From 063a098d8c38dbe81b363195c4e5e03fb5395a79 Mon Sep 17 00:00:00 2001 From: DJ Schleen Date: Tue, 2 Aug 2022 10:43:18 -0600 Subject: [PATCH] feat: deb, rpm, and homebrew support (#28) * Adds support for deb, rpm, and Homebrew installation --- .github/dependabot.yml | 4 +- .github/workflows/go-quality.yml | 3 +- .github/workflows/release.yml | 163 ++---- .gitignore | 1 + .goreleaser.yaml | 41 ++ .hookz.yaml | 19 +- Makefile | 11 +- README.md | 21 +- cmd/root.go | 2 +- go.mod | 4 +- go.sum | 8 +- hinge-sbom.json | 303 ----------- sbom/hinge.cyclonedx.json | 850 +++++++++++++++++++++++++++++++ sbom/hinge.spdx.json | 578 +++++++++++++++++++++ sbom/hinge.syft.json | 610 ++++++++++++++++++++++ 15 files changed, 2153 insertions(+), 465 deletions(-) create mode 100644 .goreleaser.yaml delete mode 100644 hinge-sbom.json create mode 100644 sbom/hinge.cyclonedx.json create mode 100644 sbom/hinge.spdx.json create mode 100644 sbom/hinge.syft.json diff --git a/.github/dependabot.yml b/.github/dependabot.yml index ec52d8c..09f747e 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,10 +5,10 @@ updates: schedule: interval: daily time: "05:00" - timezone: UTC + timezone: US/Pacific - package-ecosystem: gomod directory: / schedule: interval: daily time: "05:00" - timezone: UTC + timezone: US/Pacific diff --git a/.github/workflows/go-quality.yml b/.github/workflows/go-quality.yml index 9d740c0..cad36e1 100644 --- a/.github/workflows/go-quality.yml +++ b/.github/workflows/go-quality.yml @@ -4,7 +4,8 @@ jobs: tests: runs-on: ubuntu-latest steps: - - name: Checkout + - + name: Checkout uses: actions/checkout@v2 - name: Setup Go uses: actions/setup-go@v2 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d14c746..4871db9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,150 +1,45 @@ -name: hinge Release +name: Release on: push: tags: - 'v*' +permissions: + contents: write + jobs: release: - name: Create Release runs-on: ubuntu-latest - outputs: - upload_url: ${{ steps.upload_url.outputs.upload_url }} - steps: - - name: Checkout code + - + name: Checkout uses: actions/checkout@v2 - - - name: Create Release - id: create_release - uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: - tag_name: ${{ github.ref }} - release_name: Release ${{ github.ref }} - body: | - This release has the following changes: - - README Updates. - draft: false - prerelease: false - - - name: Fix Upload URL - id: upload_url - run: echo ::set-output name=upload_url::$(echo "${{ steps.create_release.outputs.upload_url }}" | cut -d"{" -f1) - - - name: Echo upload url - run: echo "${{ steps.upload_url.outputs.upload_url }}" - - build: - needs: release - strategy: - matrix: - os: ["darwin", "freebsd", "linux", "netbsd", "openbsd", "windows"] - arch: ["amd64", "arm64", "arm"] - - env: - UPLOAD_URL: ${{ needs.release.outputs.upload_url }} - - name: Build and Upload Assets - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Setup Go + fetch-depth: 0 + - + name: Set up Go uses: actions/setup-go@v2 with: - go-version: '1.18' - - - name: Get the version - id: get_version - run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\/v/} - - - name: Generate SBOM - uses: CycloneDX/gh-gomod-generate-sbom@v0.3.0 + go-version: 1.18 + - + name: Run GoReleaser + uses: goreleaser/goreleaser-action@v2 with: - include-stdlib: true - json: true - output: sbom.json - resolve-licenses: true - version: "^v0" - - - name: Build amd64 Assets - if: matrix.arch == 'amd64' - run: | - echo "${{ matrix.os }} ${{ matrix.arch }}" - env GOOS=${{ matrix.os }} GOARCH=${{ matrix.arch }} go build -o $FILE github.com/devops-kung-fu/hinge - env: - FILE: build/hinge-${{ steps.get_version.outputs.VERSION }}-${{ matrix.os }}-${{ matrix.arch }} - - - name: Build arm64 Assets - if: matrix.arch == 'arm64' && matrix.os == 'linux' - run: | - echo "${{ matrix.os }} ${{ matrix.arch }}" - env GOOS=${{ matrix.os }} GOARCH=${{ matrix.arch }} go build -o $FILE github.com/devops-kung-fu/hinge - env: - FILE: build/hinge-${{ steps.get_version.outputs.VERSION }}-${{ matrix.os }}-${{ matrix.arch }} - - - name: Build arm Assets - if: matrix.arch == 'arm' && (matrix.os == 'freebsd' || matrix.os == 'netbsd' || matrix.os == 'openbsd') - run: | - echo "${{ matrix.os }} ${{ matrix.arch }}" - env GOOS=${{ matrix.os }} GOARCH=${{ matrix.arch }} go build -o $FILE github.com/devops-kung-fu/hinge - env: - FILE: build/hinge-${{ steps.get_version.outputs.VERSION }}-${{ matrix.os }}-${{ matrix.arch }} - - - name: Upload SBoM - run: | - curl \ - -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ - -H "Content-Type: $(file -b --mime-type $FILE)" \ - --data-binary @$FILE \ - "$UPLOAD_URL?name=$(basename $FILE)" - env: - FILE: sbom.json - - - name: Upload amd64 Non-Windows - if: matrix.os != 'windows' && matrix.arch == 'amd64' - run: | - curl \ - -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ - -H "Content-Type: $(file -b --mime-type $FILE)" \ - --data-binary @$FILE \ - "$UPLOAD_URL?name=$(basename $FILE)" - env: - FILE: build/hinge-${{ steps.get_version.outputs.VERSION }}-${{ matrix.os }}-${{ matrix.arch }} - - - name: Upload amd64 Windows - if: matrix.os == 'windows' && matrix.arch == 'amd64' - run: | - curl \ - -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ - -H "Content-Type: $(file -b --mime-type $FILE)" \ - --data-binary @$FILE \ - "$UPLOAD_URL?name=$(basename $FILE)" - env: - FILE: build/hinge-${{ steps.get_version.outputs.VERSION }}-${{ matrix.os }}-${{ matrix.arch }}.exe - - - name: Upload arm64 - if: matrix.os == 'linux' && matrix.arch == 'arm64' - run: | - curl \ - -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ - -H "Content-Type: $(file -b --mime-type $FILE)" \ - --data-binary @$FILE \ - "$UPLOAD_URL?name=$(basename $FILE)" - env: - FILE: build/hinge-${{ steps.get_version.outputs.VERSION }}-${{ matrix.os }}-${{ matrix.arch }} + distribution: goreleaser + version: ${{ env.GITHUB_REF_NAME }} + args: release --rm-dist + env: + GITHUB_TOKEN: ${{ secrets.PUBLISHER_TOKEN }} + - + name: Generate SBOM + uses: anchore/sbom-action@v0 + with: + artifact-name: hinge.spdx.json + path: . + - + name: Release SBOM + uses: anchore/sbom-action/publish-sbom@v0 + with: + sbom-artifact-match: ".*\\.spdx.json$" - - name: Upload arm - if: (matrix.os == 'freebsd' || matrix.os == 'netbsd' || matrix.os == 'openbsd') && matrix.arch == 'arm' - run: | - curl \ - -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ - -H "Content-Type: $(file -b --mime-type $FILE)" \ - --data-binary @$FILE \ - "$UPLOAD_URL?name=$(basename $FILE)" - env: - FILE: build/hinge-${{ steps.get_version.outputs.VERSION }}-${{ matrix.os }}-${{ matrix.arch }} diff --git a/.gitignore b/.gitignore index 8d2b912..60112f0 100644 --- a/.gitignore +++ b/.gitignore @@ -15,4 +15,5 @@ # vendor/ .DS_Store + hinge \ No newline at end of file diff --git a/.goreleaser.yaml b/.goreleaser.yaml new file mode 100644 index 0000000..876add3 --- /dev/null +++ b/.goreleaser.yaml @@ -0,0 +1,41 @@ +project_name: hinge + +builds: + - + binary: hinge + goos: + - darwin + - linux + goarch: + - amd64 + - arm64 + +release: + prerelease: auto + +universal_binaries: + - replace: true + +brews: + - + name: hinge + homepage: "https://github.com/devops-kung-fu/hinge" + tap: + owner: devops-kung-fu + name: homebrew-tap + commit_author: + name: djschleen + email: djschleen@gmail.com + +checksum: + name_template: 'checksums.txt' + +nfpms: + - maintainer: DJ Schleen + description: Creates and updates your Dependabot config. + homepage: https://github.com/devops-kung-fu/hinge + license: MPL + formats: + - deb + - rpm + diff --git a/.hookz.yaml b/.hookz.yaml index 81b7ab7..ab084b3 100644 --- a/.hookz.yaml +++ b/.hookz.yaml @@ -1,6 +1,6 @@ - version: 2.4.0 + version: 2.4.1 sources: - - source: github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest + - source: github.com/anchore/syft/cmd/syft@latest - source: github.com/devops-kung-fu/hinge@latest - source: github.com/kisielk/errcheck@latest - source: golang.org/x/lint/golint@latest @@ -30,7 +30,7 @@ exec: gocyclo args: ["-over", "8", "."] - name: Hinge - exec: hinge + exec: ./hinge args: ["."] - name: "go: Build (Ensure pulled modules do not break the build)" exec: go @@ -41,9 +41,14 @@ - name: "go: Test coverage" exec: go args: ["tool", "cover", "-func=coverage.out"] - - name: "cyclone-dx: Generate a Software Bill of Materials (SBoM)" - exec: cyclonedx-gomod - args: ["-json", "-output", "hinge-sbom.json"] + - name: "syft: Generate a Software Bill of Materials (SBoM)" + exec: syft + args: [".","-o ","json=sbom/hinge.syft.json","-o", "spdx-json=sbom/hinge.spdx.json", "-o", "cyclonedx-json=sbom/hinge.cyclonedx.json"] - name: "git: Add all changed files during the pre-commit stage" exec: git - args: ["add", "."] \ No newline at end of file + args: ["add", "."] + - type: pre-push + actions: + - name: "hookz: example pre-push hook" + exec: /bin/echo + args: ["Pushing changes..."] \ No newline at end of file diff --git a/Makefile b/Makefile index c6cb6c7..4edb63d 100644 --- a/Makefile +++ b/Makefile @@ -13,15 +13,16 @@ title: @echo "--------------" build: ## Builds the application - go get -u ./... - go mod tidy - go build ./... + @echo Building... + @go get -u ./... + @go mod tidy + @go build ./... test: ## Runs tests and coverage - go test -v -coverprofile=coverage.out ./... && go tool cover -func=coverage.out + @go test -v -coverprofile=coverage.out ./... && go tool cover -func=coverage.out check: build ## Tests the pre-commit hooks if they exist - hookz reset --verbose --debug --verbose-output + @hookz reset --verbose --debug --verbose-output . .git/hooks/pre-commit all: title build test ## Makes all targets \ No newline at end of file diff --git a/README.md b/README.md index 6ff84fd..5c34bf8 100644 --- a/README.md +++ b/README.md @@ -20,14 +20,23 @@ Creates and updates your Dependabot configuration file, `dependabot.yml`. ## Installation -To install ```hinge```, [download the latest release](https://github.com/devops-kung-fu/hinge/releases) , make it executable, rename it to `hinge` and move it to the `/usr/local/bin` directory for Linux, or on your `PATH` for other operating systems. +### Mac -### Linux Example +You can use [Homebrew](https://brew.sh) to install ```Hookz``` using the following: -```bash -sudo chmod +x hinge-1.0.0-linux-amd64 -sudo mv hinge-1.0.0-linux-amd64 /usr/local/bin/hinge +``` bash +brew tap devops-kung-fu/homebrew-tap +brew install devops-kung-fu/homebrew-tap/hinge ``` + +### Linux + +To install ```hinge```, download the latest release [deb or rpm](https://github.com/devops-kung-fu/hinge/releases and install. + +``` bash +# Debian Example +dpkg -i hinge_1.0.1_linux_amd64.deb + ### With a Go Development Environment If you have a Go development environment set up, you can also simply do this: @@ -71,7 +80,7 @@ Once ```hinge``` is installed, you can run this command in the root of your git hinge . ``` -**NOTE**: The provided path needs to be a git repository. +**NOTE**: The provided path must be a git repository. ### Flag Notes diff --git a/cmd/root.go b/cmd/root.go index 2acf308..944313f 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -19,7 +19,7 @@ import ( ) var ( - version = "1.0.0" + version = "1.0.1" //Afs stores a global OS Filesystem that is used throughout hinge Afs = &afero.Afero{Fs: afero.NewOsFs()} //Verbose determines if the execution of hing should output verbose information diff --git a/go.mod b/go.mod index d769ba7..b3e15f9 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.18 require ( github.com/devops-kung-fu/common v0.2.3 github.com/gookit/color v1.5.1 - github.com/spf13/afero v1.8.2 + github.com/spf13/afero v1.9.2 github.com/spf13/cobra v1.5.0 github.com/stretchr/testify v1.8.0 gopkg.in/yaml.v2 v2.4.0 @@ -17,7 +17,7 @@ require ( github.com/pmezard/go-difflib v1.0.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 // indirect - golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e // indirect + golang.org/x/sys v0.0.0-20220731174439-a90be440212d // indirect golang.org/x/text v0.3.7 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 4ec9eb0..ffb0c53 100644 --- a/go.sum +++ b/go.sum @@ -139,8 +139,8 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/spf13/afero v1.8.2 h1:xehSyVa0YnHWsJ49JFljMpg1HX19V6NDZ1fkm1Xznbo= -github.com/spf13/afero v1.8.2/go.mod h1:CtAatgMJh6bJEIs48Ay/FOnkljP3WeGUG0MC1RfAqwo= +github.com/spf13/afero v1.9.2 h1:j49Hj62F0n+DaZ1dDCvhABaPNSGNkt32oRFxI33IEMw= +github.com/spf13/afero v1.9.2/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y= github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU= github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= @@ -291,8 +291,8 @@ golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e h1:CsOuNlbOuf0mzxJIefr6Q4uAUetRUwZE4qt7VfzP+xo= -golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220731174439-a90be440212d h1:Sv5ogFZatcgIMMtBSTTAgMYsicp25MXBubjXNDKwm80= +golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/hinge-sbom.json b/hinge-sbom.json deleted file mode 100644 index d9b3cd8..0000000 --- a/hinge-sbom.json +++ /dev/null @@ -1,303 +0,0 @@ -{ - "bomFormat": "CycloneDX", - "specVersion": "1.2", - "serialNumber": "urn:uuid:fce95ab8-bfb1-4a14-a30a-da83c41a6d23", - "version": 1, - "metadata": { - "timestamp": "2022-07-06T10:32:39-06:00", - "tools": [ - { - "vendor": "CycloneDX", - "name": "cyclonedx-gomod", - "version": "v0.8.2", - "hashes": [ - { - "alg": "MD5", - "content": "2fae1b517e34f532b24f832d5282d34d" - }, - { - "alg": "SHA-1", - "content": "aa7190bc32cecebaf98e8551f92335518d6ed1a5" - }, - { - "alg": "SHA-256", - "content": "2fd17a0d03f6614a16c6ea87656ff96f0e4dce19859b4f597e87d52018dba923" - }, - { - "alg": "SHA-512", - "content": "03ec9560eb767b228f15ef3b611c0363f4493be758bb810620dd0ad93e223bd348160f68754163d11db3a99d827286b9889d8588835c5ae1b9438c70e200ad32" - } - ] - } - ], - "component": { - "bom-ref": "pkg:golang/github.com/devops-kung-fu/hinge@v0.0.0-20220706102351-86be27157671", - "type": "application", - "name": "github.com/devops-kung-fu/hinge", - "version": "v0.0.0-20220706102351-86be27157671", - "purl": "pkg:golang/github.com/devops-kung-fu/hinge@v0.0.0-20220706102351-86be27157671", - "externalReferences": [ - { - "url": "https://github.com/devops-kung-fu/hinge", - "type": "vcs" - } - ] - } - }, - "components": [ - { - "bom-ref": "pkg:golang/github.com/devops-kung-fu/common@v0.2.3", - "type": "library", - "name": "github.com/devops-kung-fu/common", - "version": "v0.2.3", - "scope": "required", - "hashes": [ - { - "alg": "SHA-256", - "content": "c5425d8b503b90fd673da16afc665310006fb71b9a0d155495a292454825c6ec" - } - ], - "purl": "pkg:golang/github.com/devops-kung-fu/common@v0.2.3", - "externalReferences": [ - { - "url": "https://github.com/devops-kung-fu/common", - "type": "vcs" - } - ] - }, - { - "bom-ref": "pkg:golang/github.com/gookit/color@v1.5.1", - "type": "library", - "name": "github.com/gookit/color", - "version": "v1.5.1", - "scope": "required", - "hashes": [ - { - "alg": "SHA-256", - "content": "56383654471d1e9c2afa863adecfe4b07ae0258093a346f05af9a6616744f5f4" - } - ], - "purl": "pkg:golang/github.com/gookit/color@v1.5.1", - "externalReferences": [ - { - "url": "https://github.com/gookit/color", - "type": "vcs" - } - ] - }, - { - "bom-ref": "pkg:golang/github.com/inconshreveable/mousetrap@v1.0.0", - "type": "library", - "name": "github.com/inconshreveable/mousetrap", - "version": "v1.0.0", - "scope": "required", - "hashes": [ - { - "alg": "SHA-256", - "content": "67cb6ee6cada2d709721c011c41a7ff1c6ef97055aed9d4d1e0f5710a86d4af3" - } - ], - "purl": "pkg:golang/github.com/inconshreveable/mousetrap@v1.0.0", - "externalReferences": [ - { - "url": "https://github.com/inconshreveable/mousetrap", - "type": "vcs" - } - ] - }, - { - "bom-ref": "pkg:golang/github.com/spf13/afero@v1.8.2", - "type": "library", - "name": "github.com/spf13/afero", - "version": "v1.8.2", - "scope": "required", - "hashes": [ - { - "alg": "SHA-256", - "content": "c5e852c956b46271d6b09e3d2459633298351d7d7d57a3436757e49b55f39dba" - } - ], - "purl": "pkg:golang/github.com/spf13/afero@v1.8.2", - "externalReferences": [ - { - "url": "https://github.com/spf13/afero", - "type": "vcs" - } - ] - }, - { - "bom-ref": "pkg:golang/github.com/spf13/cobra@v1.5.0", - "type": "library", - "name": "github.com/spf13/cobra", - "version": "v1.5.0", - "scope": "required", - "hashes": [ - { - "alg": "SHA-256", - "content": "5fe8d304406a1746c737ef5c48c8267eebefd951c9f5ece614d7fd63f5ecb585" - } - ], - "purl": "pkg:golang/github.com/spf13/cobra@v1.5.0", - "externalReferences": [ - { - "url": "https://github.com/spf13/cobra", - "type": "vcs" - } - ] - }, - { - "bom-ref": "pkg:golang/github.com/spf13/pflag@v1.0.5", - "type": "library", - "name": "github.com/spf13/pflag", - "version": "v1.0.5", - "scope": "required", - "hashes": [ - { - "alg": "SHA-256", - "content": "8b2f951543823f56bef3216da3f76b836089e6ed3246807b7d9c370cabff2570" - } - ], - "purl": "pkg:golang/github.com/spf13/pflag@v1.0.5", - "externalReferences": [ - { - "url": "https://github.com/spf13/pflag", - "type": "vcs" - } - ] - }, - { - "bom-ref": "pkg:golang/github.com/xo/terminfo@v0.0.0-20210125001918-ca9a967f8778", - "type": "library", - "name": "github.com/xo/terminfo", - "version": "v0.0.0-20210125001918-ca9a967f8778", - "scope": "required", - "hashes": [ - { - "alg": "SHA-256", - "content": "42577222efcbeb7a0fa72bd098782f822724a75630e75d0a24ea97ec7db89a0f" - } - ], - "purl": "pkg:golang/github.com/xo/terminfo@v0.0.0-20210125001918-ca9a967f8778", - "externalReferences": [ - { - "url": "https://github.com/xo/terminfo", - "type": "vcs" - } - ] - }, - { - "bom-ref": "pkg:golang/golang.org/x/sys@v0.0.0-20220704084225-05e143d24a9e", - "type": "library", - "name": "golang.org/x/sys", - "version": "v0.0.0-20220704084225-05e143d24a9e", - "scope": "required", - "hashes": [ - { - "alg": "SHA-256", - "content": "0ac3ae3656ceb9fd26cf124879fafa438b8051eb51530644e2ab7b55fccffb1a" - } - ], - "purl": "pkg:golang/golang.org/x/sys@v0.0.0-20220704084225-05e143d24a9e" - }, - { - "bom-ref": "pkg:golang/golang.org/x/text@v0.3.7", - "type": "library", - "name": "golang.org/x/text", - "version": "v0.3.7", - "scope": "required", - "hashes": [ - { - "alg": "SHA-256", - "content": "a25a70bcfd8a69c5b5656bec47bb90868c9362f280ba97d0ad118114cdf9d869" - } - ], - "purl": "pkg:golang/golang.org/x/text@v0.3.7" - }, - { - "bom-ref": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", - "type": "library", - "name": "gopkg.in/yaml.v2", - "version": "v2.4.0", - "scope": "required", - "hashes": [ - { - "alg": "SHA-256", - "content": "0fcc60c04098ec262fc7e6369f8b01cfddc99fd251bf1762cb2a3c0937ee29a6" - } - ], - "purl": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", - "externalReferences": [ - { - "url": "https://github.com/go-yaml/yaml", - "type": "vcs" - } - ] - } - ], - "dependencies": [ - { - "ref": "pkg:golang/github.com/devops-kung-fu/common@v0.2.3", - "dependsOn": [ - "pkg:golang/github.com/gookit/color@v1.5.1", - "pkg:golang/github.com/spf13/afero@v1.8.2", - "pkg:golang/github.com/xo/terminfo@v0.0.0-20210125001918-ca9a967f8778", - "pkg:golang/golang.org/x/sys@v0.0.0-20220704084225-05e143d24a9e", - "pkg:golang/golang.org/x/text@v0.3.7" - ] - }, - { - "ref": "pkg:golang/github.com/gookit/color@v1.5.1", - "dependsOn": [ - "pkg:golang/github.com/xo/terminfo@v0.0.0-20210125001918-ca9a967f8778", - "pkg:golang/golang.org/x/sys@v0.0.0-20220704084225-05e143d24a9e" - ] - }, - { - "ref": "pkg:golang/github.com/inconshreveable/mousetrap@v1.0.0" - }, - { - "ref": "pkg:golang/github.com/spf13/afero@v1.8.2", - "dependsOn": [ - "pkg:golang/golang.org/x/text@v0.3.7" - ] - }, - { - "ref": "pkg:golang/github.com/spf13/cobra@v1.5.0", - "dependsOn": [ - "pkg:golang/github.com/inconshreveable/mousetrap@v1.0.0", - "pkg:golang/github.com/spf13/pflag@v1.0.5", - "pkg:golang/gopkg.in/yaml.v2@v2.4.0" - ] - }, - { - "ref": "pkg:golang/github.com/spf13/pflag@v1.0.5" - }, - { - "ref": "pkg:golang/github.com/xo/terminfo@v0.0.0-20210125001918-ca9a967f8778" - }, - { - "ref": "pkg:golang/golang.org/x/sys@v0.0.0-20220704084225-05e143d24a9e" - }, - { - "ref": "pkg:golang/golang.org/x/text@v0.3.7" - }, - { - "ref": "pkg:golang/gopkg.in/yaml.v2@v2.4.0" - }, - { - "ref": "pkg:golang/github.com/devops-kung-fu/hinge@v0.0.0-20220706102351-86be27157671", - "dependsOn": [ - "pkg:golang/github.com/devops-kung-fu/common@v0.2.3", - "pkg:golang/github.com/gookit/color@v1.5.1", - "pkg:golang/github.com/inconshreveable/mousetrap@v1.0.0", - "pkg:golang/github.com/spf13/afero@v1.8.2", - "pkg:golang/github.com/spf13/cobra@v1.5.0", - "pkg:golang/github.com/spf13/pflag@v1.0.5", - "pkg:golang/github.com/xo/terminfo@v0.0.0-20210125001918-ca9a967f8778", - "pkg:golang/golang.org/x/sys@v0.0.0-20220704084225-05e143d24a9e", - "pkg:golang/golang.org/x/text@v0.3.7", - "pkg:golang/gopkg.in/yaml.v2@v2.4.0" - ] - } - ] -} diff --git a/sbom/hinge.cyclonedx.json b/sbom/hinge.cyclonedx.json new file mode 100644 index 0000000..9df57a4 --- /dev/null +++ b/sbom/hinge.cyclonedx.json @@ -0,0 +1,850 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "serialNumber": "urn:uuid:9dc614bb-d98a-498a-a3b0-afdef7a04d6a", + "version": 1, + "metadata": { + "timestamp": "2022-08-02T10:41:10-06:00", + "tools": [ + { + "vendor": "anchore", + "name": "syft", + "version": "[not provided]" + } + ], + "component": { + "bom-ref": "af63bd4c8601b7f1", + "type": "file", + "name": "." + } + }, + "components": [ + { + "bom-ref": "pkg:golang/github.com/davecgh/go-spew@v1.1.1?package-id=82cf8b15f7c32de3", + "type": "library", + "name": "github.com/davecgh/go-spew", + "version": "v1.1.1", + "cpe": "cpe:2.3:a:davecgh:go-spew:v1.1.1:*:*:*:*:*:*:*", + "purl": "pkg:golang/github.com/davecgh/go-spew@v1.1.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-mod-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:davecgh:go_spew:v1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "go.mod" + } + ] + }, + { + "bom-ref": "pkg:golang/github.com/devops-kung-fu/common@v0.2.3?package-id=f6b7bd83237af4e8", + "type": "library", + "name": "github.com/devops-kung-fu/common", + "version": "v0.2.3", + "cpe": "cpe:2.3:a:devops-kung-fu:common:v0.2.3:*:*:*:*:*:*:*", + "purl": "pkg:golang/github.com/devops-kung-fu/common@v0.2.3", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-mod-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:devops_kung_fu:common:v0.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:devops-kung:common:v0.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:devops_kung:common:v0.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:devops:common:v0.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "go.mod" + } + ] + }, + { + "bom-ref": "pkg:golang/github.com/devops-kung-fu/common@v0.2.3?package-id=c60f205d575ca810", + "type": "library", + "name": "github.com/devops-kung-fu/common", + "version": "v0.2.3", + "cpe": "cpe:2.3:a:devops-kung-fu:common:v0.2.3:*:*:*:*:*:*:*", + "purl": "pkg:golang/github.com/devops-kung-fu/common@v0.2.3", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-binary-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:metadataType", + "value": "GolangBinMetadata" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:devops_kung_fu:common:v0.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:devops-kung:common:v0.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:devops_kung:common:v0.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:devops:common:v0.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "hinge" + }, + { + "name": "syft:metadata:architecture", + "value": "amd64" + }, + { + "name": "syft:metadata:goCompiledVersion", + "value": "go1.18.4" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:xUJdi1A7kP1nPaFq/GZTEABvtxuaDRVUlaKSRUglxuw=" + }, + { + "name": "syft:metadata:mainModule", + "value": "github.com/devops-kung-fu/hinge" + } + ] + }, + { + "bom-ref": "pkg:golang/github.com/devops-kung-fu/hinge@v0.0.0-20220802163800-cebd79d79dde?package-id=3fbfc866af6d66ce", + "type": "library", + "name": "github.com/devops-kung-fu/hinge", + "version": "v0.0.0-20220802163800-cebd79d79dde", + "cpe": "cpe:2.3:a:devops-kung-fu:hinge:v0.0.0-20220802163800-cebd79d79dde:*:*:*:*:*:*:*", + "purl": "pkg:golang/github.com/devops-kung-fu/hinge@v0.0.0-20220802163800-cebd79d79dde", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-binary-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:metadataType", + "value": "GolangBinMetadata" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:devops_kung_fu:hinge:v0.0.0-20220802163800-cebd79d79dde:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:devops-kung:hinge:v0.0.0-20220802163800-cebd79d79dde:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:devops_kung:hinge:v0.0.0-20220802163800-cebd79d79dde:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:devops:hinge:v0.0.0-20220802163800-cebd79d79dde:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "hinge" + }, + { + "name": "syft:metadata:architecture", + "value": "amd64" + }, + { + "name": "syft:metadata:goCompiledVersion", + "value": "go1.18.4" + }, + { + "name": "syft:metadata:mainModule", + "value": "github.com/devops-kung-fu/hinge" + } + ] + }, + { + "bom-ref": "pkg:golang/github.com/gookit/color@v1.5.1?package-id=7c3dd4825d9774", + "type": "library", + "name": "github.com/gookit/color", + "version": "v1.5.1", + "cpe": "cpe:2.3:a:gookit:color:v1.5.1:*:*:*:*:*:*:*", + "purl": "pkg:golang/github.com/gookit/color@v1.5.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-mod-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:location:0:path", + "value": "go.mod" + } + ] + }, + { + "bom-ref": "pkg:golang/github.com/gookit/color@v1.5.1?package-id=d7be59dbf5a84e70", + "type": "library", + "name": "github.com/gookit/color", + "version": "v1.5.1", + "cpe": "cpe:2.3:a:gookit:color:v1.5.1:*:*:*:*:*:*:*", + "purl": "pkg:golang/github.com/gookit/color@v1.5.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-binary-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:metadataType", + "value": "GolangBinMetadata" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:location:0:path", + "value": "hinge" + }, + { + "name": "syft:metadata:architecture", + "value": "amd64" + }, + { + "name": "syft:metadata:goCompiledVersion", + "value": "go1.18.4" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:Vjg2VEcdHpwq+oY63s/ksHrgJYCTo0bwWvmmYWdE9fQ=" + }, + { + "name": "syft:metadata:mainModule", + "value": "github.com/devops-kung-fu/hinge" + } + ] + }, + { + "bom-ref": "pkg:golang/github.com/inconshreveable/mousetrap@v1.0.0?package-id=ac4ead091b5593ab", + "type": "library", + "name": "github.com/inconshreveable/mousetrap", + "version": "v1.0.0", + "cpe": "cpe:2.3:a:inconshreveable:mousetrap:v1.0.0:*:*:*:*:*:*:*", + "purl": "pkg:golang/github.com/inconshreveable/mousetrap@v1.0.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-mod-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:location:0:path", + "value": "go.mod" + } + ] + }, + { + "bom-ref": "pkg:golang/github.com/pmezard/go-difflib@v1.0.0?package-id=fc0265ef2c7b8e50", + "type": "library", + "name": "github.com/pmezard/go-difflib", + "version": "v1.0.0", + "cpe": "cpe:2.3:a:pmezard:go-difflib:v1.0.0:*:*:*:*:*:*:*", + "purl": "pkg:golang/github.com/pmezard/go-difflib@v1.0.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-mod-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pmezard:go_difflib:v1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "go.mod" + } + ] + }, + { + "bom-ref": "pkg:golang/github.com/spf13/afero@v1.9.2?package-id=1ab8d71708e8ef0a", + "type": "library", + "name": "github.com/spf13/afero", + "version": "v1.9.2", + "cpe": "cpe:2.3:a:spf13:afero:v1.9.2:*:*:*:*:*:*:*", + "purl": "pkg:golang/github.com/spf13/afero@v1.9.2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-mod-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:location:0:path", + "value": "go.mod" + } + ] + }, + { + "bom-ref": "pkg:golang/github.com/spf13/afero@v1.9.2?package-id=1d1f3c239ee6295e", + "type": "library", + "name": "github.com/spf13/afero", + "version": "v1.9.2", + "cpe": "cpe:2.3:a:spf13:afero:v1.9.2:*:*:*:*:*:*:*", + "purl": "pkg:golang/github.com/spf13/afero@v1.9.2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-binary-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:metadataType", + "value": "GolangBinMetadata" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:location:0:path", + "value": "hinge" + }, + { + "name": "syft:metadata:architecture", + "value": "amd64" + }, + { + "name": "syft:metadata:goCompiledVersion", + "value": "go1.18.4" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:j49Hj62F0n+DaZ1dDCvhABaPNSGNkt32oRFxI33IEMw=" + }, + { + "name": "syft:metadata:mainModule", + "value": "github.com/devops-kung-fu/hinge" + } + ] + }, + { + "bom-ref": "pkg:golang/github.com/spf13/cobra@v1.5.0?package-id=a34663c05b4edc16", + "type": "library", + "name": "github.com/spf13/cobra", + "version": "v1.5.0", + "cpe": "cpe:2.3:a:spf13:cobra:v1.5.0:*:*:*:*:*:*:*", + "purl": "pkg:golang/github.com/spf13/cobra@v1.5.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-mod-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:location:0:path", + "value": "go.mod" + } + ] + }, + { + "bom-ref": "pkg:golang/github.com/spf13/cobra@v1.5.0?package-id=1823900395850f93", + "type": "library", + "name": "github.com/spf13/cobra", + "version": "v1.5.0", + "cpe": "cpe:2.3:a:spf13:cobra:v1.5.0:*:*:*:*:*:*:*", + "purl": "pkg:golang/github.com/spf13/cobra@v1.5.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-binary-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:metadataType", + "value": "GolangBinMetadata" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:location:0:path", + "value": "hinge" + }, + { + "name": "syft:metadata:architecture", + "value": "amd64" + }, + { + "name": "syft:metadata:goCompiledVersion", + "value": "go1.18.4" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU=" + }, + { + "name": "syft:metadata:mainModule", + "value": "github.com/devops-kung-fu/hinge" + } + ] + }, + { + "bom-ref": "pkg:golang/github.com/spf13/pflag@v1.0.5?package-id=b5f60d334205548", + "type": "library", + "name": "github.com/spf13/pflag", + "version": "v1.0.5", + "cpe": "cpe:2.3:a:spf13:pflag:v1.0.5:*:*:*:*:*:*:*", + "purl": "pkg:golang/github.com/spf13/pflag@v1.0.5", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-mod-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:location:0:path", + "value": "go.mod" + } + ] + }, + { + "bom-ref": "pkg:golang/github.com/spf13/pflag@v1.0.5?package-id=89d18f29d10865cd", + "type": "library", + "name": "github.com/spf13/pflag", + "version": "v1.0.5", + "cpe": "cpe:2.3:a:spf13:pflag:v1.0.5:*:*:*:*:*:*:*", + "purl": "pkg:golang/github.com/spf13/pflag@v1.0.5", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-binary-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:metadataType", + "value": "GolangBinMetadata" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:location:0:path", + "value": "hinge" + }, + { + "name": "syft:metadata:architecture", + "value": "amd64" + }, + { + "name": "syft:metadata:goCompiledVersion", + "value": "go1.18.4" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=" + }, + { + "name": "syft:metadata:mainModule", + "value": "github.com/devops-kung-fu/hinge" + } + ] + }, + { + "bom-ref": "pkg:golang/github.com/stretchr/testify@v1.8.0?package-id=384b2b91069c12ca", + "type": "library", + "name": "github.com/stretchr/testify", + "version": "v1.8.0", + "cpe": "cpe:2.3:a:stretchr:testify:v1.8.0:*:*:*:*:*:*:*", + "purl": "pkg:golang/github.com/stretchr/testify@v1.8.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-mod-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:location:0:path", + "value": "go.mod" + } + ] + }, + { + "bom-ref": "pkg:golang/github.com/xo/terminfo@v0.0.0-20210125001918-ca9a967f8778?package-id=6145d58d9f60cbd4", + "type": "library", + "name": "github.com/xo/terminfo", + "version": "v0.0.0-20210125001918-ca9a967f8778", + "cpe": "cpe:2.3:a:xo:terminfo:v0.0.0-20210125001918-ca9a967f8778:*:*:*:*:*:*:*", + "purl": "pkg:golang/github.com/xo/terminfo@v0.0.0-20210125001918-ca9a967f8778", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-mod-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:location:0:path", + "value": "go.mod" + } + ] + }, + { + "bom-ref": "pkg:golang/github.com/xo/terminfo@v0.0.0-20210125001918-ca9a967f8778?package-id=113366214665407", + "type": "library", + "name": "github.com/xo/terminfo", + "version": "v0.0.0-20210125001918-ca9a967f8778", + "cpe": "cpe:2.3:a:xo:terminfo:v0.0.0-20210125001918-ca9a967f8778:*:*:*:*:*:*:*", + "purl": "pkg:golang/github.com/xo/terminfo@v0.0.0-20210125001918-ca9a967f8778", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-binary-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:metadataType", + "value": "GolangBinMetadata" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:location:0:path", + "value": "hinge" + }, + { + "name": "syft:metadata:architecture", + "value": "amd64" + }, + { + "name": "syft:metadata:goCompiledVersion", + "value": "go1.18.4" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:QldyIu/L63oPpyvQmHgvgickp1Yw510KJOqX7H24mg8=" + }, + { + "name": "syft:metadata:mainModule", + "value": "github.com/devops-kung-fu/hinge" + } + ] + }, + { + "bom-ref": "pkg:golang/golang.org/x/sys@v0.0.0-20220731174439-a90be440212d?package-id=25c42e37d7076a0b", + "type": "library", + "name": "golang.org/x/sys", + "version": "v0.0.0-20220731174439-a90be440212d", + "cpe": "cpe:2.3:a:golang:x\\/sys:v0.0.0-20220731174439-a90be440212d:*:*:*:*:*:*:*", + "purl": "pkg:golang/golang.org/x/sys@v0.0.0-20220731174439-a90be440212d", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-mod-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:location:0:path", + "value": "go.mod" + } + ] + }, + { + "bom-ref": "pkg:golang/golang.org/x/text@v0.3.7?package-id=ae70283ea710ca92", + "type": "library", + "name": "golang.org/x/text", + "version": "v0.3.7", + "cpe": "cpe:2.3:a:golang:x\\/text:v0.3.7:*:*:*:*:*:*:*", + "purl": "pkg:golang/golang.org/x/text@v0.3.7", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-mod-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:location:0:path", + "value": "go.mod" + } + ] + }, + { + "bom-ref": "pkg:golang/golang.org/x/text@v0.3.7?package-id=49c32cded3f552cb", + "type": "library", + "name": "golang.org/x/text", + "version": "v0.3.7", + "cpe": "cpe:2.3:a:golang:x\\/text:v0.3.7:*:*:*:*:*:*:*", + "purl": "pkg:golang/golang.org/x/text@v0.3.7", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-binary-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:metadataType", + "value": "GolangBinMetadata" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:location:0:path", + "value": "hinge" + }, + { + "name": "syft:metadata:architecture", + "value": "amd64" + }, + { + "name": "syft:metadata:goCompiledVersion", + "value": "go1.18.4" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=" + }, + { + "name": "syft:metadata:mainModule", + "value": "github.com/devops-kung-fu/hinge" + } + ] + }, + { + "bom-ref": "pkg:golang/gopkg.in/yaml.v2@v2.4.0?package-id=8f2bb9bdbe3059d6", + "type": "library", + "name": "gopkg.in/yaml.v2", + "version": "v2.4.0", + "purl": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-mod-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:location:0:path", + "value": "go.mod" + } + ] + }, + { + "bom-ref": "pkg:golang/gopkg.in/yaml.v2@v2.4.0?package-id=c6e67f9214219c0b", + "type": "library", + "name": "gopkg.in/yaml.v2", + "version": "v2.4.0", + "purl": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-binary-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:metadataType", + "value": "GolangBinMetadata" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:location:0:path", + "value": "hinge" + }, + { + "name": "syft:metadata:architecture", + "value": "amd64" + }, + { + "name": "syft:metadata:goCompiledVersion", + "value": "go1.18.4" + }, + { + "name": "syft:metadata:h1Digest", + "value": "h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=" + }, + { + "name": "syft:metadata:mainModule", + "value": "github.com/devops-kung-fu/hinge" + } + ] + }, + { + "bom-ref": "pkg:golang/gopkg.in/yaml.v3@v3.0.1?package-id=7d36a1c0c358a2f8", + "type": "library", + "name": "gopkg.in/yaml.v3", + "version": "v3.0.1", + "purl": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-mod-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:location:0:path", + "value": "go.mod" + } + ] + } + ] +} diff --git a/sbom/hinge.spdx.json b/sbom/hinge.spdx.json new file mode 100644 index 0000000..994dc48 --- /dev/null +++ b/sbom/hinge.spdx.json @@ -0,0 +1,578 @@ +{ + "SPDXID": "SPDXRef-DOCUMENT", + "name": ".", + "spdxVersion": "SPDX-2.2", + "creationInfo": { + "created": "2022-08-02T16:41:10.8691Z", + "creators": [ + "Organization: Anchore, Inc", + "Tool: syft-[not provided]" + ], + "licenseListVersion": "3.17" + }, + "dataLicense": "CC0-1.0", + "documentNamespace": "https://anchore.com/syft/dir/36ae4ba3-109d-40a7-a9a1-c04c259b609d", + "packages": [ + { + "SPDXID": "SPDXRef-82cf8b15f7c32de3", + "name": "github.com/davecgh/go-spew", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:davecgh:go-spew:v1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:davecgh:go_spew:v1.1.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:golang/github.com/davecgh/go-spew@v1.1.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from go module information: go.mod", + "versionInfo": "v1.1.1" + }, + { + "SPDXID": "SPDXRef-f6b7bd83237af4e8", + "name": "github.com/devops-kung-fu/common", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:devops-kung-fu:common:v0.2.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:devops_kung_fu:common:v0.2.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:devops-kung:common:v0.2.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:devops_kung:common:v0.2.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:devops:common:v0.2.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:golang/github.com/devops-kung-fu/common@v0.2.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from go module information: go.mod", + "versionInfo": "v0.2.3" + }, + { + "SPDXID": "SPDXRef-c60f205d575ca810", + "name": "github.com/devops-kung-fu/common", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:devops-kung-fu:common:v0.2.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:devops_kung_fu:common:v0.2.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:devops-kung:common:v0.2.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:devops_kung:common:v0.2.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:devops:common:v0.2.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:golang/github.com/devops-kung-fu/common@v0.2.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from go module information: hinge", + "versionInfo": "v0.2.3" + }, + { + "SPDXID": "SPDXRef-3fbfc866af6d66ce", + "name": "github.com/devops-kung-fu/hinge", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:devops-kung-fu:hinge:v0.0.0-20220802163800-cebd79d79dde:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:devops_kung_fu:hinge:v0.0.0-20220802163800-cebd79d79dde:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:devops-kung:hinge:v0.0.0-20220802163800-cebd79d79dde:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:devops_kung:hinge:v0.0.0-20220802163800-cebd79d79dde:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:devops:hinge:v0.0.0-20220802163800-cebd79d79dde:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:golang/github.com/devops-kung-fu/hinge@v0.0.0-20220802163800-cebd79d79dde", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from go module information: hinge", + "versionInfo": "v0.0.0-20220802163800-cebd79d79dde" + }, + { + "SPDXID": "SPDXRef-7c3dd4825d9774", + "name": "github.com/gookit/color", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gookit:color:v1.5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:golang/github.com/gookit/color@v1.5.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from go module information: go.mod", + "versionInfo": "v1.5.1" + }, + { + "SPDXID": "SPDXRef-d7be59dbf5a84e70", + "name": "github.com/gookit/color", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:gookit:color:v1.5.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:golang/github.com/gookit/color@v1.5.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from go module information: hinge", + "versionInfo": "v1.5.1" + }, + { + "SPDXID": "SPDXRef-ac4ead091b5593ab", + "name": "github.com/inconshreveable/mousetrap", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:inconshreveable:mousetrap:v1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:golang/github.com/inconshreveable/mousetrap@v1.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from go module information: go.mod", + "versionInfo": "v1.0.0" + }, + { + "SPDXID": "SPDXRef-fc0265ef2c7b8e50", + "name": "github.com/pmezard/go-difflib", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pmezard:go-difflib:v1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pmezard:go_difflib:v1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:golang/github.com/pmezard/go-difflib@v1.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from go module information: go.mod", + "versionInfo": "v1.0.0" + }, + { + "SPDXID": "SPDXRef-1ab8d71708e8ef0a", + "name": "github.com/spf13/afero", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spf13:afero:v1.9.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:golang/github.com/spf13/afero@v1.9.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from go module information: go.mod", + "versionInfo": "v1.9.2" + }, + { + "SPDXID": "SPDXRef-1d1f3c239ee6295e", + "name": "github.com/spf13/afero", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spf13:afero:v1.9.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:golang/github.com/spf13/afero@v1.9.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from go module information: hinge", + "versionInfo": "v1.9.2" + }, + { + "SPDXID": "SPDXRef-a34663c05b4edc16", + "name": "github.com/spf13/cobra", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spf13:cobra:v1.5.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:golang/github.com/spf13/cobra@v1.5.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from go module information: go.mod", + "versionInfo": "v1.5.0" + }, + { + "SPDXID": "SPDXRef-1823900395850f93", + "name": "github.com/spf13/cobra", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spf13:cobra:v1.5.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:golang/github.com/spf13/cobra@v1.5.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from go module information: hinge", + "versionInfo": "v1.5.0" + }, + { + "SPDXID": "SPDXRef-b5f60d334205548", + "name": "github.com/spf13/pflag", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spf13:pflag:v1.0.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:golang/github.com/spf13/pflag@v1.0.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from go module information: go.mod", + "versionInfo": "v1.0.5" + }, + { + "SPDXID": "SPDXRef-89d18f29d10865cd", + "name": "github.com/spf13/pflag", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:spf13:pflag:v1.0.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:golang/github.com/spf13/pflag@v1.0.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from go module information: hinge", + "versionInfo": "v1.0.5" + }, + { + "SPDXID": "SPDXRef-384b2b91069c12ca", + "name": "github.com/stretchr/testify", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:stretchr:testify:v1.8.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:golang/github.com/stretchr/testify@v1.8.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from go module information: go.mod", + "versionInfo": "v1.8.0" + }, + { + "SPDXID": "SPDXRef-6145d58d9f60cbd4", + "name": "github.com/xo/terminfo", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:xo:terminfo:v0.0.0-20210125001918-ca9a967f8778:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:golang/github.com/xo/terminfo@v0.0.0-20210125001918-ca9a967f8778", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from go module information: go.mod", + "versionInfo": "v0.0.0-20210125001918-ca9a967f8778" + }, + { + "SPDXID": "SPDXRef-113366214665407", + "name": "github.com/xo/terminfo", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:xo:terminfo:v0.0.0-20210125001918-ca9a967f8778:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:golang/github.com/xo/terminfo@v0.0.0-20210125001918-ca9a967f8778", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from go module information: hinge", + "versionInfo": "v0.0.0-20210125001918-ca9a967f8778" + }, + { + "SPDXID": "SPDXRef-25c42e37d7076a0b", + "name": "golang.org/x/sys", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:golang:x\\/sys:v0.0.0-20220731174439-a90be440212d:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/sys@v0.0.0-20220731174439-a90be440212d", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from go module information: go.mod", + "versionInfo": "v0.0.0-20220731174439-a90be440212d" + }, + { + "SPDXID": "SPDXRef-ae70283ea710ca92", + "name": "golang.org/x/text", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:golang:x\\/text:v0.3.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/text@v0.3.7", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from go module information: go.mod", + "versionInfo": "v0.3.7" + }, + { + "SPDXID": "SPDXRef-49c32cded3f552cb", + "name": "golang.org/x/text", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:golang:x\\/text:v0.3.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:golang/golang.org/x/text@v0.3.7", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from go module information: hinge", + "versionInfo": "v0.3.7" + }, + { + "SPDXID": "SPDXRef-8f2bb9bdbe3059d6", + "name": "gopkg.in/yaml.v2", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from go module information: go.mod", + "versionInfo": "v2.4.0" + }, + { + "SPDXID": "SPDXRef-c6e67f9214219c0b", + "name": "gopkg.in/yaml.v2", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from go module information: hinge", + "versionInfo": "v2.4.0" + }, + { + "SPDXID": "SPDXRef-7d36a1c0c358a2f8", + "name": "gopkg.in/yaml.v3", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from go module information: go.mod", + "versionInfo": "v3.0.1" + } + ] +} diff --git a/sbom/hinge.syft.json b/sbom/hinge.syft.json new file mode 100644 index 0000000..13a0d0e --- /dev/null +++ b/sbom/hinge.syft.json @@ -0,0 +1,610 @@ +{ + "artifacts": [ + { + "id": "82cf8b15f7c32de3", + "name": "github.com/davecgh/go-spew", + "version": "v1.1.1", + "type": "go-module", + "foundBy": "go-mod-file-cataloger", + "locations": [ + { + "path": "go.mod" + } + ], + "licenses": [], + "language": "go", + "cpes": [ + "cpe:2.3:a:davecgh:go-spew:v1.1.1:*:*:*:*:*:*:*", + "cpe:2.3:a:davecgh:go_spew:v1.1.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:golang/github.com/davecgh/go-spew@v1.1.1" + }, + { + "id": "f6b7bd83237af4e8", + "name": "github.com/devops-kung-fu/common", + "version": "v0.2.3", + "type": "go-module", + "foundBy": "go-mod-file-cataloger", + "locations": [ + { + "path": "go.mod" + } + ], + "licenses": [], + "language": "go", + "cpes": [ + "cpe:2.3:a:devops-kung-fu:common:v0.2.3:*:*:*:*:*:*:*", + "cpe:2.3:a:devops_kung_fu:common:v0.2.3:*:*:*:*:*:*:*", + "cpe:2.3:a:devops-kung:common:v0.2.3:*:*:*:*:*:*:*", + "cpe:2.3:a:devops_kung:common:v0.2.3:*:*:*:*:*:*:*", + "cpe:2.3:a:devops:common:v0.2.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:golang/github.com/devops-kung-fu/common@v0.2.3" + }, + { + "id": "c60f205d575ca810", + "name": "github.com/devops-kung-fu/common", + "version": "v0.2.3", + "type": "go-module", + "foundBy": "go-module-binary-cataloger", + "locations": [ + { + "path": "hinge" + } + ], + "licenses": [], + "language": "go", + "cpes": [ + "cpe:2.3:a:devops-kung-fu:common:v0.2.3:*:*:*:*:*:*:*", + "cpe:2.3:a:devops_kung_fu:common:v0.2.3:*:*:*:*:*:*:*", + "cpe:2.3:a:devops-kung:common:v0.2.3:*:*:*:*:*:*:*", + "cpe:2.3:a:devops_kung:common:v0.2.3:*:*:*:*:*:*:*", + "cpe:2.3:a:devops:common:v0.2.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:golang/github.com/devops-kung-fu/common@v0.2.3", + "metadataType": "GolangBinMetadata", + "metadata": { + "goCompiledVersion": "go1.18.4", + "architecture": "amd64", + "h1Digest": "h1:xUJdi1A7kP1nPaFq/GZTEABvtxuaDRVUlaKSRUglxuw=", + "mainModule": "github.com/devops-kung-fu/hinge" + } + }, + { + "id": "3fbfc866af6d66ce", + "name": "github.com/devops-kung-fu/hinge", + "version": "v0.0.0-20220802163800-cebd79d79dde", + "type": "go-module", + "foundBy": "go-module-binary-cataloger", + "locations": [ + { + "path": "hinge" + } + ], + "licenses": [], + "language": "go", + "cpes": [ + "cpe:2.3:a:devops-kung-fu:hinge:v0.0.0-20220802163800-cebd79d79dde:*:*:*:*:*:*:*", + "cpe:2.3:a:devops_kung_fu:hinge:v0.0.0-20220802163800-cebd79d79dde:*:*:*:*:*:*:*", + "cpe:2.3:a:devops-kung:hinge:v0.0.0-20220802163800-cebd79d79dde:*:*:*:*:*:*:*", + "cpe:2.3:a:devops_kung:hinge:v0.0.0-20220802163800-cebd79d79dde:*:*:*:*:*:*:*", + "cpe:2.3:a:devops:hinge:v0.0.0-20220802163800-cebd79d79dde:*:*:*:*:*:*:*" + ], + "purl": "pkg:golang/github.com/devops-kung-fu/hinge@v0.0.0-20220802163800-cebd79d79dde", + "metadataType": "GolangBinMetadata", + "metadata": { + "goBuildSettings": { + "-compiler": "gc", + "CGO_CFLAGS": "", + "CGO_CPPFLAGS": "", + "CGO_CXXFLAGS": "", + "CGO_ENABLED": "1", + "CGO_LDFLAGS": "", + "GOAMD64": "v1", + "GOARCH": "amd64", + "GOOS": "darwin", + "vcs": "git", + "vcs.modified": "true", + "vcs.revision": "cebd79d79ddea0c5a4bd5aa7a3a262c16f926c9f", + "vcs.time": "2022-08-02T16:38:00Z" + }, + "goCompiledVersion": "go1.18.4", + "architecture": "amd64", + "mainModule": "github.com/devops-kung-fu/hinge" + } + }, + { + "id": "7c3dd4825d9774", + "name": "github.com/gookit/color", + "version": "v1.5.1", + "type": "go-module", + "foundBy": "go-mod-file-cataloger", + "locations": [ + { + "path": "go.mod" + } + ], + "licenses": [], + "language": "go", + "cpes": [ + "cpe:2.3:a:gookit:color:v1.5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:golang/github.com/gookit/color@v1.5.1" + }, + { + "id": "d7be59dbf5a84e70", + "name": "github.com/gookit/color", + "version": "v1.5.1", + "type": "go-module", + "foundBy": "go-module-binary-cataloger", + "locations": [ + { + "path": "hinge" + } + ], + "licenses": [], + "language": "go", + "cpes": [ + "cpe:2.3:a:gookit:color:v1.5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:golang/github.com/gookit/color@v1.5.1", + "metadataType": "GolangBinMetadata", + "metadata": { + "goCompiledVersion": "go1.18.4", + "architecture": "amd64", + "h1Digest": "h1:Vjg2VEcdHpwq+oY63s/ksHrgJYCTo0bwWvmmYWdE9fQ=", + "mainModule": "github.com/devops-kung-fu/hinge" + } + }, + { + "id": "ac4ead091b5593ab", + "name": "github.com/inconshreveable/mousetrap", + "version": "v1.0.0", + "type": "go-module", + "foundBy": "go-mod-file-cataloger", + "locations": [ + { + "path": "go.mod" + } + ], + "licenses": [], + "language": "go", + "cpes": [ + "cpe:2.3:a:inconshreveable:mousetrap:v1.0.0:*:*:*:*:*:*:*" + ], + "purl": "pkg:golang/github.com/inconshreveable/mousetrap@v1.0.0" + }, + { + "id": "fc0265ef2c7b8e50", + "name": "github.com/pmezard/go-difflib", + "version": "v1.0.0", + "type": "go-module", + "foundBy": "go-mod-file-cataloger", + "locations": [ + { + "path": "go.mod" + } + ], + "licenses": [], + "language": "go", + "cpes": [ + "cpe:2.3:a:pmezard:go-difflib:v1.0.0:*:*:*:*:*:*:*", + "cpe:2.3:a:pmezard:go_difflib:v1.0.0:*:*:*:*:*:*:*" + ], + "purl": "pkg:golang/github.com/pmezard/go-difflib@v1.0.0" + }, + { + "id": "1ab8d71708e8ef0a", + "name": "github.com/spf13/afero", + "version": "v1.9.2", + "type": "go-module", + "foundBy": "go-mod-file-cataloger", + "locations": [ + { + "path": "go.mod" + } + ], + "licenses": [], + "language": "go", + "cpes": [ + "cpe:2.3:a:spf13:afero:v1.9.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:golang/github.com/spf13/afero@v1.9.2" + }, + { + "id": "1d1f3c239ee6295e", + "name": "github.com/spf13/afero", + "version": "v1.9.2", + "type": "go-module", + "foundBy": "go-module-binary-cataloger", + "locations": [ + { + "path": "hinge" + } + ], + "licenses": [], + "language": "go", + "cpes": [ + "cpe:2.3:a:spf13:afero:v1.9.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:golang/github.com/spf13/afero@v1.9.2", + "metadataType": "GolangBinMetadata", + "metadata": { + "goCompiledVersion": "go1.18.4", + "architecture": "amd64", + "h1Digest": "h1:j49Hj62F0n+DaZ1dDCvhABaPNSGNkt32oRFxI33IEMw=", + "mainModule": "github.com/devops-kung-fu/hinge" + } + }, + { + "id": "a34663c05b4edc16", + "name": "github.com/spf13/cobra", + "version": "v1.5.0", + "type": "go-module", + "foundBy": "go-mod-file-cataloger", + "locations": [ + { + "path": "go.mod" + } + ], + "licenses": [], + "language": "go", + "cpes": [ + "cpe:2.3:a:spf13:cobra:v1.5.0:*:*:*:*:*:*:*" + ], + "purl": "pkg:golang/github.com/spf13/cobra@v1.5.0" + }, + { + "id": "1823900395850f93", + "name": "github.com/spf13/cobra", + "version": "v1.5.0", + "type": "go-module", + "foundBy": "go-module-binary-cataloger", + "locations": [ + { + "path": "hinge" + } + ], + "licenses": [], + "language": "go", + "cpes": [ + "cpe:2.3:a:spf13:cobra:v1.5.0:*:*:*:*:*:*:*" + ], + "purl": "pkg:golang/github.com/spf13/cobra@v1.5.0", + "metadataType": "GolangBinMetadata", + "metadata": { + "goCompiledVersion": "go1.18.4", + "architecture": "amd64", + "h1Digest": "h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU=", + "mainModule": "github.com/devops-kung-fu/hinge" + } + }, + { + "id": "b5f60d334205548", + "name": "github.com/spf13/pflag", + "version": "v1.0.5", + "type": "go-module", + "foundBy": "go-mod-file-cataloger", + "locations": [ + { + "path": "go.mod" + } + ], + "licenses": [], + "language": "go", + "cpes": [ + "cpe:2.3:a:spf13:pflag:v1.0.5:*:*:*:*:*:*:*" + ], + "purl": "pkg:golang/github.com/spf13/pflag@v1.0.5" + }, + { + "id": "89d18f29d10865cd", + "name": "github.com/spf13/pflag", + "version": "v1.0.5", + "type": "go-module", + "foundBy": "go-module-binary-cataloger", + "locations": [ + { + "path": "hinge" + } + ], + "licenses": [], + "language": "go", + "cpes": [ + "cpe:2.3:a:spf13:pflag:v1.0.5:*:*:*:*:*:*:*" + ], + "purl": "pkg:golang/github.com/spf13/pflag@v1.0.5", + "metadataType": "GolangBinMetadata", + "metadata": { + "goCompiledVersion": "go1.18.4", + "architecture": "amd64", + "h1Digest": "h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=", + "mainModule": "github.com/devops-kung-fu/hinge" + } + }, + { + "id": "384b2b91069c12ca", + "name": "github.com/stretchr/testify", + "version": "v1.8.0", + "type": "go-module", + "foundBy": "go-mod-file-cataloger", + "locations": [ + { + "path": "go.mod" + } + ], + "licenses": [], + "language": "go", + "cpes": [ + "cpe:2.3:a:stretchr:testify:v1.8.0:*:*:*:*:*:*:*" + ], + "purl": "pkg:golang/github.com/stretchr/testify@v1.8.0" + }, + { + "id": "6145d58d9f60cbd4", + "name": "github.com/xo/terminfo", + "version": "v0.0.0-20210125001918-ca9a967f8778", + "type": "go-module", + "foundBy": "go-mod-file-cataloger", + "locations": [ + { + "path": "go.mod" + } + ], + "licenses": [], + "language": "go", + "cpes": [ + "cpe:2.3:a:xo:terminfo:v0.0.0-20210125001918-ca9a967f8778:*:*:*:*:*:*:*" + ], + "purl": "pkg:golang/github.com/xo/terminfo@v0.0.0-20210125001918-ca9a967f8778" + }, + { + "id": "113366214665407", + "name": "github.com/xo/terminfo", + "version": "v0.0.0-20210125001918-ca9a967f8778", + "type": "go-module", + "foundBy": "go-module-binary-cataloger", + "locations": [ + { + "path": "hinge" + } + ], + "licenses": [], + "language": "go", + "cpes": [ + "cpe:2.3:a:xo:terminfo:v0.0.0-20210125001918-ca9a967f8778:*:*:*:*:*:*:*" + ], + "purl": "pkg:golang/github.com/xo/terminfo@v0.0.0-20210125001918-ca9a967f8778", + "metadataType": "GolangBinMetadata", + "metadata": { + "goCompiledVersion": "go1.18.4", + "architecture": "amd64", + "h1Digest": "h1:QldyIu/L63oPpyvQmHgvgickp1Yw510KJOqX7H24mg8=", + "mainModule": "github.com/devops-kung-fu/hinge" + } + }, + { + "id": "25c42e37d7076a0b", + "name": "golang.org/x/sys", + "version": "v0.0.0-20220731174439-a90be440212d", + "type": "go-module", + "foundBy": "go-mod-file-cataloger", + "locations": [ + { + "path": "go.mod" + } + ], + "licenses": [], + "language": "go", + "cpes": [ + "cpe:2.3:a:golang:x\\/sys:v0.0.0-20220731174439-a90be440212d:*:*:*:*:*:*:*" + ], + "purl": "pkg:golang/golang.org/x/sys@v0.0.0-20220731174439-a90be440212d" + }, + { + "id": "ae70283ea710ca92", + "name": "golang.org/x/text", + "version": "v0.3.7", + "type": "go-module", + "foundBy": "go-mod-file-cataloger", + "locations": [ + { + "path": "go.mod" + } + ], + "licenses": [], + "language": "go", + "cpes": [ + "cpe:2.3:a:golang:x\\/text:v0.3.7:*:*:*:*:*:*:*" + ], + "purl": "pkg:golang/golang.org/x/text@v0.3.7" + }, + { + "id": "49c32cded3f552cb", + "name": "golang.org/x/text", + "version": "v0.3.7", + "type": "go-module", + "foundBy": "go-module-binary-cataloger", + "locations": [ + { + "path": "hinge" + } + ], + "licenses": [], + "language": "go", + "cpes": [ + "cpe:2.3:a:golang:x\\/text:v0.3.7:*:*:*:*:*:*:*" + ], + "purl": "pkg:golang/golang.org/x/text@v0.3.7", + "metadataType": "GolangBinMetadata", + "metadata": { + "goCompiledVersion": "go1.18.4", + "architecture": "amd64", + "h1Digest": "h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=", + "mainModule": "github.com/devops-kung-fu/hinge" + } + }, + { + "id": "8f2bb9bdbe3059d6", + "name": "gopkg.in/yaml.v2", + "version": "v2.4.0", + "type": "go-module", + "foundBy": "go-mod-file-cataloger", + "locations": [ + { + "path": "go.mod" + } + ], + "licenses": [], + "language": "go", + "cpes": [], + "purl": "pkg:golang/gopkg.in/yaml.v2@v2.4.0" + }, + { + "id": "c6e67f9214219c0b", + "name": "gopkg.in/yaml.v2", + "version": "v2.4.0", + "type": "go-module", + "foundBy": "go-module-binary-cataloger", + "locations": [ + { + "path": "hinge" + } + ], + "licenses": [], + "language": "go", + "cpes": [], + "purl": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", + "metadataType": "GolangBinMetadata", + "metadata": { + "goCompiledVersion": "go1.18.4", + "architecture": "amd64", + "h1Digest": "h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=", + "mainModule": "github.com/devops-kung-fu/hinge" + } + }, + { + "id": "7d36a1c0c358a2f8", + "name": "gopkg.in/yaml.v3", + "version": "v3.0.1", + "type": "go-module", + "foundBy": "go-mod-file-cataloger", + "locations": [ + { + "path": "go.mod" + } + ], + "licenses": [], + "language": "go", + "cpes": [], + "purl": "pkg:golang/gopkg.in/yaml.v3@v3.0.1" + } + ], + "artifactRelationships": [], + "source": { + "type": "directory", + "target": "." + }, + "distro": {}, + "descriptor": { + "name": "syft", + "version": "[not provided]", + "configuration": { + "configPath": "", + "verbosity": 0, + "quiet": false, + "output": [ + "json=sbom/hinge.syft.json", + "spdx-json=sbom/hinge.spdx.json", + "cyclonedx-json=sbom/hinge.cyclonedx.json" + ], + "output-template-path": "", + "file": "", + "check-for-app-update": true, + "anchore": { + "host": "", + "path": "", + "dockerfile": "", + "overwrite-existing-image": false, + "import-timeout": 30 + }, + "dev": { + "profile-cpu": false, + "profile-mem": false + }, + "log": { + "structured": false, + "level": "warning", + "file-location": "" + }, + "catalogers": null, + "package": { + "cataloger": { + "enabled": true, + "scope": "Squashed" + }, + "search-unindexed-archives": false, + "search-indexed-archives": true + }, + "file-metadata": { + "cataloger": { + "enabled": false, + "scope": "Squashed" + }, + "digests": [ + "sha256" + ] + }, + "file-classification": { + "cataloger": { + "enabled": false, + "scope": "Squashed" + } + }, + "file-contents": { + "cataloger": { + "enabled": false, + "scope": "Squashed" + }, + "skip-files-above-size": 1048576, + "globs": [] + }, + "secrets": { + "cataloger": { + "enabled": false, + "scope": "AllLayers" + }, + "additional-patterns": {}, + "exclude-pattern-names": [], + "reveal-values": false, + "skip-files-above-size": 1048576 + }, + "registry": { + "insecure-skip-tls-verify": false, + "insecure-use-http": false, + "auth": [] + }, + "exclude": [], + "attest": { + "key": "", + "cert": "", + "noUpload": false, + "force": false, + "recursive": false, + "replace": false, + "fulcioUrl": "https://fulcio.sigstore.dev", + "fulcio_identity_token": "", + "insecure_skip_verify": false, + "rekorUrl": "https://rekor.sigstore.dev", + "oidcIssuer": "https://oauth2.sigstore.dev/auth", + "oidcClientId": "sigstore", + "OIDCRedirectURL": "" + }, + "platform": "" + } + }, + "schema": { + "version": "3.3.1", + "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-3.3.1.json" + } +}