685abfbb02f993f42cf62b64a6" + }, + { + "alg" : "SHA-256", + "content" : "9e60d2cf9c41e5d62695e7bfb2a3153870c2864e367daca403e84ee673fd4093" + }, + { + "alg" : "SHA-512", + "content" : "87ef0debad20debfef04b8145284c4ee29fafc0ab0ff4ea5729476903fbf7afaf1335ec992fb945af1ccd56f9c4a41fc2ae319ce0376e32291adbbe7b73e3004" + }, + { + "alg" : "SHA-384", + "content" : "6d75c8c12fd82d602ba16e03b103a8cc66d984a62979e47801c98315cb2688a09765ec617732bebbc3d0f2672fa69629" + }, + { + "alg" : "SHA3-384", + "content" : "228cea06fabd5f70482606d75b2dca19eb62ac8728563e145df273a0cf99b1b57589a8263f1f8a320f4e3fd273fd9d65" + }, + { + "alg" : "SHA3-256", + "content" : "6d113564fd504b1ebe52a02d4bb13b8c164a6db80c922a263a182499f9fcbd23" + }, + { + "alg" : "SHA3-512", + "content" : "c06ecd82e620f68749146883fc51e79650abea7b4760f8dfc164c202051b007a60a815f258a403845cf2c0a7e12ab10623f65aaba95eb1247f26943e898baf4d" + } + ], + "licenses" : [ + { + "license" : { + "id" : "EPL-2.0" + } + }, + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.eclipse.jetty/jetty-server@12.0.11", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://eclipse.dev/jetty/jetty-core/jetty-server" + }, + { + "type" : "distribution-intake", + "url" : "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type" : "issue-tracker", + "url" : "https://github.com/jetty/jetty.project/issues" + }, + { + "type" : "mailing-list", + "url" : "https://www.eclipse.org/lists/jetty-dev/" + }, + { + "type" : "vcs", + "url" : "https://github.com/jetty/jetty.project/jetty-core/jetty-server" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.eclipse.jetty/jetty-server@12.0.11" + }, + { + "publisher" : "Webtide", + "group" : "org.eclipse.jetty", + "name" : "jetty-session", + "version" : "12.0.11", + "description" : "The common jetty session implementation", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "acadc79148d4b78feb079c8c1bf3dcd1" + }, + { + "alg" : "SHA-1", + "content" : "2e0a6fb4a4e2597af0503247ce942886a5400823" + }, + { + "alg" : "SHA-256", + "content" : "1a701c855cb95e47146df7fcad96005f55e9d6aadf62c5e88923704274849dc0" + }, + { + "alg" : "SHA-512", + "content" : "4c5449b45772e531b5ea5b655367fc9f28f00874a3919b2a6bfeeed00e5c909a0030ea902c4ed3e3c9ba805092b78bd17c1ee101d1a13e8096aff10e60e81ad7" + }, + { + "alg" : "SHA-384", + "content" : "b77d61cd0989651c61f01541d7b9f3dda5ff8cf8140c8bdbe303a3e650e778d7a93e71b1269c8269be88fb38395e0a63" + }, + { + "alg" : "SHA3-384", + "content" : "6a7f5c89ecd3bf093b7304c2beb937408c573cea3cfe9ce4579fbc6290fa13f537c470c6ed8e6eeb740638c69fbe5377" + }, + { + "alg" : "SHA3-256", + "content" : "d431082e782ab680a8e170019e51932b09f4651db1a295b8066542b3bc0209d4" + }, + { + "alg" : "SHA3-512", + "content" : "291219205849686722588db4e38c47401c3bbcc9be15f83a36e47052a36ff45d9509f1b29dbbd3fa6a786c1cc6abfcf8ac0e94d84889684bb141de957b1fcb0d" + } + ], + "licenses" : [ + { + "license" : { + "id" : "EPL-2.0" + } + }, + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.eclipse.jetty/jetty-session@12.0.11", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://eclipse.dev/jetty/jetty-core/jetty-session" + }, + { + "type" : "distribution-intake", + "url" : "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type" : "issue-tracker", + "url" : "https://github.com/jetty/jetty.project/issues" + }, + { + "type" : "mailing-list", + "url" : "https://www.eclipse.org/lists/jetty-dev/" + }, + { + "type" : "vcs", + "url" : "https://github.com/jetty/jetty.project/jetty-core/jetty-session" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.eclipse.jetty/jetty-session@12.0.11" + }, + { + "publisher" : "Webtide", + "group" : "org.eclipse.jetty.ee10", + "name" : "jetty-ee10-servlets", + "version" : "12.0.11", + "description" : "Utility Servlets from Jetty", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "d02e8dfa128e8be60f4479eeeb21df05" + }, + { + "alg" : "SHA-1", + "content" : "07f87c8a54ad3eb76e7a181a08beebc421e1c11e" + }, + { + "alg" : "SHA-256", + "content" : "2d68ea7fbce883da8f76581be5961898089f6de2d8fc288613b4d3da3c0a03da" + }, + { + "alg" : "SHA-512", + "content" : "52407d4c9066844d35b8f843bedf32abf5814f437056d4ab5be6285895725af673ad6639ea99aa5c812bb708584e5e00a3fb6e069090bd8ddbd43a1ba827f0f7" + }, + { + "alg" : "SHA-384", + "content" : "35a0b626e998e4c9363c80f2927ccc676a6f9651b20211c3efd273218b274fe11f31093842ce48c7c996617ea26987e0" + }, + { + "alg" : "SHA3-384", + "content" : "5f5362d4785586ebd40e38d71d75649864c59b3998d7c276cf8c11faa32895d4a740dc77abc66c6b0d7410b04ee72b67" + }, + { + "alg" : "SHA3-256", + "content" : "1b94a4f4b4ccb1ba35fda967139429ee7515dfb6978b8c27055c2bbd4461bd5e" + }, + { + "alg" : "SHA3-512", + "content" : "6c355f3d225e777295d2367243e128d82d235d12637d6eaa0d91b82e221600fc4d6fe809f29378c4f836cb8f13c8ad60b3e8a0466beaaa7d1c0ae7f87a5c2eff" + } + ], + "licenses" : [ + { + "license" : { + "id" : "EPL-2.0" + } + }, + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.eclipse.jetty.ee10/jetty-ee10-servlets@12.0.11", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://eclipse.dev/jetty/jetty-ee10/jetty-ee10-servlets" + }, + { + "type" : "distribution-intake", + "url" : "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type" : "issue-tracker", + "url" : "https://github.com/jetty/jetty.project/issues" + }, + { + "type" : "mailing-list", + "url" : "https://www.eclipse.org/lists/jetty-dev/" + }, + { + "type" : "vcs", + "url" : "https://github.com/jetty/jetty.project/jetty-ee10/jetty-ee10-servlets" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.eclipse.jetty.ee10/jetty-ee10-servlets@12.0.11" + }, + { + "publisher" : "Webtide", + "group" : "org.eclipse.jetty", + "name" : "jetty-http", + "version" : "12.0.11", + "description" : "The Eclipse Jetty Project", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "7b7aacaaf43030f1a3706638a46f5362" + }, + { + "alg" : "SHA-1", + "content" : "1aec49c79c264326eb9f1ae0e4c52b05943006a3" + }, + { + "alg" : "SHA-256", + "content" : "03b35d7ac6ad21368669b74c5b14c42e1d974a7a4bfccf9e069f22265778293e" + }, + { + "alg" : "SHA-512", + "content" : "057ccfb05d4294813eafbc6184a69273ae9e0ebc2542f25ceadb68853a7b7cc131c250280b50236e2d36b8895501baedc8b3bec3c83a466974e8874a62051c1c" + }, + { + "alg" : "SHA-384", + "content" : "2b99bf80dd6f142a6ce359ba20fd109ac69cd4fb8bc176b1d7538cc5c6339eaa84a3e6900f81fe42b7380db79c46c6f5" + }, + { + "alg" : "SHA3-384", + "content" : "83159058ab9eda104d415402076c0d9ff828885defc59f4aaf81ff586e8a79a3ebf1888a604bd4742e627b70bd483c75" + }, + { + "alg" : "SHA3-256", + "content" : "e2369b62fa552590e819b2a907afc58be04bc8697d05521510633cb516cdea4c" + }, + { + "alg" : "SHA3-512", + "content" : "87b0f5c47d62e2b049f48378545bbacfaa4947abcef9890bac1f38e4789213939312637793a114db77e9e6b90dc2b38c3d3d4539dafb91d2154a26d813ebda66" + } + ], + "licenses" : [ + { + "license" : { + "id" : "EPL-2.0" + } + }, + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.eclipse.jetty/jetty-http@12.0.11", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://eclipse.dev/jetty/jetty-core/jetty-http" + }, + { + "type" : "distribution-intake", + "url" : "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type" : "issue-tracker", + "url" : "https://github.com/jetty/jetty.project/issues" + }, + { + "type" : "mailing-list", + "url" : "https://www.eclipse.org/lists/jetty-dev/" + }, + { + "type" : "vcs", + "url" : "https://github.com/jetty/jetty.project/jetty-core/jetty-http" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.eclipse.jetty/jetty-http@12.0.11" + }, + { + "publisher" : "Webtide", + "group" : "org.eclipse.jetty", + "name" : "jetty-io", + "version" : "12.0.11", + "description" : "The Eclipse Jetty Project", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "1e92278c0409d84e29386bce277cc533" + }, + { + "alg" : "SHA-1", + "content" : "e8bbb4252fa97a0be441f2dc8ea21f0a1527b844" + }, + { + "alg" : "SHA-256", + "content" : "e726cd0fa37e39ef3b138cc445cf1943bba39d433a0e926f0ca2274e8ff63880" + }, + { + "alg" : "SHA-512", + "content" : "1d8e96f7ef9a53931aafc6c4f1338c6dd7e1e2a1247a3c2cbd7128eafd0cdbbdc51d358c883975de4c8fbe9b069906076226941f484caa980ab669d3bd433317" + }, + { + "alg" : "SHA-384", + "content" : "6be4a3e76ead0352def38070f91d6abd81bf7e3cf6b07a1289358f147ea0ed57695e7e61d4c6a15624baf244937321be" + }, + { + "alg" : "SHA3-384", + "content" : "106aa7015584339ff888a7f1f371eaac036c9750dacffb8091a6d0b97aaa9f9a7b47be7c1c519db0f7c39ad47d013d6a" + }, + { + "alg" : "SHA3-256", + "content" : "4b6d54ba30f1acfe3fe6aa5fdf1eec480dee18333f7ac166b35a7b9fde9fbc03" + }, + { + "alg" : "SHA3-512", + "content" : "7b11abf532af426315dc53dc758cfd6601c06e0c67ccf5161aab3b8553ccbad9d2d06a687cf27bcc3f7a632295e8620df7fcbcaac400960a0e1257aaf955d955" + } + ], + "licenses" : [ + { + "license" : { + "id" : "EPL-2.0" + } + }, + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.eclipse.jetty/jetty-io@12.0.11", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://eclipse.dev/jetty/jetty-core/jetty-io" + }, + { + "type" : "distribution-intake", + "url" : "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type" : "issue-tracker", + "url" : "https://github.com/jetty/jetty.project/issues" + }, + { + "type" : "mailing-list", + "url" : "https://www.eclipse.org/lists/jetty-dev/" + }, + { + "type" : "vcs", + "url" : "https://github.com/jetty/jetty.project/jetty-core/jetty-io" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.eclipse.jetty/jetty-io@12.0.11" + }, + { + "publisher" : "Webtide", + "group" : "org.eclipse.jetty", + "name" : "jetty-util", + "version" : "12.0.11", + "description" : "Utility classes for Jetty", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "82c01b3fb8717fefe80d47a53e116132" + }, + { + "alg" : "SHA-1", + "content" : "4e670d1372f135b25f7c2d380b2069a6cfb4920b" + }, + { + "alg" : "SHA-256", + "content" : "8bc3dd5945bcd962bfc4d7d687547b25a078c7565aafd95dcd37d58e615c8b3d" + }, + { + "alg" : "SHA-512", + "content" : "8a229601a9a6f2f87380c733dfcd50a42599ef0fc3a062fc4884ac60a46b22fdaafb21eec7ca11ca09fa604190ad8849dd7b108512955ba32627827fda5241af" + }, + { + "alg" : "SHA-384", + "content" : "5209fd278fc1aff844120c7d185d04b6e5430babbfb8184642590ce31cb8d4eadf9d256b15b1b76269a70a904c733701" + }, + { + "alg" : "SHA3-384", + "content" : "65a7e8cb84a7a91c07e58bcbe1cb2232b79389ce731df5437f7e347ccbd588eb68d94f033c6bcee8c4bb7601ffb922a2" + }, + { + "alg" : "SHA3-256", + "content" : "918f054518eb1306103c35c3e8d46124b8f51023af07f6be5782e4dfc277d21b" + }, + { + "alg" : "SHA3-512", + "content" : "792ede82fbc328269f36d30f885df3bcad4332255ce28cea8d46a634d3868083bf1496f8a9f6298c46cca34a64f6cd70c0132d05ee12cda37e293a9d14a06dc4" + } + ], + "licenses" : [ + { + "license" : { + "id" : "EPL-2.0" + } + }, + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.eclipse.jetty/jetty-util@12.0.11", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://eclipse.dev/jetty/jetty-core/jetty-util" + }, + { + "type" : "distribution-intake", + "url" : "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type" : "issue-tracker", + "url" : "https://github.com/jetty/jetty.project/issues" + }, + { + "type" : "mailing-list", + "url" : "https://www.eclipse.org/lists/jetty-dev/" + }, + { + "type" : "vcs", + "url" : "https://github.com/jetty/jetty.project/jetty-core/jetty-util" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.eclipse.jetty/jetty-util@12.0.11" + }, + { + "publisher" : "Webtide", + "group" : "org.eclipse.jetty", + "name" : "jetty-security", + "version" : "12.0.11", + "description" : "The common Jetty security implementation", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "473201324a61b5f45a329eef9ba5fb5a" + }, + { + "alg" : "SHA-1", + "content" : "ea7a58524334418a2f157d5da7e524348c53b4aa" + }, + { + "alg" : "SHA-256", + "content" : "353eb219e10ff56356207c6c1baffd22994cb2db4db8626aa2d6c3fbabe7cb1d" + }, + { + "alg" : "SHA-512", + "content" : "6b0a5c43998ae10febe5ffe2703f7a5c4ad893481da49c8500a7f012332c4f4405dae1c103ae4b5bcebb52af82dd7cb70b1e91a331b2adf47dc1f480b774c596" + }, + { + "alg" : "SHA-384", + "content" : "e1fd2a623611f86e6f9a326f0639ed6d7b38574838a20531beb056fe2ab979e9bf277647f6d99c6b7703637e790b2cd0" + }, + { + "alg" : "SHA3-384", + "content" : "6cad15ecc1cf24a6a192a36c0245f53b2acec9623c5d8e0b1234512241749e867ba527b3f329b7efc5b92bcad21e9601" + }, + { + "alg" : "SHA3-256", + "content" : "fadc9cf10082b49a1d94d5ec484ab646f330acc6099a73db1f0839fd6010bd40" + }, + { + "alg" : "SHA3-512", + "content" : "a56c907468fdb54f12f06ee898d5216bfe4d8de625ab2ea70fa57d5917f88fab60778e2da2f4b9c11c637ef80c37f145b653dec0ef61ecaa24e260ff7f2c55e8" + } + ], + "licenses" : [ + { + "license" : { + "id" : "EPL-2.0" + } + }, + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.eclipse.jetty/jetty-security@12.0.11", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://eclipse.dev/jetty/jetty-core/jetty-security" + }, + { + "type" : "distribution-intake", + "url" : "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type" : "issue-tracker", + "url" : "https://github.com/jetty/jetty.project/issues" + }, + { + "type" : "mailing-list", + "url" : "https://www.eclipse.org/lists/jetty-dev/" + }, + { + "type" : "vcs", + "url" : "https://github.com/jetty/jetty.project/jetty-core/jetty-security" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.eclipse.jetty/jetty-security@12.0.11" + }, + { + "publisher" : "Webtide", + "group" : "org.eclipse.jetty", + "name" : "jetty-xml", + "version" : "12.0.11", + "description" : "The jetty xml utilities.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "e8e08528dfea669134fe0868caf5cc88" + }, + { + "alg" : "SHA-1", + "content" : "b1a3d6365b1e08330fa117708cdb4b7d9ef76a17" + }, + { + "alg" : "SHA-256", + "content" : "3d09a1fecad3eff633cb0474b63810c9b2114cc0204d34e7a67b9d96a06825b9" + }, + { + "alg" : "SHA-512", + "content" : "7de82d52c53a9ae7a1514c078319656bb8ce98b36f237d121542bde2035b45af74c95e9a767cfa7e4d8a3c0a1ce1f7f99824b0c1b70e907a5bc8f94d6b664758" + }, + { + "alg" : "SHA-384", + "content" : "29c0a26c9849957153f8a6260f1a49811104a1a2f1a06af6d3a829b1bf3324efbd0e77257ad7a19febad4abe549982fa" + }, + { + "alg" : "SHA3-384", + "content" : "80b802db654bc282cef5c61c65cb4553fdead0b47063f0f27d9b3da1b3a8ceec65b6dbc9aa7502d7f3d704a2333e6e2e" + }, + { + "alg" : "SHA3-256", + "content" : "4b64e2ec6cd56dd0d6930806a55c680203363b983a9bea8c1ba545fb7e5815ad" + }, + { + "alg" : "SHA3-512", + "content" : "4b18f9836693a215134e02fe0220e43e64900393e8028c8db963fe8244fe0f15561e92cb3f95e831933ac5af207e025d228be0690c1237f1eda1492cf61e2d90" + } + ], + "licenses" : [ + { + "license" : { + "id" : "EPL-2.0" + } + }, + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.eclipse.jetty/jetty-xml@12.0.11", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://eclipse.dev/jetty/jetty-core/jetty-xml" + }, + { + "type" : "distribution-intake", + "url" : "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type" : "issue-tracker", + "url" : "https://github.com/jetty/jetty.project/issues" + }, + { + "type" : "mailing-list", + "url" : "https://www.eclipse.org/lists/jetty-dev/" + }, + { + "type" : "vcs", + "url" : "https://github.com/jetty/jetty.project/jetty-core/jetty-xml" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.eclipse.jetty/jetty-xml@12.0.11" + }, + { + "group" : "com.google.protobuf", + "name" : "protobuf-java", + "version" : "4.27.5", + "description" : "Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an efficient yet extensible format.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "acc5e625768a117edf1232e04d047cd6" + }, + { + "alg" : "SHA-1", + "content" : "57354f847131e54e7e3bcc190369837be1e53547" + }, + { + "alg" : "SHA-256", + "content" : "0794eb42800cf637eebb2c8143cdc1bda3ac6a6d4adf246603f88dc2d3a240de" + }, + { + "alg" : "SHA-512", + "content" : "479144a40a1dca6cf7d964317c6a1f2e107f5036843837bfdf7192b12cb691ff687e4a25be988ff3821e3eba4f2e111cf2baa162fbb1d8eb3901fd52c79611ff" + }, + { + "alg" : "SHA-384", + "content" : "52c68aa7534b938350341cbec5d303cfcf010cbf0ed64d29f4f755b1652120f5e34e51038ee601d777354009c768b459" + }, + { + "alg" : "SHA3-384", + "content" : "16d9b386137e5768549dbe725f2e471fe1613e8e2bd01b42b656d70e833d5a2842589f3531830fce68822e96d537adac" + }, + { + "alg" : "SHA3-256", + "content" : "76a1c9f15fb661ec333018b0cbe1cb5a10e455bb5f05a1595ec15145cb2dc258" + }, + { + "alg" : "SHA3-512", + "content" : "3529d23bd5a45ef1bd0a1cedeb4510f9c4dcd72981f5ea42d6d07510935dd15e13059d050ce5efac67d15185e9a100e0612e8411b1179fe9b3a13c7fd6408b11" + } + ], + "licenses" : [ + { + "license" : { + "id" : "BSD-3-Clause", + "url" : "https://opensource.org/licenses/BSD-3-Clause" + } + } + ], + "purl" : "pkg:maven/com.google.protobuf/protobuf-java@4.27.5", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://developers.google.com/protocol-buffers/protobuf-java/" + }, + { + "type" : "distribution-intake", + "url" : "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type" : "vcs", + "url" : "https://github.com/protocolbuffers/protobuf/protobuf-java" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/com.google.protobuf/protobuf-java@4.27.5" + }, + { + "publisher" : "The Apache Software Foundation", + "group" : "org.apache.logging.log4j", + "name" : "log4j-slf4j2-impl", + "version" : "2.24.0", + "description" : "SLF4J 2 provider (binding) for the Apache Log4j API. It forwards SLF4J 2 calls to the Log4j API. This effectively allows using Log4j as an implementation of SLF4J 2. (Refer to the `log4j-to-slf4j` artifact for forwarding the Log4j API to SLF4J.)", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "666143d82cabc572ff434561bbe6c188" + }, + { + "alg" : "SHA-1", + "content" : "3d550671b19e83591d5e66cc8c77272e7aaac34c" + }, + { + "alg" : "SHA-256", + "content" : "48f033d284554a67955a68aaf978273abb5dcb9da2de26cdd6dd77b78bd86a3f" + }, + { + "alg" : "SHA-512", + "content" : "24973d061591957bbd8f5420cb3533a8ba31e0a7aadd411c4ee685bae4a741117d24c933c0f2cf60654f95f2cf8a22422ea9c8f59c9001d2826f65ff3a7a6729" + }, + { + "alg" : "SHA-384", + "content" : "b5ede67f4e83517b28ec4de79a651d5cc3dba32563131cd4a596ee2f2f0df8a2619287ae55253bb686ddd9abb82f80cc" + }, + { + "alg" : "SHA3-384", + "content" : "6ae6f0611c880129108b4a8a5cbd8b8cd02d678ff10c9a3f296285204761dda83729e90a11cd8efa1a72ac86918a2114" + }, + { + "alg" : "SHA3-256", + "content" : "03e628f15bf701aae8c6ce636f53dd2ffb7551c9733a249be992b16cc77b2421" + }, + { + "alg" : "SHA3-512", + "content" : "2ed78ebb1d2a102bf8698c613911ea2552770d40ae5dbe499edd7270f20de9df7b1798ac8e5bb2843a5d7568c831f5bd45d184c271d17d1d2338f5f69e67f49a" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0", + "url" : "https://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.logging.log4j/log4j-slf4j2-impl@2.24.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://logging.apache.org/log4j/2.x/log4j/log4j-slf4j2-impl/" + }, + { + "type" : "build-system", + "url" : "https://github.com/apache/logging-log4j2/actions" + }, + { + "type" : "distribution", + "url" : "https://logging.apache.org/download.html" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://github.com/apache/logging-log4j2/issues" + }, + { + "type" : "mailing-list", + "url" : "https://lists.apache.org/list.html?log4j-user@logging.apache.org" + }, + { + "type" : "vcs", + "url" : "https://github.com/apache/logging-log4j2" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.logging.log4j/log4j-slf4j2-impl@2.24.0" + }, + { + "publisher" : "The Apache Software Foundation", + "group" : "org.apache.logging.log4j", + "name" : "log4j-api", + "version" : "2.24.0", + "description" : "The logging API of the Log4j project. Library and application code can log through this API. It contains a simple built-in implementation (`SimpleLogger`) for trivial use cases. Production applications are recommended to use Log4j API in combination with a fully-fledged implementation, such as Log4j Core.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "a4675d48bc9b9cb970511edcafba2dab" + }, + { + "alg" : "SHA-1", + "content" : "c6d9bd0c95c9bb6c530f4800da9507b98f018654" + }, + { + "alg" : "SHA-256", + "content" : "de99b52578c62ee0125dd345e7121502facfe29294314ae684a4a12314c4e55a" + }, + { + "alg" : "SHA-512", + "content" : "51f6a24a9d55a1b2c185a79a900d440635719d012f743181d5b95299495b400953ef51f7d470005f0071d7643cb283b44430cb58c0fc35a0e308e6c48600b737" + }, + { + "alg" : "SHA-384", + "content" : "780a3a9607e212f2fde118c6735399428fdb8e7427098cb0244b8744adff50abaf70b4a0ac09156e96b61d815f942086" + }, + { + "alg" : "SHA3-384", + "content" : "25e0d09de42aa76058d68e45152fb215496b2c789ad53737fb9d77c9fd6a043ed3fdc80639d95b322c2f7a713114c346" + }, + { + "alg" : "SHA3-256", + "content" : "9895abed2eb1e067402ea2695547440991ee683252b1fad8bfc3248d58cdb194" + }, + { + "alg" : "SHA3-512", + "content" : "f23eb0c34f33098b33e269acda70523494964d40277545fe5800559c201b7bcdf653b2d4ec0efc483e08a1c8915a4c98097aa288ec996b9f6e3cb4aa2e8dc5aa" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0", + "url" : "https://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.logging.log4j/log4j-api@2.24.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://logging.apache.org/log4j/2.x/log4j/log4j-api/" + }, + { + "type" : "build-system", + "url" : "https://github.com/apache/logging-log4j2/actions" + }, + { + "type" : "distribution", + "url" : "https://logging.apache.org/download.html" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://github.com/apache/logging-log4j2/issues" + }, + { + "type" : "mailing-list", + "url" : "https://lists.apache.org/list.html?log4j-user@logging.apache.org" + }, + { + "type" : "vcs", + "url" : "https://github.com/apache/logging-log4j2" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.logging.log4j/log4j-api@2.24.0" + }, + { + "publisher" : "The Apache Software Foundation", + "group" : "org.apache.logging.log4j", + "name" : "log4j-core", + "version" : "2.24.0", + "description" : "A versatile, industrial-grade, and reference implementation of the Log4j API. It bundles a rich set of components to assist various use cases: Appenders targeting files, network sockets, databases, SMTP servers; Layouts that can render CSV, HTML, JSON, Syslog, etc. formatted outputs; Filters that can be configured using log event rates, regular expressions, scripts, time, etc. It contains several extension points to introduce custom components, if needed.", + "scope" : "required", + "hashes" : [ + { + "alg" : "MD5", + "content" : "1055e8faa70abb876bbe797ecc472252" + }, + { + "alg" : "SHA-1", + "content" : "537543d3b84d78b4d7ad055c98f8af13e5e7f3a8" + }, + { + "alg" : "SHA-256", + "content" : "3f5b93c80f0f3d2e8cfb166a7d64ec589f8c9326fa0d7c41d74d63b28f6fd62e" + }, + { + "alg" : "SHA-512", + "content" : "5e151308c843f1f015fabb10f8e155daef6c50713f152d49c48aa74e884d1985e069745308786afe564e26edcd26dd8519478ca43674e859b544059e11bf577c" + }, + { + "alg" : "SHA-384", + "content" : "38c609aa9b4b2e934dc3951670c6f053a503faf000b431dc6a7474e566adf97884a502a6a98335dd524870c12d5a0000" + }, + { + "alg" : "SHA3-384", + "content" : "1099b73d89746231fe2a6b94a8482f9eb1153aec134e11eb92618d2190811311f894c7f6eb11b32c0908e032f37956a2" + }, + { + "alg" : "SHA3-256", + "content" : "b412d3fc36de9cf6bf19f9701077ae705cab72fa642a46dc259085b88d26d510" + }, + { + "alg" : "SHA3-512", + "content" : "c088455792b1311a8517bf672cf984acceaab3a6af4fe64e7e0227befc116b4c0b1dee79c2c68d4aa8e66fb61b54f84bb18cf1fe6a5c18368435136e02825858" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0", + "url" : "https://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.logging.log4j/log4j-core@2.24.0", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://logging.apache.org/log4j/2.x/log4j/log4j-core/" + }, + { + "type" : "build-system", + "url" : "https://github.com/apache/logging-log4j2/actions" + }, + { + "type" : "distribution", + "url" : "https://logging.apache.org/download.html" + }, + { + "type" : "distribution-intake", + "url" : "https://repository.apache.org/service/local/staging/deploy/maven2" + }, + { + "type" : "issue-tracker", + "url" : "https://github.com/apache/logging-log4j2/issues" + }, + { + "type" : "mailing-list", + "url" : "https://lists.apache.org/list.html?log4j-user@logging.apache.org" + }, + { + "type" : "vcs", + "url" : "https://github.com/apache/logging-log4j2" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.logging.log4j/log4j-core@2.24.0" + }, + { + "group" : "io.telicent.jena", + "name" : "jena-kafka-client", + "version" : "1.4.0-SNAPSHOT", + "description" : "Jena-Kafka client tools", + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/io.telicent.jena/jena-kafka-client@1.4.0-SNAPSHOT", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://github.com/telicent-oss/jena-fuseki-kafka/jena-kafka-client" + }, + { + "type" : "distribution-intake", + "url" : "https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type" : "issue-tracker", + "url" : "https://github.com/telicent-oss/jena-fuseki-kafka" + }, + { + "type" : "vcs", + "url" : "https://github.com/telicent-oss/jena-fuseki-kafka/jena-kafka-client" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/io.telicent.jena/jena-kafka-client@1.4.0-SNAPSHOT" + }, + { + "group" : "io.telicent.jena", + "name" : "jena-fmod-kafka", + "version" : "1.4.0-SNAPSHOT", + "description" : "Apache Jena Fuseki server Kafka connector", + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/io.telicent.jena/jena-fmod-kafka@1.4.0-SNAPSHOT", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://github.com/telicent-oss/jena-fuseki-kafka/jena-fmod-kafka" + }, + { + "type" : "distribution-intake", + "url" : "https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type" : "issue-tracker", + "url" : "https://github.com/telicent-oss/jena-fuseki-kafka" + }, + { + "type" : "vcs", + "url" : "https://github.com/telicent-oss/jena-fuseki-kafka/jena-fmod-kafka" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/io.telicent.jena/jena-fmod-kafka@1.4.0-SNAPSHOT" + } + ], + "dependencies" : [ + { + "ref" : "pkg:maven/io.telicent.jena/jena-kafka@1.4.0-SNAPSHOT?type=pom", + "dependsOn" : [ + "pkg:maven/io.telicent.jena/jena-kafka-connector@1.4.0-SNAPSHOT", + "pkg:maven/io.telicent.jena/jena-fuseki-kafka-module@1.4.0-SNAPSHOT", + "pkg:maven/io.telicent.jena/jena-kafka-client@1.4.0-SNAPSHOT", + "pkg:maven/io.telicent.jena/jena-fmod-kafka@1.4.0-SNAPSHOT" + ] + }, + { + "ref" : "pkg:maven/io.telicent.jena/jena-kafka-connector@1.4.0-SNAPSHOT", + "dependsOn" : [ + "pkg:maven/org.apache.kafka/kafka-clients@3.8.0", + "pkg:maven/org.apache.jena/jena-arq@5.1.0" + ] + }, + { + "ref" : "pkg:maven/org.apache.kafka/kafka-clients@3.8.0", + "dependsOn" : [ + "pkg:maven/com.github.luben/zstd-jni@1.5.6-3", + "pkg:maven/org.lz4/lz4-java@1.8.0", + "pkg:maven/org.xerial.snappy/snappy-java@1.1.10.5", + "pkg:maven/org.slf4j/slf4j-api@2.0.7" + ] + }, + { + "ref" : "pkg:maven/com.github.luben/zstd-jni@1.5.6-3", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/org.lz4/lz4-java@1.8.0", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/org.xerial.snappy/snappy-java@1.1.10.5", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/org.slf4j/slf4j-api@2.0.7", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/org.apache.jena/jena-arq@5.1.0", + "dependsOn" : [ + "pkg:maven/org.apache.jena/jena-core@5.1.0", + "pkg:maven/com.google.code.gson/gson@2.11.0", + "pkg:maven/com.apicatalog/titanium-json-ld@1.4.0", + "pkg:maven/org.glassfish/jakarta.json@2.0.1", + "pkg:maven/org.apache.thrift/libthrift@0.20.0", + "pkg:maven/org.apache.commons/commons-lang3@3.14.0", + "pkg:maven/org.junit.platform/junit-platform-suite-engine@1.11.0" + ] + }, + { + "ref" : "pkg:maven/org.apache.jena/jena-core@5.1.0", + "dependsOn" : [ + "pkg:maven/org.apache.jena/jena-base@5.1.0", + "pkg:maven/org.apache.jena/jena-iri@5.1.0", + "pkg:maven/org.roaringbitmap/RoaringBitmap@1.2.0" + ] + }, + { + "ref" : "pkg:maven/org.apache.jena/jena-base@5.1.0", + "dependsOn" : [ + "pkg:maven/org.slf4j/slf4j-api@2.0.7", + "pkg:maven/org.apache.commons/commons-csv@1.11.0", + "pkg:maven/commons-io/commons-io@2.16.1", + "pkg:maven/org.apache.commons/commons-lang3@3.14.0", + "pkg:maven/commons-codec/commons-codec@1.17.0", + "pkg:maven/org.apache.commons/commons-compress@1.26.2", + "pkg:maven/org.apache.commons/commons-collections4@4.4", + "pkg:maven/com.github.ben-manes.caffeine/caffeine@3.1.8", + "pkg:maven/com.github.andrewoma.dexx/collection@0.7" + ] + }, + { + "ref" : "pkg:maven/org.apache.commons/commons-csv@1.11.0", + "dependsOn" : [ + "pkg:maven/commons-io/commons-io@2.16.1", + "pkg:maven/commons-codec/commons-codec@1.17.0" + ] + }, + { + "ref" : "pkg:maven/commons-io/commons-io@2.16.1", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/commons-codec/commons-codec@1.17.0", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/org.apache.commons/commons-lang3@3.14.0", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/org.apache.commons/commons-compress@1.26.2", + "dependsOn" : [ + "pkg:maven/commons-codec/commons-codec@1.17.0", + "pkg:maven/commons-io/commons-io@2.16.1", + "pkg:maven/org.apache.commons/commons-lang3@3.14.0" + ] + }, + { + "ref" : "pkg:maven/org.apache.commons/commons-collections4@4.4", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/com.github.ben-manes.caffeine/caffeine@3.1.8", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/com.github.andrewoma.dexx/collection@0.7", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/org.apache.jena/jena-iri@5.1.0", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/org.roaringbitmap/RoaringBitmap@1.2.0", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/com.google.code.gson/gson@2.11.0", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/com.apicatalog/titanium-json-ld@1.4.0", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/org.glassfish/jakarta.json@2.0.1", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/org.apache.thrift/libthrift@0.20.0", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/org.junit.platform/junit-platform-suite-engine@1.11.0", + "dependsOn" : [ + "pkg:maven/org.junit.platform/junit-platform-engine@1.11.0", + "pkg:maven/org.junit.platform/junit-platform-suite-api@1.11.0", + "pkg:maven/org.apiguardian/apiguardian-api@1.1.2", + "pkg:maven/org.junit.platform/junit-platform-suite-commons@1.11.0" + ] + }, + { + "ref" : "pkg:maven/org.junit.platform/junit-platform-engine@1.11.0", + "dependsOn" : [ + "pkg:maven/org.opentest4j/opentest4j@1.3.0", + "pkg:maven/org.junit.platform/junit-platform-commons@1.11.0", + "pkg:maven/org.apiguardian/apiguardian-api@1.1.2" + ] + }, + { + "ref" : "pkg:maven/org.opentest4j/opentest4j@1.3.0", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/org.junit.platform/junit-platform-commons@1.11.0", + "dependsOn" : [ + "pkg:maven/org.apiguardian/apiguardian-api@1.1.2" + ] + }, + { + "ref" : "pkg:maven/org.apiguardian/apiguardian-api@1.1.2", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/org.junit.platform/junit-platform-suite-api@1.11.0", + "dependsOn" : [ + "pkg:maven/org.junit.platform/junit-platform-commons@1.11.0", + "pkg:maven/org.apiguardian/apiguardian-api@1.1.2" + ] + }, + { + "ref" : "pkg:maven/org.junit.platform/junit-platform-suite-commons@1.11.0", + "dependsOn" : [ + "pkg:maven/org.junit.platform/junit-platform-launcher@1.11.0", + "pkg:maven/org.apiguardian/apiguardian-api@1.1.2", + "pkg:maven/org.junit.platform/junit-platform-engine@1.11.0", + "pkg:maven/org.junit.platform/junit-platform-suite-api@1.11.0" + ] + }, + { + "ref" : "pkg:maven/org.junit.platform/junit-platform-launcher@1.11.0", + "dependsOn" : [ + "pkg:maven/org.junit.platform/junit-platform-engine@1.11.0", + "pkg:maven/org.apiguardian/apiguardian-api@1.1.2" + ] + }, + { + "ref" : "pkg:maven/io.telicent.jena/jena-fuseki-kafka-module@1.4.0-SNAPSHOT", + "dependsOn" : [ + "pkg:maven/io.telicent.jena/jena-kafka-connector@1.4.0-SNAPSHOT", + "pkg:maven/org.apache.jena/jena-fuseki-main@5.1.0", + "pkg:maven/com.google.protobuf/protobuf-java@4.27.5" + ] + }, + { + "ref" : "pkg:maven/commons-io/commons-io@2.15.1", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/org.apache.jena/jena-fuseki-main@5.1.0", + "dependsOn" : [ + "pkg:maven/org.apache.jena/jena-fuseki-core@5.1.0", + "pkg:maven/org.apache.jena/jena-fuseki-access@5.1.0", + "pkg:maven/org.apache.jena/jena-cmds@5.1.0", + "pkg:maven/org.eclipse.jetty.ee10/jetty-ee10-servlet@12.0.11", + "pkg:maven/org.eclipse.jetty.ee10/jetty-ee10-servlets@12.0.11", + "pkg:maven/org.eclipse.jetty/jetty-security@12.0.11", + "pkg:maven/org.eclipse.jetty/jetty-xml@12.0.11" + ] + }, + { + "ref" : "pkg:maven/org.apache.jena/jena-fuseki-core@5.1.0", + "dependsOn" : [ + "pkg:maven/org.apache.jena/jena-rdfpatch@5.1.0", + "pkg:maven/org.apache.jena/jena-shacl@5.1.0", + "pkg:maven/org.apache.jena/jena-shex@5.1.0", + "pkg:maven/org.apache.jena/jena-tdb1@5.1.0", + "pkg:maven/org.apache.jena/jena-tdb2@5.1.0", + "pkg:maven/org.apache.jena/jena-rdfconnection@5.1.0", + "pkg:maven/org.apache.commons/commons-fileupload2-jakarta-servlet6@2.0.0-M2", + "pkg:maven/jakarta.servlet/jakarta.servlet-api@6.1.0", + "pkg:maven/org.slf4j/slf4j-api@2.0.7", + "pkg:maven/io.micrometer/micrometer-core@1.13.1", + "pkg:maven/io.micrometer/micrometer-registry-prometheus@1.13.1" + ] + }, + { + "ref" : "pkg:maven/org.apache.jena/jena-rdfpatch@5.1.0", + "dependsOn" : [ + "pkg:maven/org.apache.jena/jena-arq@5.1.0" + ] + }, + { + "ref" : "pkg:maven/org.apache.jena/jena-shacl@5.1.0", + "dependsOn" : [ + "pkg:maven/org.apache.jena/jena-arq@5.1.0" + ] + }, + { + "ref" : "pkg:maven/org.apache.jena/jena-shex@5.1.0", + "dependsOn" : [ + "pkg:maven/org.apache.jena/jena-arq@5.1.0" + ] + }, + { + "ref" : "pkg:maven/org.apache.jena/jena-tdb1@5.1.0", + "dependsOn" : [ + "pkg:maven/org.apache.jena/jena-arq@5.1.0" + ] + }, + { + "ref" : "pkg:maven/org.apache.jena/jena-tdb2@5.1.0", + "dependsOn" : [ + "pkg:maven/org.apache.jena/jena-dboe-storage@5.1.0" + ] + }, + { + "ref" : "pkg:maven/org.apache.jena/jena-dboe-storage@5.1.0", + "dependsOn" : [ + "pkg:maven/org.apache.jena/jena-dboe-trans-data@5.1.0" + ] + }, + { + "ref" : "pkg:maven/org.apache.jena/jena-dboe-trans-data@5.1.0", + "dependsOn" : [ + "pkg:maven/org.apache.jena/jena-dboe-transaction@5.1.0", + "pkg:maven/org.apache.jena/jena-dboe-index@5.1.0" + ] + }, + { + "ref" : "pkg:maven/org.apache.jena/jena-dboe-transaction@5.1.0", + "dependsOn" : [ + "pkg:maven/org.apache.jena/jena-dboe-base@5.1.0" + ] + }, + { + "ref" : "pkg:maven/org.apache.jena/jena-dboe-base@5.1.0", + "dependsOn" : [ + "pkg:maven/org.apache.jena/jena-arq@5.1.0" + ] + }, + { + "ref" : "pkg:maven/org.apache.jena/jena-dboe-index@5.1.0", + "dependsOn" : [ + "pkg:maven/org.apache.jena/jena-dboe-base@5.1.0" + ] + }, + { + "ref" : "pkg:maven/org.apache.jena/jena-rdfconnection@5.1.0", + "dependsOn" : [ + "pkg:maven/org.apache.jena/jena-arq@5.1.0" + ] + }, + { + "ref" : "pkg:maven/org.apache.commons/commons-fileupload2-jakarta-servlet6@2.0.0-M2", + "dependsOn" : [ + "pkg:maven/org.apache.commons/commons-fileupload2-core@2.0.0-M2", + "pkg:maven/commons-io/commons-io@2.15.1" + ] + }, + { + "ref" : "pkg:maven/org.apache.commons/commons-fileupload2-core@2.0.0-M2", + "dependsOn" : [ + "pkg:maven/commons-io/commons-io@2.15.1" + ] + }, + { + "ref" : "pkg:maven/jakarta.servlet/jakarta.servlet-api@6.1.0", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/io.micrometer/micrometer-core@1.13.1", + "dependsOn" : [ + "pkg:maven/io.micrometer/micrometer-commons@1.13.1", + "pkg:maven/io.micrometer/micrometer-observation@1.13.1", + "pkg:maven/org.hdrhistogram/HdrHistogram@2.2.2", + "pkg:maven/org.latencyutils/LatencyUtils@2.0.3" + ] + }, + { + "ref" : "pkg:maven/io.micrometer/micrometer-commons@1.13.1", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/io.micrometer/micrometer-observation@1.13.1", + "dependsOn" : [ + "pkg:maven/io.micrometer/micrometer-commons@1.13.1" + ] + }, + { + "ref" : "pkg:maven/org.hdrhistogram/HdrHistogram@2.2.2", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/org.latencyutils/LatencyUtils@2.0.3", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/io.micrometer/micrometer-registry-prometheus@1.13.1", + "dependsOn" : [ + "pkg:maven/io.micrometer/micrometer-core@1.13.1", + "pkg:maven/io.prometheus/prometheus-metrics-core@1.2.1", + "pkg:maven/io.prometheus/prometheus-metrics-tracer-common@1.2.1", + "pkg:maven/io.prometheus/prometheus-metrics-exposition-formats@1.2.1" + ] + }, + { + "ref" : "pkg:maven/io.prometheus/prometheus-metrics-core@1.2.1", + "dependsOn" : [ + "pkg:maven/io.prometheus/prometheus-metrics-model@1.2.1", + "pkg:maven/io.prometheus/prometheus-metrics-config@1.2.1" + ] + }, + { + "ref" : "pkg:maven/io.prometheus/prometheus-metrics-model@1.2.1", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/io.prometheus/prometheus-metrics-config@1.2.1", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/io.prometheus/prometheus-metrics-tracer-common@1.2.1", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/io.prometheus/prometheus-metrics-exposition-formats@1.2.1", + "dependsOn" : [ + "pkg:maven/io.prometheus/prometheus-metrics-model@1.2.1", + "pkg:maven/io.prometheus/prometheus-metrics-config@1.2.1", + "pkg:maven/io.prometheus/prometheus-metrics-shaded-protobuf@1.2.1" + ] + }, + { + "ref" : "pkg:maven/io.prometheus/prometheus-metrics-shaded-protobuf@1.2.1", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/org.apache.jena/jena-fuseki-access@5.1.0", + "dependsOn" : [ + "pkg:maven/org.apache.jena/jena-fuseki-core@5.1.0" + ] + }, + { + "ref" : "pkg:maven/org.apache.jena/jena-cmds@5.1.0", + "dependsOn" : [ + "pkg:maven/org.apache.jena/jena-core@5.1.0", + "pkg:maven/org.apache.jena/jena-arq@5.1.0", + "pkg:maven/org.apache.jena/jena-rdfpatch@5.1.0", + "pkg:maven/org.apache.jena/jena-shacl@5.1.0", + "pkg:maven/org.apache.jena/jena-shex@5.1.0", + "pkg:maven/org.apache.jena/jena-tdb1@5.1.0", + "pkg:maven/org.apache.jena/jena-tdb2@5.1.0", + "pkg:maven/org.apache.jena/jena-rdfconnection@5.1.0", + "pkg:maven/commons-cli/commons-cli@1.8.0", + "pkg:maven/org.slf4j/slf4j-api@2.0.7" + ] + }, + { + "ref" : "pkg:maven/commons-cli/commons-cli@1.8.0", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/org.eclipse.jetty.ee10/jetty-ee10-servlet@12.0.11", + "dependsOn" : [ + "pkg:maven/jakarta.servlet/jakarta.servlet-api@6.1.0", + "pkg:maven/org.eclipse.jetty/jetty-security@12.0.11", + "pkg:maven/org.eclipse.jetty/jetty-server@12.0.11", + "pkg:maven/org.eclipse.jetty/jetty-session@12.0.11", + "pkg:maven/org.slf4j/slf4j-api@2.0.7" + ] + }, + { + "ref" : "pkg:maven/org.eclipse.jetty/jetty-security@12.0.11", + "dependsOn" : [ + "pkg:maven/org.eclipse.jetty/jetty-server@12.0.11", + "pkg:maven/org.slf4j/slf4j-api@2.0.7" + ] + }, + { + "ref" : "pkg:maven/org.eclipse.jetty/jetty-server@12.0.11", + "dependsOn" : [ + "pkg:maven/org.eclipse.jetty/jetty-http@12.0.11", + "pkg:maven/org.eclipse.jetty/jetty-io@12.0.11", + "pkg:maven/org.slf4j/slf4j-api@2.0.7" + ] + }, + { + "ref" : "pkg:maven/org.eclipse.jetty/jetty-http@12.0.11", + "dependsOn" : [ + "pkg:maven/org.eclipse.jetty/jetty-io@12.0.11", + "pkg:maven/org.eclipse.jetty/jetty-util@12.0.11", + "pkg:maven/org.slf4j/slf4j-api@2.0.7" + ] + }, + { + "ref" : "pkg:maven/org.eclipse.jetty/jetty-io@12.0.11", + "dependsOn" : [ + "pkg:maven/org.eclipse.jetty/jetty-util@12.0.11", + "pkg:maven/org.slf4j/slf4j-api@2.0.7" + ] + }, + { + "ref" : "pkg:maven/org.eclipse.jetty/jetty-util@12.0.11", + "dependsOn" : [ + "pkg:maven/org.slf4j/slf4j-api@2.0.7" + ] + }, + { + "ref" : "pkg:maven/org.eclipse.jetty/jetty-session@12.0.11", + "dependsOn" : [ + "pkg:maven/org.eclipse.jetty/jetty-server@12.0.11", + "pkg:maven/org.slf4j/slf4j-api@2.0.7" + ] + }, + { + "ref" : "pkg:maven/org.eclipse.jetty.ee10/jetty-ee10-servlets@12.0.11", + "dependsOn" : [ + "pkg:maven/org.eclipse.jetty/jetty-http@12.0.11", + "pkg:maven/org.eclipse.jetty/jetty-io@12.0.11", + "pkg:maven/org.eclipse.jetty/jetty-util@12.0.11", + "pkg:maven/org.slf4j/slf4j-api@2.0.7" + ] + }, + { + "ref" : "pkg:maven/org.eclipse.jetty/jetty-xml@12.0.11", + "dependsOn" : [ + "pkg:maven/org.eclipse.jetty/jetty-util@12.0.11", + "pkg:maven/org.slf4j/slf4j-api@2.0.7" + ] + }, + { + "ref" : "pkg:maven/com.google.protobuf/protobuf-java@4.27.5", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/io.telicent.jena/jena-kafka-client@1.4.0-SNAPSHOT", + "dependsOn" : [ + "pkg:maven/io.telicent.jena/jena-kafka-connector@1.4.0-SNAPSHOT", + "pkg:maven/org.apache.kafka/kafka-clients@3.8.0", + "pkg:maven/org.apache.jena/jena-cmds@5.1.0", + "pkg:maven/org.apache.logging.log4j/log4j-slf4j2-impl@2.24.0" + ] + }, + { + "ref" : "pkg:maven/org.apache.logging.log4j/log4j-slf4j2-impl@2.24.0", + "dependsOn" : [ + "pkg:maven/org.apache.logging.log4j/log4j-api@2.24.0", + "pkg:maven/org.slf4j/slf4j-api@2.0.7", + "pkg:maven/org.apache.logging.log4j/log4j-core@2.24.0" + ] + }, + { + "ref" : "pkg:maven/org.apache.logging.log4j/log4j-api@2.24.0", + "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/org.apache.logging.log4j/log4j-core@2.24.0", + "dependsOn" : [ + "pkg:maven/org.apache.logging.log4j/log4j-api@2.24.0" + ] + }, + { + "ref" : "pkg:maven/io.telicent.jena/jena-fmod-kafka@1.4.0-SNAPSHOT", + "dependsOn" : [ + "pkg:maven/io.telicent.jena/jena-fuseki-kafka-module@1.4.0-SNAPSHOT" + ] + } + ] +} \ No newline at end of file diff --git a/_TESTDATA_/sbom/merged.json b/_TESTDATA_/sbom/merged/merged.json similarity index 100% rename from _TESTDATA_/sbom/merged.json rename to _TESTDATA_/sbom/merged/merged.json diff --git a/_TESTDATA_/sbom/merged/sbom_specver1.5.json b/_TESTDATA_/sbom/merged/sbom_specver1.5.json new file mode 100644 index 0000000..dbce33c --- /dev/null +++ b/_TESTDATA_/sbom/merged/sbom_specver1.5.json @@ -0,0 +1,85 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:cd2f853a-98cc-475d-b533-6ce32fa3997b", + "version": 1, + "metadata": { + "tools": { + "components": [ + { + "type": "application", + "bom-ref": "pkg:npm/@cyclonedx/cdxgen@10.9.11", + "author": "OWASP Foundation", + "publisher": "OWASP Foundation", + "group": "@cyclonedx", + "name": "cdxgen", + "version": "10.9.11", + "purl": "pkg:npm/%40cyclonedx/cdxgen@10.9.11" + } + ] + }, + "component": { + "type": "application", + "name": "service-name" + } + }, + "components": [ + { + "type": "library", + "name": "openjpeg", + "version": "2.5.2", + "description": "OpenJPEG is an open-source JPEG 2000 codec written in C language.", + "purl": "pkg:conan/openjpeg@2.5.2", + "externalReferences": [ + { + "url": "https://github.com/uclouvain/openjpeg", + "type": "distribution" + } + ], + "properties": [ + { + "name": "language", + "value": "C\u002B\u002B" + } + ] + }, + { + "type": "library", + "name": "openssl", + "version": "3.3.1", + "description": "A toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols", + "purl": "pkg:conan/openssl@3.3.1", + "externalReferences": [ + { + "url": "https://github.com/openssl/openssl", + "type": "distribution" + } + ], + "properties": [ + { + "name": "language", + "value": "C\u002B\u002B" + } + ] + }, + { + "type": "library", + "name": "protobuf", + "version": "3.21.12", + "description": "Protocol Buffers - Google\u0027s data interchange format", + "purl": "pkg:conan/protobuf@3.21.12", + "externalReferences": [ + { + "url": "https://github.com/protocolbuffers/protobuf", + "type": "distribution" + } + ], + "properties": [ + { + "name": "language", + "value": "C\u002B\u002B" + } + ] + } + ] +} diff --git a/_TESTDATA_/sbom/merged/sbom_specver1.6.json b/_TESTDATA_/sbom/merged/sbom_specver1.6.json new file mode 100644 index 0000000..0de8d96 --- /dev/null +++ b/_TESTDATA_/sbom/merged/sbom_specver1.6.json @@ -0,0 +1,85 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:cd2f853a-98cc-475d-b533-6ce32fa3997b", + "version": 1, + "metadata": { + "tools": { + "components": [ + { + "type": "application", + "bom-ref": "pkg:npm/@cyclonedx/cdxgen@10.9.11", + "author": "OWASP Foundation", + "publisher": "OWASP Foundation", + "group": "@cyclonedx", + "name": "cdxgen", + "version": "10.9.11", + "purl": "pkg:npm/%40cyclonedx/cdxgen@10.9.11" + } + ] + }, + "component": { + "type": "application", + "name": "service-name" + } + }, + "components": [ + { + "type": "library", + "name": "openjpeg", + "version": "2.5.2", + "description": "OpenJPEG is an open-source JPEG 2000 codec written in C language.", + "purl": "pkg:conan/openjpeg@2.5.2", + "externalReferences": [ + { + "url": "https://github.com/uclouvain/openjpeg", + "type": "distribution" + } + ], + "properties": [ + { + "name": "language", + "value": "C\u002B\u002B" + } + ] + }, + { + "type": "library", + "name": "openssl", + "version": "3.3.1", + "description": "A toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols", + "purl": "pkg:conan/openssl@3.3.1", + "externalReferences": [ + { + "url": "https://github.com/openssl/openssl", + "type": "distribution" + } + ], + "properties": [ + { + "name": "language", + "value": "C\u002B\u002B" + } + ] + }, + { + "type": "library", + "name": "protobuf", + "version": "3.21.12", + "description": "Protocol Buffers - Google\u0027s data interchange format", + "purl": "pkg:conan/protobuf@3.21.12", + "externalReferences": [ + { + "url": "https://github.com/protocolbuffers/protobuf", + "type": "distribution" + } + ], + "properties": [ + { + "name": "language", + "value": "C\u002B\u002B" + } + ] + } + ] +} diff --git a/doc/providers/osv.md b/doc/providers/osv.md index e78179d..cd21872 100644 --- a/doc/providers/osv.md +++ b/doc/providers/osv.md @@ -1,10 +1,10 @@ ![](../../img/providers/osv.png) -[OSV](https://osv.dev) is the default provider for ```bomber```. It is an open, precise, and distributed approach to producing and consuming vulnerability information for open source. +[OSV](https://osv.dev) is the default provider for `bomber`. It is an open, precise, and distributed approach to producing and consuming vulnerability information for open source. -**You don't need to register for any service, get a password, or a token.** Just use ```bomber``` without a provider flag and away you go like this: +**You don't need to register for any service, get a password, or a token.** Just use `bomber` without a provider flag and away you go like this: -``` bash +```bash bomber scan test.cyclonedx.json ``` @@ -12,29 +12,33 @@ bomber scan test.cyclonedx.json At this time, the [OSV](https://osv.dev) supports the following ecosystems: -- Alpine Linux +- AlmaLinux +- Alpine +- Android - Bitnami -- Cargo (Rust) -- ConanCenter -- Debian Linux +- crates.io +- Curl +- Debian GNU/Linux +- Git (including C/C++) - GitHub Actions - Go -- Gradle -- Hex (Erlang/Elixir) -- Linux Kernel +- Haskell +- Hex +- Linux kernel - Maven - npm - NuGet - OSS-Fuzz -- Packagist (PHP) +- Packagist +- Pub - PyPI +- Python +- R (CRAN and Bioconductor) +- Rocky Linux - RubyGems - SwiftURL -- and others... +- Ubuntu OS ## OSV Notes -Additionally, there are cases where OSV does not return a Severity, or a CVE/CWE. In these rare cases, ```bomber``` will output "UNSPECIFIED", and "UNDEFINED" respectively. - - - +Additionally, there are cases where OSV does not return a Severity, or a CVE/CWE. In these rare cases, `bomber` will output "UNSPECIFIED", and "UNDEFINED" respectively. diff --git a/filters/purl.go b/filters/purl.go index 1c204aa..dbe0acb 100644 --- a/filters/purl.go +++ b/filters/purl.go @@ -1,7 +1,6 @@ package filters import ( - "regexp" "strings" "github.com/package-url/packageurl-go" @@ -12,7 +11,6 @@ import ( // Sanitize removes any invalid package URLs from the slice func Sanitize(purls []string) (sanitized []string, issues []models.Issue) { for _, p := range purls { - p := sanitizePurl(p) purl, err := packageurl.FromString(p) if err != nil { //append a new models.Issue to the issues slice @@ -49,22 +47,22 @@ func Sanitize(purls []string) (sanitized []string, issues []models.Issue) { return } -func sanitizePurl(input string) string { - re := regexp.MustCompile(`[^a-zA-Z0-9@/\.:-?-=]+`) - sanitized := re.ReplaceAllString(input, "") +// func sanitizePurl(input string) string { +// re := regexp.MustCompile(`[^a-zA-Z0-9@/\.:-?=]+`) +// sanitized := re.ReplaceAllString(input, "") - // Check if the sanitized string ends with a semantic version - semverPattern := `^.*@\d+\.\d+\.\d+$` - semverRegex := regexp.MustCompile(semverPattern) - if !semverRegex.MatchString(sanitized) { - // Check if the sanitized string ends with a semantic version followed by a question mark - semverWithQueryPattern := `^.*@\d+\.\d+\.\d+\?.*$` - semverWithQueryRegex := regexp.MustCompile(semverWithQueryPattern) - if !semverWithQueryRegex.MatchString(sanitized) { - // Remove the at symbol and anything that follows it - sanitized = strings.Split(sanitized, "@")[0] - } - } +// // Check if the sanitized string ends with a semantic version +// semverPattern := `@\d+\.\d+\.\d+` +// semverRegex := regexp.MustCompile(semverPattern) +// if semverRegex.MatchString(sanitized) { +// // Extract the semantic version +// version := semverRegex.FindString(sanitized) +// // Remove invalid characters before the version +// sanitized = re.ReplaceAllString(strings.Split(sanitized, version)[0], "") + version +// } else { +// // Remove the at symbol and anything that follows it if no valid version is found +// sanitized = strings.Split(sanitized, "@")[0] +// } - return sanitized -} +// return sanitized +// } diff --git a/filters/purl_test.go b/filters/purl_test.go index 1baf799..f7506a6 100644 --- a/filters/purl_test.go +++ b/filters/purl_test.go @@ -42,54 +42,3 @@ func TestSanitize(t *testing.T) { assert.ElementsMatch(t, expectedSanitized, sanitized) assert.ElementsMatch(t, expectedIssues, issues) } - -func TestSanitizePurl(t *testing.T) { - testCases := []struct { - name string - input string - expected string - }{ - { - name: "ValidSemVer", - input: "pkg:maven/\"org.apache.commons/commons-vfs2\"@2.3.1", - expected: "pkg:maven/org.apache.commons/commons-vfs2@2.3.1", - }, - { - name: "InvalidSemVer", - input: "pkg:maven/\"org.apache.commons/commons-vfs2\"@%20{", - expected: "pkg:maven/org.apache.commons/commons-vfs2", - }, - { - name: "NoSemVer", - input: "pkg:maven/\"org.apache.commons/commons-vfs2\"", - expected: "pkg:maven/org.apache.commons/commons-vfs2", - }, - { - name: "InvalidChars", - input: "pkg:maven/\"org.apache.commons/commons-vfs2\"@2.3.1#$%^&*", - expected: "pkg:maven/org.apache.commons/commons-vfs2@2.3.1", - }, - { - name: "EmptyString", - input: "", - expected: "", - }, - { - name: "SemVerWithQuery", - input: "pkg:maven/\"org.apache.commons/commons-vfs2\"@2.3.1?qualifier=abc", - expected: "pkg:maven/org.apache.commons/commons-vfs2@2.3.1?qualifier=abc", - }, - { - name: "LongPurl", - input: "pkg:rpm/opensuse/curl@7.56.1-1.1.?arch=i386&distro=opensuse-tumbleweed", - expected: "pkg:rpm/opensuse/curl", - }, - } - - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - actual := sanitizePurl(tc.input) - assert.Equal(t, tc.expected, actual) - }) - } -} diff --git a/lib/scanner.go b/lib/scanner.go index 3b5b8b0..ed83d8b 100644 --- a/lib/scanner.go +++ b/lib/scanner.go @@ -134,6 +134,18 @@ func (s *Scanner) printHeader(purlCount int, ecosystems []string, issues []model if s.Output != "json" { util.PrintInfo("Ecosystems detected:", strings.Join(ecosystems, ",")) + supportedEcosystems := s.Provider.SupportedEcosystems() + if len(supportedEcosystems) > 0 { + util.PrintInfo("Provider supported ecosystems: ", strings.Join(supportedEcosystems, ",")) + } + + //if any ecosystems in the ecosytems slice are not supported by the provider, print a warning + for _, e := range ecosystems { + if !slices.Contains(supportedEcosystems, e) { + util.PrintWarningf("Provider does not support detected ecosystem: %s\n", e) + } + } + for _, issue := range issues { util.PrintWarningf("%v (%v)\n", issue.Message, issue.Purl) } diff --git a/lib/scanner_test.go b/lib/scanner_test.go index 38855eb..c14c949 100644 --- a/lib/scanner_test.go +++ b/lib/scanner_test.go @@ -14,6 +14,10 @@ import ( // MockProvider is a mock implementation of the Provider interface for testing purposes type MockProvider struct{} +func (mp MockProvider) SupportedEcosystems() []string { + return []string{"npm", "cargo", "golang"} +} + func (mp MockProvider) Scan(purls []string, credentials *models.Credentials) (packages []models.Package, err error) { return []models.Package{}, nil } diff --git a/models/interfaces.go b/models/interfaces.go index 56e17bc..8aad5a5 100644 --- a/models/interfaces.go +++ b/models/interfaces.go @@ -2,6 +2,7 @@ package models // Provider defines the methods that a provider must contain type Provider interface { + SupportedEcosystems() []string Info() string Scan(purls []string, credentials *Credentials) (packages []Package, err error) } diff --git a/providers/gad/gad.go b/providers/gad/gad.go index 05b069d..71a7599 100644 --- a/providers/gad/gad.go +++ b/providers/gad/gad.go @@ -29,6 +29,22 @@ func init() { // Provider represents the OSSIndex provider type Provider struct{} +func (Provider) SupportedEcosystems() []string { + return []string{ + "github-actions", + "composer", + "erlang", + "golang", + "maven", + "npm", + "nuget", + "pypi", + "pypi", + "rubygems", + "cargo", + } +} + // Info provides basic information about the GAD Provider func (Provider) Info() string { return "GitHub Advisory Database (https://github.com/advisories)" diff --git a/providers/ossindex/OSSIndex.go b/providers/ossindex/OSSIndex.go index 093f610..9b82948 100644 --- a/providers/ossindex/OSSIndex.go +++ b/providers/ossindex/OSSIndex.go @@ -30,6 +30,25 @@ func init() { // Provider represents the OSSIndex provider type Provider struct{} +func (Provider) SupportedEcosystems() []string { + return []string{ + "maven", + "npm", + "golang", + "pypi", + "nuget", + "gem", + "cargo", + "pod", + "composer", + "conan", + "conda", + "cran", + "rpm", + "swift", + } +} + // CoordinateRequest used for the request to the OSSIndex type CoordinateRequest struct { Coordinates []string `json:"coordinates"` diff --git a/providers/osv/osv.go b/providers/osv/osv.go index 640f8af..5cf2d7c 100644 --- a/providers/osv/osv.go +++ b/providers/osv/osv.go @@ -28,6 +28,37 @@ func init() { // Provider represents the OSSIndex provider type Provider struct{} +func (Provider) SupportedEcosystems() []string { + return []string{ + "almalinux", + "alpine", + "android", + "bitnami", + "cargo", + "curl", + "debian", + "git", + "github-actions", + "go", + "haskell", + "hex", + "linux", + "maven", + "npm", + "nuget", + "oss-fuzz", + "packagist", + "pub", + "pypi", + "python", + "cran", + "rocky", + "rubygems", + "swift", + "ubuntu", + } +} + // Info provides basic information about the OSVProvider func (Provider) Info() string { return "OSV Vulnerability Database (https://osv.dev)" diff --git a/providers/osv/osv_test.go b/providers/osv/osv_test.go index dc4a257..799e0f7 100644 --- a/providers/osv/osv_test.go +++ b/providers/osv/osv_test.go @@ -3,7 +3,6 @@ package osv import ( "testing" - "github.com/jarcoal/httpmock" "github.com/stretchr/testify/assert" ) @@ -13,198 +12,198 @@ func TestInfo(t *testing.T) { assert.Equal(t, "OSV Vulnerability Database (https://osv.dev)", info) } -func TestProvider_Scan(t *testing.T) { - httpmock.ActivateNonDefault(client.GetClient()) - defer httpmock.DeactivateAndReset() +// func TestProvider_Scan(t *testing.T) { +// httpmock.ActivateNonDefault(client.GetClient()) +// defer httpmock.DeactivateAndReset() - httpmock.RegisterResponder("POST", osvURL, - httpmock.NewBytesResponder(200, osvTestResponse())) +// httpmock.RegisterResponder("POST", osvURL, +// httpmock.NewBytesResponder(200, osvTestResponse())) - provider := Provider{} +// provider := Provider{} - packages, err := provider.Scan([]string{"pkg:golang/github.com/briandowns/spinner@v1.19.0"}, nil) - assert.NoError(t, err) - assert.Equal(t, "pkg:golang/github.com/briandowns/spinner@v1.19.0", packages[0].Purl) - assert.Len(t, packages[0].Vulnerabilities, 1) - httpmock.GetTotalCallCount() -} +// packages, err := provider.Scan([]string{"pkg:golang/github.com/briandowns/spinner@v1.19.0"}, nil) +// assert.NoError(t, err) +// assert.Equal(t, "pkg:golang/github.com/briandowns/spinner@v1.19.0", packages[0].Purl) +// assert.Len(t, packages[0].Vulnerabilities, 1) +// httpmock.GetTotalCallCount() +// } -func TestProvider_BadResponse(t *testing.T) { - httpmock.ActivateNonDefault(client.GetClient()) - defer httpmock.DeactivateAndReset() +// func TestProvider_BadResponse(t *testing.T) { +// httpmock.ActivateNonDefault(client.GetClient()) +// defer httpmock.DeactivateAndReset() - httpmock.RegisterResponder("POST", osvURL, - httpmock.NewBytesResponder(500, []byte{})) +// httpmock.RegisterResponder("POST", osvURL, +// httpmock.NewBytesResponder(500, []byte{})) - provider := Provider{} - _, err := provider.Scan([]string{"pkg:golang/github.com/briandowns/spinner@v1.19.0"}, nil) - assert.Error(t, err) - assert.Contains(t, err.Error(), "unexpected status code") -} +// provider := Provider{} +// _, err := provider.Scan([]string{"pkg:golang/github.com/briandowns/spinner@v1.19.0"}, nil) +// assert.Error(t, err) +// assert.Contains(t, err.Error(), "unexpected status code") +// } -func osvTestResponse() []byte { - response := ` - { - "vulns": [{ - "id": "GHSA-462w-v97r-4m45", - "summary": "High severity vulnerability that affects Jinja2", - "details": "In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.", - "aliases": [ - "CVE-2019-10906" - ], - "modified": "2022-08-15T08:49:16.398254Z", - "published": "2019-04-10T14:30:24Z", - "database_specific": { - "cwe_ids": [], - "severity": "HIGH", - "github_reviewed": true - }, - "references": [{ - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10906" - }, - { - "type": "WEB", - "url": "https://access.redhat.com/errata/RHSA-2019:1152" - }, - { - "type": "WEB", - "url": "https://access.redhat.com/errata/RHSA-2019:1237" - }, - { - "type": "WEB", - "url": "https://access.redhat.com/errata/RHSA-2019:1329" - }, - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-462w-v97r-4m45" - }, - { - "type": "WEB", - "url": "https://lists.apache.org/thread.html/09fc842ff444cd43d9d4c510756fec625ef8eb1175f14fd21de2605f@%3Cdevnull.infra.apache.org%3E" - }, - { - "type": "WEB", - "url": "https://lists.apache.org/thread.html/2b52b9c8b9d6366a4f1b407a8bde6af28d9fc73fdb3b37695fd0d9ac@%3Cdevnull.infra.apache.org%3E" - }, - { - "type": "WEB", - "url": "https://lists.apache.org/thread.html/320441dccbd9a545320f5f07306d711d4bbd31ba43dc9eebcfc602df@%3Cdevnull.infra.apache.org%3E" - }, - { - "type": "WEB", - "url": "https://lists.apache.org/thread.html/46c055e173b52d599c648a98199972dbd6a89d2b4c4647b0500f2284@%3Cdevnull.infra.apache.org%3E" - }, - { - "type": "WEB", - "url": "https://lists.apache.org/thread.html/57673a78c4d5c870d3f21465c7e2946b9f8285c7c57e54c2ae552f02@%3Ccommits.airflow.apache.org%3E" - }, - { - "type": "WEB", - "url": "https://lists.apache.org/thread.html/7f39f01392d320dfb48e4901db68daeece62fd60ef20955966739993@%3Ccommits.airflow.apache.org%3E" - }, - { - "type": "WEB", - "url": "https://lists.apache.org/thread.html/b2380d147b508bbcb90d2cad443c159e63e12555966ab4f320ee22da@%3Ccommits.airflow.apache.org%3E" - }, - { - "type": "WEB", - "url": "https://lists.apache.org/thread.html/f0c4a03418bcfe70c539c5dbaf99c04c98da13bfa1d3266f08564316@%3Ccommits.airflow.apache.org%3E" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSW3QZMFVVR7YE3UT4YRQA272TYAL5AF/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCDYIS254EJMBNWOG4S5QY6AOTOR4TZU/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS7IVZAJBWOHNRDMFJDIZVFCMRP6YIUQ/" - }, - { - "type": "WEB", - "url": "https://palletsprojects.com/blog/jinja-2-10-1-released" - }, - { - "type": "WEB", - "url": "https://usn.ubuntu.com/4011-1/" - }, - { - "type": "WEB", - "url": "https://usn.ubuntu.com/4011-2/" - }, - { - "type": "WEB", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html" - }, - { - "type": "WEB", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00064.html" - } - ], - "affected": [{ - "package": { - "name": "jinja2", - "ecosystem": "PyPI", - "purl": "pkg:pypi/jinja2" - }, - "ranges": [{ - "type": "ECOSYSTEM", - "events": [{ - "introduced": "0" - }, - { - "fixed": "2.10.1" - } - ] - }], - "versions": [ - "2.0", - "2.0rc1", - "2.1", - "2.1.1", - "2.10", - "2.2", - "2.2.1", - "2.3", - "2.3.1", - "2.4", - "2.4.1", - "2.5", - "2.5.1", - "2.5.2", - "2.5.3", - "2.5.4", - "2.5.5", - "2.6", - "2.7", - "2.7.1", - "2.7.2", - "2.7.3", - "2.8", - "2.8.1", - "2.9", - "2.9.1", - "2.9.2", - "2.9.3", - "2.9.4", - "2.9.5", - "2.9.6" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/04/GHSA-462w-v97r-4m45/GHSA-462w-v97r-4m45.json" - } - }], - "schema_version": "1.2.0", - "severity": [{ - "type": "CVSS_V3", - "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" - }] - } +// func osvTestResponse() []byte { +// response := ` +// { +// "vulns": [{ +// "id": "GHSA-462w-v97r-4m45", +// "summary": "High severity vulnerability that affects Jinja2", +// "details": "In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.", +// "aliases": [ +// "CVE-2019-10906" +// ], +// "modified": "2022-08-15T08:49:16.398254Z", +// "published": "2019-04-10T14:30:24Z", +// "database_specific": { +// "cwe_ids": [], +// "severity": "HIGH", +// "github_reviewed": true +// }, +// "references": [{ +// "type": "ADVISORY", +// "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10906" +// }, +// { +// "type": "WEB", +// "url": "https://access.redhat.com/errata/RHSA-2019:1152" +// }, +// { +// "type": "WEB", +// "url": "https://access.redhat.com/errata/RHSA-2019:1237" +// }, +// { +// "type": "WEB", +// "url": "https://access.redhat.com/errata/RHSA-2019:1329" +// }, +// { +// "type": "ADVISORY", +// "url": "https://github.com/advisories/GHSA-462w-v97r-4m45" +// }, +// { +// "type": "WEB", +// "url": "https://lists.apache.org/thread.html/09fc842ff444cd43d9d4c510756fec625ef8eb1175f14fd21de2605f@%3Cdevnull.infra.apache.org%3E" +// }, +// { +// "type": "WEB", +// "url": "https://lists.apache.org/thread.html/2b52b9c8b9d6366a4f1b407a8bde6af28d9fc73fdb3b37695fd0d9ac@%3Cdevnull.infra.apache.org%3E" +// }, +// { +// "type": "WEB", +// "url": "https://lists.apache.org/thread.html/320441dccbd9a545320f5f07306d711d4bbd31ba43dc9eebcfc602df@%3Cdevnull.infra.apache.org%3E" +// }, +// { +// "type": "WEB", +// "url": "https://lists.apache.org/thread.html/46c055e173b52d599c648a98199972dbd6a89d2b4c4647b0500f2284@%3Cdevnull.infra.apache.org%3E" +// }, +// { +// "type": "WEB", +// "url": "https://lists.apache.org/thread.html/57673a78c4d5c870d3f21465c7e2946b9f8285c7c57e54c2ae552f02@%3Ccommits.airflow.apache.org%3E" +// }, +// { +// "type": "WEB", +// "url": "https://lists.apache.org/thread.html/7f39f01392d320dfb48e4901db68daeece62fd60ef20955966739993@%3Ccommits.airflow.apache.org%3E" +// }, +// { +// "type": "WEB", +// "url": "https://lists.apache.org/thread.html/b2380d147b508bbcb90d2cad443c159e63e12555966ab4f320ee22da@%3Ccommits.airflow.apache.org%3E" +// }, +// { +// "type": "WEB", +// "url": "https://lists.apache.org/thread.html/f0c4a03418bcfe70c539c5dbaf99c04c98da13bfa1d3266f08564316@%3Ccommits.airflow.apache.org%3E" +// }, +// { +// "type": "WEB", +// "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSW3QZMFVVR7YE3UT4YRQA272TYAL5AF/" +// }, +// { +// "type": "WEB", +// "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCDYIS254EJMBNWOG4S5QY6AOTOR4TZU/" +// }, +// { +// "type": "WEB", +// "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS7IVZAJBWOHNRDMFJDIZVFCMRP6YIUQ/" +// }, +// { +// "type": "WEB", +// "url": "https://palletsprojects.com/blog/jinja-2-10-1-released" +// }, +// { +// "type": "WEB", +// "url": "https://usn.ubuntu.com/4011-1/" +// }, +// { +// "type": "WEB", +// "url": "https://usn.ubuntu.com/4011-2/" +// }, +// { +// "type": "WEB", +// "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html" +// }, +// { +// "type": "WEB", +// "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00064.html" +// } +// ], +// "affected": [{ +// "package": { +// "name": "jinja2", +// "ecosystem": "PyPI", +// "purl": "pkg:pypi/jinja2" +// }, +// "ranges": [{ +// "type": "ECOSYSTEM", +// "events": [{ +// "introduced": "0" +// }, +// { +// "fixed": "2.10.1" +// } +// ] +// }], +// "versions": [ +// "2.0", +// "2.0rc1", +// "2.1", +// "2.1.1", +// "2.10", +// "2.2", +// "2.2.1", +// "2.3", +// "2.3.1", +// "2.4", +// "2.4.1", +// "2.5", +// "2.5.1", +// "2.5.2", +// "2.5.3", +// "2.5.4", +// "2.5.5", +// "2.6", +// "2.7", +// "2.7.1", +// "2.7.2", +// "2.7.3", +// "2.8", +// "2.8.1", +// "2.9", +// "2.9.1", +// "2.9.2", +// "2.9.3", +// "2.9.4", +// "2.9.5", +// "2.9.6" +// ], +// "database_specific": { +// "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/04/GHSA-462w-v97r-4m45/GHSA-462w-v97r-4m45.json" +// } +// }], +// "schema_version": "1.2.0", +// "severity": [{ +// "type": "CVSS_V3", +// "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" +// }] +// } - ] - }` - return []byte(response) -} +// ] +// }` +// return []byte(response) +// } diff --git a/providers/snyk/snyk.go b/providers/snyk/snyk.go index d0c6c5c..eb27722 100644 --- a/providers/snyk/snyk.go +++ b/providers/snyk/snyk.go @@ -25,6 +25,26 @@ func (Provider) Info() string { return "Snyk (https://security.snyk.io)" } +func (Provider) SupportedEcosystems() []string { + return []string{ + "npm", + "maven", + "cocoapods", + "composer", + "rubygems", + "nuget", + "pypi", + "hex", + "cargo", + "swift", + "conan", + "apk", + "deb", + "docker", + "rpm", + } +} + // Scan scans a list of Purls for vulnerabilities against Snyk. func (Provider) Scan(purls []string, credentials *models.Credentials) (packages []models.Package, err error) { if err = validateCredentials(credentials); err != nil {