diff --git a/dist/attachReleaseAssets/index.js b/dist/attachReleaseAssets/index.js index 0909931b..a17065d2 100644 --- a/dist/attachReleaseAssets/index.js +++ b/dist/attachReleaseAssets/index.js @@ -125724,7 +125724,7 @@ ZipStream.prototype.finalize = function() { Object.defineProperty(exports, "__esModule", ({ value: true })); exports.VERSION = void 0; -exports.VERSION = "v1.9.0"; +exports.VERSION = "v1.11.0"; /***/ }), diff --git a/dist/downloadSyft/index.js b/dist/downloadSyft/index.js index 798c372c..3c942223 100644 --- a/dist/downloadSyft/index.js +++ b/dist/downloadSyft/index.js @@ -125724,7 +125724,7 @@ ZipStream.prototype.finalize = function() { Object.defineProperty(exports, "__esModule", ({ value: true })); exports.VERSION = void 0; -exports.VERSION = "v1.9.0"; +exports.VERSION = "v1.11.0"; /***/ }), diff --git a/dist/runSyftAction/index.js b/dist/runSyftAction/index.js index 5957470b..3e7f5839 100644 --- a/dist/runSyftAction/index.js +++ b/dist/runSyftAction/index.js @@ -125724,7 +125724,7 @@ ZipStream.prototype.finalize = function() { Object.defineProperty(exports, "__esModule", ({ value: true })); exports.VERSION = void 0; -exports.VERSION = "v1.9.0"; +exports.VERSION = "v1.11.0"; /***/ }), diff --git a/package-lock.json b/package-lock.json index 4e99f5a2..60e6187c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -3680,11 +3680,11 @@ } }, "node_modules/braces": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", - "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", "dependencies": { - "fill-range": "^7.0.1" + "fill-range": "^7.1.1" }, "engines": { "node": ">=8" @@ -5376,9 +5376,9 @@ } }, "node_modules/fill-range": { - "version": "7.0.1", - "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", - "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", "dependencies": { "to-regex-range": "^5.0.1" }, @@ -6050,10 +6050,22 @@ "node": ">= 0.4" } }, - "node_modules/ip": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/ip/-/ip-2.0.1.tgz", - "integrity": "sha512-lJUL9imLTNi1ZfXT+DU6rBBdbiKGBuay9B6xGSPVjUeQwaH1RIGqef8RZkUtHioLmSNpPR5M4HVKJGm1j8FWVQ==" + "node_modules/ip-address": { + "version": "9.0.5", + "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-9.0.5.tgz", + "integrity": "sha512-zHtQzGojZXTwZTHQqra+ETKd4Sn3vgi7uBmlPoXVWZqYvuKmtI0l/VZTjqGmJY9x88GGOaZ9+G9ES8hC4T4X8g==", + "dependencies": { + "jsbn": "1.1.0", + "sprintf-js": "^1.1.3" + }, + "engines": { + "node": ">= 12" + } + }, + "node_modules/ip-address/node_modules/sprintf-js": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.1.3.tgz", + "integrity": "sha512-Oo+0REFV59/rz3gfJNKQiBlwfHaSESl1pcGyABQsnnIfWOFt6JNj5gCog2U6MLZ//IGYD+nA8nI+mTShREReaA==" }, "node_modules/is-arrayish": { "version": "0.2.1", @@ -8126,6 +8138,11 @@ "js-yaml": "bin/js-yaml.js" } }, + "node_modules/jsbn": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-1.1.0.tgz", + "integrity": "sha512-4bYVV3aAMtDTTu4+xsDYa6sy9GyJ69/amsu9sYF2zqjiEoZA5xJi3BrfX3uY+/IekIu7MwdObdbDWpoZdBv3/A==" + }, "node_modules/jsesc": { "version": "2.5.2", "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz", @@ -10924,15 +10941,15 @@ } }, "node_modules/socks": { - "version": "2.7.1", - "resolved": "https://registry.npmjs.org/socks/-/socks-2.7.1.tgz", - "integrity": "sha512-7maUZy1N7uo6+WVEX6psASxtNlKaNVMlGQKkG/63nEDdLOWNbiUMoLK7X4uYoLhQstau72mLgfEWcXcwsaHbYQ==", + "version": "2.8.3", + "resolved": "https://registry.npmjs.org/socks/-/socks-2.8.3.tgz", + "integrity": "sha512-l5x7VUUWbjVFbafGLxPWkYsHIhEvmF85tbIeFZWc8ZPtoMyybuEhL7Jye/ooC4/d48FgOjSJXgsF/AJPYCW8Zw==", "dependencies": { - "ip": "^2.0.0", + "ip-address": "^9.0.5", "smart-buffer": "^4.2.0" }, "engines": { - "node": ">= 10.13.0", + "node": ">= 10.0.0", "npm": ">= 3.0.0" } }, @@ -14978,11 +14995,11 @@ } }, "braces": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", - "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", "requires": { - "fill-range": "^7.0.1" + "fill-range": "^7.1.1" } }, "browserslist": { @@ -16213,9 +16230,9 @@ } }, "fill-range": { - "version": "7.0.1", - "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", - "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", "requires": { "to-regex-range": "^5.0.1" } @@ -16677,10 +16694,21 @@ "side-channel": "^1.0.4" } }, - "ip": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/ip/-/ip-2.0.1.tgz", - "integrity": "sha512-lJUL9imLTNi1ZfXT+DU6rBBdbiKGBuay9B6xGSPVjUeQwaH1RIGqef8RZkUtHioLmSNpPR5M4HVKJGm1j8FWVQ==" + "ip-address": { + "version": "9.0.5", + "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-9.0.5.tgz", + "integrity": "sha512-zHtQzGojZXTwZTHQqra+ETKd4Sn3vgi7uBmlPoXVWZqYvuKmtI0l/VZTjqGmJY9x88GGOaZ9+G9ES8hC4T4X8g==", + "requires": { + "jsbn": "1.1.0", + "sprintf-js": "^1.1.3" + }, + "dependencies": { + "sprintf-js": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.1.3.tgz", + "integrity": "sha512-Oo+0REFV59/rz3gfJNKQiBlwfHaSESl1pcGyABQsnnIfWOFt6JNj5gCog2U6MLZ//IGYD+nA8nI+mTShREReaA==" + } + } }, "is-arrayish": { "version": "0.2.1", @@ -18190,6 +18218,11 @@ "argparse": "^2.0.1" } }, + "jsbn": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-1.1.0.tgz", + "integrity": "sha512-4bYVV3aAMtDTTu4+xsDYa6sy9GyJ69/amsu9sYF2zqjiEoZA5xJi3BrfX3uY+/IekIu7MwdObdbDWpoZdBv3/A==" + }, "jsesc": { "version": "2.5.2", "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz", @@ -20251,11 +20284,11 @@ "integrity": "sha512-94hK0Hh8rPqQl2xXc3HsaBoOXKV20MToPkcXvwbISWLEs+64sBq5kFgn2kJDHb1Pry9yrP0dxrCI9RRci7RXKg==" }, "socks": { - "version": "2.7.1", - "resolved": "https://registry.npmjs.org/socks/-/socks-2.7.1.tgz", - "integrity": "sha512-7maUZy1N7uo6+WVEX6psASxtNlKaNVMlGQKkG/63nEDdLOWNbiUMoLK7X4uYoLhQstau72mLgfEWcXcwsaHbYQ==", + "version": "2.8.3", + "resolved": "https://registry.npmjs.org/socks/-/socks-2.8.3.tgz", + "integrity": "sha512-l5x7VUUWbjVFbafGLxPWkYsHIhEvmF85tbIeFZWc8ZPtoMyybuEhL7Jye/ooC4/d48FgOjSJXgsF/AJPYCW8Zw==", "requires": { - "ip": "^2.0.0", + "ip-address": "^9.0.5", "smart-buffer": "^4.2.0" } }, diff --git a/src/SyftVersion.ts b/src/SyftVersion.ts index 60b33a51..3461bc04 100644 --- a/src/SyftVersion.ts +++ b/src/SyftVersion.ts @@ -1 +1 @@ -export const VERSION = "v1.9.0"; +export const VERSION = "v1.11.0"; diff --git a/tests/integration/__snapshots__/formatExports.test.ts.snap b/tests/integration/__snapshots__/formatExports.test.ts.snap index 2d86f47b..35195643 100644 --- a/tests/integration/__snapshots__/formatExports.test.ts.snap +++ b/tests/integration/__snapshots__/formatExports.test.ts.snap @@ -195,27 +195,16 @@ exports[`CycloneDX JSON debian 1`] = ` { "bom-ref": "redacted", "type": "library", - "author": "Georg Brandl ", - "name": "Pygments", + "publisher": "APT Development Team ", + "name": "apt", "version": "redacted", - "licenses": [ - { - "license": { - "name": "BSD License" - } - } - ], - "cpe": "cpe:2.3:a:georg_brandl_project:python-Pygments:2.6.1:*:*:*:*:*:*:*", - "purl": "pkg:pypi/Pygments@2.6.1", + "cpe": "cpe:2.3:a:apt:apt:1.8.2:*:*:*:*:*:*:*", + "purl": "pkg:deb/debian/apt@1.8.2?arch=amd64&upstream=apt-dev&distro=debian-8", "properties": [ { "name": "syft:package:foundBy", "value": "redacted" }, - { - "name": "syft:package:language", - "value": "redacted" - }, { "name": "syft:package:type", "value": "redacted" @@ -225,35 +214,59 @@ exports[`CycloneDX JSON debian 1`] = ` "value": "redacted" }, { - "name": "syft:cpe23", + "name": "syft:location:0:layerID", "value": "redacted" }, { - "name": "syft:cpe23", + "name": "syft:location:0:path", "value": "redacted" }, { - "name": "syft:cpe23", + "name": "syft:metadata:installedSize", "value": "redacted" }, { - "name": "syft:cpe23", + "name": "syft:metadata:source", "value": "redacted" - }, + } + ] + }, + { + "bom-ref": "redacted", + "type": "library", + "author": "André Arko,Samuel Giddins,Colby Swandale,Hiroshi Shibata,David Rodríguez,Grey Baker,Stephanie Morillo,Chris Morris,James Wen,Tim Moore,André Medeiros,Jessica Lynn Suttles,Terence Lee,Carl Lerche,Yehuda Katz", + "name": "bundler", + "version": "redacted", + "licenses": [ { - "name": "syft:cpe23", + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:jessica-lynn-suttles:bundler:2.1.4:*:*:*:*:*:*:*", + "purl": "pkg:gem/bundler@2.1.4", + "externalReferences": [ + { + "url": "https://bundler.io", + "type": "website" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", "value": "redacted" }, { - "name": "syft:cpe23", + "name": "syft:package:language", "value": "redacted" }, { - "name": "syft:cpe23", + "name": "syft:package:type", "value": "redacted" }, { - "name": "syft:cpe23", + "name": "syft:package:metadataType", "value": "redacted" }, { @@ -341,42 +354,27 @@ exports[`CycloneDX JSON debian 1`] = ` "value": "redacted" }, { - "name": "syft:location:0:layerID", + "name": "syft:cpe23", "value": "redacted" }, { - "name": "syft:location:0:path", + "name": "syft:cpe23", "value": "redacted" }, { - "name": "syft:location:1:layerID", + "name": "syft:cpe23", "value": "redacted" }, { - "name": "syft:location:1:path", - "value": "redacted" - } - ] - }, - { - "bom-ref": "redacted", - "type": "library", - "publisher": "APT Development Team ", - "name": "apt", - "version": "redacted", - "cpe": "cpe:2.3:a:apt:apt:1.8.2:*:*:*:*:*:*:*", - "purl": "pkg:deb/debian/apt@1.8.2?arch=amd64&upstream=apt-dev&distro=debian-8", - "properties": [ - { - "name": "syft:package:foundBy", + "name": "syft:cpe23", "value": "redacted" }, { - "name": "syft:package:type", + "name": "syft:cpe23", "value": "redacted" }, { - "name": "syft:package:metadataType", + "name": "syft:cpe23", "value": "redacted" }, { @@ -386,36 +384,34 @@ exports[`CycloneDX JSON debian 1`] = ` { "name": "syft:location:0:path", "value": "redacted" - }, - { - "name": "syft:metadata:installedSize", - "value": "redacted" - }, - { - "name": "syft:metadata:source", - "value": "redacted" } ] }, { "bom-ref": "redacted", "type": "library", - "author": "André Arko,Samuel Giddins,Colby Swandale,Hiroshi Shibata,David Rodríguez,Grey Baker,Stephanie Morillo,Chris Morris,James Wen,Tim Moore,André Medeiros,Jessica Lynn Suttles,Terence Lee,Carl Lerche,Yehuda Katz", - "name": "bundler", + "group": "org.anchore", + "name": "example-java-app-maven", "version": "redacted", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "cpe": "cpe:2.3:a:jessica-lynn-suttles:bundler:2.1.4:*:*:*:*:*:*:*", - "purl": "pkg:gem/bundler@2.1.4", + "cpe": "cpe:2.3:a:example-java-app-maven:example-java-app-maven:0.1.0:*:*:*:*:*:*:*", + "purl": "pkg:maven/org.anchore/example-java-app-maven@0.1.0", "externalReferences": [ { - "url": "https://bundler.io", - "type": "website" + "url": "", + "hashes": [ + { + "alg": "SHA-1", + "content": "100b566a7dcdb187bf9f14ecd96427cadd535bfe" + } + ], + "type": "build-meta" } ], "properties": [ @@ -504,23 +500,58 @@ exports[`CycloneDX JSON debian 1`] = ` "value": "redacted" }, { - "name": "syft:cpe23", + "name": "syft:location:0:layerID", "value": "redacted" }, { - "name": "syft:cpe23", + "name": "syft:location:0:path", "value": "redacted" }, { - "name": "syft:cpe23", + "name": "syft:metadata:-:artifactID", "value": "redacted" }, { - "name": "syft:cpe23", + "name": "syft:metadata:-:groupID", "value": "redacted" }, { - "name": "syft:cpe23", + "name": "syft:metadata:virtualPath", + "value": "redacted" + } + ] + }, + { + "bom-ref": "redacted", + "type": "library", + "group": "joda-time", + "name": "joda-time", + "version": "redacted", + "licenses": [ + { + "license": { + "name": "Apache 2", + "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" + } + } + ], + "cpe": "cpe:2.3:a:joda-time:joda-time:2.9.2:*:*:*:*:*:*:*", + "purl": "pkg:maven/joda-time/joda-time@2.9.2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "redacted" + }, + { + "name": "syft:package:language", + "value": "redacted" + }, + { + "name": "syft:package:type", + "value": "redacted" + }, + { + "name": "syft:package:metadataType", "value": "redacted" }, { @@ -550,34 +581,45 @@ exports[`CycloneDX JSON debian 1`] = ` { "name": "syft:location:0:path", "value": "redacted" + }, + { + "name": "syft:metadata:-:artifactID", + "value": "redacted" + }, + { + "name": "syft:metadata:-:groupID", + "value": "redacted" + }, + { + "name": "syft:metadata:virtualPath", + "value": "redacted" } ] }, { "bom-ref": "redacted", "type": "library", - "group": "org.anchore", - "name": "example-java-app-maven", + "author": "Isaac Z. Schlueter (http://blog.izs.me)", + "name": "npm", "version": "redacted", + "description": "a package manager for JavaScript", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "Artistic-2.0" } } ], - "cpe": "cpe:2.3:a:example-java-app-maven:example-java-app-maven:0.1.0:*:*:*:*:*:*:*", - "purl": "pkg:maven/org.anchore/example-java-app-maven@0.1.0", + "cpe": "cpe:2.3:a:node_packaged_modules_project:node_packaged_modules:6.14.6:*:*:*:*:node.js:*:*", + "purl": "pkg:npm/npm@6.14.6", "externalReferences": [ { - "url": "", - "hashes": [ - { - "alg": "SHA-1", - "content": "100b566a7dcdb187bf9f14ecd96427cadd535bfe" - } - ], - "type": "build-meta" + "url": "https://github.com/npm/cli", + "type": "distribution" + }, + { + "url": "https://docs.npmjs.com/", + "type": "website" } ], "properties": [ @@ -598,27 +640,45 @@ exports[`CycloneDX JSON debian 1`] = ` "value": "redacted" }, { - "name": "syft:cpe23", + "name": "syft:location:0:layerID", "value": "redacted" }, { - "name": "syft:cpe23", + "name": "syft:location:0:path", "value": "redacted" - }, + } + ] + }, + { + "bom-ref": "redacted", + "type": "library", + "author": "Georg Brandl ", + "name": "pygments", + "version": "redacted", + "licenses": [ { - "name": "syft:cpe23", + "license": { + "name": "BSD License" + } + } + ], + "cpe": "cpe:2.3:a:georg_brandl_project:python-pygments:2.6.1:*:*:*:*:*:*:*", + "purl": "pkg:pypi/pygments@2.6.1", + "properties": [ + { + "name": "syft:package:foundBy", "value": "redacted" }, { - "name": "syft:cpe23", + "name": "syft:package:language", "value": "redacted" }, { - "name": "syft:cpe23", + "name": "syft:package:type", "value": "redacted" }, { - "name": "syft:cpe23", + "name": "syft:package:metadataType", "value": "redacted" }, { @@ -658,58 +718,35 @@ exports[`CycloneDX JSON debian 1`] = ` "value": "redacted" }, { - "name": "syft:location:0:layerID", + "name": "syft:cpe23", "value": "redacted" }, { - "name": "syft:location:0:path", + "name": "syft:cpe23", "value": "redacted" }, { - "name": "syft:metadata:-:artifactID", + "name": "syft:cpe23", "value": "redacted" }, { - "name": "syft:metadata:-:groupID", + "name": "syft:cpe23", "value": "redacted" }, { - "name": "syft:metadata:virtualPath", - "value": "redacted" - } - ] - }, - { - "bom-ref": "redacted", - "type": "library", - "group": "joda-time", - "name": "joda-time", - "version": "redacted", - "licenses": [ - { - "license": { - "name": "Apache 2", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - } - } - ], - "cpe": "cpe:2.3:a:joda-time:joda-time:2.9.2:*:*:*:*:*:*:*", - "purl": "pkg:maven/joda-time/joda-time@2.9.2", - "properties": [ - { - "name": "syft:package:foundBy", + "name": "syft:cpe23", "value": "redacted" }, { - "name": "syft:package:language", + "name": "syft:cpe23", "value": "redacted" }, { - "name": "syft:package:type", + "name": "syft:cpe23", "value": "redacted" }, { - "name": "syft:package:metadataType", + "name": "syft:cpe23", "value": "redacted" }, { @@ -733,76 +770,47 @@ exports[`CycloneDX JSON debian 1`] = ` "value": "redacted" }, { - "name": "syft:location:0:layerID", + "name": "syft:cpe23", "value": "redacted" }, { - "name": "syft:location:0:path", + "name": "syft:cpe23", "value": "redacted" }, { - "name": "syft:metadata:-:artifactID", + "name": "syft:cpe23", "value": "redacted" }, { - "name": "syft:metadata:-:groupID", + "name": "syft:cpe23", "value": "redacted" }, { - "name": "syft:metadata:virtualPath", + "name": "syft:cpe23", "value": "redacted" - } - ] - }, - { - "bom-ref": "redacted", - "type": "library", - "author": "Isaac Z. Schlueter (http://blog.izs.me)", - "name": "npm", - "version": "redacted", - "description": "a package manager for JavaScript", - "licenses": [ - { - "license": { - "id": "Artistic-2.0" - } - } - ], - "cpe": "cpe:2.3:a:node_packaged_modules_project:node_packaged_modules:6.14.6:*:*:*:*:node.js:*:*", - "purl": "pkg:npm/npm@6.14.6", - "externalReferences": [ - { - "url": "https://github.com/npm/cli", - "type": "distribution" }, { - "url": "https://docs.npmjs.com/", - "type": "website" - } - ], - "properties": [ - { - "name": "syft:package:foundBy", + "name": "syft:cpe23", "value": "redacted" }, { - "name": "syft:package:language", + "name": "syft:cpe23", "value": "redacted" }, { - "name": "syft:package:type", + "name": "syft:location:0:layerID", "value": "redacted" }, { - "name": "syft:package:metadataType", + "name": "syft:location:0:path", "value": "redacted" }, { - "name": "syft:location:0:layerID", + "name": "syft:location:1:layerID", "value": "redacted" }, { - "name": "syft:location:0:path", + "name": "syft:location:1:path", "value": "redacted" } ] @@ -1831,63 +1839,12 @@ exports[`CycloneDX XML debian 1`] = ` - - localhost:5000/match-coverage/debian - - - - - - Georg Brandl <georg@python.org> - Pygments - - - - BSD License - - - cpe:2.3:a:georg_brandl_project:python-Pygments:2.6.1:*:*:*:*:*:*:* - pkg:pypi/Pygments@2.6.1 - - python-installed-package-cataloger - python - python - python-package - cpe:2.3:a:georg_brandl_project:python_Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georg_brandlproject:python-Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georg_brandlproject:python_Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:python-Pygments:python-Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:python-Pygments:python_Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:python_Pygments:python-Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:python_Pygments:python_Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georg_brandl_project:Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georg_project:python-Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georg_project:python_Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georg_brandl:python-Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georg_brandl:python_Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georg_brandlproject:Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georgproject:python-Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georgproject:python_Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:Pygments:python-Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:Pygments:python_Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:python-Pygments:Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:python_Pygments:Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georg_project:Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:python:python-Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:python:python_Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georg:python-Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georg:python_Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georg_brandl:Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georgproject:Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:Pygments:Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:python:Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georg:Pygments:2.6.1:*:*:*:*:*:*:* - - - - - + + localhost:5000/match-coverage/debian + + + APT Development Team <deity@lists.debian.org> apt @@ -1991,6 +1948,8 @@ exports[`CycloneDX XML debian 1`] = ` cpe:2.3:a:example-java:example_java_app_maven:0.1.0:*:*:*:*:*:*:* cpe:2.3:a:example_java:example-java-app-maven:0.1.0:*:*:*:*:*:*:* cpe:2.3:a:example_java:example_java_app_maven:0.1.0:*:*:*:*:*:*:* + cpe:2.3:a:org.anchore:example-java-app-maven:0.1.0:*:*:*:*:*:*:* + cpe:2.3:a:org.anchore:example_java_app_maven:0.1.0:*:*:*:*:*:*:* cpe:2.3:a:anchore:example-java-app-maven:0.1.0:*:*:*:*:*:*:* cpe:2.3:a:anchore:example_java_app_maven:0.1.0:*:*:*:*:*:*:* cpe:2.3:a:example:example-java-app-maven:0.1.0:*:*:*:*:*:*:* @@ -2058,6 +2017,57 @@ exports[`CycloneDX XML debian 1`] = ` javascript-npm-package + + + + Georg Brandl <georg@python.org> + pygments + + + + BSD License + + + cpe:2.3:a:georg_brandl_project:python-pygments:2.6.1:*:*:*:*:*:*:* + pkg:pypi/pygments@2.6.1 + + python-installed-package-cataloger + python + python + python-package + cpe:2.3:a:georg_brandl_project:python_pygments:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:georg_brandlproject:python-pygments:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:georg_brandlproject:python_pygments:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:python-pygments:python-pygments:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:python-pygments:python_pygments:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:python_pygments:python-pygments:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:python_pygments:python_pygments:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:georg_brandl_project:pygments:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:georg_project:python-pygments:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:georg_project:python_pygments:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:georg_brandl:python-pygments:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:georg_brandl:python_pygments:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:georg_brandlproject:pygments:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:georgproject:python-pygments:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:georgproject:python_pygments:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:pygments:python-pygments:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:pygments:python_pygments:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:python-pygments:pygments:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:python_pygments:pygments:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:georg_project:pygments:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:python:python-pygments:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:python:python_pygments:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:georg:python-pygments:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:georg:python_pygments:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:georg_brandl:pygments:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:georgproject:pygments:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:pygments:pygments:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:python:pygments:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:georg:pygments:2.6.1:*:*:*:*:*:*:* + + + + @@ -2462,288 +2472,118 @@ exports[`SPDX JSON alpine 1`] = ` "licenseListVersion": "redacted", "creators": [ "Organization: Anchore, Inc", - - ], - "created": "redacted" - }, - "packages": [ - { - "name": "libvncserver", - "SPDXID": "redacted", - "versionInfo": "0.9.9", - "supplier": "Person: A. Wilcox (awilfox@adelielinux.org)", - "originator": "Person: A. Wilcox (awilfox@adelielinux.org)", - "downloadLocation": "http://libvncserver.sourceforge.net/", - "filesAnalyzed": false, - "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "GPL-2.0-or-later", - "copyrightText": "NOASSERTION", - "description": "Library to make writing a vnc server easy", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:libvncserver:libvncserver:0.9.9:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:apk/alpine/libvncserver@0.9.9?arch=x86_64&distro=alpine-3.12.0" - } - ] - }, - { - "name": "localhost:5000/match-coverage/alpine", - "SPDXID": "redacted", - "versionInfo": "sha256:redacted", - "supplier": "NOASSERTION", - "downloadLocation": "NOASSERTION", - "filesAnalyzed": false, - "checksums": [ - { - "algorithm": "SHA256", - "checksumValue": "shas256:redacted" - } - ], - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:oci/localhost:5000/match-coverage/alpine@sha256:redacted?arch=amd64&tag=latest" - } - ], - "primaryPackagePurpose": "CONTAINER" - } - ], - "files": [ - { - "fileName": "/lib/apk/db/installed", - "SPDXID": "redacted", - "checksums": [ - { - "algorithm": "SHA1", - "checksumValue": "0000000000000000000000000000000000000000" - } - ], - "licenseConcluded": "NOASSERTION", - "licenseInfoInFiles": [ - "NOASSERTION" - ], - "copyrightText": "", - "comment": "layerID: sha256:redacted" - } - ], - "relationships": [ - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "OTHER", - "comment": "evident-by: indicates the package's existence is evident by the given file" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "DESCRIBES" - } - ] -} -" -`; - -exports[`SPDX JSON debian 1`] = ` -"{ - "spdxVersion": "SPDX-2.3", - "dataLicense": "CC0-1.0", - "SPDXID": "redacted", - "name": "localhost:5000/match-coverage/debian", - "documentNamespace": "redacted", - "creationInfo": { - "licenseListVersion": "redacted", - "creators": [ - "Organization: Anchore, Inc", - - ], - "created": "redacted" - }, - "packages": [ - { - "name": "Pygments", - "SPDXID": "redacted", - "versionInfo": "2.6.1", - "supplier": "Person: Georg Brandl (georg@python.org)", - "originator": "Person: Georg Brandl (georg@python.org)", - "downloadLocation": "NOASSERTION", - "filesAnalyzed": false, - "sourceInfo": "acquired package info from installed python package manifest file: /python/dist-info/METADATA, /python/dist-info/top_level.txt", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "LicenseRef-BSD-License", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg_brandl_project:python-Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg_brandl_project:python_Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg_brandlproject:python-Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg_brandlproject:python_Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:python-Pygments:python-Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:python-Pygments:python_Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:python_Pygments:python-Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:python_Pygments:python_Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg_brandl_project:Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg_project:python-Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg_project:python_Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg_brandl:python-Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg_brandl:python_Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg_brandlproject:Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georgproject:python-Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georgproject:python_Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:Pygments:python-Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:Pygments:python_Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:python-Pygments:Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:python_Pygments:Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg_project:Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:python:python-Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:python:python_Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg:python-Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg:python_Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg_brandl:Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georgproject:Pygments:2.6.1:*:*:*:*:*:*:*" - }, + + ], + "created": "redacted" + }, + "packages": [ + { + "name": "libvncserver", + "SPDXID": "redacted", + "versionInfo": "0.9.9", + "supplier": "Person: A. Wilcox (awilfox@adelielinux.org)", + "originator": "Person: A. Wilcox (awilfox@adelielinux.org)", + "downloadLocation": "http://libvncserver.sourceforge.net/", + "filesAnalyzed": false, + "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "GPL-2.0-or-later", + "copyrightText": "NOASSERTION", + "description": "Library to make writing a vnc server easy", + "externalRefs": [ { "referenceCategory": "SECURITY", "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:Pygments:Pygments:2.6.1:*:*:*:*:*:*:*" + "referenceLocator": "cpe:2.3:a:libvncserver:libvncserver:0.9.9:*:*:*:*:*:*:*" }, { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:python:Pygments:2.6.1:*:*:*:*:*:*:*" - }, + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:apk/alpine/libvncserver@0.9.9?arch=x86_64&distro=alpine-3.12.0" + } + ] + }, + { + "name": "localhost:5000/match-coverage/alpine", + "SPDXID": "redacted", + "versionInfo": "sha256:redacted", + "supplier": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "checksums": [ { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg:Pygments:2.6.1:*:*:*:*:*:*:*" - }, + "algorithm": "SHA256", + "checksumValue": "shas256:redacted" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "externalRefs": [ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:pypi/Pygments@2.6.1" + "referenceLocator": "pkg:oci/localhost:5000/match-coverage/alpine@sha256:redacted?arch=amd64&tag=latest" } - ] + ], + "primaryPackagePurpose": "CONTAINER" + } + ], + "files": [ + { + "fileName": "/lib/apk/db/installed", + "SPDXID": "redacted", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "", + "comment": "layerID: sha256:redacted" + } + ], + "relationships": [ + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "CONTAINS" }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "DESCRIBES" + } + ] +} +" +`; + +exports[`SPDX JSON debian 1`] = ` +"{ + "spdxVersion": "SPDX-2.3", + "dataLicense": "CC0-1.0", + "SPDXID": "redacted", + "name": "localhost:5000/match-coverage/debian", + "documentNamespace": "redacted", + "creationInfo": { + "licenseListVersion": "redacted", + "creators": [ + "Organization: Anchore, Inc", + + ], + "created": "redacted" + }, + "packages": [ { "name": "apt", "SPDXID": "redacted", @@ -3007,6 +2847,16 @@ exports[`SPDX JSON debian 1`] = ` "referenceType": "cpe23Type", "referenceLocator": "cpe:2.3:a:example_java:example_java_app_maven:0.1.0:*:*:*:*:*:*:*" }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:org.anchore:example-java-app-maven:0.1.0:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:org.anchore:example_java_app_maven:0.1.0:*:*:*:*:*:*:*" + }, { "referenceCategory": "SECURITY", "referenceType": "cpe23Type", @@ -3110,6 +2960,176 @@ exports[`SPDX JSON debian 1`] = ` } ] }, + { + "name": "pygments", + "SPDXID": "redacted", + "versionInfo": "2.6.1", + "supplier": "Person: Georg Brandl (georg@python.org)", + "originator": "Person: Georg Brandl (georg@python.org)", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "sourceInfo": "acquired package info from installed python package manifest file: /python/dist-info/METADATA, /python/dist-info/top_level.txt", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-BSD-License", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:georg_brandl_project:python-pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:georg_brandl_project:python_pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:georg_brandlproject:python-pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:georg_brandlproject:python_pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:python-pygments:python-pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:python-pygments:python_pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:python_pygments:python-pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:python_pygments:python_pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:georg_brandl_project:pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:georg_project:python-pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:georg_project:python_pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:georg_brandl:python-pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:georg_brandl:python_pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:georg_brandlproject:pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:georgproject:python-pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:georgproject:python_pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:pygments:python-pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:pygments:python_pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:python-pygments:pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:python_pygments:pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:georg_project:pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:python:python-pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:python:python_pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:georg:python-pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:georg:python_pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:georg_brandl:pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:georgproject:pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:pygments:pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:python:pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:georg:pygments:2.6.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:pypi/pygments@2.6.1" + } + ] + }, { "name": "localhost:5000/match-coverage/debian", "SPDXID": "redacted", @@ -4595,6 +4615,8 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:example-java:example-java-app-maven:0. ExternalRef: SECURITY cpe23Type cpe:2.3:a:example-java:example_java_app_maven:0.1.0:*:*:*:*:*:*:* ExternalRef: SECURITY cpe23Type cpe:2.3:a:example_java:example-java-app-maven:0.1.0:*:*:*:*:*:*:* ExternalRef: SECURITY cpe23Type cpe:2.3:a:example_java:example_java_app_maven:0.1.0:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:org.anchore:example-java-app-maven:0.1.0:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:org.anchore:example_java_app_maven:0.1.0:*:*:*:*:*:*:* ExternalRef: SECURITY cpe23Type cpe:2.3:a:anchore:example-java-app-maven:0.1.0:*:*:*:*:*:*:* ExternalRef: SECURITY cpe23Type cpe:2.3:a:anchore:example_java_app_maven:0.1.0:*:*:*:*:*:*:* ExternalRef: SECURITY cpe23Type cpe:2.3:a:example:example-java-app-maven:0.1.0:*:*:*:*:*:*:* @@ -4639,9 +4661,9 @@ PackageDescription: a package manager for JavaScript ExternalRef: SECURITY cpe23Type cpe:2.3:a:node_packaged_modules_project:node_packaged_modules:6.14.6:*:*:*:*:node.js:*:* ExternalRef: PACKAGE-MANAGER purl pkg:npm/npm@6.14.6 -##### Package: Pygments +##### Package: pygments -PackageName: Pygments +PackageName: pygments PackageVersion: 2.6.1 PackageSupplier: Person: Georg Brandl (georg@python.org) @@ -4652,37 +4674,37 @@ PackageSourceInfo: acquired package info from installed python package manifest PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: LicenseRef-BSD-License PackageCopyrightText: NOASSERTION -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl_project:python-Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl_project:python_Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandlproject:python-Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandlproject:python_Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python-Pygments:python-Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python-Pygments:python_Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_Pygments:python-Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_Pygments:python_Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl_project:Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_project:python-Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_project:python_Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:python-Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:python_Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandlproject:Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georgproject:python-Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georgproject:python_Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:Pygments:python-Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:Pygments:python_Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python-Pygments:Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_Pygments:Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_project:Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python:python-Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python:python_Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg:python-Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg:python_Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georgproject:Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:Pygments:Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python:Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg:Pygments:2.6.1:*:*:*:*:*:*:* -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/Pygments@2.6.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl_project:python-pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl_project:python_pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandlproject:python-pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandlproject:python_pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python-pygments:python-pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python-pygments:python_pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_pygments:python-pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_pygments:python_pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl_project:pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_project:python-pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_project:python_pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:python-pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:python_pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandlproject:pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georgproject:python-pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georgproject:python_pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:pygments:python-pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:pygments:python_pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python-pygments:pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_pygments:pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_project:pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python:python-pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python:python_pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg:python-pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg:python_pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georgproject:pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:pygments:pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python:pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg:pygments:2.6.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.6.1 ##### Other Licenses @@ -4698,20 +4720,20 @@ Relationship: SPDXRef-Package-deb-apt-hash:redacted OTHER SPDXRef-File-var-lib-d RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-Package-java-archive-joda-time-hash:redacted OTHER SPDXRef-File-java-example-java-app-maven-0.1.0.jar-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file -Relationship: SPDXRef-Package-java-archive-example-java-app-maven-hash:redacted OTHER SPDXRef-File-java-example-java-app-maven-0.1.0.jar-hash:redacted +Relationship: SPDXRef-Package-python-pygments-hash:redacted OTHER SPDXRef-File-python-dist-info-METADATA-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file -Relationship: SPDXRef-Package-python-Pygments-hash:redacted OTHER SPDXRef-File-python-dist-info-METADATA-hash:redacted +Relationship: SPDXRef-Package-java-archive-example-java-app-maven-hash:redacted OTHER SPDXRef-File-java-example-java-app-maven-0.1.0.jar-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-Package-gem-bundler-hash:redacted OTHER SPDXRef-File-ruby-specifications-bundler.gemspec-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-Package-npm-npm-hash:redacted OTHER SPDXRef-File-javascript-pkg-json-package.json-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file -Relationship: SPDXRef-DocumentRoot-Image-localhost-5000-match-coverage-debian CONTAINS SPDXRef-Package-python-Pygments-hash:redacted Relationship: SPDXRef-DocumentRoot-Image-localhost-5000-match-coverage-debian CONTAINS SPDXRef-Package-deb-apt-hash:redacted Relationship: SPDXRef-DocumentRoot-Image-localhost-5000-match-coverage-debian CONTAINS SPDXRef-Package-gem-bundler-hash:redacted Relationship: SPDXRef-DocumentRoot-Image-localhost-5000-match-coverage-debian CONTAINS SPDXRef-Package-java-archive-example-java-app-maven-hash:redacted Relationship: SPDXRef-DocumentRoot-Image-localhost-5000-match-coverage-debian CONTAINS SPDXRef-Package-java-archive-joda-time-hash:redacted Relationship: SPDXRef-DocumentRoot-Image-localhost-5000-match-coverage-debian CONTAINS SPDXRef-Package-npm-npm-hash:redacted +Relationship: SPDXRef-DocumentRoot-Image-localhost-5000-match-coverage-debian CONTAINS SPDXRef-Package-python-pygments-hash:redacted Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-DocumentRoot-Image-localhost-5000-match-coverage-debian " `;