File grant-0.3.2.obscpio of Package grant
07070100000000000081A400000000000000000000000168CB9D63000007D0000000000000000000000000000000000000001800000000grant-0.3.2/.binny.yamltools:
- name: grant
version:
want: current
method: go-install
with:
module: .
entrypoint: cmd/grant
ldflags:
- -X main.version={{ .Version }}
- -X main.gitCommit={{ .Version }}
- -X main.gitDescription={{ .Version }}
# note: sprig functions are available: http://masterminds.github.io/sprig/
- -X main.buildDate={{ now | date "2006-01-02T15:04:05Z07:00" }}
- name: binny
version:
want: v0.6.2
method: github-release
with:
repo: anchore/binny
- name: gh
version:
want: v2.35.0
method: github-release
with:
repo: cli/cli
- name: quill
version:
want: v0.4.1
method: github-release
with:
repo: anchore/quill
- name: chronicle
version:
want: v0.8.0
method: github-release
with:
repo: anchore/chronicle
- name: gosimports
version:
want: v0.3.8
method: github-release
with:
repo: rinchsan/gosimports
- name: glow
version:
want: v1.5.1
method: github-release
with:
repo: charmbracelet/glow
# used for signing the checksums file at release
- name: cosign
version:
want: v2.2.4
method: github-release
with:
repo: sigstore/cosign
- name: goreleaser
version:
want: v2.3.2
method: github-release
with:
repo: goreleaser/goreleaser
- name: golangci-lint
version:
want: v2.4.0
method: github-release
with:
repo: golangci/golangci-lint
- name: bouncer
version:
want: v0.4.0
method: github-release
with:
repo: wagoodman/go-bouncer
- name: task
version:
want: v3.30.1
method: github-release
with:
repo: go-task/task
- name: syft
version:
want: v1.2.0
method: github-release
with:
repo: anchore/syft
- name: vhs
version:
want: v0.10.0
method: github-release
with:
repo: charmbracelet/vhs
07070100000001000081A400000000000000000000000168CB9D630000077C000000000000000000000000000000000000001A00000000grant-0.3.2/.bouncer.yamlpermit:
- BSD.*
- CC0.*
- MIT.*
- Apache.*
- MPL.*
- ISC
- WTFPL
ignore-packages:
# packageurl-go is released under the MIT license located in the root of the repo at /mit.LICENSE
- github.com/anchore/packageurl-go
# both of these dependencies are specified as Apache-2.0 in their respective GitHub READMEs
- github.com/alibabacloud-go/cr-20160607/client
- github.com/alibabacloud-go/tea-xml/service
# crypto/internal/boring is released under the openSSL license as a part of the Golang Standard Libary
- crypto/internal/boring
# from: https://github.com/spdx/tools-golang/blob/main/LICENSE.code
# The tools-golang source code is provided and may be used, at your option,
# under either:
# * Apache License, version 2.0 (Apache-2.0), OR
# * GNU General Public License, version 2.0 or later (GPL-2.0-or-later).
# (we choose Apache-2.0)
- github.com/spdx/tools-golang
# from: https://github.com/xi2/xz/blob/master/LICENSE
# All these files have been put into the public domain.
# You can do whatever you want with these files.
- github.com/xi2/xz
# from: https://gitlab.com/cznic/sqlite/-/blob/v1.15.4/LICENSE
# This is a BSD-3-Clause license
- modernc.org/libc
- modernc.org/libc/errno
- modernc.org/libc/fcntl
- modernc.org/libc/fts
- modernc.org/libc/grp
- modernc.org/libc/langinfo
- modernc.org/libc/limits
- modernc.org/libc/netdb
- modernc.org/libc/netinet/in
- modernc.org/libc/poll
- modernc.org/libc/pthread
- modernc.org/libc/pwd
- modernc.org/libc/signal
- modernc.org/libc/stdio
- modernc.org/libc/stdlib
- modernc.org/libc/sys/socket
- modernc.org/libc/sys/stat
- modernc.org/libc/sys/types
- modernc.org/libc/termios
- modernc.org/libc/time
- modernc.org/libc/unistd
- modernc.org/libc/utime
- modernc.org/libc/uuid/uuid
- modernc.org/libc/wctype
- modernc.org/mathutil
- modernc.org/memory
07070100000002000081A400000000000000000000000168CB9D630000005C000000000000000000000000000000000000001C00000000grant-0.3.2/.chronicle.yamlenforce-v0: true # don't make breaking-change label bump major version before 1.0.
title: ""07070100000003000081A400000000000000000000000168CB9D63000009DB000000000000000000000000000000000000001B00000000grant-0.3.2/.golangci.yaml# golangci-lint v2.4.0
version: "2"
issues:
max-same-issues: 25
uniq-by-line: false
# Don't report findings from dependencies
exclude-dirs:
- "*/go/pkg/mod/*"
linters:
# inverted configuration with `enable-all` and `disable` is not scalable during updates
disable-all: true
enable:
- asciicheck
- bodyclose
- dogsled
- dupl
- errcheck
- gocognit
- goconst
- gocritic
- gocyclo
# NOTE: If you use gosimports/gci elsewhere, keep goimports disabled to avoid conflicts.
# - goimports
- goprintffuncname
- gosec
- govet
- ineffassign
- misspell
- nakedret
- staticcheck
- unconvert
- unparam
- unused
- whitespace
linters-settings:
# Make sure typechecking uses the correct language level.
# (golangci-lint v2.* can pass this through to tools that support it.)
typecheck:
go: "1.25"
staticcheck:
# Keep staticcheck aligned with your Go version so rules don’t over/under-report.
go: "1.25"
checks: ["all"] # you can list exclusions here later if needed
revive:
# A sane base; add/override rules as your project needs evolve.
rules:
- name: blank-imports
- name: context-as-argument
- name: error-naming
- name: errorf
- name: exported
- name: imports-blacklist
disabled: true # enable with a curated list if you want depguard-like behavior
- name: if-return
- name: receiver-naming
- name: indent-error-flow
- name: var-naming
- name: time-naming
- name: unexported-naming
- name: package-comments
disabled: true # TODO: enable when you add top-level package doc coverage
run:
timeout: 10m
# Make linting deterministic and ensure deps are fetched when needed.
modules-download-mode: mod
# If you build with tags, set them here so typecheck matches your build:
# build-tags:
# - netgo
# - osusergo
output:
sort-results: true
print-issued-lines: true
# Keep output stable across environments (paths can vary in CI/local).
path-prefix: ""
# Keep as reference for things you explicitly do NOT want enabled:
# - deadcode (replaced by 'unused')
# - structcheck, varcheck (replaced by 'unused')
# - golint (deprecated)
# - scopelint (deprecated)
# - rowserrcheck (not useful here / generics issues)
# - gochecknoglobals/gochecknoinits (too aggressive)
# - lll (no per-line exceptions)
# - prealloc (not consistently beneficial)
# - wsl (no autofixer; noisy)
07070100000004000081A400000000000000000000000168CB9D6300000990000000000000000000000000000000000000001D00000000grant-0.3.2/.goreleaser.yaml# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
# vim: set ts=2 sw=2 tw=0 fo=jcroql
version: 2
release:
prerelease: auto
draft: false
env:
# required to support multi architecture docker builds
- CGO_ENABLED=0
builds:
- id: linux-build
dir: ./cmd/grant
binary: grant
goos:
- linux
goarch:
- amd64
- arm64
# set the modified timestamp on the output binary to the git timestamp to ensure a reproducible build
mod_timestamp: &build-timestamp '{{ .CommitTimestamp }}'
ldflags: &build-ldflags |
-w
-s
-extldflags '-static'
-X main.version={{.Version}}
-X main.gitCommit={{.Commit}}
-X main.buildDate={{.Date}}
-X main.gitDescription={{.Summary}}
- id: darwin-build
dir: ./cmd/grant
binary: grant
goos:
- darwin
goarch:
- amd64
- arm64
mod_timestamp: *build-timestamp
ldflags: *build-ldflags
hooks:
post:
- cmd: .tool/quill sign-and-notarize "{{ .Path }}" --dry-run={{ .IsSnapshot }} --ad-hoc={{ .IsSnapshot }} -vv
env:
- QUILL_LOG_FILE=/tmp/quill-{{ .Target }}.log
archives:
- id: linux-archives
builds:
- linux-build
- id: darwin-archives
builds:
- darwin-build
nfpms:
- license: "Apache 2.0"
maintainer: "Anchore, Inc"
homepage: &website "https://github.com/anchore/grant"
description: &description "A tool consumes SBOMS and details license information"
formats:
- rpm
- deb
brews:
- repository:
owner: anchore
name: homebrew-grant
token: "{{.Env.GITHUB_BREW_TOKEN}}"
ids:
- darwin-archives
- linux-archives
homepage: *website
description: *description
license: "Apache License 2.0"
sboms:
- artifacts: archive
# this is relative to the snapshot/dist directory, not the root of the repo
cmd: ../.tool/syft
documents:
- "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}.sbom"
args:
- "scan"
- "$artifact"
- "--output"
- "json=$document"
signs:
- cmd: .tool/cosign
signature: "${artifact}.sig"
certificate: "${artifact}.pem"
args:
- "sign-blob"
- "--oidc-issuer=https://token.actions.githubusercontent.com"
- "--output-certificate=${certificate}"
- "--output-signature=${signature}"
- "${artifact}"
- "--yes"
artifacts: checksum
07070100000005000081A400000000000000000000000168CB9D6300001489000000000000000000000000000000000000001F00000000grant-0.3.2/CODE_OF_CONDUCT.md# Contributor Covenant Code of Conduct
## Our Pledge
We as members, contributors, and leaders pledge to make participation in our
community a harassment-free experience for everyone, regardless of age, body
size, visible or invisible disability, ethnicity, sex characteristics, gender
identity and expression, level of experience, education, socio-economic status,
nationality, personal appearance, race, religion, or sexual identity
and orientation.
We pledge to act and interact in ways that contribute to an open, welcoming,
diverse, inclusive, and healthy community.
## Our Standards
Examples of behavior that contributes to a positive environment for our
community include:
* Demonstrating empathy and kindness toward other people
* Being respectful of differing opinions, viewpoints, and experiences
* Giving and gracefully accepting constructive feedback
* Accepting responsibility and apologizing to those affected by our mistakes,
and learning from the experience
* Focusing on what is best not just for us as individuals, but for the
overall community
Examples of unacceptable behavior include:
* The use of sexualized language or imagery, and sexual attention or
advances of any kind
* Trolling, insulting or derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or email
address, without their explicit permission
* Other conduct which could reasonably be considered inappropriate in a
professional setting
## Enforcement Responsibilities
Community leaders are responsible for clarifying and enforcing our standards of
acceptable behavior and will take appropriate and fair corrective action in
response to any behavior that they deem inappropriate, threatening, offensive,
or harmful.
Community leaders have the right and responsibility to remove, edit, or reject
comments, commits, code, wiki edits, issues, and other contributions that are
not aligned to this Code of Conduct, and will communicate reasons for moderation
decisions when appropriate.
## Scope
This Code of Conduct applies within all community spaces, and also applies when
an individual is officially representing the community in public spaces.
Examples of representing our community include using an official e-mail address,
posting via an official social media account, or acting as an appointed
representative at an online or offline event.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported to the community leaders responsible for enforcement at
[opensource@anchore.com](mailto:opensource@anchore.com).
All complaints will be reviewed and investigated promptly and fairly.
All community leaders are obligated to respect the privacy and security of the
reporter of any incident.
## Enforcement Guidelines
Community leaders will follow these Community Impact Guidelines in determining
the consequences for any action they deem in violation of this Code of Conduct:
### 1. Correction
**Community Impact**: Use of inappropriate language or other behavior deemed
unprofessional or unwelcome in the community.
**Consequence**: A private, written warning from community leaders, providing
clarity around the nature of the violation and an explanation of why the
behavior was inappropriate. A public apology may be requested.
### 2. Warning
**Community Impact**: A violation through a single incident or series
of actions.
**Consequence**: A warning with consequences for continued behavior. No
interaction with the people involved, including unsolicited interaction with
those enforcing the Code of Conduct, for a specified period of time. This
includes avoiding interactions in community spaces as well as external channels
like social media. Violating these terms may lead to a temporary or
permanent ban.
### 3. Temporary Ban
**Community Impact**: A serious violation of community standards, including
sustained inappropriate behavior.
**Consequence**: A temporary ban from any sort of interaction or public
communication with the community for a specified period of time. No public or
private interaction with the people involved, including unsolicited interaction
with those enforcing the Code of Conduct, is allowed during this period.
Violating these terms may lead to a permanent ban.
### 4. Permanent Ban
**Community Impact**: Demonstrating a pattern of violation of community
standards, including sustained inappropriate behavior, harassment of an
individual, or aggression toward or disparagement of classes of individuals.
**Consequence**: A permanent ban from any sort of public interaction within
the community.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
version 2.0, available at
https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
Community Impact Guidelines were inspired by [Mozilla's code of conduct
enforcement ladder](https://github.com/mozilla/diversity).
[homepage]: https://www.contributor-covenant.org
For answers to common questions about this code of conduct, see the FAQ at
https://www.contributor-covenant.org/faq. Translations are available at
https://www.contributor-covenant.org/translations.
07070100000006000081A400000000000000000000000168CB9D630000057E000000000000000000000000000000000000001C00000000grant-0.3.2/CONTRIBUTING.md## Contributing
We welcome contributions to the project!
### Getting Started
After pulling the repository, you can get started by running the following command to install the necessary dependencies and build `grant` from source
```bash
make
```
After building the project, you can run the following command to run the newly built binary
```bash
./snapshot/<os>-build_<>os_<arch>/grant
```
Keep in mind the build artifacts are placed in the `snapshot` directory and built for each supported platform so choose the appropriate binary for your platform.
If you just want to run the project with any local changes you have made, you can run the following command:
```bash
go run cmd/grant/main.go
```
### Testing
You can run the tests for the project by running the following command:
```bash
make test
```
### Linting
You can run the linter for the project by running the following command:
```bash
make static-analysis
```
### Making a PR
Just fork the repository, make your changes on a branch, and submit a PR. We will review your changes and merge them if they are good to go.
When making a PR, please make sure to include a description of the changes you have made and the reasoning behind them.
If you are adding a new feature, please include tests for the new feature. If you are fixing a bug, please include a test that reproduces the bug and ensure that the test passes after your changes.
07070100000007000081A400000000000000000000000168CB9D63000008A9000000000000000000000000000000000000001A00000000grant-0.3.2/DEVELOPING.md# Developing
## Getting started
In order to test and develop in this repo you will need the following dependencies installed:
- Golang
- Docker
- make
After cloning the following step can help you get setup:
1. run `make tools` to download tools, create the `/.tmp` dir, and download helper utilities.
2. run `make` to view the selection of developer commands in the Makefile
3. run `make build` to build the release snapshot binaries and packages
4. for an even quicker start you can run `go run cmd/grant/main.go` to print the syft help.
- this command `go run cmd/grant/main.go check alpine:latest` will compile and run grant against the alpine:latest image
5. view the README or grant help output for more output options
The main make tasks for common static analysis and testing are `lint`, `format`, `lint-fix`, `unit`
See `make help` for all the current make tasks.
## Architecture
At a high level, this is the package structure of grant:
```
./cmd/grant/
│ ├── cli/
│ │ ├── cli.go // where all commands are wired up
│ │ ├── command/ // all command implementations
│ │ ├── internal/ // all internal command implementations
│ │ ├── option/ // all command flags and configuration options
│ │ └── tui/ // all handlers for events that are shown on the UI
│ └── main.go // entrypoint for the application
└── grant/ // the "core" grant library
```
## Testing
### Levels of testing
- `unit`: The default level of test which is distributed throughout the repo are unit tests. Any `_test.go` file that
does not reside somewhere within the `/test` directory is a unit test. Other forms of testing should be organized in
the `/test` directory. These tests should focus on correctness of functionality in depth. % test coverage metrics
only considers unit tests and no other forms of testing.
- `integration`: TODO
- `cli`: located with in `test/cli`, TODO
- `acceptance`: located within `test/compare` and `test/install`, these are smoke-like tests that ensure that application
packaging and installation works as expected. TODO07070100000008000081A400000000000000000000000168CB9D6300002C5D000000000000000000000000000000000000001400000000grant-0.3.2/LICENSE Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
07070100000009000081A400000000000000000000000168CB9D6300000549000000000000000000000000000000000000001500000000grant-0.3.2/MakefileOWNER = anchore
PROJECT = grant
TOOL_DIR = .tool
BINNY = $(TOOL_DIR)/binny
TASK = $(TOOL_DIR)/task
.DEFAULT_GOAL := default
## Bootstrapping targets #################################
# note: we need to assume that binny and task have not already been installed
$(BINNY):
@mkdir -p $(TOOL_DIR)
@curl -sSfL https://get.anchore.io/binny | sh -s -- -b $(TOOL_DIR)
# note: we need to assume that binny and task have not already been installed
.PHONY: task
$(TASK) task: $(BINNY)
@$(BINNY) install task -q
.PHONY: ci-bootstrap-go
ci-bootstrap-go:
go mod download
.PHONY: ci-bootstrap-tools
ci-bootstrap-tools: $(BINNY)
$(BINNY) install -vvv
# this is a bootstrapping catch-all, where if the target doesn't exist, we'll ensure the tools are installed and then try again
%:
make $(TASK)
$(TASK) $@
## Shim targets #################################
.PHONY: default
default: $(TASK)
@# run the default task in the taskfile
@$(TASK)
# for those of us that can't seem to kick the habit of typing `make ...` lets wrap the superior `task` tool
TASKS := $(shell bash -c "test -f $(TASK) && $(TASK) -l | grep '^\* ' | cut -d' ' -f2 | tr -d ':' | tr '\n' ' '" ) $(shell bash -c "test -f $(TASK) && $(TASK) -l | grep 'aliases:' | cut -d ':' -f 3 | tr '\n' ' ' | tr -d ','")
.PHONY: $(TASKS)
$(TASKS): $(TASK)
@$(TASK) $@
help: $(TASK)
@$(TASK) -l
0707010000000A000081A400000000000000000000000168CB9D6300002E74000000000000000000000000000000000000001600000000grant-0.3.2/README.md<p align="center">
<img src=".github/images/grant-logo.png" width="271" alt="Grant logo - cute green spotted creature" />
</p>
<p align="center">
<a href="https://github.com/anchore/grant/actions/workflows/validations.yaml"><img alt="Validations" src="https://github.com/anchore/grant/actions/workflows/validations.yaml/badge.svg" /></a>
<a href="https://goreportcard.com/report/github.com/anchore/grant"><img alt="Go Report Card" src="https://goreportcard.com/badge/github.com/anchore/grant" /></a>
<a href="https://github.com/anchore/grant/releases/latest"><img alt="GitHub release" src="https://img.shields.io/github/release/anchore/grant.svg" /></a>
<a href="https://github.com/anchore/grant/blob/main/go.mod"> <img alt="GitHub go.mod Go version" src="https://img.shields.io/github/go-mod/go-version/anchore/grant.svg" /></a>
<a href="https://github.com/anchore/grant/blob/main/LICENSE"><img alt="License: Apache-2.0" src="https://img.shields.io/badge/License-Apache%202.0-blue.svg" /></a>
<a href="https://anchore.com/discourse" target="_blank"><img alt="Join our Discourse" src="https://img.shields.io/badge/Discourse-Join-blue?logo=discourse"/></a>
</p>
# Grant
View licenses for container images, SBOM documents, and filesystems! Apply filters and views that can help you build a picture of licenses in your SBOM. Grant provides powerful filtering and cli capabilities for tackling license investigation and management, including license risk categorization.
<p align="center">
<img src=".github/images/demo.gif" width="800" alt="Grant demo - program does license work in terminal" />
</p>
## Quick Start
## Installation
```bash
curl -sSfL https://get.anchore.io/grant | sudo sh -s -- -b /usr/local/bin
```
... or, you can specify a release version and destination directory for the installation:
```
curl -sSfL https://get.anchore.io/grant | sudo sh -s -- -b <DESTINATION_DIR> <RELEASE_VERSION>
```
### Supply an image to view the licenses found in the image
```bash
$ grant list redis:latest
```
### Supply an SBOM document and see all the licenses in that document
```bash
$ grant list alpine.spdx.json
```
### Supply an SBOM document by piping syft | grant to preserve your syft config
```bash
$ syft -o json alpine:latest | grant list -
```
### Supply an SBOM document via cat. Filters work on stdin
```bash
$ cat cyclonedx.json | grant list - "GPL-3.0-only"
```
### Check a local directory for licenses
```bash
$ grant list dir:.
```
### Group licenses by risk category
```bash
$ grant list node:latest --group-by risk
✔ Loaded alpine:latest
✔ License listing
✔ Aggregated by risk
RISK CATEGORY LICENSES PACKAGES
Strong Copyleft 2 9
Weak Copyleft 1 1
Permissive 4 8
```
### Filter packages by license and get detailed information
```bash
# Show only packages with MIT license
$ grant list dir:. "MIT"
# Show only packages with MIT or Apache-2.0
$ grant list redis:latest 'Apache-2.0' 'MIT'
# Get detailed info about a specific package
$ grant list dir:. "MIT" --pkg "github.com/BurntSushi/toml"
✔ Loaded dir:.
✔ License listing
✔ Package details [package="github.com/BurntSushi/toml"]
✔ Found package instances [1 instance]
Name: github.com/BurntSushi/toml
Version: v1.5.0
Type: go-module
ID: go-module:github.com/BurntSushi/toml@v1.5.0
Licenses (1):
• MIT
OSI Approved: true | Deprecated: false
# Save results to JSON file for continued processing (no rescan)
$ grant list dir:. -f licenses.json
$ cat licenses.json | grant list - "Apache-2.0"
```
## Usage
Grant can be used with any container image, sbom document, or directory to scan for licenses and evaluate them against a license configuration.
**Default Behavior:**
- **DENY all licenses** except those explicitly permitted in the `allow` list
- **DENY packages without licenses** (when `require-license` is true)
- **Allow packages with non-SPDX/unparsable licenses** (when `require-known-license` is false)
**Configuration Options:**
- `allow`: List of license patterns to permit (supports glob patterns)
- `ignore-packages`: List of package patterns to exclude from license checking
- `require-license`: Set to `false` to allow packages with no detected licenses (default: `false`)
- `require-known-license`: Set to `false` to allow non-SPDX/unparsable licenses (default: `false`)
License patterns support standard globbing syntax:
```
pattern:
{ term }
term:
`*` matches any sequence of non-separator characters
`**` matches any sequence of characters
`?` matches any single non-separator character
`[` [ `!` ] { character-range } `]`
character class (must be non-empty)
`{` pattern-list `}`
pattern alternatives
c matches character c (c != `*`, `**`, `?`, `\`, `[`, `{`, `}`)
`\` c matches character c
character-range:
c matches character c (c != `\\`, `-`, `]`)
`\` c matches character c
lo `-` hi matches character c for lo <= c <= hi
pattern-list:
pattern { `,` pattern }
comma-separated (without spaces) patterns
```
## Configuration
### Basic Configuration
```yaml
#.grant.yaml
# Default behavior: DENY all licenses except those explicitly permitted
# Default behavior: DENY packages without licenses
require-license: true # Deny packages with no detected licenses
require-known-license: false # Deny non-SPDX / unparsable licenses
# Allowed licenses (glob patterns supported; default none allowed)
allow:
- BSD*
- CC0*
- MIT*
- Apache*
- MPL*
- ISC
- WTFPL
- Unlicense
ignore-packages:
# packageurl-go is released under the MIT license located in the root of the repo at /mit.LICENSE
- github.com/anchore/packageurl-go
# syft is under the Apache-2 license but gets flagged because of some test dependencies
- github.com/anchore/syft
```
### License Detection Modes
By default, Grant performs two types of license detection:
1. **SBOM-based detection**: Analyzes package manifests and metadata to identify licenses associated with specific packages
2. **File-based detection**: Searches the filesystem for standalone license files (LICENSE, COPYING, etc.) that may not be associated with any specific package
The `--disable-file-search` option allows you to skip the second type of detection while still performing SBOM generation and package-based license detection. This can be useful when:
- You only want licenses that are directly associated with packages
- You need faster scanning by avoiding filesystem traversal for license files
**Note**: SBOM generation includes its own file analysis process which will still run regardless of the `--disable-file-search` setting.
## License Risk Categories
Grant categorizes licenses based on their risk and restrictions:
### Risk Levels
- **High Risk (Strong Copyleft)**: Licenses requiring derivative works to be licensed under the same terms
- Examples: GPL, AGPL, SSPL
- Color: Red in terminal output
- **Medium Risk (Weak Copyleft)**: Licenses with limited copyleft requirements
- Examples: LGPL, MPL, EPL
- Color: Yellow in terminal output
- **Low Risk (Permissive)**: Licenses allowing proprietary use with minimal restrictions
- Examples: MIT, Apache-2.0, BSD
- Color: Green in terminal output
### Risk Information Display
The risk category appears as an additional column in all table views:
1. **Standard List View**: Shows risk level for each package
```bash
$ grant list dir:. "MIT"
NAME VERSION LICENSE RISK
github.com/pkg/errors v0.9.1 MIT Low
```
2. **Aggregated License View**: Shows risk for each unique license
```bash
$ grant list dir:.
LICENSE PACKAGES RISK
MIT 114 Low
Apache-2.0 117 Low
GPL-3.0-only 3 High
```
3. **Group by Risk View**: Aggregates all licenses by risk category for a scan target
```bash
$ grant list dir:. --group-by risk
RISK CATEGORY LICENSES PACKAGES
Strong Copyleft 7 3
Weak Copyleft 8 11
Permissive 10 299
```
### Enhanced Output Features
- **Clickable License Names**: License names in terminal output are hyperlinked to SPDX documentation
- **Risk Aggregation**: When packages have multiple licenses with different risks, shows highest risk with count of others
- **Color-Coded Risk**: Risk levels are color-coded for quick visual scanning (Red/Yellow/Green)
- **JSON Output Enhancement**: Risk categories are included in JSON output for programmatic processing
## Advanced Features
### JSON Output to File
Grant can write its JSON output to a file while still displaying table output in the terminal. This is useful for saving cycles without rescanning:
```bash
# Save JSON output to file while showing table in terminal
grant list dir:. --output-file output.json
grant check dir:. --output-file results.json
# -f is the shorthand flag
grant list dir:. -f output.json
# Output JSON to both terminal and file
grant list dir:. -o json -f output.json
# Write to file with quiet mode (minimal terminal output)
grant list dir:. -f output.json -q
grant check dir:. -o json -f results.json -q
```
The JSON output contains complete machine-readable data regardless of the terminal display format.
**Output Control Options:**
- By default, grant shows table output in terminal and writes JSON to file
- Use `-o json` to show JSON in terminal AND write to file
- Use `-q` (quiet mode) for minimal terminal output when writing to file (useful for scripts and CI/CD)
### JSON Input Processing
Grant can then use its own JSON output or an SBOM as input so you don't have to regenerate a scan if nothing has changed.
```bash
# Save results and reprocess them
grant list dir:. -f results.json
cat results.json | grant list -
# Apply different filters to saved results
cat results.json | grant list - "MIT"
cat results.json | grant check -
# Chain operations
grant list dir:. -f all-packages.json
cat all-packages.json | grant list - "GPL-3.0-only" --pkg "some/package"
```
This enables:
- **Result caching**: Save expensive analysis results for reuse
- **Offline analysis**: Process results without re-scanning targets
- **Workflow automation**: Chain grant commands in scripts
- **Filter experimentation**: Try different license filters on the same dataset
### Output Modes and Flags
Grant supports multiple output modes and combinations:
```bash
# Unlicensed packages
grant check --unlicensed dir:. # Shows packages without licenses
grant list --unlicensed dir:. # Shows packages without licenses during list
grant list dir:. (no licenses found) # equivlant license filter without the flag
# output JSON format for users to build their own views
grant list -o json dir:. # JSON to stdout
grant check --dry-run -o json dir:. # JSON to stdout no error code
# File output combinations
grant list dir:. -f output.json # Table to terminal, JSON to file
grant list dir:. -o json -f out.json # JSON to both terminal and file
grant list dir:. -f out.json -q # JSON to file with minimal terminal output
```
### Flags and Options
| Flag | Short | Description |
|------|-------|-------------|
| `--output-file` | `-f` | Write JSON output to file |
| `--output` | `-o` | Output format (table, json) |
| `--quiet` | `-q` | Minimal output |
| `--config` | `-c` | Configuration file path |
| `--pkg` | | Show detailed package info (requires license filter) |
| `--group-by` | | Group results by specified field (risk) |
| `--summary` | | Show summary only (check command) |
| `--unlicensed` | | Show unlicensed packages only (check command) |
| `--disable-file-search` | | Skip grant independent filesystem license file detection |
| `--dry-run` | | Allow json output from check without a status code 1 |
0707010000000B000081A400000000000000000000000168CB9D630000076D000000000000000000000000000000000000001700000000grant-0.3.2/RELEASE.md# Release
A release of grant comprises:
- a new semver git tag from the current tip of the main branch
- a new [github release](https://github.com/anchore/grant/releases) with a changelog and archived binary assets
- [`anchore/homebrew-grant`](https://github.com/anchore/homebrew-grant) tap updated to point to assets in the latest github release
Ideally releasing should be done often with small increments when possible. Unless a
breaking change is blocking the release, or no fixes/features have been merged, a good
target release cadence is between every 1 or 2 weeks.
## Creating a release
This release process itself should be as automated as possible, and has only a few steps:
1. **Trigger a new release with `make release`**. At this point you'll see a preview
changelog in the terminal. If you're happy with the changelog, press `y` to continue, otherwise
you can abort and adjust the labels on the PRs and issues to be included in the release and
re-run the release trigger command.
1. A release admin must approve the release on the GitHub Actions [release pipeline](https://github.com/anchore/grant/actions/workflows/release.yaml) run page.
Once approved, the release pipeline will generate all assets and publish a GitHub Release.
## Retracting a release
If a release is found to be problematic, it can be retracted with the following steps:
- Deleting the GitHub Release
- Revert the brew formula in [`anchore/homebrew-grant`](https://github.com/anchore/homebrew-grant) to point to the previous release
- Add a new `retract` entry in the go.mod for the versioned release
**Note**: do not delete release tags from the git repository since there may already be references to the release
in the go proxy, which will cause confusion when trying to reuse the tag later (the H1 hash will not match and there
will be a warning when users try to pull the new release).
0707010000000C000081A400000000000000000000000168CB9D630000020F000000000000000000000000000000000000001800000000grant-0.3.2/SECURITY.md# Security Policy
## Supported Versions
Currently Grant is pre v1.0.0. Any security fixes reported by github or other scanning tools that are merged will result
in a patch version of the program being released to mitigate the vulnerability. Users are encouraged to always be updating
to the latest version to consume these rolling fixes.
| Version | Supported |
| ------- | ------------------ |
| 0.x.x | :white_check_mark: |
## Reporting a Vulnerability
[Anchore Security Team](mailto:security@anchore.com)
0707010000000D000081A400000000000000000000000168CB9D63000015A3000000000000000000000000000000000000001A00000000grant-0.3.2/Taskfile.yamlversion: "3"
vars:
TOOL_DIR: .tool
OWNER: anchore
PROJECT: grant
TMP_DIR: .tmp
SNAPSHOT_DIR: snapshot
CHANGELOG: CHANGELOG.md
NEXT_VERSION: VERSION
tasks:
default:
# desc: Run all validation tasks
aliases:
- pr-validations
- validations
cmds:
- task: static-analysis
- task: test
- task: build
static-analysis:
desc: Run all static analysis tasks
cmds:
- task: check-go-mod-tidy
- task: lint
test:
desc: Run all levels of test
cmds:
- task: unit
## Bootstrap tasks #################################
binny:
internal: true
desc: Get the binny tool
generates:
- "{{ .TOOL_DIR }}/binny"
status:
- "test -f {{ .TOOL_DIR }}/binny"
# we just need a release of binny, doesn't matter which one (binny will update itself, this is just a bootstrap step)
cmd: "curl -sSfL https://get.anchore.io/binny | sh -s -- -b {{ .TOOL_DIR }}"
silent: true
tools:
desc: Install all tools needed for CI and local development
deps: [binny]
aliases:
- bootstrap
generates:
- ".binny.yaml"
- "{{ .TOOL_DIR }}/*"
status:
- "{{ .TOOL_DIR }}/binny check -v"
cmd: "{{ .TOOL_DIR }}/binny install -v"
silent: true
## Static analysis tasks #################################
format:
desc: Auto-format all source code
deps: [tools]
cmds:
- gofmt -w -s .
- "{{ .TOOL_DIR }}/gosimports -local github.com/anchore -w ."
- go mod tidy
lint-fix:
desc: Auto-format all source code + run golangci lint fixers
deps: [tools]
cmds:
- task: format
- "{{ .TOOL_DIR }}/golangci-lint run --tests=false --fix"
lint:
desc: Run gofmt + golangci lint checks
vars:
BAD_FMT_FILES:
sh: gofmt -l -s .
BAD_FILE_NAMES:
sh: "find . | grep -e ':' || true"
deps: [tools]
cmds:
# ensure there are no go fmt differences
- cmd: 'test -z "{{ .BAD_FMT_FILES }}" || (echo "files with gofmt issues: [{{ .BAD_FMT_FILES }}]"; exit 1)'
silent: true
# ensure there are no files with ":" in it (a known back case in the go ecosystem)
- cmd: 'test -z "{{ .BAD_FILE_NAMES }}" || (echo "files with bad names: [{{ .BAD_FILE_NAMES }}]"; exit 1)'
silent: true
# run linting
- "{{ .TOOL_DIR }}/golangci-lint run --tests=false"
check-go-mod-tidy:
# desc: Ensure go.mod and go.sum are up to date
cmds:
- .github/scripts/go-mod-tidy-check.sh && echo "go.mod and go.sum are tidy!"
## Testing tasks #################################
unit:
desc: Run all unit tests
vars:
TEST_PKGS:
sh: "go list ./... | grep -v {{ .OWNER }}/{{ .PROJECT }}/test | tr '\n' ' '"
# unit test coverage threshold (in % coverage)
COVERAGE_THRESHOLD: 8
cmds:
- cmd: "mkdir -p {{ .TMP_DIR }}"
silent: true
- "go test -coverprofile {{ .TMP_DIR }}/unit-coverage-details.txt {{ .TEST_PKGS }}"
- cmd: ".github/scripts/coverage.py {{ .COVERAGE_THRESHOLD }} {{ .TMP_DIR }}/unit-coverage-details.txt"
silent: true
## Build-related targets #################################
changelog:
desc: Generate a changelog
deps: [tools]
generates:
- "{{ .CHANGELOG }}"
- "{{ .NEXT_VERSION }}"
cmds:
- "{{ .TOOL_DIR }}/chronicle -vv -n --version-file {{ .NEXT_VERSION }} > {{ .CHANGELOG }}"
- "{{ .TOOL_DIR }}/glow {{ .CHANGELOG }}"
snapshot:
desc: Create a snapshot release
aliases:
- build
deps: [tools]
cmds:
- cmd: "mkdir -p {{ .TMP_DIR }}"
silent: true
- cmd: |
cat .goreleaser.yaml > {{ .TMP_DIR }}/goreleaser.yaml
echo "dist: {{ .SNAPSHOT_DIR }}" >> {{ .TMP_DIR }}/goreleaser.yaml
- cmd: "{{ .TOOL_DIR }}/goreleaser release --clean --skip=publish --skip=sign --snapshot --config {{ .TMP_DIR }}/goreleaser.yaml"
## Release targets #################################
release:
desc: Create a release
interactive: true
deps: [tools]
cmds:
- cmd: .github/scripts/trigger-release.sh
silent: true
## Demo tasks #################################
demo:
desc: Generate demo GIF using VHS
cmds:
- vhs .github/images/demo.tape
## Generate tasks #################################
generate:
desc: Generate all code (SPDX license index and license patterns)
cmds:
- task: generate-spdx-licenses
- task: generate-license-patterns
generate-spdx-licenses:
desc: Generate SPDX license index from latest SPDX license list
cmds:
- cmd: "cd internal/spdxlicense/generate && go run generate_license_index.go"
generate-license-patterns:
desc: Generate license file search patterns
deps: [generate-spdx-licenses]
cmds:
- cmd: "cd internal/licensepatterns/generate && go run generate_patterns.go"
## CI-only targets #################################
ci-check:
# desc: "[CI only] Are you in CI?"
cmds:
- cmd: .github/scripts/ci-check.sh
silent: true
ci-validate:
# desc: "[CI only] Run all CI validations"
cmds:
- task: ci-check
- task: default
ci-release:
# desc: "[CI only] Create a release"
deps: [tools]
cmds:
- task: ci-check
- "{{ .TOOL_DIR }}/chronicle -vvv > CHANGELOG.md"
- cmd: "cat CHANGELOG.md"
silent: true
- "{{ .TOOL_DIR }}/goreleaser release --clean --release-notes CHANGELOG.md"
0707010000000E000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000001000000000grant-0.3.2/cmd0707010000000F000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000001600000000grant-0.3.2/cmd/grant07070100000010000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000001A00000000grant-0.3.2/cmd/grant/cli07070100000011000081A400000000000000000000000168CB9D63000005C3000000000000000000000000000000000000002100000000grant-0.3.2/cmd/grant/cli/cli.gopackage cli
import (
"github.com/spf13/cobra"
"github.com/anchore/grant/cmd/grant/cli/command"
"github.com/anchore/grant/internal"
)
// Application constructs the grant CLI application
func Application() *cobra.Command {
app := &cobra.Command{
Use: "grant",
Short: "A license compliance tool for container images, SBOMs, filesystems, and more",
Long: `Grant helps you view licenses for container images, SBOM documents, and filesystems. Apply filters and views that can help you build a picture of licenses in your SBOM.`,
Version: internal.ApplicationVersion,
PersistentPreRun: func(cmd *cobra.Command, args []string) {
// Set up logging based on verbose flag
verbose, _ := cmd.Flags().GetBool("verbose")
command.SetupLogging(verbose)
},
}
// Add global flags
app.PersistentFlags().StringP("config", "c", "", "path to configuration file")
app.PersistentFlags().StringP("output", "o", "table", "output format (table, json)")
app.PersistentFlags().StringP("output-file", "f", "", "write JSON output to file (sets output format to json)")
app.PersistentFlags().BoolP("quiet", "q", false, "suppress all non-essential output")
app.PersistentFlags().BoolP("verbose", "v", false, "enable verbose output")
app.PersistentFlags().Bool("no-output", false, "suppress terminal output when writing to file")
// Add subcommands
app.AddCommand(
command.Check(),
command.List(),
command.Config(),
command.Version(),
)
return app
}
07070100000012000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000002200000000grant-0.3.2/cmd/grant/cli/command07070100000013000081A400000000000000000000000168CB9D6300003A24000000000000000000000000000000000000002B00000000grant-0.3.2/cmd/grant/cli/command/check.gopackage command
import (
"fmt"
"os"
"sort"
"github.com/gookit/color"
"github.com/jedib0t/go-pretty/v6/table"
"github.com/spf13/cobra"
"github.com/anchore/grant/cmd/grant/cli/internal"
"github.com/anchore/grant/grant"
)
type checkFlags struct {
DisableFileSearch bool
Summary bool
Unlicensed bool
DryRun bool
}
const (
statusNonCompliant = "noncompliant"
statusError = "error"
)
// Check creates the check command
func Check() *cobra.Command {
cmd := &cobra.Command{
Use: "check [TARGET...]",
Short: "Check license compliance for one or more targets",
Long: `Check evaluates license compliance for container images, SBOMs, filesystems, and files.
Targets can be:
- Container images: alpine:latest, ubuntu:22.04
- SBOM files: path/to/sbom.json, path/to/sbom.json
- Directories: dir:./project, ./my-app
- Archive files: project.tar.gz, source.zip
- License files: LICENSE, COPYING
- Stdin: - (reads SBOM from stdin)
Exit codes:
- 0: All targets are compliant
- 1: One or more targets are non-compliant or an error occurred`,
Args: cobra.MinimumNArgs(1),
RunE: runCheck,
}
// Add command-specific flags
cmd.Flags().Bool("disable-file-search", false, "disable filesystem license file search")
cmd.Flags().Bool("summary", false, "show only summary information")
cmd.Flags().Bool("unlicensed", false, "show only packages without licenses")
cmd.Flags().Bool("dry-run", false, "run check without returning non-zero exit code on violations")
return cmd
}
// runCheck executes the check command
func runCheck(cmd *cobra.Command, args []string) error {
globalConfig := GetGlobalConfig(cmd)
flags := parseCheckFlags(cmd)
// Check if input is grant JSON from stdin
if len(args) > 0 {
if grantResult, isGrantJSON := isGrantJSONInput(args[0]); isGrantJSON {
// Handle grant JSON input directly
result := handleGrantJSONInput(grantResult, []string{}) // No license filters for check
return handleCheckOutput(result, globalConfig, flags)
}
}
realtimeUI := setupRealtimeUI(globalConfig, args)
orchestrator, err := setupOrchestrator(globalConfig, flags.DisableFileSearch)
if err != nil {
return err
}
defer orchestrator.Close()
result, err := performCheck(orchestrator, globalConfig, args)
if err != nil {
return err
}
updateUIWithResults(realtimeUI, result, args)
return handleCheckOutput(result, globalConfig, flags)
}
// parseCheckFlags extracts and validates command-specific flags
func parseCheckFlags(cmd *cobra.Command) *checkFlags {
disableFileSearch, _ := cmd.Flags().GetBool("disable-file-search")
summary, _ := cmd.Flags().GetBool("summary")
unlicensed, _ := cmd.Flags().GetBool("unlicensed")
dryRun, _ := cmd.Flags().GetBool("dry-run")
return &checkFlags{
DisableFileSearch: disableFileSearch,
Summary: summary,
Unlicensed: unlicensed,
DryRun: dryRun,
}
}
// setupRealtimeUI initializes the real-time UI for progress display
func setupRealtimeUI(globalConfig *GlobalConfig, args []string) *internal.RealtimeUI {
if globalConfig.Quiet || globalConfig.OutputFormat != formatTable {
return nil
}
realtimeUI := internal.NewRealtimeUI(globalConfig.Quiet)
if len(args) > 0 {
realtimeUI.ShowLoadingProgress(args[0])
}
return realtimeUI
}
// setupOrchestrator creates and configures the orchestrator
func setupOrchestrator(globalConfig *GlobalConfig, disableFileSearch bool) (*grant.Orchestrator, error) {
policy, err := LoadPolicyFromConfig(globalConfig)
if err != nil {
HandleError(err, globalConfig.Quiet)
return nil, err
}
caseConfig := grant.CaseConfig{
DisableFileSearch: disableFileSearch,
}
orchestrator, err := grant.NewOrchestratorWithConfig(policy, caseConfig)
if err != nil {
HandleError(fmt.Errorf("failed to create orchestrator: %w", err), globalConfig.Quiet)
return nil, err
}
return orchestrator, nil
}
// performCheck executes the license compliance check
func performCheck(orchestrator *grant.Orchestrator, globalConfig *GlobalConfig, args []string) (*grant.RunResponse, error) {
argv := append([]string{"grant", "check"}, args...)
if globalConfig.ConfigFile != "" {
argv = append([]string{"grant", "check", "-c", globalConfig.ConfigFile}, args...)
}
result, err := orchestrator.Check(argv, args...)
if err != nil {
HandleError(fmt.Errorf("check failed: %w", err), globalConfig.Quiet)
return nil, err
}
return result, nil
}
// updateUIWithResults updates the real-time UI with check results
func updateUIWithResults(realtimeUI *internal.RealtimeUI, result *grant.RunResponse, args []string) {
if realtimeUI == nil || len(result.Run.Targets) == 0 {
return
}
target := result.Run.Targets[0]
// Show scan complete status
sourceRef := target.Source.Ref
if len(args) > 0 {
sourceRef = args[0]
}
realtimeUI.ShowScanComplete(sourceRef, target.Source.Type)
// Show cataloged contents tree
realtimeUI.ShowCatalogedContents(
target.Evaluation.Summary.Packages.Total,
target.Evaluation.Summary.Licenses.Unique,
len(target.Evaluation.Findings.Packages),
)
}
// handleCheckOutput processes and displays the check results
func handleCheckOutput(result *grant.RunResponse, globalConfig *GlobalConfig, flags *checkFlags) error {
if globalConfig.Quiet {
// Handle output file if specified in quiet mode
if globalConfig.OutputFile != "" {
output := internal.NewOutput()
if err := output.OutputJSON(result, globalConfig.OutputFile); err != nil {
HandleError(fmt.Errorf("failed to write output file: %w", err), globalConfig.Quiet)
return err
}
}
handleQuietOutput(result, flags.DryRun)
return nil
}
if flags.Summary {
return handleSummaryOutput(result, globalConfig.OutputFormat, globalConfig.OutputFile, globalConfig.NoOutput)
}
if flags.Unlicensed {
return handleUnlicensedOutput(result, globalConfig.OutputFormat, globalConfig.OutputFile, globalConfig.NoOutput)
}
// Write to file if specified
if globalConfig.OutputFile != "" {
output := internal.NewOutput()
if err := output.OutputJSON(result, globalConfig.OutputFile); err != nil {
HandleError(fmt.Errorf("failed to write output file: %w", err), globalConfig.Quiet)
return err
}
}
// Skip terminal output if no-output flag is set and output file is specified
if globalConfig.NoOutput && globalConfig.OutputFile != "" {
handleExitCode(result, flags.DryRun)
return nil
}
// Output to terminal based on format
if err := OutputResult(result, globalConfig.OutputFormat, ""); err != nil {
HandleError(fmt.Errorf("failed to output result: %w", err), globalConfig.Quiet)
return err
}
handleExitCode(result, flags.DryRun)
return nil
}
// handleQuietOutput handles quiet mode output
func handleQuietOutput(result *grant.RunResponse, dryRun bool) {
nonCompliantCount := 0
errorCount := 0
for _, target := range result.Run.Targets {
switch target.Evaluation.Status {
case statusNonCompliant:
nonCompliantCount++
case statusError:
errorCount++
}
}
if nonCompliantCount > 0 || errorCount > 0 {
fmt.Printf("%d\n", nonCompliantCount+errorCount)
if !dryRun {
os.Exit(1)
}
}
}
// handleSummaryOutput handles summary-only output
func handleSummaryOutput(result *grant.RunResponse, format string, outputFile string, noOutput bool) error {
// Write to file if specified
if outputFile != "" {
output := internal.NewOutput()
if err := output.OutputJSON(result, outputFile); err != nil {
return fmt.Errorf("failed to write output file: %w", err)
}
}
// Skip terminal output if no-output flag is set and output file is specified
if noOutput && outputFile != "" {
return nil
}
if format == formatJSON {
// For JSON, output full result if no file was specified
if outputFile == "" {
output := internal.NewOutput()
return output.OutputJSON(result, "")
}
return nil
}
// For table format, show summary only
totalCompliant := 0
totalNonCompliant := 0
totalErrors := 0
totalTargets := len(result.Run.Targets)
for _, target := range result.Run.Targets {
switch target.Evaluation.Status {
case "compliant":
totalCompliant++
case statusNonCompliant:
totalNonCompliant++
case statusError:
totalErrors++
}
}
fmt.Printf("\nCheck Summary:\n")
fmt.Printf(" Total targets: %d\n", totalTargets)
if totalCompliant > 0 {
fmt.Printf(" Compliant: %d\n", totalCompliant)
}
if totalNonCompliant > 0 {
fmt.Printf(" Non-compliant: %d\n", totalNonCompliant)
}
if totalErrors > 0 {
fmt.Printf(" Errors: %d\n", totalErrors)
}
if totalNonCompliant > 0 || totalErrors > 0 {
fmt.Println("\nNon-compliant/Error targets:")
for _, target := range result.Run.Targets {
if target.Evaluation.Status == "noncompliant" || target.Evaluation.Status == "error" {
fmt.Printf(" - %s: %s\n", target.Source.Ref, target.Evaluation.Status)
}
}
}
return nil
}
// handleUnlicensedOutput handles unlicensed output
func handleUnlicensedOutput(result *grant.RunResponse, format string, outputFile string, noOutput bool) error {
// For JSON, filter the result to only show packages without licenses
filteredResult := result
if format == formatJSON {
filteredResult = filterResultForNoLicenses(result)
}
// Write to file if specified
if outputFile != "" {
output := internal.NewOutput()
if err := output.OutputJSON(filteredResult, outputFile); err != nil {
return fmt.Errorf("failed to write output file: %w", err)
}
}
// Skip terminal output if no-output flag is set and output file is specified
if noOutput && outputFile != "" {
return nil
}
if format == formatJSON {
// For JSON, output filtered result if no file was specified
if outputFile == "" {
output := internal.NewOutput()
return output.OutputJSON(filteredResult, "")
}
return nil
}
// For table format, use the same structure as default output
for _, target := range result.Run.Targets {
if err := outputTargetTableUnlicensed(target); err != nil {
return err
}
fmt.Println() // Add spacing between targets
}
return nil
}
// outputTargetTableUnlicensed outputs a single target as a table, showing only packages without licenses
func outputTargetTableUnlicensed(target grant.TargetResult) error {
// Print progress-style header
fmt.Printf(" ✔ Checking %s %s\n", target.Source.Ref, target.Source.Type)
fmt.Printf(" ✔ License compliance check %s\n", formatStatus(target.Evaluation.Status))
fmt.Println()
// Filter to packages without licenses
packagesWithoutLicenses := []grant.PackageFinding{}
for _, pkg := range target.Evaluation.Findings.Packages {
if len(pkg.Licenses) == 0 {
packagesWithoutLicenses = append(packagesWithoutLicenses, pkg)
}
}
// Print summary in grype/syft style
fmt.Printf(" ✔ Scanned for packages without licenses [%d found]\n", len(packagesWithoutLicenses))
fmt.Println()
// Print detailed table if there are packages without licenses
if len(packagesWithoutLicenses) > 0 {
return printPackageTableUnlicensed(packagesWithoutLicenses)
} else {
fmt.Println("No packages without licenses found.")
}
return nil
}
// filterResultForNoLicenses creates a filtered copy of the result with only packages without licenses
func filterResultForNoLicenses(result *grant.RunResponse) *grant.RunResponse {
filtered := &grant.RunResponse{
Tool: result.Tool,
Version: result.Version,
Run: grant.RunDetails{
Argv: result.Run.Argv,
Policy: result.Run.Policy,
Targets: []grant.TargetResult{},
},
}
for _, target := range result.Run.Targets {
packagesWithoutLicenses := []grant.PackageFinding{}
unlicensedCount := 0
for _, pkg := range target.Evaluation.Findings.Packages {
if len(pkg.Licenses) == 0 {
packagesWithoutLicenses = append(packagesWithoutLicenses, pkg)
unlicensedCount++
}
}
// Create filtered target with updated summary
filteredTarget := grant.TargetResult{
Source: target.Source,
Evaluation: grant.TargetEvaluation{
Status: target.Evaluation.Status,
Summary: grant.EvaluationSummaryJSON{
Packages: grant.PackageSummary{
Total: unlicensedCount,
Unlicensed: unlicensedCount,
Allowed: 0,
Denied: 0,
Ignored: 0,
},
Licenses: grant.LicenseSummary{
Unique: 0,
Allowed: 0,
Denied: 0,
NonSPDX: 0,
},
},
Findings: grant.EvaluationFindings{
Packages: packagesWithoutLicenses,
},
},
}
filtered.Run.Targets = append(filtered.Run.Targets, filteredTarget)
}
return filtered
}
// formatStatus formats the status with colors (copied from output.go)
func formatStatus(status string) string {
switch status {
case "compliant":
return color.Green.Sprint("[compliant]")
case "noncompliant":
return color.Red.Sprint("[non-compliant]")
case "error":
return color.Red.Sprint("[error]")
case "list":
return color.Blue.Sprint("[list]")
default:
return fmt.Sprintf("[%s]", status)
}
}
// printPackageTableUnlicensed prints packages without licenses in the same table format as default output
func printPackageTableUnlicensed(packages []grant.PackageFinding) error {
if len(packages) == 0 {
return nil
}
// Sort packages alphabetically by name (same as default behavior)
sort.Slice(packages, func(i, j int) bool {
return packages[i].Name < packages[j].Name
})
// Create table with no borders (grype/syft style)
t := table.NewWriter()
t.SetOutputMirror(os.Stdout)
// Configure table style to match grype/syft
t.Style().Options.SeparateHeader = false
t.Style().Options.DrawBorder = false
t.Style().Options.SeparateColumns = false
t.Style().Options.SeparateFooter = false
t.Style().Options.SeparateRows = false
// Use uppercase headers to match grype style
t.AppendHeader(table.Row{"NAME", "VERSION", "LICENSE STATUS"})
// Add rows for packages without licenses
for _, pkg := range packages {
version := pkg.Version
if version == "" {
version = noVersion
}
// For packages without licenses, show "(no licenses found)" in red
problematicLicenses := color.Red.Sprint("(no licenses found)")
t.AppendRow(table.Row{
pkg.Name,
version,
problematicLicenses,
})
}
// Use cleaner title format
if len(packages) > 0 {
fmt.Printf("\nPackages without licenses\n")
}
t.Render()
return nil
}
// handleExitCode determines the appropriate exit code
func handleExitCode(result *grant.RunResponse, dryRun bool) {
if dryRun {
// In dry-run mode, don't exit with error code
return
}
hasNonCompliant := false
hasErrors := false
for _, target := range result.Run.Targets {
switch target.Evaluation.Status {
case statusNonCompliant:
hasNonCompliant = true
case statusError:
hasErrors = true
}
}
if hasNonCompliant || hasErrors {
os.Exit(1)
}
}
07070100000014000081A400000000000000000000000168CB9D6300001B09000000000000000000000000000000000000002C00000000grant-0.3.2/cmd/grant/cli/command/config.gopackage command
import (
"fmt"
"os"
"path/filepath"
"strings"
"github.com/spf13/cobra"
"gopkg.in/yaml.v3"
)
// FullConfig represents all possible configuration options for Grant
// This struct combines policy options with CLI options that can be set in config
type FullConfig struct {
// Global CLI options
Config string `yaml:"config,omitempty"`
Format string `yaml:"format"`
Quiet bool `yaml:"quiet"`
Verbose bool `yaml:"verbose"`
// Core policy configuration (fields from grant.Policy but without omitempty for booleans)
Allow []string `yaml:"allow,omitempty"`
IgnorePackages []string `yaml:"ignore-packages"`
RequireLicense bool `yaml:"require-license"`
RequireKnownLicense bool `yaml:"require-known-license"`
// Command-specific options
DisableFileSearch bool `yaml:"disable-file-search"`
Summary bool `yaml:"summary"`
OnlyUnlicensed bool `yaml:"only-unlicensed"`
}
// Config creates the config command
func Config() *cobra.Command {
cmd := &cobra.Command{
Use: "config",
Short: "Generate a comprehensive configuration file",
Long: `Generate a complete YAML configuration file with all available Grant options.
This command outputs a comprehensive configuration file that includes:
- License policy options (allow lists, ignore patterns)
- Command-line options with defaults
- Detailed comments explaining each option
The generated configuration can be saved to a file and customized as needed.`,
RunE: runConfig,
}
// Add command-specific flags
cmd.Flags().StringP("output", "o", "", "output file path (default: stdout)")
return cmd
}
// runConfig executes the config command
func runConfig(cmd *cobra.Command, args []string) error {
outputFile, _ := cmd.Flags().GetString("output")
config, err := generateConfig()
if err != nil {
return fmt.Errorf("failed to generate config: %w", err)
}
// Output to file or stdout
if outputFile != "" {
// Create directory if it doesn't exist
dir := filepath.Dir(outputFile)
if err := os.MkdirAll(dir, 0750); err != nil {
return fmt.Errorf("failed to create directory %s: %w", dir, err)
}
// Write config file
if err := os.WriteFile(outputFile, []byte(config), 0600); err != nil {
return fmt.Errorf("failed to write config file: %w", err)
}
fmt.Printf("Configuration written to: %s\n", outputFile)
} else {
fmt.Print(config)
}
return nil
}
// generateConfig generates a comprehensive configuration file
func generateConfig() (string, error) {
// Create a default configuration with common examples
config := FullConfig{
Format: "table",
Allow: []string{
"MIT",
"Apache-2.0",
"BSD-3-Clause",
},
IgnorePackages: []string{},
RequireLicense: true,
RequireKnownLicense: false,
DisableFileSearch: false,
Summary: false,
OnlyUnlicensed: false,
}
// Generate YAML with comments
result, err := generateConfigWithComments(&config)
if err != nil {
return "", fmt.Errorf("failed to generate config with comments: %w", err)
}
return result, nil
}
// generateConfigWithComments creates a comprehensive YAML config with detailed comments
func generateConfigWithComments(fullConfig *FullConfig) (string, error) {
yamlData, err := yaml.Marshal(fullConfig)
if err != nil {
return "", fmt.Errorf("failed to marshal config: %w", err)
}
yamlLines := strings.Split(string(yamlData), "\n")
var result strings.Builder
addConfigHeader(&result)
processYAMLLines(&result, yamlLines, fullConfig)
return result.String(), nil
}
// addConfigHeader adds the standard header to the configuration file
func addConfigHeader(result *strings.Builder) {
result.WriteString(`# Grant License Compliance Configuration
# Complete configuration file with all available options
# See: https://github.com/anchore/grant
`)
}
// processYAMLLines processes each YAML line and adds appropriate comments
func processYAMLLines(result *strings.Builder, yamlLines []string, fullConfig *FullConfig) {
for _, line := range yamlLines {
if strings.TrimSpace(line) == "" {
result.WriteString("\n")
continue
}
processConfigLine(result, line, fullConfig)
}
}
// processConfigLine processes a single configuration line and adds comments
func processConfigLine(result *strings.Builder, line string, fullConfig *FullConfig) {
fieldName := getFieldName(line)
switch fieldName {
case "config:":
result.WriteString(line + " # Configuration file path (can be overridden with --config flag)\n")
case "format:":
result.WriteString(line + ` # Output format: "table" or "json" (default: "table")` + "\n")
case "quiet:":
result.WriteString(line + " # Suppress all non-essential output (default: false)\n")
case "verbose:":
result.WriteString(line + " # Enable verbose output (default: false)\n")
case "allow:":
result.WriteString(`# List of allowed license patterns (supports glob matching)
# Default behavior: DENY all licenses except those explicitly permitted
` + line + "\n")
case "ignore-packages:":
result.WriteString(`# List of package patterns to ignore from license checking
# Supports glob patterns for flexible matching
` + line + "\n")
if len(fullConfig.IgnorePackages) == 0 {
addIgnorePackageExamples(result)
}
case "require-license:":
result.WriteString(`# Policy enforcement options
` + line + " # When true, deny packages with no detected licenses\n")
case "require-known-license:":
result.WriteString(line + " # When true, deny non-SPDX / unparsable licenses\n")
case "disable-file-search:":
result.WriteString(`
# ============================================================================
# COMMAND-SPECIFIC OPTIONS
# ============================================================================
` + line + " # Disable filesystem license file search\n")
case "summary:":
result.WriteString(line + " # Show only summary information for check command\n")
case "only-unlicensed:":
result.WriteString("# Show only packages without licenses (default: false)\n")
result.WriteString(line + " # maps to grant check --unlicensed || grant list --unlicensed\n")
default:
result.WriteString(line + "\n")
}
}
// getFieldName extracts the field name from a YAML line
func getFieldName(line string) string {
for _, prefix := range []string{
"config:", "format:", "quiet:", "verbose:", "allow:", "ignore-packages:",
"require-license:", "require-known-license:", "disable-file-search:",
"summary:", "only-unlicensed:",
} {
if strings.HasPrefix(line, prefix) {
return prefix
}
}
return ""
}
// addIgnorePackageExamples adds example comments for empty ignore-packages field
func addIgnorePackageExamples(result *strings.Builder) {
result.WriteString(" # Add package patterns to ignore here\n")
result.WriteString(" # Examples:\n")
result.WriteString(" # - \"github.com/mycompany/*\"\n")
result.WriteString(" # - \"internal/*\"\n")
}
07070100000015000081A400000000000000000000000168CB9D6300007821000000000000000000000000000000000000002A00000000grant-0.3.2/cmd/grant/cli/command/list.gopackage command
import (
"fmt"
"os"
"sort"
"strings"
"github.com/gookit/color"
"github.com/jedib0t/go-pretty/v6/table"
"github.com/spf13/cobra"
"github.com/anchore/grant/cmd/grant/cli/internal"
"github.com/anchore/grant/grant"
"github.com/anchore/grant/internal/input"
"github.com/anchore/grant/internal/spdxlicense"
)
// formatClickableLicense formats a license name as a clickable blue link if SPDX reference is available
func formatClickableLicense(licenseName string) string {
if spdxLicense, err := spdxlicense.GetLicenseByID(licenseName); err == nil && spdxLicense.Reference != "" {
// Make it blue and clickable (no underline for table display)
return fmt.Sprintf("\033]8;;%s\033\\\033[34m%s\033[0m\033]8;;\033\\", spdxLicense.Reference, licenseName)
}
// Return the license name as-is if no SPDX reference available
return licenseName
}
// getHighestRisk returns the highest risk category from a list of licenses
func getHighestRisk(licenses []grant.LicenseDetail) spdxlicense.RiskCategory {
highestRisk := spdxlicense.RiskCategoryUncategorized
for _, license := range licenses {
if license.RiskCategory.IsHigh() {
return license.RiskCategory // Return immediately if we find high risk
}
if license.RiskCategory.IsMedium() && !highestRisk.IsHigh() {
highestRisk = license.RiskCategory
}
if license.RiskCategory.IsLow() && highestRisk.IsUncategorized() {
highestRisk = license.RiskCategory
}
}
return highestRisk
}
// formatRisk formats the risk category for display, showing count if multiple
func formatRisk(licenses []grant.LicenseDetail) string {
if len(licenses) == 0 {
return ""
}
highestRisk := getHighestRisk(licenses)
// Count how many licenses have different risk levels
riskCounts := make(map[spdxlicense.RiskCategory]int)
for _, license := range licenses {
if license.RiskCategory != "" {
riskCounts[license.RiskCategory]++
}
}
// Format the risk display
riskStr := ""
switch {
case highestRisk.IsHigh():
riskStr = color.Red.Sprint("High")
case highestRisk.IsMedium():
riskStr = color.Yellow.Sprint("Medium")
case highestRisk.IsLow():
riskStr = color.Green.Sprint("Low")
default:
riskStr = color.Gray.Sprint("Unknown")
}
// Add count if there are multiple licenses with different risks
totalOtherRisks := 0
for risk, count := range riskCounts {
if risk != highestRisk {
totalOtherRisks += count
}
}
if totalOtherRisks > 0 {
riskStr += fmt.Sprintf(" (+%d more)", totalOtherRisks)
}
return riskStr
}
// List creates the list command
func List() *cobra.Command {
cmd := &cobra.Command{
Use: "list [TARGET] [LICENSE...]",
Short: "List licenses found in one or more targets",
Long: `List shows all licenses found in container images, SBOMs, filesystems, and files
without applying policy evaluation.
Targets can be:
- Container images: alpine:latest, ubuntu:22.04
- SBOM files: path/to/sbom.json, path/to/sbom.xml
- Directories: dir:./project, ./my-app
- Archive files: project.tar.gz, source.zip
- License files: LICENSE, COPYING
- Stdin: - (reads SBOM from stdin)
When no target is specified and stdin is available (piped input), grant will
automatically read from stdin. This allows usage like:
syft -o json dir:. | grant list Apache-2.0
License filtering:
If license names are provided as additional arguments, only packages with those
specific licenses will be shown. For example:
grant list dir:. "MIT" "Apache-2.0"
syft -o json dir:. | grant list "MIT" "Apache-2.0"
This command always returns exit code 0 unless there are processing errors.`,
Args: cobra.ArbitraryArgs,
RunE: runList,
}
// Add command-specific flags
cmd.Flags().Bool("disable-file-search", false, "disable filesystem license file search")
cmd.Flags().Bool("unlicensed", false, "show only packages without licenses")
cmd.Flags().String("pkg", "", "show detailed information for a specific package (requires license filter)")
cmd.Flags().String("group-by", "", "group results by specified field (risk)")
return cmd
}
// handleJSONInput processes grant JSON input from stdin
func handleJSONInput(cmd *cobra.Command, target string, licenseFilters []string) (*grant.RunResponse, bool, error) {
if grantResult, isGrantJSON := isGrantJSONInput(target); isGrantJSON {
result := handleGrantJSONInput(grantResult, licenseFilters)
globalConfig := GetGlobalConfig(cmd)
packageDetail, _ := cmd.Flags().GetString("pkg")
if packageDetail != "" {
if len(licenseFilters) == 0 {
return nil, true, fmt.Errorf("--pkg flag requires license filter arguments")
}
result = filterResultByPackage(result, packageDetail)
return result, true, displayPackageDetails(result, packageDetail)
}
if globalConfig.OutputFile != "" {
output := internal.NewOutput()
if err := output.OutputJSON(result, globalConfig.OutputFile); err != nil {
return nil, true, fmt.Errorf("failed to write output file: %w", err)
}
}
// Skip terminal output if no-output flag is set and output file is specified
if globalConfig.NoOutput && globalConfig.OutputFile != "" {
return result, true, nil
}
if globalConfig.OutputFormat == "table" {
return result, true, outputListTableWithFilters(result, licenseFilters)
} else {
return result, true, OutputResult(result, globalConfig.OutputFormat, "")
}
}
return nil, false, nil
}
// runList executes the list command
func runList(cmd *cobra.Command, args []string) error {
// Parse arguments and prepare filters
target, licenseFilters, err := parseListArgumentsWithStdin(cmd, args)
if err != nil {
return err
}
// Check if input is grant JSON from stdin
if _, handled, err := handleJSONInput(cmd, target, licenseFilters); handled {
if err != nil {
HandleError(err, GetGlobalConfig(cmd).Quiet)
}
return err
}
// Get global configuration
globalConfig := GetGlobalConfig(cmd)
// Get command-specific flags
disableFileSearch, _ := cmd.Flags().GetBool("disable-file-search")
packageDetail, _ := cmd.Flags().GetString("pkg")
groupBy, _ := cmd.Flags().GetString("group-by")
// Show loading progress before cataloging
var ui *internal.RealtimeUI
if internal.IsTerminalOutput() && !globalConfig.Quiet {
ui = internal.NewRealtimeUI(globalConfig.Quiet)
ui.ShowLoadingProgress(target)
}
// Create orchestrator and perform list operation
result, err := performListOperation(target, licenseFilters, disableFileSearch, globalConfig)
if err != nil {
return err
}
// Show scan complete after successful operation
if ui != nil {
sourceType := ""
if result != nil && len(result.Run.Targets) > 0 {
sourceType = result.Run.Targets[0].Source.Type
}
ui.ShowScanComplete(target, sourceType)
}
// Apply license filtering if specified
if len(licenseFilters) > 0 {
result = filterGrantJSONByLicenses(result, licenseFilters)
}
// Handle package detail view if specified
if packageDetail != "" {
// Validate that license filters are provided
if len(licenseFilters) == 0 {
return fmt.Errorf("--pkg flag requires license filter arguments")
}
// Filter to show only the specified package
result = filterResultByPackage(result, packageDetail)
// Show detailed package information instead of normal output
return handlePackageDetailOutput(result, packageDetail, globalConfig)
}
// Handle group-by risk view
if groupBy == "risk" {
return handleGroupByRiskOutput(result, globalConfig)
}
// Handle output based on configuration
return handleListOutput(result, licenseFilters, globalConfig)
}
// performListOperation creates orchestrator and executes the list command
func performListOperation(target string, licenseFilters []string, disableFileSearch bool, globalConfig *GlobalConfig) (*grant.RunResponse, error) {
// Load policy (needed for orchestrator, but not used for evaluation)
policy, err := LoadPolicyFromConfig(globalConfig)
if err != nil {
HandleError(err, globalConfig.Quiet)
return nil, err
}
// Create orchestrator with configuration
caseConfig := grant.CaseConfig{
DisableFileSearch: disableFileSearch,
}
orchestrator, err := grant.NewOrchestratorWithConfig(policy, caseConfig)
if err != nil {
HandleError(fmt.Errorf("failed to create orchestrator: %w", err), globalConfig.Quiet)
return nil, err
}
defer orchestrator.Close()
// Build argv for the response
argv := []string{"grant", "list"}
if globalConfig.ConfigFile != "" {
argv = append(argv, "-c", globalConfig.ConfigFile)
}
argv = append(argv, target)
// Include license filters in argv
if len(licenseFilters) > 0 {
argv = append(argv, licenseFilters...)
}
// Perform list
result, err := orchestrator.List(argv, target)
if err != nil {
HandleError(fmt.Errorf("list failed: %w", err), globalConfig.Quiet)
return nil, err
}
return result, nil
}
// parseListArgumentsWithStdin extracts target and license filters, defaulting to stdin when appropriate
func parseListArgumentsWithStdin(cmd *cobra.Command, args []string) (string, []string, error) {
var target string
var licenseFilters []string
// Check if stdin is available
hasStdin, err := input.IsStdinPipeOrRedirect()
if err != nil {
return "", nil, err
}
if len(args) == 0 {
// No arguments provided
if hasStdin {
// Use stdin as target
target = "-"
} else {
// No stdin and no arguments - error
return "", nil, fmt.Errorf("no target specified and no input available on stdin")
}
} else {
// At least one argument provided
// Check if the first argument looks like a target or a license filter
firstArg := args[0]
// If stdin is available and first arg doesn't look like a target path/reference,
// treat all args as license filters
if hasStdin && !looksLikeTarget(firstArg) {
target = "-"
licenseFilters = args
} else {
// Traditional parsing: first arg is target, rest are filters
target = firstArg
if len(args) > 1 {
licenseFilters = args[1:]
}
}
}
// Check if --unlicensed flag is set
unlicensed, _ := cmd.Flags().GetBool("unlicensed")
if unlicensed {
licenseFilters = append(licenseFilters, "(no licenses found)")
}
return target, licenseFilters, nil
}
// looksLikeTarget checks if a string looks like a target (file path, directory, image reference, etc.)
// rather than a license name
func looksLikeTarget(s string) bool {
// Check for explicit target prefixes
if strings.HasPrefix(s, "dir:") || strings.HasPrefix(s, "file:") || strings.HasPrefix(s, "image:") {
return true
}
// Check if it looks like a file path
if strings.Contains(s, "/") || strings.Contains(s, "\\") || strings.HasSuffix(s, ".json") ||
strings.HasSuffix(s, ".xml") || strings.HasSuffix(s, ".tar") || strings.HasSuffix(s, ".gz") ||
strings.HasSuffix(s, ".zip") {
return true
}
// Check if it looks like a Docker image reference
if strings.Contains(s, ":") || strings.Contains(s, "@") {
return true
}
// Check for single dash (stdin indicator)
if s == "-" {
return true
}
// Check if it's a file that exists
if _, err := os.Stat(s); err == nil {
return true
}
// Otherwise, assume it's a license filter
return false
}
// handleListOutput manages all output modes for the list command
func handleListOutput(result *grant.RunResponse, licenseFilters []string, globalConfig *GlobalConfig) error {
// Handle output
if globalConfig.Quiet {
// Handle output file if specified in quiet mode
if globalConfig.OutputFile != "" {
output := internal.NewOutput()
if err := output.OutputJSON(result, globalConfig.OutputFile); err != nil {
HandleError(fmt.Errorf("failed to write output file: %w", err), globalConfig.Quiet)
return err
}
}
handleListQuietOutput(result)
return nil
}
// Handle output file if specified
if globalConfig.OutputFile != "" {
output := internal.NewOutput()
if err := output.OutputJSON(result, globalConfig.OutputFile); err != nil {
HandleError(fmt.Errorf("failed to write output file: %w", err), globalConfig.Quiet)
return err
}
}
// Skip terminal output if no-output flag is set and output file is specified
if globalConfig.NoOutput && globalConfig.OutputFile != "" {
return nil
}
// Normal output - use list-specific formatting for table output
if globalConfig.OutputFormat == "table" {
if err := outputListTableWithFilters(result, licenseFilters); err != nil {
HandleError(fmt.Errorf("failed to output result: %w", err), globalConfig.Quiet)
return err
}
} else {
if err := OutputResult(result, globalConfig.OutputFormat, globalConfig.OutputFile); err != nil {
HandleError(fmt.Errorf("failed to output result: %w", err), globalConfig.Quiet)
return err
}
}
return nil
}
// handleListQuietOutput handles quiet mode output for list
func handleListQuietOutput(result *grant.RunResponse) {
// In quiet mode for list, output total number of unique licenses found
licenseMap := make(map[string]bool)
for _, target := range result.Run.Targets {
for _, pkg := range target.Evaluation.Findings.Packages {
for _, license := range pkg.Licenses {
licenseKey := license.ID
if licenseKey == "" {
licenseKey = license.Name
}
if licenseKey != "" {
licenseMap[licenseKey] = true
}
}
}
}
fmt.Printf("%d\n", len(licenseMap))
}
// outputListTableWithFilters outputs the list table with filter information
func outputListTableWithFilters(result *grant.RunResponse, licenseFilters []string) error {
for _, target := range result.Run.Targets {
if err := outputListTargetTableWithFilters(target, licenseFilters); err != nil {
return err
}
if internal.IsTerminalOutput() {
fmt.Println() // Add spacing between targets
}
}
return nil
}
// outputListTargetTableWithFilters outputs a single target in list format with filter information
func outputListTargetTableWithFilters(target grant.TargetResult, licenseFilters []string) error {
// Only show progress TUI if outputting to a terminal
if internal.IsTerminalOutput() {
// Display completed progress steps
// Note: "Loaded" message was already shown by ui.ShowScanComplete()
fmt.Printf(" %s License listing\n", color.Green.Sprint("✔"))
// Show filter applied if license filters are specified
if len(licenseFilters) > 0 {
var filterDisplay string
if len(licenseFilters) == 1 {
filterDisplay = fmt.Sprintf("[license=\"%s\"]", licenseFilters[0])
} else {
filterDisplay = fmt.Sprintf("[licenses=\"%s\"]", strings.Join(licenseFilters, "\", \""))
}
fmt.Printf(" %s Filter applied %s\n",
color.Green.Sprint("✔"),
filterDisplay)
}
fmt.Printf(" %s Cataloged contents\n", color.Green.Sprint("✔"))
// Display tree structure with counts
fmt.Printf(" %s %s %-30s %s\n",
"├──",
color.Green.Sprint("✔"),
"Packages",
fmt.Sprintf("[%d packages]", target.Evaluation.Summary.Packages.Total))
fmt.Printf(" %s %s %-30s %s\n",
"├──",
color.Green.Sprint("✔"),
"Licenses",
fmt.Sprintf("[%d unique]", target.Evaluation.Summary.Licenses.Unique))
// Count total file locations across all packages
totalLocations := 0
for _, pkg := range target.Evaluation.Findings.Packages {
totalLocations += len(pkg.Locations)
}
fmt.Printf(" %s %s %-30s %s\n",
"└──",
color.Green.Sprint("✔"),
"File metadata",
fmt.Sprintf("[%d locations]", totalLocations))
// Show matched packages count if filtering is applied
if len(licenseFilters) > 0 {
matchedCount := len(target.Evaluation.Findings.Packages)
fmt.Printf(" %s Matched packages [%d package",
color.Green.Sprint("✔"),
matchedCount)
if matchedCount != 1 {
fmt.Print("s")
}
fmt.Println("]")
} else {
// Display aggregated licenses section (only when not filtering)
fmt.Printf(" %s Aggregated licenses [grouped by license, desc by count]\n",
color.Green.Sprint("✔"))
}
fmt.Println()
}
// Display package table or aggregated license table
if len(licenseFilters) > 0 {
// Show packages with their licenses when filtering
return printFilteredPackageTable(target.Evaluation.Findings.Packages)
} else {
// Create aggregated license table
return printAggregatedLicenseTable(target.Evaluation.Findings.Packages)
}
}
// printFilteredPackageTable prints packages that match license filters in a table format
func printFilteredPackageTable(packages []grant.PackageFinding) error {
if len(packages) == 0 {
fmt.Println("No packages found with the specified licenses.")
return nil
}
// Sort packages alphabetically by name
sort.Slice(packages, func(i, j int) bool {
return packages[i].Name < packages[j].Name
})
// Create table with no borders (grype/syft style)
t := table.NewWriter()
t.SetOutputMirror(os.Stdout)
// Configure table style to match grype/syft
t.Style().Options.SeparateHeader = false
t.Style().Options.DrawBorder = false
t.Style().Options.SeparateColumns = false
t.Style().Options.SeparateFooter = false
t.Style().Options.SeparateRows = false
// Set headers with uppercase to match grype style
t.AppendHeader(table.Row{"NAME", "VERSION", "LICENSE", "RISK"})
// Add rows for matching packages
for _, pkg := range packages {
// Format the licenses for this package
licenses := formatLicenses(pkg.Licenses)
risk := formatRisk(pkg.Licenses)
version := pkg.Version
if version == "" {
version = noVersion
}
t.AppendRow(table.Row{
pkg.Name,
version,
licenses,
risk,
})
}
t.Render()
return nil
}
// formatLicenses formats licenses for display
func formatLicenses(licenses []grant.LicenseDetail) string {
if len(licenses) == 0 {
return "(no licenses found)"
}
var licenseStrs []string
for _, license := range licenses {
licenseStr := license.ID
if license.Name != "" && license.ID == "" {
licenseStr = license.Name
}
if licenseStr == "" {
licenseStr = unknownLicense
}
// Shorten long license strings (like sha256 hashes)
if strings.HasPrefix(licenseStr, "sha256:") && len(licenseStr) > 20 {
licenseStr = "sha256:" + licenseStr[7:15] + "..."
}
licenseStrs = append(licenseStrs, formatClickableLicense(licenseStr))
}
// Show max 2 licenses before showing (+n more)
if len(licenseStrs) > 2 {
return strings.Join(licenseStrs[:2], ", ") + fmt.Sprintf(" (+%d more)", len(licenseStrs)-2)
}
return strings.Join(licenseStrs, ", ")
}
// printAggregatedLicenseTable prints licenses grouped by license name with package counts
func printAggregatedLicenseTable(packages []grant.PackageFinding) error {
// First, deduplicate packages by name@version
uniquePackages := make(map[string]grant.PackageFinding)
for _, pkg := range packages {
packageKey := pkg.Name + "@" + pkg.Version
uniquePackages[packageKey] = pkg
}
// Create license to unique packages map
licensePackages := make(map[string]map[string]bool)
for _, pkg := range uniquePackages {
packageKey := pkg.Name + "@" + pkg.Version
if len(pkg.Licenses) == 0 {
// Package with no licenses
if licensePackages["(no licenses found)"] == nil {
licensePackages["(no licenses found)"] = make(map[string]bool)
}
licensePackages["(no licenses found)"][packageKey] = true
} else {
for _, license := range pkg.Licenses {
licenseKey := license.ID
if licenseKey == "" {
licenseKey = license.Name
}
if licenseKey == "" {
licenseKey = unknownLicense
}
if licensePackages[licenseKey] == nil {
licensePackages[licenseKey] = make(map[string]bool)
}
licensePackages[licenseKey][packageKey] = true
}
}
}
// Convert to count map
licenseMap := make(map[string]int)
for license, pkgSet := range licensePackages {
licenseMap[license] = len(pkgSet)
}
// Convert to slice for sorting
type licenseCount struct {
license string
count int
}
var licenseCounts []licenseCount
for license, count := range licenseMap {
licenseCounts = append(licenseCounts, licenseCount{license, count})
}
// Sort by count descending, then by name ascending
sort.Slice(licenseCounts, func(i, j int) bool {
if licenseCounts[i].count == licenseCounts[j].count {
return licenseCounts[i].license < licenseCounts[j].license
}
return licenseCounts[i].count > licenseCounts[j].count
})
// Create table
t := table.NewWriter()
t.SetOutputMirror(os.Stdout)
// Configure table style to match grype/syft style (consistent with other tables)
t.Style().Options.SeparateHeader = false
t.Style().Options.DrawBorder = false
t.Style().Options.SeparateColumns = false
t.Style().Options.SeparateFooter = false
t.Style().Options.SeparateRows = false
// Set headers
t.AppendHeader(table.Row{"LICENSE", "PACKAGES", "RISK"})
// Add rows
for _, lc := range licenseCounts {
// Get risk category for this license
riskStr := color.Gray.Sprint("Unknown")
if spdxLicense, err := spdxlicense.GetLicenseByID(lc.license); err == nil {
switch {
case spdxLicense.RiskCategory.IsHigh():
riskStr = color.Red.Sprint("High")
case spdxLicense.RiskCategory.IsMedium():
riskStr = color.Yellow.Sprint("Medium")
case spdxLicense.RiskCategory.IsLow():
riskStr = color.Green.Sprint("Low")
}
}
t.AppendRow(table.Row{formatClickableLicense(lc.license), lc.count, riskStr})
}
t.Render()
return nil
}
// filterResultByPackage filters the result to only include a specific package by name
func filterResultByPackage(result *grant.RunResponse, packageName string) *grant.RunResponse {
// Create a new result with only the specified package
filteredResult := &grant.RunResponse{
Tool: result.Tool,
Version: result.Version,
Run: grant.RunDetails{
Argv: result.Run.Argv,
Policy: result.Run.Policy,
Targets: []grant.TargetResult{},
},
}
for _, target := range result.Run.Targets {
matchedPackages := []grant.PackageFinding{}
// Filter packages by name
for _, pkg := range target.Evaluation.Findings.Packages {
if pkg.Name == packageName {
matchedPackages = append(matchedPackages, pkg)
}
}
// Create filtered target
filteredTarget := grant.TargetResult{
Source: target.Source,
Evaluation: grant.TargetEvaluation{
Status: target.Evaluation.Status,
Summary: grant.EvaluationSummaryJSON{
Packages: grant.PackageSummary{
Total: len(matchedPackages),
Unlicensed: 0,
Allowed: len(matchedPackages),
Denied: 0,
Ignored: 0,
},
Licenses: grant.LicenseSummary{
Unique: 0, // Will be calculated in display
Allowed: 0,
Denied: 0,
NonSPDX: 0,
},
},
Findings: grant.EvaluationFindings{
Packages: matchedPackages,
},
},
}
filteredResult.Run.Targets = append(filteredResult.Run.Targets, filteredTarget)
}
return filteredResult
}
// handlePackageDetailOutput displays detailed information for a specific package
func handlePackageDetailOutput(result *grant.RunResponse, packageName string, globalConfig *GlobalConfig) error {
// Handle output file if specified
if globalConfig.OutputFile != "" {
output := internal.NewOutput()
if err := output.OutputJSON(result, globalConfig.OutputFile); err != nil {
HandleError(fmt.Errorf("failed to write output file: %w", err), globalConfig.Quiet)
return err
}
}
// Handle quiet mode
if globalConfig.Quiet {
// In quiet mode, just output the number of matching packages
totalPackages := 0
for _, target := range result.Run.Targets {
totalPackages += len(target.Evaluation.Findings.Packages)
}
fmt.Printf("%d\n", totalPackages)
return nil
}
// Skip terminal output if no-output flag is set and output file is specified
if globalConfig.NoOutput && globalConfig.OutputFile != "" {
return nil
}
// Handle JSON format
if globalConfig.OutputFormat == formatJSON {
if globalConfig.OutputFile == "" {
output := internal.NewOutput()
return output.OutputJSON(result, "")
}
// Already written to file above
return nil
}
// Display detailed package information in table format
return displayPackageDetails(result, packageName)
}
// handleGroupByRiskOutput handles the group-by risk view output
func handleGroupByRiskOutput(result *grant.RunResponse, globalConfig *GlobalConfig) error {
// Handle output file if specified
if globalConfig.OutputFile != "" {
output := internal.NewOutput()
if err := output.OutputJSON(result, globalConfig.OutputFile); err != nil {
HandleError(fmt.Errorf("failed to write output file: %w", err), globalConfig.Quiet)
return err
}
}
// Handle quiet mode
if globalConfig.Quiet {
// In quiet mode, just output the number of risk categories
fmt.Printf("3\n") // High, Medium, Low
return nil
}
// Skip terminal output if no-output flag is set and output file is specified
if globalConfig.NoOutput && globalConfig.OutputFile != "" {
return nil
}
// Handle JSON format
if globalConfig.OutputFormat == formatJSON {
if globalConfig.OutputFile == "" {
output := internal.NewOutput()
return output.OutputJSON(result, "")
}
return nil
}
// Display risk-grouped view in table format
for _, target := range result.Run.Targets {
if err := outputRiskGroupedTable(target); err != nil {
return err
}
if internal.IsTerminalOutput() {
fmt.Println() // Add spacing between targets
}
}
return nil
}
// outputRiskGroupedTable outputs licenses grouped by risk category
func outputRiskGroupedTable(target grant.TargetResult) error {
// Display progress-style header only if outputting to a terminal
if internal.IsTerminalOutput() {
// Note: "Loaded" message was already shown by ui.ShowScanComplete()
fmt.Printf(" %s License listing\n", color.Green.Sprint("✔"))
fmt.Printf(" %s Aggregated by risk\n", color.Green.Sprint("✔"))
fmt.Println()
}
// Create risk category aggregations
type riskStats struct {
licenses map[string]bool
packages map[string]bool
}
riskCategories := map[string]*riskStats{
"Strong Copyleft": {
licenses: make(map[string]bool),
packages: make(map[string]bool),
},
"Weak Copyleft": {
licenses: make(map[string]bool),
packages: make(map[string]bool),
},
"Permissive": {
licenses: make(map[string]bool),
packages: make(map[string]bool),
},
}
// Process each package
for _, pkg := range target.Evaluation.Findings.Packages {
packageKey := pkg.Name + "@" + pkg.Version
for _, license := range pkg.Licenses {
licenseKey := license.ID
if licenseKey == "" {
licenseKey = license.Name
}
if licenseKey == "" {
continue // Skip unknown licenses
}
// Get the risk category
var categoryName string
switch {
case license.RiskCategory.IsHigh():
categoryName = "Strong Copyleft"
case license.RiskCategory.IsMedium():
categoryName = "Weak Copyleft"
case license.RiskCategory.IsLow():
categoryName = "Permissive"
default:
continue // Skip uncategorized
}
// Add to the appropriate category
riskCategories[categoryName].licenses[licenseKey] = true
riskCategories[categoryName].packages[packageKey] = true
}
}
// Create table
t := table.NewWriter()
t.SetOutputMirror(os.Stdout)
// Configure table style to match grype/syft style
t.Style().Options.SeparateHeader = false
t.Style().Options.DrawBorder = false
t.Style().Options.SeparateColumns = false
t.Style().Options.SeparateFooter = false
t.Style().Options.SeparateRows = false
// Set headers
t.AppendHeader(table.Row{"RISK CATEGORY", "LICENSES", "PACKAGES"})
// Add rows in order of risk severity
categoryOrder := []string{"Strong Copyleft", "Weak Copyleft", "Permissive"}
for _, category := range categoryOrder {
stats := riskCategories[category]
if len(stats.licenses) > 0 || len(stats.packages) > 0 {
// Color code the risk category
var coloredCategory string
switch category {
case "Strong Copyleft":
coloredCategory = color.Red.Sprint(category)
case "Weak Copyleft":
coloredCategory = color.Yellow.Sprint(category)
case "Permissive":
coloredCategory = color.Green.Sprint(category)
default:
coloredCategory = category
}
t.AppendRow(table.Row{
coloredCategory,
len(stats.licenses),
len(stats.packages),
})
}
}
t.Render()
return nil
}
// displayPackageDetails displays detailed information about the package
func displayPackageDetails(result *grant.RunResponse, packageName string) error {
if len(result.Run.Targets) == 0 {
fmt.Printf("No targets found.\n")
return nil
}
target := result.Run.Targets[0]
packages := target.Evaluation.Findings.Packages
if len(packages) == 0 {
fmt.Printf("Package '%s' not found.\n", packageName)
return nil
}
// Display progress-style header only if outputting to a terminal
if internal.IsTerminalOutput() {
fmt.Printf(" %s License listing\n", color.Green.Sprint("✔"))
fmt.Printf(" %s Package details [package=\"%s\"]\n",
color.Green.Sprint("✔"),
packageName)
fmt.Printf(" %s Found package instances [%d instance",
color.Green.Sprint("✔"),
len(packages))
if len(packages) != 1 {
fmt.Print("s")
}
fmt.Println("]")
fmt.Println()
}
// Display detailed information for each package instance
for i, pkg := range packages {
if i > 0 {
fmt.Println()
fmt.Println(strings.Repeat("─", 80))
fmt.Println()
}
fmt.Printf("Name: %s\n", pkg.Name)
fmt.Printf("Version: %s\n", pkg.Version)
fmt.Printf("Type: %s\n", pkg.Type)
fmt.Printf("ID: %s\n", pkg.ID)
// Display licenses with new formatting
if len(pkg.Licenses) == 0 {
fmt.Printf("Licenses: (no licenses found)\n")
} else {
fmt.Printf("Licenses (%d):\n", len(pkg.Licenses))
for _, license := range pkg.Licenses {
// Use license ID or name as display name
licenseName := license.ID
if licenseName == "" {
licenseName = license.Name
}
if licenseName == "" {
licenseName = "(unknown)"
}
fmt.Println()
// Format with bullet point and make license name clickable if we have a reference
if license.Reference != "" {
// Make it blue and underlined to indicate it's clickable
fmt.Printf("• \x1b]8;;%s\x1b\\\x1b[34;4m%s\x1b[0m\x1b]8;;\x1b\\\n", license.Reference, licenseName)
} else {
fmt.Printf("• %s\n", licenseName)
}
// Format OSI Approved status with warning if false
osiStatus := fmt.Sprintf("OSI Approved: %t", license.IsOsiApproved)
if !license.IsOsiApproved {
osiStatus = color.Yellow.Sprintf("⚠️ OSI Approved: false")
}
fmt.Printf(" %s | Deprecated: %t\n", osiStatus, license.IsDeprecatedLicenseID)
if len(license.Evidence) > 0 {
fmt.Printf(" Evidence: %v\n", license.Evidence)
}
}
}
}
return nil
}
07070100000016000081A400000000000000000000000168CB9D63000025ED000000000000000000000000000000000000002A00000000grant-0.3.2/cmd/grant/cli/command/root.gopackage command
import (
"encoding/json"
"errors"
"fmt"
"io"
"os"
"path/filepath"
"strings"
"github.com/spf13/cobra"
"github.com/anchore/go-logger"
"github.com/anchore/go-logger/adapter/logrus"
"github.com/anchore/grant/cmd/grant/cli/internal"
"github.com/anchore/grant/grant"
"github.com/anchore/grant/internal/log"
"github.com/anchore/grant/internal/stdinbuffer"
)
const (
formatJSON = "json"
formatTable = "table"
unknownLicense = "(unknown)"
noVersion = "(no version)"
)
// GlobalConfig holds configuration that applies to all commands
type GlobalConfig struct {
ConfigFile string
OutputFormat string
OutputFile string
Quiet bool
Verbose bool
NoOutput bool
}
// GetGlobalConfig extracts global configuration from cobra command
func GetGlobalConfig(cmd *cobra.Command) *GlobalConfig {
configFile, _ := cmd.Flags().GetString("config")
outputFormat, _ := cmd.Flags().GetString("output")
outputFile, _ := cmd.Flags().GetString("output-file")
quiet, _ := cmd.Flags().GetBool("quiet")
verbose, _ := cmd.Flags().GetBool("verbose")
noOutput, _ := cmd.Flags().GetBool("no-output")
// Note: If output-file is specified, we keep the original outputFormat for terminal
// but will write JSON to the file separately
return &GlobalConfig{
ConfigFile: configFile,
OutputFormat: outputFormat,
OutputFile: outputFile,
Quiet: quiet,
Verbose: verbose,
NoOutput: noOutput,
}
}
// SetupLogging configures logging based on verbose flag
func SetupLogging(verbose bool) {
var logLevel logger.Level
if verbose {
logLevel = logger.DebugLevel
} else {
logLevel = logger.WarnLevel
}
cfg := logrus.Config{
EnableConsole: true,
Level: logLevel,
}
l, _ := logrus.New(cfg)
log.Set(l)
}
// LoadPolicyFromConfig loads policy based on global config
func LoadPolicyFromConfig(config *GlobalConfig) (*grant.Policy, error) {
// Use the centralized config loading logic from internal package
internalConfig, err := internal.LoadConfig(config.ConfigFile)
if err != nil {
return nil, fmt.Errorf("failed to load config: %w", err)
}
// Log config path when verbose is enabled
if config.Verbose {
configPath := config.ConfigFile
if configPath == "" {
configPath = internal.GetResolvedConfigPath()
}
if configPath != "" {
log.Debugf("config file: %s", configPath)
} else {
log.Debug("No configuration file found, using defaults")
}
}
return internalConfig.Policy, nil
}
// HandleError handles command errors consistently
func HandleError(err error, quiet bool) {
if err != nil && !quiet {
fmt.Fprintf(os.Stderr, "Error: %v\n", err)
}
}
// OutputResult outputs the result in the specified format
func OutputResult(result *grant.RunResponse, format string, outputFile string) error {
output := internal.NewOutput()
// If output file is specified, always write JSON to file
if outputFile != "" {
if err := output.OutputJSON(result, outputFile); err != nil {
return err
}
}
// Handle terminal output based on format
switch format {
case formatJSON:
// Always output to terminal (caller should check no-output flag)
return output.OutputJSON(result, "")
case formatTable:
return output.OutputTable(result)
default:
return fmt.Errorf("unsupported output format: %s", format)
}
}
// isGrantJSONInput checks if the target is stdin or a file and if it contains grant JSON output
func isGrantJSONInput(target string) (*grant.RunResponse, bool) {
var data []byte
var err error
switch {
case strings.EqualFold(target, "-"):
// Handle stdin input
// Check if stdin is available
stat, _ := os.Stdin.Stat()
if (stat.Mode() & os.ModeCharDevice) != 0 {
// stdin is not available (terminal mode)
return nil, false
}
// Read from stdin
data, err = io.ReadAll(os.Stdin)
if err != nil {
return nil, false
}
case strings.HasSuffix(target, ".json"):
// Handle file input - check if it's a JSON file that might be grant output
// Check if the file exists
if _, err := os.Stat(target); os.IsNotExist(err) {
return nil, false
}
// Read from file
data, err = readInputFile(target)
if err != nil {
return nil, false
}
default:
// Not stdin and not a JSON file
return nil, false
}
// Try to parse as grant RunResponse
var result grant.RunResponse
if err := json.Unmarshal(data, &result); err != nil {
// Not grant JSON - if from stdin, save for SBOM processing
if strings.EqualFold(target, "-") {
stdinbuffer.Set(data)
}
return nil, false
}
// Check if it has the expected grant JSON structure
if result.Tool == "grant" && result.Version != "" && len(result.Run.Targets) > 0 {
return &result, true
}
// Not grant JSON - if from stdin, save for SBOM processing
if strings.EqualFold(target, "-") {
stdinbuffer.Set(data)
}
return nil, false
}
// handleGrantJSONInput processes grant JSON input directly without re-analysis
func handleGrantJSONInput(result *grant.RunResponse, licenseFilters []string) *grant.RunResponse {
// If no license filters, return as-is
if len(licenseFilters) == 0 {
return result
}
// Apply license filtering to the existing result
return filterGrantJSONByLicenses(result, licenseFilters)
}
// filterGrantJSONByLicenses filters the result to only include packages that have licenses matching the specified filters
func filterGrantJSONByLicenses(result *grant.RunResponse, licenseFilters []string) *grant.RunResponse {
// Create a map for faster license lookup
filterMap := make(map[string]bool)
for _, filter := range licenseFilters {
filterMap[filter] = true
}
// Create a new result with filtered packages
filteredResult := &grant.RunResponse{
Tool: result.Tool,
Version: result.Version,
Run: grant.RunDetails{
Argv: result.Run.Argv,
Policy: result.Run.Policy,
Targets: []grant.TargetResult{},
},
}
for _, target := range result.Run.Targets {
filteredPackages := []grant.PackageFinding{}
matchedLicenses := make(map[string]bool)
packageMap := make(map[string]grant.PackageFinding) // For deduplication
// Filter packages that have any of the specified licenses
for _, pkg := range target.Evaluation.Findings.Packages {
hasMatchingLicense := false
// Special case: check if filtering for packages without licenses
if filterMap["(no licenses found)"] && len(pkg.Licenses) == 0 {
hasMatchingLicense = true
matchedLicenses["(no licenses found)"] = true
} else {
// Check if package has any of the specified licenses
for _, license := range pkg.Licenses {
licenseKey := license.ID
if licenseKey == "" {
licenseKey = license.Name
}
if filterMap[licenseKey] {
hasMatchingLicense = true
matchedLicenses[licenseKey] = true
}
}
}
if hasMatchingLicense {
// Use package name + version as deduplication key
packageKey := pkg.Name + "@" + pkg.Version
packageMap[packageKey] = pkg
}
}
// Convert map back to slice for deduplicated packages
for _, pkg := range packageMap {
filteredPackages = append(filteredPackages, pkg)
}
// Create filtered target with updated summary
filteredTarget := grant.TargetResult{
Source: target.Source,
Evaluation: grant.TargetEvaluation{
Status: target.Evaluation.Status,
Summary: grant.EvaluationSummaryJSON{
Packages: grant.PackageSummary{
Total: len(filteredPackages),
Unlicensed: 0, // Will be calculated if needed
Allowed: len(filteredPackages), // All filtered packages are "allowed" for display
Denied: 0,
Ignored: 0,
},
Licenses: grant.LicenseSummary{
Unique: len(matchedLicenses),
Allowed: len(matchedLicenses),
Denied: 0,
NonSPDX: 0, // Would need to calculate if needed
},
},
Findings: grant.EvaluationFindings{
Packages: filteredPackages,
},
},
}
filteredResult.Run.Targets = append(filteredResult.Run.Targets, filteredTarget)
}
return filteredResult
}
var maxUserFileBytes int64 = 100 << 20 // 100 MiB cap
// readInputFile reads a user-specified JSON or XML file with safety checks.
// It intentionally accepts arbitrary file paths but guards against symlinks, large files,
// and unsupported formats.
func readInputFile(target string) ([]byte, error) {
// Support "-" as stdin (for piping JSON/XML)
if target == "-" {
return io.ReadAll(io.LimitReader(os.Stdin, maxUserFileBytes+1))
}
clean := filepath.Clean(target)
// Check extension (case-insensitive)
ext := strings.ToLower(filepath.Ext(clean))
if ext != ".json" && ext != ".xml" {
return nil, fmt.Errorf("unsupported file type %q (must be .json or .xml)", ext)
}
fi, err := os.Lstat(clean)
if err != nil {
return nil, fmt.Errorf("stat %q: %w", clean, err)
}
if fi.Mode()&os.ModeSymlink != 0 {
return nil, fmt.Errorf("refusing to read symlink: %s", clean)
}
if !fi.Mode().IsRegular() {
return nil, fmt.Errorf("refusing to read non-regular file: %s", clean)
}
if fi.Size() > maxUserFileBytes {
return nil, fmt.Errorf("file too large (%d bytes > %d)", fi.Size(), maxUserFileBytes)
}
// #nosec G304 -- design: CLI intentionally accepts arbitrary JSON/XML file paths
f, err := os.Open(clean)
if err != nil {
return nil, fmt.Errorf("open %q: %w", clean, err)
}
defer func() {
if cerr := f.Close(); cerr != nil && err == nil {
err = cerr
}
}()
data, err := io.ReadAll(io.LimitReader(f, maxUserFileBytes+1))
if err != nil {
return nil, fmt.Errorf("read %q: %w", clean, err)
}
if int64(len(data)) > maxUserFileBytes {
return nil, errors.New("file exceeds maximum allowed size")
}
return data, err
}
07070100000017000081A400000000000000000000000168CB9D630000031D000000000000000000000000000000000000002D00000000grant-0.3.2/cmd/grant/cli/command/version.gopackage command
import (
"fmt"
"github.com/spf13/cobra"
"github.com/anchore/grant/internal"
)
// Version creates the version command
func Version() *cobra.Command {
return &cobra.Command{
Use: "version",
Short: "Show the version information for grant",
Run: func(cmd *cobra.Command, args []string) {
info := internal.GetBuildInfo()
fmt.Printf("Application: %s\n", info.Application)
fmt.Printf("Version: %s\n", info.Version)
fmt.Printf("BuildDate: %s\n", info.BuildDate)
fmt.Printf("GitCommit: %s\n", info.GitCommit)
fmt.Printf("GitDescription: %s\n", info.GitDescription)
fmt.Printf("Platform: %s\n", info.Platform)
fmt.Printf("GoVersion: %s\n", info.GoVersion)
fmt.Printf("Compiler: %s\n", info.Compiler)
},
}
}
07070100000018000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000002300000000grant-0.3.2/cmd/grant/cli/internal07070100000019000081A400000000000000000000000168CB9D6300001404000000000000000000000000000000000000002D00000000grant-0.3.2/cmd/grant/cli/internal/config.go// Package internal provides internal utilities for the Grant CLI.
package internal
import (
"fmt"
"os"
"path/filepath"
"github.com/mitchellh/go-homedir"
"github.com/anchore/grant/grant"
)
// resolvedConfigPath stores the path of the config file that was actually loaded
var resolvedConfigPath string
// Config represents the CLI configuration
type Config struct {
ConfigFile string
OutputFormat string
Quiet bool
Verbose bool
// Policy configuration
Policy *grant.Policy
}
// DefaultConfigLocations returns the default locations to look for config files
// following the XDG Base Directory Specification
func DefaultConfigLocations() []string {
locations := []string{
"grant.yaml",
"grant.yml",
".grant.yaml",
".grant.yml",
}
// Add XDG Base Directory specification locations
// Reference: https://specifications.freedesktop.org/basedir-spec/latest/
// XDG_CONFIG_HOME (defaults to $HOME/.config)
configHome := os.Getenv("XDG_CONFIG_HOME")
if configHome == "" {
if homeDir, err := homedir.Dir(); err == nil {
configHome = filepath.Join(homeDir, ".config")
}
}
if configHome != "" {
locations = append(locations, []string{
filepath.Join(configHome, "grant", "grant.yaml"),
filepath.Join(configHome, "grant", "grant.yml"),
}...)
}
// XDG_CONFIG_DIRS (defaults to /etc/xdg)
configDirs := os.Getenv("XDG_CONFIG_DIRS")
if configDirs == "" {
configDirs = "/etc/xdg"
}
for _, dir := range filepath.SplitList(configDirs) {
if dir != "" {
locations = append(locations, []string{
filepath.Join(dir, "grant", "grant.yaml"),
filepath.Join(dir, "grant", "grant.yml"),
}...)
}
}
// Add legacy home directory locations for backward compatibility
if homeDir, err := homedir.Dir(); err == nil {
locations = append(locations, []string{
filepath.Join(homeDir, ".grant.yaml"),
filepath.Join(homeDir, ".grant.yml"),
}...)
}
return locations
}
// LoadConfig loads configuration from various sources
func LoadConfig(configFile string) (*Config, error) {
config := &Config{
ConfigFile: configFile,
OutputFormat: "table",
Quiet: false,
Verbose: false,
}
// Load policy
policy, err := loadPolicyConfig(configFile)
if err != nil {
return nil, fmt.Errorf("failed to load policy: %w", err)
}
config.Policy = policy
return config, nil
}
// GetResolvedConfigPath returns the path of the config file that was actually loaded
func GetResolvedConfigPath() string {
return resolvedConfigPath
}
// loadPolicyConfig loads policy from config file or defaults
func loadPolicyConfig(configFile string) (*grant.Policy, error) {
// Reset the resolved config path
resolvedConfigPath = ""
// If config file is explicitly provided, it must exist and be valid
if configFile != "" {
if _, err := os.Stat(configFile); err == nil {
policy, err := grant.LoadPolicyFromFile(configFile)
if err == nil {
resolvedConfigPath = configFile
}
return policy, err
}
return nil, fmt.Errorf("specified config file not found: %s", configFile)
}
// Look for config files in default locations (following XDG spec hierarchy)
for _, location := range DefaultConfigLocations() {
if _, err := os.Stat(location); err == nil {
policy, err := grant.LoadPolicyFromFile(location)
if err == nil {
resolvedConfigPath = location
return policy, nil
}
// Continue looking if this file exists but is invalid
// Log the error but don't fail the entire process
}
}
// Return default policy if no config file found
return grant.LoadPolicyOrDefault("")
}
// SaveDefaultConfig creates a default configuration file
func SaveDefaultConfig(path string) error {
defaultConfig := `# Grant License Compliance Configuration
# See: https://github.com/anchore/grant
# List of allowed license patterns (supports glob matching)
allow:
- "MIT"
- "MIT-*"
- "Apache-2.0"
- "Apache-2.0-*"
- "BSD-2-Clause"
- "BSD-3-Clause"
- "BSD-3-Clause-Clear"
- "ISC"
- "0BSD"
- "Unlicense"
- "CC0-1.0"
# List of package patterns to ignore (supports glob matching)
ignore-packages:
# Examples:
# - "github.com/mycompany/*"
# - "@mycompany/*"
# - "mycompany-*"
# Policy options
require-license: true # Deny packages with no detected licenses
require-known-license: false # Deny non-SPDX / unparsable licenses
`
// Create directory if it doesn't exist
dir := filepath.Dir(path)
if err := os.MkdirAll(dir, 0750); err != nil {
return fmt.Errorf("failed to create directory %s: %w", dir, err)
}
// Write config file
if err := os.WriteFile(path, []byte(defaultConfig), 0600); err != nil {
return fmt.Errorf("failed to write config file: %w", err)
}
return nil
}
// ValidateConfig validates the configuration
func ValidateConfig(config *Config) error {
// Validate output format
switch config.OutputFormat {
case "json", "table":
// Valid formats
default:
return fmt.Errorf("invalid output format: %s (must be 'json' or 'table')", config.OutputFormat)
}
// Validate policy
if config.Policy == nil {
return fmt.Errorf("policy is required")
}
return nil
}
0707010000001A000081A400000000000000000000000168CB9D6300003423000000000000000000000000000000000000002D00000000grant-0.3.2/cmd/grant/cli/internal/output.gopackage internal
import (
"encoding/json"
"fmt"
"os"
"sort"
"strings"
"github.com/gookit/color"
"github.com/jedib0t/go-pretty/v6/table"
"github.com/anchore/grant/grant"
"github.com/anchore/grant/internal/spdxlicense"
)
const (
statusCompliant = "compliant"
)
// formatClickableLicense formats a license name as a clickable blue link if SPDX reference is available
func formatClickableLicense(licenseName string) string {
if spdxLicense, err := spdxlicense.GetLicenseByID(licenseName); err == nil && spdxLicense.Reference != "" {
// Make it blue and clickable (no underline for table display)
return fmt.Sprintf("\033]8;;%s\033\\\033[34m%s\033[0m\033]8;;\033\\", spdxLicense.Reference, licenseName)
}
// Return the license name as-is if no SPDX reference available
return licenseName
}
// getHighestRisk returns the highest risk category from a list of licenses
func getHighestRisk(licenses []grant.LicenseDetail) spdxlicense.RiskCategory {
highestRisk := spdxlicense.RiskCategoryUncategorized
for _, license := range licenses {
if license.RiskCategory.IsHigh() {
return license.RiskCategory // Return immediately if we find high risk
}
if license.RiskCategory.IsMedium() && !highestRisk.IsHigh() {
highestRisk = license.RiskCategory
}
if license.RiskCategory.IsLow() && highestRisk.IsUncategorized() {
highestRisk = license.RiskCategory
}
}
return highestRisk
}
// formatRisk formats the risk category for display, showing count if multiple
func formatRisk(licenses []grant.LicenseDetail) string {
if len(licenses) == 0 {
return ""
}
highestRisk := getHighestRisk(licenses)
// Count how many licenses have different risk levels
riskCounts := make(map[spdxlicense.RiskCategory]int)
for _, license := range licenses {
if license.RiskCategory != "" {
riskCounts[license.RiskCategory]++
}
}
// Format the risk display
riskStr := ""
switch {
case highestRisk.IsHigh():
riskStr = color.Red.Sprint("High")
case highestRisk.IsMedium():
riskStr = color.Yellow.Sprint("Medium")
case highestRisk.IsLow():
riskStr = color.Green.Sprint("Low")
default:
riskStr = color.Gray.Sprint("Unknown")
}
// Add count if there are multiple licenses with different risks
totalOtherRisks := 0
for risk, count := range riskCounts {
if risk != highestRisk {
totalOtherRisks += count
}
}
if totalOtherRisks > 0 {
riskStr += fmt.Sprintf(" (+%d more)", totalOtherRisks)
}
return riskStr
}
// Output handles different output formats for grant results
type Output struct{}
// NewOutput creates a new Output instance
func NewOutput() *Output {
return &Output{}
}
// OutputJSON outputs the result as JSON
func (o *Output) OutputJSON(result *grant.RunResponse, outputFile string) error {
var writer = os.Stdout
if outputFile != "" {
// #nosec G304 - outputFile is controlled by user via CLI flag
file, err := os.Create(outputFile)
if err != nil {
return fmt.Errorf("failed to create output file %s: %w", outputFile, err)
}
defer func() {
if err := file.Close(); err != nil {
fmt.Fprintf(os.Stderr, "Warning: failed to close output file: %v\n", err)
}
}()
writer = file
}
encoder := json.NewEncoder(writer)
encoder.SetIndent("", " ")
return encoder.Encode(result)
}
// OutputTable outputs the result as a formatted table
func (o *Output) OutputTable(result *grant.RunResponse) error {
for _, target := range result.Run.Targets {
if err := o.outputTargetTable(target); err != nil {
return err
}
fmt.Println() // Add spacing between targets
}
return nil
}
// OutputListTable outputs the result as a list-specific table format with progress and aggregated licenses
func (o *Output) OutputListTable(result *grant.RunResponse) error {
for _, target := range result.Run.Targets {
if err := o.outputListTargetTable(target); err != nil {
return err
}
fmt.Println() // Add spacing between targets
}
return nil
}
// outputTargetTable outputs a single target as a table
func (o *Output) outputTargetTable(target grant.TargetResult) error {
// Always show the final compliance summary tree
DisplaySummaryTree(
target.Evaluation.Summary.Packages.Total,
target.Evaluation.Summary.Packages.Denied,
target.Evaluation.Summary.Packages.Allowed,
target.Evaluation.Summary.Packages.Ignored,
target.Evaluation.Summary.Packages.Unlicensed,
)
// Print detailed findings if there are packages
if len(target.Evaluation.Findings.Packages) > 0 {
fmt.Println() // Single newline before table
return o.printPackageTable(target.Evaluation.Findings.Packages)
}
return nil
}
// outputListTargetTable outputs a single target in list format with progress and aggregated licenses
func (o *Output) outputListTargetTable(target grant.TargetResult) error {
// Display progress steps
fmt.Printf(" %s Loaded %s %s\n",
color.Green.Sprint("✔"),
target.Source.Ref,
target.Source.Type)
fmt.Printf(" %s License listing\n", color.Green.Sprint("✔"))
fmt.Printf(" %s Cataloged contents\n", color.Green.Sprint("✔"))
// Display tree structure with counts
fmt.Printf(" %s %s %-30s %s\n",
"├──",
color.Green.Sprint("✔"),
"Packages",
fmt.Sprintf("[%d packages]", target.Evaluation.Summary.Packages.Total))
fmt.Printf(" %s %s %-30s %s\n",
"├──",
color.Green.Sprint("✔"),
"Licenses",
fmt.Sprintf("[%d unique]", target.Evaluation.Summary.Licenses.Unique))
// Count total file locations across all packages
totalLocations := 0
for _, pkg := range target.Evaluation.Findings.Packages {
totalLocations += len(pkg.Locations)
}
fmt.Printf(" %s %s %-30s %s\n",
"└──",
color.Green.Sprint("✔"),
"File metadata",
fmt.Sprintf("[%d locations]", totalLocations))
// Display aggregated licenses section
fmt.Printf(" %s Aggregated licenses [grouped by license, desc by count]\n",
color.Green.Sprint("✔"))
fmt.Println()
// Create aggregated license table
return o.printAggregatedLicenseTable(target.Evaluation.Findings.Packages)
}
// printPackageTable prints packages in a table format
func (o *Output) printPackageTable(packages []grant.PackageFinding) error {
if len(packages) == 0 {
return nil
}
// Filter to only show denied packages
deniedPackages := []grant.PackageFinding{}
for _, pkg := range packages {
if pkg.Decision == "deny" {
deniedPackages = append(deniedPackages, pkg)
}
}
if len(deniedPackages) == 0 {
fmt.Println("No denied packages found.")
return nil
}
// Sort denied packages alphabetically by name
sort.Slice(deniedPackages, func(i, j int) bool {
return deniedPackages[i].Name < deniedPackages[j].Name
})
// Create table with no borders (grype/syft style)
t := table.NewWriter()
t.SetOutputMirror(os.Stdout)
// Configure table style to match grype/syft
t.Style().Options.SeparateHeader = false
t.Style().Options.DrawBorder = false
t.Style().Options.SeparateColumns = false
t.Style().Options.SeparateFooter = false
t.Style().Options.SeparateRows = false
// Set headers with uppercase to match grype style
t.AppendHeader(table.Row{"NAME", "VERSION", "LICENSE", "RISK"})
// Add rows for denied packages only
for _, pkg := range deniedPackages {
// Only show the licenses that caused the denial
problematicLicenses := o.formatProblematicLicenses(pkg.Licenses)
risk := formatRisk(pkg.Licenses)
version := pkg.Version
if version == "" {
version = "(no version)"
}
t.AppendRow(table.Row{
pkg.Name,
version,
problematicLicenses,
risk,
})
}
// Remove the header - just render table directly
t.Render()
return nil
}
// formatProblematicLicenses formats only the problematic licenses for denied packages
func (o *Output) formatProblematicLicenses(licenses []grant.LicenseDetail) string {
if len(licenses) == 0 {
return color.Red.Sprint("(no licenses found)")
}
var problematic []string
for _, license := range licenses {
licenseStr := license.ID
if license.Name != "" && license.ID == "" {
licenseStr = license.Name
}
// Shorten long license strings (like sha256 hashes)
if strings.HasPrefix(licenseStr, "sha256:") && len(licenseStr) > 20 {
licenseStr = "sha256:" + licenseStr[7:15] + "..."
}
// Format problematic licenses in red with hyperlinks
if licenseStr == "" || licenseStr == "(none)" {
problematic = append(problematic, color.Red.Sprint("(unknown)"))
} else {
// Check if we have an SPDX reference for the license
if spdxLicense, err := spdxlicense.GetLicenseByID(licenseStr); err == nil && spdxLicense.Reference != "" {
// Make it red and clickable
problematic = append(problematic, fmt.Sprintf("\033]8;;%s\033\\\033[31m%s\033[0m\033]8;;\033\\", spdxLicense.Reference, licenseStr))
} else {
problematic = append(problematic, color.Red.Sprint(licenseStr))
}
}
}
if len(problematic) == 0 {
return color.Red.Sprint("(no licenses found)")
}
// Show max 2 licenses before showing (+n more)
if len(problematic) > 2 {
return strings.Join(problematic[:2], ", ") + color.Gray.Sprintf(" (+%d more)", len(problematic)-2)
}
return strings.Join(problematic, ", ")
}
// OutputSummaryOnly outputs just the summary information
func (o *Output) OutputSummaryOnly(result *grant.RunResponse) error {
totalCompliant := 0
totalTargets := len(result.Run.Targets)
for _, target := range result.Run.Targets {
if target.Evaluation.Status == statusCompliant {
totalCompliant++
}
}
if totalCompliant == totalTargets {
fmt.Printf("%s All %d targets are compliant\n", color.Green.Sprint("✓"), totalTargets)
return nil
} else {
nonCompliant := totalTargets - totalCompliant
fmt.Printf("%s %d of %d targets are non-compliant\n",
color.Red.Sprint("✗"), nonCompliant, totalTargets)
// List non-compliant targets
for _, target := range result.Run.Targets {
if target.Evaluation.Status != statusCompliant {
fmt.Printf(" - %s: %s\n", target.Source.Ref, target.Evaluation.Status)
}
}
return nil
}
}
// OutputQuiet outputs minimal information for quiet mode
func (o *Output) OutputQuiet(result *grant.RunResponse) error {
nonCompliantCount := 0
for _, target := range result.Run.Targets {
if target.Evaluation.Status != statusCompliant {
nonCompliantCount++
}
}
if nonCompliantCount > 0 {
fmt.Printf("%d\n", nonCompliantCount)
}
return nil
}
// printAggregatedLicenseTable prints licenses grouped by license name with package counts
func (o *Output) printAggregatedLicenseTable(packages []grant.PackageFinding) error {
// First, deduplicate packages by name@version
uniquePackages := make(map[string]grant.PackageFinding)
for _, pkg := range packages {
packageKey := pkg.Name + "@" + pkg.Version
uniquePackages[packageKey] = pkg
}
// Create license to unique packages map
licensePackages := make(map[string]map[string]bool)
for _, pkg := range uniquePackages {
packageKey := pkg.Name + "@" + pkg.Version
if len(pkg.Licenses) == 0 {
// Package with no licenses
if licensePackages["(no licenses found)"] == nil {
licensePackages["(no licenses found)"] = make(map[string]bool)
}
licensePackages["(no licenses found)"][packageKey] = true
} else {
for _, license := range pkg.Licenses {
licenseKey := license.ID
if licenseKey == "" {
licenseKey = license.Name
}
if licenseKey == "" {
licenseKey = "(unknown)"
}
if licensePackages[licenseKey] == nil {
licensePackages[licenseKey] = make(map[string]bool)
}
licensePackages[licenseKey][packageKey] = true
}
}
}
// Convert to count map
licenseMap := make(map[string]int)
for license, pkgSet := range licensePackages {
licenseMap[license] = len(pkgSet)
}
// Convert to slice for sorting
type licenseCount struct {
license string
count int
}
var licenseCounts []licenseCount
for license, count := range licenseMap {
licenseCounts = append(licenseCounts, licenseCount{license, count})
}
// Sort by count descending, then by name ascending
sort.Slice(licenseCounts, func(i, j int) bool {
if licenseCounts[i].count == licenseCounts[j].count {
return licenseCounts[i].license < licenseCounts[j].license
}
return licenseCounts[i].count > licenseCounts[j].count
})
// Create table
t := table.NewWriter()
t.SetOutputMirror(os.Stdout)
// Configure table style to match grype/syft style (consistent with other tables)
t.Style().Options.SeparateHeader = false
t.Style().Options.DrawBorder = false
t.Style().Options.SeparateColumns = false
t.Style().Options.SeparateFooter = false
t.Style().Options.SeparateRows = false
// Set headers
t.AppendHeader(table.Row{"LICENSE", "PACKAGES", "RISK"})
// Add rows
for _, lc := range licenseCounts {
// Get risk category for this license
riskStr := color.Gray.Sprint("Unknown")
if spdxLicense, err := spdxlicense.GetLicenseByID(lc.license); err == nil {
switch {
case spdxLicense.RiskCategory.IsHigh():
riskStr = color.Red.Sprint("High")
case spdxLicense.RiskCategory.IsMedium():
riskStr = color.Yellow.Sprint("Medium")
case spdxLicense.RiskCategory.IsLow():
riskStr = color.Green.Sprint("Low")
}
}
t.AppendRow(table.Row{formatClickableLicense(lc.license), lc.count, riskStr})
}
t.Render()
return nil
}
0707010000001B000081A400000000000000000000000168CB9D630000144D000000000000000000000000000000000000002F00000000grant-0.3.2/cmd/grant/cli/internal/progress.gopackage internal
import (
"fmt"
"strings"
"sync"
"time"
"github.com/gookit/color"
)
const (
branch = "├──"
end = "└──"
)
// ProgressDisplay manages the progress output for grant operations
type ProgressDisplay struct {
mu sync.Mutex
steps []ProgressStep
verbose bool
started time.Time
}
// ProgressStep represents a single step in the progress display
type ProgressStep struct {
Title string
Status StepStatus
SubSteps []SubStep
ShowSubTree bool
}
// SubStep represents a sub-step with tree display
type SubStep struct {
Icon string
Title string
Value string
}
// StepStatus represents the status of a progress step
type StepStatus int
const (
StatusPending StepStatus = iota
StatusRunning
StatusComplete
StatusError
)
// NewProgressDisplay creates a new progress display
func NewProgressDisplay(verbose bool) *ProgressDisplay {
return &ProgressDisplay{
verbose: verbose,
started: time.Now(),
}
}
// AddStep adds a new step to the progress display
func (p *ProgressDisplay) AddStep(title string) {
p.mu.Lock()
defer p.mu.Unlock()
p.steps = append(p.steps, ProgressStep{
Title: title,
Status: StatusPending,
})
}
// UpdateStep updates the status of a step
func (p *ProgressDisplay) UpdateStep(index int, status StepStatus) {
p.mu.Lock()
defer p.mu.Unlock()
if index >= 0 && index < len(p.steps) {
p.steps[index].Status = status
}
}
// SetSubSteps sets the sub-steps for a given step
func (p *ProgressDisplay) SetSubSteps(index int, subSteps []SubStep) {
p.mu.Lock()
defer p.mu.Unlock()
if index >= 0 && index < len(p.steps) {
p.steps[index].SubSteps = subSteps
p.steps[index].ShowSubTree = true
}
}
// CompleteStep marks a step as complete
func (p *ProgressDisplay) CompleteStep(index int) {
p.UpdateStep(index, StatusComplete)
}
// Display shows the current progress
func (p *ProgressDisplay) Display() {
p.mu.Lock()
defer p.mu.Unlock()
for _, step := range p.steps {
p.displayStep(step)
}
}
// displayStep displays a single step with its status
func (p *ProgressDisplay) displayStep(step ProgressStep) {
statusIcon := p.getStatusIcon(step.Status)
statusColor := p.getStatusColor(step.Status)
// Display main step
fmt.Printf(" %s %s\n", statusColor(statusIcon), step.Title)
// Display sub-steps if available
if step.ShowSubTree && len(step.SubSteps) > 0 {
for i, sub := range step.SubSteps {
connector := branch
if i == len(step.SubSteps)-1 {
connector = end
}
fmt.Printf(" %s %s %-30s %s\n", connector, statusColor(sub.Icon), sub.Title, sub.Value)
}
}
}
// getStatusIcon returns the icon for a given status
func (p *ProgressDisplay) getStatusIcon(status StepStatus) string {
switch status {
case StatusComplete:
return "✔"
case StatusRunning:
return "⠋"
case StatusError:
return "✗"
default:
return "○"
}
}
// getStatusColor returns the color function for a given status
func (p *ProgressDisplay) getStatusColor(status StepStatus) func(a ...interface{}) string {
switch status {
case StatusComplete:
return color.Green.Sprint
case StatusError:
return color.Red.Sprint
default:
return color.Gray.Sprint
}
}
// DisplayScanProgress displays progress for scanning operations similar to grype/syft
func DisplayScanProgress(source string, sourceType string) *ProgressDisplay {
progress := NewProgressDisplay(false)
// Add standard scanning steps
progress.AddStep(fmt.Sprintf("Checking %s", source))
progress.CompleteStep(0)
progress.AddStep("License compliance check")
progress.CompleteStep(1)
progress.AddStep("Cataloged contents")
progress.SetSubSteps(2, []SubStep{
{Icon: "✔", Title: "Packages", Value: "[analyzing...]"},
{Icon: "✔", Title: "Licenses", Value: "[analyzing...]"},
{Icon: "✔", Title: "File metadata", Value: "[analyzing...]"},
})
progress.CompleteStep(2)
return progress
}
// UpdateCatalogedContents updates the cataloged contents with actual values
func (p *ProgressDisplay) UpdateCatalogedContents(packages int, licenses int, files int) {
subSteps := []SubStep{
{Icon: "✔", Title: "Packages", Value: fmt.Sprintf("[%d packages]", packages)},
{Icon: "✔", Title: "Licenses", Value: fmt.Sprintf("[%d licenses]", licenses)},
{Icon: "✔", Title: "File metadata", Value: fmt.Sprintf("[%d locations]", files)},
}
p.SetSubSteps(2, subSteps)
}
// DisplaySummaryTree displays the summary in tree format
func DisplaySummaryTree(total int, denied int, allowed int, ignored int, unlicensed int) {
fmt.Printf(" %s Scanned for license compliance %s\n",
color.Green.Sprint("✔"),
color.Gray.Sprintf("[%d packages]", total))
if denied > 0 || allowed > 0 || ignored > 0 || unlicensed > 0 {
var parts []string
if denied > 0 {
parts = append(parts, fmt.Sprintf("%d denied", denied))
}
if allowed > 0 {
parts = append(parts, fmt.Sprintf("%d allowed", allowed))
}
if ignored > 0 {
parts = append(parts, fmt.Sprintf("%d ignored", ignored))
}
if unlicensed > 0 {
parts = append(parts, fmt.Sprintf("%d unlicensed", unlicensed))
}
fmt.Printf(" %s by compliance: %s\n",
color.Gray.Sprint("└──"),
strings.Join(parts, ", "))
}
}
0707010000001C000081A400000000000000000000000168CB9D6300000AB7000000000000000000000000000000000000003200000000grant-0.3.2/cmd/grant/cli/internal/realtime_ui.gopackage internal
import (
"fmt"
"github.com/gookit/color"
)
// RealtimeUI provides a simpler real-time progress display
type RealtimeUI struct {
quiet bool
}
// NewRealtimeUI creates a new real-time UI
func NewRealtimeUI(quiet bool) *RealtimeUI {
return &RealtimeUI{quiet: quiet}
}
// ShowLoadingProgress shows initial loading message
func (ui *RealtimeUI) ShowLoadingProgress(source string) {
if ui.quiet {
return
}
// Show initial loading message without delay
fmt.Printf(" %s Loading %s\n", color.Cyan.Sprint("⠋"), source)
}
// ShowScanComplete shows completed scan status
func (ui *RealtimeUI) ShowScanComplete(source string, sourceType string) {
if ui.quiet {
return
}
// Clear the loading line and show completion
fmt.Printf("\033[1A") // Move cursor up one line
fmt.Printf("\033[2K") // Clear the entire line
fmt.Printf("\r %s Loaded %s",
color.Green.Sprint("✔"), source)
if sourceType != "" {
fmt.Printf(" %s", color.Gray.Sprint(sourceType))
}
fmt.Printf("\n")
}
// ShowCatalogedContents shows the cataloged contents in tree format
func (ui *RealtimeUI) ShowCatalogedContents(packages int, licenses int, files int) {
if ui.quiet {
return
}
fmt.Printf(" %s %s %-30s %s\n",
color.Gray.Sprint("├──"),
color.Green.Sprint("✔"),
"Packages",
color.Gray.Sprintf("[%d packages]", packages))
fmt.Printf(" %s %s %-30s %s\n",
color.Gray.Sprint("├──"),
color.Green.Sprint("✔"),
"Licenses",
color.Gray.Sprintf("[%d unique]", licenses))
fmt.Printf(" %s %s %-30s %s\n",
color.Gray.Sprint("└──"),
color.Green.Sprint("✔"),
"File metadata",
color.Gray.Sprintf("[%d locations]", files))
}
// ShowComplianceResult shows the compliance check result
func (ui *RealtimeUI) ShowComplianceResult(status string) {
if ui.quiet {
return
}
fmt.Printf(" %s Scanned for vulnerabilities %s\n",
color.Green.Sprint("✔"), status)
}
// ShowScanningSteps shows all the scanning steps (deprecated - kept for compatibility)
func (ui *RealtimeUI) ShowScanningSteps(source string, sourceType string, packages int, licenses int, files int) {
if ui.quiet {
return
}
// This function is deprecated in favor of ShowLoadingProgress/ShowScanComplete
// but kept for compatibility
fmt.Printf(" %s Pulled image\n", color.Green.Sprint("✔"))
fmt.Printf(" %s Loaded image\n", color.Green.Sprint("✔"))
fmt.Printf(" %s Parsed image\n", color.Green.Sprint("✔"))
fmt.Printf(" %s Cataloged contents %s\n",
color.Green.Sprint("✔"), color.Gray.Sprintf("sha256:%s", source[0:12]))
// Show sub-tree for cataloged contents
ui.ShowCatalogedContents(packages, licenses, files)
}
0707010000001D000081A400000000000000000000000168CB9D6300000219000000000000000000000000000000000000002F00000000grant-0.3.2/cmd/grant/cli/internal/terminal.gopackage internal
import (
"os"
"golang.org/x/term"
)
// IsTerminalOutput returns true if stdout is a terminal (not piped or redirected)
func IsTerminalOutput() bool {
return term.IsTerminal(int(os.Stdout.Fd()))
}
// IsTerminalError returns true if stderr is a terminal (not piped or redirected)
func IsTerminalError() bool {
return term.IsTerminal(int(os.Stderr.Fd()))
}
// IsTerminalInput returns true if stdin is a terminal (not piped or redirected)
func IsTerminalInput() bool {
return term.IsTerminal(int(os.Stdin.Fd()))
}
0707010000001E000081A400000000000000000000000168CB9D63000001DC000000000000000000000000000000000000001E00000000grant-0.3.2/cmd/grant/main.gopackage main
import (
"os"
"runtime"
"github.com/anchore/grant/cmd/grant/cli"
"github.com/anchore/grant/internal"
)
var (
version = internal.NotProvided
gitCommit = internal.NotProvided
buildDate = internal.NotProvided
gitDescription = internal.NotProvided
)
func main() {
internal.SetBuildInfo(version, gitCommit, buildDate, gitDescription, runtime.Version())
app := cli.Application()
if err := app.Execute(); err != nil {
os.Exit(1)
}
}
0707010000001F000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000001100000000grant-0.3.2/docs07070100000020000081A400000000000000000000000168CB9D630000153B000000000000000000000000000000000000001B00000000grant-0.3.2/docs/DESIGN.md## Summary
Grant is a license compliance tool that reads and audits licenses from container images, SBOM documents, and file system scans.
It returns a deny or pass depending on if the discovered licenses adhere to the user's supplied policy.
### Core Usage:
As a CI operator, I would like my image's SBOM to be searched for permitted/denied licenses.
I can then gate software releases/promotions based on my organizations license compliance.
I will provide a config that allows for certain licenses with a list of packages as exceptions.
These licenses will be in the format of Identifiers found in the spdx license list:
- [spdx license list](https://spdx.org/licenses/)
I want grant to deny with a status code 1 and informative message when my SBOM contains packages with licenses not allowed by my config.
Config:
```
# Default behavior: DENY all licenses except those explicitly permitted
# Default behavior: DENY packages without licenses
# Allowed licenses (glob patterns supported)
allow:
- MIT
- MIT-*
- Apache-2.0
- Apache-2.0-*
- BSD-2-Clause
- BSD-3-Clause
- BSD-3-Clause-Clear
- ISC
- 0BSD
- Unlicense
- CC0-1.0
# Software packages to skip license checking entirely (package manager packages)
ignore-packages:
- github.com/mycompany/* # Our own Go modules
```
### Open Questions
- How do users want to see unowned files that are Forbidden for an image scan?
- I've been given an SBOM and it does not illustrate the source (directory or OCI image). Are all license equal?
## Commands
### grant check
### grant List
This shows all the licenses as SPDX identifiers from the SPDX license list with the packages as children
```
grant list redis:latest
MIT
ID p1 declared xxxxx
ID p2 concluded xxxx
MIT-Modern-Varient
ID f1 concluded xxx
NPL-1.0
ID p1 declared xxxx
```
### grant spdx list
List the latest version of the spdx license list
```
grant spdx list <SOME_SPDX_ID>
BSD Zero Clause License 0BSD
Attribution Assurance License AAL
Abstyles License Abstyles
Adobe Systems Incorporated... Adobe-2006
Adobe Glyph List License Adobe-Glyph
Amazon Digital Services License ADSL
Academic Free License v1.1 AFL-1.1
Academic Free License v1.2 AFL-1.2
Academic Free License v2.0 AFL-2.0
Academic Free License v2.1 AFL-2.1
Academic Free License v3.0 AFL-3.0
grant spdx list --deprecated <-- show deprecated
...
```
#### Notes
// Latest SPDX license list <--- Might be incompatible
// Compare my organization to an older license list
#### SPDX Sub commmands for setting/using the correct list and getting license text
```
grant spdx version set <VERSION-NUMBER> // sets version list
grant spdx version //lists current license list version
grant spdx get <SPDX-LICENSE-ID> // full contents?
```
// describe resource or just some ID from the list output?
```
grant describe package <package_name:version, package_id>
grant describe license <license_name> <-- Show me all the packages for a license
grant describe file <file_name, file_id>
grant describe <SOME-ID>
```
// compliance and query
```
grant check <SOME-SBOM> --config <SOME_GRANT_CONFIG>
grant search <SOME-QUERY> <--
- Deprecated licenses
- SPDX Complex Expressions
- License Confidence Query
- Concluded vs Declared
- I just want to see all GPL
- Diffs between declared and concluded (inconsistencies - p1 declare MIT, p1 found ADOBE)
- All source files that have declarations (divided by ecosystem or laguage?)
- direct dependencies
```
// Third Party Inputs
Third party?---> deps.dev as input directly****
// Syft Not grabbing all of the packages transitively (MOAR LICENSES)
// Syft pre/post (We want pre build syft SBOM to do the transitive dependencies)
// Go build cache --> Syft Sbom --> Grant (Better golang licenses)
### Misc Notes
License Declared vs License Concluded (Looking at the text vs reading the package data)
Pure syft downstream tool
Sometimes this is by package owned files
Sometimes this is by parsing all files
Sometimes this is by parsing all unowned files
Core model of syft
- update license shape to include tags
- Does it exist on package struct or on its metadata
- update file cataloger to open and conclude licenses
#### Third party things
- Thirdparty license directory for distro... <-- These should be associated with the package
#### SPDX License Expressions
License expressions... Probably advanced level:
https://spdx.org/licenses/
https://spdx.github.io/spdx-spec/v2.3/SPDX-license-expressions/
Sometimes found in package metadata where people want to express
the presence of multiple license
Debian has some shared license location examples
How to handle all licenses in a compound file?
#### SPDX License Identifiers:
https://github.com/anchore/syft/issues/565
https://spdx.dev/ids/
Are packages limited to one concluded and one declared?
Combinations
- Declared can have a concluded
- If not declated we can still find concluded via owned files
- If declared if might not be able to conclude (Found Nothing?)
Image:
- Owned vs unknowned is imporant
Dir:
- Nothing is owned so the file cataloger does the work
Files should only be concluded
Go over all files?
- What's the hueristic for this?
- only visit `LICENSE` named files?
- check runtime for large SBOM file reads
Does Concluded comes from resolving the file itself as contents of a license?
Does Declared or Concluded comes from reading SPDX IDS from the header of a file?
07070100000021000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000001200000000grant-0.3.2/event07070100000022000081A400000000000000000000000168CB9D630000035E000000000000000000000000000000000000001C00000000grant-0.3.2/event/events.gopackage event
import "github.com/wagoodman/go-partybus"
const (
typePrefix = "grant"
cliTypePrefix = typePrefix + "-cli"
// Events from the grant library
// TaskStartedEvent is a generic, monitorable partybus event that occurs when a task has begun
TaskStartedEvent partybus.EventType = typePrefix + "-task"
// Events exclusively for the CLI
// CLICheckCmdStarted is a partybus event that occurs when the check cli command has begun
CLICheckCmdStarted partybus.EventType = cliTypePrefix + "-check-cmd-started"
// CLIReport is a partybus event that occurs when the cli is ready to generate a report
CLIReport partybus.EventType = cliTypePrefix + "-report"
// CLINotification is a partybus event that occurs when auxiliary information is ready for presentation to stderr
CLINotification partybus.EventType = cliTypePrefix + "-notification"
)
07070100000023000081A400000000000000000000000168CB9D6300000738000000000000000000000000000000000000001D00000000grant-0.3.2/event/parsers.gopackage event
import (
"fmt"
"github.com/wagoodman/go-partybus"
"github.com/wagoodman/go-progress"
)
type ErrBadPayload struct {
Type partybus.EventType
Field string
Value interface{}
}
func (e *ErrBadPayload) Error() string {
return fmt.Sprintf("event='%s' has bad event payload field='%v': '%+v'", string(e.Type), e.Field, e.Value)
}
func newPayloadErr(t partybus.EventType, field string, value interface{}) error {
return &ErrBadPayload{
Type: t,
Field: field,
Value: value,
}
}
func checkEventType(actual, expected partybus.EventType) error {
if actual != expected {
return newPayloadErr(expected, "Type", actual)
}
return nil
}
func ParseTaskStarted(e partybus.Event) (*Task, progress.StagedProgressable, error) {
if err := checkEventType(e.Type, TaskStartedEvent); err != nil {
return nil, nil, err
}
cmd, ok := e.Source.(Task)
if !ok {
return nil, nil, newPayloadErr(e.Type, "Source", e.Source)
}
p, ok := e.Value.(progress.StagedProgressable)
if !ok {
return nil, nil, newPayloadErr(e.Type, "Value", e.Value)
}
return &cmd, p, nil
}
func ParseCLIReport(e partybus.Event) (string, string, error) {
if err := checkEventType(e.Type, CLIReport); err != nil {
return "", "", err
}
context, ok := e.Source.(string)
if !ok {
// this is optional
context = ""
}
report, ok := e.Value.(string)
if !ok {
return "", "", newPayloadErr(e.Type, "Value", e.Value)
}
return context, report, nil
}
func ParseCLINotification(e partybus.Event) (string, string, error) {
if err := checkEventType(e.Type, CLINotification); err != nil {
return "", "", err
}
context, ok := e.Source.(string)
if !ok {
// this is optional
context = ""
}
notification, ok := e.Value.(string)
if !ok {
return "", "", newPayloadErr(e.Type, "Value", e.Value)
}
return context, notification, nil
}
07070100000024000081A400000000000000000000000168CB9D6300000128000000000000000000000000000000000000001A00000000grant-0.3.2/event/task.gopackage event
import "github.com/wagoodman/go-progress"
type Task struct {
Title Title
Context string
}
type Title struct {
Default string
WhileRunning string
OnSuccess string
OnFail string
}
type ManualStagedProgress struct {
*progress.AtomicStage
*progress.Manual
}
07070100000025000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000001500000000grant-0.3.2/fixtures07070100000026000081A400000000000000000000000168CB9D630000EBC0000000000000000000000000000000000000002A00000000grant-0.3.2/fixtures/alpine.tagvalue.spdxSPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: alpine
DocumentNamespace: https://anchore.com/syft/image/alpine-2e0e5850-a787-4602-8c28-b01e6e6084d6
LicenseListVersion: 3.22
Creator: Organization: Anchore, Inc
Creator: Tool: syft-0.97.0
Created: 2023-11-27T21:58:11Z
##### Unpackaged files
FileName: /usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub
SPDXID: SPDXRef-File-...alpine-devel-lists.alpinelinux.org-4a6a0840.rsa.pub-20cf9f534085e945
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub
SPDXID: SPDXRef-File-...alpine-devel-lists.alpinelinux.org-4a6a0840.rsa.pub-226fc2b8b6074102
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub
SPDXID: SPDXRef-File-...alpine-devel-lists.alpinelinux.org-5243ef4b.rsa.pub-5d6524ee4773578a
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub
SPDXID: SPDXRef-File-...alpine-devel-lists.alpinelinux.org-5243ef4b.rsa.pub-bbeee289b81a6de1
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub
SPDXID: SPDXRef-File-...alpine-devel-lists.alpinelinux.org-524d27bb.rsa.pub-e8cbb99b9dbeb702
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub
SPDXID: SPDXRef-File-...alpine-devel-lists.alpinelinux.org-5261cecb.rsa.pub-87948a20075367f4
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub
SPDXID: SPDXRef-File-...alpine-devel-lists.alpinelinux.org-5261cecb.rsa.pub-b39e246556a04c03
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub
SPDXID: SPDXRef-File-...alpine-devel-lists.alpinelinux.org-58199dcc.rsa.pub-360e05c12ed554b6
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub
SPDXID: SPDXRef-File-...alpine-devel-lists.alpinelinux.org-58cbb476.rsa.pub-d01a44792268e5f6
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub
SPDXID: SPDXRef-File-...alpine-devel-lists.alpinelinux.org-58e4f17d.rsa.pub-c48d48e07e4c25b9
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub
SPDXID: SPDXRef-File-...alpine-devel-lists.alpinelinux.org-5e69ca50.rsa.pub-90c0673ef43c9544
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub
SPDXID: SPDXRef-File-...alpine-devel-lists.alpinelinux.org-60ac2099.rsa.pub-f6a9952fe04a43cb
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub
SPDXID: SPDXRef-File-...alpine-devel-lists.alpinelinux.org-6165ee59.rsa.pub-2fa33bb12e442749
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub
SPDXID: SPDXRef-File-...alpine-devel-lists.alpinelinux.org-6165ee59.rsa.pub-307958a4bdf894b4
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub
SPDXID: SPDXRef-File-...alpine-devel-lists.alpinelinux.org-61666e3f.rsa.pub-8e66c869e0661398
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub
SPDXID: SPDXRef-File-...alpine-devel-lists.alpinelinux.org-61666e3f.rsa.pub-f5e77bd57361cd38
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub
SPDXID: SPDXRef-File-...alpine-devel-lists.alpinelinux.org-616a9724.rsa.pub-0993a63e07e545a9
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub
SPDXID: SPDXRef-File-...alpine-devel-lists.alpinelinux.org-616abc23.rsa.pub-84b5a3118c077c5a
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub
SPDXID: SPDXRef-File-...alpine-devel-lists.alpinelinux.org-616ac3bc.rsa.pub-a434518c6ae434c2
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub
SPDXID: SPDXRef-File-...alpine-devel-lists.alpinelinux.org-616adfeb.rsa.pub-c7135dd21091c6e8
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub
SPDXID: SPDXRef-File-...alpine-devel-lists.alpinelinux.org-616ae350.rsa.pub-8fda3ed0d1961b6e
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub
SPDXID: SPDXRef-File-...alpine-devel-lists.alpinelinux.org-616db30d.rsa.pub-6d2a56af87faa2c1
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /bin/busybox
SPDXID: SPDXRef-File-bin-busybox-e202ef7be7af94bd
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/busybox-paths.d/busybox
SPDXID: SPDXRef-File-etc-busybox-paths.d-busybox-a705ce53d9d4474d
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/crontabs/root
SPDXID: SPDXRef-File-etc-crontabs-root-9850dad7b8733f02
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/fstab
SPDXID: SPDXRef-File-etc-fstab-506f85b9b76b9930
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/group
SPDXID: SPDXRef-File-etc-group-2ac3006bd085faf9
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/hostname
SPDXID: SPDXRef-File-etc-hostname-41cef59949d5f5c8
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/hosts
SPDXID: SPDXRef-File-etc-hosts-2d9a8fa5e934baa8
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/inittab
SPDXID: SPDXRef-File-etc-inittab-f7231334aef4225c
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/logrotate.d/acpid
SPDXID: SPDXRef-File-etc-logrotate.d-acpid-9375f7051f97fba1
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/modprobe.d/aliases.conf
SPDXID: SPDXRef-File-etc-modprobe.d-aliases.conf-0159b9221b8998e2
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/modprobe.d/blacklist.conf
SPDXID: SPDXRef-File-etc-modprobe.d-blacklist.conf-8dca6592d27d8e79
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/modprobe.d/i386.conf
SPDXID: SPDXRef-File-etc-modprobe.d-i386.conf-18a59d24c6ecd1a2
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/modprobe.d/kms.conf
SPDXID: SPDXRef-File-etc-modprobe.d-kms.conf-1629ecb847e16269
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/modules
SPDXID: SPDXRef-File-etc-modules-1d478710c75b2a14
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/motd
SPDXID: SPDXRef-File-etc-motd-ab0a5b2efc0d83b6
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/network/if-up.d/dad
SPDXID: SPDXRef-File-etc-network-if-up.d-dad-0028f6f9cd570ecc
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/nsswitch.conf
SPDXID: SPDXRef-File-etc-nsswitch.conf-d357372a90ca7132
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/passwd
SPDXID: SPDXRef-File-etc-passwd-8d8f419d8f464088
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/profile
SPDXID: SPDXRef-File-etc-profile-588a0d6834114aba
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/profile.d/20locale.sh
SPDXID: SPDXRef-File-etc-profile.d-20locale.sh-32bb1cb0e72dea3f
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/profile.d/README
SPDXID: SPDXRef-File-etc-profile.d-README-be0ca5be9d9e0df6
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/profile.d/color_prompt.sh.disabled
SPDXID: SPDXRef-File-etc-profile.d-color-prompt.sh.disabled-a3ad33156b1b3289
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/protocols
SPDXID: SPDXRef-File-etc-protocols-b012ec88417e7d37
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/securetty
SPDXID: SPDXRef-File-etc-securetty-6da069df002af5fa
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/services
SPDXID: SPDXRef-File-etc-services-72c8d02c8efd8324
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/shadow
SPDXID: SPDXRef-File-etc-shadow-3c9a7deb1d0266b7
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/shells
SPDXID: SPDXRef-File-etc-shells-271c29cce586f3fc
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/ssl/certs/ca-certificates.crt
SPDXID: SPDXRef-File-etc-ssl-certs-ca-certificates.crt-4dfa0b7cc6ad42d7
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/ssl/ct_log_list.cnf
SPDXID: SPDXRef-File-etc-ssl-ct-log-list.cnf-c00cb9333b24c15d
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/ssl/ct_log_list.cnf.dist
SPDXID: SPDXRef-File-etc-ssl-ct-log-list.cnf.dist-54893d0879f9fc83
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/ssl/misc/CA.pl
SPDXID: SPDXRef-File-etc-ssl-misc-CA.pl-78284be2bba966f4
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/ssl/misc/tsget.pl
SPDXID: SPDXRef-File-etc-ssl-misc-tsget.pl-bfa68bd5a9a3a6b3
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/ssl/openssl.cnf
SPDXID: SPDXRef-File-etc-ssl-openssl.cnf-f8817538017cf529
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/ssl/openssl.cnf.dist
SPDXID: SPDXRef-File-etc-ssl-openssl.cnf.dist-e596e3053e9ec56f
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/sysctl.conf
SPDXID: SPDXRef-File-etc-sysctl.conf-734e42619a3909c3
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /etc/udhcpd.conf
SPDXID: SPDXRef-File-etc-udhcpd.conf-96c57c4a578011fc
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /lib/apk/db/installed
SPDXID: SPDXRef-File-lib-apk-db-installed-a01260b4bb11b576
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /lib/ld-musl-x86_64.so.1
SPDXID: SPDXRef-File-lib-ld-musl-x86-64.so.1-5ad847e8604b23e1
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /lib/libapk.so.2.14.0
SPDXID: SPDXRef-File-lib-libapk.so.2.14.0-129245a9da03e559
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /lib/libcrypto.so.3
SPDXID: SPDXRef-File-lib-libcrypto.so.3-cb26d83cd4c10f96
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /lib/libssl.so.3
SPDXID: SPDXRef-File-lib-libssl.so.3-7eb6eb3999549e5f
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /lib/libz.so.1.2.13
SPDXID: SPDXRef-File-lib-libz.so.1.2.13-0b003b776e515a4d
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /lib/sysctl.d/00-alpine.conf
SPDXID: SPDXRef-File-lib-sysctl.d-00-alpine.conf-a778fbf3d8e12100
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /sbin/apk
SPDXID: SPDXRef-File-sbin-apk-9b57c4594cbb1250
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /sbin/ldconfig
SPDXID: SPDXRef-File-sbin-ldconfig-f9eb672d705c4ffb
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /usr/bin/getconf
SPDXID: SPDXRef-File-usr-bin-getconf-7cadf888d599b703
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /usr/bin/getent
SPDXID: SPDXRef-File-usr-bin-getent-9c2b285b89b30224
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /usr/bin/iconv
SPDXID: SPDXRef-File-usr-bin-iconv-7b57b994c8fad373
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /usr/bin/ldd
SPDXID: SPDXRef-File-usr-bin-ldd-f96cd15718733827
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /usr/bin/scanelf
SPDXID: SPDXRef-File-usr-bin-scanelf-fe66356749c377eb
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /usr/bin/ssl_client
SPDXID: SPDXRef-File-usr-bin-ssl-client-193d485e3137505e
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /usr/lib/engines-3/afalg.so
SPDXID: SPDXRef-File-usr-lib-engines-3-afalg.so-5aa1f569f30b12cf
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /usr/lib/engines-3/capi.so
SPDXID: SPDXRef-File-usr-lib-engines-3-capi.so-9de259d9b03018b7
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /usr/lib/engines-3/loader_attic.so
SPDXID: SPDXRef-File-usr-lib-engines-3-loader-attic.so-d359b4b95c6101c5
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /usr/lib/engines-3/padlock.so
SPDXID: SPDXRef-File-usr-lib-engines-3-padlock.so-07d4d8d187bef761
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /usr/lib/ossl-modules/legacy.so
SPDXID: SPDXRef-File-usr-lib-ossl-modules-legacy.so-8792d9f748c697b8
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
FileName: /usr/share/udhcpc/default.script
SPDXID: SPDXRef-File-usr-share-udhcpc-default.script-e751aa77624bdf12
FileChecksum: SHA1: 0000000000000000000000000000000000000000
LicenseConcluded: NOASSERTION
FileComment: layerID: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438
##### Package: alpine
PackageName: alpine
SPDXID: SPDXRef-DocumentRoot-Image-alpine
PackageVersion: sha256:48d9183eb12a05c99bcc0bf44a003607b8e941e1d4f41f9ad12bdcc4b5672f86
PackageSupplier: NOASSERTION
PackageDownloadLocation: NOASSERTION
PrimaryPackagePurpose: CONTAINER
FilesAnalyzed: false
PackageChecksum: SHA256: 48d9183eb12a05c99bcc0bf44a003607b8e941e1d4f41f9ad12bdcc4b5672f86
ExternalRef: PACKAGE-MANAGER purl pkg:oci/alpine@sha256:48d9183eb12a05c99bcc0bf44a003607b8e941e1d4f41f9ad12bdcc4b5672f86?arch=amd64&tag=latest
##### Package: alpine-baselayout
PackageName: alpine-baselayout
SPDXID: SPDXRef-Package-apk-alpine-baselayout-baca676b3df82a63
PackageVersion: 3.4.3-r1
PackageSupplier: Person: Natanael Copa <ncopa@alpinelinux.org>
PackageOriginator: Person: Natanael Copa <ncopa@alpinelinux.org>
PackageDownloadLocation: https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout
FilesAnalyzed: false
PackageSourceInfo: acquired package info from APK DB: /lib/apk/db/installed
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: GPL-2.0-only
PackageCopyrightText: NOASSERTION
PackageDescription: Alpine base dir structure and init scripts
ExternalRef: SECURITY cpe23Type cpe:2.3:a:alpine-baselayout:alpine-baselayout:3.4.3-r1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:alpine-baselayout:alpine_baselayout:3.4.3-r1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:alpine_baselayout:alpine-baselayout:3.4.3-r1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:alpine_baselayout:alpine_baselayout:3.4.3-r1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:alpine:alpine-baselayout:3.4.3-r1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:alpine:alpine_baselayout:3.4.3-r1:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=alpine-3.18.4
##### Package: alpine-baselayout-data
PackageName: alpine-baselayout-data
SPDXID: SPDXRef-Package-apk-alpine-baselayout-data-85e34641ddeca26c
PackageVersion: 3.4.3-r1
PackageSupplier: Person: Natanael Copa <ncopa@alpinelinux.org>
PackageOriginator: Person: Natanael Copa <ncopa@alpinelinux.org>
PackageDownloadLocation: https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout
FilesAnalyzed: false
PackageSourceInfo: acquired package info from APK DB: /lib/apk/db/installed
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: GPL-2.0-only
PackageCopyrightText: NOASSERTION
PackageDescription: Alpine base dir structure and init scripts
ExternalRef: SECURITY cpe23Type cpe:2.3:a:alpine-baselayout-data:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:alpine-baselayout-data:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:alpine_baselayout_data:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:alpine_baselayout_data:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:alpine-baselayout:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:alpine-baselayout:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:alpine_baselayout:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:alpine_baselayout:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:alpine:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:alpine:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.18.4
##### Package: alpine-keys
PackageName: alpine-keys
SPDXID: SPDXRef-Package-apk-alpine-keys-c3e1269ff75aa1d8
PackageVersion: 2.4-r1
PackageSupplier: Person: Natanael Copa <ncopa@alpinelinux.org>
PackageOriginator: Person: Natanael Copa <ncopa@alpinelinux.org>
PackageDownloadLocation: https://alpinelinux.org
FilesAnalyzed: false
PackageSourceInfo: acquired package info from APK DB: /lib/apk/db/installed
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: MIT
PackageCopyrightText: NOASSERTION
PackageDescription: Public keys for Alpine Linux packages
ExternalRef: SECURITY cpe23Type cpe:2.3:a:alpine-keys:alpine-keys:2.4-r1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:alpine-keys:alpine_keys:2.4-r1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:alpine_keys:alpine-keys:2.4-r1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:alpine_keys:alpine_keys:2.4-r1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:alpine:alpine-keys:2.4-r1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:alpine:alpine_keys:2.4-r1:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=alpine-3.18.4
##### Package: apk-tools
PackageName: apk-tools
SPDXID: SPDXRef-Package-apk-apk-tools-e54b9e6921a9482e
PackageVersion: 2.14.0-r2
PackageSupplier: Person: Natanael Copa <ncopa@alpinelinux.org>
PackageOriginator: Person: Natanael Copa <ncopa@alpinelinux.org>
PackageDownloadLocation: https://gitlab.alpinelinux.org/alpine/apk-tools
FilesAnalyzed: false
PackageSourceInfo: acquired package info from APK DB: /lib/apk/db/installed
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: GPL-2.0-only
PackageCopyrightText: NOASSERTION
PackageDescription: Alpine Package Keeper - package manager for alpine
ExternalRef: SECURITY cpe23Type cpe:2.3:a:apk-tools:apk-tools:2.14.0-r2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:apk-tools:apk_tools:2.14.0-r2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:apk_tools:apk-tools:2.14.0-r2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:apk_tools:apk_tools:2.14.0-r2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:apk:apk-tools:2.14.0-r2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:apk:apk_tools:2.14.0-r2:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=alpine-3.18.4
##### Package: busybox-binsh
PackageName: busybox-binsh
SPDXID: SPDXRef-Package-apk-busybox-binsh-b8384340b5c5b8ca
PackageVersion: 1.36.1-r2
PackageSupplier: Person: Sören Tempel <soeren+alpine@soeren-tempel.net>
PackageOriginator: Person: Sören Tempel <soeren+alpine@soeren-tempel.net>
PackageDownloadLocation: https://busybox.net/
FilesAnalyzed: false
PackageSourceInfo: acquired package info from APK DB: /lib/apk/db/installed
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: GPL-2.0-only
PackageCopyrightText: NOASSERTION
PackageDescription: busybox ash /bin/sh
ExternalRef: SECURITY cpe23Type cpe:2.3:a:busybox-binsh:busybox-binsh:1.36.1-r2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:busybox-binsh:busybox_binsh:1.36.1-r2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:busybox_binsh:busybox-binsh:1.36.1-r2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:busybox_binsh:busybox_binsh:1.36.1-r2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:busybox:busybox-binsh:1.36.1-r2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:busybox:busybox_binsh:1.36.1-r2:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.4
##### Package: busybox
PackageName: busybox
SPDXID: SPDXRef-Package-apk-busybox-c4df3b964f3b98b5
PackageVersion: 1.36.1-r2
PackageSupplier: Person: Sören Tempel <soeren+alpine@soeren-tempel.net>
PackageOriginator: Person: Sören Tempel <soeren+alpine@soeren-tempel.net>
PackageDownloadLocation: https://busybox.net/
FilesAnalyzed: false
PackageSourceInfo: acquired package info from APK DB: /lib/apk/db/installed
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: GPL-2.0-only
PackageCopyrightText: NOASSERTION
PackageDescription: Size optimized toolbox of many common UNIX utilities
ExternalRef: SECURITY cpe23Type cpe:2.3:a:busybox:busybox:1.36.1-r2:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.4
##### Package: ca-certificates-bundle
PackageName: ca-certificates-bundle
SPDXID: SPDXRef-Package-apk-ca-certificates-bundle-e6d1b63d5a046c55
PackageVersion: 20230506-r0
PackageSupplier: Person: Natanael Copa <ncopa@alpinelinux.org>
PackageOriginator: Person: Natanael Copa <ncopa@alpinelinux.org>
PackageDownloadLocation: https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/
FilesAnalyzed: false
PackageSourceInfo: acquired package info from APK DB: /lib/apk/db/installed
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: (MPL-2.0 AND MIT)
PackageCopyrightText: NOASSERTION
PackageDescription: Pre generated bundle of Mozilla certificates
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ca-certificates-bundle:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ca-certificates-bundle:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ca_certificates_bundle:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ca_certificates_bundle:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ca-certificates:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ca-certificates:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ca_certificates:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ca_certificates:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:mozilla:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:mozilla:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ca:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ca:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.18.4
##### Package: libc-utils
PackageName: libc-utils
SPDXID: SPDXRef-Package-apk-libc-utils-caef79f1fe0b500a
PackageVersion: 0.7.2-r5
PackageSupplier: Person: Natanael Copa <ncopa@alpinelinux.org>
PackageOriginator: Person: Natanael Copa <ncopa@alpinelinux.org>
PackageDownloadLocation: https://alpinelinux.org
FilesAnalyzed: false
PackageSourceInfo: acquired package info from APK DB: /lib/apk/db/installed
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: (BSD-2-Clause AND BSD-3-Clause)
PackageCopyrightText: NOASSERTION
PackageDescription: Meta package to pull in correct libc
ExternalRef: SECURITY cpe23Type cpe:2.3:a:libc-utils:libc-utils:0.7.2-r5:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:libc-utils:libc_utils:0.7.2-r5:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:libc_utils:libc-utils:0.7.2-r5:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:libc_utils:libc_utils:0.7.2-r5:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:libc:libc-utils:0.7.2-r5:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:libc:libc_utils:0.7.2-r5:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&upstream=libc-dev&distro=alpine-3.18.4
##### Package: libcrypto3
PackageName: libcrypto3
SPDXID: SPDXRef-Package-apk-libcrypto3-99fa7f052e54ddb9
PackageVersion: 3.1.3-r0
PackageSupplier: Person: Ariadne Conill <ariadne@dereferenced.org>
PackageOriginator: Person: Ariadne Conill <ariadne@dereferenced.org>
PackageDownloadLocation: https://www.openssl.org/
FilesAnalyzed: false
PackageSourceInfo: acquired package info from APK DB: /lib/apk/db/installed
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageDescription: Crypto library from openssl
ExternalRef: SECURITY cpe23Type cpe:2.3:a:libcrypto3:libcrypto3:3.1.3-r0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:libcrypto3:libcrypto:3.1.3-r0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:libcrypto:libcrypto3:3.1.3-r0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:libcrypto:libcrypto:3.1.3-r0:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.4
##### Package: libssl3
PackageName: libssl3
SPDXID: SPDXRef-Package-apk-libssl3-68a3488610dc68e4
PackageVersion: 3.1.3-r0
PackageSupplier: Person: Ariadne Conill <ariadne@dereferenced.org>
PackageOriginator: Person: Ariadne Conill <ariadne@dereferenced.org>
PackageDownloadLocation: https://www.openssl.org/
FilesAnalyzed: false
PackageSourceInfo: acquired package info from APK DB: /lib/apk/db/installed
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageDescription: SSL shared libraries
ExternalRef: SECURITY cpe23Type cpe:2.3:a:libssl3:libssl3:3.1.3-r0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:libssl3:libssl:3.1.3-r0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:libssl:libssl3:3.1.3-r0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:libssl:libssl:3.1.3-r0:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.4
##### Package: musl
PackageName: musl
SPDXID: SPDXRef-Package-apk-musl-cb940afce7c7e0d3
PackageVersion: 1.2.4-r1
PackageSupplier: Person: Timo Teräs <timo.teras@iki.fi>
PackageOriginator: Person: Timo Teräs <timo.teras@iki.fi>
PackageDownloadLocation: https://musl.libc.org/
FilesAnalyzed: false
PackageSourceInfo: acquired package info from APK DB: /lib/apk/db/installed
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: MIT
PackageCopyrightText: NOASSERTION
PackageDescription: the musl c library (libc) implementation
ExternalRef: SECURITY cpe23Type cpe:2.3:a:musl-libc:musl:1.2.4-r1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:musl_libc:musl:1.2.4-r1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:musl:musl:1.2.4-r1:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.4
##### Package: musl-utils
PackageName: musl-utils
SPDXID: SPDXRef-Package-apk-musl-utils-d4ae8261cf0671f6
PackageVersion: 1.2.4-r1
PackageSupplier: Person: Timo Teräs <timo.teras@iki.fi>
PackageOriginator: Person: Timo Teräs <timo.teras@iki.fi>
PackageDownloadLocation: https://musl.libc.org/
FilesAnalyzed: false
PackageSourceInfo: acquired package info from APK DB: /lib/apk/db/installed
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: (MIT AND BSD-2-Clause AND GPL-2.0-or-later)
PackageCopyrightText: NOASSERTION
PackageDescription: the musl c library (libc) implementation
ExternalRef: SECURITY cpe23Type cpe:2.3:a:musl-utils:musl-utils:1.2.4-r1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:musl-utils:musl_utils:1.2.4-r1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:musl_utils:musl-utils:1.2.4-r1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:musl_utils:musl_utils:1.2.4-r1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:musl-libc:musl-utils:1.2.4-r1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:musl-libc:musl_utils:1.2.4-r1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:musl:musl-utils:1.2.4-r1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:musl:musl_utils:1.2.4-r1:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.4
##### Package: scanelf
PackageName: scanelf
SPDXID: SPDXRef-Package-apk-scanelf-701300eef0967970
PackageVersion: 1.3.7-r1
PackageSupplier: Person: Natanael Copa <ncopa@alpinelinux.org>
PackageOriginator: Person: Natanael Copa <ncopa@alpinelinux.org>
PackageDownloadLocation: https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities
FilesAnalyzed: false
PackageSourceInfo: acquired package info from APK DB: /lib/apk/db/installed
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: GPL-2.0-only
PackageCopyrightText: NOASSERTION
PackageDescription: Scan ELF binaries for stuff
ExternalRef: SECURITY cpe23Type cpe:2.3:a:scanelf:scanelf:1.3.7-r1:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.4
##### Package: ssl_client
PackageName: ssl_client
SPDXID: SPDXRef-Package-apk-ssl-client-bdbab9ee97709e2f
PackageVersion: 1.36.1-r2
PackageSupplier: Person: Sören Tempel <soeren+alpine@soeren-tempel.net>
PackageOriginator: Person: Sören Tempel <soeren+alpine@soeren-tempel.net>
PackageDownloadLocation: https://busybox.net/
FilesAnalyzed: false
PackageSourceInfo: acquired package info from APK DB: /lib/apk/db/installed
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: GPL-2.0-only
PackageCopyrightText: NOASSERTION
PackageDescription: EXternal ssl_client for busybox wget
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ssl-client:ssl-client:1.36.1-r2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ssl-client:ssl_client:1.36.1-r2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ssl_client:ssl-client:1.36.1-r2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ssl_client:ssl_client:1.36.1-r2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ssl:ssl-client:1.36.1-r2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ssl:ssl_client:1.36.1-r2:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.4
##### Package: zlib
PackageName: zlib
SPDXID: SPDXRef-Package-apk-zlib-c8e7fc9f117e52bc
PackageVersion: 1.2.13-r1
PackageSupplier: Person: Natanael Copa <ncopa@alpinelinux.org>
PackageOriginator: Person: Natanael Copa <ncopa@alpinelinux.org>
PackageDownloadLocation: https://zlib.net/
FilesAnalyzed: false
PackageSourceInfo: acquired package info from APK DB: /lib/apk/db/installed
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: Zlib
PackageCopyrightText: NOASSERTION
PackageDescription: A compression/decompression Library
ExternalRef: SECURITY cpe23Type cpe:2.3:a:zlib:zlib:1.2.13-r1:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.4
##### Relationships
Relationship: SPDXRef-Package-apk-libssl3-68a3488610dc68e4 CONTAINS SPDXRef-File-lib-libssl.so.3-7eb6eb3999549e5f
Relationship: SPDXRef-Package-apk-libssl3-68a3488610dc68e4 OTHER SPDXRef-File-lib-apk-db-installed-a01260b4bb11b576
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-apk-libssl3-68a3488610dc68e4 DEPENDENCY_OF SPDXRef-Package-apk-ssl-client-bdbab9ee97709e2f
Relationship: SPDXRef-Package-apk-libssl3-68a3488610dc68e4 DEPENDENCY_OF SPDXRef-Package-apk-apk-tools-e54b9e6921a9482e
Relationship: SPDXRef-Package-apk-scanelf-701300eef0967970 OTHER SPDXRef-File-lib-apk-db-installed-a01260b4bb11b576
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-apk-scanelf-701300eef0967970 DEPENDENCY_OF SPDXRef-Package-apk-musl-utils-d4ae8261cf0671f6
Relationship: SPDXRef-Package-apk-scanelf-701300eef0967970 CONTAINS SPDXRef-File-usr-bin-scanelf-fe66356749c377eb
Relationship: SPDXRef-Package-apk-alpine-baselayout-data-85e34641ddeca26c CONTAINS SPDXRef-File-etc-modules-1d478710c75b2a14
Relationship: SPDXRef-Package-apk-alpine-baselayout-data-85e34641ddeca26c CONTAINS SPDXRef-File-etc-shells-271c29cce586f3fc
Relationship: SPDXRef-Package-apk-alpine-baselayout-data-85e34641ddeca26c CONTAINS SPDXRef-File-etc-group-2ac3006bd085faf9
Relationship: SPDXRef-Package-apk-alpine-baselayout-data-85e34641ddeca26c CONTAINS SPDXRef-File-etc-hosts-2d9a8fa5e934baa8
Relationship: SPDXRef-Package-apk-alpine-baselayout-data-85e34641ddeca26c CONTAINS SPDXRef-File-etc-shadow-3c9a7deb1d0266b7
Relationship: SPDXRef-Package-apk-alpine-baselayout-data-85e34641ddeca26c CONTAINS SPDXRef-File-etc-hostname-41cef59949d5f5c8
Relationship: SPDXRef-Package-apk-alpine-baselayout-data-85e34641ddeca26c CONTAINS SPDXRef-File-etc-fstab-506f85b9b76b9930
Relationship: SPDXRef-Package-apk-alpine-baselayout-data-85e34641ddeca26c CONTAINS SPDXRef-File-etc-profile-588a0d6834114aba
Relationship: SPDXRef-Package-apk-alpine-baselayout-data-85e34641ddeca26c CONTAINS SPDXRef-File-etc-services-72c8d02c8efd8324
Relationship: SPDXRef-Package-apk-alpine-baselayout-data-85e34641ddeca26c CONTAINS SPDXRef-File-etc-sysctl.conf-734e42619a3909c3
Relationship: SPDXRef-Package-apk-alpine-baselayout-data-85e34641ddeca26c CONTAINS SPDXRef-File-etc-passwd-8d8f419d8f464088
Relationship: SPDXRef-Package-apk-alpine-baselayout-data-85e34641ddeca26c OTHER SPDXRef-File-lib-apk-db-installed-a01260b4bb11b576
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-apk-alpine-baselayout-data-85e34641ddeca26c CONTAINS SPDXRef-File-etc-protocols-b012ec88417e7d37
Relationship: SPDXRef-Package-apk-alpine-baselayout-data-85e34641ddeca26c DEPENDENCY_OF SPDXRef-Package-apk-alpine-baselayout-baca676b3df82a63
Relationship: SPDXRef-Package-apk-alpine-baselayout-data-85e34641ddeca26c CONTAINS SPDXRef-File-etc-nsswitch.conf-d357372a90ca7132
Relationship: SPDXRef-Package-apk-alpine-baselayout-data-85e34641ddeca26c CONTAINS SPDXRef-File-etc-inittab-f7231334aef4225c
Relationship: SPDXRef-Package-apk-libcrypto3-99fa7f052e54ddb9 CONTAINS SPDXRef-File-usr-lib-engines-3-padlock.so-07d4d8d187bef761
Relationship: SPDXRef-Package-apk-libcrypto3-99fa7f052e54ddb9 CONTAINS SPDXRef-File-etc-ssl-ct-log-list.cnf.dist-54893d0879f9fc83
Relationship: SPDXRef-Package-apk-libcrypto3-99fa7f052e54ddb9 CONTAINS SPDXRef-File-usr-lib-engines-3-afalg.so-5aa1f569f30b12cf
Relationship: SPDXRef-Package-apk-libcrypto3-99fa7f052e54ddb9 DEPENDENCY_OF SPDXRef-Package-apk-libssl3-68a3488610dc68e4
Relationship: SPDXRef-Package-apk-libcrypto3-99fa7f052e54ddb9 CONTAINS SPDXRef-File-etc-ssl-misc-CA.pl-78284be2bba966f4
Relationship: SPDXRef-Package-apk-libcrypto3-99fa7f052e54ddb9 CONTAINS SPDXRef-File-usr-lib-ossl-modules-legacy.so-8792d9f748c697b8
Relationship: SPDXRef-Package-apk-libcrypto3-99fa7f052e54ddb9 CONTAINS SPDXRef-File-usr-lib-engines-3-capi.so-9de259d9b03018b7
Relationship: SPDXRef-Package-apk-libcrypto3-99fa7f052e54ddb9 OTHER SPDXRef-File-lib-apk-db-installed-a01260b4bb11b576
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-apk-libcrypto3-99fa7f052e54ddb9 DEPENDENCY_OF SPDXRef-Package-apk-ssl-client-bdbab9ee97709e2f
Relationship: SPDXRef-Package-apk-libcrypto3-99fa7f052e54ddb9 CONTAINS SPDXRef-File-etc-ssl-misc-tsget.pl-bfa68bd5a9a3a6b3
Relationship: SPDXRef-Package-apk-libcrypto3-99fa7f052e54ddb9 CONTAINS SPDXRef-File-etc-ssl-ct-log-list.cnf-c00cb9333b24c15d
Relationship: SPDXRef-Package-apk-libcrypto3-99fa7f052e54ddb9 CONTAINS SPDXRef-File-lib-libcrypto.so.3-cb26d83cd4c10f96
Relationship: SPDXRef-Package-apk-libcrypto3-99fa7f052e54ddb9 CONTAINS SPDXRef-File-usr-lib-engines-3-loader-attic.so-d359b4b95c6101c5
Relationship: SPDXRef-Package-apk-libcrypto3-99fa7f052e54ddb9 DEPENDENCY_OF SPDXRef-Package-apk-apk-tools-e54b9e6921a9482e
Relationship: SPDXRef-Package-apk-libcrypto3-99fa7f052e54ddb9 CONTAINS SPDXRef-File-etc-ssl-openssl.cnf.dist-e596e3053e9ec56f
Relationship: SPDXRef-Package-apk-libcrypto3-99fa7f052e54ddb9 CONTAINS SPDXRef-File-etc-ssl-openssl.cnf-f8817538017cf529
Relationship: SPDXRef-Package-apk-busybox-binsh-b8384340b5c5b8ca OTHER SPDXRef-File-lib-apk-db-installed-a01260b4bb11b576
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-apk-busybox-binsh-b8384340b5c5b8ca DEPENDENCY_OF SPDXRef-Package-apk-alpine-baselayout-baca676b3df82a63
Relationship: SPDXRef-Package-apk-busybox-binsh-b8384340b5c5b8ca CONTAINS SPDXRef-File-bin-busybox-e202ef7be7af94bd
Relationship: SPDXRef-Package-apk-alpine-baselayout-baca676b3df82a63 CONTAINS SPDXRef-File-etc-modprobe.d-aliases.conf-0159b9221b8998e2
Relationship: SPDXRef-Package-apk-alpine-baselayout-baca676b3df82a63 CONTAINS SPDXRef-File-etc-modprobe.d-kms.conf-1629ecb847e16269
Relationship: SPDXRef-Package-apk-alpine-baselayout-baca676b3df82a63 CONTAINS SPDXRef-File-etc-modprobe.d-i386.conf-18a59d24c6ecd1a2
Relationship: SPDXRef-Package-apk-alpine-baselayout-baca676b3df82a63 CONTAINS SPDXRef-File-etc-profile.d-20locale.sh-32bb1cb0e72dea3f
Relationship: SPDXRef-Package-apk-alpine-baselayout-baca676b3df82a63 CONTAINS SPDXRef-File-etc-modprobe.d-blacklist.conf-8dca6592d27d8e79
Relationship: SPDXRef-Package-apk-alpine-baselayout-baca676b3df82a63 CONTAINS SPDXRef-File-etc-crontabs-root-9850dad7b8733f02
Relationship: SPDXRef-Package-apk-alpine-baselayout-baca676b3df82a63 OTHER SPDXRef-File-lib-apk-db-installed-a01260b4bb11b576
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-apk-alpine-baselayout-baca676b3df82a63 CONTAINS SPDXRef-File-etc-profile.d-color-prompt.sh.disabled-a3ad33156b1b3289
Relationship: SPDXRef-Package-apk-alpine-baselayout-baca676b3df82a63 CONTAINS SPDXRef-File-lib-sysctl.d-00-alpine.conf-a778fbf3d8e12100
Relationship: SPDXRef-Package-apk-alpine-baselayout-baca676b3df82a63 CONTAINS SPDXRef-File-etc-motd-ab0a5b2efc0d83b6
Relationship: SPDXRef-Package-apk-alpine-baselayout-baca676b3df82a63 CONTAINS SPDXRef-File-etc-profile.d-README-be0ca5be9d9e0df6
Relationship: SPDXRef-Package-apk-ssl-client-bdbab9ee97709e2f CONTAINS SPDXRef-File-usr-bin-ssl-client-193d485e3137505e
Relationship: SPDXRef-Package-apk-ssl-client-bdbab9ee97709e2f OTHER SPDXRef-File-lib-apk-db-installed-a01260b4bb11b576
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-apk-alpine-keys-c3e1269ff75aa1d8 CONTAINS SPDXRef-File-...alpine-devel-lists.alpinelinux.org-616a9724.rsa.pub-0993a63e07e545a9
Relationship: SPDXRef-Package-apk-alpine-keys-c3e1269ff75aa1d8 CONTAINS SPDXRef-File-...alpine-devel-lists.alpinelinux.org-4a6a0840.rsa.pub-20cf9f534085e945
Relationship: SPDXRef-Package-apk-alpine-keys-c3e1269ff75aa1d8 CONTAINS SPDXRef-File-...alpine-devel-lists.alpinelinux.org-4a6a0840.rsa.pub-226fc2b8b6074102
Relationship: SPDXRef-Package-apk-alpine-keys-c3e1269ff75aa1d8 CONTAINS SPDXRef-File-...alpine-devel-lists.alpinelinux.org-6165ee59.rsa.pub-2fa33bb12e442749
Relationship: SPDXRef-Package-apk-alpine-keys-c3e1269ff75aa1d8 CONTAINS SPDXRef-File-...alpine-devel-lists.alpinelinux.org-6165ee59.rsa.pub-307958a4bdf894b4
Relationship: SPDXRef-Package-apk-alpine-keys-c3e1269ff75aa1d8 CONTAINS SPDXRef-File-...alpine-devel-lists.alpinelinux.org-58199dcc.rsa.pub-360e05c12ed554b6
Relationship: SPDXRef-Package-apk-alpine-keys-c3e1269ff75aa1d8 CONTAINS SPDXRef-File-...alpine-devel-lists.alpinelinux.org-5243ef4b.rsa.pub-5d6524ee4773578a
Relationship: SPDXRef-Package-apk-alpine-keys-c3e1269ff75aa1d8 CONTAINS SPDXRef-File-...alpine-devel-lists.alpinelinux.org-616db30d.rsa.pub-6d2a56af87faa2c1
Relationship: SPDXRef-Package-apk-alpine-keys-c3e1269ff75aa1d8 CONTAINS SPDXRef-File-...alpine-devel-lists.alpinelinux.org-616abc23.rsa.pub-84b5a3118c077c5a
Relationship: SPDXRef-Package-apk-alpine-keys-c3e1269ff75aa1d8 CONTAINS SPDXRef-File-...alpine-devel-lists.alpinelinux.org-5261cecb.rsa.pub-87948a20075367f4
Relationship: SPDXRef-Package-apk-alpine-keys-c3e1269ff75aa1d8 CONTAINS SPDXRef-File-...alpine-devel-lists.alpinelinux.org-61666e3f.rsa.pub-8e66c869e0661398
Relationship: SPDXRef-Package-apk-alpine-keys-c3e1269ff75aa1d8 CONTAINS SPDXRef-File-...alpine-devel-lists.alpinelinux.org-616ae350.rsa.pub-8fda3ed0d1961b6e
Relationship: SPDXRef-Package-apk-alpine-keys-c3e1269ff75aa1d8 CONTAINS SPDXRef-File-...alpine-devel-lists.alpinelinux.org-5e69ca50.rsa.pub-90c0673ef43c9544
Relationship: SPDXRef-Package-apk-alpine-keys-c3e1269ff75aa1d8 OTHER SPDXRef-File-lib-apk-db-installed-a01260b4bb11b576
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-apk-alpine-keys-c3e1269ff75aa1d8 CONTAINS SPDXRef-File-...alpine-devel-lists.alpinelinux.org-616ac3bc.rsa.pub-a434518c6ae434c2
Relationship: SPDXRef-Package-apk-alpine-keys-c3e1269ff75aa1d8 CONTAINS SPDXRef-File-...alpine-devel-lists.alpinelinux.org-5261cecb.rsa.pub-b39e246556a04c03
Relationship: SPDXRef-Package-apk-alpine-keys-c3e1269ff75aa1d8 CONTAINS SPDXRef-File-...alpine-devel-lists.alpinelinux.org-5243ef4b.rsa.pub-bbeee289b81a6de1
Relationship: SPDXRef-Package-apk-alpine-keys-c3e1269ff75aa1d8 CONTAINS SPDXRef-File-...alpine-devel-lists.alpinelinux.org-58e4f17d.rsa.pub-c48d48e07e4c25b9
Relationship: SPDXRef-Package-apk-alpine-keys-c3e1269ff75aa1d8 CONTAINS SPDXRef-File-...alpine-devel-lists.alpinelinux.org-616adfeb.rsa.pub-c7135dd21091c6e8
Relationship: SPDXRef-Package-apk-alpine-keys-c3e1269ff75aa1d8 CONTAINS SPDXRef-File-...alpine-devel-lists.alpinelinux.org-58cbb476.rsa.pub-d01a44792268e5f6
Relationship: SPDXRef-Package-apk-alpine-keys-c3e1269ff75aa1d8 CONTAINS SPDXRef-File-...alpine-devel-lists.alpinelinux.org-524d27bb.rsa.pub-e8cbb99b9dbeb702
Relationship: SPDXRef-Package-apk-alpine-keys-c3e1269ff75aa1d8 CONTAINS SPDXRef-File-...alpine-devel-lists.alpinelinux.org-61666e3f.rsa.pub-f5e77bd57361cd38
Relationship: SPDXRef-Package-apk-alpine-keys-c3e1269ff75aa1d8 CONTAINS SPDXRef-File-...alpine-devel-lists.alpinelinux.org-60ac2099.rsa.pub-f6a9952fe04a43cb
Relationship: SPDXRef-Package-apk-busybox-c4df3b964f3b98b5 CONTAINS SPDXRef-File-etc-network-if-up.d-dad-0028f6f9cd570ecc
Relationship: SPDXRef-Package-apk-busybox-c4df3b964f3b98b5 CONTAINS SPDXRef-File-etc-securetty-6da069df002af5fa
Relationship: SPDXRef-Package-apk-busybox-c4df3b964f3b98b5 CONTAINS SPDXRef-File-etc-logrotate.d-acpid-9375f7051f97fba1
Relationship: SPDXRef-Package-apk-busybox-c4df3b964f3b98b5 CONTAINS SPDXRef-File-etc-udhcpd.conf-96c57c4a578011fc
Relationship: SPDXRef-Package-apk-busybox-c4df3b964f3b98b5 OTHER SPDXRef-File-lib-apk-db-installed-a01260b4bb11b576
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-apk-busybox-c4df3b964f3b98b5 CONTAINS SPDXRef-File-etc-busybox-paths.d-busybox-a705ce53d9d4474d
Relationship: SPDXRef-Package-apk-busybox-c4df3b964f3b98b5 DEPENDENCY_OF SPDXRef-Package-apk-busybox-binsh-b8384340b5c5b8ca
Relationship: SPDXRef-Package-apk-busybox-c4df3b964f3b98b5 CONTAINS SPDXRef-File-bin-busybox-e202ef7be7af94bd
Relationship: SPDXRef-Package-apk-busybox-c4df3b964f3b98b5 CONTAINS SPDXRef-File-usr-share-udhcpc-default.script-e751aa77624bdf12
Relationship: SPDXRef-Package-apk-zlib-c8e7fc9f117e52bc CONTAINS SPDXRef-File-lib-libz.so.1.2.13-0b003b776e515a4d
Relationship: SPDXRef-Package-apk-zlib-c8e7fc9f117e52bc OTHER SPDXRef-File-lib-apk-db-installed-a01260b4bb11b576
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-apk-zlib-c8e7fc9f117e52bc DEPENDENCY_OF SPDXRef-Package-apk-apk-tools-e54b9e6921a9482e
Relationship: SPDXRef-Package-apk-libc-utils-caef79f1fe0b500a OTHER SPDXRef-File-lib-apk-db-installed-a01260b4bb11b576
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-apk-musl-cb940afce7c7e0d3 CONTAINS SPDXRef-File-lib-ld-musl-x86-64.so.1-5ad847e8604b23e1
Relationship: SPDXRef-Package-apk-musl-cb940afce7c7e0d3 DEPENDENCY_OF SPDXRef-Package-apk-libssl3-68a3488610dc68e4
Relationship: SPDXRef-Package-apk-musl-cb940afce7c7e0d3 DEPENDENCY_OF SPDXRef-Package-apk-scanelf-701300eef0967970
Relationship: SPDXRef-Package-apk-musl-cb940afce7c7e0d3 DEPENDENCY_OF SPDXRef-Package-apk-libcrypto3-99fa7f052e54ddb9
Relationship: SPDXRef-Package-apk-musl-cb940afce7c7e0d3 OTHER SPDXRef-File-lib-apk-db-installed-a01260b4bb11b576
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-apk-musl-cb940afce7c7e0d3 DEPENDENCY_OF SPDXRef-Package-apk-ssl-client-bdbab9ee97709e2f
Relationship: SPDXRef-Package-apk-musl-cb940afce7c7e0d3 DEPENDENCY_OF SPDXRef-Package-apk-busybox-c4df3b964f3b98b5
Relationship: SPDXRef-Package-apk-musl-cb940afce7c7e0d3 DEPENDENCY_OF SPDXRef-Package-apk-zlib-c8e7fc9f117e52bc
Relationship: SPDXRef-Package-apk-musl-cb940afce7c7e0d3 DEPENDENCY_OF SPDXRef-Package-apk-musl-utils-d4ae8261cf0671f6
Relationship: SPDXRef-Package-apk-musl-cb940afce7c7e0d3 DEPENDENCY_OF SPDXRef-Package-apk-apk-tools-e54b9e6921a9482e
Relationship: SPDXRef-Package-apk-musl-cb940afce7c7e0d3 DEPENDENCY_OF SPDXRef-Package-apk-apk-tools-e54b9e6921a9482e
Relationship: SPDXRef-Package-apk-musl-utils-d4ae8261cf0671f6 CONTAINS SPDXRef-File-usr-bin-iconv-7b57b994c8fad373
Relationship: SPDXRef-Package-apk-musl-utils-d4ae8261cf0671f6 CONTAINS SPDXRef-File-usr-bin-getconf-7cadf888d599b703
Relationship: SPDXRef-Package-apk-musl-utils-d4ae8261cf0671f6 CONTAINS SPDXRef-File-usr-bin-getent-9c2b285b89b30224
Relationship: SPDXRef-Package-apk-musl-utils-d4ae8261cf0671f6 OTHER SPDXRef-File-lib-apk-db-installed-a01260b4bb11b576
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-apk-musl-utils-d4ae8261cf0671f6 DEPENDENCY_OF SPDXRef-Package-apk-libc-utils-caef79f1fe0b500a
Relationship: SPDXRef-Package-apk-musl-utils-d4ae8261cf0671f6 CONTAINS SPDXRef-File-usr-bin-ldd-f96cd15718733827
Relationship: SPDXRef-Package-apk-musl-utils-d4ae8261cf0671f6 CONTAINS SPDXRef-File-sbin-ldconfig-f9eb672d705c4ffb
Relationship: SPDXRef-Package-apk-apk-tools-e54b9e6921a9482e CONTAINS SPDXRef-File-lib-libapk.so.2.14.0-129245a9da03e559
Relationship: SPDXRef-Package-apk-apk-tools-e54b9e6921a9482e CONTAINS SPDXRef-File-sbin-apk-9b57c4594cbb1250
Relationship: SPDXRef-Package-apk-apk-tools-e54b9e6921a9482e OTHER SPDXRef-File-lib-apk-db-installed-a01260b4bb11b576
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-apk-ca-certificates-bundle-e6d1b63d5a046c55 CONTAINS SPDXRef-File-etc-ssl-certs-ca-certificates.crt-4dfa0b7cc6ad42d7
Relationship: SPDXRef-Package-apk-ca-certificates-bundle-e6d1b63d5a046c55 OTHER SPDXRef-File-lib-apk-db-installed-a01260b4bb11b576
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-apk-ca-certificates-bundle-e6d1b63d5a046c55 DEPENDENCY_OF SPDXRef-Package-apk-apk-tools-e54b9e6921a9482e
Relationship: SPDXRef-DocumentRoot-Image-alpine CONTAINS SPDXRef-Package-apk-alpine-baselayout-baca676b3df82a63
Relationship: SPDXRef-DocumentRoot-Image-alpine CONTAINS SPDXRef-Package-apk-alpine-baselayout-data-85e34641ddeca26c
Relationship: SPDXRef-DocumentRoot-Image-alpine CONTAINS SPDXRef-Package-apk-alpine-keys-c3e1269ff75aa1d8
Relationship: SPDXRef-DocumentRoot-Image-alpine CONTAINS SPDXRef-Package-apk-apk-tools-e54b9e6921a9482e
Relationship: SPDXRef-DocumentRoot-Image-alpine CONTAINS SPDXRef-Package-apk-busybox-c4df3b964f3b98b5
Relationship: SPDXRef-DocumentRoot-Image-alpine CONTAINS SPDXRef-Package-apk-busybox-binsh-b8384340b5c5b8ca
Relationship: SPDXRef-DocumentRoot-Image-alpine CONTAINS SPDXRef-Package-apk-ca-certificates-bundle-e6d1b63d5a046c55
Relationship: SPDXRef-DocumentRoot-Image-alpine CONTAINS SPDXRef-Package-apk-libc-utils-caef79f1fe0b500a
Relationship: SPDXRef-DocumentRoot-Image-alpine CONTAINS SPDXRef-Package-apk-libcrypto3-99fa7f052e54ddb9
Relationship: SPDXRef-DocumentRoot-Image-alpine CONTAINS SPDXRef-Package-apk-libssl3-68a3488610dc68e4
Relationship: SPDXRef-DocumentRoot-Image-alpine CONTAINS SPDXRef-Package-apk-musl-cb940afce7c7e0d3
Relationship: SPDXRef-DocumentRoot-Image-alpine CONTAINS SPDXRef-Package-apk-musl-utils-d4ae8261cf0671f6
Relationship: SPDXRef-DocumentRoot-Image-alpine CONTAINS SPDXRef-Package-apk-scanelf-701300eef0967970
Relationship: SPDXRef-DocumentRoot-Image-alpine CONTAINS SPDXRef-Package-apk-ssl-client-bdbab9ee97709e2f
Relationship: SPDXRef-DocumentRoot-Image-alpine CONTAINS SPDXRef-Package-apk-zlib-c8e7fc9f117e52bc
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-DocumentRoot-Image-alpine
07070100000027000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000002400000000grant-0.3.2/fixtures/archive-builds07070100000028000081A400000000000000000000000168CB9D630000005B000000000000000000000000000000000000002F00000000grant-0.3.2/fixtures/archive-builds/.gitignore/packages/*
# maven when running in a volume may spit out directories like this
**/\?/
\?/07070100000029000081A400000000000000000000000168CB9D63000001F9000000000000000000000000000000000000002D00000000grant-0.3.2/fixtures/archive-builds/MakefilePKGSDIR=packages
ifndef PKGSDIR
$(error PKGSDIR is not set)
endif
clean: clean-examples
rm -f $(PKGSDIR)/*
jars: $(PKGSDIR)/example-java-app-maven-0.1.0.jar
archives: $(PKGSDIR)/example-java-app-maven-0.1.0.zip
$(PKGSDIR)/example-java-app-maven-0.1.0.zip: $(PKGSDIR)/example-java-app-maven-0.1.0.jar
zip $(PKGSDIR)/example-java-app-maven-0.1.0.zip $(PKGSDIR)/example-java-app-maven-0.1.0.jar
# Maven...
$(PKGSDIR)/example-java-app-maven-0.1.0.jar:
./build-example-java-app-maven.sh $(PKGSDIR)0707010000002A000081ED00000000000000000000000168CB9D63000001DD000000000000000000000000000000000000004400000000grant-0.3.2/fixtures/archive-builds/build-example-java-app-maven.sh#!/usr/bin/env bash
set -uxe
PKGSDIR=$1
CTRID=$(docker create -u "$(id -u):$(id -g)" -e MAVEN_CONFIG=/tmp/.m2 -v /example-java-app -w /example-java-app maven:3.8.6-openjdk-18 mvn -Duser.home=/tmp -DskipTests package)
function cleanup() {
docker rm "${CTRID}"
}
trap cleanup EXIT
set +e
docker cp "$(pwd)/example-java-app" "${CTRID}:/"
docker start -a "${CTRID}"
mkdir -p "$PKGSDIR"
docker cp "${CTRID}:/example-java-app/target/example-java-app-maven-0.1.0.jar" "$PKGSDIR"0707010000002B000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000003500000000grant-0.3.2/fixtures/archive-builds/example-java-app0707010000002C000081A400000000000000000000000168CB9D630000006F000000000000000000000000000000000000004000000000grant-0.3.2/fixtures/archive-builds/example-java-app/.gitignore# maven build creates this when in a container volume
/?/
/.gradle/
/build/
target/
dependency-reduced-pom.xml
0707010000002D000081A400000000000000000000000168CB9D63000004CA000000000000000000000000000000000000004200000000grant-0.3.2/fixtures/archive-builds/example-java-app/build.gradleplugins {
id 'java'
id 'eclipse'
id 'application'
}
mainClassName = 'hello.HelloWorld'
dependencyLocking {
lockAllConfigurations()
}
// tag::repositories[]
repositories {
mavenCentral()
}
// end::repositories[]
// tag::dependencies[]
sourceCompatibility = 1.8
targetCompatibility = 1.8
dependencies {
implementation "joda-time:joda-time:2.2"
testImplementation "junit:junit:4.12"
}
// end::dependencies[]
// tag::jar[]
jar {
archivesBaseName = 'example-java-app-gradle'
version = '0.1.0'
manifest {
attributes(
'Main-Class': 'hello.HelloWorld'
)
}
from {
configurations.runtimeClasspath.collect { it.isDirectory() ? it : zipTree(it) }
}
}
// end::jar[]
// tag::wrapper[]
// end::wrapper[]
// to invoke: gradle resolveAndLockAll --write-locks
tasks.register('resolveAndLockAll') {
notCompatibleWithConfigurationCache("Filters configurations at execution time")
doFirst {
assert gradle.startParameter.writeDependencyLocks
}
doLast {
configurations.findAll {
// Add any custom filtering on the configurations to be resolved
it.canBeResolved
}.each { it.resolve() }
}
}
0707010000002E000081A400000000000000000000000168CB9D63000001C2000000000000000000000000000000000000004500000000grant-0.3.2/fixtures/archive-builds/example-java-app/gradle.lockfile# This is a Gradle generated file for dependency locking.
# Manual edits can break the build and are not advised.
# This file is expected to be part of source control.
joda-time:joda-time:2.2=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
junit:junit:4.12=testCompileClasspath,testRuntimeClasspath
org.hamcrest:hamcrest-core:1.3=testCompileClasspath,testRuntimeClasspath
empty=annotationProcessor,testAnnotationProcessor
0707010000002F000081A400000000000000000000000168CB9D630000062E000000000000000000000000000000000000003D00000000grant-0.3.2/fixtures/archive-builds/example-java-app/pom.xml<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.anchore</groupId>
<artifactId>example-java-app-maven</artifactId>
<packaging>jar</packaging>
<version>0.1.0</version>
<properties>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
</properties>
<dependencies>
<!-- tag::joda[] -->
<dependency>
<groupId>joda-time</groupId>
<artifactId>joda-time</artifactId>
<version>2.9.2</version>
</dependency>
<!-- end::joda[] -->
<!-- tag::junit[] -->
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<scope>test</scope>
</dependency>
<!-- end::junit[] -->
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
<version>2.1</version>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>shade</goal>
</goals>
<configuration>
<transformers>
<transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
<mainClass>hello.HelloWorld</mainClass>
</transformer>
</transformers>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
07070100000030000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000003900000000grant-0.3.2/fixtures/archive-builds/example-java-app/src07070100000031000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000003E00000000grant-0.3.2/fixtures/archive-builds/example-java-app/src/main07070100000032000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000004300000000grant-0.3.2/fixtures/archive-builds/example-java-app/src/main/java07070100000033000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000004900000000grant-0.3.2/fixtures/archive-builds/example-java-app/src/main/java/hello07070100000034000081A400000000000000000000000168CB9D6300000061000000000000000000000000000000000000005600000000grant-0.3.2/fixtures/archive-builds/example-java-app/src/main/java/hello/Greeter.javapackage hello;
public class Greeter {
public String sayHello() {
return "Hello world!";
}
}
07070100000035000081A400000000000000000000000168CB9D6300000136000000000000000000000000000000000000005900000000grant-0.3.2/fixtures/archive-builds/example-java-app/src/main/java/hello/HelloWorld.javapackage hello;
import org.joda.time.LocalTime;
public class HelloWorld {
public static void main(String[] args) {
LocalTime currentTime = new LocalTime();
System.out.println("The current local time is: " + currentTime);
Greeter greeter = new Greeter();
System.out.println(greeter.sayHello());
}
}
07070100000036000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000001E00000000grant-0.3.2/fixtures/licenses07070100000037000081A400000000000000000000000168CB9D630000042B000000000000000000000000000000000000002200000000grant-0.3.2/fixtures/licenses/MITCopyright <YEAR> <COPYRIGHT HOLDER>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.07070100000038000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000001E00000000grant-0.3.2/fixtures/multiple07070100000039000081A400000000000000000000000168CB9D630000863F000000000000000000000000000000000000002600000000grant-0.3.2/fixtures/multiple/gpl-3.0GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright © 2007 Free Software Foundation, Inc. <https://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
Preamble
The GNU General Public License is a free, copyleft license for software and other kinds of works.
The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We, the Free Software Foundation, use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs, too.
When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things.
To protect your rights, we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore, you have certain responsibilities if you distribute copies of the software, or if you modify it: responsibilities to respect the freedom of others.
For example, if you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights.
Developers that use the GNU GPL protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License giving you legal permission to copy, distribute and/or modify it.
For the developers' and authors' protection, the GPL clearly explains that there is no warranty for this free software. For both users' and authors' sake, the GPL requires that modified versions be marked as changed, so that their problems will not be attributed erroneously to authors of previous versions.
Some devices are designed to deny users access to install or run modified versions of the software inside them, although the manufacturer can do so. This is fundamentally incompatible with the aim of protecting users' freedom to change the software. The systematic pattern of such abuse occurs in the area of products for individuals to use, which is precisely where it is most unacceptable. Therefore, we have designed this version of the GPL to prohibit the practice for those products. If such problems arise substantially in other domains, we stand ready to extend this provision to those domains in future versions of the GPL, as needed to protect the freedom of users.
Finally, every program is threatened constantly by software patents. States should not allow patents to restrict development and use of software on general-purpose computers, but in those that do, we wish to avoid the special danger that patents applied to a free program could make it effectively proprietary. To prevent this, the GPL assures that patents cannot be used to render the program non-free.
The precise terms and conditions for copying, distribution and modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based on the Program.
To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work.
A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A "Major Component", in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work.
The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source.
The Corresponding Source for a work in source code form is that same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures.
When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified it, and giving a relevant date.
b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices".
c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so.
A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways:
a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b.
d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d.
A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, "normally used" refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product.
"Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made.
If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM).
The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or authors of the material; or
e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors.
All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11).
However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice.
Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work classifierResults from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party.
If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it.
A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program.
13. Use with the GNU Affero General Public License.
Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the special requirements of the GNU Affero General Public License, section 13, concerning interaction through a network will apply to the combination as such.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation.
If the Program specifies that a proxy can decide which future versions of the GNU General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program.
Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode:
<program> Copyright (C) <year> <name of author>
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, your program's commands might be different; for a GUI interface, you would use an "about box".
You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see <https://www.gnu.org/licenses/>.
The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read <https: //www.gnu.org/licenses/why-not-lgpl.html>.
0707010000003A000081A400000000000000000000000168CB9D6300003853000000000000000000000000000000000000001300000000grant-0.3.2/go.modmodule github.com/anchore/grant
go 1.24.2
require (
github.com/anchore/clio v0.0.0-20250319180342-2cfe4b0cb716
github.com/anchore/go-collections v0.0.0-20240216171411-9321230ce537
github.com/anchore/go-logger v0.0.0-20250318195838-07ae343dd722
github.com/anchore/stereoscope v0.1.10
github.com/anchore/syft v1.33.0
github.com/github/go-spdx/v2 v2.3.3
github.com/google/licenseclassifier/v2 v2.0.0
github.com/gookit/color v1.6.0
github.com/jedib0t/go-pretty/v6 v6.6.8
github.com/mitchellh/go-homedir v1.1.0
github.com/pkg/errors v0.9.1
github.com/spf13/cobra v1.10.1
github.com/stretchr/testify v1.11.1
github.com/wagoodman/go-partybus v0.0.0-20230516145632-8ccac152c651
github.com/wagoodman/go-progress v0.0.0-20230925121702-07e42b3cdba0
golang.org/x/term v0.35.0
gopkg.in/yaml.v3 v3.0.1
modernc.org/sqlite v1.39.0
)
require (
cloud.google.com/go v0.116.0 // indirect
cloud.google.com/go/auth v0.9.9 // indirect
cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
cloud.google.com/go/compute/metadata v0.7.0 // indirect
cloud.google.com/go/iam v1.2.2 // indirect
cloud.google.com/go/storage v1.43.0 // indirect
dario.cat/mergo v1.0.1 // indirect
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect
github.com/BurntSushi/toml v1.5.0 // indirect
github.com/CycloneDX/cyclonedx-go v0.9.2 // indirect
github.com/DataDog/zstd v1.5.5 // indirect
github.com/Masterminds/goutils v1.1.1 // indirect
github.com/Masterminds/semver/v3 v3.4.0 // indirect
github.com/Masterminds/sprig/v3 v3.3.0 // indirect
github.com/Microsoft/go-winio v0.6.2 // indirect
github.com/Microsoft/hcsshim v0.11.7 // indirect
github.com/OneOfOne/xxhash v1.2.8 // indirect
github.com/ProtonMail/go-crypto v1.3.0 // indirect
github.com/STARRY-S/zip v0.2.1 // indirect
github.com/acobaugh/osrelease v0.1.0 // indirect
github.com/adrg/xdg v0.5.3 // indirect
github.com/agext/levenshtein v1.2.1 // indirect
github.com/anchore/archiver/v3 v3.5.3-0.20241210171143-5b1d8d1c7c51 // indirect
github.com/anchore/fangs v0.0.0-20250319222917-446a1e748ec2 // indirect
github.com/anchore/go-homedir v0.0.0-20250319154043-c29668562e4d // indirect
github.com/anchore/go-lzo v0.1.0 // indirect
github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb // indirect
github.com/anchore/go-rpmdb v0.0.0-20250516171929-f77691e1faec // indirect
github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect
github.com/anchore/go-sync v0.0.0-20250326131806-4eda43a485b6 // indirect
github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b // indirect
github.com/anchore/packageurl-go v0.1.1-0.20250220190351-d62adb6e1115 // indirect
github.com/andybalholm/brotli v1.1.2-0.20250424173009-453214e765f3 // indirect
github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
github.com/aquasecurity/go-pep440-version v0.0.1 // indirect
github.com/aquasecurity/go-version v0.0.1 // indirect
github.com/aws/aws-sdk-go-v2 v1.36.5 // indirect
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.10 // indirect
github.com/aws/aws-sdk-go-v2/config v1.29.17 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.17.70 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.32 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.36 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.36 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect
github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.34 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.4 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.7.2 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.17 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.15 // indirect
github.com/aws/aws-sdk-go-v2/service/s3 v1.80.1 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.25.5 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.3 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.34.0 // indirect
github.com/aws/smithy-go v1.22.4 // indirect
github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
github.com/becheran/wildmatch-go v1.0.0 // indirect
github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
github.com/bitnami/go-version v0.0.0-20250131085805-b1f57a8634ef // indirect
github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb // indirect
github.com/bmatcuk/doublestar/v4 v4.9.1 // indirect
github.com/bodgit/plumbing v1.3.0 // indirect
github.com/bodgit/sevenzip v1.6.0 // indirect
github.com/bodgit/windows v1.0.1 // indirect
github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc // indirect
github.com/charmbracelet/lipgloss v1.1.0 // indirect
github.com/charmbracelet/x/ansi v0.10.1 // indirect
github.com/charmbracelet/x/cellbuf v0.0.13-0.20250311204145-2c3ea96c31dd // indirect
github.com/charmbracelet/x/term v0.2.1 // indirect
github.com/cloudflare/circl v1.6.1 // indirect
github.com/containerd/cgroups v1.1.0 // indirect
github.com/containerd/containerd v1.7.28 // indirect
github.com/containerd/containerd/api v1.8.0 // indirect
github.com/containerd/continuity v0.4.4 // indirect
github.com/containerd/errdefs v1.0.0 // indirect
github.com/containerd/errdefs/pkg v0.3.0 // indirect
github.com/containerd/fifo v1.1.0 // indirect
github.com/containerd/log v0.1.0 // indirect
github.com/containerd/platforms v0.2.1 // indirect
github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect
github.com/containerd/ttrpc v1.2.7 // indirect
github.com/containerd/typeurl/v2 v2.2.0 // indirect
github.com/cyphar/filepath-securejoin v0.4.1 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/deitch/magic v0.0.0-20230404182410-1ff89d7342da // indirect
github.com/diskfs/go-diskfs v1.7.0 // indirect
github.com/distribution/reference v0.6.0 // indirect
github.com/docker/cli v28.4.0+incompatible // indirect
github.com/docker/distribution v2.8.3+incompatible // indirect
github.com/docker/docker v28.4.0+incompatible // indirect
github.com/docker/docker-credential-helpers v0.9.3 // indirect
github.com/docker/go-connections v0.6.0 // indirect
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
github.com/docker/go-units v0.5.0 // indirect
github.com/dsnet/compress v0.0.2-0.20230904184137-39efe44ab707 // indirect
github.com/dustin/go-humanize v1.0.1 // indirect
github.com/elliotchance/phpserialize v1.4.0 // indirect
github.com/emirpasic/gods v1.18.1 // indirect
github.com/facebookincubator/nvdtools v0.1.5 // indirect
github.com/fatih/color v1.18.0 // indirect
github.com/felixge/fgprof v0.9.5 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/fsnotify/fsnotify v1.8.0 // indirect
github.com/gabriel-vasile/mimetype v1.4.9 // indirect
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
github.com/go-git/go-billy/v5 v5.6.2 // indirect
github.com/go-git/go-git/v5 v5.16.2 // indirect
github.com/go-logr/logr v1.4.3 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-restruct/restruct v1.2.0-alpha // indirect
github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
github.com/goccy/go-yaml v1.18.0 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/gohugoio/hashstructure v0.5.0 // indirect
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
github.com/golang/snappy v0.0.4 // indirect
github.com/google/go-cmp v0.7.0 // indirect
github.com/google/go-containerregistry v0.20.6 // indirect
github.com/google/licensecheck v0.3.1 // indirect
github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e // indirect
github.com/google/s2a-go v0.1.8 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
github.com/googleapis/gax-go/v2 v2.13.0 // indirect
github.com/hashicorp/aws-sdk-go-base/v2 v2.0.0-beta.65 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-getter v1.8.0 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
github.com/hashicorp/go-safetemp v1.0.0 // indirect
github.com/hashicorp/go-version v1.6.0 // indirect
github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
github.com/hashicorp/hcl/v2 v2.24.0 // indirect
github.com/huandu/xstrings v1.5.0 // indirect
github.com/iancoleman/strcase v0.3.0 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
github.com/jinzhu/copier v0.4.0 // indirect
github.com/kastenhq/goversion v0.0.0-20230811215019-93b2f8823953 // indirect
github.com/kevinburke/ssh_config v1.2.0 // indirect
github.com/klauspost/compress v1.18.0 // indirect
github.com/klauspost/pgzip v1.2.6 // indirect
github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
github.com/mattn/go-colorable v0.1.14 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mattn/go-runewidth v0.0.16 // indirect
github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
github.com/mholt/archives v0.1.3 // indirect
github.com/mikelolasagasti/xz v1.0.1 // indirect
github.com/minio/minlz v1.0.0 // indirect
github.com/mitchellh/copystructure v1.2.0 // indirect
github.com/mitchellh/go-wordwrap v1.0.1 // indirect
github.com/mitchellh/reflectwalk v1.0.2 // indirect
github.com/moby/docker-image-spec v1.3.1 // indirect
github.com/moby/locker v1.0.1 // indirect
github.com/moby/sys/mountinfo v0.7.2 // indirect
github.com/moby/sys/sequential v0.6.0 // indirect
github.com/moby/sys/signal v0.7.0 // indirect
github.com/moby/sys/user v0.3.0 // indirect
github.com/moby/sys/userns v0.1.0 // indirect
github.com/muesli/termenv v0.16.0 // indirect
github.com/ncruces/go-strftime v0.1.9 // indirect
github.com/nix-community/go-nix v0.0.0-20250101154619-4bdde671e0a1 // indirect
github.com/nwaples/rardecode v1.1.3 // indirect
github.com/nwaples/rardecode/v2 v2.1.0 // indirect
github.com/olekukonko/errors v1.1.0 // indirect
github.com/olekukonko/ll v0.0.9 // indirect
github.com/olekukonko/tablewriter v1.0.9 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.1.1 // indirect
github.com/opencontainers/runtime-spec v1.1.0 // indirect
github.com/opencontainers/selinux v1.11.0 // indirect
github.com/pborman/indent v1.2.1 // indirect
github.com/pelletier/go-toml v1.9.5 // indirect
github.com/pelletier/go-toml/v2 v2.2.3 // indirect
github.com/pierrec/lz4/v4 v4.1.22 // indirect
github.com/pjbgf/sha1cd v0.3.2 // indirect
github.com/pkg/profile v1.7.0 // indirect
github.com/pkg/xattr v0.4.9 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
github.com/rivo/uniseg v0.4.7 // indirect
github.com/rust-secure-code/go-rustaudit v0.0.0-20250226111315-e20ec32e963c // indirect
github.com/sagikazarmark/locafero v0.7.0 // indirect
github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d // indirect
github.com/sassoftware/go-rpmutils v0.4.0 // indirect
github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e // indirect
github.com/sergi/go-diff v1.4.0 // indirect
github.com/shopspring/decimal v1.4.0 // indirect
github.com/sirupsen/logrus v1.9.4-0.20230606125235-dd1b4c2e81af // indirect
github.com/skeema/knownhosts v1.3.1 // indirect
github.com/sorairolake/lzip-go v0.3.5 // indirect
github.com/sourcegraph/conc v0.3.0 // indirect
github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb // indirect
github.com/spdx/tools-golang v0.5.5 // indirect
github.com/spf13/afero v1.15.0 // indirect
github.com/spf13/cast v1.7.1 // indirect
github.com/spf13/pflag v1.0.9 // indirect
github.com/spf13/viper v1.20.0 // indirect
github.com/subosito/gotenv v1.6.0 // indirect
github.com/sylabs/sif/v2 v2.22.0 // indirect
github.com/sylabs/squashfs v1.0.6 // indirect
github.com/therootcompany/xz v1.0.1 // indirect
github.com/ulikunitz/xz v0.5.15 // indirect
github.com/vbatts/go-mtree v0.6.0 // indirect
github.com/vbatts/tar-split v0.12.1 // indirect
github.com/vifraa/gopom v1.0.0 // indirect
github.com/xanzy/ssh-agent v0.3.3 // indirect
github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
github.com/zclconf/go-cty v1.16.3 // indirect
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
go.opentelemetry.io/otel v1.36.0 // indirect
go.opentelemetry.io/otel/metric v1.36.0 // indirect
go.opentelemetry.io/otel/trace v1.36.0 // indirect
go.uber.org/atomic v1.9.0 // indirect
go.uber.org/multierr v1.9.0 // indirect
go.yaml.in/yaml/v3 v3.0.4 // indirect
go4.org v0.0.0-20230225012048-214862532bf5 // indirect
golang.org/x/crypto v0.42.0 // indirect
golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect
golang.org/x/mod v0.28.0 // indirect
golang.org/x/net v0.44.0 // indirect
golang.org/x/oauth2 v0.30.0 // indirect
golang.org/x/sync v0.17.0 // indirect
golang.org/x/sys v0.36.0 // indirect
golang.org/x/text v0.29.0 // indirect
golang.org/x/time v0.12.0 // indirect
golang.org/x/tools v0.37.0 // indirect
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
google.golang.org/api v0.203.0 // indirect
google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8 // indirect
google.golang.org/grpc v1.67.3 // indirect
google.golang.org/protobuf v1.36.6 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
modernc.org/libc v1.66.3 // indirect
modernc.org/mathutil v1.7.1 // indirect
modernc.org/memory v1.11.0 // indirect
)
0707010000003B000081A400000000000000000000000168CB9D63000230A9000000000000000000000000000000000000001300000000grant-0.3.2/go.sumcloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY=
cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM=
cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY=
cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ=
cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI=
cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4=
cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
cloud.google.com/go v0.98.0/go.mod h1:ua6Ush4NALrHk5QXDWnjvZHN93OuF0HfuEPq9I1X0cM=
cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA=
cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE=
cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U=
cloud.google.com/go/auth v0.9.9 h1:BmtbpNQozo8ZwW2t7QJjnrQtdganSdmqeIBxHxNkEZQ=
cloud.google.com/go/auth v0.9.9/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI=
cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY=
cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc=
cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
cloud.google.com/go/compute/metadata v0.7.0 h1:PBWF+iiAerVNe8UCHxdOt6eHLVc3ydFeOCw78U8ytSU=
cloud.google.com/go/compute/metadata v0.7.0/go.mod h1:j5MvL9PprKL39t166CoB1uVHfQMs4tFQZZcKwksXUjo=
cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
cloud.google.com/go/firestore v1.6.1/go.mod h1:asNXNOzBdyVQmEU+ggO8UPodTkEVFW5Qx+rwHnAz+EY=
cloud.google.com/go/iam v1.2.2 h1:ozUSofHUGf/F4tCNy/mu9tHLTaxZFLOUiKzjcgWHGIA=
cloud.google.com/go/iam v1.2.2/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY=
cloud.google.com/go/longrunning v0.6.2 h1:xjDfh1pQcWPEvnfjZmwjKQEcHnpz6lHjfy7Fo0MK+hc=
cloud.google.com/go/longrunning v0.6.2/go.mod h1:k/vIs83RN4bE3YCswdXC5PFfWVILjm3hpEUlSko4PiI=
cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
cloud.google.com/go/storage v1.43.0 h1:CcxnSohZwizt4LCzQHWvBf1/kvtHUn7gk9QERXPyXFs=
cloud.google.com/go/storage v1.43.0/go.mod h1:ajvxEa7WmZS1PxvKRq4bq0tFT3vMd502JwstCcYv0Q0=
dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s=
dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 h1:59MxjQVfjXsBpLy+dbd2/ELV5ofnUkUZBvWSC85sheA=
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0/go.mod h1:OahwfttHWG6eJ0clwcfBAHoDI6X/LV/15hx/wlMZSrU=
github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg=
github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
github.com/CycloneDX/cyclonedx-go v0.9.2 h1:688QHn2X/5nRezKe2ueIVCt+NRqf7fl3AVQk+vaFcIo=
github.com/CycloneDX/cyclonedx-go v0.9.2/go.mod h1:vcK6pKgO1WanCdd61qx4bFnSsDJQ6SbM2ZuMIgq86Jg=
github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
github.com/DataDog/zstd v1.5.5 h1:oWf5W7GtOLgp6bciQYDmhHHjdhYkALu6S/5Ni9ZgSvQ=
github.com/DataDog/zstd v1.5.5/go.mod h1:g4AWEaM3yOg3HYfnJ3YIawPnVdXJh9QME85blwSAmyw=
github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0=
github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs=
github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0=
github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
github.com/Microsoft/hcsshim v0.11.7 h1:vl/nj3Bar/CvJSYo7gIQPyRWc9f3c6IeSNavBTSZNZQ=
github.com/Microsoft/hcsshim v0.11.7/go.mod h1:MV8xMfmECjl5HdO7U/3/hFVnkmSBjAjmA09d4bExKcU=
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8=
github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q=
github.com/ProtonMail/go-crypto v1.3.0 h1:ILq8+Sf5If5DCpHQp4PbZdS1J7HDFRXz/+xKBiRGFrw=
github.com/ProtonMail/go-crypto v1.3.0/go.mod h1:9whxjD8Rbs29b4XWbB8irEcE8KHMqaR2e7GWU1R+/PE=
github.com/STARRY-S/zip v0.2.1 h1:pWBd4tuSGm3wtpoqRZZ2EAwOmcHK6XFf7bU9qcJXyFg=
github.com/STARRY-S/zip v0.2.1/go.mod h1:xNvshLODWtC4EJ702g7cTYn13G53o1+X9BWnPFpcWV4=
github.com/acobaugh/osrelease v0.1.0 h1:Yb59HQDGGNhCj4suHaFQQfBps5wyoKLSSX/J/+UifRE=
github.com/acobaugh/osrelease v0.1.0/go.mod h1:4bFEs0MtgHNHBrmHCt67gNisnabCRAlzdVasCEGHTWY=
github.com/adrg/xdg v0.5.3 h1:xRnxJXne7+oWDatRhR1JLnvuccuIeCoBu2rtuLqQB78=
github.com/adrg/xdg v0.5.3/go.mod h1:nlTsY+NNiCBGCK2tpm09vRqfVzrc2fLmXGpBLF0zlTQ=
github.com/agext/levenshtein v1.2.1 h1:QmvMAjj2aEICytGiWzmxoE0x2KZvE0fvmqMOfy2tjT8=
github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/anchore/archiver/v3 v3.5.3-0.20241210171143-5b1d8d1c7c51 h1:yhk+P8lF3ZiROjmaVRao9WGTRo4b/wYjoKEiAHWrKwc=
github.com/anchore/archiver/v3 v3.5.3-0.20241210171143-5b1d8d1c7c51/go.mod h1:nwuGSd7aZp0rtYt79YggCGafz1RYsclE7pi3fhLwvuw=
github.com/anchore/clio v0.0.0-20250319180342-2cfe4b0cb716 h1:2sIdYJlQESEnyk3Y0WD2vXWW5eD2iMz9Ev8fj1Z8LNA=
github.com/anchore/clio v0.0.0-20250319180342-2cfe4b0cb716/go.mod h1:Utb9i4kwiCWvqAIxZaJeMIXFO9uOgQXlvH2BfbfO/zI=
github.com/anchore/fangs v0.0.0-20250319222917-446a1e748ec2 h1:GC2QaO0YsmjpsZ4rtVKv9DnproIxqqn+qkskpc+i8MA=
github.com/anchore/fangs v0.0.0-20250319222917-446a1e748ec2/go.mod h1:XUbUECwVKuD3qYRUj+QZIOHjyyXua2gFmVjKA40iHXA=
github.com/anchore/go-collections v0.0.0-20240216171411-9321230ce537 h1:GjNGuwK5jWjJMyVppBjYS54eOiiSNv4Ba869k4wh72Q=
github.com/anchore/go-collections v0.0.0-20240216171411-9321230ce537/go.mod h1:1aiktV46ATCkuVg0O573ZrH56BUawTECPETbZyBcqT8=
github.com/anchore/go-homedir v0.0.0-20250319154043-c29668562e4d h1:gT69osH9AsdpOfqxbRwtxcNnSZ1zg4aKy2BevO3ZBdc=
github.com/anchore/go-homedir v0.0.0-20250319154043-c29668562e4d/go.mod h1:PhSnuFYknwPZkOWKB1jXBNToChBA+l0FjwOxtViIc50=
github.com/anchore/go-logger v0.0.0-20250318195838-07ae343dd722 h1:2SqmFgE7h+Ql4VyBzhjLkRF/3gDrcpUBj8LjvvO6OOM=
github.com/anchore/go-logger v0.0.0-20250318195838-07ae343dd722/go.mod h1:oFuE8YuTCM+spgMXhePGzk3asS94yO9biUfDzVTFqNw=
github.com/anchore/go-lzo v0.1.0 h1:NgAacnzqPeGH49Ky19QKLBZEuFRqtTG9cdaucc3Vncs=
github.com/anchore/go-lzo v0.1.0/go.mod h1:3kLx0bve2oN1iDwgM1U5zGku1Tfbdb0No5qp1eL1fIk=
github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb h1:iDMnx6LIjtjZ46C0akqveX83WFzhpTD3eqOthawb5vU=
github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb/go.mod h1:DmTY2Mfcv38hsHbG78xMiTDdxFtkHpgYNVDPsF2TgHk=
github.com/anchore/go-rpmdb v0.0.0-20250516171929-f77691e1faec h1:SjjPMOXTzpuU1ZME4XeoHyek+dry3/C7I8gzaCo02eg=
github.com/anchore/go-rpmdb v0.0.0-20250516171929-f77691e1faec/go.mod h1:eQVa6QFGzKy0qMcnW2pez0XBczvgwSjw9vA23qifEyU=
github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 h1:aM1rlcoLz8y5B2r4tTLMiVTrMtpfY0O8EScKJxaSaEc=
github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092/go.mod h1:rYqSE9HbjzpHTI74vwPvae4ZVYZd1lue2ta6xHPdblA=
github.com/anchore/go-sync v0.0.0-20250326131806-4eda43a485b6 h1:Ha+LSCVuXYSYGi7wIkJK6G8g6jI3LH7y6LbyEVyp4Io=
github.com/anchore/go-sync v0.0.0-20250326131806-4eda43a485b6/go.mod h1:+9oM3XUy8iea/vWj9FhZ9bQGUBN8JpPxxJm5Wbcx9XM=
github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04 h1:VzprUTpc0vW0nnNKJfJieyH/TZ9UYAnTZs5/gHTdAe8=
github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04/go.mod h1:6dK64g27Qi1qGQZ67gFmBFvEHScy0/C8qhQhNe5B5pQ=
github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b h1:e1bmaoJfZVsCYMrIZBpFxwV26CbsuoEh5muXD5I1Ods=
github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E=
github.com/anchore/packageurl-go v0.1.1-0.20250220190351-d62adb6e1115 h1:ZyRCmiEjnoGJZ1+Ah0ZZ/mKKqNhGcUZBl0s7PTTDzvY=
github.com/anchore/packageurl-go v0.1.1-0.20250220190351-d62adb6e1115/go.mod h1:KoYIv7tdP5+CC9VGkeZV4/vGCKsY55VvoG+5dadg4YI=
github.com/anchore/stereoscope v0.1.10 h1:BogafIMaW/L1lOUoVS96Hu1jTSP2JktxIayVqcxvcBI=
github.com/anchore/stereoscope v0.1.10/go.mod h1:RWFAkQE8tp8yyaf4V83Kq1bO6hX3bzi8gpLCcKgZLIk=
github.com/anchore/syft v1.33.0 h1:pYUEplww99PyB0OVPBfDu8VODLvZ3i9v1ngl4S1W9oo=
github.com/anchore/syft v1.33.0/go.mod h1:yowzB+qYX2fbAW5Y0O0wpX885FEqDqYITqDGltbvobw=
github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
github.com/andybalholm/brotli v1.1.2-0.20250424173009-453214e765f3 h1:8PmGpDEZl9yDpcdEr6Odf23feCxK3LNUNMxjXg41pZQ=
github.com/andybalholm/brotli v1.1.2-0.20250424173009-453214e765f3/go.mod h1:05ib4cKhjx3OQYUY22hTVd34Bc8upXjOLL2rKwwZBoA=
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY=
github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4=
github.com/aquasecurity/go-pep440-version v0.0.1 h1:8VKKQtH2aV61+0hovZS3T//rUF+6GDn18paFTVS0h0M=
github.com/aquasecurity/go-pep440-version v0.0.1/go.mod h1:3naPe+Bp6wi3n4l5iBFCZgS0JG8vY6FT0H4NGhFJ+i4=
github.com/aquasecurity/go-version v0.0.1 h1:4cNl516agK0TCn5F7mmYN+xVs1E3S45LkgZk3cbaW2E=
github.com/aquasecurity/go-version v0.0.1/go.mod h1:s1UU6/v2hctXcOa3OLwfj5d9yoXHa3ahf+ipSwEvGT0=
github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc=
github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4=
github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI=
github.com/aws/aws-sdk-go-v2 v1.36.5 h1:0OF9RiEMEdDdZEMqF9MRjevyxAQcf6gY+E7vwBILFj0=
github.com/aws/aws-sdk-go-v2 v1.36.5/go.mod h1:EYrzvCCN9CMUTa5+6lf6MM4tq3Zjp8UhSGR/cBsjai0=
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.10 h1:zAybnyUQXIZ5mok5Jqwlf58/TFE7uvd3IAsa1aF9cXs=
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.10/go.mod h1:qqvMj6gHLR/EXWZw4ZbqlPbQUyenf4h82UQUlKc+l14=
github.com/aws/aws-sdk-go-v2/config v1.29.17 h1:jSuiQ5jEe4SAMH6lLRMY9OVC+TqJLP5655pBGjmnjr0=
github.com/aws/aws-sdk-go-v2/config v1.29.17/go.mod h1:9P4wwACpbeXs9Pm9w1QTh6BwWwJjwYvJ1iCt5QbCXh8=
github.com/aws/aws-sdk-go-v2/credentials v1.17.70 h1:ONnH5CM16RTXRkS8Z1qg7/s2eDOhHhaXVd72mmyv4/0=
github.com/aws/aws-sdk-go-v2/credentials v1.17.70/go.mod h1:M+lWhhmomVGgtuPOhO85u4pEa3SmssPTdcYpP/5J/xc=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.32 h1:KAXP9JSHO1vKGCr5f4O6WmlVKLFFXgWYAGoJosorxzU=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.32/go.mod h1:h4Sg6FQdexC1yYG9RDnOvLbW1a/P986++/Y/a+GyEM8=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.36 h1:SsytQyTMHMDPspp+spo7XwXTP44aJZZAC7fBV2C5+5s=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.36/go.mod h1:Q1lnJArKRXkenyog6+Y+zr7WDpk4e6XlR6gs20bbeNo=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.36 h1:i2vNHQiXUvKhs3quBR6aqlgJaiaexz/aNvdCktW/kAM=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.36/go.mod h1:UdyGa7Q91id/sdyHPwth+043HhmP6yP9MBHgbZM0xo8=
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo=
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo=
github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.34 h1:ZNTqv4nIdE/DiBfUUfXcLZ/Spcuz+RjeziUtNJackkM=
github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.34/go.mod h1:zf7Vcd1ViW7cPqYWEHLHJkS50X0JS2IKz9Cgaj6ugrs=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.4 h1:CXV68E2dNqhuynZJPB80bhPQwAKqBWVer887figW6Jc=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.4/go.mod h1:/xFi9KtvBXP97ppCz1TAEvU1Uf66qvid89rbem3wCzQ=
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.7.2 h1:BCG7DCXEXpNCcpwCxg1oi9pkJWH2+eZzTn9MY56MbVw=
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.7.2/go.mod h1:iu6FSzgt+M2/x3Dk8zhycdIcHjEFb36IS8HVUVFoMg0=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.17 h1:t0E6FzREdtCsiLIoLCWsYliNsRBgyGD/MCK571qk4MI=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.17/go.mod h1:ygpklyoaypuyDvOM5ujWGrYWpAK3h7ugnmKCU/76Ys4=
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.15 h1:moLQUoVq91LiqT1nbvzDukyqAlCv89ZmwaHw/ZFlFZg=
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.15/go.mod h1:ZH34PJUc8ApjBIfgQCFvkWcUDBtl/WTD+uiYHjd8igA=
github.com/aws/aws-sdk-go-v2/service/s3 v1.80.1 h1:xYEAf/6QHiTZDccKnPMbsMwlau13GsDsTgdue3wmHGw=
github.com/aws/aws-sdk-go-v2/service/s3 v1.80.1/go.mod h1:qbn305Je/IofWBJ4bJz/Q7pDEtnnoInw/dGt71v6rHE=
github.com/aws/aws-sdk-go-v2/service/sso v1.25.5 h1:AIRJ3lfb2w/1/8wOOSqYb9fUKGwQbtysJ2H1MofRUPg=
github.com/aws/aws-sdk-go-v2/service/sso v1.25.5/go.mod h1:b7SiVprpU+iGazDUqvRSLf5XmCdn+JtT1on7uNL6Ipc=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.3 h1:BpOxT3yhLwSJ77qIY3DoHAQjZsc4HEGfMCE4NGy3uFg=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.3/go.mod h1:vq/GQR1gOFLquZMSrxUK/cpvKCNVYibNyJ1m7JrU88E=
github.com/aws/aws-sdk-go-v2/service/sts v1.34.0 h1:NFOJ/NXEGV4Rq//71Hs1jC/NvPs1ezajK+yQmkwnPV0=
github.com/aws/aws-sdk-go-v2/service/sts v1.34.0/go.mod h1:7ph2tGpfQvwzgistp2+zga9f+bCjlQJPkPUmMgDSD7w=
github.com/aws/smithy-go v1.22.4 h1:uqXzVZNuNexwc/xrh6Tb56u89WDlJY6HS+KC0S4QSjw=
github.com/aws/smithy-go v1.22.4/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI=
github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k=
github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8=
github.com/becheran/wildmatch-go v1.0.0 h1:mE3dGGkTmpKtT4Z+88t8RStG40yN9T+kFEGj2PZFSzA=
github.com/becheran/wildmatch-go v1.0.0/go.mod h1:gbMvj0NtVdJ15Mg/mH9uxk2R1QCistMyU7d9KFzroX4=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas=
github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4=
github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
github.com/bitnami/go-version v0.0.0-20250131085805-b1f57a8634ef h1:TSFnfbbu2oAOuWbeDDTtwXWE6z+PmpgbSsMBeV7l0ww=
github.com/bitnami/go-version v0.0.0-20250131085805-b1f57a8634ef/go.mod h1:9iglf1GG4oNRJ39bZ5AZrjgAFD2RwQbXw6Qf7Cs47wo=
github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb h1:m935MPodAbYS46DG4pJSv7WO+VECIWUQ7OJYSoTrMh4=
github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb/go.mod h1:PkYb9DJNAwrSvRx5DYA+gUcOIgTGVMNkfSCbZM8cWpI=
github.com/bmatcuk/doublestar/v4 v4.9.1 h1:X8jg9rRZmJd4yRy7ZeNDRnM+T3ZfHv15JiBJ/avrEXE=
github.com/bmatcuk/doublestar/v4 v4.9.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
github.com/bodgit/plumbing v1.3.0 h1:pf9Itz1JOQgn7vEOE7v7nlEfBykYqvUYioC61TwWCFU=
github.com/bodgit/plumbing v1.3.0/go.mod h1:JOTb4XiRu5xfnmdnDJo6GmSbSbtSyufrsyZFByMtKEs=
github.com/bodgit/sevenzip v1.6.0 h1:a4R0Wu6/P1o1pP/3VV++aEOcyeBxeO/xE2Y9NSTrr6A=
github.com/bodgit/sevenzip v1.6.0/go.mod h1:zOBh9nJUof7tcrlqJFv1koWRrhz3LbDbUNngkuZxLMc=
github.com/bodgit/windows v1.0.1 h1:tF7K6KOluPYygXa3Z2594zxlkbKPAOvqr97etrGNIz4=
github.com/bodgit/windows v1.0.1/go.mod h1:a6JLwrB4KrTR5hBpp8FI9/9W9jJfeQ2h4XDXU74ZCdM=
github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M=
github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0=
github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/charmbracelet/bubbles v0.21.0 h1:9TdC97SdRVg/1aaXNVWfFH3nnLAwOXr8Fn6u6mfQdFs=
github.com/charmbracelet/bubbles v0.21.0/go.mod h1:HF+v6QUR4HkEpz62dx7ym2xc71/KBHg+zKwJtMw+qtg=
github.com/charmbracelet/bubbletea v1.3.9 h1:OBYdfRo6QnlIcXNmcoI2n1NNS65Nk6kI2L2FO1puS/4=
github.com/charmbracelet/bubbletea v1.3.9/go.mod h1:ORQfo0fk8U+po9VaNvnV95UPWA1BitP1E0N6xJPlHr4=
github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc h1:4pZI35227imm7yK2bGPcfpFEmuY1gc2YSTShr4iJBfs=
github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc/go.mod h1:X4/0JoqgTIPSFcRA/P6INZzIuyqdFY5rm8tb41s9okk=
github.com/charmbracelet/lipgloss v1.1.0 h1:vYXsiLHVkK7fp74RkV7b2kq9+zDLoEU4MZoFqR/noCY=
github.com/charmbracelet/lipgloss v1.1.0/go.mod h1:/6Q8FR2o+kj8rz4Dq0zQc3vYf7X+B0binUUBwA0aL30=
github.com/charmbracelet/x/ansi v0.10.1 h1:rL3Koar5XvX0pHGfovN03f5cxLbCF2YvLeyz7D2jVDQ=
github.com/charmbracelet/x/ansi v0.10.1/go.mod h1:3RQDQ6lDnROptfpWuUVIUG64bD2g2BgntdxH0Ya5TeE=
github.com/charmbracelet/x/cellbuf v0.0.13-0.20250311204145-2c3ea96c31dd h1:vy0GVL4jeHEwG5YOXDmi86oYw2yuYUGqz6a8sLwg0X8=
github.com/charmbracelet/x/cellbuf v0.0.13-0.20250311204145-2c3ea96c31dd/go.mod h1:xe0nKWGd3eJgtqZRaN9RjMtK7xUYchjzPr7q6kcvCCs=
github.com/charmbracelet/x/term v0.2.1 h1:AQeHeLZ1OqSXhrAWpYUtZyX1T3zVxfpZuEQMIQaGIAQ=
github.com/charmbracelet/x/term v0.2.1/go.mod h1:oQ4enTYFV7QN4m0i9mzHrViD7TQKvNEEkHUMCmsxdUg=
github.com/chromedp/cdproto v0.0.0-20230802225258-3cf4e6d46a89/go.mod h1:GKljq0VrfU4D5yc+2qA6OVr8pmO/MBbPEWqWQ/oqGEs=
github.com/chromedp/chromedp v0.9.2/go.mod h1:LkSXJKONWTCHAfQasKFUZI+mxqS4tZqhmtGzzhLsnLs=
github.com/chromedp/sysutil v1.0.0/go.mod h1:kgWmDdq8fTzXYcKIBqIYvRRTnYb9aNS9moAV0xufSww=
github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
github.com/chzyer/readline v1.5.1/go.mod h1:Eh+b79XXUwfKfcPLepksvw2tcLE/Ct21YObkaSkeBlk=
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0=
github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw=
github.com/containerd/containerd v1.7.28 h1:Nsgm1AtcmEh4AHAJ4gGlNSaKgXiNccU270Dnf81FQ3c=
github.com/containerd/containerd v1.7.28/go.mod h1:azUkWcOvHrWvaiUjSQH0fjzuHIwSPg1WL5PshGP4Szs=
github.com/containerd/containerd/api v1.8.0 h1:hVTNJKR8fMc/2Tiw60ZRijntNMd1U+JVMyTRdsD2bS0=
github.com/containerd/containerd/api v1.8.0/go.mod h1:dFv4lt6S20wTu/hMcP4350RL87qPWLVa/OHOwmmdnYc=
github.com/containerd/continuity v0.4.4 h1:/fNVfTJ7wIl/YPMHjf+5H32uFhl63JucB34PlCpMKII=
github.com/containerd/continuity v0.4.4/go.mod h1:/lNJvtJKUQStBzpVQ1+rasXO1LAWtUQssk28EZvJ3nE=
github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=
github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=
github.com/containerd/fifo v1.1.0 h1:4I2mbh5stb1u6ycIABlBw9zgtlK8viPI9QkQNRQEEmY=
github.com/containerd/fifo v1.1.0/go.mod h1:bmC4NWMbXlt2EZ0Hc7Fx7QzTFxgPID13eH0Qu+MAb2o=
github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A=
github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw=
github.com/containerd/stargz-snapshotter/estargz v0.16.3 h1:7evrXtoh1mSbGj/pfRccTampEyKpjpOnS3CyiV1Ebr8=
github.com/containerd/stargz-snapshotter/estargz v0.16.3/go.mod h1:uyr4BfYfOj3G9WBVE8cOlQmXAbPN9VEQpBBeJIuOipU=
github.com/containerd/ttrpc v1.2.7 h1:qIrroQvuOL9HQ1X6KHe2ohc7p+HP/0VE6XPU7elJRqQ=
github.com/containerd/ttrpc v1.2.7/go.mod h1:YCXHsb32f+Sq5/72xHubdiJRQY9inL4a4ZQrAbN1q9o=
github.com/containerd/typeurl/v2 v2.2.0 h1:6NBDbQzr7I5LHgp34xAXYF5DOTQDn05X58lsPEmzLso=
github.com/containerd/typeurl/v2 v2.2.0/go.mod h1:8XOOxnyatxSWuG8OfsZXVnAF4iZfedjS/8UHSPJnX4g=
github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s=
github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/deitch/magic v0.0.0-20230404182410-1ff89d7342da h1:ZOjWpVsFZ06eIhnh4mkaceTiVoktdU67+M7KDHJ268M=
github.com/deitch/magic v0.0.0-20230404182410-1ff89d7342da/go.mod h1:B3tI9iGHi4imdLi4Asdha1Sc6feLMTfPLXh9IUYmysk=
github.com/dgrijalva/jwt-go/v4 v4.0.0-preview1/go.mod h1:+hnT3ywWDTAFrW5aE+u2Sa/wT555ZqwoCS+pk3p6ry4=
github.com/diskfs/go-diskfs v1.7.0 h1:vonWmt5CMowXwUc79jWyGrf2DIMeoOjkLlMnQYGVOs8=
github.com/diskfs/go-diskfs v1.7.0/go.mod h1:LhQyXqOugWFRahYUSw47NyZJPezFzB9UELwhpszLP/k=
github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
github.com/djherbis/times v1.6.0 h1:w2ctJ92J8fBvWPxugmXIv7Nz7Q3iDMKNx9v5ocVH20c=
github.com/djherbis/times v1.6.0/go.mod h1:gOHeRAz2h+VJNZ5Gmc/o7iD9k4wW7NMVqieYCY99oc0=
github.com/docker/cli v28.4.0+incompatible h1:RBcf3Kjw2pMtwui5V0DIMdyeab8glEw5QY0UUU4C9kY=
github.com/docker/cli v28.4.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/docker v28.4.0+incompatible h1:KVC7bz5zJY/4AZe/78BIvCnPsLaC9T/zh72xnlrTTOk=
github.com/docker/docker v28.4.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/docker-credential-helpers v0.9.3 h1:gAm/VtF9wgqJMoxzT3Gj5p4AqIjCBS4wrsOh9yRqcz8=
github.com/docker/docker-credential-helpers v0.9.3/go.mod h1:x+4Gbw9aGmChi3qTLZj8Dfn0TD20M/fuWy0E5+WDeCo=
github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94=
github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE=
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8=
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
github.com/dsnet/compress v0.0.2-0.20230904184137-39efe44ab707 h1:2tV76y6Q9BB+NEBasnqvs7e49aEBFI8ejC89PSnWH+4=
github.com/dsnet/compress v0.0.2-0.20230904184137-39efe44ab707/go.mod h1:qssHWj60/X5sZFNxpG4HBPDHVqxNm4DfnCKgrbZOT+s=
github.com/dsnet/golib v0.0.0-20171103203638-1ea166775780/go.mod h1:Lj+Z9rebOhdfkVLjJ8T6VcRQv3SXugXy999NBtR9aFY=
github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
github.com/elazarl/goproxy v1.7.2 h1:Y2o6urb7Eule09PjlhQRGNsqRfPmYI3KKQLFpCAV3+o=
github.com/elazarl/goproxy v1.7.2/go.mod h1:82vkLNir0ALaW14Rc399OTTjyNREgmdL2cVoIbS6XaE=
github.com/elliotchance/phpserialize v1.4.0 h1:cAp/9+KSnEbUC8oYCE32n2n84BeW8HOY3HMDI8hG2OY=
github.com/elliotchance/phpserialize v1.4.0/go.mod h1:gt7XX9+ETUcLXbtTKEuyrqW3lcLUAeS/AnGZ2e49TZs=
github.com/elliotwutingfeng/asciiset v0.0.0-20230602022725-51bbb787efab h1:h1UgjJdAAhj+uPL68n7XASS6bU+07ZX1WJvVS2eyoeY=
github.com/elliotwutingfeng/asciiset v0.0.0-20230602022725-51bbb787efab/go.mod h1:GLo/8fDswSAniFG+BFIaiSPcK610jyzgEhWYPQwuQdw=
github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
github.com/envoyproxy/go-control-plane v0.10.1/go.mod h1:AY7fTTXNdv/aJ2O5jwpxAPOWUZ7hQAEvzN5Pf27BkQQ=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/envoyproxy/protoc-gen-validate v0.6.2/go.mod h1:2t7qjJNvHPx8IjnBOzl9E9/baC+qXE/TeeyBRzgJDws=
github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f h1:Y/CXytFA4m6baUTXGLOoWe4PQhGxaX0KpnayAqC48p4=
github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f/go.mod h1:vw97MGsxSvLiUE2X8qFplwetxpGLQrlU1Q9AUEIzCaM=
github.com/facebookincubator/flog v0.0.0-20190930132826-d2511d0ce33c/go.mod h1:QGzNH9ujQ2ZUr/CjDGZGWeDAVStrWNjHeEcjJL96Nuk=
github.com/facebookincubator/nvdtools v0.1.5 h1:jbmDT1nd6+k+rlvKhnkgMokrCAzHoASWE5LtHbX2qFQ=
github.com/facebookincubator/nvdtools v0.1.5/go.mod h1:Kh55SAWnjckS96TBSrXI99KrEKH4iB0OJby3N8GRJO4=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=
github.com/fatih/set v0.2.1 h1:nn2CaJyknWE/6txyUDGwysr3G5QC6xWB/PtVjPBbeaA=
github.com/fatih/set v0.2.1/go.mod h1:+RKtMCH+favT2+3YecHGxcc0b4KyVWA1QWWJUs4E0CI=
github.com/felixge/fgprof v0.9.3/go.mod h1:RdbpDgzqYVh/T9fPELJyV7EYJuHB55UTEULNun8eiPw=
github.com/felixge/fgprof v0.9.5 h1:8+vR6yu2vvSKn08urWyEuxx75NWPEvybbkBirEpsbVY=
github.com/felixge/fgprof v0.9.5/go.mod h1:yKl+ERSa++RYOs32d8K6WEXCB4uXdLls4ZaZPpayhMM=
github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU=
github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M=
github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
github.com/gabriel-vasile/mimetype v1.4.9 h1:5k+WDwEsD9eTLL8Tz3L0VnmVh9QxGjRmjBvAG7U/oYY=
github.com/gabriel-vasile/mimetype v1.4.9/go.mod h1:WnSQhFKJuBlRyLiKohA/2DtIlPFAbguNaG7QCHcyGok=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/github/go-spdx/v2 v2.3.3 h1:QI7evnHWEfWkT54eJwkoV/f3a0xD3gLlnVmT5wQG6LE=
github.com/github/go-spdx/v2 v2.3.3/go.mod h1:2ZxKsOhvBp+OYBDlsGnUMcchLeo2mrpEBn2L1C+U3IQ=
github.com/glebarez/go-sqlite v1.20.3 h1:89BkqGOXR9oRmG58ZrzgoY/Fhy5x0M+/WV48U5zVrZ4=
github.com/glebarez/go-sqlite v1.20.3/go.mod h1:u3N6D/wftiAzIOJtZl6BmedqxmmkDfH3q+ihjqxC9u0=
github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c=
github.com/gliderlabs/ssh v0.3.8/go.mod h1:xYoytBv1sV0aL3CavoDuJIQNURXkkfPA/wxQ1pL1fAU=
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UNbRM=
github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU=
github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
github.com/go-git/go-git/v5 v5.16.2 h1:fT6ZIOjE5iEnkzKyxTHK1W4HGAsPhqEqiSAssSO77hM=
github.com/go-git/go-git/v5 v5.16.2/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8=
github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
github.com/go-restruct/restruct v1.2.0-alpha h1:2Lp474S/9660+SJjpVxoKuWX09JsXHSrdV7Nv3/gkvc=
github.com/go-restruct/restruct v1.2.0-alpha/go.mod h1:KqrpKpn4M8OLznErihXTGLlsXFGeLxHUrLRRI/1YjGk=
github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U=
github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs=
github.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=
github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
github.com/gobwas/ws v1.2.1/go.mod h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/KY=
github.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw=
github.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
github.com/gohugoio/hashstructure v0.5.0 h1:G2fjSBU36RdwEJBWJ+919ERvOVqAg9tfcYp47K9swqg=
github.com/gohugoio/hashstructure v0.5.0/go.mod h1:Ser0TniXuu/eauYmrwM4o64EBvySxNzITEOLlm4igec=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ=
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw=
github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
github.com/google/go-containerregistry v0.20.6 h1:cvWX87UxxLgaH76b4hIvya6Dzz9qHB31qAwjAohdSTU=
github.com/google/go-containerregistry v0.20.6/go.mod h1:T0x8MuoAoKX/873bkeSfLD2FAkwCDf9/HZgsFJ02E2Y=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/licensecheck v0.3.1 h1:QoxgoDkaeC4nFrtGN1jV7IPmDCHFNIVh54e5hSt6sPs=
github.com/google/licensecheck v0.3.1/go.mod h1:ORkR35t/JjW+emNKtfJDII0zlciG9JgbT7SmsohlHmY=
github.com/google/licenseclassifier/v2 v2.0.0 h1:1Y57HHILNf4m0ABuMVb6xk4vAJYEUO0gDxNpog0pyeA=
github.com/google/licenseclassifier/v2 v2.0.0/go.mod h1:cOjbdH0kyC9R22sdQbYsFkto4NGCAc+ZSwbeThazEtM=
github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no=
github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
github.com/google/martian/v3 v3.3.3 h1:DIhPTQrbPkgs2yJYdXU/eNACCG5DVQjySNRNlflZ9Fc=
github.com/google/martian/v3 v3.3.3/go.mod h1:iEPrYcgCF7jA9OtScMFQyAlZZ4YXTKEtJ1E6RWzmBA0=
github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20211214055906-6f57359322fd/go.mod h1:KgnwoLYCZ8IQu3XUZ8Nc/bM9CCZFOyjUNOSygVozoDg=
github.com/google/pprof v0.0.0-20240227163752-401108e1b7e7/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=
github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e h1:ijClszYn+mADRFY17kjQEVQ1XRhq2/JR1M3sGqeJoxs=
github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM=
github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA=
github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw=
github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA=
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM=
github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s=
github.com/googleapis/gax-go/v2 v2.13.0/go.mod h1:Z/fvTZXF8/uw7Xu5GuslPw+bplx6SS338j1Is2S+B7A=
github.com/gookit/assert v0.1.1 h1:lh3GcawXe/p+cU7ESTZ5Ui3Sm/x8JWpIis4/1aF0mY0=
github.com/gookit/assert v0.1.1/go.mod h1:jS5bmIVQZTIwk42uXl4lyj4iaaxx32tqH16CFj0VX2E=
github.com/gookit/color v1.2.5/go.mod h1:AhIE+pS6D4Ql0SQWbBeXPHw7gY0/sjHoA4s/n1KB7xg=
github.com/gookit/color v1.6.0 h1:JjJXBTk1ETNyqyilJhkTXJYYigHG24TM9Xa2M1xAhRA=
github.com/gookit/color v1.6.0/go.mod h1:9ACFc7/1IpHGBW8RwuDm/0YEnhg3dwwXpoMsmtyHfjs=
github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo=
github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms=
github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg=
github.com/hashicorp/aws-sdk-go-base/v2 v2.0.0-beta.65 h1:81+kWbE1yErFBMjME0I5k3x3kojjKsWtPYHEAutoPow=
github.com/hashicorp/aws-sdk-go-base/v2 v2.0.0-beta.65/go.mod h1:WtMzv9T++tfWVea+qB2MXoaqxw33S8bpJslzUike2mQ=
github.com/hashicorp/consul/api v1.11.0/go.mod h1:XjsvQN+RJGWI2TWy1/kqaE16HrR2J/FWgkYjdZQsX9M=
github.com/hashicorp/consul/sdk v0.8.0/go.mod h1:GBvyrGALthsZObzUGsfgHZQDXjg4lOjagTIwIR1vPms=
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
github.com/hashicorp/go-getter v1.8.0 h1:GMRdoMBDz12Mim366pWsRVIrrkugJ19rrmykkv0Nhzo=
github.com/hashicorp/go-getter v1.8.0/go.mod h1:/K0O5zR6R72O3r2x3z2UHadiC0XHMbbzHO9pS8ZeJPA=
github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
github.com/hashicorp/go-hclog v1.0.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
github.com/hashicorp/go-safetemp v1.0.0 h1:2HR189eFNrjHQyENnQMMpCiBAsRxzbTMIgBhEyExpmo=
github.com/hashicorp/go-safetemp v1.0.0/go.mod h1:oaerMy3BhqiTbVye6QuFhFtIceqFoDHxNAB65b+Rj1I=
github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
github.com/hashicorp/hcl/v2 v2.24.0 h1:2QJdZ454DSsYGoaE6QheQZjtKZSUs9Nh2izTWiwQxvE=
github.com/hashicorp/hcl/v2 v2.24.0/go.mod h1:oGoO1FIQYfn/AgyOhlg9qLC6/nOJPX3qGbkZpYAcqfM=
github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
github.com/hashicorp/mdns v1.0.1/go.mod h1:4gW7WsVCke5TE7EPeYliwHlRUyBtfCwuFwuMg2DmyNY=
github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc=
github.com/hashicorp/memberlist v0.2.2/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE=
github.com/hashicorp/memberlist v0.3.0/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE=
github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk=
github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4=
github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI=
github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho=
github.com/iancoleman/strcase v0.3.0 h1:nTXanmYxhfFAMjZL34Ov6gkzEsSJZ5DbhxWjvSASxEI=
github.com/iancoleman/strcase v0.3.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho=
github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/ianlancetaylor/demangle v0.0.0-20210905161508-09a460cdf81d/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w=
github.com/ianlancetaylor/demangle v0.0.0-20230524184225-eabc099b10ab/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw=
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
github.com/jedib0t/go-pretty/v6 v6.6.8 h1:JnnzQeRz2bACBobIaa/r+nqjvws4yEhcmaZ4n1QzsEc=
github.com/jedib0t/go-pretty/v6 v6.6.8/go.mod h1:YwC5CE4fJ1HFUDeivSV1r//AmANFHyqczZk+U6BDALU=
github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
github.com/kastenhq/goversion v0.0.0-20230811215019-93b2f8823953 h1:WdAeg/imY2JFPc/9CST4bZ80nNJbiBFCAdSZCSgrS5Y=
github.com/kastenhq/goversion v0.0.0-20230811215019-93b2f8823953/go.mod h1:6o+UrvuZWc4UTyBhQf0LGjW9Ld7qJxLz/OqvSOWWlEc=
github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU=
github.com/klauspost/pgzip v1.2.6/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs=
github.com/logrusorgru/aurora v2.0.3+incompatible h1:tOpm7WcpBTn4fjmVfgpQq0EfczGlG91VSDkswnjF5A8=
github.com/logrusorgru/aurora v2.0.3+incompatible/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY=
github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w=
github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
github.com/magiconair/properties v1.8.10 h1:s31yESBquKXCV9a/ScB3ESkOjUYYv+X0rg8SYxI99mE=
github.com/magiconair/properties v1.8.10/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/mattn/go-localereader v0.0.2-0.20220822084749-2491eb6c1c75 h1:P8UmIzZMYDR+NGImiFvErt6VWfIRPuGM+vyjiEdkmIw=
github.com/mattn/go-localereader v0.0.2-0.20220822084749-2491eb6c1c75/go.mod h1:8fBrzywKY7BI3czFoHkuzRoWE9C+EiG4R1k4Cjx5p88=
github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI=
github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
github.com/mholt/archives v0.1.3 h1:aEAaOtNra78G+TvV5ohmXrJOAzf++dIlYeDW3N9q458=
github.com/mholt/archives v0.1.3/go.mod h1:LUCGp++/IbV/I0Xq4SzcIR6uwgeh2yjnQWamjRQfLTU=
github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
github.com/mikelolasagasti/xz v1.0.1 h1:Q2F2jX0RYJUG3+WsM+FJknv+6eVjsjXNDV0KJXZzkD0=
github.com/mikelolasagasti/xz v1.0.1/go.mod h1:muAirjiOUxPRXwm9HdDtB3uoRPrGnL85XHtokL9Hcgc=
github.com/minio/minlz v1.0.0 h1:Kj7aJZ1//LlTP1DM8Jm7lNKvvJS2m74gyyXXn3+uJWQ=
github.com/minio/minlz v1.0.0/go.mod h1:qT0aEB35q79LLornSzeDH75LBf3aH1MV+jB5w9Wasec=
github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI=
github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=
github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=
github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw=
github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs=
github.com/moby/sys/mountinfo v0.7.2 h1:1shs6aH5s4o5H2zQLn796ADW1wMrIwHsyJ2v9KouLrg=
github.com/moby/sys/mountinfo v0.7.2/go.mod h1:1YOa8w8Ih7uW0wALDUgT1dTTSBrZ+HiBLGws92L2RU4=
github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU=
github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko=
github.com/moby/sys/signal v0.7.0 h1:25RW3d5TnQEoKvRbEKUGay6DCQ46IxAVTT9CUMgmsSI=
github.com/moby/sys/signal v0.7.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg=
github.com/moby/sys/user v0.3.0 h1:9ni5DlcW5an3SvRSx4MouotOygvzaXbaSrc/wGDFWPo=
github.com/moby/sys/user v0.3.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs=
github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g=
github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28=
github.com/moby/term v0.0.0-20221205130635-1aeaba878587 h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA=
github.com/moby/term v0.0.0-20221205130635-1aeaba878587/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 h1:ZK8zHtRHOkbHy6Mmr5D264iyp3TiX5OmNcI5cIARiQI=
github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6/go.mod h1:CJlz5H+gyd6CUWT45Oy4q24RdLyn7Md9Vj2/ldJBSIo=
github.com/muesli/cancelreader v0.2.2 h1:3I4Kt4BQjOR54NavqnDogx/MIoWBFa0StPA8ELUXHmA=
github.com/muesli/cancelreader v0.2.2/go.mod h1:3XuTXfFS2VjM+HTLZY9Ak0l6eUKfijIfMUZ4EgX0QYo=
github.com/muesli/termenv v0.16.0 h1:S5AlUN9dENB57rsbnkPyfdGuWIlkmzJjbFf0Tf5FWUc=
github.com/muesli/termenv v0.16.0/go.mod h1:ZRfOIKPFDYQoDFF4Olj7/QJbW60Ol/kL1pU3VfY/Cnk=
github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4=
github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
github.com/nix-community/go-nix v0.0.0-20250101154619-4bdde671e0a1 h1:kpt9ZfKcm+EDG4s40hMwE//d5SBgDjUOrITReV2u4aA=
github.com/nix-community/go-nix v0.0.0-20250101154619-4bdde671e0a1/go.mod h1:qgCw4bBKZX8qMgGeEZzGFVT3notl42dBjNqO2jut0M0=
github.com/nsf/jsondiff v0.0.0-20210926074059-1e845ec5d249 h1:NHrXEjTNQY7P0Zfx1aMrNhpgxHmow66XQtm0aQLY0AE=
github.com/nsf/jsondiff v0.0.0-20210926074059-1e845ec5d249/go.mod h1:mpRZBD8SJ55OIICQ3iWH0Yz3cjzA61JdqMLoWXeB2+8=
github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9lEc=
github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0=
github.com/nwaples/rardecode/v2 v2.1.0 h1:JQl9ZoBPDy+nIZGb1mx8+anfHp/LV3NE2MjMiv0ct/U=
github.com/nwaples/rardecode/v2 v2.1.0/go.mod h1:7uz379lSxPe6j9nvzxUZ+n7mnJNgjsRNb6IbvGVHRmw=
github.com/olekukonko/errors v1.1.0 h1:RNuGIh15QdDenh+hNvKrJkmxxjV4hcS50Db478Ou5sM=
github.com/olekukonko/errors v1.1.0/go.mod h1:ppzxA5jBKcO1vIpCXQ9ZqgDh8iwODz6OXIGKU8r5m4Y=
github.com/olekukonko/ll v0.0.9 h1:Y+1YqDfVkqMWuEQMclsF9HUR5+a82+dxJuL1HHSRpxI=
github.com/olekukonko/ll v0.0.9/go.mod h1:En+sEW0JNETl26+K8eZ6/W4UQ7CYSrrgg/EdIYT2H8g=
github.com/olekukonko/tablewriter v1.0.9 h1:XGwRsYLC2bY7bNd93Dk51bcPZksWZmLYuaTHR0FqfL8=
github.com/olekukonko/tablewriter v1.0.9/go.mod h1:5c+EBPeSqvXnLLgkm9isDdzR3wjfBkHR9Nhfp3NWrzo=
github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k=
github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY=
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=
github.com/opencontainers/runtime-spec v1.1.0 h1:HHUyrt9mwHUjtasSbXSMvs4cyFxh+Bll4AjJ9odEGpg=
github.com/opencontainers/runtime-spec v1.1.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU=
github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec=
github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde/go.mod h1:nZgzbfBr3hhjoZnS66nKrHmduYNpc34ny7RK4z5/HM0=
github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
github.com/pborman/indent v1.2.1 h1:lFiviAbISHv3Rf0jcuh489bi06hj98JsVMtIDZQb9yM=
github.com/pborman/indent v1.2.1/go.mod h1:FitS+t35kIYtB5xWTZAPhnmrxcciEEOdbyrrpz5K6Vw=
github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
github.com/pierrec/lz4/v4 v4.1.22 h1:cKFw6uJDK+/gfw5BcDL0JL5aBsAFdsIT18eRtLj7VIU=
github.com/pierrec/lz4/v4 v4.1.22/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
github.com/pjbgf/sha1cd v0.3.2 h1:a9wb0bp1oC2TGwStyn0Umc/IGKQnEgF0vVaZ8QF8eo4=
github.com/pjbgf/sha1cd v0.3.2/go.mod h1:zQWigSxVmsHEZow5qaLtPYxpcKMMQpa09ixqBxuCS6A=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/profile v1.7.0 h1:hnbDkaNWPCLMO9wGLdBFTIZvzDrDfBM2072E1S9gJkA=
github.com/pkg/profile v1.7.0/go.mod h1:8Uer0jas47ZQMJ7VD+OHknK4YDY07LPUC6dEvqDjvNo=
github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
github.com/pkg/xattr v0.4.9 h1:5883YPCtkSd8LFbs13nXplj9g9tlrwoJRjgpgMu1/fE=
github.com/pkg/xattr v0.4.9/go.mod h1:di8WF84zAKk8jzR1UBTEWh9AUlIZZ7M/JNt8e9B6ktU=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg=
github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM=
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/rust-secure-code/go-rustaudit v0.0.0-20250226111315-e20ec32e963c h1:8gOLsYwaY2JwlTMT4brS5/9XJdrdIbmk2obvQ748CC0=
github.com/rust-secure-code/go-rustaudit v0.0.0-20250226111315-e20ec32e963c/go.mod h1:kwM/7r/rVluTE8qJbHAffduuqmSv4knVQT2IajGvSiA=
github.com/rwcarlsen/goexif v0.0.0-20190401172101-9e8deecbddbd/go.mod h1:hPqNNc0+uJM6H+SuU8sEs5K5IQeKccPqeSjfgcKGgPk=
github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
github.com/sagikazarmark/crypt v0.3.0/go.mod h1:uD/D+6UF4SrIR1uGEv7bBNkNqLGqUr43MRiaGWX1Nig=
github.com/sagikazarmark/locafero v0.7.0 h1:5MqpDsTGNDhY8sGp0Aowyf0qKsPrhewaLSsFaodPcyo=
github.com/sagikazarmark/locafero v0.7.0/go.mod h1:2za3Cg5rMaTMoG/2Ulr9AwtFaIppKXTRYnozin4aB5k=
github.com/sahilm/fuzzy v0.1.1 h1:ceu5RHF8DGgoi+/dR5PsECjCDH1BE3Fnmpo7aVXOdRA=
github.com/sahilm/fuzzy v0.1.1/go.mod h1:VFvziUEIMCrT6A6tw2RFIXPXXmzXbOsSHF0DOI8ZK9Y=
github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d h1:hrujxIzL1woJ7AwssoOcM/tq5JjjG2yYOc8odClEiXA=
github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d/go.mod h1:uugorj2VCxiV1x+LzaIdVa9b4S4qGAcH6cbhh4qVxOU=
github.com/sanity-io/litter v1.5.8 h1:uM/2lKrWdGbRXDrIq08Lh9XtVYoeGtcQxk9rtQ7+rYg=
github.com/sanity-io/litter v1.5.8/go.mod h1:9gzJgR2i4ZpjZHsKvUXIRQVk7P+yM3e+jAF7bU2UI5U=
github.com/sassoftware/go-rpmutils v0.4.0 h1:ojND82NYBxgwrV+mX1CWsd5QJvvEZTKddtCdFLPWhpg=
github.com/sassoftware/go-rpmutils v0.4.0/go.mod h1:3goNWi7PGAT3/dlql2lv3+MSN5jNYPjT5mVcQcIsYzI=
github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e h1:7q6NSFZDeGfvvtIRwBrU/aegEYJYmvev0cHAwo17zZQ=
github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e/go.mod h1:DkpGd78rljTxKAnTDPFqXSGxvETQnJyuSOQwsHycqfs=
github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
github.com/sebdah/goldie/v2 v2.7.1 h1:PkBHymaYdtvEkZV7TmyqKxdmn5/Vcj+8TpATWZjnG5E=
github.com/sebdah/goldie/v2 v2.7.1/go.mod h1:oZ9fp0+se1eapSRjfYbsV/0Hqhbuu3bJVvKI/NNtssI=
github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
github.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw=
github.com/sergi/go-diff v1.4.0/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k=
github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME=
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
github.com/sirupsen/logrus v1.9.4-0.20230606125235-dd1b4c2e81af h1:Sp5TG9f7K39yfB+If0vjp97vuT74F72r8hfRpP8jLU0=
github.com/sirupsen/logrus v1.9.4-0.20230606125235-dd1b4c2e81af/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
github.com/skeema/knownhosts v1.3.1 h1:X2osQ+RAjK76shCbvhHHHVl3ZlgDm8apHEHFqRjnBY8=
github.com/skeema/knownhosts v1.3.1/go.mod h1:r7KTdC8l4uxWRyK2TpQZ/1o5HaSzh06ePQNxPwTcfiY=
github.com/sorairolake/lzip-go v0.3.5 h1:ms5Xri9o1JBIWvOFAorYtUNik6HI3HgBTkISiqu0Cwg=
github.com/sorairolake/lzip-go v0.3.5/go.mod h1:N0KYq5iWrMXI0ZEXKXaS9hCyOjZUQdBDEIbXfoUwbdk=
github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb h1:bLo8hvc8XFm9J47r690TUKBzcjSWdJDxmjXJZ+/f92U=
github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb/go.mod h1:uKWaldnbMnjsSAXRurWqqrdyZen1R7kxl8TkmWk2OyM=
github.com/spdx/tools-golang v0.5.5 h1:61c0KLfAcNqAjlg6UNMdkwpMernhw3zVRwDZ2x9XOmk=
github.com/spdx/tools-golang v0.5.5/go.mod h1:MVIsXx8ZZzaRWNQpUDhC4Dud34edUYJYecciXgrw5vE=
github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4=
github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I=
github.com/spf13/afero v1.15.0/go.mod h1:NC2ByUVxtQs4b3sIUphxK0NioZnmxgyCrfzeuq8lxMg=
github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y=
github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
github.com/spf13/cobra v1.3.0/go.mod h1:BrRVncBjOJa/eUcVVm9CE+oC6as8k+VYr4NY7WCi9V4=
github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s=
github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0=
github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/spf13/pflag v1.0.9 h1:9exaQaMOCwffKiiiYk6/BndUBv+iRViNW+4lEMi0PvY=
github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/spf13/viper v1.10.0/go.mod h1:SoyBPwAtKDzypXNDFKN5kzH7ppppbGZtls1UpIy5AsM=
github.com/spf13/viper v1.20.0 h1:zrxIyR3RQIOsarIrgL8+sAvALXul9jeEPa06Y0Ph6vY=
github.com/spf13/viper v1.20.0/go.mod h1:P9Mdzt1zoHIG8m2eZQinpiBjo6kCmZSKBClNNqjJvu4=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
github.com/sylabs/sif/v2 v2.22.0 h1:Y+xXufp4RdgZe02SR3nWEg7S6q4tPWN237WHYzkDSKA=
github.com/sylabs/sif/v2 v2.22.0/go.mod h1:W1XhWTmG1KcG7j5a3KSYdMcUIFvbs240w/MMVW627hs=
github.com/sylabs/squashfs v1.0.6 h1:PvJcDzxr+vIm2kH56mEMbaOzvGu79gK7P7IX+R7BDZI=
github.com/sylabs/squashfs v1.0.6/go.mod h1:DlDeUawVXLWAsSRa085Eo0ZenGzAB32JdAUFaB0LZfE=
github.com/terminalstatic/go-xsd-validate v0.1.6 h1:TenYeQ3eY631qNi1/cTmLH/s2slHPRKTTHT+XSHkepo=
github.com/terminalstatic/go-xsd-validate v0.1.6/go.mod h1:18lsvYFofBflqCrvo1umpABZ99+GneNTw2kEEc8UPJw=
github.com/therootcompany/xz v1.0.1 h1:CmOtsn1CbtmyYiusbfmhmkpAAETj0wBIH6kCYaX+xzw=
github.com/therootcompany/xz v1.0.1/go.mod h1:3K3UH1yCKgBneZYhuQUvJ9HPD19UEXEI0BWbMn8qNMY=
github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY=
github.com/ulikunitz/xz v0.5.15/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
github.com/vbatts/go-mtree v0.6.0 h1:n4r+Tweta4oH0+zWfv77VmfvWXrO69smspK37xvzgMI=
github.com/vbatts/go-mtree v0.6.0/go.mod h1:W7bcG9PCn6lFY+ljGlZxx9DONkxL3v8a7HyN+PrSrjA=
github.com/vbatts/tar-split v0.12.1 h1:CqKoORW7BUWBe7UL/iqTVvkTBOF8UvOMKOIZykxnnbo=
github.com/vbatts/tar-split v0.12.1/go.mod h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVOpnNdfTMFA=
github.com/vifraa/gopom v1.0.0 h1:L9XlKbyvid8PAIK8nr0lihMApJQg/12OBvMA28BcWh0=
github.com/vifraa/gopom v1.0.0/go.mod h1:oPa1dcrGrtlO37WPDBm5SqHAT+wTgF8An1Q71Z6Vv4o=
github.com/wagoodman/go-partybus v0.0.0-20230516145632-8ccac152c651 h1:jIVmlAFIqV3d+DOxazTR9v+zgj8+VYuQBzPgBZvWBHA=
github.com/wagoodman/go-partybus v0.0.0-20230516145632-8ccac152c651/go.mod h1:b26F2tHLqaoRQf8DywqzVaV1MQ9yvjb0OMcNl7Nxu20=
github.com/wagoodman/go-progress v0.0.0-20230925121702-07e42b3cdba0 h1:0KGbf+0SMg+UFy4e1A/CPVvXn21f1qtWdeJwxZFoQG8=
github.com/wagoodman/go-progress v0.0.0-20230925121702-07e42b3cdba0/go.mod h1:jLXFoL31zFaHKAAyZUh+sxiTDFe1L1ZHrcK2T1itVKA=
github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 h1:nIPpBwaJSVYIxUFsDv3M8ofmx9yWTog9BfvIu0q41lo=
github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos=
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no=
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM=
github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU=
github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
github.com/zclconf/go-cty v1.16.3 h1:osr++gw2T61A8KVYHoQiFbFd1Lh3JOCXc/jFLJXKTxk=
github.com/zclconf/go-cty v1.16.3/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6ZMSMNJFMOjqrGHynW3DIBuR2H9j0ug+Mo=
github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM=
go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
go.etcd.io/etcd/client/pkg/v3 v3.5.1/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
go.etcd.io/etcd/client/v2 v2.305.1/go.mod h1:pMEacxZW7o8pg4CrFE7pquyCJJzZvkvdD2RibOCCCGs=
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 h1:r6I7RJCN86bpD/FQwedZ0vSixDpwuWREjW9oRMsmqDc=
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0/go.mod h1:B9yO6b04uB80CzjedvewuqDhxJxi11s7/GtiGa8bAjI=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 h1:F7Jx+6hwnZ41NSFTO5q4LYDtJRXBf2PD0rNBkeB/lus=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0/go.mod h1:UHB22Z8QsdRDrnAtX4PntOl36ajSxcdUMt1sF7Y6E7Q=
go.opentelemetry.io/otel v1.36.0 h1:UumtzIklRBY6cI/lllNZlALOF5nNIzJVb16APdvgTXg=
go.opentelemetry.io/otel v1.36.0/go.mod h1:/TcFMXYjyRNh8khOAO9ybYkqaDBb/70aVwkNML4pP8E=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 h1:Mne5On7VWdx7omSrSSZvM4Kw7cS7NQkOOmLcgscI51U=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0/go.mod h1:IPtUMKL4O3tH5y+iXVyAXqpAwMuzC1IrxVS81rummfE=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0 h1:wpMfgF8E1rkrT1Z6meFh1NDtownE9Ii3n3X2GJYjsaU=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0/go.mod h1:wAy0T/dUbs468uOlkT31xjvqQgEVXv58BRFWEgn5v/0=
go.opentelemetry.io/otel/metric v1.36.0 h1:MoWPKVhQvJ+eeXWHFBOPoBOi20jh6Iq2CcCREuTYufE=
go.opentelemetry.io/otel/metric v1.36.0/go.mod h1:zC7Ks+yeyJt4xig9DEw9kuUFe5C3zLbVjV2PzT6qzbs=
go.opentelemetry.io/otel/sdk v1.36.0 h1:b6SYIuLRs88ztox4EyrvRti80uXIFy+Sqzoh9kFULbs=
go.opentelemetry.io/otel/sdk v1.36.0/go.mod h1:+lC+mTgD+MUWfjJubi2vvXWcVxyr9rmlshZni72pXeY=
go.opentelemetry.io/otel/sdk/metric v1.36.0 h1:r0ntwwGosWGaa0CrSt8cuNuTcccMXERFwHX4dThiPis=
go.opentelemetry.io/otel/sdk/metric v1.36.0/go.mod h1:qTNOhFDfKRwX0yXOqJYegL5WRaW376QbB7P4Pb0qva4=
go.opentelemetry.io/otel/trace v1.36.0 h1:ahxWNuqZjpdiFAyrIoQ4GIiAIhxAunQR6MUoKrsNd4w=
go.opentelemetry.io/otel/trace v1.36.0/go.mod h1:gQ+OnDZzrybY4k4seLzPAWNwVBBVlF2szhehOBB/tGA=
go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I=
go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM=
go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI=
go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ=
go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
go4.org v0.0.0-20230225012048-214862532bf5 h1:nifaUDeh+rPaBCMPMQHZmvJf+QdpLFnuQPwx+LxVmtc=
go4.org v0.0.0-20230225012048-214862532bf5/go.mod h1:F57wTi5Lrj6WLyswp5EYV1ncrEbFGHD4hhz6S1ZYeaU=
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=
golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b h1:M2rDM6z3Fhozi9O7NWsxAkg/yqS/lQJ6PmkyIV3YP+o=
golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b/go.mod h1:3//PLf8L/X+8b4vuAfHzxeRUl04Adcb341+IGKfnqS8=
golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
golang.org/x/mod v0.28.0 h1:gQBtGhjxykdjY9YhZpSlZIsbnaE2+PgjfLWUQTnoZ1U=
golang.org/x/mod v0.28.0/go.mod h1:yfB/L0NOf/kmEbXjzCPOx1iK1fRutOydrCMsqRhEBxI=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I=
golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220408201424-a24fb2fb8a0f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
golang.org/x/term v0.35.0 h1:bZBVKBudEyhRcajGcNc3jIfWPqV4y/Kt2XcoigOWtDQ=
golang.org/x/term v0.35.0/go.mod h1:TPGtkTLesOwf2DE8CgVYiZinHAOuy5AYUYT1lENIZnA=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk=
golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=
golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/tools v0.37.0 h1:DVSRzp7FwePZW356yEAChSdNcQo6Nsp+fex1SUW09lE=
golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 h1:+cNy6SZtPcJQH3LJVLOSmiC7MMxXNOb3PU/VUEz+EhU=
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90=
google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo=
google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4=
google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw=
google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU=
google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k=
google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI=
google.golang.org/api v0.59.0/go.mod h1:sT2boj7M9YJxZzgeZqXogmhfmRWDtPzT31xkieUbuZU=
google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I=
google.golang.org/api v0.62.0/go.mod h1:dKmwPCydfsad4qCH08MSdgWjfHOyfpd4VtDGgRFdavw=
google.golang.org/api v0.203.0 h1:SrEeuwU3S11Wlscsn+LA1kb/Y5xT8uggJSkIhD08NAU=
google.golang.org/api v0.203.0/go.mod h1:BuOVyCSYEPwJb3npWvDnNmFI92f3GeRnHNkETneT3SI=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A=
google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24=
google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w=
google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
google.golang.org/genproto v0.0.0-20211008145708-270636b82663/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
google.golang.org/genproto v0.0.0-20211028162531-8db9c33dc351/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
google.golang.org/genproto v0.0.0-20211129164237-f09f9a12af12/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
google.golang.org/genproto v0.0.0-20211203200212-54befc351ae9/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD4Q5w+vfEnPvPpuTwedCNVohYJfNk=
google.golang.org/genproto v0.0.0-20241118233622-e639e219e697/go.mod h1:JJrvXBWRZaFMxBufik1a4RpFw4HhgVtBBWQeQgUj2cc=
google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f h1:M65LEviCfuZTfrfzwwEoxVtgvfkFkBUbFnRbxCXuXhU=
google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f/go.mod h1:Yo94eF2nj7igQt+TiJ49KxjIH8ndLYPZMIRSiRcEbg0=
google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8 h1:TqExAhdPaB60Ux47Cn0oLV07rGnxZzIsaRhQaqS666A=
google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8/go.mod h1:lcTa1sDdWEIHMWlITnIczmw5w60CF9ffkb8Z+DVmmjA=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
google.golang.org/grpc v1.67.3 h1:OgPcDAFKHnH8X3O4WcO4XUc8GRDeKsKReqbQtiCj7N8=
google.golang.org/grpc v1.67.3/go.mod h1:YGaHCc6Oap+FzBJTZLBzkGSYt/cvGPFTPxkn7QfSU8s=
google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
modernc.org/cc/v4 v4.26.2 h1:991HMkLjJzYBIfha6ECZdjrIYz2/1ayr+FL8GN+CNzM=
modernc.org/cc/v4 v4.26.2/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
modernc.org/ccgo/v4 v4.28.0 h1:rjznn6WWehKq7dG4JtLRKxb52Ecv8OUGah8+Z/SfpNU=
modernc.org/ccgo/v4 v4.28.0/go.mod h1:JygV3+9AV6SmPhDasu4JgquwU81XAKLd3OKTUDNOiKE=
modernc.org/fileutil v1.3.8 h1:qtzNm7ED75pd1C7WgAGcK4edm4fvhtBsEiI/0NQ54YM=
modernc.org/fileutil v1.3.8/go.mod h1:HxmghZSZVAz/LXcMNwZPA/DRrQZEVP9VX0V4LQGQFOc=
modernc.org/gc/v2 v2.6.5 h1:nyqdV8q46KvTpZlsw66kWqwXRHdjIlJOhG6kxiV/9xI=
modernc.org/gc/v2 v2.6.5/go.mod h1:YgIahr1ypgfe7chRuJi2gD7DBQiKSLMPgBQe9oIiito=
modernc.org/goabi0 v0.2.0 h1:HvEowk7LxcPd0eq6mVOAEMai46V+i7Jrj13t4AzuNks=
modernc.org/goabi0 v0.2.0/go.mod h1:CEFRnnJhKvWT1c1JTI3Avm+tgOWbkOu5oPA8eH8LnMI=
modernc.org/libc v1.66.3 h1:cfCbjTUcdsKyyZZfEUKfoHcP3S0Wkvz3jgSzByEWVCQ=
modernc.org/libc v1.66.3/go.mod h1:XD9zO8kt59cANKvHPXpx7yS2ELPheAey0vjIuZOhOU8=
modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU=
modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg=
modernc.org/memory v1.11.0 h1:o4QC8aMQzmcwCK3t3Ux/ZHmwFPzE6hf2Y5LbkRs+hbI=
modernc.org/memory v1.11.0/go.mod h1:/JP4VbVC+K5sU2wZi9bHoq2MAkCnrt2r98UGeSK7Mjw=
modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8=
modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
modernc.org/sqlite v1.39.0 h1:6bwu9Ooim0yVYA7IZn9demiQk/Ejp0BtTjBWFLymSeY=
modernc.org/sqlite v1.39.0/go.mod h1:cPTJYSlgg3Sfg046yBShXENNtPrWrDX8bsbAQBzgQ5E=
modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
0707010000003C000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000001200000000grant-0.3.2/grant0707010000003D000081A400000000000000000000000168CB9D63000042D0000000000000000000000000000000000000001A00000000grant-0.3.2/grant/case.gopackage grant
import (
"bytes"
"context"
"fmt"
"io"
golog "log"
"os"
"path/filepath"
"strings"
"sync"
"github.com/google/licenseclassifier/v2/tools/identify_license/backend"
"github.com/google/licenseclassifier/v2/tools/identify_license/results"
_ "modernc.org/sqlite" // sqlite used for rpmDB compatibility in syft
"github.com/anchore/go-collections"
"github.com/anchore/grant/internal/licensepatterns"
"github.com/anchore/grant/internal/log"
"github.com/anchore/grant/internal/spdxlicense"
"github.com/anchore/grant/internal/stdinbuffer"
"github.com/anchore/stereoscope"
"github.com/anchore/syft/syft"
"github.com/anchore/syft/syft/cataloging"
"github.com/anchore/syft/syft/cataloging/pkgcataloging"
"github.com/anchore/syft/syft/format"
"github.com/anchore/syft/syft/pkg/cataloger/golang"
"github.com/anchore/syft/syft/pkg/cataloger/java"
"github.com/anchore/syft/syft/pkg/cataloger/javascript"
"github.com/anchore/syft/syft/sbom"
"github.com/anchore/syft/syft/source"
"github.com/anchore/syft/syft/source/sourceproviders"
)
// Case is a collection of SBOMs and Licenses up for evaluation
type Case struct {
// SBOMS is a list of SBOMs that were generated for the user input
SBOMS []sbom.SBOM
// Licenses is a list of licenses that were generated for the user input
// Note: since SBOMs are package centric this contains licenses that appeared
// during grants file system scan that could not be associated to a package.
// these can be disabled with the --disable-file-search flag
Licenses []License
}
// TODO: we need to review this empty config being passed; default is better than empty
func NewCases(userInputs ...string) []Case {
return NewCasesWithConfig(CaseConfig{}, userInputs...)
}
func NewCasesWithConfig(config CaseConfig, userInputs ...string) []Case {
cases := make([]Case, 0)
ch, err := NewCaseHandlerWithConfig(config)
if err != nil {
log.Errorf("unable to create case handler: %+v", err)
return cases
}
defer ch.Close()
for _, userInput := range userInputs {
c, err := ch.determineRequestCase(userInput)
if err != nil {
log.Errorf("unable to determine case for %s: %+v", userInput, err)
continue
}
cases = append(cases, c)
}
return cases
}
type Pair struct {
License License
Package *Package
}
func (c Case) GetLicenses() (map[string][]*Package, map[string]License, []Package) {
licensePackages := make(map[string][]*Package)
licenses := make(map[string]License)
packagesNoLicenses := make([]Package, 0)
for _, sb := range c.SBOMS {
for pkg := range sb.Artifacts.Packages.Enumerate() {
grantPkg := ConvertSyftPackage(pkg)
// TODO: how do we express packages without licenses in list
if len(grantPkg.Licenses) == 0 {
packagesNoLicenses = append(packagesNoLicenses, *grantPkg)
continue
}
buildLicenseMaps(licensePackages, licenses, grantPkg)
}
}
return licensePackages, licenses, packagesNoLicenses
}
func buildLicenseMaps(licensePackages map[string][]*Package, licenses map[string]License, pkg *Package) {
for _, license := range pkg.Licenses {
if license.IsSPDX() {
if _, ok := licenses[license.SPDXExpression]; !ok {
licenses[license.SPDXExpression] = license
}
if _, ok := licensePackages[license.SPDXExpression]; !ok {
licensePackages[license.SPDXExpression] = make([]*Package, 0)
}
licensePackages[license.SPDXExpression] = append(licensePackages[license.SPDXExpression], pkg)
continue
}
// NonSPDX License
if _, ok := licenses[license.Name]; !ok {
licenses[license.Name] = license
}
if _, ok := licensePackages[license.Name]; !ok {
licensePackages[license.Name] = make([]*Package, 0)
}
licensePackages[license.Name] = append(licensePackages[license.Name], pkg)
}
}
// TODO: we definitely only want ONE backend for all of Grant
type CaseHandler struct {
Backend *backend.ClassifierBackend
Config CaseConfig
backendMutex sync.Mutex
}
type CaseConfig struct {
// DisableFileSearch when true, skips license file search and only generates SBOM
DisableFileSearch bool
}
func NewCaseHandler() (*CaseHandler, error) {
return NewCaseHandlerWithConfig(CaseConfig{})
}
func NewCaseHandlerWithConfig(config CaseConfig) (*CaseHandler, error) {
be, err := backend.New()
if err != nil {
return &CaseHandler{}, err
}
return &CaseHandler{
Backend: be,
Config: config,
}, nil
}
func (ch *CaseHandler) Close() {
ch.Backend.Close()
}
// A valid userRequest can be:
// - a container image -> (ubuntu:latest)
// - a path to an SBOM file -> startup.cdx.json
// - a path to a license -> file:MIT
// - a path to an archive -> licenses.zip
// - a path to a directory (which contains any of the above) -> dir:./licenses
func (ch *CaseHandler) determineRequestCase(userRequest string) (c Case, err error) {
switch {
case isStdin(userRequest):
return handleStdin()
case isFile(userRequest):
return ch.handleFile(userRequest)
case isDirectory(userRequest):
return ch.handleDir(userRequest)
default:
return ch.handleContainer(userRequest)
}
}
func handleStdin() (c Case, err error) {
var stdReader io.ReadSeeker
// First check if there's data in the shared buffer (from grant JSON check)
if stdinbuffer.HasData() {
stdReader = stdinbuffer.Get()
if stdReader == nil {
return c, fmt.Errorf("failed to retrieve buffered stdin data")
}
} else {
// No buffered data, try to read stdin directly
stdReader, err = decodeStdin(os.Stdin)
if err != nil {
return c, err
}
}
// Use format.Decode directly to handle all SBOM formats including syft JSON
sb, formatID, _, err := format.Decode(stdReader)
if err != nil {
log.Debugf("error decoding stdin: %+v", err)
return c, fmt.Errorf("unable to determine SBOM or licenses for stdin: %w", err)
}
if sb != nil {
log.Debugf("decoded SBOM from stdin with format: %s, packages: %d", formatID, len(sb.Artifacts.Packages.Sorted()))
return Case{
SBOMS: []sbom.SBOM{*sb},
Licenses: make([]License, 0),
}, nil
}
return c, fmt.Errorf("unable to determine SBOM or licenses for stdin")
}
func decodeStdin(r io.Reader) (io.ReadSeeker, error) {
b, err := io.ReadAll(r)
if err != nil {
return nil, fmt.Errorf("failed reading stdin: %w", err)
}
reader := bytes.NewReader(b)
_, err = reader.Seek(0, io.SeekStart)
if err != nil {
return nil, fmt.Errorf("failed to parse stdin: %w", err)
}
return reader, nil
}
func (ch *CaseHandler) handleFile(path string) (c Case, err error) {
// let's see if it's an archive (isArchive)
if isArchive(path) {
sb, err := ch.generateSyftSBOMWithBackend(path)
if err != nil {
// We bail here since we can't generate an SBOM for the archive
return c, err
}
// if there are licenses in the archive, syft should be enhanced to include them in the SBOM
// this overlap is a little weird, but grant should be able to take license files as input
return Case{
SBOMS: []sbom.SBOM{sb},
Licenses: make([]License, 0),
}, nil
}
// let's see if it's an SBOM
sbomBytes, err := getReadSeeker(path)
if err != nil {
// We bail here since we can't get a reader for the file
return c, err
}
// Use format.Decode directly to handle all SBOM formats including syft JSON
sb, _, _, err := format.Decode(sbomBytes)
if err != nil {
log.Debugf("unable to determine SBOM or licenses for %s: %+v", path, err)
// we want to log the debug output, but we don't want to return yet
}
if sb != nil {
return Case{
SBOMS: []sbom.SBOM{*sb},
Licenses: make([]License, 0),
}, nil
}
licenses, err := ch.handleLicenseFile(path)
if err != nil {
return c, fmt.Errorf("unable to determine SBOM or licenses for %s: %w", path, err)
}
return Case{
SBOMS: make([]sbom.SBOM, 0),
Licenses: licenses,
}, nil
}
func (ch *CaseHandler) handleLicenseFile(path string) ([]License, error) {
// alright we couldn't get an SBOM, let's see if the bytes are just a LICENSE (google license classifier)
// google license classifier is noisy, so we'll silence it for now
golog.SetOutput(io.Discard)
ch.backendMutex.Lock()
errs := ch.Backend.ClassifyLicensesWithContext(
context.Background(),
1000,
[]string{path},
false,
)
if errs != nil {
ch.backendMutex.Unlock()
for _, err := range errs {
log.Errorf("unable to classify license: %+v", err)
}
return nil, fmt.Errorf("unable to classify license: %+v", errs)
}
classifierResults := ch.Backend.GetResults()
ch.backendMutex.Unlock()
// re-enable logging for the rest of the application
golog.SetOutput(os.Stdout)
if len(classifierResults) == 0 {
return nil, fmt.Errorf("no classifierResults from license classifier")
}
licenses := grantLicenseFromClassifierResults(classifierResults)
return licenses, nil
}
func (ch *CaseHandler) handleDir(root string) (c Case, err error) {
dirCase := Case{
SBOMS: make([]sbom.SBOM, 0),
Licenses: make([]License, 0),
}
var wg sync.WaitGroup
var sbomErr error
var licenseErr error
var foundLicenses []License
// Concurrently generate SBOM with shared license classifier backend
wg.Add(1)
go func() {
defer wg.Done()
sb, err := ch.generateSyftSBOMWithBackend(root)
if err != nil {
log.Debugf("unable to generate SBOM for source %s: %+v", root, err)
sbomErr = err
return
}
dirCase.SBOMS = append(dirCase.SBOMS, sb)
}()
// Concurrently search for license files (unless DisableFileSearch is set)
if !ch.Config.DisableFileSearch {
wg.Add(1)
go func() {
defer wg.Done()
licenses, err := ch.searchLicenseFiles(root)
if err != nil {
licenseErr = err
return
}
foundLicenses = licenses
}()
}
wg.Wait()
// Add found licenses to the case
if len(foundLicenses) > 0 {
dirCase.Licenses = append(dirCase.Licenses, foundLicenses...)
}
// If both SBOM generation failed and no licenses were found, return an error
if sbomErr != nil && len(dirCase.Licenses) == 0 && len(dirCase.SBOMS) == 0 {
if licenseErr != nil {
return dirCase, fmt.Errorf("unable to generate SBOM or find licenses for %s: SBOM error: %w, License error: %v", root, sbomErr, licenseErr)
}
return dirCase, fmt.Errorf("unable to generate SBOM or find licenses for %s: %w", root, sbomErr)
}
return dirCase, nil
}
// Common directories that typically don't contain relevant license files
var skipDirectories = map[string]bool{
".git": true,
".svn": true,
".hg": true,
".bzr": true,
"vendor": true,
".idea": true,
".vscode": true,
"build": true,
"dist": true,
"target": true,
"bin": true,
"obj": true,
".gradle": true,
".mvn": true,
"__pycache__": true,
".pytest_cache": true,
".mypy_cache": true,
".tox": true,
".coverage": true,
".cache": true,
"tmp": true,
"temp": true,
}
// searchLicenseFiles searches for license files recursively in the given directory
func (ch *CaseHandler) searchLicenseFiles(root string) ([]License, error) {
patterns := licensepatterns.Patterns
visited := make(map[string]bool)
var foundLicenses []License
// check all directories in scan target for potential licenses
err := filepath.WalkDir(root, func(path string, d os.DirEntry, err error) error {
if err != nil {
return nil // Continue walking even if there's an error with a specific directory
}
if d.IsDir() {
dirName := d.Name()
if skipDirectories[dirName] {
return filepath.SkipDir
}
return nil
}
// skip if we've already processed this file
if visited[path] {
return nil
}
// look for file in license patterns
filename := filepath.Base(path)
for _, pattern := range patterns {
matched, err := filepath.Match(pattern, filename)
if err != nil {
continue
}
if matched {
visited[path] = true
licenses, err := ch.handleLicenseFile(path)
if err != nil {
continue
}
if len(licenses) > 0 {
foundLicenses = append(foundLicenses, licenses...)
}
break // Found a match, no need to check other patterns for this file
}
}
return nil
})
if err != nil {
return foundLicenses, err
}
return foundLicenses, nil
}
func (ch *CaseHandler) handleContainer(image string) (c Case, err error) {
sb, err := ch.generateSyftSBOMWithBackend(image)
if err != nil {
// We bail here since we can't generate an SBOM for the image
return c, err
}
return Case{
SBOMS: []sbom.SBOM{sb},
Licenses: make([]License, 0),
}, nil
}
func getReadSeeker(path string) (io.ReadSeeker, error) {
file, err := os.Open(filepath.Clean(path))
if err != nil {
return nil, fmt.Errorf("unable to open file: %w", err)
}
return file, nil
}
func grantLicenseFromClassifierResults(r results.LicenseTypes) []License {
licenses := make([]License, 0)
for _, license := range r {
// TODO: sometimes the license classifier gives us more information than just the name.
// How do we want to handle this or include it in the grant.License?
if license.MatchType == "License" {
spdxLicense, err := spdxlicense.GetLicenseByID(license.Name)
if err != nil {
licenses = append(licenses, License{
LicenseID: license.Name,
Name: license.Name,
})
} else {
licenses = append(licenses, License{
SPDXExpression: spdxLicense.LicenseID,
Reference: spdxLicense.Reference,
IsDeprecatedLicenseID: spdxLicense.IsDeprecatedLicenseID,
DetailsURL: spdxLicense.DetailsURL,
ReferenceNumber: spdxLicense.ReferenceNumber,
LicenseID: spdxLicense.LicenseID,
SeeAlso: spdxLicense.SeeAlso,
IsOsiApproved: spdxLicense.IsOsiApproved,
})
}
}
}
return licenses
}
// generateSyftSBOMWithBackend generates a syft SBOM using the CaseHandler's shared license classifier backend
func (ch *CaseHandler) generateSyftSBOMWithBackend(userInput string) (sb sbom.SBOM, err error) {
src, err := getSource(userInput)
if err != nil {
return sb, err
}
sb = ch.getSBOMWithSharedBackend(src)
return sb, nil
}
func getSource(userInput string) (source.Source, error) {
allSourceTags := collections.TaggedValueSet[source.Provider]{}.Join(sourceproviders.All("", nil)...).Tags()
var sources []string
schemeSource, newUserInput := stereoscope.ExtractSchemeSource(userInput, allSourceTags...)
if schemeSource != "" {
sources = []string{schemeSource}
userInput = newUserInput
}
return syft.GetSource(context.Background(), userInput, syft.DefaultGetSourceConfig().WithSources(sources...))
}
// getSBOMWithSharedBackend creates an SBOM with the same configuration as getSBOM
// The goal is consistency, not necessarily backend sharing at this point
func (ch *CaseHandler) getSBOMWithSharedBackend(src source.Source) sbom.SBOM {
// For now, use the same configuration as getSBOM to ensure consistency
// TODO: Investigate syft's license configuration API to enable comprehensive license detection
return getSBOM(src)
}
func getSBOM(src source.Source) sbom.SBOM {
createSBOMConfig := syft.DefaultCreateSBOMConfig()
// Configure cataloger selection to disable go-module-binary-cataloger
// This cataloger does not play nice with license analysis for golang
catalogerSelection := cataloging.NewSelectionRequest().
WithDefaults().
WithRemovals("go-module-binary-cataloger")
// Configure license scanning with proper settings
licenseConfig := cataloging.DefaultLicenseConfig()
licenseConfig.Coverage = 0.75 // Set a reasonable coverage threshold for license matching
createSBOMConfig.
WithCatalogerSelection(catalogerSelection).
WithLicenseConfig(licenseConfig).
WithPackagesConfig(
pkgcataloging.DefaultConfig().
WithJavaArchiveConfig(java.DefaultArchiveCatalogerConfig().WithUseNetwork(false)).
WithJavascriptConfig(javascript.DefaultCatalogerConfig().WithSearchRemoteLicenses(false)).
WithGolangConfig(golang.DefaultCatalogerConfig().
WithSearchLocalModCacheLicenses(false).
WithSearchRemoteLicenses(false).
WithLocalModCacheDir(""))) // Empty string uses default location
s, err := syft.CreateSBOM(context.Background(), src, createSBOMConfig)
if err != nil {
panic(err)
}
return *s
}
func isDirectory(path string) bool {
fileInfo, err := os.Stat(path)
if err != nil {
// log.Errorf("unable to stat directory %s: %+v", path, err)
return false
}
return fileInfo.IsDir()
}
func isArchive(path string) bool {
extension := filepath.Ext(path)
archiveExtensions := []string{".zip", ".tar", ".gz", ".rar", ".7z"}
for _, archiveExtension := range archiveExtensions {
if strings.EqualFold(extension, archiveExtension) {
return true
}
}
return false
}
func isFile(path string) bool {
fileInfo, err := os.Stat(path)
if err != nil {
// log.Errorf("unable to stat file %s: %+v", path, err)
return false
}
return !fileInfo.IsDir()
}
// this is appended to the list of user requests if the user provides stdin
// and doesn't provide a "-" in the list of user requests
func isStdin(path string) bool {
return strings.EqualFold(path, "-")
}
0707010000003E000081A400000000000000000000000168CB9D6300001C87000000000000000000000000000000000000001F00000000grant-0.3.2/grant/case_test.gopackage grant
import (
"fmt"
"os"
"path/filepath"
"testing"
"time"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
_ "modernc.org/sqlite"
)
func readTestLicense(t *testing.T, filename string) string {
t.Helper()
content, err := os.ReadFile(filepath.Join("testdata", filename))
require.NoError(t, err, "Failed to read test license file: %s", filename)
return string(content)
}
func TestHandleDir_SBOMLicenseScan(t *testing.T) {
tests := []struct {
name string
setupFunc func(t *testing.T) string
expectedResult func(t *testing.T, result Case)
}{
{
name: "scans license files when SBOM fails",
setupFunc: func(t *testing.T) string {
tempDir := t.TempDir()
// Create license files at root with actual license content
mitLicense := readTestLicense(t, "mit-license-short.txt")
require.NoError(t, os.WriteFile(filepath.Join(tempDir, "LICENSE"), []byte(mitLicense), 0644))
require.NoError(t, os.WriteFile(filepath.Join(tempDir, "random.txt"), []byte("not a package file"), 0644))
return tempDir
},
expectedResult: func(t *testing.T, result Case) {
if len(result.SBOMS) == 0 {
assert.GreaterOrEqual(t, len(result.Licenses), 1, "Should find the LICENSE file")
}
},
},
{
name: "finds all license files including nested ones",
setupFunc: func(t *testing.T) string {
tempDir := t.TempDir()
mitLicense := readTestLicense(t, "mit-license.txt")
apacheLicense := readTestLicense(t, "apache-license.txt")
gplLicense := readTestLicense(t, "gpl-license.txt")
require.NoError(t, os.WriteFile(filepath.Join(tempDir, "LICENSE"), []byte(mitLicense), 0644))
require.NoError(t, os.WriteFile(filepath.Join(tempDir, "LICENSE.md"), []byte(apacheLicense), 0644))
require.NoError(t, os.WriteFile(filepath.Join(tempDir, "COPYING"), []byte(gplLicense), 0644))
nestedDir := filepath.Join(tempDir, "node_modules", "package1", "subpackage")
require.NoError(t, os.MkdirAll(nestedDir, 0755))
require.NoError(t, os.WriteFile(filepath.Join(tempDir, "node_modules", "LICENSE"), []byte(mitLicense), 0644))
require.NoError(t, os.WriteFile(filepath.Join(nestedDir, "LICENSE"), []byte(apacheLicense), 0644))
require.NoError(t, os.WriteFile(filepath.Join(nestedDir, "COPYING"), []byte(gplLicense), 0644))
// Create many non-license files that should be ignored
for i := range 100 {
filename := filepath.Join(nestedDir, fmt.Sprintf("file%d.js", i))
require.NoError(t, os.WriteFile(filename, []byte("console.log('test');"), 0644))
}
return tempDir
},
expectedResult: func(t *testing.T, result Case) {
// Debug: log what we actually found
t.Logf("Found %d SBOMs and %d licenses", len(result.SBOMS), len(result.Licenses))
// Should find all license files (6 total: 3 root + 3 nested)
totalExpectedLicenses := 6
if len(result.SBOMS) > 0 {
// If SBOM was generated, licenses might be found through SBOM
t.Logf("SBOM generated, checking for licenses...")
assert.GreaterOrEqual(t, len(result.Licenses), 1, "Should find licenses through SBOM or direct scan")
} else {
// If no SBOM, should find all license files through direct scan
t.Logf("No SBOM generated, should find all %d license files", totalExpectedLicenses)
assert.GreaterOrEqual(t, len(result.Licenses), totalExpectedLicenses, "Should find all license files including nested ones")
}
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
testDir := tt.setupFunc(t)
ch, err := NewCaseHandler()
require.NoError(t, err)
defer ch.Close()
result, err := ch.handleDir(testDir)
require.NoError(t, err)
tt.expectedResult(t, result)
})
}
}
func TestHandleDir_PerformanceWithManyFiles(t *testing.T) {
if testing.Short() {
t.Skip("Skipping performance test in short mode")
}
tempDir := t.TempDir()
// Create a large directory structure similar to node_modules
for i := 0; i < 100; i++ {
pkgDir := filepath.Join(tempDir, "node_modules", fmt.Sprintf("package%d", i))
require.NoError(t, os.MkdirAll(pkgDir, 0755))
// Create 10 files in each package
for j := 0; j < 10; j++ {
filename := filepath.Join(pkgDir, fmt.Sprintf("file%d.js", j))
require.NoError(t, os.WriteFile(filename, []byte("test content"), 0644))
}
// Add a license file in nested directory (should be found by SBOM but not direct scan)
require.NoError(t, os.WriteFile(filepath.Join(pkgDir, "LICENSE"), []byte("nested license"), 0644))
}
// Add root license
mitLicense := readTestLicense(t, "mit-license-short.txt")
require.NoError(t, os.WriteFile(filepath.Join(tempDir, "LICENSE"), []byte(mitLicense), 0644))
ch, err := NewCaseHandler()
require.NoError(t, err)
defer ch.Close()
// Measure time taken
start := time.Now()
result, err := ch.handleDir(tempDir)
duration := time.Since(start)
require.NoError(t, err)
// Should complete reasonably quickly
assert.Less(t, duration, 30*time.Second, "Should complete within 30 seconds even with 1000+ files")
// The new implementation should create an SBOM for the whole directory
// or find just root licenses if SBOM fails
t.Logf("Found %d SBOMs and %d licenses in %v", len(result.SBOMS), len(result.Licenses), duration)
}
func TestHandleDir_DisableFileSearchConfig(t *testing.T) {
tempDir := t.TempDir()
// Create license files with full license text that should be detected
mitLicense := readTestLicense(t, "mit-license.txt")
apacheLicense := readTestLicense(t, "apache-license.txt")
testFiles := []struct {
name string
content string
}{
{"LICENSE", mitLicense},
{"APACHE-2.0", apacheLicense},
}
for _, tf := range testFiles {
require.NoError(t, os.WriteFile(filepath.Join(tempDir, tf.name), []byte(tf.content), 0644))
}
// Test directory without package files to ensure SBOM generation might fail
// but license detection still works
// Test with DisableFileSearch = true
ch, err := NewCaseHandlerWithConfig(CaseConfig{DisableFileSearch: true})
require.NoError(t, err)
defer ch.Close()
result, err := ch.handleDir(tempDir)
require.NoError(t, err)
// Should not find licenses when DisableFileSearch is true
t.Logf("With DisableFileSearch=true: Found %d SBOMs and %d licenses", len(result.SBOMS), len(result.Licenses))
assert.Equal(t, 0, len(result.Licenses), "Should not find licenses when DisableFileSearch is true")
// Test with DisableFileSearch = false (default)
ch2, err := NewCaseHandler()
require.NoError(t, err)
defer ch2.Close()
result2, err := ch2.handleDir(tempDir)
require.NoError(t, err)
// Should find licenses when DisableFileSearch is false
t.Logf("With DisableFileSearch=false: Found %d SBOMs and %d licenses", len(result2.SBOMS), len(result2.Licenses))
assert.GreaterOrEqual(t, len(result2.Licenses), 1, "Should find licenses when DisableFileSearch is false")
// Verify we actually detected licenses and log what we found
for _, license := range result2.Licenses {
t.Logf("Found license: %s (ID: %s)", license.Name, license.LicenseID)
}
// Just verify that licenses were found - the specific type detection depends on the classifier
assert.True(t, len(result2.Licenses) > 0, "Should detect licenses when DisableFileSearch is false")
}
0707010000003F000081A400000000000000000000000168CB9D6300001A6C000000000000000000000000000000000000002000000000grant-0.3.2/grant/evaluation.gopackage grant
import (
"fmt"
)
// EvaluationResult represents the result of evaluating a Case against a Policy
type EvaluationResult struct {
// AllowedPackages are packages that passed the policy evaluation
AllowedPackages []PackageResult `json:"allowed_packages"`
// DeniedPackages are packages that failed the policy evaluation
DeniedPackages []PackageResult `json:"denied_packages"`
// IgnoredPackages are packages that were ignored per policy
IgnoredPackages []PackageResult `json:"ignored_packages"`
// Summary provides high-level statistics
Summary EvaluationSummary `json:"summary"`
}
// PackageResult represents the evaluation result for a single package
type PackageResult struct {
Package Package `json:"package"`
// AllowedLicenses are licenses that passed policy evaluation
AllowedLicenses []License `json:"allowed_licenses,omitempty"`
// DeniedLicenses are licenses that failed policy evaluation
DeniedLicenses []License `json:"denied_licenses,omitempty"`
// Reason explains why the package was allowed/denied/ignored
Reason string `json:"reason"`
}
// EvaluationSummary provides high-level statistics about the evaluation
type EvaluationSummary struct {
TotalPackages int `json:"total_packages"`
AllowedPackages int `json:"allowed_packages"`
DeniedPackages int `json:"denied_packages"`
IgnoredPackages int `json:"ignored_packages"`
}
// Evaluate evaluates a Case against a Policy and returns the result
func (c *Case) Evaluate(policy *Policy) (*EvaluationResult, error) {
if policy == nil {
return nil, fmt.Errorf("policy cannot be nil")
}
result := &EvaluationResult{
AllowedPackages: make([]PackageResult, 0),
DeniedPackages: make([]PackageResult, 0),
IgnoredPackages: make([]PackageResult, 0),
}
// Get all licenses and packages from the case
licensePackages, _, packagesNoLicenses := c.GetLicenses()
// Collect all unique packages with licenses (avoid duplicates while preserving order)
seenPackages := make(map[string]bool)
var uniquePackages []*Package
for _, packages := range licensePackages {
for _, pkg := range packages {
if !seenPackages[pkg.Name] {
seenPackages[pkg.Name] = true
uniquePackages = append(uniquePackages, pkg)
}
}
}
// Evaluate packages with licenses
for _, pkg := range uniquePackages {
packageResult := c.evaluatePackage(pkg, policy)
c.categorizePackageResult(&packageResult, result)
}
// Evaluate packages without licenses (these are typically denied unless ignored)
for _, pkg := range packagesNoLicenses {
packageResult := c.evaluatePackageNoLicense(&pkg, policy)
c.categorizePackageResult(&packageResult, result)
}
// Calculate summary
result.Summary = EvaluationSummary{
TotalPackages: len(result.AllowedPackages) + len(result.DeniedPackages) + len(result.IgnoredPackages),
AllowedPackages: len(result.AllowedPackages),
DeniedPackages: len(result.DeniedPackages),
IgnoredPackages: len(result.IgnoredPackages),
}
return result, nil
}
// evaluatePackage evaluates a single package with licenses against the policy
func (c *Case) evaluatePackage(pkg *Package, policy *Policy) PackageResult {
// Check if package should be ignored
if policy.IsPackageIgnored(pkg.Name) {
return PackageResult{
Package: *pkg,
Reason: "package ignored per policy",
}
}
// Categorize licenses
var allowedLicenses []License
var deniedLicenses []License
var unknownLicenses []License
for _, license := range pkg.Licenses {
licenseStr := license.String()
// Check if RequireKnownLicense is enabled and license is not SPDX
switch {
case policy.RequireKnownLicense && !license.IsSPDX():
unknownLicenses = append(unknownLicenses, license)
deniedLicenses = append(deniedLicenses, license)
case policy.IsLicensePermitted(licenseStr):
allowedLicenses = append(allowedLicenses, license)
default:
deniedLicenses = append(deniedLicenses, license)
}
}
// Determine overall package result
switch {
case len(unknownLicenses) > 0:
// If any license is unknown and RequireKnownLicense is true
return PackageResult{
Package: *pkg,
AllowedLicenses: allowedLicenses,
DeniedLicenses: deniedLicenses,
Reason: fmt.Sprintf("package denied due to %d unknown licenses", len(unknownLicenses)),
}
case len(deniedLicenses) > 0:
// If any license is denied, the whole package is denied
return PackageResult{
Package: *pkg,
AllowedLicenses: allowedLicenses,
DeniedLicenses: deniedLicenses,
Reason: fmt.Sprintf("package denied due to %d denied licenses", len(deniedLicenses)),
}
case len(allowedLicenses) > 0:
// All licenses are allowed
return PackageResult{
Package: *pkg,
AllowedLicenses: allowedLicenses,
Reason: "all licenses allowed",
}
default:
// No licenses found (shouldn't happen in this path, but just in case)
return PackageResult{
Package: *pkg,
Reason: "no licenses found",
}
}
}
// evaluatePackageNoLicense evaluates a package that has no licenses
func (c *Case) evaluatePackageNoLicense(pkg *Package, policy *Policy) PackageResult {
// Check if package should be ignored
if policy.IsPackageIgnored(pkg.Name) {
return PackageResult{
Package: *pkg,
Reason: "package ignored per policy",
}
}
// Check if RequireLicense is enabled
if policy.RequireLicense {
// Deny packages without licenses when RequireLicense is true
return PackageResult{
Package: *pkg,
Reason: "package denied - no licenses found",
}
}
// Allow packages without licenses when RequireLicense is false
return PackageResult{
Package: *pkg,
Reason: "package allowed - no license requirement",
}
}
// categorizePackageResult adds the package result to the appropriate category
func (c *Case) categorizePackageResult(packageResult *PackageResult, result *EvaluationResult) {
switch {
case packageResult.Reason == "package ignored per policy":
result.IgnoredPackages = append(result.IgnoredPackages, *packageResult)
case len(packageResult.DeniedLicenses) > 0 || packageResult.Reason == "package denied - no licenses found":
result.DeniedPackages = append(result.DeniedPackages, *packageResult)
case packageResult.Reason == "package allowed - no license requirement":
result.AllowedPackages = append(result.AllowedPackages, *packageResult)
default:
result.AllowedPackages = append(result.AllowedPackages, *packageResult)
}
}
// HasDeniedPackages returns true if there are any denied packages
func (r *EvaluationResult) HasDeniedPackages() bool {
return len(r.DeniedPackages) > 0
}
// IsCompliant returns true if all packages are either allowed or ignored (none denied)
func (r *EvaluationResult) IsCompliant() bool {
return len(r.DeniedPackages) == 0
}
07070100000040000081A400000000000000000000000168CB9D6300002E69000000000000000000000000000000000000002500000000grant-0.3.2/grant/evaluation_test.gopackage grant
import (
"testing"
"github.com/anchore/syft/syft/pkg"
"github.com/anchore/syft/syft/sbom"
"github.com/anchore/syft/syft/source"
)
func TestCase_Evaluate(t *testing.T) {
tests := []struct {
name string
packages []Package
policy *Policy
expectedResult EvaluationResult
wantErr bool
}{
{
name: "all packages allowed",
packages: []Package{
{Name: "package1", Licenses: []License{{SPDXExpression: "MIT"}}},
{Name: "package2", Licenses: []License{{SPDXExpression: "Apache-2.0"}}},
},
policy: &Policy{
Allow: []string{"MIT", "Apache-2.0"},
},
expectedResult: EvaluationResult{
AllowedPackages: []PackageResult{
{
Package: Package{Name: "package1", Licenses: []License{{SPDXExpression: "MIT"}}},
AllowedLicenses: []License{{SPDXExpression: "MIT"}},
Reason: "all licenses allowed",
},
{
Package: Package{Name: "package2", Licenses: []License{{SPDXExpression: "Apache-2.0"}}},
AllowedLicenses: []License{{SPDXExpression: "Apache-2.0"}},
Reason: "all licenses allowed",
},
},
DeniedPackages: []PackageResult{},
IgnoredPackages: []PackageResult{},
Summary: EvaluationSummary{
TotalPackages: 2,
AllowedPackages: 2,
DeniedPackages: 0,
IgnoredPackages: 0,
},
},
},
{
name: "mixed allowed and denied packages",
packages: []Package{
{Name: "good-package", Licenses: []License{{SPDXExpression: "MIT"}}},
{Name: "bad-package", Licenses: []License{{SPDXExpression: "GPL-3.0"}}},
},
policy: &Policy{
Allow: []string{"MIT", "Apache-2.0"},
},
expectedResult: EvaluationResult{
AllowedPackages: []PackageResult{
{
Package: Package{Name: "good-package", Licenses: []License{{SPDXExpression: "MIT"}}},
AllowedLicenses: []License{{SPDXExpression: "MIT"}},
Reason: "all licenses allowed",
},
},
DeniedPackages: []PackageResult{
{
Package: Package{Name: "bad-package", Licenses: []License{{SPDXExpression: "GPL-3.0"}}},
DeniedLicenses: []License{{SPDXExpression: "GPL-3.0"}},
Reason: "package denied due to 1 denied licenses",
},
},
IgnoredPackages: []PackageResult{},
Summary: EvaluationSummary{
TotalPackages: 2,
AllowedPackages: 1,
DeniedPackages: 1,
IgnoredPackages: 0,
},
},
},
{
name: "packages with no licenses denied",
packages: []Package{
{Name: "no-license-package", Licenses: []License{}},
{Name: "good-package", Licenses: []License{{SPDXExpression: "MIT"}}},
},
policy: &Policy{
Allow: []string{"MIT"},
RequireLicense: true,
},
expectedResult: EvaluationResult{
AllowedPackages: []PackageResult{
{
Package: Package{Name: "good-package", Licenses: []License{{SPDXExpression: "MIT"}}},
AllowedLicenses: []License{{SPDXExpression: "MIT"}},
Reason: "all licenses allowed",
},
},
DeniedPackages: []PackageResult{
{
Package: Package{Name: "no-license-package", Licenses: []License{}},
Reason: "package denied - no licenses found",
},
},
IgnoredPackages: []PackageResult{},
Summary: EvaluationSummary{
TotalPackages: 2,
AllowedPackages: 1,
DeniedPackages: 1,
IgnoredPackages: 0,
},
},
},
{
name: "ignored packages",
packages: []Package{
{Name: "github.com/mycompany/internal", Licenses: []License{{SPDXExpression: "GPL-3.0"}}},
{Name: "external-package", Licenses: []License{{SPDXExpression: "MIT"}}},
},
policy: &Policy{
Allow: []string{"MIT"},
IgnorePackages: []string{"github.com/mycompany/*"},
},
expectedResult: EvaluationResult{
AllowedPackages: []PackageResult{
{
Package: Package{Name: "external-package", Licenses: []License{{SPDXExpression: "MIT"}}},
AllowedLicenses: []License{{SPDXExpression: "MIT"}},
Reason: "all licenses allowed",
},
},
DeniedPackages: []PackageResult{},
IgnoredPackages: []PackageResult{
{
Package: Package{Name: "github.com/mycompany/internal", Licenses: []License{{SPDXExpression: "GPL-3.0"}}},
Reason: "package ignored per policy",
},
},
Summary: EvaluationSummary{
TotalPackages: 2,
AllowedPackages: 1,
DeniedPackages: 0,
IgnoredPackages: 1,
},
},
},
{
name: "package with mixed licenses - some allowed some denied",
packages: []Package{
{Name: "mixed-package", Licenses: []License{
{SPDXExpression: "MIT"},
{SPDXExpression: "GPL-3.0"},
}},
},
policy: &Policy{
Allow: []string{"MIT"},
},
expectedResult: EvaluationResult{
AllowedPackages: []PackageResult{},
DeniedPackages: []PackageResult{
{
Package: Package{Name: "mixed-package", Licenses: []License{{SPDXExpression: "MIT"}, {SPDXExpression: "GPL-3.0"}}},
AllowedLicenses: []License{{SPDXExpression: "MIT"}},
DeniedLicenses: []License{{SPDXExpression: "GPL-3.0"}},
Reason: "package denied due to 1 denied licenses",
},
},
IgnoredPackages: []PackageResult{},
Summary: EvaluationSummary{
TotalPackages: 1,
AllowedPackages: 0,
DeniedPackages: 1,
IgnoredPackages: 0,
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
c := createCaseFromPackages(tt.packages)
result, err := c.Evaluate(tt.policy)
if (err != nil) != tt.wantErr {
t.Errorf("Case.Evaluate() error = %v, wantErr %v", err, tt.wantErr)
return
}
if !evaluationResultsEqual(*result, tt.expectedResult) {
t.Errorf("Case.Evaluate() got = %+v, want %+v", *result, tt.expectedResult)
}
})
}
}
func TestCase_Evaluate_NilPolicy(t *testing.T) {
c := &Case{}
result, err := c.Evaluate(nil)
if err == nil {
t.Error("Case.Evaluate() with nil policy should return error")
}
if result != nil {
t.Error("Case.Evaluate() with nil policy should return nil result")
}
}
func TestEvaluationResult_HasDeniedPackages(t *testing.T) {
tests := []struct {
name string
result EvaluationResult
want bool
}{
{
name: "has denied packages",
result: EvaluationResult{
DeniedPackages: []PackageResult{{Package: Package{Name: "denied"}}},
},
want: true,
},
{
name: "no denied packages",
result: EvaluationResult{
AllowedPackages: []PackageResult{{Package: Package{Name: "allowed"}}},
},
want: false,
},
{
name: "empty result",
result: EvaluationResult{},
want: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := tt.result.HasDeniedPackages(); got != tt.want {
t.Errorf("EvaluationResult.HasDeniedPackages() = %v, want %v", got, tt.want)
}
})
}
}
func TestEvaluationResult_IsCompliant(t *testing.T) {
tests := []struct {
name string
result EvaluationResult
want bool
}{
{
name: "compliant - only allowed packages",
result: EvaluationResult{
AllowedPackages: []PackageResult{{Package: Package{Name: "allowed"}}},
},
want: true,
},
{
name: "compliant - only ignored packages",
result: EvaluationResult{
IgnoredPackages: []PackageResult{{Package: Package{Name: "ignored"}}},
},
want: true,
},
{
name: "compliant - allowed and ignored",
result: EvaluationResult{
AllowedPackages: []PackageResult{{Package: Package{Name: "allowed"}}},
IgnoredPackages: []PackageResult{{Package: Package{Name: "ignored"}}},
},
want: true,
},
{
name: "not compliant - has denied packages",
result: EvaluationResult{
AllowedPackages: []PackageResult{{Package: Package{Name: "allowed"}}},
DeniedPackages: []PackageResult{{Package: Package{Name: "denied"}}},
},
want: false,
},
{
name: "compliant - empty result",
result: EvaluationResult{},
want: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := tt.result.IsCompliant(); got != tt.want {
t.Errorf("EvaluationResult.IsCompliant() = %v, want %v", got, tt.want)
}
})
}
}
// Helper function to create a Case from packages for testing
func createCaseFromPackages(packages []Package) *Case {
// Create a simple SBOM with the packages
sb := sbom.SBOM{
Source: source.Description{Name: "test"},
Artifacts: sbom.Artifacts{
Packages: pkg.NewCollection(),
},
}
// Convert grant packages back to syft packages and add to SBOM
for _, grantPkg := range packages {
syftPkg := pkg.Package{
Name: grantPkg.Name,
Version: grantPkg.Version,
Type: pkg.Type(grantPkg.Type),
Licenses: pkg.NewLicenseSet(),
}
// Add licenses to syft package
for _, license := range grantPkg.Licenses {
var syftLicense pkg.License
if license.SPDXExpression != "" {
syftLicense = pkg.License{
SPDXExpression: license.SPDXExpression,
}
} else {
syftLicense = pkg.License{
Value: license.Name,
}
}
syftPkg.Licenses.Add(syftLicense)
}
sb.Artifacts.Packages.Add(syftPkg)
}
return &Case{
SBOMS: []sbom.SBOM{sb},
Licenses: []License{},
}
}
func evaluationResultsEqual(a, b EvaluationResult) bool {
if !packageResultSlicesEqual(a.AllowedPackages, b.AllowedPackages) {
return false
}
if !packageResultSlicesEqual(a.DeniedPackages, b.DeniedPackages) {
return false
}
if !packageResultSlicesEqual(a.IgnoredPackages, b.IgnoredPackages) {
return false
}
return a.Summary == b.Summary
}
func packageResultSlicesEqual(a, b []PackageResult) bool {
if len(a) != len(b) {
return false
}
// Create maps for order-independent comparison
aMap := make(map[string]PackageResult)
bMap := make(map[string]PackageResult)
for _, pkg := range a {
aMap[pkg.Package.Name] = pkg
}
for _, pkg := range b {
bMap[pkg.Package.Name] = pkg
}
// Compare each package
for name, aPkg := range aMap {
bPkg, exists := bMap[name]
if !exists {
return false
}
if !packageResultEqual(aPkg, bPkg) {
return false
}
}
return true
}
func packageResultEqual(a, b PackageResult) bool {
// Compare all Package fields
if a.Package.Name != b.Package.Name {
return false
}
if a.Package.Type != b.Package.Type {
return false
}
if a.Package.Version != b.Package.Version {
return false
}
// Compare Package licenses
if !licenseSlicesEqual(a.Package.Licenses, b.Package.Licenses) {
return false
}
// Compare reason
if a.Reason != b.Reason {
return false
}
if !licenseSlicesEqual(a.AllowedLicenses, b.AllowedLicenses) {
return false
}
if !licenseSlicesEqual(a.DeniedLicenses, b.DeniedLicenses) {
return false
}
return true
}
func licenseSlicesEqual(a, b []License) bool {
if len(a) != len(b) {
return false
}
// Create maps for order-independent comparison based on SPDX expression or name
aMap := make(map[string]License)
bMap := make(map[string]License)
for _, lic := range a {
key := lic.SPDXExpression
if key == "" {
key = lic.Name
}
aMap[key] = lic
}
for _, lic := range b {
key := lic.SPDXExpression
if key == "" {
key = lic.Name
}
bMap[key] = lic
}
// Compare each license by key fields only (ignore internal fields like ID)
for key, aLic := range aMap {
bLic, exists := bMap[key]
if !exists {
return false
}
// Compare SPDX expressions if both have them
if aLic.SPDXExpression != "" && bLic.SPDXExpression != "" {
if aLic.SPDXExpression != bLic.SPDXExpression {
return false
}
} else if aLic.SPDXExpression == "" && bLic.SPDXExpression == "" {
// Both don't have SPDX, compare names
if aLic.Name != bLic.Name {
return false
}
} else {
// One has SPDX, one doesn't - they're different
return false
}
}
return true
}
07070100000041000081A400000000000000000000000168CB9D630000135F000000000000000000000000000000000000001D00000000grant-0.3.2/grant/license.gopackage grant
import (
"strings"
"github.com/github/go-spdx/v2/spdxexp"
"github.com/anchore/grant/internal/log"
"github.com/anchore/grant/internal/spdxlicense"
syftPkg "github.com/anchore/syft/syft/pkg"
)
type LicenseID string
// License is a grant license. Either SPDXExpression or Name will be set.
// If SPDXExpression is set, Name will be empty.
// Locations are the relative paths for a license that show evidence of its detection.
type License struct {
ID LicenseID `json:"id"`
// SPDXExpression is the SPDX expression for the license
SPDXExpression string `json:"spdxExpression"`
// Name is the name of the individual license if SPDXExpression is unset
Name string `json:"name"`
// Contents are the text of the license
Contents string `json:"value"`
// Locations are the paths for a package that show evidence of the license
Locations []string `json:"location"`
// These fields are lifted from the SPDX license list.
// internal/spdxlicnse/license.go
Reference string `json:"reference"`
IsDeprecatedLicenseID bool `json:"isDeprecatedLicenseId"`
DetailsURL string `json:"detailsUrl"`
ReferenceNumber int `json:"referenceNumber"`
LicenseID string `json:"licenseId"`
SeeAlso []string `json:"seeAlso"`
IsOsiApproved bool `json:"isOsiApproved"`
}
func (l License) String() string {
if l.SPDXExpression != "" {
return l.SPDXExpression
}
return l.Name
}
func (l License) IsSPDX() bool {
return l.SPDXExpression != ""
}
// ConvertSyftLicenses converts a syft LicenseSet to a grant License slice
// note: syft licenses can sometimes have complex SPDX expressions.
// Grant these expressions into individual licenses.
// Because license expressions could potentially contain multiple licenses
// that are already represented in the syft license set we need to de-duplicate
// Syft licenses have a "Value" field which is the name of the license
// given to an invalid SPDX expression; grant licenses store this field as "Name"
func ConvertSyftLicenses(set syftPkg.LicenseSet) (licenses []License) {
licenses = make([]License, 0)
checked := make(map[string]bool)
for _, license := range set.ToSlice() {
locations := license.Locations.ToSlice()
licenseLocations := make([]string, 0)
for _, location := range locations {
licenseLocations = append(licenseLocations, location.RealPath)
}
if license.SPDXExpression != "" {
licenses = handleSPDXLicense(license, licenses, licenseLocations, checked)
continue
}
licenses = addNonSPDXLicense(licenses, license, licenseLocations)
}
return licenses
}
func handleSPDXLicense(license syftPkg.License, licenses []License, licenseLocations []string, checked map[string]bool) []License {
extractedLicenses, err := spdxexp.ExtractLicenses(license.SPDXExpression)
if err != nil {
// log.Errorf("unable to extract licenses from SPDX expression: %s", license.SPDXExpression)
return addNonSPDXLicense(licenses, license, licenseLocations)
}
// process each extracted license from the SPDX expression
for _, extractedLicense := range extractedLicenses {
extractedLicense = strings.TrimRight(extractedLicense, "+")
// prevent duplicates from being added when using SPDX expressions
// EG: "MIT AND MIT" is valid, but we want to de-duplicate these
if check(checked, extractedLicense) {
continue
}
// we have what seems to be a valid SPDX license ID, let's try and get more info about it
spdxLicense, err := spdxlicense.GetLicenseByID(extractedLicense)
if err != nil {
log.Errorf("unable to get license by ID: %s; no matching spdx id found", extractedLicense)
// if we can't find a matching SPDX license, just add the license as-is
// TODO: best matching against the spdx list index
licenses = addNonSPDXLicense(licenses, license, licenseLocations)
continue
}
licenses = append(licenses, License{
SPDXExpression: extractedLicense,
Name: spdxLicense.Name,
Locations: licenseLocations,
Reference: spdxLicense.Reference,
IsDeprecatedLicenseID: spdxLicense.IsDeprecatedLicenseID,
DetailsURL: spdxLicense.DetailsURL,
ReferenceNumber: spdxLicense.ReferenceNumber,
LicenseID: spdxLicense.LicenseID,
SeeAlso: spdxLicense.SeeAlso,
IsOsiApproved: spdxLicense.IsOsiApproved,
})
}
return licenses
}
func addNonSPDXLicense(licenses []License, license syftPkg.License, locations []string) []License {
// Filter out sha256: licenses - these are content hashes from Syft when license detection fails
if strings.HasPrefix(license.Value, "sha256:") {
return licenses
}
return append(licenses, License{
Name: license.Value,
Locations: locations,
})
}
func check(checked map[string]bool, license string) bool {
if _, ok := checked[license]; !ok {
checked[license] = true
return false
}
return true
}
07070100000042000081A400000000000000000000000168CB9D63000017C9000000000000000000000000000000000000002200000000grant-0.3.2/grant/orchestrator.gopackage grant
import (
"fmt"
"os"
)
// Orchestrator coordinates grant operations across multiple targets
type Orchestrator struct {
Policy *Policy
CaseHandler *CaseHandler
}
// NewOrchestrator creates a new Orchestrator with the given policy
func NewOrchestrator(policy *Policy) (*Orchestrator, error) {
if policy == nil {
return nil, fmt.Errorf("policy cannot be nil")
}
caseHandler, err := NewCaseHandler()
if err != nil {
return nil, fmt.Errorf("failed to create case handler: %w", err)
}
return &Orchestrator{
Policy: policy,
CaseHandler: caseHandler,
}, nil
}
// NewOrchestratorWithConfig creates a new Orchestrator with the given policy and case config
func NewOrchestratorWithConfig(policy *Policy, config CaseConfig) (*Orchestrator, error) {
if policy == nil {
return nil, fmt.Errorf("policy cannot be nil")
}
caseHandler, err := NewCaseHandlerWithConfig(config)
if err != nil {
return nil, fmt.Errorf("failed to create case handler: %w", err)
}
return &Orchestrator{
Policy: policy,
CaseHandler: caseHandler,
}, nil
}
// Close cleans up resources used by the orchestrator
func (o *Orchestrator) Close() {
if o.CaseHandler != nil {
o.CaseHandler.Close()
}
}
// Check evaluates multiple targets against the policy and returns a RunResponse
func (o *Orchestrator) Check(argv []string, targets ...string) (*RunResponse, error) {
response := NewRunResponse(argv, o.Policy)
for _, target := range targets {
// Determine source type
sourceType := DetermineSourceType(target)
source := SourceInfo{
Type: sourceType,
Ref: target,
}
// Create case for the target
c, err := o.CaseHandler.determineRequestCase(target)
if err != nil {
// Add error result for this target
response.AddTarget(source, TargetEvaluation{
Status: "error",
Summary: EvaluationSummaryJSON{
Packages: PackageSummary{},
Licenses: LicenseSummary{},
},
Findings: EvaluationFindings{
Packages: []PackageFinding{},
},
})
continue
}
// Evaluate the case
evalResult, err := c.Evaluate(o.Policy)
if err != nil {
// Add error result for this target
response.AddTarget(source, TargetEvaluation{
Status: "error",
Summary: EvaluationSummaryJSON{
Packages: PackageSummary{},
Licenses: LicenseSummary{},
},
Findings: EvaluationFindings{
Packages: []PackageFinding{},
},
})
continue
}
// Convert evaluation to target result
targetEval := ConvertEvaluationToTarget(evalResult, o.Policy)
response.AddTarget(source, targetEval)
}
return response, nil
}
// List returns license information for multiple targets without policy evaluation
func (o *Orchestrator) List(argv []string, targets ...string) (*RunResponse, error) {
response := NewRunResponse(argv, o.Policy)
for _, target := range targets {
source := SourceInfo{
Type: DetermineSourceType(target),
Ref: target,
}
targetEval := o.processListTarget(target)
response.AddTarget(source, targetEval)
}
return response, nil
}
// processListTarget processes a single target for listing licenses
func (o *Orchestrator) processListTarget(target string) TargetEvaluation {
c, err := o.CaseHandler.determineRequestCase(target)
if err != nil {
return createErrorTargetEvaluation()
}
licensePackages, licenses, packagesNoLicenses := c.GetLicenses()
findings := buildListFindings(licensePackages, packagesNoLicenses)
summary := buildListSummary(licensePackages, licenses, packagesNoLicenses)
return TargetEvaluation{
Status: "list",
Summary: summary,
Findings: findings,
}
}
// createErrorTargetEvaluation creates a standard error response
func createErrorTargetEvaluation() TargetEvaluation {
return TargetEvaluation{
Status: "error",
Summary: EvaluationSummaryJSON{
Packages: PackageSummary{},
Licenses: LicenseSummary{},
},
Findings: EvaluationFindings{
Packages: []PackageFinding{},
},
}
}
// buildListFindings creates findings from license packages
func buildListFindings(licensePackages map[string][]*Package, packagesNoLicenses []Package) EvaluationFindings {
findings := EvaluationFindings{
Packages: []PackageFinding{},
}
for _, packages := range licensePackages {
for _, pkg := range packages {
finding := packageToFinding(*pkg, "list")
findings.Packages = append(findings.Packages, finding)
}
}
for _, pkg := range packagesNoLicenses {
finding := packageToFinding(pkg, "list")
findings.Packages = append(findings.Packages, finding)
}
return findings
}
// buildListSummary creates summary statistics for list operation
func buildListSummary(licensePackages map[string][]*Package, licenses map[string]License, packagesNoLicenses []Package) EvaluationSummaryJSON {
totalPackages := len(packagesNoLicenses)
for _, packages := range licensePackages {
totalPackages += len(packages)
}
return EvaluationSummaryJSON{
Packages: PackageSummary{
Total: totalPackages,
Unlicensed: len(packagesNoLicenses),
},
Licenses: LicenseSummary{
Unique: len(licenses),
},
}
}
// CheckWithDefaults performs a check with default policy
func CheckWithDefaults(targets ...string) (*RunResponse, error) {
// Create a default deny-all policy
policy := &Policy{
Allow: []string{},
IgnorePackages: []string{},
RequireLicense: true,
RequireKnownLicense: false,
}
orchestrator, err := NewOrchestrator(policy)
if err != nil {
return nil, err
}
defer orchestrator.Close()
argv := append([]string{"grant", "check"}, targets...)
return orchestrator.Check(argv, targets...)
}
// LoadPolicyOrDefault loads a policy from file or returns a default policy
func LoadPolicyOrDefault(filename string) (*Policy, error) {
if filename != "" {
// Check if file exists
if _, err := os.Stat(filename); err == nil {
return LoadPolicyFromFile(filename)
}
}
// Return default policy - deny all
return &Policy{
Allow: []string{},
IgnorePackages: []string{},
RequireLicense: true,
RequireKnownLicense: false,
}, nil
}
07070100000043000081A400000000000000000000000168CB9D6300000444000000000000000000000000000000000000001D00000000grant-0.3.2/grant/package.gopackage grant
import syftPkg "github.com/anchore/syft/syft/pkg"
// PackageID is a unique identifier for a package that is tracked by grant
// It's usually provided by the SBOM; It's calculated if an SBOM is generated
type PackageID string
// Package is a package that is tracked by grant
// These packages are decoded from SBOMs: spdx, cyclonedx, syft
type Package struct {
ID PackageID `json:"id" yaml:"id"`
Name string `json:"name" yaml:"name"`
Type string `json:"type" yaml:"type"`
Version string `json:"version" yaml:"version"`
Licenses []License `json:"licenses" yaml:"licenses"`
Locations []string `json:"locations" yaml:"locations"`
}
func ConvertSyftPackage(p syftPkg.Package) *Package {
locations := p.Locations.ToSlice()
packageLocations := make([]string, 0)
for _, location := range locations {
packageLocations = append(packageLocations, location.RealPath)
}
return &Package{
Name: p.Name,
Version: p.Version,
Type: string(p.Type),
Licenses: ConvertSyftLicenses(p.Licenses),
Locations: packageLocations,
}
}
07070100000044000081A400000000000000000000000168CB9D6300000C00000000000000000000000000000000000000001C00000000grant-0.3.2/grant/policy.gopackage grant
import (
"fmt"
"os"
"path/filepath"
"strings"
"gopkg.in/yaml.v3"
)
// Policy represents a simplified grant policy that can be decoded from YAML
type Policy struct {
// Allow is a list of permitted licenses (supports glob patterns)
Allow []string `yaml:"allow,omitempty"`
// IgnorePackages is a list of software package name patterns to skip license checking entirely
// These are package manager package names (npm, Go modules, Debian packages, etc.)
// Examples: "github.com/anchore/syft", "github.com/anchore/*", "crew", "lite"
IgnorePackages []string `yaml:"ignore-packages,omitempty"`
// RequireLicense when true, denies packages with no detected licenses
RequireLicense bool `yaml:"require-license,omitempty"`
// RequireKnownLicense when true, denies non-SPDX / unparsable licenses
RequireKnownLicense bool `yaml:"require-known-license,omitempty"`
}
// IsLicensePermitted checks if a license is permitted by the policy
func (p *Policy) IsLicensePermitted(license string) bool {
for _, permitted := range p.Allow {
// Direct match
if license == permitted {
return true
}
// Convert common regex-style patterns to glob patterns
pattern := convertRegexToGlob(permitted)
// Glob pattern match
if matched, err := filepath.Match(pattern, license); err == nil && matched {
return true
}
}
return false
}
// convertRegexToGlob converts common regex patterns to shell glob patterns
// This allows users to use either regex-style (BSD.*) or glob-style (BSD-*) patterns
func convertRegexToGlob(pattern string) string {
// Replace .* (regex any) with * (glob any)
if strings.Contains(pattern, ".*") {
return strings.ReplaceAll(pattern, ".*", "*")
}
// Replace .+ (regex one or more) with * (glob any)
if strings.Contains(pattern, ".+") {
return strings.ReplaceAll(pattern, ".+", "*")
}
return pattern
}
// IsPackageIgnored checks if a software package should be ignored based on ignore-packages patterns
func (p *Policy) IsPackageIgnored(packageName string) bool {
for _, pattern := range p.IgnorePackages {
// Direct match
if packageName == pattern {
return true
}
// Glob pattern match - handle path-like patterns
if matched, err := filepath.Match(pattern, packageName); err == nil && matched {
return true
}
// Handle patterns like "github.com/mycompany/*"
if strings.HasSuffix(pattern, "/*") {
prefix := strings.TrimSuffix(pattern, "/*")
if strings.HasPrefix(packageName, prefix+"/") {
return true
}
}
}
return false
}
// LoadPolicy loads a policy from YAML bytes
func LoadPolicy(data []byte) (*Policy, error) {
var policy Policy
if err := yaml.Unmarshal(data, &policy); err != nil {
return nil, fmt.Errorf("failed to unmarshal policy: %w", err)
}
return &policy, nil
}
// LoadPolicyFromFile loads a policy from a YAML file
func LoadPolicyFromFile(filename string) (*Policy, error) {
data, err := os.ReadFile(filepath.Clean(filename))
if err != nil {
return nil, fmt.Errorf("failed to read policy file: %w", err)
}
return LoadPolicy(data)
}
07070100000045000081A400000000000000000000000168CB9D6300001663000000000000000000000000000000000000002100000000grant-0.3.2/grant/policy_test.gopackage grant
import (
"testing"
)
func TestLoadPolicy(t *testing.T) {
tests := []struct {
name string
yaml string
expected Policy
wantErr bool
}{
{
name: "minimal config",
yaml: `allow:
- MIT
- Apache-2.0
- BSD-*`,
expected: Policy{
Allow: []string{"MIT", "Apache-2.0", "BSD-*"},
},
},
{
name: "config with ignore-packages",
yaml: `allow:
- MIT
- Apache-2.0
ignore-packages:
- github.com/mycompany/*
- "@mycompany/*"
- internal-*`,
expected: Policy{
Allow: []string{"MIT", "Apache-2.0"},
IgnorePackages: []string{"github.com/mycompany/*", "@mycompany/*", "internal-*"},
},
},
{
name: "empty config",
yaml: ``,
expected: Policy{},
},
{
name: "only ignore-packages",
yaml: `ignore-packages:
- github.com/anchore/*`,
expected: Policy{
IgnorePackages: []string{"github.com/anchore/*"},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
policy, err := LoadPolicy([]byte(tt.yaml))
if (err != nil) != tt.wantErr {
t.Errorf("LoadPolicy() error = %v, wantErr %v", err, tt.wantErr)
return
}
if !policiesEqual(*policy, tt.expected) {
t.Errorf("LoadPolicy() = %v, want %v", *policy, tt.expected)
}
})
}
}
func TestPolicy_IsLicensePermitted(t *testing.T) {
policy := &Policy{
Allow: []string{"MIT", "Apache-2.0", "BSD-*", "GPL-3.0+"},
}
tests := []struct {
name string
license string
want bool
}{
{"exact match MIT", "MIT", true},
{"exact match Apache", "Apache-2.0", true},
{"glob match BSD-2", "BSD-2-Clause", true},
{"glob match BSD-3", "BSD-3-Clause", true},
{"exact match GPL with plus", "GPL-3.0+", true},
{"denied license GPL-2.0", "GPL-2.0", false},
{"denied license ISC", "ISC", false},
{"empty license", "", false},
{"case sensitive", "mit", false},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := policy.IsLicensePermitted(tt.license); got != tt.want {
t.Errorf("Policy.IsLicensePermitted(%q) = %v, want %v", tt.license, got, tt.want)
}
})
}
}
func TestPolicy_IsLicensePermitted_RegexStyle(t *testing.T) {
policy := &Policy{
Allow: []string{"MIT.*", "Apache.*", "BSD.*", "CC0.*", "MPL.*"},
}
tests := []struct {
name string
license string
want bool
}{
{"regex style MIT", "MIT", true},
{"regex style MIT-0", "MIT-0", true},
{"regex style Apache-2.0", "Apache-2.0", true},
{"regex style Apache-1.0", "Apache-1.0", true},
{"regex style BSD-2-Clause", "BSD-2-Clause", true},
{"regex style BSD-3-Clause", "BSD-3-Clause", true},
{"regex style BSD-4-Clause", "BSD-4-Clause", true},
{"regex style CC0-1.0", "CC0-1.0", true},
{"regex style MPL-2.0", "MPL-2.0", true},
{"denied license GPL", "GPL-2.0", false},
{"denied license ISC", "ISC", false},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := policy.IsLicensePermitted(tt.license); got != tt.want {
t.Errorf("Policy.IsLicensePermitted(%q) = %v, want %v", tt.license, got, tt.want)
}
})
}
}
func TestPolicy_IsLicensePermitted_EmptyAllow(t *testing.T) {
policy := &Policy{
Allow: []string{},
}
tests := []struct {
license string
want bool
}{
{"MIT", false},
{"Apache-2.0", false},
{"", false},
}
for _, tt := range tests {
t.Run(tt.license, func(t *testing.T) {
if got := policy.IsLicensePermitted(tt.license); got != tt.want {
t.Errorf("Policy.IsLicensePermitted(%q) with empty allow = %v, want %v", tt.license, got, tt.want)
}
})
}
}
func TestPolicy_IsPackageIgnored(t *testing.T) {
policy := &Policy{
IgnorePackages: []string{
"github.com/mycompany/*",
"@mycompany/*",
"internal",
"test-*",
"crew",
},
}
tests := []struct {
name string
packageName string
want bool
}{
// Exact matches
{"exact match internal", "internal", true},
{"exact match crew", "crew", true},
// Glob patterns with /*
{"github glob match", "github.com/mycompany/repo", true},
{"github glob match nested", "github.com/mycompany/deep/repo", true},
{"npm scoped package match", "@mycompany/utils", true},
{"npm scoped package nested", "@mycompany/deep/utils", true},
// Glob patterns with *
{"prefix match test", "test-utils", true},
{"prefix match test-package", "test-package-name", true},
// Non-matches
{"similar but not matching github", "github.com/mycompany", false},
{"different org", "github.com/other/repo", false},
{"different npm scope", "@other/utils", false},
{"partial prefix", "tes", false},
{"empty package", "", false},
{"case sensitive", "Internal", false},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := policy.IsPackageIgnored(tt.packageName); got != tt.want {
t.Errorf("Policy.IsPackageIgnored(%q) = %v, want %v", tt.packageName, got, tt.want)
}
})
}
}
func TestPolicy_IsPackageIgnored_EmptyIgnorePackages(t *testing.T) {
policy := &Policy{
IgnorePackages: []string{},
}
tests := []string{"github.com/mycompany/repo", "internal", "test", ""}
for _, packageName := range tests {
t.Run(packageName, func(t *testing.T) {
if got := policy.IsPackageIgnored(packageName); got != false {
t.Errorf("Policy.IsPackageIgnored(%q) with empty ignore = %v, want false", packageName, got)
}
})
}
}
func policiesEqual(a, b Policy) bool {
if !stringSlicesEqual(a.Allow, b.Allow) {
return false
}
if !stringSlicesEqual(a.IgnorePackages, b.IgnorePackages) {
return false
}
return true
}
func stringSlicesEqual(a, b []string) bool {
if len(a) != len(b) {
return false
}
for i, v := range a {
if v != b[i] {
return false
}
}
return true
}
07070100000046000081A400000000000000000000000168CB9D6300002DD9000000000000000000000000000000000000001E00000000grant-0.3.2/grant/response.gopackage grant
import (
"github.com/anchore/grant/internal"
"github.com/anchore/grant/internal/spdxlicense"
)
// RunResponse represents the complete JSON response structure for grant operations
type RunResponse struct {
Tool string `json:"tool"`
Version string `json:"version"`
Run RunDetails `json:"run"`
}
// RunDetails contains the execution details and results
type RunDetails struct {
Argv []string `json:"argv"`
Policy PolicyConfig `json:"policy"`
Targets []TargetResult `json:"targets"`
}
// PolicyConfig represents the policy configuration used in the run
type PolicyConfig struct {
Rules PolicyRules `json:"rules"`
RequireLicense bool `json:"requireLicense"`
RequireKnownLicense bool `json:"requireKnownLicense"`
}
// PolicyRules contains the allow and ignore rules
type PolicyRules struct {
Allow []string `json:"allow"`
IgnorePackages []string `json:"ignorePackages"`
}
// TargetResult represents the evaluation result for a single target
type TargetResult struct {
Source SourceInfo `json:"source"`
Evaluation TargetEvaluation `json:"evaluation"`
}
// SourceInfo contains information about the source being evaluated
type SourceInfo struct {
Type string `json:"type"` // image | sbom | dir | file
Ref string `json:"ref"`
ResolvedRef string `json:"resolvedRef,omitempty"`
}
// TargetEvaluation contains the evaluation results for a target
type TargetEvaluation struct {
Status string `json:"status"` // compliant | noncompliant
Summary EvaluationSummaryJSON `json:"summary"`
Findings EvaluationFindings `json:"findings"`
}
// EvaluationSummaryJSON provides statistics about packages and licenses
type EvaluationSummaryJSON struct {
Packages PackageSummary `json:"packages"`
Licenses LicenseSummary `json:"licenses"`
}
// PackageSummary contains package statistics
type PackageSummary struct {
Total int `json:"total"`
Allowed int `json:"allowed"`
Denied int `json:"denied"`
Ignored int `json:"ignored"`
Unlicensed int `json:"unlicensed"`
}
// LicenseSummary contains license statistics
type LicenseSummary struct {
Unique int `json:"unique"`
Allowed int `json:"allowed"`
Denied int `json:"denied"`
NonSPDX int `json:"nonSPDX"` // Non-SPDX license identifiers (may be custom or proprietary)
}
// EvaluationFindings contains the detailed findings
type EvaluationFindings struct {
Packages []PackageFinding `json:"packages"`
}
// PackageFinding represents a single package finding
type PackageFinding struct {
ID string `json:"id"`
Name string `json:"name"`
Type string `json:"type"`
Version string `json:"version"`
Decision string `json:"decision"` // allow | deny | ignore
Licenses []LicenseDetail `json:"licenses"`
Locations []string `json:"locations"`
}
// LicenseDetail contains detailed license information
type LicenseDetail struct {
ID string `json:"id"`
Name string `json:"name,omitempty"`
IsDeprecatedLicenseID bool `json:"isDeprecatedLicenseId"`
IsOsiApproved bool `json:"isOsiApproved"`
DetailsURL string `json:"detailsUrl"`
Reference string `json:"reference,omitempty"`
SeeAlso []string `json:"seeAlso,omitempty"`
Evidence []string `json:"evidence,omitempty"`
RiskCategory spdxlicense.RiskCategory `json:"riskCategory,omitempty"`
}
// NewRunResponse creates a new RunResponse with default values
func NewRunResponse(argv []string, policy *Policy) *RunResponse {
return &RunResponse{
Tool: internal.ApplicationName,
Version: internal.ApplicationVersion,
Run: RunDetails{
Argv: argv,
Policy: PolicyConfig{
Rules: PolicyRules{
Allow: policy.Allow,
IgnorePackages: policy.IgnorePackages,
},
RequireLicense: policy.RequireLicense,
RequireKnownLicense: policy.RequireKnownLicense,
},
Targets: []TargetResult{},
},
}
}
// AddTarget adds a target result to the response
func (r *RunResponse) AddTarget(source SourceInfo, evaluation TargetEvaluation) {
r.Run.Targets = append(r.Run.Targets, TargetResult{
Source: source,
Evaluation: evaluation,
})
}
type licenseStatistics struct {
UnlicensedCount int
UniqueCount int
AllowedCount int
DeniedCount int
NonSPDXCount int
}
// ConvertEvaluationToTarget converts an EvaluationResult to TargetEvaluation
func ConvertEvaluationToTarget(evalResult *EvaluationResult, policy *Policy) TargetEvaluation {
licenseStats := calculateLicenseStatistics(evalResult)
findings := buildEvaluationFindings(evalResult)
status := determineComplianceStatus(evalResult)
return TargetEvaluation{
Status: status,
Summary: EvaluationSummaryJSON{
Packages: PackageSummary{
Total: evalResult.Summary.TotalPackages,
Allowed: evalResult.Summary.AllowedPackages,
Denied: evalResult.Summary.DeniedPackages,
Ignored: evalResult.Summary.IgnoredPackages,
Unlicensed: licenseStats.UnlicensedCount,
},
Licenses: LicenseSummary{
Unique: licenseStats.UniqueCount,
Allowed: licenseStats.AllowedCount,
Denied: licenseStats.DeniedCount,
NonSPDX: licenseStats.NonSPDXCount,
},
},
Findings: findings,
}
}
// calculateLicenseStatistics computes license-related statistics from evaluation results
func calculateLicenseStatistics(evalResult *EvaluationResult) licenseStatistics {
uniqueLicenses := make(map[string]bool)
allowedLicenses := make(map[string]bool)
deniedLicenses := make(map[string]bool)
unrecognizedLicenses := make(map[string]bool)
unlicensedCount := 0
// Process allowed packages
for _, pkg := range evalResult.AllowedPackages {
for _, license := range pkg.Package.Licenses {
licenseStr := license.String()
uniqueLicenses[licenseStr] = true
allowedLicenses[licenseStr] = true
}
if len(pkg.Package.Licenses) == 0 {
unlicensedCount++
}
}
// Process denied packages
for _, pkg := range evalResult.DeniedPackages {
if len(pkg.Package.Licenses) == 0 {
unlicensedCount++
} else {
for _, license := range pkg.Package.Licenses {
licenseStr := license.String()
uniqueLicenses[licenseStr] = true
deniedLicenses[licenseStr] = true
if license.Name != "" && license.SPDXExpression == "" {
unrecognizedLicenses[licenseStr] = true
}
}
}
}
return licenseStatistics{
UnlicensedCount: unlicensedCount,
UniqueCount: len(uniqueLicenses),
AllowedCount: len(allowedLicenses),
DeniedCount: len(deniedLicenses),
NonSPDXCount: len(unrecognizedLicenses),
}
}
// buildEvaluationFindings creates findings from evaluation results with deduplication
func buildEvaluationFindings(evalResult *EvaluationResult) EvaluationFindings {
findings := EvaluationFindings{
Packages: []PackageFinding{},
}
packageMap := make(map[string]PackageFinding)
// Add allowed packages
for _, pkg := range evalResult.AllowedPackages {
finding := packageToFinding(pkg.Package, "allow")
key := pkg.Package.Name + "@" + pkg.Package.Version
if _, exists := packageMap[key]; !exists {
packageMap[key] = finding
}
}
// Add denied packages
for _, pkg := range evalResult.DeniedPackages {
finding := packageToFindingWithDeniedLicenses(pkg.Package, "deny", pkg.DeniedLicenses)
key := pkg.Package.Name + "@" + pkg.Package.Version
if _, exists := packageMap[key]; !exists {
packageMap[key] = finding
}
}
// Add ignored packages
for _, pkg := range evalResult.IgnoredPackages {
finding := packageToFinding(pkg.Package, "ignore")
key := pkg.Package.Name + "@" + pkg.Package.Version
if _, exists := packageMap[key]; !exists {
packageMap[key] = finding
}
}
// Convert map back to slice
for _, finding := range packageMap {
findings.Packages = append(findings.Packages, finding)
}
return findings
}
// determineComplianceStatus determines the overall compliance status
func determineComplianceStatus(evalResult *EvaluationResult) string {
if len(evalResult.DeniedPackages) > 0 {
return "noncompliant"
}
return "compliant"
}
// populateSPDXLicenseData enriches a LicenseDetail with SPDX license data
func populateSPDXLicenseData(detail *LicenseDetail) {
if spdxLicense, err := spdxlicense.GetLicenseByID(detail.ID); err == nil {
detail.Reference = spdxLicense.Reference
detail.SeeAlso = spdxLicense.SeeAlso
detail.RiskCategory = spdxLicense.RiskCategory
}
}
// packageToFinding converts a Package to a PackageFinding
func packageToFinding(pkg Package, decision string) PackageFinding {
licenseDetails := []LicenseDetail{}
for _, license := range pkg.Licenses {
detail := LicenseDetail{
ID: license.String(),
Name: license.Name,
IsDeprecatedLicenseID: license.IsDeprecatedLicenseID,
IsOsiApproved: license.IsOsiApproved,
DetailsURL: license.DetailsURL,
Evidence: license.Locations,
}
if license.SPDXExpression != "" {
detail.ID = license.SPDXExpression
detail.Name = ""
}
// Populate SPDX license data
populateSPDXLicenseData(&detail)
licenseDetails = append(licenseDetails, detail)
}
// Generate package ID
pkgID := pkg.Type + ":" + pkg.Name
if pkg.Version != "" {
pkgID += "@" + pkg.Version
}
return PackageFinding{
ID: pkgID,
Name: pkg.Name,
Type: pkg.Type,
Version: pkg.Version,
Decision: decision,
Licenses: licenseDetails,
Locations: pkg.Locations,
}
}
// packageToFindingWithDeniedLicenses converts a Package to a PackageFinding, filtering to only show denied licenses
func packageToFindingWithDeniedLicenses(pkg Package, decision string, deniedLicenses []License) PackageFinding {
// Only include the licenses that were actually denied
licenseDetails := []LicenseDetail{}
if decision == "deny" && len(pkg.Licenses) == 0 {
// Package denied due to no licenses
licenseDetails = []LicenseDetail{} // Keep empty to indicate no licenses
} else {
// Find which licenses from the package are in the denied list
for _, license := range pkg.Licenses {
for _, denied := range deniedLicenses {
if license.String() == denied.String() {
detail := LicenseDetail{
ID: license.String(),
Name: license.Name,
IsDeprecatedLicenseID: license.IsDeprecatedLicenseID,
IsOsiApproved: license.IsOsiApproved,
DetailsURL: license.DetailsURL,
Evidence: license.Locations,
}
if license.SPDXExpression != "" {
detail.ID = license.SPDXExpression
detail.Name = ""
}
// Populate SPDX license data
populateSPDXLicenseData(&detail)
licenseDetails = append(licenseDetails, detail)
break
}
}
}
}
// Generate package ID
pkgID := pkg.Type + ":" + pkg.Name
if pkg.Version != "" {
pkgID += "@" + pkg.Version
}
return PackageFinding{
ID: pkgID,
Name: pkg.Name,
Type: pkg.Type,
Version: pkg.Version,
Decision: decision,
Licenses: licenseDetails,
Locations: pkg.Locations,
}
}
// DetermineSourceType determines the source type from user input
func DetermineSourceType(userInput string) string {
if isStdin(userInput) {
return "sbom"
}
if isFile(userInput) {
if isArchive(userInput) {
return "file"
}
// Could be SBOM or license file
return "file"
}
if isDirectory(userInput) {
return "dir"
}
// Assume container image
return "image"
}
07070100000047000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000001B00000000grant-0.3.2/grant/testdata07070100000048000081A400000000000000000000000168CB9D6300000123000000000000000000000000000000000000002E00000000grant-0.3.2/grant/testdata/apache-license.txtApache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.07070100000049000081A400000000000000000000000168CB9D63000000EE000000000000000000000000000000000000002B00000000grant-0.3.2/grant/testdata/gpl-license.txtGNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.0707010000004A000081A400000000000000000000000168CB9D63000000CC000000000000000000000000000000000000003100000000grant-0.3.2/grant/testdata/mit-license-short.txtMIT License
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction.0707010000004B000081A400000000000000000000000168CB9D6300000424000000000000000000000000000000000000002B00000000grant-0.3.2/grant/testdata/mit-license.txtMIT License
Copyright (c) 2024 Test
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.0707010000004C000081ED00000000000000000000000168CB9D63000043E5000000000000000000000000000000000000001700000000grant-0.3.2/install.sh#!/bin/sh
# note: we require errors to propagate (don't set -e)
set -u
PROJECT_NAME="grant"
OWNER=anchore
REPO="${PROJECT_NAME}"
GITHUB_DOWNLOAD_PREFIX=https://github.com/${OWNER}/${REPO}/releases/download
INSTALL_SH_BASE_URL=https://get.anchore.io/${PROJECT_NAME}
LEGACY_INSTALL_SH_BASE_URL=https://raw.githubusercontent.com/${OWNER}/${PROJECT_NAME}
PROGRAM_ARGS=$@
# do not change the name of this parameter (this must always be backwards compatible)
DOWNLOAD_TAG_INSTALL_SCRIPT=${DOWNLOAD_TAG_INSTALL_SCRIPT:-true}
#
# usage [script-name]
#
usage() (
this=$1
cat <<EOF
$this: download go binaries for ${OWNER}/${PROJECT_NAME}
Usage: $this [-b] dir [-d] [tag]
-b the installation directory (defaults to ./bin)
-d turns on debug logging
-dd turns on trace logging
[tag] the specific release to use (if missing, then the latest will be used)
EOF
exit 2
)
# ------------------------------------------------------------------------
# https://github.com/client9/shlib - portable posix shell functions
# Public domain - http://unlicense.org
# https://github.com/client9/shlib/blob/master/LICENSE.md
# but credit (and pull requests) appreciated.
# ------------------------------------------------------------------------
is_command() (
command -v "$1" >/dev/null
)
echo_stderr() (
echo "$@" 1>&2
)
_logp=2
log_set_priority() {
_logp="$1"
}
log_priority() (
if test -z "$1"; then
echo "$_logp"
return
fi
[ "$1" -le "$_logp" ]
)
init_colors() {
RED=''
BLUE=''
PURPLE=''
BOLD=''
RESET=''
# check if stdout is a terminal
if test -t 1 && is_command tput; then
# see if it supports colors
ncolors=$(tput colors)
if test -n "$ncolors" && test $ncolors -ge 8; then
RED='\033[0;31m'
BLUE='\033[0;34m'
PURPLE='\033[0;35m'
BOLD='\033[1m'
RESET='\033[0m'
fi
fi
}
init_colors
log_tag() (
case $1 in
0) echo "${RED}${BOLD}[error]${RESET}" ;;
1) echo "${RED}[warn]${RESET}" ;;
2) echo "[info]${RESET}" ;;
3) echo "${BLUE}[debug]${RESET}" ;;
4) echo "${PURPLE}[trace]${RESET}" ;;
*) echo "[$1]" ;;
esac
)
log_trace_priority=4
log_trace() (
priority=$log_trace_priority
log_priority "$priority" || return 0
echo_stderr "$(log_tag $priority)" "${@}" "${RESET}"
)
log_debug_priority=3
log_debug() (
priority=$log_debug_priority
log_priority "$priority" || return 0
echo_stderr "$(log_tag $priority)" "${@}" "${RESET}"
)
log_info_priority=2
log_info() (
priority=$log_info_priority
log_priority "$priority" || return 0
echo_stderr "$(log_tag $priority)" "${@}" "${RESET}"
)
log_warn_priority=1
log_warn() (
priority=$log_warn_priority
log_priority "$priority" || return 0
echo_stderr "$(log_tag $priority)" "${@}" "${RESET}"
)
log_err_priority=0
log_err() (
priority=$log_err_priority
log_priority "$priority" || return 0
echo_stderr "$(log_tag $priority)" "${@}" "${RESET}"
)
uname_os_check() (
os=$1
case "$os" in
darwin) return 0 ;;
dragonfly) return 0 ;;
freebsd) return 0 ;;
linux) return 0 ;;
android) return 0 ;;
nacl) return 0 ;;
netbsd) return 0 ;;
openbsd) return 0 ;;
plan9) return 0 ;;
solaris) return 0 ;;
windows) return 0 ;;
esac
log_err "uname_os_check '$(uname -s)' got converted to '$os' which is not a GOOS value. Please file bug at https://github.com/client9/shlib"
return 1
)
uname_arch_check() (
arch=$1
case "$arch" in
386) return 0 ;;
amd64) return 0 ;;
arm64) return 0 ;;
armv5) return 0 ;;
armv6) return 0 ;;
armv7) return 0 ;;
ppc64) return 0 ;;
ppc64le) return 0 ;;
mips) return 0 ;;
mipsle) return 0 ;;
mips64) return 0 ;;
mips64le) return 0 ;;
s390x) return 0 ;;
amd64p32) return 0 ;;
esac
log_err "uname_arch_check '$(uname -m)' got converted to '$arch' which is not a GOARCH value. Please file bug report at https://github.com/client9/shlib"
return 1
)
unpack() (
archive=$1
log_trace "unpack(archive=${archive})"
case "${archive}" in
*.tar.gz | *.tgz) tar --no-same-owner -xzf "${archive}" ;;
*.tar) tar --no-same-owner -xf "${archive}" ;;
*.zip) unzip -q "${archive}" ;;
*.dmg) extract_from_dmg "${archive}" ;;
*)
log_err "unpack unknown archive format for ${archive}"
return 1
;;
esac
)
extract_from_dmg() (
dmg_file=$1
mount_point="/Volumes/tmp-dmg"
hdiutil attach -quiet -nobrowse -mountpoint "${mount_point}" "${dmg_file}"
cp -fR "${mount_point}/." ./
hdiutil detach -quiet -force "${mount_point}"
)
http_download_curl() (
local_file=$1
source_url=$2
header=$3
log_trace "http_download_curl(local_file=$local_file, source_url=$source_url, header=$header)"
if [ -z "$header" ]; then
code=$(curl -w '%{http_code}' -sL -o "$local_file" "$source_url")
else
code=$(curl -w '%{http_code}' -sL -H "$header" -o "$local_file" "$source_url")
fi
if [ "$code" != "200" ]; then
log_err "received HTTP status=$code for url='$source_url'"
return 1
fi
return 0
)
http_download_wget() (
local_file=$1
source_url=$2
header=$3
log_trace "http_download_wget(local_file=$local_file, source_url=$source_url, header=$header)"
if [ -z "$header" ]; then
wget -q -O "$local_file" "$source_url"
else
wget -q --header "$header" -O "$local_file" "$source_url"
fi
)
http_download() (
log_debug "http_download(url=$2)"
if is_command curl; then
http_download_curl "$@"
return
elif is_command wget; then
http_download_wget "$@"
return
fi
log_err "http_download unable to find wget or curl"
return 1
)
http_copy() (
tmp=$(mktemp)
http_download "${tmp}" "$1" "$2" || return 1
body=$(cat "$tmp")
rm -f "${tmp}"
echo "$body"
)
hash_sha256() (
TARGET=${1:-/dev/stdin}
if is_command gsha256sum; then
hash=$(gsha256sum "$TARGET") || return 1
echo "$hash" | cut -d ' ' -f 1
elif is_command sha256sum; then
hash=$(sha256sum "$TARGET") || return 1
echo "$hash" | cut -d ' ' -f 1
elif is_command shasum; then
hash=$(shasum -a 256 "$TARGET" 2>/dev/null) || return 1
echo "$hash" | cut -d ' ' -f 1
elif is_command openssl; then
hash=$(openssl -dst openssl dgst -sha256 "$TARGET") || return 1
echo "$hash" | cut -d ' ' -f a
else
log_err "hash_sha256 unable to find command to compute sha-256 hash"
return 1
fi
)
hash_sha256_verify() (
TARGET=$1
checksums=$2
if [ -z "$checksums" ]; then
log_err "hash_sha256_verify checksum file not specified in arg2"
return 1
fi
BASENAME=${TARGET##*/}
want=$(grep "${BASENAME}" "${checksums}" 2>/dev/null | tr '\t' ' ' | cut -d ' ' -f 1)
if [ -z "$want" ]; then
log_err "hash_sha256_verify unable to find checksum for '${TARGET}' in '${checksums}'"
return 1
fi
got=$(hash_sha256 "$TARGET")
if [ "$want" != "$got" ]; then
log_err "hash_sha256_verify checksum for '$TARGET' did not verify ${want} vs $got"
return 1
fi
)
# ------------------------------------------------------------------------
# End of functions from https://github.com/client9/shlib
# ------------------------------------------------------------------------
# asset_file_exists [path]
#
# returns 1 if the given file does not exist
#
asset_file_exists() (
path="$1"
if [ ! -f "${path}" ]; then
return 1
fi
)
# github_release_json [owner] [repo] [version]
#
# outputs release json string
#
github_release_json() (
owner=$1
repo=$2
version=$3
test -z "$version" && version="latest"
giturl="https://github.com/${owner}/${repo}/releases/${version}"
json=$(http_copy "$giturl" "Accept:application/json")
log_trace "github_release_json(owner=${owner}, repo=${repo}, version=${version}) returned '${json}'"
test -z "$json" && return 1
echo "${json}"
)
# extract_value [key-value-pair]
#
# outputs value from a colon delimited key-value pair
#
extract_value() (
key_value="$1"
IFS=':' read -r _ value << EOF
${key_value}
EOF
echo "$value"
)
# extract_json_value [json] [key]
#
# outputs value of the key from the given json string
#
extract_json_value() (
json="$1"
key="$2"
key_value=$(echo "${json}" | grep -o "\"$key\":[^,]*[,}]" | tr -d '",}')
extract_value "$key_value"
)
# github_release_tag [release-json]
#
# outputs release tag string
#
github_release_tag() (
json="$1"
tag=$(extract_json_value "${json}" "tag_name")
test -z "$tag" && return 1
echo "$tag"
)
# download_github_release_checksums [release-url-prefix] [name] [version] [output-dir]
#
# outputs path to the downloaded checksums file
#
download_github_release_checksums() (
download_url="$1"
name="$2"
version="$3"
output_dir="$4"
log_trace "download_github_release_checksums(url=${download_url}, name=${name}, version=${version}, output_dir=${output_dir})"
checksum_filename=${name}_${version}_checksums.txt
checksum_url=${download_url}/${checksum_filename}
output_path="${output_dir}/${checksum_filename}"
http_download "${output_path}" "${checksum_url}" ""
asset_file_exists "${output_path}"
log_trace "download_github_release_checksums() returned '${output_path}'"
echo "${output_path}"
)
# search_for_asset [checksums-file-path] [name] [os] [arch] [format]
#
# outputs name of the asset to download
#
search_for_asset() (
checksum_path="$1"
name="$2"
os="$3"
arch="$4"
format="$5"
log_trace "search_for_asset(checksum-path=${checksum_path}, name=${name}, os=${os}, arch=${arch}, format=${format})"
asset_glob="${name}_.*_${os}_${arch}.${format}"
output_path=$(grep -o "${asset_glob}" "${checksum_path}" || true)
log_trace "search_for_asset() returned '${output_path}'"
echo "${output_path}"
)
# uname_os
#
# outputs an adjusted os value
#
uname_os() (
os=$(uname -s | tr '[:upper:]' '[:lower:]')
case "$os" in
cygwin_nt*) os="windows" ;;
mingw*) os="windows" ;;
msys_nt*) os="windows" ;;
esac
uname_os_check "$os"
log_trace "uname_os() returned '${os}'"
echo "$os"
)
# uname_arch
#
# outputs an adjusted architecture value
#
uname_arch() (
arch=$(uname -m)
case $arch in
x86_64) arch="amd64" ;;
x86) arch="386" ;;
i686) arch="386" ;;
i386) arch="386" ;;
aarch64) arch="arm64" ;;
armv5*) arch="armv5" ;;
armv6*) arch="armv6" ;;
armv7*) arch="armv7" ;;
esac
uname_arch_check "${arch}"
log_trace "uname_arch() returned '${arch}'"
echo "${arch}"
)
# get_release_tag [owner] [repo] [tag]
#
# outputs tag string
#
get_release_tag() (
owner="$1"
repo="$2"
tag="$3"
log_trace "get_release_tag(owner=${owner}, repo=${repo}, tag=${tag})"
json=$(github_release_json "${owner}" "${repo}" "${tag}")
real_tag=$(github_release_tag "${json}")
if test -z "${real_tag}"; then
return 1
fi
log_trace "get_release_tag() returned '${real_tag}'"
echo "${real_tag}"
)
# tag_to_version [tag]
#
# outputs version string
#
tag_to_version() (
tag="$1"
value="${tag#v}"
log_trace "tag_to_version(tag=${tag}) returned '${value}'"
echo "$value"
)
# get_binary_name [os] [arch] [default-name]
#
# outputs a the binary string name
#
get_binary_name() (
os="$1"
arch="$2"
binary="$3"
original_binary="${binary}"
case "${os}" in
windows) binary="${binary}.exe" ;;
esac
log_trace "get_binary_name(os=${os}, arch=${arch}, binary=${original_binary}) returned '${binary}'"
echo "${binary}"
)
# get_format_name [os] [arch] [default-format]
#
# outputs an adjusted file format
#
get_format_name() (
os="$1"
arch="$2"
format="$3"
original_format="${format}"
case ${os} in
windows) format=zip ;;
esac
log_trace "get_format_name(os=${os}, arch=${arch}, format=${original_format}) returned '${format}'"
echo "${format}"
)
# download_and_install_asset [release-url-prefix] [download-path] [install-path] [name] [os] [arch] [version] [format] [binary]
#
# attempts to download the archive and install it to the given path.
#
download_and_install_asset() (
download_url="$1"
download_path="$2"
install_path=$3
name="$4"
os="$5"
arch="$6"
version="$7"
format="$8"
binary="$9"
asset_filepath=$(download_asset "${download_url}" "${download_path}" "${name}" "${os}" "${arch}" "${version}" "${format}")
# don't continue if we couldn't download an asset
if [ -z "${asset_filepath}" ]; then
log_err "could not find release asset for os='${os}' arch='${arch}' format='${format}' "
return 1
fi
install_asset "${asset_filepath}" "${install_path}" "${binary}"
)
# download_asset [release-url-prefix] [download-path] [name] [os] [arch] [version] [format] [binary]
#
# outputs the path to the downloaded asset asset_filepath
#
download_asset() (
download_url="$1"
destination="$2"
name="$3"
os="$4"
arch="$5"
version="$6"
format="$7"
log_trace "download_asset(url=${download_url}, destination=${destination}, name=${name}, os=${os}, arch=${arch}, version=${version}, format=${format})"
checksums_filepath=$(download_github_release_checksums "${download_url}" "${name}" "${version}" "${destination}")
log_trace "checksums content:\n$(cat ${checksums_filepath})"
asset_filename=$(search_for_asset "${checksums_filepath}" "${name}" "${os}" "${arch}" "${format}")
# don't continue if we couldn't find a matching asset from the checksums file
if [ -z "${asset_filename}" ]; then
return 1
fi
asset_url="${download_url}/${asset_filename}"
asset_filepath="${destination}/${asset_filename}"
http_download "${asset_filepath}" "${asset_url}" ""
hash_sha256_verify "${asset_filepath}" "${checksums_filepath}"
log_trace "download_asset_by_checksums_file() returned '${asset_filepath}'"
echo "${asset_filepath}"
)
# install_asset [asset-path] [destination-path] [binary]
#
install_asset() (
asset_filepath="$1"
destination="$2"
binary="$3"
log_trace "install_asset(asset=${asset_filepath}, destination=${destination}, binary=${binary})"
# don't continue if we don't have anything to install
if [ -z "${asset_filepath}" ]; then
return
fi
archive_dir=$(dirname "${asset_filepath}")
# unarchive the downloaded archive to the temp dir
(cd "${archive_dir}" && unpack "${asset_filepath}")
# create the destination dir
test ! -d "${destination}" && install -d "${destination}"
# install the binary to the destination dir
install "${archive_dir}/${binary}" "${destination}/"
)
main() (
# parse arguments
# note: never change default install directory (this must always be backwards compatible)
install_dir=${install_dir:-./bin}
# note: never change the program flags or arguments (this must always be backwards compatible)
while getopts "b:dh?x" arg; do
case "$arg" in
b) install_dir="$OPTARG" ;;
d)
if [ "$_logp" = "$log_info_priority" ]; then
# -d == debug
log_set_priority $log_debug_priority
else
# -dd (or -ddd...) == trace
log_set_priority $log_trace_priority
fi
;;
h | \?) usage "$0" ;;
x) set -x ;;
esac
done
shift $((OPTIND - 1))
set +u
tag=$1
if [ -z "${tag}" ]; then
log_debug "checking github for the current release tag"
tag=""
else
log_debug "checking github for release tag='${tag}'"
fi
set -u
tag=$(get_release_tag "${OWNER}" "${REPO}" "${tag}")
if [ "$?" != "0" ]; then
log_err "unable to find tag='${tag}'"
log_err "do not specify a version or select a valid version from https://github.com/${OWNER}/${REPO}/releases"
return 1
fi
# run the application
version=$(tag_to_version "${tag}")
os=$(uname_os)
arch=$(uname_arch)
format=$(get_format_name "${os}" "${arch}" "tar.gz")
binary=$(get_binary_name "${os}" "${arch}" "${PROJECT_NAME}")
download_url="${GITHUB_DOWNLOAD_PREFIX}/${tag}"
# we always use the install.sh script that is associated with the tagged release. Why? the latest install.sh is not
# guaranteed to be able to install every version of the application. We use the DOWNLOAD_TAG_INSTALL_SCRIPT env var
# to indicate if we should continue processing with the existing script or to download the script from the given tag.
if [ "${DOWNLOAD_TAG_INSTALL_SCRIPT}" = "true" ]; then
export DOWNLOAD_TAG_INSTALL_SCRIPT=false
log_info "fetching release script for tag='${tag}'"
if ! install_script=$(http_copy "${INSTALL_SH_BASE_URL}/${tag}/install.sh" ""); then
log_warn "failed to fetch from ${INSTALL_SH_BASE_URL}, trying fallback URL"
install_script=$(http_copy "${LEGACY_INSTALL_SH_BASE_URL}/${tag}/install.sh" "")
fi
echo "${install_script}" | sh -s -- ${PROGRAM_ARGS}
exit $?
fi
log_info "using release tag='${tag}' version='${version}' os='${os}' arch='${arch}'"
download_dir=$(mktemp -d)
trap 'rm -rf -- "$download_dir"' EXIT
log_debug "downloading files into ${download_dir}"
download_and_install_asset "${download_url}" "${download_dir}" "${install_dir}" "${PROJECT_NAME}" "${os}" "${arch}" "${version}" "${format}" "${binary}"
# don't continue if we couldn't install the asset
if [ "$?" != "0" ]; then
log_err "failed to install ${PROJECT_NAME}"
return 1
fi
log_info "installed ${install_dir}/${binary}"
)
# entrypoint
set +u
if [ -z "${TEST_INSTALL_SH}" ]; then
set -u
main "$@"
fi
set -u
0707010000004D000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000001500000000grant-0.3.2/internal0707010000004E000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000001900000000grant-0.3.2/internal/bus0707010000004F000081A400000000000000000000000168CB9D6300000221000000000000000000000000000000000000002000000000grant-0.3.2/internal/bus/bus.gopackage bus
import "github.com/wagoodman/go-partybus"
var publisher partybus.Publisher
// Set sets the singleton event bus publisher. This is optional; if no bus is provided, the library will
// behave no differently than if a bus had been provided.
func Set(p partybus.Publisher) {
publisher = p
}
func Get() partybus.Publisher {
return publisher
}
// Publish an event onto the bus. If there is no bus set by the calling application, this does nothing.
func Publish(e partybus.Event) {
if publisher != nil {
publisher.Publish(e)
}
}
07070100000050000081A400000000000000000000000168CB9D63000003F5000000000000000000000000000000000000002400000000grant-0.3.2/internal/bus/helpers.gopackage bus
import (
"github.com/wagoodman/go-partybus"
"github.com/wagoodman/go-progress"
"github.com/anchore/clio"
"github.com/anchore/grant/event"
"github.com/anchore/grant/internal/redact"
)
func Exit() {
Publish(clio.ExitEvent(false))
}
func ExitWithInterrupt() {
Publish(clio.ExitEvent(true))
}
func Report(report string) {
if len(report) == 0 {
return
}
report = redact.Apply(report)
Publish(partybus.Event{
Type: event.CLIReport,
Value: report,
})
}
func Notify(message string) {
Publish(partybus.Event{
Type: event.CLINotification,
Value: message,
})
}
func PublishTask(titles event.Title, context string, total int) *event.ManualStagedProgress {
prog := &event.ManualStagedProgress{
Manual: progress.NewManual(int64(total)),
AtomicStage: progress.NewAtomicStage(""),
}
Publish(partybus.Event{
Type: event.TaskStartedEvent,
Source: event.Task{
Title: titles,
Context: context,
},
Value: progress.StagedProgressable(prog),
})
return prog
}
07070100000051000081A400000000000000000000000168CB9D6300000730000000000000000000000000000000000000001E00000000grant-0.3.2/internal/grant.go// Package internal provides core application constants and metadata.
package internal
import (
"fmt"
"runtime"
)
const (
// ApplicationName is the name of the Grant application.
ApplicationName = "grant"
// NotProvided is the value used when a build variable was not provided
NotProvided = "[not provided]"
)
var (
// Version info populated at build time
version = NotProvided
gitCommit = NotProvided
buildDate = NotProvided
gitDescription = NotProvided
platform = fmt.Sprintf("%s/%s", runtime.GOOS, runtime.GOARCH)
goVersion = runtime.Version()
compiler = runtime.Compiler
)
// BuildInfo holds the application build details
type BuildInfo struct {
Application string
Version string
BuildDate string
GitCommit string
GitDescription string
Platform string
GoVersion string
Compiler string
}
// SetBuildInfo sets build information from main package
func SetBuildInfo(ver, commit, date, desc, goVer string) {
if ver != "" && ver != NotProvided {
version = ver
}
if commit != "" && commit != NotProvided {
gitCommit = commit
}
if date != "" && date != NotProvided {
buildDate = date
}
if desc != "" && desc != NotProvided {
gitDescription = desc
}
if goVer != "" {
goVersion = goVer
}
}
// GetBuildInfo returns the current build information
func GetBuildInfo() BuildInfo {
return BuildInfo{
Application: ApplicationName,
Version: version,
BuildDate: buildDate,
GitCommit: gitCommit,
GitDescription: gitDescription,
Platform: platform,
GoVersion: goVersion,
Compiler: compiler,
}
}
// ApplicationVersion returns the current version for backward compatibility
var ApplicationVersion = func() string {
if version != NotProvided {
return version
}
return "0.0.1"
}()
07070100000052000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000001B00000000grant-0.3.2/internal/input07070100000053000081A400000000000000000000000168CB9D63000006C2000000000000000000000000000000000000002400000000grant-0.3.2/internal/input/input.gopackage input
import (
"bytes"
"fmt"
"io"
"os"
"path/filepath"
"github.com/mitchellh/go-homedir"
"github.com/pkg/errors"
)
// IsStdinPipeOrRedirect returns true if stdin is provided via pipe or redirect
func IsStdinPipeOrRedirect() (bool, error) {
fi, err := os.Stdin.Stat()
if err != nil {
return false, fmt.Errorf("unable to determine if there is piped input: %w", err)
}
// note: we should NOT use the absence of a character device here as the hint that there may be input expected
// on stdin, as running grant as a subprocess you would expect no character device to be present but input can
// be from either stdin or indicated by the CLI. Checking if stdin is a pipe is the most direct way to determine
// if there *may* be bytes that will show up on stdin that should be used for the analysis source.
return fi.Mode()&os.ModeNamedPipe != 0 || fi.Size() > 0, nil
}
func GetReader(src string) (io.ReadSeeker, error) {
switch src {
case "-":
return decodeStdin(os.Stdin)
default:
fileLocation, err := homedir.Expand(src)
if err != nil {
return nil, errors.Wrap(err, fmt.Sprintf("could not check licenses; could not expand path: %s ", src))
}
reader, err := os.Open(filepath.Clean(fileLocation))
if err != nil {
return nil, errors.Wrap(err, fmt.Sprintf("could not check licenses; could not open file: %s ", fileLocation))
}
return reader, nil
}
}
func decodeStdin(r io.Reader) (io.ReadSeeker, error) {
b, err := io.ReadAll(r)
if err != nil {
return nil, fmt.Errorf("failed reading stdin: %w", err)
}
reader := bytes.NewReader(b)
_, err = reader.Seek(0, io.SeekStart)
if err != nil {
return nil, fmt.Errorf("failed to parse stdin: %w", err)
}
return reader, nil
}
07070100000054000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000002500000000grant-0.3.2/internal/licensepatterns07070100000055000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000002E00000000grant-0.3.2/internal/licensepatterns/generate07070100000056000081A400000000000000000000000168CB9D63000007C1000000000000000000000000000000000000004300000000grant-0.3.2/internal/licensepatterns/generate/generate_patterns.go//go:generate go run generate_patterns.go
package main
import (
"fmt"
"os"
"strings"
"text/template"
"time"
"github.com/anchore/grant/internal/spdxlicense"
)
const (
generates = "../patterns.go"
)
var commonCase = []string{
"LICENSE",
"LICENSE.*",
"LICENCE",
"LICENCE.*",
"COPYING",
"COPYING.*",
"NOTICE",
"NOTICE.*",
}
var codeTemplate = template.Must(template.New("patterns.go").Parse(`// Code generated by internal/licensepatterns/generate/generate_patterns.go; DO NOT EDIT.
// This file was generated by go generate; DO NOT EDIT; {{ .Timestamp }}
package licensepatterns
// Patterns contains all license file patterns used for searching
var Patterns = []string{
{{- range .Patterns }}
{{ printf "%q" . }},
{{- end }}
}
`))
func main() {
if err := generate(); err != nil {
fmt.Println(err)
os.Exit(1)
}
fmt.Println("generated", generates)
}
func generate() error {
patterns := generateLicensePatterns()
if err := os.Remove(generates); err != nil && !os.IsNotExist(err) {
fmt.Println("Error deleting existing file:", err)
return err
}
f, err := os.Create(generates)
if err != nil {
return err
}
defer func() { _ = f.Close() }()
return codeTemplate.Execute(f, struct {
Timestamp string
Patterns []string
}{
Timestamp: time.Now().UTC().Format(time.RFC3339),
Patterns: patterns,
})
}
// generateLicensePatterns creates file patterns based on SPDX license IDs
func generateLicensePatterns() []string {
patterns := make([]string, 0)
// Add common patterns
patterns = append(patterns, commonCase...)
// Get all SPDX license keys and create patterns
licenseKeys := spdxlicense.GetAllLicenseKeys()
for _, key := range licenseKeys {
// Create case-insensitive patterns for each license ID
// e.g., "gpl-3.0" becomes patterns for GPL-3.0, gpl-3.0, etc.
upper := strings.ToUpper(key)
patterns = append(patterns,
fmt.Sprintf("*%s*", upper),
fmt.Sprintf("*%s*", key),
upper,
key,
)
}
return patterns
}
07070100000057000081A400000000000000000000000168CB9D630000BDA3000000000000000000000000000000000000003100000000grant-0.3.2/internal/licensepatterns/patterns.go// Code generated by internal/licensepatterns/generate/generate_patterns.go; DO NOT EDIT.
// This file was generated by go generate; DO NOT EDIT; 2025-09-16T05:50:11Z
package licensepatterns
// Patterns contains all license file patterns used for searching
var Patterns = []string{
"LICENSE",
"LICENSE.*",
"LICENCE",
"LICENCE.*",
"COPYING",
"COPYING.*",
"NOTICE",
"NOTICE.*",
"*HPND-SELL-REGEXPR*",
"*hpnd-sell-regexpr*",
"HPND-SELL-REGEXPR",
"hpnd-sell-regexpr",
"*CLARTISTIC*",
"*clartistic*",
"CLARTISTIC",
"clartistic",
"*OLDAP-1.4*",
"*oldap-1.4*",
"OLDAP-1.4",
"oldap-1.4",
"*CMU-MACH*",
"*cmu-mach*",
"CMU-MACH",
"cmu-mach",
"*NLOD-1.0*",
"*nlod-1.0*",
"NLOD-1.0",
"nlod-1.0",
"*CC-BY-SA-3.0-IGO*",
"*cc-by-sa-3.0-igo*",
"CC-BY-SA-3.0-IGO",
"cc-by-sa-3.0-igo",
"*UNICODE-TOU*",
"*unicode-tou*",
"UNICODE-TOU",
"unicode-tou",
"*PARITY-6.0.0*",
"*parity-6.0.0*",
"PARITY-6.0.0",
"parity-6.0.0",
"*CERN-OHL-1.2*",
"*cern-ohl-1.2*",
"CERN-OHL-1.2",
"cern-ohl-1.2",
"*GPL-3.0-OR-LATER*",
"*gpl-3.0-or-later*",
"GPL-3.0-OR-LATER",
"gpl-3.0-or-later",
"*BEERWARE*",
"*beerware*",
"BEERWARE",
"beerware",
"*MIT-WU*",
"*mit-wu*",
"MIT-WU",
"mit-wu",
"*OLDAP-2.3*",
"*oldap-2.3*",
"OLDAP-2.3",
"oldap-2.3",
"*CC-BY-3.0*",
"*cc-by-3.0*",
"CC-BY-3.0",
"cc-by-3.0",
"*MMIXWARE*",
"*mmixware*",
"MMIXWARE",
"mmixware",
"*NGREP*",
"*ngrep*",
"NGREP",
"ngrep",
"*BITTORRENT-1.0*",
"*bittorrent-1.0*",
"BITTORRENT-1.0",
"bittorrent-1.0",
"*APSL-1.2*",
"*apsl-1.2*",
"APSL-1.2",
"apsl-1.2",
"*ZPL-2.1*",
"*zpl-2.1*",
"ZPL-2.1",
"zpl-2.1",
"*IPA*",
"*ipa*",
"IPA",
"ipa",
"*ZED*",
"*zed*",
"ZED",
"zed",
"*BSD-2-CLAUSE-NETBSD*",
"*bsd-2-clause-netbsd*",
"BSD-2-CLAUSE-NETBSD",
"bsd-2-clause-netbsd",
"*FERGUSON-TWOFISH*",
"*ferguson-twofish*",
"FERGUSON-TWOFISH",
"ferguson-twofish",
"*TU-BERLIN-2.0*",
"*tu-berlin-2.0*",
"TU-BERLIN-2.0",
"tu-berlin-2.0",
"*SUN-PPP*",
"*sun-ppp*",
"SUN-PPP",
"sun-ppp",
"*NGPL*",
"*ngpl*",
"NGPL",
"ngpl",
"*CC-BY-NC-SA-2.0*",
"*cc-by-nc-sa-2.0*",
"CC-BY-NC-SA-2.0",
"cc-by-nc-sa-2.0",
"*SWRULE*",
"*swrule*",
"SWRULE",
"swrule",
"*XLOCK*",
"*xlock*",
"XLOCK",
"xlock",
"*BSD-2-CLAUSE*",
"*bsd-2-clause*",
"BSD-2-CLAUSE",
"bsd-2-clause",
"*YPL-1.1*",
"*ypl-1.1*",
"YPL-1.1",
"ypl-1.1",
"*ADOBE-DISPLAY-POSTSCRIPT*",
"*adobe-display-postscript*",
"ADOBE-DISPLAY-POSTSCRIPT",
"adobe-display-postscript",
"*BCRYPT-SOLAR-DESIGNER*",
"*bcrypt-solar-designer*",
"BCRYPT-SOLAR-DESIGNER",
"bcrypt-solar-designer",
"*LOOP*",
"*loop*",
"LOOP",
"loop",
"*OAR*",
"*oar*",
"OAR",
"oar",
"*GFDL-1.1-ONLY*",
"*gfdl-1.1-only*",
"GFDL-1.1-ONLY",
"gfdl-1.1-only",
"*NPL-1.1*",
"*npl-1.1*",
"NPL-1.1",
"npl-1.1",
"*BSD-3-CLAUSE*",
"*bsd-3-clause*",
"BSD-3-CLAUSE",
"bsd-3-clause",
"*SHL-0.51*",
"*shl-0.51*",
"SHL-0.51",
"shl-0.51",
"*SENDMAIL-OPEN-SOURCE-1.1*",
"*sendmail-open-source-1.1*",
"SENDMAIL-OPEN-SOURCE-1.1",
"sendmail-open-source-1.1",
"*APSL-1.1*",
"*apsl-1.1*",
"APSL-1.1",
"apsl-1.1",
"*UMICH-MERIT*",
"*umich-merit*",
"UMICH-MERIT",
"umich-merit",
"*HIPPOCRATIC-2.1*",
"*hippocratic-2.1*",
"HIPPOCRATIC-2.1",
"hippocratic-2.1",
"*LAL-1.2*",
"*lal-1.2*",
"LAL-1.2",
"lal-1.2",
"*HPND-INTEL*",
"*hpnd-intel*",
"HPND-INTEL",
"hpnd-intel",
"*ETALAB-2.0*",
"*etalab-2.0*",
"ETALAB-2.0",
"etalab-2.0",
"*TPL-1.0*",
"*tpl-1.0*",
"TPL-1.0",
"tpl-1.0",
"*ADOBE-UTOPIA*",
"*adobe-utopia*",
"ADOBE-UTOPIA",
"adobe-utopia",
"*SPENCER-99*",
"*spencer-99*",
"SPENCER-99",
"spencer-99",
"*NEWSLETR*",
"*newsletr*",
"NEWSLETR",
"newsletr",
"*LINUX-MAN-PAGES-COPYLEFT*",
"*linux-man-pages-copyleft*",
"LINUX-MAN-PAGES-COPYLEFT",
"linux-man-pages-copyleft",
"*CC-BY-NC-SA-2.5*",
"*cc-by-nc-sa-2.5*",
"CC-BY-NC-SA-2.5",
"cc-by-nc-sa-2.5",
"*CERN-OHL-P-2.0*",
"*cern-ohl-p-2.0*",
"CERN-OHL-P-2.0",
"cern-ohl-p-2.0",
"*OSL-1.1*",
"*osl-1.1*",
"OSL-1.1",
"osl-1.1",
"*AFL-1.2*",
"*afl-1.2*",
"AFL-1.2",
"afl-1.2",
"*GIFTWARE*",
"*giftware*",
"GIFTWARE",
"giftware",
"*HP-1989*",
"*hp-1989*",
"HP-1989",
"hp-1989",
"*LILIQ-P-1.1*",
"*liliq-p-1.1*",
"LILIQ-P-1.1",
"liliq-p-1.1",
"*COPYLEFT-NEXT-0.3.1*",
"*copyleft-next-0.3.1*",
"COPYLEFT-NEXT-0.3.1",
"copyleft-next-0.3.1",
"*PDDL-1.0*",
"*pddl-1.0*",
"PDDL-1.0",
"pddl-1.0",
"*OPENPBS-2.3*",
"*openpbs-2.3*",
"OPENPBS-2.3",
"openpbs-2.3",
"*NCL*",
"*ncl*",
"NCL",
"ncl",
"*HTMLTIDY*",
"*htmltidy*",
"HTMLTIDY",
"htmltidy",
"*SSH-SHORT*",
"*ssh-short*",
"SSH-SHORT",
"ssh-short",
"*AFMPARSE*",
"*afmparse*",
"AFMPARSE",
"afmparse",
"*X11-SWAPPED*",
"*x11-swapped*",
"X11-SWAPPED",
"x11-swapped",
"*YPL-1.0*",
"*ypl-1.0*",
"YPL-1.0",
"ypl-1.0",
"*EUROSYM*",
"*eurosym*",
"EUROSYM",
"eurosym",
"*FTL*",
"*ftl*",
"FTL",
"ftl",
"*NTIA-PD*",
"*ntia-pd*",
"NTIA-PD",
"ntia-pd",
"*BSD-2-CLAUSE-DARWIN*",
"*bsd-2-clause-darwin*",
"BSD-2-CLAUSE-DARWIN",
"bsd-2-clause-darwin",
"*OGL-UK-1.0*",
"*ogl-uk-1.0*",
"OGL-UK-1.0",
"ogl-uk-1.0",
"*GPL-1.0+*",
"*gpl-1.0+*",
"GPL-1.0+",
"gpl-1.0+",
"*FSFULLRWD*",
"*fsfullrwd*",
"FSFULLRWD",
"fsfullrwd",
"*INNER-NET-2.0*",
"*inner-net-2.0*",
"INNER-NET-2.0",
"inner-net-2.0",
"*SGP4*",
"*sgp4*",
"SGP4",
"sgp4",
"*VOSTROM*",
"*vostrom*",
"VOSTROM",
"vostrom",
"*OLDAP-2.0*",
"*oldap-2.0*",
"OLDAP-2.0",
"oldap-2.0",
"*AGPL-1.0*",
"*agpl-1.0*",
"AGPL-1.0",
"agpl-1.0",
"*CC-SA-1.0*",
"*cc-sa-1.0*",
"CC-SA-1.0",
"cc-sa-1.0",
"*SHL-0.5*",
"*shl-0.5*",
"SHL-0.5",
"shl-0.5",
"*CC-BY-NC-SA-3.0-DE*",
"*cc-by-nc-sa-3.0-de*",
"CC-BY-NC-SA-3.0-DE",
"cc-by-nc-sa-3.0-de",
"*LEPTONICA*",
"*leptonica*",
"LEPTONICA",
"leptonica",
"*CHECK-CVS*",
"*check-cvs*",
"CHECK-CVS",
"check-cvs",
"*CDLA-PERMISSIVE-2.0*",
"*cdla-permissive-2.0*",
"CDLA-PERMISSIVE-2.0",
"cdla-permissive-2.0",
"*BITTORRENT-1.1*",
"*bittorrent-1.1*",
"BITTORRENT-1.1",
"bittorrent-1.1",
"*CC-BY-NC-ND-3.0-IGO*",
"*cc-by-nc-nd-3.0-igo*",
"CC-BY-NC-ND-3.0-IGO",
"cc-by-nc-nd-3.0-igo",
"*UCL-1.0*",
"*ucl-1.0*",
"UCL-1.0",
"ucl-1.0",
"*XFREE86-1.1*",
"*xfree86-1.1*",
"XFREE86-1.1",
"xfree86-1.1",
"*DEC-3-CLAUSE*",
"*dec-3-clause*",
"DEC-3-CLAUSE",
"dec-3-clause",
"*OLDAP-2.2.1*",
"*oldap-2.2.1*",
"OLDAP-2.2.1",
"oldap-2.2.1",
"*LPPL-1.1*",
"*lppl-1.1*",
"LPPL-1.1",
"lppl-1.1",
"*SSH-OPENSSH*",
"*ssh-openssh*",
"SSH-OPENSSH",
"ssh-openssh",
"*MIT-KHRONOS-OLD*",
"*mit-khronos-old*",
"MIT-KHRONOS-OLD",
"mit-khronos-old",
"*APSL-2.0*",
"*apsl-2.0*",
"APSL-2.0",
"apsl-2.0",
"*CC-BY-3.0-AU*",
"*cc-by-3.0-au*",
"CC-BY-3.0-AU",
"cc-by-3.0-au",
"*ARTISTIC-1.0-PERL*",
"*artistic-1.0-perl*",
"ARTISTIC-1.0-PERL",
"artistic-1.0-perl",
"*TMATE*",
"*tmate*",
"TMATE",
"tmate",
"*BRIAN-GLADMAN-2-CLAUSE*",
"*brian-gladman-2-clause*",
"BRIAN-GLADMAN-2-CLAUSE",
"brian-gladman-2-clause",
"*MIT-CMU*",
"*mit-cmu*",
"MIT-CMU",
"mit-cmu",
"*ADACORE-DOC*",
"*adacore-doc*",
"ADACORE-DOC",
"adacore-doc",
"*HPND-SELL-MIT-DISCLAIMER-XSERVER*",
"*hpnd-sell-mit-disclaimer-xserver*",
"HPND-SELL-MIT-DISCLAIMER-XSERVER",
"hpnd-sell-mit-disclaimer-xserver",
"*CECILL-2.0*",
"*cecill-2.0*",
"CECILL-2.0",
"cecill-2.0",
"*MIT-OPEN-GROUP*",
"*mit-open-group*",
"MIT-OPEN-GROUP",
"mit-open-group",
"*GLWTPL*",
"*glwtpl*",
"GLWTPL",
"glwtpl",
"*FSFUL*",
"*fsful*",
"FSFUL",
"fsful",
"*SL*",
"*sl*",
"SL",
"sl",
"*ZLIB*",
"*zlib*",
"ZLIB",
"zlib",
"*ALADDIN*",
"*aladdin*",
"ALADDIN",
"aladdin",
"*SMAIL-GPL*",
"*smail-gpl*",
"SMAIL-GPL",
"smail-gpl",
"*IPL-1.0*",
"*ipl-1.0*",
"IPL-1.0",
"ipl-1.0",
"*NIST-PD-FALLBACK*",
"*nist-pd-fallback*",
"NIST-PD-FALLBACK",
"nist-pd-fallback",
"*SAX-PD*",
"*sax-pd*",
"SAX-PD",
"sax-pd",
"*QPL-1.0-INRIA-2004*",
"*qpl-1.0-inria-2004*",
"QPL-1.0-INRIA-2004",
"qpl-1.0-inria-2004",
"*CC-BY-ND-1.0*",
"*cc-by-nd-1.0*",
"CC-BY-ND-1.0",
"cc-by-nd-1.0",
"*GPL-2.0+*",
"*gpl-2.0+*",
"GPL-2.0+",
"gpl-2.0+",
"*XSKAT*",
"*xskat*",
"XSKAT",
"xskat",
"*SPENCER-94*",
"*spencer-94*",
"SPENCER-94",
"spencer-94",
"*BSD-SYSTEMICS*",
"*bsd-systemics*",
"BSD-SYSTEMICS",
"bsd-systemics",
"*QPL-1.0*",
"*qpl-1.0*",
"QPL-1.0",
"qpl-1.0",
"*MPLUS*",
"*mplus*",
"MPLUS",
"mplus",
"*ISC*",
"*isc*",
"ISC",
"isc",
"*CC-BY-NC-SA-4.0*",
"*cc-by-nc-sa-4.0*",
"CC-BY-NC-SA-4.0",
"cc-by-nc-sa-4.0",
"*INTEL*",
"*intel*",
"INTEL",
"intel",
"*LATEX2E-TRANSLATED-NOTICE*",
"*latex2e-translated-notice*",
"LATEX2E-TRANSLATED-NOTICE",
"latex2e-translated-notice",
"*ODC-BY-1.0*",
"*odc-by-1.0*",
"ODC-BY-1.0",
"odc-by-1.0",
"*GFDL-1.1-OR-LATER*",
"*gfdl-1.1-or-later*",
"GFDL-1.1-OR-LATER",
"gfdl-1.1-or-later",
"*FSFULLR*",
"*fsfullr*",
"FSFULLR",
"fsfullr",
"*CPL-1.0*",
"*cpl-1.0*",
"CPL-1.0",
"cpl-1.0",
"*BSD-4-CLAUSE-UC*",
"*bsd-4-clause-uc*",
"BSD-4-CLAUSE-UC",
"bsd-4-clause-uc",
"*SCHEMEREPORT*",
"*schemereport*",
"SCHEMEREPORT",
"schemereport",
"*MPICH2*",
"*mpich2*",
"MPICH2",
"mpich2",
"*MIT-CLICK*",
"*mit-click*",
"MIT-CLICK",
"mit-click",
"*CC-BY-1.0*",
"*cc-by-1.0*",
"CC-BY-1.0",
"cc-by-1.0",
"*DL-DE-ZERO-2.0*",
"*dl-de-zero-2.0*",
"DL-DE-ZERO-2.0",
"dl-de-zero-2.0",
"*BAHYPH*",
"*bahyph*",
"BAHYPH",
"bahyph",
"*LINUX-OPENIB*",
"*linux-openib*",
"LINUX-OPENIB",
"linux-openib",
"*COIL-1.0*",
"*coil-1.0*",
"COIL-1.0",
"coil-1.0",
"*ZLIB-ACKNOWLEDGEMENT*",
"*zlib-acknowledgement*",
"ZLIB-ACKNOWLEDGEMENT",
"zlib-acknowledgement",
"*HPND-SELL-VARIANT-MIT-DISCLAIMER-REV*",
"*hpnd-sell-variant-mit-disclaimer-rev*",
"HPND-SELL-VARIANT-MIT-DISCLAIMER-REV",
"hpnd-sell-variant-mit-disclaimer-rev",
"*BSD-SYSTEMICS-W3WORKS*",
"*bsd-systemics-w3works*",
"BSD-SYSTEMICS-W3WORKS",
"bsd-systemics-w3works",
"*CDLA-PERMISSIVE-1.0*",
"*cdla-permissive-1.0*",
"CDLA-PERMISSIVE-1.0",
"cdla-permissive-1.0",
"*SGI-B-2.0*",
"*sgi-b-2.0*",
"SGI-B-2.0",
"sgi-b-2.0",
"*LUCIDA-BITMAP-FONTS*",
"*lucida-bitmap-fonts*",
"LUCIDA-BITMAP-FONTS",
"lucida-bitmap-fonts",
"*HPND-EXPORT2-US*",
"*hpnd-export2-us*",
"HPND-EXPORT2-US",
"hpnd-export2-us",
"*EPICS*",
"*epics*",
"EPICS",
"epics",
"*MIT-MODERN-VARIANT*",
"*mit-modern-variant*",
"MIT-MODERN-VARIANT",
"mit-modern-variant",
"*LIBPNG-1.6.35*",
"*libpng-1.6.35*",
"LIBPNG-1.6.35",
"libpng-1.6.35",
"*FSFAP-NO-WARRANTY-DISCLAIMER*",
"*fsfap-no-warranty-disclaimer*",
"FSFAP-NO-WARRANTY-DISCLAIMER",
"fsfap-no-warranty-disclaimer",
"*CC-BY-SA-2.5*",
"*cc-by-sa-2.5*",
"CC-BY-SA-2.5",
"cc-by-sa-2.5",
"*AGPL-3.0-ONLY*",
"*agpl-3.0-only*",
"AGPL-3.0-ONLY",
"agpl-3.0-only",
"*XPP*",
"*xpp*",
"XPP",
"xpp",
"*PSUTILS*",
"*psutils*",
"PSUTILS",
"psutils",
"*SGI-OPENGL*",
"*sgi-opengl*",
"SGI-OPENGL",
"sgi-opengl",
"*TU-BERLIN-1.0*",
"*tu-berlin-1.0*",
"TU-BERLIN-1.0",
"tu-berlin-1.0",
"*SIMPL-2.0*",
"*simpl-2.0*",
"SIMPL-2.0",
"simpl-2.0",
"*BSD-3-CLAUSE-NO-NUCLEAR-WARRANTY*",
"*bsd-3-clause-no-nuclear-warranty*",
"BSD-3-CLAUSE-NO-NUCLEAR-WARRANTY",
"bsd-3-clause-no-nuclear-warranty",
"*LGPL-2.0-OR-LATER*",
"*lgpl-2.0-or-later*",
"LGPL-2.0-OR-LATER",
"lgpl-2.0-or-later",
"*APL-1.0*",
"*apl-1.0*",
"APL-1.0",
"apl-1.0",
"*TORQUE-1.1*",
"*torque-1.1*",
"TORQUE-1.1",
"torque-1.1",
"*CC-BY-SA-4.0*",
"*cc-by-sa-4.0*",
"CC-BY-SA-4.0",
"cc-by-sa-4.0",
"*CAL-1.0*",
"*cal-1.0*",
"CAL-1.0",
"cal-1.0",
"*KASTRUP*",
"*kastrup*",
"KASTRUP",
"kastrup",
"*SLEEPYCAT*",
"*sleepycat*",
"SLEEPYCAT",
"sleepycat",
"*BLUEOAK-1.0.0*",
"*blueoak-1.0.0*",
"BLUEOAK-1.0.0",
"blueoak-1.0.0",
"*POLYFORM-NONCOMMERCIAL-1.0.0*",
"*polyform-noncommercial-1.0.0*",
"POLYFORM-NONCOMMERCIAL-1.0.0",
"polyform-noncommercial-1.0.0",
"*FAIR*",
"*fair*",
"FAIR",
"fair",
"*BSD-3-CLAUSE-NO-NUCLEAR-LICENSE-2014*",
"*bsd-3-clause-no-nuclear-license-2014*",
"BSD-3-CLAUSE-NO-NUCLEAR-LICENSE-2014",
"bsd-3-clause-no-nuclear-license-2014",
"*CC-BY-NC-SA-2.0-DE*",
"*cc-by-nc-sa-2.0-de*",
"CC-BY-NC-SA-2.0-DE",
"cc-by-nc-sa-2.0-de",
"*OGL-UK-2.0*",
"*ogl-uk-2.0*",
"OGL-UK-2.0",
"ogl-uk-2.0",
"*CDLA-SHARING-1.0*",
"*cdla-sharing-1.0*",
"CDLA-SHARING-1.0",
"cdla-sharing-1.0",
"*LPD-DOCUMENT*",
"*lpd-document*",
"LPD-DOCUMENT",
"lpd-document",
"*SUN-PPP-2000*",
"*sun-ppp-2000*",
"SUN-PPP-2000",
"sun-ppp-2000",
"*OLDAP-1.2*",
"*oldap-1.2*",
"OLDAP-1.2",
"oldap-1.2",
"*WTFPL*",
"*wtfpl*",
"WTFPL",
"wtfpl",
"*NBPL-1.0*",
"*nbpl-1.0*",
"NBPL-1.0",
"nbpl-1.0",
"*BSD-ATTRIBUTION-HPND-DISCLAIMER*",
"*bsd-attribution-hpnd-disclaimer*",
"BSD-ATTRIBUTION-HPND-DISCLAIMER",
"bsd-attribution-hpnd-disclaimer",
"*PYTHON-2.0.1*",
"*python-2.0.1*",
"PYTHON-2.0.1",
"python-2.0.1",
"*LGPL-3.0-ONLY*",
"*lgpl-3.0-only*",
"LGPL-3.0-ONLY",
"lgpl-3.0-only",
"*BSD-3-CLAUSE-LBNL*",
"*bsd-3-clause-lbnl*",
"BSD-3-CLAUSE-LBNL",
"bsd-3-clause-lbnl",
"*BSD-PROTECTION*",
"*bsd-protection*",
"BSD-PROTECTION",
"bsd-protection",
"*W3C-19980720*",
"*w3c-19980720*",
"W3C-19980720",
"w3c-19980720",
"*STANDARDML-NJ*",
"*standardml-nj*",
"STANDARDML-NJ",
"standardml-nj",
"*UNLICENSE-LIBWHIRLPOOL*",
"*unlicense-libwhirlpool*",
"UNLICENSE-LIBWHIRLPOOL",
"unlicense-libwhirlpool",
"*TRUSTEDQSL*",
"*trustedqsl*",
"TRUSTEDQSL",
"trustedqsl",
"*GPL-2.0-OR-LATER*",
"*gpl-2.0-or-later*",
"GPL-2.0-OR-LATER",
"gpl-2.0-or-later",
"*HPND-MERCHANTABILITY-VARIANT*",
"*hpnd-merchantability-variant*",
"HPND-MERCHANTABILITY-VARIANT",
"hpnd-merchantability-variant",
"*GFDL-1.2*",
"*gfdl-1.2*",
"GFDL-1.2",
"gfdl-1.2",
"*THIRDEYE*",
"*thirdeye*",
"THIRDEYE",
"thirdeye",
"*MCPHEE-SLIDESHOW*",
"*mcphee-slideshow*",
"MCPHEE-SLIDESHOW",
"mcphee-slideshow",
"*MPL-2.0*",
"*mpl-2.0*",
"MPL-2.0",
"mpl-2.0",
"*BSD-2-CLAUSE-FREEBSD*",
"*bsd-2-clause-freebsd*",
"BSD-2-CLAUSE-FREEBSD",
"bsd-2-clause-freebsd",
"*LGPL-3.0*",
"*lgpl-3.0*",
"LGPL-3.0",
"lgpl-3.0",
"*EUDATAGRID*",
"*eudatagrid*",
"EUDATAGRID",
"eudatagrid",
"*CERN-OHL-1.1*",
"*cern-ohl-1.1*",
"CERN-OHL-1.1",
"cern-ohl-1.1",
"*CECILL-B*",
"*cecill-b*",
"CECILL-B",
"cecill-b",
"*XINETD*",
"*xinetd*",
"XINETD",
"xinetd",
"*SISSL-1.2*",
"*sissl-1.2*",
"SISSL-1.2",
"sissl-1.2",
"*LPL-1.02*",
"*lpl-1.02*",
"LPL-1.02",
"lpl-1.02",
"*GFDL-1.2-OR-LATER*",
"*gfdl-1.2-or-later*",
"GFDL-1.2-OR-LATER",
"gfdl-1.2-or-later",
"*BSD-2-CLAUSE-FIRST-LINES*",
"*bsd-2-clause-first-lines*",
"BSD-2-CLAUSE-FIRST-LINES",
"bsd-2-clause-first-lines",
"*CC-PDM-1.0*",
"*cc-pdm-1.0*",
"CC-PDM-1.0",
"cc-pdm-1.0",
"*JOVE*",
"*jove*",
"JOVE",
"jove",
"*OLDAP-2.2*",
"*oldap-2.2*",
"OLDAP-2.2",
"oldap-2.2",
"*CATOSL-1.1*",
"*catosl-1.1*",
"CATOSL-1.1",
"catosl-1.1",
"*BORCEUX*",
"*borceux*",
"BORCEUX",
"borceux",
"*FSFAP*",
"*fsfap*",
"FSFAP",
"fsfap",
"*NLOD-2.0*",
"*nlod-2.0*",
"NLOD-2.0",
"nlod-2.0",
"*MS-PL*",
"*ms-pl*",
"MS-PL",
"ms-pl",
"*RDISC*",
"*rdisc*",
"RDISC",
"rdisc",
"*BITSTREAM-CHARTER*",
"*bitstream-charter*",
"BITSTREAM-CHARTER",
"bitstream-charter",
"*X11-DISTRIBUTE-MODIFICATIONS-VARIANT*",
"*x11-distribute-modifications-variant*",
"X11-DISTRIBUTE-MODIFICATIONS-VARIANT",
"x11-distribute-modifications-variant",
"*GD*",
"*gd*",
"GD",
"gd",
"*MULTICS*",
"*multics*",
"MULTICS",
"multics",
"*GFDL-1.2-NO-INVARIANTS-ONLY*",
"*gfdl-1.2-no-invariants-only*",
"GFDL-1.2-NO-INVARIANTS-ONLY",
"gfdl-1.2-no-invariants-only",
"*OGDL-TAIWAN-1.0*",
"*ogdl-taiwan-1.0*",
"OGDL-TAIWAN-1.0",
"ogdl-taiwan-1.0",
"*WATCOM-1.0*",
"*watcom-1.0*",
"WATCOM-1.0",
"watcom-1.0",
"*XDEBUG-1.03*",
"*xdebug-1.03*",
"XDEBUG-1.03",
"xdebug-1.03",
"*EPL-1.0*",
"*epl-1.0*",
"EPL-1.0",
"epl-1.0",
"*OPL-1.0*",
"*opl-1.0*",
"OPL-1.0",
"opl-1.0",
"*OFL-1.0-RFN*",
"*ofl-1.0-rfn*",
"OFL-1.0-RFN",
"ofl-1.0-rfn",
"*BSD-4-CLAUSE-SHORTENED*",
"*bsd-4-clause-shortened*",
"BSD-4-CLAUSE-SHORTENED",
"bsd-4-clause-shortened",
"*NAUMEN*",
"*naumen*",
"NAUMEN",
"naumen",
"*FWLW*",
"*fwlw*",
"FWLW",
"fwlw",
"*GSOAP-1.3B*",
"*gsoap-1.3b*",
"GSOAP-1.3B",
"gsoap-1.3b",
"*SENDMAIL-8.23*",
"*sendmail-8.23*",
"SENDMAIL-8.23",
"sendmail-8.23",
"*PHP-3.0*",
"*php-3.0*",
"PHP-3.0",
"php-3.0",
"*MAKEINDEX*",
"*makeindex*",
"MAKEINDEX",
"makeindex",
"*INNOSETUP*",
"*innosetup*",
"INNOSETUP",
"innosetup",
"*CHECKMK*",
"*checkmk*",
"CHECKMK",
"checkmk",
"*APACHE-2.0*",
"*apache-2.0*",
"APACHE-2.0",
"apache-2.0",
"*OLDAP-2.5*",
"*oldap-2.5*",
"OLDAP-2.5",
"oldap-2.5",
"*FSFULLRSD*",
"*fsfullrsd*",
"FSFULLRSD",
"fsfullrsd",
"*CC-BY-NC-ND-1.0*",
"*cc-by-nc-nd-1.0*",
"CC-BY-NC-ND-1.0",
"cc-by-nc-nd-1.0",
"*GPL-3.0-WITH-AUTOCONF-EXCEPTION*",
"*gpl-3.0-with-autoconf-exception*",
"GPL-3.0-WITH-AUTOCONF-EXCEPTION",
"gpl-3.0-with-autoconf-exception",
"*ADSL*",
"*adsl*",
"ADSL",
"adsl",
"*SMLNJ*",
"*smlnj*",
"SMLNJ",
"smlnj",
"*ASPELL-RU*",
"*aspell-ru*",
"ASPELL-RU",
"aspell-ru",
"*MULANPSL-1.0*",
"*mulanpsl-1.0*",
"MULANPSL-1.0",
"mulanpsl-1.0",
"*APACHE-1.0*",
"*apache-1.0*",
"APACHE-1.0",
"apache-1.0",
"*GFDL-1.3-INVARIANTS-OR-LATER*",
"*gfdl-1.3-invariants-or-later*",
"GFDL-1.3-INVARIANTS-OR-LATER",
"gfdl-1.3-invariants-or-later",
"*ADOBE-2006*",
"*adobe-2006*",
"ADOBE-2006",
"adobe-2006",
"*SSPL-1.0*",
"*sspl-1.0*",
"SSPL-1.0",
"sspl-1.0",
"*HPND-SELL-VARIANT*",
"*hpnd-sell-variant*",
"HPND-SELL-VARIANT",
"hpnd-sell-variant",
"*CRONYX*",
"*cronyx*",
"CRONYX",
"cronyx",
"*CC-BY-NC-2.5*",
"*cc-by-nc-2.5*",
"CC-BY-NC-2.5",
"cc-by-nc-2.5",
"*GFDL-1.3-NO-INVARIANTS-OR-LATER*",
"*gfdl-1.3-no-invariants-or-later*",
"GFDL-1.3-NO-INVARIANTS-OR-LATER",
"gfdl-1.3-no-invariants-or-later",
"*EFL-1.0*",
"*efl-1.0*",
"EFL-1.0",
"efl-1.0",
"*CC-BY-NC-SA-3.0*",
"*cc-by-nc-sa-3.0*",
"CC-BY-NC-SA-3.0",
"cc-by-nc-sa-3.0",
"*MOTOSOTO*",
"*motosoto*",
"MOTOSOTO",
"motosoto",
"*ZIMBRA-1.3*",
"*zimbra-1.3*",
"ZIMBRA-1.3",
"zimbra-1.3",
"*LIBSELINUX-1.0*",
"*libselinux-1.0*",
"LIBSELINUX-1.0",
"libselinux-1.0",
"*0BSD*",
"*0bsd*",
"0BSD",
"0bsd",
"*IMLIB2*",
"*imlib2*",
"IMLIB2",
"imlib2",
"*CC-BY-ND-2.0*",
"*cc-by-nd-2.0*",
"CC-BY-ND-2.0",
"cc-by-nd-2.0",
"*HPND-MARKUS-KUHN*",
"*hpnd-markus-kuhn*",
"HPND-MARKUS-KUHN",
"hpnd-markus-kuhn",
"*PKGCONF*",
"*pkgconf*",
"PKGCONF",
"pkgconf",
"*OFL-1.1-RFN*",
"*ofl-1.1-rfn*",
"OFL-1.1-RFN",
"ofl-1.1-rfn",
"*LGPL-3.0+*",
"*lgpl-3.0+*",
"LGPL-3.0+",
"lgpl-3.0+",
"*UNICODE-3.0*",
"*unicode-3.0*",
"UNICODE-3.0",
"unicode-3.0",
"*MIT-ENNA*",
"*mit-enna*",
"MIT-ENNA",
"mit-enna",
"*AML*",
"*aml*",
"AML",
"aml",
"*POSTGRESQL*",
"*postgresql*",
"POSTGRESQL",
"postgresql",
"*OPENVISION*",
"*openvision*",
"OPENVISION",
"openvision",
"*ARTISTIC-1.0*",
"*artistic-1.0*",
"ARTISTIC-1.0",
"artistic-1.0",
"*BSD-4.3RENO*",
"*bsd-4.3reno*",
"BSD-4.3RENO",
"bsd-4.3reno",
"*GPL-2.0-WITH-GCC-EXCEPTION*",
"*gpl-2.0-with-gcc-exception*",
"GPL-2.0-WITH-GCC-EXCEPTION",
"gpl-2.0-with-gcc-exception",
"*GFDL-1.1*",
"*gfdl-1.1*",
"GFDL-1.1",
"gfdl-1.1",
"*IJG-SHORT*",
"*ijg-short*",
"IJG-SHORT",
"ijg-short",
"*CC-BY-3.0-AT*",
"*cc-by-3.0-at*",
"CC-BY-3.0-AT",
"cc-by-3.0-at",
"*OML*",
"*oml*",
"OML",
"oml",
"*OPENSSL-STANDALONE*",
"*openssl-standalone*",
"OPENSSL-STANDALONE",
"openssl-standalone",
"*HP-1986*",
"*hp-1986*",
"HP-1986",
"hp-1986",
"*LGPL-2.1-ONLY*",
"*lgpl-2.1-only*",
"LGPL-2.1-ONLY",
"lgpl-2.1-only",
"*CORNELL-LOSSLESS-JPEG*",
"*cornell-lossless-jpeg*",
"CORNELL-LOSSLESS-JPEG",
"cornell-lossless-jpeg",
"*PYTHON-LDAP*",
"*python-ldap*",
"PYTHON-LDAP",
"python-ldap",
"*GPL-3.0-ONLY*",
"*gpl-3.0-only*",
"GPL-3.0-ONLY",
"gpl-3.0-only",
"*3D-SLICER-1.0*",
"*3d-slicer-1.0*",
"3D-SLICER-1.0",
"3d-slicer-1.0",
"*CURL*",
"*curl*",
"CURL",
"curl",
"*EPL-2.0*",
"*epl-2.0*",
"EPL-2.0",
"epl-2.0",
"*DTOA*",
"*dtoa*",
"DTOA",
"dtoa",
"*BAEKMUK*",
"*baekmuk*",
"BAEKMUK",
"baekmuk",
"*GPL-2.0-WITH-BISON-EXCEPTION*",
"*gpl-2.0-with-bison-exception*",
"GPL-2.0-WITH-BISON-EXCEPTION",
"gpl-2.0-with-bison-exception",
"*OLDAP-2.4*",
"*oldap-2.4*",
"OLDAP-2.4",
"oldap-2.4",
"*NOSL*",
"*nosl*",
"NOSL",
"nosl",
"*SOFTSURFER*",
"*softsurfer*",
"SOFTSURFER",
"softsurfer",
"*BSD-SOURCE-BEGINNING-FILE*",
"*bsd-source-beginning-file*",
"BSD-SOURCE-BEGINNING-FILE",
"bsd-source-beginning-file",
"*BOEHM-GC-WITHOUT-FEE*",
"*boehm-gc-without-fee*",
"BOEHM-GC-WITHOUT-FEE",
"boehm-gc-without-fee",
"*AGPL-3.0-OR-LATER*",
"*agpl-3.0-or-later*",
"AGPL-3.0-OR-LATER",
"agpl-3.0-or-later",
"*OSL-1.0*",
"*osl-1.0*",
"OSL-1.0",
"osl-1.0",
"*HPND-UC-EXPORT-US*",
"*hpnd-uc-export-us*",
"HPND-UC-EXPORT-US",
"hpnd-uc-export-us",
"*BUSL-1.1*",
"*busl-1.1*",
"BUSL-1.1",
"busl-1.1",
"*SENDMAIL*",
"*sendmail*",
"SENDMAIL",
"sendmail",
"*SAXPATH*",
"*saxpath*",
"SAXPATH",
"saxpath",
"*HPND-FENNEBERG-LIVINGSTON*",
"*hpnd-fenneberg-livingston*",
"HPND-FENNEBERG-LIVINGSTON",
"hpnd-fenneberg-livingston",
"*SUL-1.0*",
"*sul-1.0*",
"SUL-1.0",
"sul-1.0",
"*DOCBOOK-XML*",
"*docbook-xml*",
"DOCBOOK-XML",
"docbook-xml",
"*CC-BY-SA-2.1-JP*",
"*cc-by-sa-2.1-jp*",
"CC-BY-SA-2.1-JP",
"cc-by-sa-2.1-jp",
"*SNIA*",
"*snia*",
"SNIA",
"snia",
"*UBUNTU-FONT-1.0*",
"*ubuntu-font-1.0*",
"UBUNTU-FONT-1.0",
"ubuntu-font-1.0",
"*LGPL-3.0-OR-LATER*",
"*lgpl-3.0-or-later*",
"LGPL-3.0-OR-LATER",
"lgpl-3.0-or-later",
"*OFL-1.0*",
"*ofl-1.0*",
"OFL-1.0",
"ofl-1.0",
"*XEROX*",
"*xerox*",
"XEROX",
"xerox",
"*GFDL-1.3*",
"*gfdl-1.3*",
"GFDL-1.3",
"gfdl-1.3",
"*NIST-PD*",
"*nist-pd*",
"NIST-PD",
"nist-pd",
"*NUNIT*",
"*nunit*",
"NUNIT",
"nunit",
"*LILIQ-RPLUS-1.1*",
"*liliq-rplus-1.1*",
"LILIQ-RPLUS-1.1",
"liliq-rplus-1.1",
"*GFDL-1.2-INVARIANTS-OR-LATER*",
"*gfdl-1.2-invariants-or-later*",
"GFDL-1.2-INVARIANTS-OR-LATER",
"gfdl-1.2-invariants-or-later",
"*ISC-VEILLARD*",
"*isc-veillard*",
"ISC-VEILLARD",
"isc-veillard",
"*SAX-PD-2.0*",
"*sax-pd-2.0*",
"SAX-PD-2.0",
"sax-pd-2.0",
"*EUPL-1.0*",
"*eupl-1.0*",
"EUPL-1.0",
"eupl-1.0",
"*PNMSTITCH*",
"*pnmstitch*",
"PNMSTITCH",
"pnmstitch",
"*JASPER-2.0*",
"*jasper-2.0*",
"JASPER-2.0",
"jasper-2.0",
"*PLEXUS*",
"*plexus*",
"PLEXUS",
"plexus",
"*CVE-TOU*",
"*cve-tou*",
"CVE-TOU",
"cve-tou",
"*LILIQ-R-1.1*",
"*liliq-r-1.1*",
"LILIQ-R-1.1",
"liliq-r-1.1",
"*SOFA*",
"*sofa*",
"SOFA",
"sofa",
"*MIT-ADVERTISING*",
"*mit-advertising*",
"MIT-ADVERTISING",
"mit-advertising",
"*LGPL-2.1+*",
"*lgpl-2.1+*",
"LGPL-2.1+",
"lgpl-2.1+",
"*MPL-1.1*",
"*mpl-1.1*",
"MPL-1.1",
"mpl-1.1",
"*OPL-UK-3.0*",
"*opl-uk-3.0*",
"OPL-UK-3.0",
"opl-uk-3.0",
"*AMD-NEWLIB*",
"*amd-newlib*",
"AMD-NEWLIB",
"amd-newlib",
"*MITNFA*",
"*mitnfa*",
"MITNFA",
"mitnfa",
"*DOCBOOK-STYLESHEET*",
"*docbook-stylesheet*",
"DOCBOOK-STYLESHEET",
"docbook-stylesheet",
"*WWL*",
"*wwl*",
"WWL",
"wwl",
"*CC-BY-NC-SA-2.0-UK*",
"*cc-by-nc-sa-2.0-uk*",
"CC-BY-NC-SA-2.0-UK",
"cc-by-nc-sa-2.0-uk",
"*CECILL-C*",
"*cecill-c*",
"CECILL-C",
"cecill-c",
"*CC-BY-3.0-US*",
"*cc-by-3.0-us*",
"CC-BY-3.0-US",
"cc-by-3.0-us",
"*NCGL-UK-2.0*",
"*ncgl-uk-2.0*",
"NCGL-UK-2.0",
"ncgl-uk-2.0",
"*PIXAR*",
"*pixar*",
"PIXAR",
"pixar",
"*OGL-CANADA-2.0*",
"*ogl-canada-2.0*",
"OGL-CANADA-2.0",
"ogl-canada-2.0",
"*BSD-3-CLAUSE-SUN*",
"*bsd-3-clause-sun*",
"BSD-3-CLAUSE-SUN",
"bsd-3-clause-sun",
"*GFDL-1.1-INVARIANTS-ONLY*",
"*gfdl-1.1-invariants-only*",
"GFDL-1.1-INVARIANTS-ONLY",
"gfdl-1.1-invariants-only",
"*W3C*",
"*w3c*",
"W3C",
"w3c",
"*CC-BY-ND-3.0-DE*",
"*cc-by-nd-3.0-de*",
"CC-BY-ND-3.0-DE",
"cc-by-nd-3.0-de",
"*CC-BY-SA-3.0-DE*",
"*cc-by-sa-3.0-de*",
"CC-BY-SA-3.0-DE",
"cc-by-sa-3.0-de",
"*GENERIC-XTS*",
"*generic-xts*",
"GENERIC-XTS",
"generic-xts",
"*ZIMBRA-1.4*",
"*zimbra-1.4*",
"ZIMBRA-1.4",
"zimbra-1.4",
"*OLDAP-2.0.1*",
"*oldap-2.0.1*",
"OLDAP-2.0.1",
"oldap-2.0.1",
"*BRIAN-GLADMAN-3-CLAUSE*",
"*brian-gladman-3-clause*",
"BRIAN-GLADMAN-3-CLAUSE",
"brian-gladman-3-clause",
"*DIFFMARK*",
"*diffmark*",
"DIFFMARK",
"diffmark",
"*RSCPL*",
"*rscpl*",
"RSCPL",
"rscpl",
"*GPL-2.0-WITH-CLASSPATH-EXCEPTION*",
"*gpl-2.0-with-classpath-exception*",
"GPL-2.0-WITH-CLASSPATH-EXCEPTION",
"gpl-2.0-with-classpath-exception",
"*DOCBOOK-SCHEMA*",
"*docbook-schema*",
"DOCBOOK-SCHEMA",
"docbook-schema",
"*NPOSL-3.0*",
"*nposl-3.0*",
"NPOSL-3.0",
"nposl-3.0",
"*ARTISTIC-2.0*",
"*artistic-2.0*",
"ARTISTIC-2.0",
"artistic-2.0",
"*KNUTH-CTAN*",
"*knuth-ctan*",
"KNUTH-CTAN",
"knuth-ctan",
"*CC-BY-NC-1.0*",
"*cc-by-nc-1.0*",
"CC-BY-NC-1.0",
"cc-by-nc-1.0",
"*MIPS*",
"*mips*",
"MIPS",
"mips",
"*CC-BY-2.0*",
"*cc-by-2.0*",
"CC-BY-2.0",
"cc-by-2.0",
"*ZEND-2.0*",
"*zend-2.0*",
"ZEND-2.0",
"zend-2.0",
"*GPL-3.0-WITH-GCC-EXCEPTION*",
"*gpl-3.0-with-gcc-exception*",
"GPL-3.0-WITH-GCC-EXCEPTION",
"gpl-3.0-with-gcc-exception",
"*JPNIC*",
"*jpnic*",
"JPNIC",
"jpnic",
"*BSD-4.3TAHOE*",
"*bsd-4.3tahoe*",
"BSD-4.3TAHOE",
"bsd-4.3tahoe",
"*AFL-1.1*",
"*afl-1.1*",
"AFL-1.1",
"afl-1.1",
"*MPEG-SSG*",
"*mpeg-ssg*",
"MPEG-SSG",
"mpeg-ssg",
"*WXWINDOWS*",
"*wxwindows*",
"WXWINDOWS",
"wxwindows",
"*LINUX-MAN-PAGES-COPYLEFT-2-PARA*",
"*linux-man-pages-copyleft-2-para*",
"LINUX-MAN-PAGES-COPYLEFT-2-PARA",
"linux-man-pages-copyleft-2-para",
"*ANTLR-PD*",
"*antlr-pd*",
"ANTLR-PD",
"antlr-pd",
"*GPL-2.0-WITH-FONT-EXCEPTION*",
"*gpl-2.0-with-font-exception*",
"GPL-2.0-WITH-FONT-EXCEPTION",
"gpl-2.0-with-font-exception",
"*SPENCER-86*",
"*spencer-86*",
"SPENCER-86",
"spencer-86",
"*CFITSIO*",
"*cfitsio*",
"CFITSIO",
"cfitsio",
"*BSD-ADVERTISING-ACKNOWLEDGEMENT*",
"*bsd-advertising-acknowledgement*",
"BSD-ADVERTISING-ACKNOWLEDGEMENT",
"bsd-advertising-acknowledgement",
"*ZPL-1.1*",
"*zpl-1.1*",
"ZPL-1.1",
"zpl-1.1",
"*RPL-1.1*",
"*rpl-1.1*",
"RPL-1.1",
"rpl-1.1",
"*OLFL-1.3*",
"*olfl-1.3*",
"OLFL-1.3",
"olfl-1.3",
"*SUGARCRM-1.1.3*",
"*sugarcrm-1.1.3*",
"SUGARCRM-1.1.3",
"sugarcrm-1.1.3",
"*MAILPRIO*",
"*mailprio*",
"MAILPRIO",
"mailprio",
"*UNICODE-DFS-2016*",
"*unicode-dfs-2016*",
"UNICODE-DFS-2016",
"unicode-dfs-2016",
"*CRYPTOSWIFT*",
"*cryptoswift*",
"CRYPTOSWIFT",
"cryptoswift",
"*DSDP*",
"*dsdp*",
"DSDP",
"dsdp",
"*MAGAZ*",
"*magaz*",
"MAGAZ",
"magaz",
"*SCEA*",
"*scea*",
"SCEA",
"scea",
"*OGTSL*",
"*ogtsl*",
"OGTSL",
"ogtsl",
"*SSH-KEYSCAN*",
"*ssh-keyscan*",
"SSH-KEYSCAN",
"ssh-keyscan",
"*GFDL-1.2-ONLY*",
"*gfdl-1.2-only*",
"GFDL-1.2-ONLY",
"gfdl-1.2-only",
"*ARTISTIC-DIST*",
"*artistic-dist*",
"ARTISTIC-DIST",
"artistic-dist",
"*DL-DE-BY-2.0*",
"*dl-de-by-2.0*",
"DL-DE-BY-2.0",
"dl-de-by-2.0",
"*OSL-2.0*",
"*osl-2.0*",
"OSL-2.0",
"osl-2.0",
"*HPND-DOC-SELL*",
"*hpnd-doc-sell*",
"HPND-DOC-SELL",
"hpnd-doc-sell",
"*CNRI-PYTHON*",
"*cnri-python*",
"CNRI-PYTHON",
"cnri-python",
"*SOUNDEX*",
"*soundex*",
"SOUNDEX",
"soundex",
"*GFDL-1.1-INVARIANTS-OR-LATER*",
"*gfdl-1.1-invariants-or-later*",
"GFDL-1.1-INVARIANTS-OR-LATER",
"gfdl-1.1-invariants-or-later",
"*CC-BY-NC-SA-3.0-IGO*",
"*cc-by-nc-sa-3.0-igo*",
"CC-BY-NC-SA-3.0-IGO",
"cc-by-nc-sa-3.0-igo",
"*TPDL*",
"*tpdl*",
"TPDL",
"tpdl",
"*BOEHM-GC*",
"*boehm-gc*",
"BOEHM-GC",
"boehm-gc",
"*NRL*",
"*nrl*",
"NRL",
"nrl",
"*GFDL-1.2-INVARIANTS-ONLY*",
"*gfdl-1.2-invariants-only*",
"GFDL-1.2-INVARIANTS-ONLY",
"gfdl-1.2-invariants-only",
"*SWL*",
"*swl*",
"SWL",
"swl",
"*CC-BY-SA-3.0-AT*",
"*cc-by-sa-3.0-at*",
"CC-BY-SA-3.0-AT",
"cc-by-sa-3.0-at",
"*FSL-1.1-ALV2*",
"*fsl-1.1-alv2*",
"FSL-1.1-ALV2",
"fsl-1.1-alv2",
"*HIDAPI*",
"*hidapi*",
"HIDAPI",
"hidapi",
"*HPND-PBMPLUS*",
"*hpnd-pbmplus*",
"HPND-PBMPLUS",
"hpnd-pbmplus",
"*LIBUTIL-DAVID-NUGENT*",
"*libutil-david-nugent*",
"LIBUTIL-DAVID-NUGENT",
"libutil-david-nugent",
"*GFDL-1.3-INVARIANTS-ONLY*",
"*gfdl-1.3-invariants-only*",
"GFDL-1.3-INVARIANTS-ONLY",
"gfdl-1.3-invariants-only",
"*NETCDF*",
"*netcdf*",
"NETCDF",
"netcdf",
"*MIT-FESTIVAL*",
"*mit-festival*",
"MIT-FESTIVAL",
"mit-festival",
"*MIT-0*",
"*mit-0*",
"MIT-0",
"mit-0",
"*OLDAP-2.2.2*",
"*oldap-2.2.2*",
"OLDAP-2.2.2",
"oldap-2.2.2",
"*AFL-3.0*",
"*afl-3.0*",
"AFL-3.0",
"afl-3.0",
"*HPND-EXPORT-US*",
"*hpnd-export-us*",
"HPND-EXPORT-US",
"hpnd-export-us",
"*GFDL-1.3-OR-LATER*",
"*gfdl-1.3-or-later*",
"GFDL-1.3-OR-LATER",
"gfdl-1.3-or-later",
"*FRAMEWORX-1.0*",
"*frameworx-1.0*",
"FRAMEWORX-1.0",
"frameworx-1.0",
"*IMAGEMAGICK*",
"*imagemagick*",
"IMAGEMAGICK",
"imagemagick",
"*ARPHIC-1999*",
"*arphic-1999*",
"ARPHIC-1999",
"arphic-1999",
"*MS-LPL*",
"*ms-lpl*",
"MS-LPL",
"ms-lpl",
"*BSD-3-CLAUSE-ATTRIBUTION*",
"*bsd-3-clause-attribution*",
"BSD-3-CLAUSE-ATTRIBUTION",
"bsd-3-clause-attribution",
"*HPND-MIT-DISCLAIMER*",
"*hpnd-mit-disclaimer*",
"HPND-MIT-DISCLAIMER",
"hpnd-mit-disclaimer",
"*METAMAIL*",
"*metamail*",
"METAMAIL",
"metamail",
"*BSD-2-CLAUSE-VIEWS*",
"*bsd-2-clause-views*",
"BSD-2-CLAUSE-VIEWS",
"bsd-2-clause-views",
"*MACKERRAS-3-CLAUSE*",
"*mackerras-3-clause*",
"MACKERRAS-3-CLAUSE",
"mackerras-3-clause",
"*EUPL-1.2*",
"*eupl-1.2*",
"EUPL-1.2",
"eupl-1.2",
"*BSD-3-CLAUSE-OPEN-MPI*",
"*bsd-3-clause-open-mpi*",
"BSD-3-CLAUSE-OPEN-MPI",
"bsd-3-clause-open-mpi",
"*MARTIN-BIRGMEIER*",
"*martin-birgmeier*",
"MARTIN-BIRGMEIER",
"martin-birgmeier",
"*BZIP2-1.0.5*",
"*bzip2-1.0.5*",
"BZIP2-1.0.5",
"bzip2-1.0.5",
"*CC-BY-NC-2.0*",
"*cc-by-nc-2.0*",
"CC-BY-NC-2.0",
"cc-by-nc-2.0",
"*QHULL*",
"*qhull*",
"QHULL",
"qhull",
"*OGC-1.0*",
"*ogc-1.0*",
"OGC-1.0",
"ogc-1.0",
"*LGPL-2.0*",
"*lgpl-2.0*",
"LGPL-2.0",
"lgpl-2.0",
"*POLYFORM-SMALL-BUSINESS-1.0.0*",
"*polyform-small-business-1.0.0*",
"POLYFORM-SMALL-BUSINESS-1.0.0",
"polyform-small-business-1.0.0",
"*CC-BY-SA-2.0-UK*",
"*cc-by-sa-2.0-uk*",
"CC-BY-SA-2.0-UK",
"cc-by-sa-2.0-uk",
"*GFDL-1.3-ONLY*",
"*gfdl-1.3-only*",
"GFDL-1.3-ONLY",
"gfdl-1.3-only",
"*GCR-DOCS*",
"*gcr-docs*",
"GCR-DOCS",
"gcr-docs",
"*CMU-MACH-NODOC*",
"*cmu-mach-nodoc*",
"CMU-MACH-NODOC",
"cmu-mach-nodoc",
"*NAIST-2003*",
"*naist-2003*",
"NAIST-2003",
"naist-2003",
"*HPND-EXPORT-US-ACKNOWLEDGEMENT*",
"*hpnd-export-us-acknowledgement*",
"HPND-EXPORT-US-ACKNOWLEDGEMENT",
"hpnd-export-us-acknowledgement",
"*IJG*",
"*ijg*",
"IJG",
"ijg",
"*IEC-CODE-COMPONENTS-EULA*",
"*iec-code-components-eula*",
"IEC-CODE-COMPONENTS-EULA",
"iec-code-components-eula",
"*HPND-KEVLIN-HENNEY*",
"*hpnd-kevlin-henney*",
"HPND-KEVLIN-HENNEY",
"hpnd-kevlin-henney",
"*APSL-1.0*",
"*apsl-1.0*",
"APSL-1.0",
"apsl-1.0",
"*SISSL*",
"*sissl*",
"SISSL",
"sissl",
"*LGPL-2.0-ONLY*",
"*lgpl-2.0-only*",
"LGPL-2.0-ONLY",
"lgpl-2.0-only",
"*GL2PS*",
"*gl2ps*",
"GL2PS",
"gl2ps",
"*DRL-1.0*",
"*drl-1.0*",
"DRL-1.0",
"drl-1.0",
"*OFL-1.1*",
"*ofl-1.1*",
"OFL-1.1",
"ofl-1.1",
"*MUP*",
"*mup*",
"MUP",
"mup",
"*SNPRINTF*",
"*snprintf*",
"SNPRINTF",
"snprintf",
"*LIBTIFF*",
"*libtiff*",
"LIBTIFF",
"libtiff",
"*ODBL-1.0*",
"*odbl-1.0*",
"ODBL-1.0",
"odbl-1.0",
"*ADOBE-GLYPH*",
"*adobe-glyph*",
"ADOBE-GLYPH",
"adobe-glyph",
"*RUBY-PTY*",
"*ruby-pty*",
"RUBY-PTY",
"ruby-pty",
"*CATHARON*",
"*catharon*",
"CATHARON",
"catharon",
"*GPL-2.0-WITH-AUTOCONF-EXCEPTION*",
"*gpl-2.0-with-autoconf-exception*",
"GPL-2.0-WITH-AUTOCONF-EXCEPTION",
"gpl-2.0-with-autoconf-exception",
"*SSLEAY-STANDALONE*",
"*ssleay-standalone*",
"SSLEAY-STANDALONE",
"ssleay-standalone",
"*APACHE-1.1*",
"*apache-1.1*",
"APACHE-1.1",
"apache-1.1",
"*MAN2HTML*",
"*man2html*",
"MAN2HTML",
"man2html",
"*OSET-PL-2.1*",
"*oset-pl-2.1*",
"OSET-PL-2.1",
"oset-pl-2.1",
"*ASWF-DIGITAL-ASSETS-1.0*",
"*aswf-digital-assets-1.0*",
"ASWF-DIGITAL-ASSETS-1.0",
"aswf-digital-assets-1.0",
"*CC0-1.0*",
"*cc0-1.0*",
"CC0-1.0",
"cc0-1.0",
"*TOSL*",
"*tosl*",
"TOSL",
"tosl",
"*GFDL-1.3-NO-INVARIANTS-ONLY*",
"*gfdl-1.3-no-invariants-only*",
"GFDL-1.3-NO-INVARIANTS-ONLY",
"gfdl-1.3-no-invariants-only",
"*LPPL-1.0*",
"*lppl-1.0*",
"LPPL-1.0",
"lppl-1.0",
"*MPL-2.0-NO-COPYLEFT-EXCEPTION*",
"*mpl-2.0-no-copyleft-exception*",
"MPL-2.0-NO-COPYLEFT-EXCEPTION",
"mpl-2.0-no-copyleft-exception",
"*UNICODE-DFS-2015*",
"*unicode-dfs-2015*",
"UNICODE-DFS-2015",
"unicode-dfs-2015",
"*TCP-WRAPPERS*",
"*tcp-wrappers*",
"TCP-WRAPPERS",
"tcp-wrappers",
"*LPPL-1.3A*",
"*lppl-1.3a*",
"LPPL-1.3A",
"lppl-1.3a",
"*SPL-1.0*",
"*spl-1.0*",
"SPL-1.0",
"spl-1.0",
"*SYMLINKS*",
"*symlinks*",
"SYMLINKS",
"symlinks",
"*ZPL-2.0*",
"*zpl-2.0*",
"ZPL-2.0",
"zpl-2.0",
"*MINPACK*",
"*minpack*",
"MINPACK",
"minpack",
"*HPND-DEC*",
"*hpnd-dec*",
"HPND-DEC",
"hpnd-dec",
"*CDDL-1.1*",
"*cddl-1.1*",
"CDDL-1.1",
"cddl-1.1",
"*ARTISTIC-1.0-CL8*",
"*artistic-1.0-cl8*",
"ARTISTIC-1.0-CL8",
"artistic-1.0-cl8",
"*W3C-20150513*",
"*w3c-20150513*",
"W3C-20150513",
"w3c-20150513",
"*WSUIPA*",
"*wsuipa*",
"WSUIPA",
"wsuipa",
"*DOCBOOK-DTD*",
"*docbook-dtd*",
"DOCBOOK-DTD",
"docbook-dtd",
"*MPL-1.0*",
"*mpl-1.0*",
"MPL-1.0",
"mpl-1.0",
"*NOWEB*",
"*noweb*",
"NOWEB",
"noweb",
"*OCCT-PL*",
"*occt-pl*",
"OCCT-PL",
"occt-pl",
"*RUBY*",
"*ruby*",
"RUBY",
"ruby",
"*WIDGET-WORKSHOP*",
"*widget-workshop*",
"WIDGET-WORKSHOP",
"widget-workshop",
"*HASKELLREPORT*",
"*haskellreport*",
"HASKELLREPORT",
"haskellreport",
"*BSD-3-CLAUSE-HP*",
"*bsd-3-clause-hp*",
"BSD-3-CLAUSE-HP",
"bsd-3-clause-hp",
"*COMMUNITY-SPEC-1.0*",
"*community-spec-1.0*",
"COMMUNITY-SPEC-1.0",
"community-spec-1.0",
"*SGI-B-1.0*",
"*sgi-b-1.0*",
"SGI-B-1.0",
"sgi-b-1.0",
"*BSD-3-CLAUSE-FLEX*",
"*bsd-3-clause-flex*",
"BSD-3-CLAUSE-FLEX",
"bsd-3-clause-flex",
"*MPI-PERMISSIVE*",
"*mpi-permissive*",
"MPI-PERMISSIVE",
"mpi-permissive",
"*CC-BY-NC-ND-2.5*",
"*cc-by-nc-nd-2.5*",
"CC-BY-NC-ND-2.5",
"cc-by-nc-nd-2.5",
"*NPL-1.0*",
"*npl-1.0*",
"NPL-1.0",
"npl-1.0",
"*OFL-1.1-NO-RFN*",
"*ofl-1.1-no-rfn*",
"OFL-1.1-NO-RFN",
"ofl-1.1-no-rfn",
"*OCLC-2.0*",
"*oclc-2.0*",
"OCLC-2.0",
"oclc-2.0",
"*VIM*",
"*vim*",
"VIM",
"vim",
"*CC-BY-ND-4.0*",
"*cc-by-nd-4.0*",
"CC-BY-ND-4.0",
"cc-by-nd-4.0",
"*OSL-3.0*",
"*osl-3.0*",
"OSL-3.0",
"osl-3.0",
"*BITSTREAM-VERA*",
"*bitstream-vera*",
"BITSTREAM-VERA",
"bitstream-vera",
"*HPND-UC*",
"*hpnd-uc*",
"HPND-UC",
"hpnd-uc",
"*GNUPLOT*",
"*gnuplot*",
"GNUPLOT",
"gnuplot",
"*CROSSWORD*",
"*crossword*",
"CROSSWORD",
"crossword",
"*BSD-INFERNO-NETTVERK*",
"*bsd-inferno-nettverk*",
"BSD-INFERNO-NETTVERK",
"bsd-inferno-nettverk",
"*CC-BY-SA-3.0*",
"*cc-by-sa-3.0*",
"CC-BY-SA-3.0",
"cc-by-sa-3.0",
"*HPND-INRIA-IMAG*",
"*hpnd-inria-imag*",
"HPND-INRIA-IMAG",
"hpnd-inria-imag",
"*FREEIMAGE*",
"*freeimage*",
"FREEIMAGE",
"freeimage",
"*SUNPRO*",
"*sunpro*",
"SUNPRO",
"sunpro",
"*CECILL-1.0*",
"*cecill-1.0*",
"CECILL-1.0",
"cecill-1.0",
"*INTERBASE-1.0*",
"*interbase-1.0*",
"INTERBASE-1.0",
"interbase-1.0",
"*GLULXE*",
"*glulxe*",
"GLULXE",
"glulxe",
"*MIROS*",
"*miros*",
"MIROS",
"miros",
"*LPL-1.0*",
"*lpl-1.0*",
"LPL-1.0",
"lpl-1.0",
"*CNRI-JYTHON*",
"*cnri-jython*",
"CNRI-JYTHON",
"cnri-jython",
"*IMATIX*",
"*imatix*",
"IMATIX",
"imatix",
"*ULEM*",
"*ulem*",
"ULEM",
"ulem",
"*TTWL*",
"*ttwl*",
"TTWL",
"ttwl",
"*BZIP2-1.0.6*",
"*bzip2-1.0.6*",
"BZIP2-1.0.6",
"bzip2-1.0.6",
"*CC-BY-NC-3.0-DE*",
"*cc-by-nc-3.0-de*",
"CC-BY-NC-3.0-DE",
"cc-by-nc-3.0-de",
"*OLDAP-2.6*",
"*oldap-2.6*",
"OLDAP-2.6",
"oldap-2.6",
"*GPL-3.0*",
"*gpl-3.0*",
"GPL-3.0",
"gpl-3.0",
"*LAL-1.3*",
"*lal-1.3*",
"LAL-1.3",
"lal-1.3",
"*ZEEFF*",
"*zeeff*",
"ZEEFF",
"zeeff",
"*OGL-UK-3.0*",
"*ogl-uk-3.0*",
"OGL-UK-3.0",
"ogl-uk-3.0",
"*X11*",
"*x11*",
"X11",
"x11",
"*CC-BY-4.0*",
"*cc-by-4.0*",
"CC-BY-4.0",
"cc-by-4.0",
"*GLIDE*",
"*glide*",
"GLIDE",
"glide",
"*CUBE*",
"*cube*",
"CUBE",
"cube",
"*OLDAP-2.8*",
"*oldap-2.8*",
"OLDAP-2.8",
"oldap-2.8",
"*JAM*",
"*jam*",
"JAM",
"jam",
"*FBM*",
"*fbm*",
"FBM",
"fbm",
"*MIT*",
"*mit*",
"MIT",
"mit",
"*AFL-2.0*",
"*afl-2.0*",
"AFL-2.0",
"afl-2.0",
"*GRAPHICS-GEMS*",
"*graphics-gems*",
"GRAPHICS-GEMS",
"graphics-gems",
"*HDPARM*",
"*hdparm*",
"HDPARM",
"hdparm",
"*ELASTIC-2.0*",
"*elastic-2.0*",
"ELASTIC-2.0",
"elastic-2.0",
"*CC-BY-ND-3.0*",
"*cc-by-nd-3.0*",
"CC-BY-ND-3.0",
"cc-by-nd-3.0",
"*O-UDA-1.0*",
"*o-uda-1.0*",
"O-UDA-1.0",
"o-uda-1.0",
"*CC-BY-NC-4.0*",
"*cc-by-nc-4.0*",
"CC-BY-NC-4.0",
"cc-by-nc-4.0",
"*ECOS-2.0*",
"*ecos-2.0*",
"ECOS-2.0",
"ecos-2.0",
"*XFIG*",
"*xfig*",
"XFIG",
"xfig",
"*KAZLIB*",
"*kazlib*",
"KAZLIB",
"kazlib",
"*CDL-1.0*",
"*cdl-1.0*",
"CDL-1.0",
"cdl-1.0",
"*AAL*",
"*aal*",
"AAL",
"aal",
"*RADVD*",
"*radvd*",
"RADVD",
"radvd",
"*ENTESSA*",
"*entessa*",
"ENTESSA",
"entessa",
"*OPENSSL*",
"*openssl*",
"OPENSSL",
"openssl",
"*OLDAP-1.3*",
"*oldap-1.3*",
"OLDAP-1.3",
"oldap-1.3",
"*AGPL-3.0*",
"*agpl-3.0*",
"AGPL-3.0",
"agpl-3.0",
"*BSD-3-CLAUSE-MODIFICATION*",
"*bsd-3-clause-modification*",
"BSD-3-CLAUSE-MODIFICATION",
"bsd-3-clause-modification",
"*C-UDA-1.0*",
"*c-uda-1.0*",
"C-UDA-1.0",
"c-uda-1.0",
"*CNRI-PYTHON-GPL-COMPATIBLE*",
"*cnri-python-gpl-compatible*",
"CNRI-PYTHON-GPL-COMPATIBLE",
"cnri-python-gpl-compatible",
"*CONDOR-1.1*",
"*condor-1.1*",
"CONDOR-1.1",
"condor-1.1",
"*LGPLLR*",
"*lgpllr*",
"LGPLLR",
"lgpllr",
"*DRL-1.1*",
"*drl-1.1*",
"DRL-1.1",
"drl-1.1",
"*CC-BY-ND-2.5*",
"*cc-by-nd-2.5*",
"CC-BY-ND-2.5",
"cc-by-nd-2.5",
"*BSD-3-CLAUSE-NO-NUCLEAR-LICENSE*",
"*bsd-3-clause-no-nuclear-license*",
"BSD-3-CLAUSE-NO-NUCLEAR-LICENSE",
"bsd-3-clause-no-nuclear-license",
"*CC-BY-SA-2.0*",
"*cc-by-sa-2.0*",
"CC-BY-SA-2.0",
"cc-by-sa-2.0",
"*GPL-2.0-ONLY*",
"*gpl-2.0-only*",
"GPL-2.0-ONLY",
"gpl-2.0-only",
"*TERMREADKEY*",
"*termreadkey*",
"TERMREADKEY",
"termreadkey",
"*OFL-1.0-NO-RFN*",
"*ofl-1.0-no-rfn*",
"OFL-1.0-NO-RFN",
"ofl-1.0-no-rfn",
"*INFO-ZIP*",
"*info-zip*",
"INFO-ZIP",
"info-zip",
"*GPL-1.0-ONLY*",
"*gpl-1.0-only*",
"GPL-1.0-ONLY",
"gpl-1.0-only",
"*CERN-OHL-S-2.0*",
"*cern-ohl-s-2.0*",
"CERN-OHL-S-2.0",
"cern-ohl-s-2.0",
"*CUA-OPL-1.0*",
"*cua-opl-1.0*",
"CUA-OPL-1.0",
"cua-opl-1.0",
"*AML-GLSLANG*",
"*aml-glslang*",
"AML-GLSLANG",
"aml-glslang",
"*APAFML*",
"*apafml*",
"APAFML",
"apafml",
"*HPND-DOC*",
"*hpnd-doc*",
"HPND-DOC",
"hpnd-doc",
"*EFL-2.0*",
"*efl-2.0*",
"EFL-2.0",
"efl-2.0",
"*TGPPL-1.0*",
"*tgppl-1.0*",
"TGPPL-1.0",
"tgppl-1.0",
"*CC-BY-NC-ND-3.0-DE*",
"*cc-by-nc-nd-3.0-de*",
"CC-BY-NC-ND-3.0-DE",
"cc-by-nc-nd-3.0-de",
"*CC-BY-NC-SA-1.0*",
"*cc-by-nc-sa-1.0*",
"CC-BY-NC-SA-1.0",
"cc-by-nc-sa-1.0",
"*TCL*",
"*tcl*",
"TCL",
"tcl",
"*LGPL-2.1*",
"*lgpl-2.1*",
"LGPL-2.1",
"lgpl-2.1",
"*CC-BY-2.5-AU*",
"*cc-by-2.5-au*",
"CC-BY-2.5-AU",
"cc-by-2.5-au",
"*CC-BY-SA-1.0*",
"*cc-by-sa-1.0*",
"CC-BY-SA-1.0",
"cc-by-sa-1.0",
"*CAL-1.0-COMBINED-WORK-EXCEPTION*",
"*cal-1.0-combined-work-exception*",
"CAL-1.0-COMBINED-WORK-EXCEPTION",
"cal-1.0-combined-work-exception",
"*OLDAP-2.7*",
"*oldap-2.7*",
"OLDAP-2.7",
"oldap-2.7",
"*AMPAS*",
"*ampas*",
"AMPAS",
"ampas",
"*RPSL-1.0*",
"*rpsl-1.0*",
"RPSL-1.0",
"rpsl-1.0",
"*UNLICENSE-LIBTELNET*",
"*unlicense-libtelnet*",
"UNLICENSE-LIBTELNET",
"unlicense-libtelnet",
"*OLDAP-2.1*",
"*oldap-2.1*",
"OLDAP-2.1",
"oldap-2.1",
"*INTEL-ACPI*",
"*intel-acpi*",
"INTEL-ACPI",
"intel-acpi",
"*CC-BY-NC-SA-2.0-FR*",
"*cc-by-nc-sa-2.0-fr*",
"CC-BY-NC-SA-2.0-FR",
"cc-by-nc-sa-2.0-fr",
"*MIT-FEH*",
"*mit-feh*",
"MIT-FEH",
"mit-feh",
"*BSD-3-CLAUSE-NO-MILITARY-LICENSE*",
"*bsd-3-clause-no-military-license*",
"BSD-3-CLAUSE-NO-MILITARY-LICENSE",
"bsd-3-clause-no-military-license",
"*CECILL-1.1*",
"*cecill-1.1*",
"CECILL-1.1",
"cecill-1.1",
"*W3M*",
"*w3m*",
"W3M",
"w3m",
"*PHP-3.01*",
"*php-3.01*",
"PHP-3.01",
"php-3.01",
"*CRYSTALSTACKER*",
"*crystalstacker*",
"CRYSTALSTACKER",
"crystalstacker",
"*BSD-2-CLAUSE-PATENT*",
"*bsd-2-clause-patent*",
"BSD-2-CLAUSE-PATENT",
"bsd-2-clause-patent",
"*GPL-2.0*",
"*gpl-2.0*",
"GPL-2.0",
"gpl-2.0",
"*CC-BY-NC-ND-4.0*",
"*cc-by-nc-nd-4.0*",
"CC-BY-NC-ND-4.0",
"cc-by-nc-nd-4.0",
"*XZOOM*",
"*xzoom*",
"XZOOM",
"xzoom",
"*PARITY-7.0.0*",
"*parity-7.0.0*",
"PARITY-7.0.0",
"parity-7.0.0",
"*UNLICENSE*",
"*unlicense*",
"UNLICENSE",
"unlicense",
"*ECL-2.0*",
"*ecl-2.0*",
"ECL-2.0",
"ecl-2.0",
"*NASA-1.3*",
"*nasa-1.3*",
"NASA-1.3",
"nasa-1.3",
"*CC-BY-3.0-DE*",
"*cc-by-3.0-de*",
"CC-BY-3.0-DE",
"cc-by-3.0-de",
"*OSL-2.1*",
"*osl-2.1*",
"OSL-2.1",
"osl-2.1",
"*COPYLEFT-NEXT-0.3.0*",
"*copyleft-next-0.3.0*",
"COPYLEFT-NEXT-0.3.0",
"copyleft-next-0.3.0",
"*LGPL-2.1-OR-LATER*",
"*lgpl-2.1-or-later*",
"LGPL-2.1-OR-LATER",
"lgpl-2.1-or-later",
"*GAME-PROGRAMMING-GEMS*",
"*game-programming-gems*",
"GAME-PROGRAMMING-GEMS",
"game-programming-gems",
"*OLDAP-1.1*",
"*oldap-1.1*",
"OLDAP-1.1",
"oldap-1.1",
"*NICTA-1.0*",
"*nicta-1.0*",
"NICTA-1.0",
"nicta-1.0",
"*BSD-SOURCE-CODE*",
"*bsd-source-code*",
"BSD-SOURCE-CODE",
"bsd-source-code",
"*D-FSL-1.0*",
"*d-fsl-1.0*",
"D-FSL-1.0",
"d-fsl-1.0",
"*CC-BY-NC-ND-3.0*",
"*cc-by-nc-nd-3.0*",
"CC-BY-NC-ND-3.0",
"cc-by-nc-nd-3.0",
"*PADL*",
"*padl*",
"PADL",
"padl",
"*HPND-NETREK*",
"*hpnd-netrek*",
"HPND-NETREK",
"hpnd-netrek",
"*NTP-0*",
"*ntp-0*",
"NTP-0",
"ntp-0",
"*GFDL-1.1-NO-INVARIANTS-ONLY*",
"*gfdl-1.1-no-invariants-only*",
"GFDL-1.1-NO-INVARIANTS-ONLY",
"gfdl-1.1-no-invariants-only",
"*NTP*",
"*ntp*",
"NTP",
"ntp",
"*UPL-1.0*",
"*upl-1.0*",
"UPL-1.0",
"upl-1.0",
"*BSD-1-CLAUSE*",
"*bsd-1-clause*",
"BSD-1-CLAUSE",
"bsd-1-clause",
"*DVIPDFM*",
"*dvipdfm*",
"DVIPDFM",
"dvipdfm",
"*UCAR*",
"*ucar*",
"UCAR",
"ucar",
"*NET-SNMP*",
"*net-snmp*",
"NET-SNMP",
"net-snmp",
"*LIBPNG*",
"*libpng*",
"LIBPNG",
"libpng",
"*CLIPS*",
"*clips*",
"CLIPS",
"clips",
"*CERN-OHL-W-2.0*",
"*cern-ohl-w-2.0*",
"CERN-OHL-W-2.0",
"cern-ohl-w-2.0",
"*CC-PDDC*",
"*cc-pddc*",
"CC-PDDC",
"cc-pddc",
"*LGPL-2.0+*",
"*lgpl-2.0+*",
"LGPL-2.0+",
"lgpl-2.0+",
"*AFL-2.1*",
"*afl-2.1*",
"AFL-2.1",
"afl-2.1",
"*NCBI-PD*",
"*ncbi-pd*",
"NCBI-PD",
"ncbi-pd",
"*THREEPARTTABLE*",
"*threeparttable*",
"THREEPARTTABLE",
"threeparttable",
"*LATEX2E*",
"*latex2e*",
"LATEX2E",
"latex2e",
"*FDK-AAC*",
"*fdk-aac*",
"FDK-AAC",
"fdk-aac",
"*ICU*",
"*icu*",
"ICU",
"icu",
"*NIST-SOFTWARE*",
"*nist-software*",
"NIST-SOFTWARE",
"nist-software",
"*XNET*",
"*xnet*",
"XNET",
"xnet",
"*GUTMANN*",
"*gutmann*",
"GUTMANN",
"gutmann",
"*LSOF*",
"*lsof*",
"LSOF",
"lsof",
"*JSON*",
"*json*",
"JSON",
"json",
"*TAPR-OHL-1.0*",
"*tapr-ohl-1.0*",
"TAPR-OHL-1.0",
"tapr-ohl-1.0",
"*CPAL-1.0*",
"*cpal-1.0*",
"CPAL-1.0",
"cpal-1.0",
"*NLPL*",
"*nlpl*",
"NLPL",
"nlpl",
"*PSF-2.0*",
"*psf-2.0*",
"PSF-2.0",
"psf-2.0",
"*CPOL-1.02*",
"*cpol-1.02*",
"CPOL-1.02",
"cpol-1.02",
"*CALDERA-NO-PREAMBLE*",
"*caldera-no-preamble*",
"CALDERA-NO-PREAMBLE",
"caldera-no-preamble",
"*VSL-1.0*",
"*vsl-1.0*",
"VSL-1.0",
"vsl-1.0",
"*ASWF-DIGITAL-ASSETS-1.1*",
"*aswf-digital-assets-1.1*",
"ASWF-DIGITAL-ASSETS-1.1",
"aswf-digital-assets-1.1",
"*LIBPNG-2.0*",
"*libpng-2.0*",
"LIBPNG-2.0",
"libpng-2.0",
"*BARR*",
"*barr*",
"BARR",
"barr",
"*ECL-1.0*",
"*ecl-1.0*",
"ECL-1.0",
"ecl-1.0",
"*GFDL-1.1-NO-INVARIANTS-OR-LATER*",
"*gfdl-1.1-no-invariants-or-later*",
"GFDL-1.1-NO-INVARIANTS-OR-LATER",
"gfdl-1.1-no-invariants-or-later",
"*AGPL-1.0-OR-LATER*",
"*agpl-1.0-or-later*",
"AGPL-1.0-OR-LATER",
"agpl-1.0-or-later",
"*GPL-1.0-OR-LATER*",
"*gpl-1.0-or-later*",
"GPL-1.0-OR-LATER",
"gpl-1.0-or-later",
"*PPL*",
"*ppl*",
"PPL",
"ppl",
"*SGI-B-1.1*",
"*sgi-b-1.1*",
"SGI-B-1.1",
"sgi-b-1.1",
"*FREEBSD-DOC*",
"*freebsd-doc*",
"FREEBSD-DOC",
"freebsd-doc",
"*CC-BY-NC-3.0*",
"*cc-by-nc-3.0*",
"CC-BY-NC-3.0",
"cc-by-nc-3.0",
"*LINUX-MAN-PAGES-1-PARA*",
"*linux-man-pages-1-para*",
"LINUX-MAN-PAGES-1-PARA",
"linux-man-pages-1-para",
"*GPL-3.0+*",
"*gpl-3.0+*",
"GPL-3.0+",
"gpl-3.0+",
"*LINUX-MAN-PAGES-COPYLEFT-VAR*",
"*linux-man-pages-copyleft-var*",
"LINUX-MAN-PAGES-COPYLEFT-VAR",
"linux-man-pages-copyleft-var",
"*DOTSEQN*",
"*dotseqn*",
"DOTSEQN",
"dotseqn",
"*URT-RLE*",
"*urt-rle*",
"URT-RLE",
"urt-rle",
"*ERLPL-1.1*",
"*erlpl-1.1*",
"ERLPL-1.1",
"erlpl-1.1",
"*UNIXCRYPT*",
"*unixcrypt*",
"UNIXCRYPT",
"unixcrypt",
"*GFDL-1.2-NO-INVARIANTS-OR-LATER*",
"*gfdl-1.2-no-invariants-or-later*",
"GFDL-1.2-NO-INVARIANTS-OR-LATER",
"gfdl-1.2-no-invariants-or-later",
"*CC-BY-2.5*",
"*cc-by-2.5*",
"CC-BY-2.5",
"cc-by-2.5",
"*CC-BY-NC-ND-2.0*",
"*cc-by-nc-nd-2.0*",
"CC-BY-NC-ND-2.0",
"cc-by-nc-nd-2.0",
"*EUPL-1.1*",
"*eupl-1.1*",
"EUPL-1.1",
"eupl-1.1",
"*CDDL-1.0*",
"*cddl-1.0*",
"CDDL-1.0",
"cddl-1.0",
"*CC-BY-3.0-IGO*",
"*cc-by-3.0-igo*",
"CC-BY-3.0-IGO",
"cc-by-3.0-igo",
"*CC-BY-3.0-NL*",
"*cc-by-3.0-nl*",
"CC-BY-3.0-NL",
"cc-by-3.0-nl",
"*HDF5*",
"*hdf5*",
"HDF5",
"hdf5",
"*NCSA*",
"*ncsa*",
"NCSA",
"ncsa",
"*AMDPLPA*",
"*amdplpa*",
"AMDPLPA",
"amdplpa",
"*RHECOS-1.1*",
"*rhecos-1.1*",
"RHECOS-1.1",
"rhecos-1.1",
"*CALDERA*",
"*caldera*",
"CALDERA",
"caldera",
"*BSD-2-CLAUSE-PKGCONF-DISCLAIMER*",
"*bsd-2-clause-pkgconf-disclaimer*",
"BSD-2-CLAUSE-PKGCONF-DISCLAIMER",
"bsd-2-clause-pkgconf-disclaimer",
"*ANY-OSI-PERL-MODULES*",
"*any-osi-perl-modules*",
"ANY-OSI-PERL-MODULES",
"any-osi-perl-modules",
"*AGPL-1.0-ONLY*",
"*agpl-1.0-only*",
"AGPL-1.0-ONLY",
"agpl-1.0-only",
"*EGENIX*",
"*egenix*",
"EGENIX",
"egenix",
"*LPPL-1.3C*",
"*lppl-1.3c*",
"LPPL-1.3C",
"lppl-1.3c",
"*IBM-PIBS*",
"*ibm-pibs*",
"IBM-PIBS",
"ibm-pibs",
"*ABSTYLES*",
"*abstyles*",
"ABSTYLES",
"abstyles",
"*GTKBOOK*",
"*gtkbook*",
"GTKBOOK",
"gtkbook",
"*MIT-TESTREGEX*",
"*mit-testregex*",
"MIT-TESTREGEX",
"mit-testregex",
"*PYTHON-2.0*",
"*python-2.0*",
"PYTHON-2.0",
"python-2.0",
"*RSA-MD*",
"*rsa-md*",
"RSA-MD",
"rsa-md",
"*RPL-1.5*",
"*rpl-1.5*",
"RPL-1.5",
"rpl-1.5",
"*NOKIA*",
"*nokia*",
"NOKIA",
"nokia",
"*BSD-4-CLAUSE*",
"*bsd-4-clause*",
"BSD-4-CLAUSE",
"bsd-4-clause",
"*OPUBL-1.0*",
"*opubl-1.0*",
"OPUBL-1.0",
"opubl-1.0",
"*GPL-1.0*",
"*gpl-1.0*",
"GPL-1.0",
"gpl-1.0",
"*BSL-1.0*",
"*bsl-1.0*",
"BSL-1.0",
"bsl-1.0",
"*MULANPSL-2.0*",
"*mulanpsl-2.0*",
"MULANPSL-2.0",
"mulanpsl-2.0",
"*HPND*",
"*hpnd*",
"HPND",
"hpnd",
"*TTYP0*",
"*ttyp0*",
"TTYP0",
"ttyp0",
"*LZMA-SDK-9.11-TO-9.20*",
"*lzma-sdk-9.11-to-9.20*",
"LZMA-SDK-9.11-TO-9.20",
"lzma-sdk-9.11-to-9.20",
"*OFFIS*",
"*offis*",
"OFFIS",
"offis",
"*MACKERRAS-3-CLAUSE-ACKNOWLEDGMENT*",
"*mackerras-3-clause-acknowledgment*",
"MACKERRAS-3-CLAUSE-ACKNOWLEDGMENT",
"mackerras-3-clause-acknowledgment",
"*FURUSETH*",
"*furuseth*",
"FURUSETH",
"furuseth",
"*CECILL-2.1*",
"*cecill-2.1*",
"CECILL-2.1",
"cecill-2.1",
"*HPND-EXPORT-US-MODIFY*",
"*hpnd-export-us-modify*",
"HPND-EXPORT-US-MODIFY",
"hpnd-export-us-modify",
"*XKEYBOARD-CONFIG-ZINOVIEV*",
"*xkeyboard-config-zinoviev*",
"XKEYBOARD-CONFIG-ZINOVIEV",
"xkeyboard-config-zinoviev",
"*BSD-3-CLAUSE-CLEAR*",
"*bsd-3-clause-clear*",
"BSD-3-CLAUSE-CLEAR",
"bsd-3-clause-clear",
"*LPPL-1.2*",
"*lppl-1.2*",
"LPPL-1.2",
"lppl-1.2",
"*MTLL*",
"*mtll*",
"MTLL",
"mtll",
"*FSL-1.1-MIT*",
"*fsl-1.1-mit*",
"FSL-1.1-MIT",
"fsl-1.1-mit",
"*DOC*",
"*doc*",
"DOC",
"doc",
"*ANTLR-PD-FALLBACK*",
"*antlr-pd-fallback*",
"ANTLR-PD-FALLBACK",
"antlr-pd-fallback",
"*MS-RL*",
"*ms-rl*",
"MS-RL",
"ms-rl",
"*BSD-3-CLAUSE-ACPICA*",
"*bsd-3-clause-acpica*",
"BSD-3-CLAUSE-ACPICA",
"bsd-3-clause-acpica",
"*PSFRAG*",
"*psfrag*",
"PSFRAG",
"psfrag",
"*LZMA-SDK-9.22*",
"*lzma-sdk-9.22*",
"LZMA-SDK-9.22",
"lzma-sdk-9.22",
"*SMPPL*",
"*smppl*",
"SMPPL",
"smppl",
"*ANY-OSI*",
"*any-osi*",
"ANY-OSI",
"any-osi",
"*APP-S2P*",
"*app-s2p*",
"APP-S2P",
"app-s2p",
"*HPND-SELL-VARIANT-MIT-DISCLAIMER*",
"*hpnd-sell-variant-mit-disclaimer*",
"HPND-SELL-VARIANT-MIT-DISCLAIMER",
"hpnd-sell-variant-mit-disclaimer",
"*JPL-IMAGE*",
"*jpl-image*",
"JPL-IMAGE",
"jpl-image",
"*BLESSING*",
"*blessing*",
"BLESSING",
"blessing",
}
07070100000058000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000001900000000grant-0.3.2/internal/log07070100000059000081A400000000000000000000000168CB9D6300000A41000000000000000000000000000000000000002000000000grant-0.3.2/internal/log/log.gopackage log
import (
"github.com/anchore/go-logger"
"github.com/anchore/go-logger/adapter/discard"
redactLogger "github.com/anchore/go-logger/adapter/redact"
"github.com/anchore/grant/internal/redact"
)
// log is the singleton used to facilitate logging internally within
var log = discard.New()
func Set(l logger.Logger) {
// though the application will automatically have a redaction logger, library consumers may not be doing this.
// for this reason we additionally ensure there is a redaction logger configured for any logger passed. The
// source of truth for redaction values is still in the internal redact package. If the passed logger is already
// redacted, then this is a no-op.
store := redact.Get()
if store != nil {
l = redactLogger.New(l, store)
}
log = l
}
func Get() logger.Logger {
return log
}
// Errorf takes a formatted template string and template arguments for the error logging level.
func Errorf(format string, args ...interface{}) {
log.Errorf(format, args...)
}
// Error logs the given arguments at the error logging level.
func Error(args ...interface{}) {
log.Error(args...)
}
// Warnf takes a formatted template string and template arguments for the warning logging level.
func Warnf(format string, args ...interface{}) {
log.Warnf(format, args...)
}
// Warn logs the given arguments at the warning logging level.
func Warn(args ...interface{}) {
log.Warn(args...)
}
// Infof takes a formatted template string and template arguments for the info logging level.
func Infof(format string, args ...interface{}) {
log.Infof(format, args...)
}
// Info logs the given arguments at the info logging level.
func Info(args ...interface{}) {
log.Info(args...)
}
// Debugf takes a formatted template string and template arguments for the debug logging level.
func Debugf(format string, args ...interface{}) {
log.Debugf(format, args...)
}
// Debug logs the given arguments at the debug logging level.
func Debug(args ...interface{}) {
log.Debug(args...)
}
// Tracef takes a formatted template string and template arguments for the trace logging level.
func Tracef(format string, args ...interface{}) {
log.Tracef(format, args...)
}
// Trace logs the given arguments at the trace logging level.
func Trace(args ...interface{}) {
log.Trace(args...)
}
// WithFields returns a message logger with multiple key-value fields.
func WithFields(fields ...interface{}) logger.MessageLogger {
return log.WithFields(fields...)
}
// Nested returns a new logger with hard coded key-value pairs
func Nested(fields ...interface{}) logger.Logger {
return log.Nested(fields...)
}
0707010000005A000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000001C00000000grant-0.3.2/internal/redact0707010000005B000081A400000000000000000000000168CB9D6300000481000000000000000000000000000000000000002600000000grant-0.3.2/internal/redact/redact.gopackage redact
import "github.com/anchore/go-logger/adapter/redact"
var store redact.Store
func Set(s redact.Store) {
if store != nil {
// if someone is trying to set a redaction store and we already have one then something is wrong. The store
// that we're replacing might already have values in it, so we should never replace it.
panic("replace existing redaction store (probably unintentional)")
}
store = s
}
func Get() redact.Store {
return store
}
func Add(vs ...string) {
if store == nil {
// if someone is trying to add values that should never be output and we don't have a store then something is wrong.
// we should never accidentally output values that should be redacted, thus we panic here.
panic("cannot add redactions without a store")
}
store.Add(vs...)
}
func Apply(value string) string {
if store == nil {
// if someone is trying to add values that should never be output and we don't have a store then something is wrong.
// we should never accidentally output values that should be redacted, thus we panic here.
panic("cannot apply redactions without a store")
}
return store.RedactString(value)
}
0707010000005C000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000002100000000grant-0.3.2/internal/spdxlicense0707010000005D000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000002A00000000grant-0.3.2/internal/spdxlicense/generate0707010000005E000081A400000000000000000000000168CB9D630000239A000000000000000000000000000000000000004400000000grant-0.3.2/internal/spdxlicense/generate/generate_license_index.go//go:generate go run generate_license_index.go
package main
import (
"encoding/json"
"fmt"
"net/http"
"os"
"strings"
"text/template"
"time"
"github.com/anchore/grant/internal/spdxlicense"
)
const (
generates = "../license_index.go"
)
var FuncMap = template.FuncMap{
"ToLower": func(format string, args ...interface{}) string {
return strings.ToLower(fmt.Sprintf(format, args...))
},
}
var codeTemplate = template.Must(template.New("license_index.go").Funcs(FuncMap).Parse(`// Code generated by internal/spdxlicense/generate/generate_license_index.go; DO NOT EDIT.
// This file was generated by go generate; DO NOT EDIT; {{ .Timestamp }}
// License source: {{ .URL }}
package spdxlicense
const Version = {{ printf "%q" .Version }}
const ReleaseData = {{ printf "%q" .ReleaseDate }}
var index = map[string]SPDXLicense{
{{- range .Licenses }}
{{ ToLower "%q" .LicenseID }}: {
Reference: {{ printf "%q" .Reference }},
IsDeprecatedLicenseID: {{ .IsDeprecatedLicenseID }},
DetailsURL: {{ printf "%q" .DetailsURL }},
ReferenceNumber: {{ .ReferenceNumber }},
Name: {{ printf "%q" .Name }},
LicenseID: {{ printf "%q" .LicenseID }},
SeeAlso: []string{
{{- range .SeeAlso }}
{{ printf "%q" . }},
{{- end }}
},
IsOsiApproved: {{ .IsOsiApproved }},
RiskCategory: RiskCategory({{ printf "%q" .RiskCategory }}),
},
{{- end }}
}
`))
func main() {
if err := generate(); err != nil {
fmt.Println(err)
os.Exit(1)
}
fmt.Println("generated", generates)
}
func generate() error {
spdxLicenseResposne, err := fetchLicenses()
if err != nil {
return err
}
// Categorize licenses based on GNU classifications
categorizedLicenses := categorizeLicenses(spdxLicenseResposne.Licenses)
if err := os.Remove(generates); err != nil && !os.IsNotExist(err) {
fmt.Println("Error deleting existing file:", err)
return err
}
f, err := os.Create(generates)
if err != nil {
return err
}
defer func() { _ = f.Close() }()
return codeTemplate.Execute(f, struct {
Timestamp string
URL string
Version string
ReleaseDate string
Licenses []spdxlicense.SPDXLicense
}{
Timestamp: time.Now().UTC().Format(time.RFC3339),
URL: "https://spdx.org/licenses/licenses.json",
Version: spdxLicenseResposne.LicenseListVersion,
ReleaseDate: spdxLicenseResposne.ReleaseDate,
Licenses: categorizedLicenses,
})
}
func fetchLicenses() (r *spdxlicense.Response, err error) {
response, err := http.Get("https://spdx.org/licenses/licenses.json")
if err != nil {
return r, err
}
defer func() { _ = response.Body.Close() }()
var spdxLicenseResponse spdxlicense.Response
if err := json.NewDecoder(response.Body).Decode(&spdxLicenseResponse); err != nil {
return r, err
}
return &spdxLicenseResponse, nil
}
// categorizeLicenses categorizes licenses based on GNU license classifications and common industry practices
//
// Data sources:
// - Primary reference: https://www.gnu.org/licenses/license-list.en.html
// The GNU license list categorizes licenses as:
// - "free software license, and a copyleft license" = Strong Copyleft
// - "free software license, but not a strong copyleft license" = Weak Copyleft
// - "permissive non-copyleft" = Permissive
//
// - Additional categorizations based on:
// - OSI (Open Source Initiative) license classifications
// - Common industry risk assessments for open source licenses
// - SPDX license list metadata and relationships
//
// Note: This categorization is a best-effort mapping. Some licenses may have nuanced
// interpretations depending on specific use cases. When the GNU list doesn't explicitly
// categorize a license, we use commonly accepted industry classifications.
//
// Excluded licenses:
// - Creative Commons licenses (CC-*): Content/documentation licenses, not software licenses
// - BSD-*-No-Nuclear-*: Field-of-use restrictions make them non-OSI approved
// - Artistic-1.0 variants: Legacy licenses with unclear/murky terms
// - Licenses with advertising clauses or name restrictions are noted but may need special handling
func categorizeLicenses(licenses []spdxlicense.SPDXLicense) []spdxlicense.SPDXLicense {
type licenseCategory struct {
category spdxlicense.RiskCategory
licenses map[string]struct{}
}
// Strong Copyleft licenses (High Risk)
// These require derivative works to be licensed under the same terms
strongCopyleft := licenseCategory{
category: spdxlicense.RiskCategoryHigh,
licenses: map[string]struct{}{
"GPL-1.0": {},
"GPL-1.0-only": {},
"GPL-1.0-or-later": {},
"GPL-2.0": {},
"GPL-2.0-only": {},
"GPL-2.0-or-later": {},
"GPL-3.0": {},
"GPL-3.0-only": {},
"GPL-3.0-or-later": {},
"AGPL-1.0": {},
"AGPL-1.0-only": {},
"AGPL-1.0-or-later": {},
"AGPL-3.0": {},
"AGPL-3.0-only": {},
"AGPL-3.0-or-later": {},
"OSL-1.0": {},
"OSL-2.0": {},
"OSL-2.1": {},
"OSL-3.0": {},
"EUPL-1.0": {},
"EUPL-1.1": {},
"EUPL-1.2": {},
"RPL-1.1": {},
"RPL-1.5": {},
"Sleepycat": {},
},
}
// Weak Copyleft licenses (Medium Risk)
// These have limited copyleft requirements (e.g., file-level, library-level)
weakCopyleft := licenseCategory{
category: spdxlicense.RiskCategoryMedium,
licenses: map[string]struct{}{
"LGPL-2.0": {},
"LGPL-2.0-only": {},
"LGPL-2.0-or-later": {},
"LGPL-2.1": {},
"LGPL-2.1-only": {},
"LGPL-2.1-or-later": {},
"LGPL-3.0": {},
"LGPL-3.0-only": {},
"LGPL-3.0-or-later": {},
"MPL-1.0": {},
"MPL-1.1": {},
"MPL-2.0": {},
"MPL-2.0-no-copyleft-exception": {},
"EPL-1.0": {},
"EPL-2.0": {},
"CDDL-1.0": {},
"CDDL-1.1": {},
"CPL-1.0": {},
"IPL-1.0": {},
"SISSL": {}, // Sun Industry Standards Source License - weak reciprocal
// Removed: Artistic-2.0 (generally permissive, GPL-compatible)
// Removed: Nokia (permissive with naming/attribution quirks)
},
}
// Permissive licenses (Low Risk)
// These allow proprietary use with minimal restrictions
permissive := licenseCategory{
category: spdxlicense.RiskCategoryLow,
licenses: map[string]struct{}{
"MIT": {},
"MIT-0": {},
"MIT-CMU": {},
"MIT-enna": {},
"MIT-feh": {},
"Apache-1.0": {},
"Apache-1.1": {},
"Apache-2.0": {},
"BSD-1-Clause": {},
"BSD-2-Clause": {},
"BSD-2-Clause-Patent": {},
"BSD-2-Clause-Views": {},
"BSD-3-Clause": {},
"BSD-3-Clause-Clear": {},
"BSD-3-Clause-Attribution": {},
"BSD-3-Clause-LBNL": {},
"BSD-3-Clause-Open-MPI": {},
"BSD-4-Clause": {}, // Has advertising clause but still permissive
"BSD-4-Clause-UC": {},
"ISC": {},
"Zlib": {},
"Unlicense": {},
"0BSD": {},
"WTFPL": {},
"X11": {},
"BSL-1.0": {},
"PostgreSQL": {},
"Python-2.0": {},
"PSF-2.0": {},
"Ruby": {},
"Libpng": {},
"libpng-2.0": {},
"IJG": {},
"libtiff": {},
"FTL": {},
"UPL-1.0": {},
"Artistic-2.0": {}, // GPL-compatible, generally permissive
// "Nokia": {}, // Nokia Open Source License - permissive with naming quirks TBD
// Removed: BSD-*-No-Nuclear-* (field-of-use restrictions, not truly open source)
// Removed: CC0-1.0, CC-BY-* (content licenses)
// Removed: PHP-3.0/3.01 (name/advertising restrictions, GPL-incompatible)
// Removed: MIT-advertising (advertising clause)
// Removed: Artistic-1.0 variants (murky/unclear terms)
},
}
// Create a unified map for efficient lookup
categoryMap := make(map[string]spdxlicense.RiskCategory)
for licenseID := range strongCopyleft.licenses {
categoryMap[licenseID] = strongCopyleft.category
}
for licenseID := range weakCopyleft.licenses {
categoryMap[licenseID] = weakCopyleft.category
}
for licenseID := range permissive.licenses {
categoryMap[licenseID] = permissive.category
}
// Categorize each license
for i := range licenses {
if category, exists := categoryMap[licenses[i].LicenseID]; exists {
licenses[i].RiskCategory = category
}
// If not categorized, RiskCategory will remain empty
}
return licenses
}
0707010000005F000081A400000000000000000000000168CB9D6300000B10000000000000000000000000000000000000002C00000000grant-0.3.2/internal/spdxlicense/license.gopackage spdxlicense
import (
"fmt"
"strings"
)
// RiskCategory represents the risk level associated with a license
type RiskCategory string
const (
// RiskCategoryHigh represents strong copyleft licenses that require derivative works to be licensed under the same terms
RiskCategoryHigh RiskCategory = "Strong Copyleft (High Risk)"
// RiskCategoryMedium represents weak copyleft licenses with limited copyleft requirements (e.g., file-level, library-level)
RiskCategoryMedium RiskCategory = "Weak Copyleft (Medium Risk)"
// RiskCategoryLow represents permissive licenses that allow proprietary use with minimal restrictions
RiskCategoryLow RiskCategory = "Permissive (Low Risk)"
// RiskCategoryUncategorized represents licenses that have not been categorized
RiskCategoryUncategorized RiskCategory = ""
)
// String returns the string representation of the RiskCategory
func (r RiskCategory) String() string {
return string(r)
}
// IsHigh returns true if this is a high risk category
func (r RiskCategory) IsHigh() bool {
return r == RiskCategoryHigh
}
// IsMedium returns true if this is a medium risk category
func (r RiskCategory) IsMedium() bool {
return r == RiskCategoryMedium
}
// IsLow returns true if this is a low risk category
func (r RiskCategory) IsLow() bool {
return r == RiskCategoryLow
}
// IsUncategorized returns true if this license has not been categorized
func (r RiskCategory) IsUncategorized() bool {
return r == RiskCategoryUncategorized
}
// SPDXLicenseResponse is the response from the SPDX license list endpoint
// https://spdx.org/licenses/licenses.json
type Response struct {
LicenseListVersion string `json:"licenseListVersion"`
ReleaseDate string `json:"releaseDate"`
Licenses []SPDXLicense `json:"licenses"`
}
type SPDXLicense struct {
Reference string `json:"reference"`
IsDeprecatedLicenseID bool `json:"isDeprecatedLicenseId"`
DetailsURL string `json:"detailsUrl"`
ReferenceNumber int `json:"referenceNumber"`
Name string `json:"name"`
LicenseID string `json:"licenseId"`
SeeAlso []string `json:"seeAlso"`
IsOsiApproved bool `json:"isOsiApproved"`
RiskCategory RiskCategory `json:"riskCategory,omitempty"`
}
func GetLicenseByID(id string) (license SPDXLicense, err error) {
if index == nil {
return license, fmt.Errorf("SPDX license index is nil")
}
license, ok := index[strings.ToLower(id)]
if !ok {
return license, fmt.Errorf("SPDX license %s not found", id)
}
return license, nil
}
func GetAllLicenseKeys() []string {
if index == nil {
return []string{}
}
keys := make([]string, 0, len(index))
for k := range index {
keys = append(keys, k)
}
return keys
}
07070100000060000081A400000000000000000000000168CB9D630005660C000000000000000000000000000000000000003200000000grant-0.3.2/internal/spdxlicense/license_index.go// Code generated by internal/spdxlicense/generate/generate_license_index.go; DO NOT EDIT.
// This file was generated by go generate; DO NOT EDIT; 2025-09-16T05:50:12Z
// License source: https://spdx.org/licenses/licenses.json
package spdxlicense
const Version = "3.27.0"
const ReleaseData = "2025-07-01T00:00:00Z"
var index = map[string]SPDXLicense{
"x11": {
Reference: "https://spdx.org/licenses/X11.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/X11.json",
ReferenceNumber: 0,
Name: "X11 License",
LicenseID: "X11",
SeeAlso: []string{
"http://www.xfree86.org/3.3.6/COPYRIGHT2.html#3",
},
IsOsiApproved: false,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"hpnd-export2-us": {
Reference: "https://spdx.org/licenses/HPND-export2-US.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HPND-export2-US.json",
ReferenceNumber: 1,
Name: "HPND with US Government export control and 2 disclaimers",
LicenseID: "HPND-export2-US",
SeeAlso: []string{
"https://github.com/krb5/krb5/blob/krb5-1.21.2-final/NOTICE#L111-L133",
"https://web.mit.edu/kerberos/krb5-1.21/doc/mitK5license.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"openpbs-2.3": {
Reference: "https://spdx.org/licenses/OpenPBS-2.3.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OpenPBS-2.3.json",
ReferenceNumber: 2,
Name: "OpenPBS v2.3 Software License",
LicenseID: "OpenPBS-2.3",
SeeAlso: []string{
"https://github.com/adaptivecomputing/torque/blob/master/PBS_License.txt",
"https://www.mcs.anl.gov/research/projects/openpbs/PBS_License.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"osl-3.0": {
Reference: "https://spdx.org/licenses/OSL-3.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OSL-3.0.json",
ReferenceNumber: 3,
Name: "Open Software License 3.0",
LicenseID: "OSL-3.0",
SeeAlso: []string{
"https://web.archive.org/web/20120101081418/http://rosenlaw.com:80/OSL3.0.htm",
"https://opensource.org/licenses/OSL-3.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Strong Copyleft (High Risk)"),
},
"rdisc": {
Reference: "https://spdx.org/licenses/Rdisc.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Rdisc.json",
ReferenceNumber: 4,
Name: "Rdisc License",
LicenseID: "Rdisc",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Rdisc_License",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"lpd-document": {
Reference: "https://spdx.org/licenses/LPD-document.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/LPD-document.json",
ReferenceNumber: 5,
Name: "LPD Documentation License",
LicenseID: "LPD-document",
SeeAlso: []string{
"https://github.com/Cyan4973/xxHash/blob/dev/doc/xxhash_spec.md",
"https://www.ietf.org/rfc/rfc1952.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bsd-3-clause-lbnl": {
Reference: "https://spdx.org/licenses/BSD-3-Clause-LBNL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-3-Clause-LBNL.json",
ReferenceNumber: 6,
Name: "Lawrence Berkeley National Labs BSD variant license",
LicenseID: "BSD-3-Clause-LBNL",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/LBNLBSD",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"afl-1.1": {
Reference: "https://spdx.org/licenses/AFL-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/AFL-1.1.json",
ReferenceNumber: 7,
Name: "Academic Free License v1.1",
LicenseID: "AFL-1.1",
SeeAlso: []string{
"http://opensource.linux-mirror.org/licenses/afl-1.1.txt",
"http://wayback.archive.org/web/20021004124254/http://www.opensource.org/licenses/academic.php",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"hp-1989": {
Reference: "https://spdx.org/licenses/HP-1989.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HP-1989.json",
ReferenceNumber: 8,
Name: "Hewlett-Packard 1989 License",
LicenseID: "HP-1989",
SeeAlso: []string{
"https://github.com/bleargh45/Data-UUID/blob/master/LICENSE",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"lgpl-3.0": {
Reference: "https://spdx.org/licenses/LGPL-3.0.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/LGPL-3.0.json",
ReferenceNumber: 9,
Name: "GNU Lesser General Public License v3.0 only",
LicenseID: "LGPL-3.0",
SeeAlso: []string{
"https://www.gnu.org/licenses/lgpl-3.0-standalone.html",
"https://www.gnu.org/licenses/lgpl+gpl-3.0.txt",
"https://opensource.org/licenses/LGPL-3.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Weak Copyleft (Medium Risk)"),
},
"gpl-1.0": {
Reference: "https://spdx.org/licenses/GPL-1.0.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/GPL-1.0.json",
ReferenceNumber: 10,
Name: "GNU General Public License v1.0 only",
LicenseID: "GPL-1.0",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/gpl-1.0-standalone.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory("Strong Copyleft (High Risk)"),
},
"cc-by-nd-4.0": {
Reference: "https://spdx.org/licenses/CC-BY-ND-4.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-ND-4.0.json",
ReferenceNumber: 11,
Name: "Creative Commons Attribution No Derivatives 4.0 International",
LicenseID: "CC-BY-ND-4.0",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nd/4.0/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"rsa-md": {
Reference: "https://spdx.org/licenses/RSA-MD.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/RSA-MD.json",
ReferenceNumber: 12,
Name: "RSA Message-Digest License",
LicenseID: "RSA-MD",
SeeAlso: []string{
"http://www.faqs.org/rfcs/rfc1321.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"hpnd-sell-variant": {
Reference: "https://spdx.org/licenses/HPND-sell-variant.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HPND-sell-variant.json",
ReferenceNumber: 13,
Name: "Historical Permission Notice and Disclaimer - sell variant",
LicenseID: "HPND-sell-variant",
SeeAlso: []string{
"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/sunrpc/auth_gss/gss_generic_token.c?h=v4.19",
"https://github.com/kfish/xsel/blob/master/COPYING",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"threeparttable": {
Reference: "https://spdx.org/licenses/threeparttable.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/threeparttable.json",
ReferenceNumber: 14,
Name: "threeparttable License",
LicenseID: "threeparttable",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Threeparttable",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ampas": {
Reference: "https://spdx.org/licenses/AMPAS.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/AMPAS.json",
ReferenceNumber: 15,
Name: "Academy of Motion Picture Arts and Sciences BSD",
LicenseID: "AMPAS",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/BSD#AMPASBSD",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ngrep": {
Reference: "https://spdx.org/licenses/ngrep.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/ngrep.json",
ReferenceNumber: 16,
Name: "ngrep License",
LicenseID: "ngrep",
SeeAlso: []string{
"https://github.com/jpr5/ngrep/blob/master/LICENSE",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"mplus": {
Reference: "https://spdx.org/licenses/mplus.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/mplus.json",
ReferenceNumber: 17,
Name: "mplus Font License",
LicenseID: "mplus",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing:Mplus?rd=Licensing/mplus",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"mit-festival": {
Reference: "https://spdx.org/licenses/MIT-Festival.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MIT-Festival.json",
ReferenceNumber: 18,
Name: "MIT Festival Variant",
LicenseID: "MIT-Festival",
SeeAlso: []string{
"https://github.com/festvox/flite/blob/master/COPYING",
"https://github.com/festvox/speech_tools/blob/master/COPYING",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"hdf5": {
Reference: "https://spdx.org/licenses/HDF5.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HDF5.json",
ReferenceNumber: 19,
Name: "HDF5 License",
LicenseID: "HDF5",
SeeAlso: []string{
"https://github.com/HDFGroup/hdf5/?tab=License-1-ov-file#readme",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"artistic-1.0-perl": {
Reference: "https://spdx.org/licenses/Artistic-1.0-Perl.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Artistic-1.0-Perl.json",
ReferenceNumber: 20,
Name: "Artistic License 1.0 (Perl)",
LicenseID: "Artistic-1.0-Perl",
SeeAlso: []string{
"http://dev.perl.org/licenses/artistic.html",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"bsd-4-clause-uc": {
Reference: "https://spdx.org/licenses/BSD-4-Clause-UC.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-4-Clause-UC.json",
ReferenceNumber: 21,
Name: "BSD-4-Clause (University of California-Specific)",
LicenseID: "BSD-4-Clause-UC",
SeeAlso: []string{
"http://www.freebsd.org/copyright/license.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"sax-pd": {
Reference: "https://spdx.org/licenses/SAX-PD.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SAX-PD.json",
ReferenceNumber: 22,
Name: "Sax Public Domain Notice",
LicenseID: "SAX-PD",
SeeAlso: []string{
"http://www.saxproject.org/copying.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"apsl-1.1": {
Reference: "https://spdx.org/licenses/APSL-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/APSL-1.1.json",
ReferenceNumber: 23,
Name: "Apple Public Source License 1.1",
LicenseID: "APSL-1.1",
SeeAlso: []string{
"http://www.opensource.apple.com/source/IOSerialFamily/IOSerialFamily-7/APPLE_LICENSE",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"agpl-1.0-or-later": {
Reference: "https://spdx.org/licenses/AGPL-1.0-or-later.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/AGPL-1.0-or-later.json",
ReferenceNumber: 24,
Name: "Affero General Public License v1.0 or later",
LicenseID: "AGPL-1.0-or-later",
SeeAlso: []string{
"http://www.affero.org/oagpl.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory("Strong Copyleft (High Risk)"),
},
"antlr-pd": {
Reference: "https://spdx.org/licenses/ANTLR-PD.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/ANTLR-PD.json",
ReferenceNumber: 25,
Name: "ANTLR Software Rights Notice",
LicenseID: "ANTLR-PD",
SeeAlso: []string{
"http://www.antlr2.org/license.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"zimbra-1.3": {
Reference: "https://spdx.org/licenses/Zimbra-1.3.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Zimbra-1.3.json",
ReferenceNumber: 26,
Name: "Zimbra Public License v1.3",
LicenseID: "Zimbra-1.3",
SeeAlso: []string{
"http://web.archive.org/web/20100302225219/http://www.zimbra.com/license/zimbra-public-license-1-3.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"glwtpl": {
Reference: "https://spdx.org/licenses/GLWTPL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/GLWTPL.json",
ReferenceNumber: 27,
Name: "Good Luck With That Public License",
LicenseID: "GLWTPL",
SeeAlso: []string{
"https://github.com/me-shaon/GLWTPL/commit/da5f6bc734095efbacb442c0b31e33a65b9d6e85",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"minpack": {
Reference: "https://spdx.org/licenses/Minpack.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Minpack.json",
ReferenceNumber: 28,
Name: "Minpack License",
LicenseID: "Minpack",
SeeAlso: []string{
"http://www.netlib.org/minpack/disclaimer",
"https://gitlab.com/libeigen/eigen/-/blob/master/COPYING.MINPACK",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"osl-2.1": {
Reference: "https://spdx.org/licenses/OSL-2.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OSL-2.1.json",
ReferenceNumber: 29,
Name: "Open Software License 2.1",
LicenseID: "OSL-2.1",
SeeAlso: []string{
"http://web.archive.org/web/20050212003940/http://www.rosenlaw.com/osl21.htm",
"https://opensource.org/licenses/OSL-2.1",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Strong Copyleft (High Risk)"),
},
"polyform-small-business-1.0.0": {
Reference: "https://spdx.org/licenses/PolyForm-Small-Business-1.0.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/PolyForm-Small-Business-1.0.0.json",
ReferenceNumber: 30,
Name: "PolyForm Small Business License 1.0.0",
LicenseID: "PolyForm-Small-Business-1.0.0",
SeeAlso: []string{
"https://polyformproject.org/licenses/small-business/1.0.0",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"doc": {
Reference: "https://spdx.org/licenses/DOC.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/DOC.json",
ReferenceNumber: 31,
Name: "DOC License",
LicenseID: "DOC",
SeeAlso: []string{
"http://www.cs.wustl.edu/~schmidt/ACE-copying.html",
"https://www.dre.vanderbilt.edu/~schmidt/ACE-copying.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cronyx": {
Reference: "https://spdx.org/licenses/Cronyx.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Cronyx.json",
ReferenceNumber: 32,
Name: "Cronyx License",
LicenseID: "Cronyx",
SeeAlso: []string{
"https://gitlab.freedesktop.org/xorg/font/alias/-/blob/master/COPYING",
"https://gitlab.freedesktop.org/xorg/font/cronyx-cyrillic/-/blob/master/COPYING",
"https://gitlab.freedesktop.org/xorg/font/misc-cyrillic/-/blob/master/COPYING",
"https://gitlab.freedesktop.org/xorg/font/screen-cyrillic/-/blob/master/COPYING",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"lppl-1.3c": {
Reference: "https://spdx.org/licenses/LPPL-1.3c.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/LPPL-1.3c.json",
ReferenceNumber: 33,
Name: "LaTeX Project Public License v1.3c",
LicenseID: "LPPL-1.3c",
SeeAlso: []string{
"http://www.latex-project.org/lppl/lppl-1-3c.txt",
"https://opensource.org/licenses/LPPL-1.3c",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"sgi-opengl": {
Reference: "https://spdx.org/licenses/SGI-OpenGL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SGI-OpenGL.json",
ReferenceNumber: 34,
Name: "SGI OpenGL License",
LicenseID: "SGI-OpenGL",
SeeAlso: []string{
"https://gitlab.freedesktop.org/mesa/glw/-/blob/master/README?ref_type=heads",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"libtiff": {
Reference: "https://spdx.org/licenses/libtiff.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/libtiff.json",
ReferenceNumber: 35,
Name: "libtiff License",
LicenseID: "libtiff",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/libtiff",
},
IsOsiApproved: false,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"openvision": {
Reference: "https://spdx.org/licenses/OpenVision.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OpenVision.json",
ReferenceNumber: 36,
Name: "OpenVision License",
LicenseID: "OpenVision",
SeeAlso: []string{
"https://github.com/krb5/krb5/blob/krb5-1.21.2-final/NOTICE#L66-L98",
"https://web.mit.edu/kerberos/krb5-1.21/doc/mitK5license.html",
"https://fedoraproject.org/wiki/Licensing:MIT#OpenVision_Variant",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"trustedqsl": {
Reference: "https://spdx.org/licenses/TrustedQSL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/TrustedQSL.json",
ReferenceNumber: 37,
Name: "TrustedQSL License",
LicenseID: "TrustedQSL",
SeeAlso: []string{
"https://sourceforge.net/p/trustedqsl/tqsl/ci/master/tree/LICENSE.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"agpl-1.0": {
Reference: "https://spdx.org/licenses/AGPL-1.0.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/AGPL-1.0.json",
ReferenceNumber: 38,
Name: "Affero General Public License v1.0",
LicenseID: "AGPL-1.0",
SeeAlso: []string{
"http://www.affero.org/oagpl.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory("Strong Copyleft (High Risk)"),
},
"sun-ppp": {
Reference: "https://spdx.org/licenses/Sun-PPP.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Sun-PPP.json",
ReferenceNumber: 39,
Name: "Sun PPP License",
LicenseID: "Sun-PPP",
SeeAlso: []string{
"https://github.com/ppp-project/ppp/blob/master/pppd/eap.c#L7-L16",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"entessa": {
Reference: "https://spdx.org/licenses/Entessa.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Entessa.json",
ReferenceNumber: 40,
Name: "Entessa Public License v1.0",
LicenseID: "Entessa",
SeeAlso: []string{
"https://opensource.org/licenses/Entessa",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"afl-2.0": {
Reference: "https://spdx.org/licenses/AFL-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/AFL-2.0.json",
ReferenceNumber: 41,
Name: "Academic Free License v2.0",
LicenseID: "AFL-2.0",
SeeAlso: []string{
"http://wayback.archive.org/web/20060924134533/http://www.opensource.org/licenses/afl-2.0.txt",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"sleepycat": {
Reference: "https://spdx.org/licenses/Sleepycat.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Sleepycat.json",
ReferenceNumber: 42,
Name: "Sleepycat License",
LicenseID: "Sleepycat",
SeeAlso: []string{
"https://opensource.org/licenses/Sleepycat",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Strong Copyleft (High Risk)"),
},
"latex2e": {
Reference: "https://spdx.org/licenses/Latex2e.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Latex2e.json",
ReferenceNumber: 43,
Name: "Latex2e License",
LicenseID: "Latex2e",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Latex2e",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"fdk-aac": {
Reference: "https://spdx.org/licenses/FDK-AAC.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/FDK-AAC.json",
ReferenceNumber: 44,
Name: "Fraunhofer FDK AAC Codec Library",
LicenseID: "FDK-AAC",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/FDK-AAC",
"https://directory.fsf.org/wiki/License:Fdk",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cecill-c": {
Reference: "https://spdx.org/licenses/CECILL-C.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CECILL-C.json",
ReferenceNumber: 45,
Name: "CeCILL-C Free Software License Agreement",
LicenseID: "CECILL-C",
SeeAlso: []string{
"http://www.cecill.info/licences/Licence_CeCILL-C_V1-en.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"odc-by-1.0": {
Reference: "https://spdx.org/licenses/ODC-By-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/ODC-By-1.0.json",
ReferenceNumber: 46,
Name: "Open Data Commons Attribution License v1.0",
LicenseID: "ODC-By-1.0",
SeeAlso: []string{
"https://opendatacommons.org/licenses/by/1.0/",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bitstream-charter": {
Reference: "https://spdx.org/licenses/Bitstream-Charter.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Bitstream-Charter.json",
ReferenceNumber: 47,
Name: "Bitstream Charter Font License",
LicenseID: "Bitstream-Charter",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Charter#License_Text",
"https://raw.githubusercontent.com/blackhole89/notekit/master/data/fonts/Charter%20license.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"umich-merit": {
Reference: "https://spdx.org/licenses/UMich-Merit.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/UMich-Merit.json",
ReferenceNumber: 48,
Name: "Michigan/Merit Networks License",
LicenseID: "UMich-Merit",
SeeAlso: []string{
"https://github.com/radcli/radcli/blob/master/COPYRIGHT#L64",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-nc-2.5": {
Reference: "https://spdx.org/licenses/CC-BY-NC-2.5.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-NC-2.5.json",
ReferenceNumber: 49,
Name: "Creative Commons Attribution Non Commercial 2.5 Generic",
LicenseID: "CC-BY-NC-2.5",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nc/2.5/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"diffmark": {
Reference: "https://spdx.org/licenses/diffmark.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/diffmark.json",
ReferenceNumber: 50,
Name: "diffmark license",
LicenseID: "diffmark",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/diffmark",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"blueoak-1.0.0": {
Reference: "https://spdx.org/licenses/BlueOak-1.0.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BlueOak-1.0.0.json",
ReferenceNumber: 51,
Name: "Blue Oak Model License 1.0.0",
LicenseID: "BlueOak-1.0.0",
SeeAlso: []string{
"https://blueoakcouncil.org/license/1.0.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"info-zip": {
Reference: "https://spdx.org/licenses/Info-ZIP.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Info-ZIP.json",
ReferenceNumber: 52,
Name: "Info-ZIP License",
LicenseID: "Info-ZIP",
SeeAlso: []string{
"http://www.info-zip.org/license.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-nc-nd-4.0": {
Reference: "https://spdx.org/licenses/CC-BY-NC-ND-4.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-NC-ND-4.0.json",
ReferenceNumber: 53,
Name: "Creative Commons Attribution Non Commercial No Derivatives 4.0 International",
LicenseID: "CC-BY-NC-ND-4.0",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"json": {
Reference: "https://spdx.org/licenses/JSON.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/JSON.json",
ReferenceNumber: 54,
Name: "JSON License",
LicenseID: "JSON",
SeeAlso: []string{
"http://www.json.org/license.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"sendmail-8.23": {
Reference: "https://spdx.org/licenses/Sendmail-8.23.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Sendmail-8.23.json",
ReferenceNumber: 55,
Name: "Sendmail License 8.23",
LicenseID: "Sendmail-8.23",
SeeAlso: []string{
"https://www.proofpoint.com/sites/default/files/sendmail-license.pdf",
"https://web.archive.org/web/20181003101040/https://www.proofpoint.com/sites/default/files/sendmail-license.pdf",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"sgi-b-1.0": {
Reference: "https://spdx.org/licenses/SGI-B-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SGI-B-1.0.json",
ReferenceNumber: 56,
Name: "SGI Free Software License B v1.0",
LicenseID: "SGI-B-1.0",
SeeAlso: []string{
"http://oss.sgi.com/projects/FreeB/SGIFreeSWLicB.1.0.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"rpl-1.1": {
Reference: "https://spdx.org/licenses/RPL-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/RPL-1.1.json",
ReferenceNumber: 57,
Name: "Reciprocal Public License 1.1",
LicenseID: "RPL-1.1",
SeeAlso: []string{
"https://opensource.org/licenses/RPL-1.1",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Strong Copyleft (High Risk)"),
},
"isc": {
Reference: "https://spdx.org/licenses/ISC.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/ISC.json",
ReferenceNumber: 58,
Name: "ISC License",
LicenseID: "ISC",
SeeAlso: []string{
"https://www.isc.org/licenses/",
"https://www.isc.org/downloads/software-support-policy/isc-license/",
"https://opensource.org/licenses/ISC",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"fsful": {
Reference: "https://spdx.org/licenses/FSFUL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/FSFUL.json",
ReferenceNumber: 59,
Name: "FSF Unlimited License",
LicenseID: "FSFUL",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/FSF_Unlimited_License",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"multics": {
Reference: "https://spdx.org/licenses/Multics.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Multics.json",
ReferenceNumber: 60,
Name: "Multics License",
LicenseID: "Multics",
SeeAlso: []string{
"https://opensource.org/licenses/Multics",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"3d-slicer-1.0": {
Reference: "https://spdx.org/licenses/3D-Slicer-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/3D-Slicer-1.0.json",
ReferenceNumber: 61,
Name: "3D Slicer License v1.0",
LicenseID: "3D-Slicer-1.0",
SeeAlso: []string{
"https://slicer.org/LICENSE",
"https://github.com/Slicer/Slicer/blob/main/License.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"libpng": {
Reference: "https://spdx.org/licenses/Libpng.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Libpng.json",
ReferenceNumber: 62,
Name: "libpng License",
LicenseID: "Libpng",
SeeAlso: []string{
"http://www.libpng.org/pub/png/src/libpng-LICENSE.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"lppl-1.0": {
Reference: "https://spdx.org/licenses/LPPL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/LPPL-1.0.json",
ReferenceNumber: 63,
Name: "LaTeX Project Public License v1.0",
LicenseID: "LPPL-1.0",
SeeAlso: []string{
"http://www.latex-project.org/lppl/lppl-1-0.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ngpl": {
Reference: "https://spdx.org/licenses/NGPL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/NGPL.json",
ReferenceNumber: 64,
Name: "Nethack General Public License",
LicenseID: "NGPL",
SeeAlso: []string{
"https://opensource.org/licenses/NGPL",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"clips": {
Reference: "https://spdx.org/licenses/Clips.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Clips.json",
ReferenceNumber: 65,
Name: "Clips License",
LicenseID: "Clips",
SeeAlso: []string{
"https://github.com/DrItanium/maya/blob/master/LICENSE.CLIPS",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-4.0": {
Reference: "https://spdx.org/licenses/CC-BY-4.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-4.0.json",
ReferenceNumber: 66,
Name: "Creative Commons Attribution 4.0 International",
LicenseID: "CC-BY-4.0",
SeeAlso: []string{
"https://creativecommons.org/licenses/by/4.0/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gfdl-1.1-or-later": {
Reference: "https://spdx.org/licenses/GFDL-1.1-or-later.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/GFDL-1.1-or-later.json",
ReferenceNumber: 67,
Name: "GNU Free Documentation License v1.1 or later",
LicenseID: "GFDL-1.1-or-later",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gpl-1.0-or-later": {
Reference: "https://spdx.org/licenses/GPL-1.0-or-later.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/GPL-1.0-or-later.json",
ReferenceNumber: 68,
Name: "GNU General Public License v1.0 or later",
LicenseID: "GPL-1.0-or-later",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/gpl-1.0-standalone.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory("Strong Copyleft (High Risk)"),
},
"gfdl-1.3-invariants-only": {
Reference: "https://spdx.org/licenses/GFDL-1.3-invariants-only.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/GFDL-1.3-invariants-only.json",
ReferenceNumber: 69,
Name: "GNU Free Documentation License v1.3 only - invariants",
LicenseID: "GFDL-1.3-invariants-only",
SeeAlso: []string{
"https://www.gnu.org/licenses/fdl-1.3.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"sun-ppp-2000": {
Reference: "https://spdx.org/licenses/Sun-PPP-2000.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Sun-PPP-2000.json",
ReferenceNumber: 70,
Name: "Sun PPP License (2000)",
LicenseID: "Sun-PPP-2000",
SeeAlso: []string{
"https://github.com/ppp-project/ppp/blob/master/modules/ppp_ahdlc.c#L7-L19",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"glide": {
Reference: "https://spdx.org/licenses/Glide.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Glide.json",
ReferenceNumber: 71,
Name: "3dfx Glide License",
LicenseID: "Glide",
SeeAlso: []string{
"http://www.users.on.net/~triforce/glidexp/COPYING.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"furuseth": {
Reference: "https://spdx.org/licenses/Furuseth.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Furuseth.json",
ReferenceNumber: 72,
Name: "Furuseth License",
LicenseID: "Furuseth",
SeeAlso: []string{
"https://git.openldap.org/openldap/openldap/-/blob/master/COPYRIGHT?ref_type=heads#L39-51",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gfdl-1.3-no-invariants-or-later": {
Reference: "https://spdx.org/licenses/GFDL-1.3-no-invariants-or-later.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/GFDL-1.3-no-invariants-or-later.json",
ReferenceNumber: 73,
Name: "GNU Free Documentation License v1.3 or later - no invariants",
LicenseID: "GFDL-1.3-no-invariants-or-later",
SeeAlso: []string{
"https://www.gnu.org/licenses/fdl-1.3.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"any-osi": {
Reference: "https://spdx.org/licenses/any-OSI.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/any-OSI.json",
ReferenceNumber: 74,
Name: "Any OSI License",
LicenseID: "any-OSI",
SeeAlso: []string{
"https://metacpan.org/pod/Exporter::Tidy#LICENSE",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"lgpl-2.0-or-later": {
Reference: "https://spdx.org/licenses/LGPL-2.0-or-later.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/LGPL-2.0-or-later.json",
ReferenceNumber: 75,
Name: "GNU Library General Public License v2 or later",
LicenseID: "LGPL-2.0-or-later",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/lgpl-2.0-standalone.html",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Weak Copyleft (Medium Risk)"),
},
"adsl": {
Reference: "https://spdx.org/licenses/ADSL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/ADSL.json",
ReferenceNumber: 76,
Name: "Amazon Digital Services License",
LicenseID: "ADSL",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/AmazonDigitalServicesLicense",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"noweb": {
Reference: "https://spdx.org/licenses/Noweb.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Noweb.json",
ReferenceNumber: 77,
Name: "Noweb License",
LicenseID: "Noweb",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Noweb",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"linux-man-pages-1-para": {
Reference: "https://spdx.org/licenses/Linux-man-pages-1-para.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Linux-man-pages-1-para.json",
ReferenceNumber: 78,
Name: "Linux man-pages - 1 paragraph",
LicenseID: "Linux-man-pages-1-para",
SeeAlso: []string{
"https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/tree/man2/getcpu.2#n4",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-sa-3.0": {
Reference: "https://spdx.org/licenses/CC-BY-SA-3.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-SA-3.0.json",
ReferenceNumber: 79,
Name: "Creative Commons Attribution Share Alike 3.0 Unported",
LicenseID: "CC-BY-SA-3.0",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-sa/3.0/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"tapr-ohl-1.0": {
Reference: "https://spdx.org/licenses/TAPR-OHL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/TAPR-OHL-1.0.json",
ReferenceNumber: 80,
Name: "TAPR Open Hardware License v1.0",
LicenseID: "TAPR-OHL-1.0",
SeeAlso: []string{
"https://www.tapr.org/OHL",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"smlnj": {
Reference: "https://spdx.org/licenses/SMLNJ.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SMLNJ.json",
ReferenceNumber: 81,
Name: "Standard ML of New Jersey License",
LicenseID: "SMLNJ",
SeeAlso: []string{
"https://www.smlnj.org/license.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ofl-1.1-rfn": {
Reference: "https://spdx.org/licenses/OFL-1.1-RFN.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OFL-1.1-RFN.json",
ReferenceNumber: 82,
Name: "SIL Open Font License 1.1 with Reserved Font Name",
LicenseID: "OFL-1.1-RFN",
SeeAlso: []string{
"http://scripts.sil.org/cms/scripts/page.php?item_id=OFL_web",
"https://opensource.org/licenses/OFL-1.1",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"sl": {
Reference: "https://spdx.org/licenses/SL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SL.json",
ReferenceNumber: 83,
Name: "SL License",
LicenseID: "SL",
SeeAlso: []string{
"https://github.com/mtoyoda/sl/blob/master/LICENSE",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"afmparse": {
Reference: "https://spdx.org/licenses/Afmparse.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Afmparse.json",
ReferenceNumber: 84,
Name: "Afmparse License",
LicenseID: "Afmparse",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Afmparse",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-sa-1.0": {
Reference: "https://spdx.org/licenses/CC-SA-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-SA-1.0.json",
ReferenceNumber: 85,
Name: "Creative Commons Share Alike 1.0 Generic",
LicenseID: "CC-SA-1.0",
SeeAlso: []string{
"https://creativecommons.org/licenses/sa/1.0/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"apsl-1.0": {
Reference: "https://spdx.org/licenses/APSL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/APSL-1.0.json",
ReferenceNumber: 86,
Name: "Apple Public Source License 1.0",
LicenseID: "APSL-1.0",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Apple_Public_Source_License_1.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"hippocratic-2.1": {
Reference: "https://spdx.org/licenses/Hippocratic-2.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Hippocratic-2.1.json",
ReferenceNumber: 87,
Name: "Hippocratic License 2.1",
LicenseID: "Hippocratic-2.1",
SeeAlso: []string{
"https://firstdonoharm.dev/version/2/1/license.html",
"https://github.com/EthicalSource/hippocratic-license/blob/58c0e646d64ff6fbee275bfe2b9492f914e3ab2a/LICENSE.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"upl-1.0": {
Reference: "https://spdx.org/licenses/UPL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/UPL-1.0.json",
ReferenceNumber: 88,
Name: "Universal Permissive License v1.0",
LicenseID: "UPL-1.0",
SeeAlso: []string{
"https://opensource.org/licenses/UPL",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"cc-by-nc-sa-4.0": {
Reference: "https://spdx.org/licenses/CC-BY-NC-SA-4.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-NC-SA-4.0.json",
ReferenceNumber: 89,
Name: "Creative Commons Attribution Non Commercial Share Alike 4.0 International",
LicenseID: "CC-BY-NC-SA-4.0",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"xzoom": {
Reference: "https://spdx.org/licenses/xzoom.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/xzoom.json",
ReferenceNumber: 90,
Name: "xzoom License",
LicenseID: "xzoom",
SeeAlso: []string{
"https://metadata.ftp-master.debian.org/changelogs//main/x/xzoom/xzoom_0.3-27_copyright",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"schemereport": {
Reference: "https://spdx.org/licenses/SchemeReport.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SchemeReport.json",
ReferenceNumber: 91,
Name: "Scheme Language Report License",
LicenseID: "SchemeReport",
SeeAlso: []string{},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"boehm-gc": {
Reference: "https://spdx.org/licenses/Boehm-GC.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Boehm-GC.json",
ReferenceNumber: 92,
Name: "Boehm-Demers-Weiser GC License",
LicenseID: "Boehm-GC",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing:MIT#Another_Minimal_variant_(found_in_libatomic_ops)",
"https://github.com/uim/libgcroots/blob/master/COPYING",
"https://github.com/ivmai/libatomic_ops/blob/master/LICENSE",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"xinetd": {
Reference: "https://spdx.org/licenses/xinetd.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/xinetd.json",
ReferenceNumber: 93,
Name: "xinetd License",
LicenseID: "xinetd",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Xinetd_License",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-nc-nd-3.0": {
Reference: "https://spdx.org/licenses/CC-BY-NC-ND-3.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-NC-ND-3.0.json",
ReferenceNumber: 94,
Name: "Creative Commons Attribution Non Commercial No Derivatives 3.0 Unported",
LicenseID: "CC-BY-NC-ND-3.0",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nc-nd/3.0/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cecill-2.1": {
Reference: "https://spdx.org/licenses/CECILL-2.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CECILL-2.1.json",
ReferenceNumber: 95,
Name: "CeCILL Free Software License Agreement v2.1",
LicenseID: "CECILL-2.1",
SeeAlso: []string{
"http://www.cecill.info/licences/Licence_CeCILL_V2.1-en.html",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"ssleay-standalone": {
Reference: "https://spdx.org/licenses/SSLeay-standalone.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SSLeay-standalone.json",
ReferenceNumber: 96,
Name: "SSLeay License - standalone",
LicenseID: "SSLeay-standalone",
SeeAlso: []string{
"https://www.tq-group.com/filedownloads/files/software-license-conditions/OriginalSSLeay/OriginalSSLeay.pdf",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"catosl-1.1": {
Reference: "https://spdx.org/licenses/CATOSL-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CATOSL-1.1.json",
ReferenceNumber: 97,
Name: "Computer Associates Trusted Open Source License 1.1",
LicenseID: "CATOSL-1.1",
SeeAlso: []string{
"https://opensource.org/licenses/CATOSL-1.1",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"nist-pd": {
Reference: "https://spdx.org/licenses/NIST-PD.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/NIST-PD.json",
ReferenceNumber: 98,
Name: "NIST Public Domain Notice",
LicenseID: "NIST-PD",
SeeAlso: []string{
"https://github.com/tcheneau/simpleRPL/blob/e645e69e38dd4e3ccfeceb2db8cba05b7c2e0cd3/LICENSE.txt",
"https://github.com/tcheneau/Routing/blob/f09f46fcfe636107f22f2c98348188a65a135d98/README.md",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gpl-2.0-or-later": {
Reference: "https://spdx.org/licenses/GPL-2.0-or-later.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/GPL-2.0-or-later.json",
ReferenceNumber: 99,
Name: "GNU General Public License v2.0 or later",
LicenseID: "GPL-2.0-or-later",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html",
"https://opensource.org/licenses/GPL-2.0",
"https://github.com/openjdk/jdk/blob/6162e2c5213c5dd7c1127fd9616b543efa898962/LICENSE",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Strong Copyleft (High Risk)"),
},
"cecill-1.1": {
Reference: "https://spdx.org/licenses/CECILL-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CECILL-1.1.json",
ReferenceNumber: 100,
Name: "CeCILL Free Software License Agreement v1.1",
LicenseID: "CECILL-1.1",
SeeAlso: []string{
"http://www.cecill.info/licences/Licence_CeCILL_V1.1-US.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gfdl-1.2-no-invariants-only": {
Reference: "https://spdx.org/licenses/GFDL-1.2-no-invariants-only.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/GFDL-1.2-no-invariants-only.json",
ReferenceNumber: 101,
Name: "GNU Free Documentation License v1.2 only - no invariants",
LicenseID: "GFDL-1.2-no-invariants-only",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"mpich2": {
Reference: "https://spdx.org/licenses/mpich2.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/mpich2.json",
ReferenceNumber: 102,
Name: "mpich2 License",
LicenseID: "mpich2",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/MIT",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"jasper-2.0": {
Reference: "https://spdx.org/licenses/JasPer-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/JasPer-2.0.json",
ReferenceNumber: 103,
Name: "JasPer License",
LicenseID: "JasPer-2.0",
SeeAlso: []string{
"http://www.ece.uvic.ca/~mdadams/jasper/LICENSE",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"rpsl-1.0": {
Reference: "https://spdx.org/licenses/RPSL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/RPSL-1.0.json",
ReferenceNumber: 104,
Name: "RealNetworks Public Source License v1.0",
LicenseID: "RPSL-1.0",
SeeAlso: []string{
"https://helixcommunity.org/content/rpsl",
"https://opensource.org/licenses/RPSL-1.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"oldap-1.4": {
Reference: "https://spdx.org/licenses/OLDAP-1.4.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OLDAP-1.4.json",
ReferenceNumber: 105,
Name: "Open LDAP Public License v1.4",
LicenseID: "OLDAP-1.4",
SeeAlso: []string{
"http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=c9f95c2f3f2ffb5e0ae55fe7388af75547660941",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"tu-berlin-1.0": {
Reference: "https://spdx.org/licenses/TU-Berlin-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/TU-Berlin-1.0.json",
ReferenceNumber: 106,
Name: "Technische Universitaet Berlin License 1.0",
LicenseID: "TU-Berlin-1.0",
SeeAlso: []string{
"https://github.com/swh/ladspa/blob/7bf6f3799fdba70fda297c2d8fd9f526803d9680/gsm/COPYRIGHT",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-3.0-at": {
Reference: "https://spdx.org/licenses/CC-BY-3.0-AT.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-3.0-AT.json",
ReferenceNumber: 107,
Name: "Creative Commons Attribution 3.0 Austria",
LicenseID: "CC-BY-3.0-AT",
SeeAlso: []string{
"https://creativecommons.org/licenses/by/3.0/at/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bsd-3-clause-no-nuclear-license": {
Reference: "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-License.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-License.json",
ReferenceNumber: 108,
Name: "BSD 3-Clause No Nuclear License",
LicenseID: "BSD-3-Clause-No-Nuclear-License",
SeeAlso: []string{
"http://download.oracle.com/otn-pub/java/licenses/bsd.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"xdebug-1.03": {
Reference: "https://spdx.org/licenses/Xdebug-1.03.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Xdebug-1.03.json",
ReferenceNumber: 109,
Name: "Xdebug License v 1.03",
LicenseID: "Xdebug-1.03",
SeeAlso: []string{
"https://github.com/xdebug/xdebug/blob/master/LICENSE",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"sissl": {
Reference: "https://spdx.org/licenses/SISSL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SISSL.json",
ReferenceNumber: 110,
Name: "Sun Industry Standards Source License v1.1",
LicenseID: "SISSL",
SeeAlso: []string{
"http://www.openoffice.org/licenses/sissl_license.html",
"https://opensource.org/licenses/SISSL",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Weak Copyleft (Medium Risk)"),
},
"apache-1.1": {
Reference: "https://spdx.org/licenses/Apache-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Apache-1.1.json",
ReferenceNumber: 111,
Name: "Apache License 1.1",
LicenseID: "Apache-1.1",
SeeAlso: []string{
"http://apache.org/licenses/LICENSE-1.1",
"https://opensource.org/licenses/Apache-1.1",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"hpnd-dec": {
Reference: "https://spdx.org/licenses/HPND-DEC.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HPND-DEC.json",
ReferenceNumber: 112,
Name: "Historical Permission Notice and Disclaimer - DEC variant",
LicenseID: "HPND-DEC",
SeeAlso: []string{
"https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/blob/master/COPYING?ref_type=heads#L69",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"unlicense-libtelnet": {
Reference: "https://spdx.org/licenses/Unlicense-libtelnet.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Unlicense-libtelnet.json",
ReferenceNumber: 113,
Name: "Unlicense - libtelnet variant",
LicenseID: "Unlicense-libtelnet",
SeeAlso: []string{
"https://github.com/seanmiddleditch/libtelnet/blob/develop/COPYING",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"condor-1.1": {
Reference: "https://spdx.org/licenses/Condor-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Condor-1.1.json",
ReferenceNumber: 114,
Name: "Condor Public License v1.1",
LicenseID: "Condor-1.1",
SeeAlso: []string{
"http://research.cs.wisc.edu/condor/license.html#condor",
"http://web.archive.org/web/20111123062036/http://research.cs.wisc.edu/condor/license.html#condor",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"unicode-tou": {
Reference: "https://spdx.org/licenses/Unicode-TOU.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Unicode-TOU.json",
ReferenceNumber: 115,
Name: "Unicode Terms of Use",
LicenseID: "Unicode-TOU",
SeeAlso: []string{
"http://web.archive.org/web/20140704074106/http://www.unicode.org/copyright.html",
"http://www.unicode.org/copyright.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"oml": {
Reference: "https://spdx.org/licenses/OML.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OML.json",
ReferenceNumber: 116,
Name: "Open Market License",
LicenseID: "OML",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Open_Market_License",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"qpl-1.0-inria-2004": {
Reference: "https://spdx.org/licenses/QPL-1.0-INRIA-2004.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/QPL-1.0-INRIA-2004.json",
ReferenceNumber: 117,
Name: "Q Public License 1.0 - INRIA 2004 variant",
LicenseID: "QPL-1.0-INRIA-2004",
SeeAlso: []string{
"https://github.com/maranget/hevea/blob/master/LICENSE",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-nd-1.0": {
Reference: "https://spdx.org/licenses/CC-BY-ND-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-ND-1.0.json",
ReferenceNumber: 118,
Name: "Creative Commons Attribution No Derivatives 1.0 Generic",
LicenseID: "CC-BY-ND-1.0",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nd/1.0/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"polyform-noncommercial-1.0.0": {
Reference: "https://spdx.org/licenses/PolyForm-Noncommercial-1.0.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/PolyForm-Noncommercial-1.0.0.json",
ReferenceNumber: 119,
Name: "PolyForm Noncommercial License 1.0.0",
LicenseID: "PolyForm-Noncommercial-1.0.0",
SeeAlso: []string{
"https://polyformproject.org/licenses/noncommercial/1.0.0",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"man2html": {
Reference: "https://spdx.org/licenses/man2html.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/man2html.json",
ReferenceNumber: 120,
Name: "man2html License",
LicenseID: "man2html",
SeeAlso: []string{
"http://primates.ximian.com/~flucifredi/man/man-1.6g.tar.gz",
"https://github.com/hamano/man2html/blob/master/man2html.c",
"https://docs.oracle.com/cd/E81115_01/html/E81116/licenses.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"olfl-1.3": {
Reference: "https://spdx.org/licenses/OLFL-1.3.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OLFL-1.3.json",
ReferenceNumber: 121,
Name: "Open Logistics Foundation License Version 1.3",
LicenseID: "OLFL-1.3",
SeeAlso: []string{
"https://openlogisticsfoundation.org/licenses/",
"https://opensource.org/license/olfl-1-3/",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"copyleft-next-0.3.0": {
Reference: "https://spdx.org/licenses/copyleft-next-0.3.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/copyleft-next-0.3.0.json",
ReferenceNumber: 122,
Name: "copyleft-next 0.3.0",
LicenseID: "copyleft-next-0.3.0",
SeeAlso: []string{
"https://github.com/copyleft-next/copyleft-next/blob/master/Releases/copyleft-next-0.3.0",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"lgpllr": {
Reference: "https://spdx.org/licenses/LGPLLR.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/LGPLLR.json",
ReferenceNumber: 123,
Name: "Lesser General Public License For Linguistic Resources",
LicenseID: "LGPLLR",
SeeAlso: []string{
"http://www-igm.univ-mlv.fr/~unitex/lgpllr.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cddl-1.1": {
Reference: "https://spdx.org/licenses/CDDL-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CDDL-1.1.json",
ReferenceNumber: 124,
Name: "Common Development and Distribution License 1.1",
LicenseID: "CDDL-1.1",
SeeAlso: []string{
"http://glassfish.java.net/public/CDDL+GPL_1_1.html",
"https://javaee.github.io/glassfish/LICENSE",
},
IsOsiApproved: false,
RiskCategory: RiskCategory("Weak Copyleft (Medium Risk)"),
},
"xfig": {
Reference: "https://spdx.org/licenses/Xfig.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Xfig.json",
ReferenceNumber: 125,
Name: "Xfig License",
LicenseID: "Xfig",
SeeAlso: []string{
"https://github.com/Distrotech/transfig/blob/master/transfig/transfig.c",
"https://fedoraproject.org/wiki/Licensing:MIT#Xfig_Variant",
"https://sourceforge.net/p/mcj/xfig/ci/master/tree/src/Makefile.am",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-2.5-au": {
Reference: "https://spdx.org/licenses/CC-BY-2.5-AU.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-2.5-AU.json",
ReferenceNumber: 126,
Name: "Creative Commons Attribution 2.5 Australia",
LicenseID: "CC-BY-2.5-AU",
SeeAlso: []string{
"https://creativecommons.org/licenses/by/2.5/au/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"apl-1.0": {
Reference: "https://spdx.org/licenses/APL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/APL-1.0.json",
ReferenceNumber: 127,
Name: "Adaptive Public License 1.0",
LicenseID: "APL-1.0",
SeeAlso: []string{
"https://opensource.org/licenses/APL-1.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"openssl-standalone": {
Reference: "https://spdx.org/licenses/OpenSSL-standalone.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OpenSSL-standalone.json",
ReferenceNumber: 128,
Name: "OpenSSL License - standalone",
LicenseID: "OpenSSL-standalone",
SeeAlso: []string{
"https://library.netapp.com/ecm/ecm_download_file/ECMP1196395",
"https://hstechdocs.helpsystems.com/manuals/globalscape/archive/cuteftp6/open_ssl_license_agreement.htm",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ogdl-taiwan-1.0": {
Reference: "https://spdx.org/licenses/OGDL-Taiwan-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OGDL-Taiwan-1.0.json",
ReferenceNumber: 129,
Name: "Taiwan Open Government Data License, version 1.0",
LicenseID: "OGDL-Taiwan-1.0",
SeeAlso: []string{
"https://data.gov.tw/license",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bsl-1.0": {
Reference: "https://spdx.org/licenses/BSL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSL-1.0.json",
ReferenceNumber: 130,
Name: "Boost Software License 1.0",
LicenseID: "BSL-1.0",
SeeAlso: []string{
"http://www.boost.org/LICENSE_1_0.txt",
"https://opensource.org/licenses/BSL-1.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"gpl-3.0+": {
Reference: "https://spdx.org/licenses/GPL-3.0+.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/GPL-3.0+.json",
ReferenceNumber: 131,
Name: "GNU General Public License v3.0 or later",
LicenseID: "GPL-3.0+",
SeeAlso: []string{
"https://www.gnu.org/licenses/gpl-3.0-standalone.html",
"https://opensource.org/licenses/GPL-3.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"generic-xts": {
Reference: "https://spdx.org/licenses/generic-xts.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/generic-xts.json",
ReferenceNumber: 132,
Name: "Generic XTS License",
LicenseID: "generic-xts",
SeeAlso: []string{
"https://github.com/mhogomchungu/zuluCrypt/blob/master/external_libraries/tcplay/generic_xts.c",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"php-3.0": {
Reference: "https://spdx.org/licenses/PHP-3.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/PHP-3.0.json",
ReferenceNumber: 133,
Name: "PHP License v3.0",
LicenseID: "PHP-3.0",
SeeAlso: []string{
"http://www.php.net/license/3_0.txt",
"https://opensource.org/licenses/PHP-3.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"lal-1.2": {
Reference: "https://spdx.org/licenses/LAL-1.2.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/LAL-1.2.json",
ReferenceNumber: 134,
Name: "Licence Art Libre 1.2",
LicenseID: "LAL-1.2",
SeeAlso: []string{
"http://artlibre.org/licence/lal/licence-art-libre-12/",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"drl-1.1": {
Reference: "https://spdx.org/licenses/DRL-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/DRL-1.1.json",
ReferenceNumber: 135,
Name: "Detection Rule License 1.1",
LicenseID: "DRL-1.1",
SeeAlso: []string{
"https://github.com/SigmaHQ/Detection-Rule-License/blob/6ec7fbde6101d101b5b5d1fcb8f9b69fbc76c04a/LICENSE.Detection.Rules.md",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"lpl-1.0": {
Reference: "https://spdx.org/licenses/LPL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/LPL-1.0.json",
ReferenceNumber: 136,
Name: "Lucent Public License Version 1.0",
LicenseID: "LPL-1.0",
SeeAlso: []string{
"https://opensource.org/licenses/LPL-1.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"leptonica": {
Reference: "https://spdx.org/licenses/Leptonica.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Leptonica.json",
ReferenceNumber: 137,
Name: "Leptonica License",
LicenseID: "Leptonica",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Leptonica",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cnri-jython": {
Reference: "https://spdx.org/licenses/CNRI-Jython.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CNRI-Jython.json",
ReferenceNumber: 138,
Name: "CNRI Jython License",
LicenseID: "CNRI-Jython",
SeeAlso: []string{
"http://www.jython.org/license.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"dl-de-zero-2.0": {
Reference: "https://spdx.org/licenses/DL-DE-ZERO-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/DL-DE-ZERO-2.0.json",
ReferenceNumber: 139,
Name: "Data licence Germany – zero – version 2.0",
LicenseID: "DL-DE-ZERO-2.0",
SeeAlso: []string{
"https://www.govdata.de/dl-de/zero-2-0",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cube": {
Reference: "https://spdx.org/licenses/Cube.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Cube.json",
ReferenceNumber: 140,
Name: "Cube License",
LicenseID: "Cube",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Cube",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"w3m": {
Reference: "https://spdx.org/licenses/w3m.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/w3m.json",
ReferenceNumber: 141,
Name: "w3m License",
LicenseID: "w3m",
SeeAlso: []string{
"https://github.com/tats/w3m/blob/master/COPYING",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"tgppl-1.0": {
Reference: "https://spdx.org/licenses/TGPPL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/TGPPL-1.0.json",
ReferenceNumber: 142,
Name: "Transitive Grace Period Public Licence 1.0",
LicenseID: "TGPPL-1.0",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/TGPPL",
"https://tahoe-lafs.org/trac/tahoe-lafs/browser/trunk/COPYING.TGPPL.rst",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"hpnd-uc-export-us": {
Reference: "https://spdx.org/licenses/HPND-UC-export-US.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HPND-UC-export-US.json",
ReferenceNumber: 143,
Name: "Historical Permission Notice and Disclaimer - University of California, US export warning",
LicenseID: "HPND-UC-export-US",
SeeAlso: []string{
"https://github.com/RTimothyEdwards/magic/blob/master/LICENSE",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gpl-2.0+": {
Reference: "https://spdx.org/licenses/GPL-2.0+.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/GPL-2.0+.json",
ReferenceNumber: 144,
Name: "GNU General Public License v2.0 or later",
LicenseID: "GPL-2.0+",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html",
"https://opensource.org/licenses/GPL-2.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"efl-1.0": {
Reference: "https://spdx.org/licenses/EFL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/EFL-1.0.json",
ReferenceNumber: 145,
Name: "Eiffel Forum License v1.0",
LicenseID: "EFL-1.0",
SeeAlso: []string{
"http://www.eiffel-nice.org/license/forum.txt",
"https://opensource.org/licenses/EFL-1.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"nrl": {
Reference: "https://spdx.org/licenses/NRL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/NRL.json",
ReferenceNumber: 146,
Name: "NRL License",
LicenseID: "NRL",
SeeAlso: []string{
"http://web.mit.edu/network/isakmp/nrllicense.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cpal-1.0": {
Reference: "https://spdx.org/licenses/CPAL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CPAL-1.0.json",
ReferenceNumber: 147,
Name: "Common Public Attribution License 1.0",
LicenseID: "CPAL-1.0",
SeeAlso: []string{
"https://opensource.org/licenses/CPAL-1.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"ncsa": {
Reference: "https://spdx.org/licenses/NCSA.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/NCSA.json",
ReferenceNumber: 148,
Name: "University of Illinois/NCSA Open Source License",
LicenseID: "NCSA",
SeeAlso: []string{
"http://otm.illinois.edu/uiuc_openSource",
"https://opensource.org/licenses/NCSA",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"cc-by-sa-2.1-jp": {
Reference: "https://spdx.org/licenses/CC-BY-SA-2.1-JP.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-SA-2.1-JP.json",
ReferenceNumber: 149,
Name: "Creative Commons Attribution Share Alike 2.1 Japan",
LicenseID: "CC-BY-SA-2.1-JP",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-sa/2.1/jp/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ppl": {
Reference: "https://spdx.org/licenses/PPL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/PPL.json",
ReferenceNumber: 150,
Name: "Peer Production License",
LicenseID: "PPL",
SeeAlso: []string{
"https://wiki.p2pfoundation.net/Peer_Production_License",
"http://www.networkcultures.org/_uploads/%233notebook_telekommunist.pdf",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gpl-2.0-with-font-exception": {
Reference: "https://spdx.org/licenses/GPL-2.0-with-font-exception.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/GPL-2.0-with-font-exception.json",
ReferenceNumber: 151,
Name: "GNU General Public License v2.0 w/Font exception",
LicenseID: "GPL-2.0-with-font-exception",
SeeAlso: []string{
"https://www.gnu.org/licenses/gpl-faq.html#FontException",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gpl-1.0-only": {
Reference: "https://spdx.org/licenses/GPL-1.0-only.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/GPL-1.0-only.json",
ReferenceNumber: 152,
Name: "GNU General Public License v1.0 only",
LicenseID: "GPL-1.0-only",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/gpl-1.0-standalone.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory("Strong Copyleft (High Risk)"),
},
"aswf-digital-assets-1.1": {
Reference: "https://spdx.org/licenses/ASWF-Digital-Assets-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/ASWF-Digital-Assets-1.1.json",
ReferenceNumber: 153,
Name: "ASWF Digital Assets License 1.1",
LicenseID: "ASWF-Digital-Assets-1.1",
SeeAlso: []string{
"https://github.com/AcademySoftwareFoundation/foundation/blob/main/digital_assets/aswf_digital_assets_license_v1.1.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ncl": {
Reference: "https://spdx.org/licenses/NCL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/NCL.json",
ReferenceNumber: 154,
Name: "NCL Source Code License",
LicenseID: "NCL",
SeeAlso: []string{
"https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/master/src/modules/module-filter-chain/pffft.c?ref_type=heads#L1-52",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"app-s2p": {
Reference: "https://spdx.org/licenses/App-s2p.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/App-s2p.json",
ReferenceNumber: 155,
Name: "App::s2p License",
LicenseID: "App-s2p",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/App-s2p",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bittorrent-1.0": {
Reference: "https://spdx.org/licenses/BitTorrent-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BitTorrent-1.0.json",
ReferenceNumber: 156,
Name: "BitTorrent Open Source License v1.0",
LicenseID: "BitTorrent-1.0",
SeeAlso: []string{
"http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/licenses/BitTorrent?r1=1.1&r2=1.1.1.1&diff_format=s",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"hpnd-merchantability-variant": {
Reference: "https://spdx.org/licenses/HPND-merchantability-variant.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HPND-merchantability-variant.json",
ReferenceNumber: 157,
Name: "Historical Permission Notice and Disclaimer - merchantability variant",
LicenseID: "HPND-merchantability-variant",
SeeAlso: []string{
"https://sourceware.org/git/?p=newlib-cygwin.git;a=blob;f=newlib/libc/misc/fini.c;hb=HEAD",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"epics": {
Reference: "https://spdx.org/licenses/EPICS.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/EPICS.json",
ReferenceNumber: 158,
Name: "EPICS Open License",
LicenseID: "EPICS",
SeeAlso: []string{
"https://epics.anl.gov/license/open.php",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bsd-3-clause-attribution": {
Reference: "https://spdx.org/licenses/BSD-3-Clause-Attribution.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-3-Clause-Attribution.json",
ReferenceNumber: 159,
Name: "BSD with attribution",
LicenseID: "BSD-3-Clause-Attribution",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/BSD_with_Attribution",
},
IsOsiApproved: false,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"curl": {
Reference: "https://spdx.org/licenses/curl.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/curl.json",
ReferenceNumber: 160,
Name: "curl License",
LicenseID: "curl",
SeeAlso: []string{
"https://github.com/bagder/curl/blob/master/COPYING",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"nlpl": {
Reference: "https://spdx.org/licenses/NLPL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/NLPL.json",
ReferenceNumber: 161,
Name: "No Limit Public License",
LicenseID: "NLPL",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/NLPL",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"apache-2.0": {
Reference: "https://spdx.org/licenses/Apache-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Apache-2.0.json",
ReferenceNumber: 162,
Name: "Apache License 2.0",
LicenseID: "Apache-2.0",
SeeAlso: []string{
"https://www.apache.org/licenses/LICENSE-2.0",
"https://opensource.org/licenses/Apache-2.0",
"https://opensource.org/license/apache-2-0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"bsd-protection": {
Reference: "https://spdx.org/licenses/BSD-Protection.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-Protection.json",
ReferenceNumber: 163,
Name: "BSD Protection License",
LicenseID: "BSD-Protection",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/BSD_Protection_License",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"dec-3-clause": {
Reference: "https://spdx.org/licenses/DEC-3-Clause.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/DEC-3-Clause.json",
ReferenceNumber: 164,
Name: "DEC 3-Clause License",
LicenseID: "DEC-3-Clause",
SeeAlso: []string{
"https://gitlab.freedesktop.org/xorg/xserver/-/blob/master/COPYING?ref_type=heads#L239",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"makeindex": {
Reference: "https://spdx.org/licenses/MakeIndex.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MakeIndex.json",
ReferenceNumber: 165,
Name: "MakeIndex License",
LicenseID: "MakeIndex",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/MakeIndex",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"rscpl": {
Reference: "https://spdx.org/licenses/RSCPL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/RSCPL.json",
ReferenceNumber: 166,
Name: "Ricoh Source Code Public License",
LicenseID: "RSCPL",
SeeAlso: []string{
"http://wayback.archive.org/web/20060715140826/http://www.risource.org/RPL/RPL-1.0A.shtml",
"https://opensource.org/licenses/RSCPL",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"bcrypt-solar-designer": {
Reference: "https://spdx.org/licenses/bcrypt-Solar-Designer.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/bcrypt-Solar-Designer.json",
ReferenceNumber: 167,
Name: "bcrypt Solar Designer License",
LicenseID: "bcrypt-Solar-Designer",
SeeAlso: []string{
"https://github.com/bcrypt-ruby/bcrypt-ruby/blob/master/ext/mri/crypt_blowfish.c",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ogl-uk-1.0": {
Reference: "https://spdx.org/licenses/OGL-UK-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OGL-UK-1.0.json",
ReferenceNumber: 168,
Name: "Open Government Licence v1.0",
LicenseID: "OGL-UK-1.0",
SeeAlso: []string{
"http://www.nationalarchives.gov.uk/doc/open-government-licence/version/1/",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"lgpl-3.0+": {
Reference: "https://spdx.org/licenses/LGPL-3.0+.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/LGPL-3.0+.json",
ReferenceNumber: 169,
Name: "GNU Lesser General Public License v3.0 or later",
LicenseID: "LGPL-3.0+",
SeeAlso: []string{
"https://www.gnu.org/licenses/lgpl-3.0-standalone.html",
"https://www.gnu.org/licenses/lgpl+gpl-3.0.txt",
"https://opensource.org/licenses/LGPL-3.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"oldap-2.1": {
Reference: "https://spdx.org/licenses/OLDAP-2.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OLDAP-2.1.json",
ReferenceNumber: 170,
Name: "Open LDAP Public License v2.1",
LicenseID: "OLDAP-2.1",
SeeAlso: []string{
"http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=b0d176738e96a0d3b9f85cb51e140a86f21be715",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gpl-2.0-with-classpath-exception": {
Reference: "https://spdx.org/licenses/GPL-2.0-with-classpath-exception.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/GPL-2.0-with-classpath-exception.json",
ReferenceNumber: 171,
Name: "GNU General Public License v2.0 w/Classpath exception",
LicenseID: "GPL-2.0-with-classpath-exception",
SeeAlso: []string{
"https://www.gnu.org/software/classpath/license.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"hpnd-export-us-modify": {
Reference: "https://spdx.org/licenses/HPND-export-US-modify.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HPND-export-US-modify.json",
ReferenceNumber: 172,
Name: "HPND with US Government export control warning and modification rqmt",
LicenseID: "HPND-export-US-modify",
SeeAlso: []string{
"https://github.com/krb5/krb5/blob/krb5-1.21.2-final/NOTICE#L1157-L1182",
"https://github.com/pythongssapi/k5test/blob/v0.10.3/K5TEST-LICENSE.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"mit-0": {
Reference: "https://spdx.org/licenses/MIT-0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MIT-0.json",
ReferenceNumber: 173,
Name: "MIT No Attribution",
LicenseID: "MIT-0",
SeeAlso: []string{
"https://github.com/aws/mit-0",
"https://romanrm.net/mit-zero",
"https://github.com/awsdocs/aws-cloud9-user-guide/blob/master/LICENSE-SAMPLECODE",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"mpl-2.0-no-copyleft-exception": {
Reference: "https://spdx.org/licenses/MPL-2.0-no-copyleft-exception.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MPL-2.0-no-copyleft-exception.json",
ReferenceNumber: 174,
Name: "Mozilla Public License 2.0 (no copyleft exception)",
LicenseID: "MPL-2.0-no-copyleft-exception",
SeeAlso: []string{
"https://www.mozilla.org/MPL/2.0/",
"https://opensource.org/licenses/MPL-2.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Weak Copyleft (Medium Risk)"),
},
"cern-ohl-s-2.0": {
Reference: "https://spdx.org/licenses/CERN-OHL-S-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CERN-OHL-S-2.0.json",
ReferenceNumber: 175,
Name: "CERN Open Hardware Licence Version 2 - Strongly Reciprocal",
LicenseID: "CERN-OHL-S-2.0",
SeeAlso: []string{
"https://www.ohwr.org/project/cernohl/wikis/Documents/CERN-OHL-version-2",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"tmate": {
Reference: "https://spdx.org/licenses/TMate.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/TMate.json",
ReferenceNumber: 176,
Name: "TMate Open Source License",
LicenseID: "TMate",
SeeAlso: []string{
"http://svnkit.com/license.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gpl-1.0+": {
Reference: "https://spdx.org/licenses/GPL-1.0+.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/GPL-1.0+.json",
ReferenceNumber: 177,
Name: "GNU General Public License v1.0 or later",
LicenseID: "GPL-1.0+",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/gpl-1.0-standalone.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cmu-mach": {
Reference: "https://spdx.org/licenses/CMU-Mach.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CMU-Mach.json",
ReferenceNumber: 178,
Name: "CMU Mach License",
LicenseID: "CMU-Mach",
SeeAlso: []string{
"https://www.cs.cmu.edu/~410/licenses.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"osl-2.0": {
Reference: "https://spdx.org/licenses/OSL-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OSL-2.0.json",
ReferenceNumber: 179,
Name: "Open Software License 2.0",
LicenseID: "OSL-2.0",
SeeAlso: []string{
"http://web.archive.org/web/20041020171434/http://www.rosenlaw.com/osl2.0.html",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Strong Copyleft (High Risk)"),
},
"unixcrypt": {
Reference: "https://spdx.org/licenses/UnixCrypt.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/UnixCrypt.json",
ReferenceNumber: 180,
Name: "UnixCrypt License",
LicenseID: "UnixCrypt",
SeeAlso: []string{
"https://foss.heptapod.net/python-libs/passlib/-/blob/branch/stable/LICENSE#L70",
"https://opensource.apple.com/source/JBoss/JBoss-737/jboss-all/jetty/src/main/org/mortbay/util/UnixCrypt.java.auto.html",
"https://archive.eclipse.org/jetty/8.0.1.v20110908/xref/org/eclipse/jetty/http/security/UnixCrypt.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"plexus": {
Reference: "https://spdx.org/licenses/Plexus.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Plexus.json",
ReferenceNumber: 181,
Name: "Plexus Classworlds License",
LicenseID: "Plexus",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Plexus_Classworlds_License",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"mulanpsl-2.0": {
Reference: "https://spdx.org/licenses/MulanPSL-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MulanPSL-2.0.json",
ReferenceNumber: 182,
Name: "Mulan Permissive Software License, Version 2",
LicenseID: "MulanPSL-2.0",
SeeAlso: []string{
"https://license.coscl.org.cn/MulanPSL2",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"oset-pl-2.1": {
Reference: "https://spdx.org/licenses/OSET-PL-2.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OSET-PL-2.1.json",
ReferenceNumber: 183,
Name: "OSET Public License version 2.1",
LicenseID: "OSET-PL-2.1",
SeeAlso: []string{
"http://www.osetfoundation.org/public-license",
"https://opensource.org/licenses/OPL-2.1",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"docbook-schema": {
Reference: "https://spdx.org/licenses/DocBook-Schema.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/DocBook-Schema.json",
ReferenceNumber: 184,
Name: "DocBook Schema License",
LicenseID: "DocBook-Schema",
SeeAlso: []string{
"https://github.com/docbook/xslt10-stylesheets/blob/efd62655c11cc8773708df7a843613fa1e932bf8/xsl/assembly/schema/docbook51b7.rnc",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-nc-nd-3.0-de": {
Reference: "https://spdx.org/licenses/CC-BY-NC-ND-3.0-DE.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-NC-ND-3.0-DE.json",
ReferenceNumber: 185,
Name: "Creative Commons Attribution Non Commercial No Derivatives 3.0 Germany",
LicenseID: "CC-BY-NC-ND-3.0-DE",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nc-nd/3.0/de/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ipa": {
Reference: "https://spdx.org/licenses/IPA.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/IPA.json",
ReferenceNumber: 186,
Name: "IPA Font License",
LicenseID: "IPA",
SeeAlso: []string{
"https://opensource.org/licenses/IPA",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"lgpl-2.1-or-later": {
Reference: "https://spdx.org/licenses/LGPL-2.1-or-later.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/LGPL-2.1-or-later.json",
ReferenceNumber: 187,
Name: "GNU Lesser General Public License v2.1 or later",
LicenseID: "LGPL-2.1-or-later",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html",
"https://opensource.org/licenses/LGPL-2.1",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Weak Copyleft (Medium Risk)"),
},
"zlib-acknowledgement": {
Reference: "https://spdx.org/licenses/zlib-acknowledgement.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/zlib-acknowledgement.json",
ReferenceNumber: 188,
Name: "zlib/libpng License with Acknowledgement",
LicenseID: "zlib-acknowledgement",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/ZlibWithAcknowledgement",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"zed": {
Reference: "https://spdx.org/licenses/Zed.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Zed.json",
ReferenceNumber: 189,
Name: "Zed License",
LicenseID: "Zed",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Zed",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"fair": {
Reference: "https://spdx.org/licenses/Fair.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Fair.json",
ReferenceNumber: 190,
Name: "Fair License",
LicenseID: "Fair",
SeeAlso: []string{
"https://web.archive.org/web/20150926120323/http://fairlicense.org/",
"https://opensource.org/licenses/Fair",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"agpl-3.0-only": {
Reference: "https://spdx.org/licenses/AGPL-3.0-only.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/AGPL-3.0-only.json",
ReferenceNumber: 191,
Name: "GNU Affero General Public License v3.0 only",
LicenseID: "AGPL-3.0-only",
SeeAlso: []string{
"https://www.gnu.org/licenses/agpl.txt",
"https://opensource.org/licenses/AGPL-3.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Strong Copyleft (High Risk)"),
},
"gfdl-1.2-invariants-only": {
Reference: "https://spdx.org/licenses/GFDL-1.2-invariants-only.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/GFDL-1.2-invariants-only.json",
ReferenceNumber: 192,
Name: "GNU Free Documentation License v1.2 only - invariants",
LicenseID: "GFDL-1.2-invariants-only",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"spencer-86": {
Reference: "https://spdx.org/licenses/Spencer-86.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Spencer-86.json",
ReferenceNumber: 193,
Name: "Spencer License 86",
LicenseID: "Spencer-86",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Henry_Spencer_Reg-Ex_Library_License",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"amdplpa": {
Reference: "https://spdx.org/licenses/AMDPLPA.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/AMDPLPA.json",
ReferenceNumber: 194,
Name: "AMD's plpa_map.c License",
LicenseID: "AMDPLPA",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/AMD_plpa_map_License",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"nposl-3.0": {
Reference: "https://spdx.org/licenses/NPOSL-3.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/NPOSL-3.0.json",
ReferenceNumber: 195,
Name: "Non-Profit Open Software License 3.0",
LicenseID: "NPOSL-3.0",
SeeAlso: []string{
"https://opensource.org/licenses/NOSL3.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"swl": {
Reference: "https://spdx.org/licenses/SWL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SWL.json",
ReferenceNumber: 196,
Name: "Scheme Widget Library (SWL) Software License Agreement",
LicenseID: "SWL",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/SWL",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-sa-2.0-uk": {
Reference: "https://spdx.org/licenses/CC-BY-SA-2.0-UK.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-SA-2.0-UK.json",
ReferenceNumber: 197,
Name: "Creative Commons Attribution Share Alike 2.0 England and Wales",
LicenseID: "CC-BY-SA-2.0-UK",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-sa/2.0/uk/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"brian-gladman-2-clause": {
Reference: "https://spdx.org/licenses/Brian-Gladman-2-Clause.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Brian-Gladman-2-Clause.json",
ReferenceNumber: 198,
Name: "Brian Gladman 2-Clause License",
LicenseID: "Brian-Gladman-2-Clause",
SeeAlso: []string{
"https://github.com/krb5/krb5/blob/krb5-1.21.2-final/NOTICE#L140-L156",
"https://web.mit.edu/kerberos/krb5-1.21/doc/mitK5license.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-nc-sa-2.0": {
Reference: "https://spdx.org/licenses/CC-BY-NC-SA-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-NC-SA-2.0.json",
ReferenceNumber: 199,
Name: "Creative Commons Attribution Non Commercial Share Alike 2.0 Generic",
LicenseID: "CC-BY-NC-SA-2.0",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nc-sa/2.0/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cern-ohl-p-2.0": {
Reference: "https://spdx.org/licenses/CERN-OHL-P-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CERN-OHL-P-2.0.json",
ReferenceNumber: 200,
Name: "CERN Open Hardware Licence Version 2 - Permissive",
LicenseID: "CERN-OHL-P-2.0",
SeeAlso: []string{
"https://www.ohwr.org/project/cernohl/wikis/Documents/CERN-OHL-version-2",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"ofl-1.0-rfn": {
Reference: "https://spdx.org/licenses/OFL-1.0-RFN.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OFL-1.0-RFN.json",
ReferenceNumber: 201,
Name: "SIL Open Font License 1.0 with Reserved Font Name",
LicenseID: "OFL-1.0-RFN",
SeeAlso: []string{
"http://scripts.sil.org/cms/scripts/page.php?item_id=OFL10_web",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"linux-man-pages-copyleft-var": {
Reference: "https://spdx.org/licenses/Linux-man-pages-copyleft-var.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Linux-man-pages-copyleft-var.json",
ReferenceNumber: 202,
Name: "Linux man-pages Copyleft Variant",
LicenseID: "Linux-man-pages-copyleft-var",
SeeAlso: []string{
"https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/tree/man2/set_mempolicy.2#n5",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"nunit": {
Reference: "https://spdx.org/licenses/Nunit.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/Nunit.json",
ReferenceNumber: 203,
Name: "Nunit License",
LicenseID: "Nunit",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Nunit",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ofl-1.1-no-rfn": {
Reference: "https://spdx.org/licenses/OFL-1.1-no-RFN.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OFL-1.1-no-RFN.json",
ReferenceNumber: 204,
Name: "SIL Open Font License 1.1 with no Reserved Font Name",
LicenseID: "OFL-1.1-no-RFN",
SeeAlso: []string{
"http://scripts.sil.org/cms/scripts/page.php?item_id=OFL_web",
"https://opensource.org/licenses/OFL-1.1",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"bsd-3-clause-flex": {
Reference: "https://spdx.org/licenses/BSD-3-Clause-flex.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-3-Clause-flex.json",
ReferenceNumber: 205,
Name: "BSD 3-Clause Flex variant",
LicenseID: "BSD-3-Clause-flex",
SeeAlso: []string{
"https://github.com/westes/flex/blob/master/COPYING",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"intel-acpi": {
Reference: "https://spdx.org/licenses/Intel-ACPI.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Intel-ACPI.json",
ReferenceNumber: 206,
Name: "Intel ACPI Software License Agreement",
LicenseID: "Intel-ACPI",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Intel_ACPI_Software_License_Agreement",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cfitsio": {
Reference: "https://spdx.org/licenses/CFITSIO.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CFITSIO.json",
ReferenceNumber: 207,
Name: "CFITSIO License",
LicenseID: "CFITSIO",
SeeAlso: []string{
"https://heasarc.gsfc.nasa.gov/docs/software/fitsio/c/f_user/node9.html",
"https://heasarc.gsfc.nasa.gov/docs/software/ftools/fv/doc/license.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bitstream-vera": {
Reference: "https://spdx.org/licenses/Bitstream-Vera.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Bitstream-Vera.json",
ReferenceNumber: 208,
Name: "Bitstream Vera Font License",
LicenseID: "Bitstream-Vera",
SeeAlso: []string{
"https://web.archive.org/web/20080207013128/http://www.gnome.org/fonts/",
"https://docubrain.com/sites/default/files/licenses/bitstream-vera.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"hpnd": {
Reference: "https://spdx.org/licenses/HPND.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HPND.json",
ReferenceNumber: 209,
Name: "Historical Permission Notice and Disclaimer",
LicenseID: "HPND",
SeeAlso: []string{
"https://opensource.org/licenses/HPND",
"http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/2002-November/006304.html",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"hpnd-uc": {
Reference: "https://spdx.org/licenses/HPND-UC.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HPND-UC.json",
ReferenceNumber: 210,
Name: "Historical Permission Notice and Disclaimer - University of California variant",
LicenseID: "HPND-UC",
SeeAlso: []string{
"https://core.tcl-lang.org/tk/file?name=compat/unistd.h",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"psf-2.0": {
Reference: "https://spdx.org/licenses/PSF-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/PSF-2.0.json",
ReferenceNumber: 211,
Name: "Python Software Foundation License 2.0",
LicenseID: "PSF-2.0",
SeeAlso: []string{
"https://opensource.org/licenses/Python-2.0",
"https://matplotlib.org/stable/project/license.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"xkeyboard-config-zinoviev": {
Reference: "https://spdx.org/licenses/xkeyboard-config-Zinoviev.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/xkeyboard-config-Zinoviev.json",
ReferenceNumber: 212,
Name: "xkeyboard-config Zinoviev License",
LicenseID: "xkeyboard-config-Zinoviev",
SeeAlso: []string{
"https://gitlab.freedesktop.org/xkeyboard-config/xkeyboard-config/-/blob/master/COPYING?ref_type=heads#L178",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"mpi-permissive": {
Reference: "https://spdx.org/licenses/mpi-permissive.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/mpi-permissive.json",
ReferenceNumber: 213,
Name: "mpi Permissive License",
LicenseID: "mpi-permissive",
SeeAlso: []string{
"https://sources.debian.org/src/openmpi/4.1.0-10/ompi/debuggers/msgq_interface.h/?hl=19#L19",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"torque-1.1": {
Reference: "https://spdx.org/licenses/TORQUE-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/TORQUE-1.1.json",
ReferenceNumber: 214,
Name: "TORQUE v2.5+ Software License v1.1",
LicenseID: "TORQUE-1.1",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/TORQUEv1.1",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-nc-nd-2.5": {
Reference: "https://spdx.org/licenses/CC-BY-NC-ND-2.5.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-NC-ND-2.5.json",
ReferenceNumber: 215,
Name: "Creative Commons Attribution Non Commercial No Derivatives 2.5 Generic",
LicenseID: "CC-BY-NC-ND-2.5",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nc-nd/2.5/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cve-tou": {
Reference: "https://spdx.org/licenses/cve-tou.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/cve-tou.json",
ReferenceNumber: 216,
Name: "Common Vulnerability Enumeration ToU License",
LicenseID: "cve-tou",
SeeAlso: []string{
"https://www.cve.org/Legal/TermsOfUse",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"artistic-2.0": {
Reference: "https://spdx.org/licenses/Artistic-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Artistic-2.0.json",
ReferenceNumber: 217,
Name: "Artistic License 2.0",
LicenseID: "Artistic-2.0",
SeeAlso: []string{
"http://www.perlfoundation.org/artistic_license_2_0",
"https://www.perlfoundation.org/artistic-license-20.html",
"https://opensource.org/licenses/artistic-license-2.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"antlr-pd-fallback": {
Reference: "https://spdx.org/licenses/ANTLR-PD-fallback.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/ANTLR-PD-fallback.json",
ReferenceNumber: 218,
Name: "ANTLR Software Rights Notice with license fallback",
LicenseID: "ANTLR-PD-fallback",
SeeAlso: []string{
"http://www.antlr2.org/license.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cern-ohl-w-2.0": {
Reference: "https://spdx.org/licenses/CERN-OHL-W-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CERN-OHL-W-2.0.json",
ReferenceNumber: 219,
Name: "CERN Open Hardware Licence Version 2 - Weakly Reciprocal",
LicenseID: "CERN-OHL-W-2.0",
SeeAlso: []string{
"https://www.ohwr.org/project/cernohl/wikis/Documents/CERN-OHL-version-2",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"spencer-99": {
Reference: "https://spdx.org/licenses/Spencer-99.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Spencer-99.json",
ReferenceNumber: 220,
Name: "Spencer License 99",
LicenseID: "Spencer-99",
SeeAlso: []string{
"http://www.opensource.apple.com/source/tcl/tcl-5/tcl/generic/regfronts.c",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"php-3.01": {
Reference: "https://spdx.org/licenses/PHP-3.01.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/PHP-3.01.json",
ReferenceNumber: 221,
Name: "PHP License v3.01",
LicenseID: "PHP-3.01",
SeeAlso: []string{
"http://www.php.net/license/3_01.txt",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"sugarcrm-1.1.3": {
Reference: "https://spdx.org/licenses/SugarCRM-1.1.3.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SugarCRM-1.1.3.json",
ReferenceNumber: 222,
Name: "SugarCRM Public License v1.1.3",
LicenseID: "SugarCRM-1.1.3",
SeeAlso: []string{
"http://www.sugarcrm.com/crm/SPL",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gfdl-1.3-only": {
Reference: "https://spdx.org/licenses/GFDL-1.3-only.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/GFDL-1.3-only.json",
ReferenceNumber: 223,
Name: "GNU Free Documentation License v1.3 only",
LicenseID: "GFDL-1.3-only",
SeeAlso: []string{
"https://www.gnu.org/licenses/fdl-1.3.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"snia": {
Reference: "https://spdx.org/licenses/SNIA.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SNIA.json",
ReferenceNumber: 224,
Name: "SNIA Public License 1.1",
LicenseID: "SNIA",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/SNIA_Public_License",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"hpnd-sell-variant-mit-disclaimer": {
Reference: "https://spdx.org/licenses/HPND-sell-variant-MIT-disclaimer.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HPND-sell-variant-MIT-disclaimer.json",
ReferenceNumber: 225,
Name: "HPND sell variant with MIT disclaimer",
LicenseID: "HPND-sell-variant-MIT-disclaimer",
SeeAlso: []string{
"https://github.com/sigmavirus24/x11-ssh-askpass/blob/master/README",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"libpng-2.0": {
Reference: "https://spdx.org/licenses/libpng-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/libpng-2.0.json",
ReferenceNumber: 226,
Name: "PNG Reference Library version 2",
LicenseID: "libpng-2.0",
SeeAlso: []string{
"http://www.libpng.org/pub/png/src/libpng-LICENSE.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"bsd-4-clause": {
Reference: "https://spdx.org/licenses/BSD-4-Clause.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-4-Clause.json",
ReferenceNumber: 227,
Name: "BSD 4-Clause \"Original\" or \"Old\" License",
LicenseID: "BSD-4-Clause",
SeeAlso: []string{
"http://directory.fsf.org/wiki/License:BSD_4Clause",
},
IsOsiApproved: false,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"hpnd-intel": {
Reference: "https://spdx.org/licenses/HPND-Intel.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HPND-Intel.json",
ReferenceNumber: 228,
Name: "Historical Permission Notice and Disclaimer - Intel variant",
LicenseID: "HPND-Intel",
SeeAlso: []string{
"https://sourceware.org/git/?p=newlib-cygwin.git;a=blob;f=newlib/libc/machine/i960/memcpy.S;hb=HEAD",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"liliq-r-1.1": {
Reference: "https://spdx.org/licenses/LiLiQ-R-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/LiLiQ-R-1.1.json",
ReferenceNumber: 229,
Name: "Licence Libre du Québec – Réciprocité version 1.1",
LicenseID: "LiLiQ-R-1.1",
SeeAlso: []string{
"https://www.forge.gouv.qc.ca/participez/licence-logicielle/licence-libre-du-quebec-liliq-en-francais/licence-libre-du-quebec-reciprocite-liliq-r-v1-1/",
"http://opensource.org/licenses/LiLiQ-R-1.1",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"any-osi-perl-modules": {
Reference: "https://spdx.org/licenses/any-OSI-perl-modules.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/any-OSI-perl-modules.json",
ReferenceNumber: 230,
Name: "Any OSI License - Perl Modules",
LicenseID: "any-OSI-perl-modules",
SeeAlso: []string{
"https://metacpan.org/release/JUERD/Exporter-Tidy-0.09/view/Tidy.pm#LICENSE",
"https://metacpan.org/pod/Qmail::Deliverable::Client#LICENSE",
"https://metacpan.org/pod/Net::MQTT::Simple#LICENSE",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"aspell-ru": {
Reference: "https://spdx.org/licenses/Aspell-RU.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Aspell-RU.json",
ReferenceNumber: 231,
Name: "Aspell Russian License",
LicenseID: "Aspell-RU",
SeeAlso: []string{
"https://ftp.gnu.org/gnu/aspell/dict/ru/aspell6-ru-0.99f7-1.tar.bz2",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"liliq-p-1.1": {
Reference: "https://spdx.org/licenses/LiLiQ-P-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/LiLiQ-P-1.1.json",
ReferenceNumber: 232,
Name: "Licence Libre du Québec – Permissive version 1.1",
LicenseID: "LiLiQ-P-1.1",
SeeAlso: []string{
"https://forge.gouv.qc.ca/licence/fr/liliq-v1-1/",
"http://opensource.org/licenses/LiLiQ-P-1.1",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"hpnd-inria-imag": {
Reference: "https://spdx.org/licenses/HPND-INRIA-IMAG.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HPND-INRIA-IMAG.json",
ReferenceNumber: 233,
Name: "Historical Permission Notice and Disclaimer - INRIA-IMAG variant",
LicenseID: "HPND-INRIA-IMAG",
SeeAlso: []string{
"https://github.com/ppp-project/ppp/blob/master/pppd/ipv6cp.c#L75-L83",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"busl-1.1": {
Reference: "https://spdx.org/licenses/BUSL-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BUSL-1.1.json",
ReferenceNumber: 234,
Name: "Business Source License 1.1",
LicenseID: "BUSL-1.1",
SeeAlso: []string{
"https://mariadb.com/bsl11/",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"parity-7.0.0": {
Reference: "https://spdx.org/licenses/Parity-7.0.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Parity-7.0.0.json",
ReferenceNumber: 235,
Name: "The Parity Public License 7.0.0",
LicenseID: "Parity-7.0.0",
SeeAlso: []string{
"https://paritylicense.com/versions/7.0.0.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ttyp0": {
Reference: "https://spdx.org/licenses/TTYP0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/TTYP0.json",
ReferenceNumber: 236,
Name: "TTYP0 License",
LicenseID: "TTYP0",
SeeAlso: []string{
"https://people.mpi-inf.mpg.de/~uwe/misc/uw-ttyp0/",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"loop": {
Reference: "https://spdx.org/licenses/LOOP.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/LOOP.json",
ReferenceNumber: 237,
Name: "Common Lisp LOOP License",
LicenseID: "LOOP",
SeeAlso: []string{
"https://gitlab.com/embeddable-common-lisp/ecl/-/blob/develop/src/lsp/loop.lsp",
"http://git.savannah.gnu.org/cgit/gcl.git/tree/gcl/lsp/gcl_loop.lsp?h=Version_2_6_13pre",
"https://sourceforge.net/p/sbcl/sbcl/ci/master/tree/src/code/loop.lisp",
"https://github.com/cl-adams/adams/blob/master/LICENSE.md",
"https://github.com/blakemcbride/eclipse-lisp/blob/master/lisp/loop.lisp",
"https://gitlab.common-lisp.net/cmucl/cmucl/-/blob/master/src/code/loop.lisp",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"liliq-rplus-1.1": {
Reference: "https://spdx.org/licenses/LiLiQ-Rplus-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/LiLiQ-Rplus-1.1.json",
ReferenceNumber: 238,
Name: "Licence Libre du Québec – Réciprocité forte version 1.1",
LicenseID: "LiLiQ-Rplus-1.1",
SeeAlso: []string{
"https://www.forge.gouv.qc.ca/participez/licence-logicielle/licence-libre-du-quebec-liliq-en-francais/licence-libre-du-quebec-reciprocite-forte-liliq-r-v1-1/",
"http://opensource.org/licenses/LiLiQ-Rplus-1.1",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"bsd-3-clause-no-nuclear-license-2014": {
Reference: "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-License-2014.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-License-2014.json",
ReferenceNumber: 239,
Name: "BSD 3-Clause No Nuclear License 2014",
LicenseID: "BSD-3-Clause-No-Nuclear-License-2014",
SeeAlso: []string{
"https://java.net/projects/javaeetutorial/pages/BerkeleyLicense",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bsd-3-clause-sun": {
Reference: "https://spdx.org/licenses/BSD-3-Clause-Sun.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-3-Clause-Sun.json",
ReferenceNumber: 240,
Name: "BSD 3-Clause Sun Microsystems",
LicenseID: "BSD-3-Clause-Sun",
SeeAlso: []string{
"https://github.com/xmlark/msv/blob/b9316e2f2270bc1606952ea4939ec87fbba157f3/xsdlib/src/main/java/com/sun/msv/datatype/regexp/InternalImpl.java",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"parity-6.0.0": {
Reference: "https://spdx.org/licenses/Parity-6.0.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Parity-6.0.0.json",
ReferenceNumber: 241,
Name: "The Parity Public License 6.0.0",
LicenseID: "Parity-6.0.0",
SeeAlso: []string{
"https://paritylicense.com/versions/6.0.0.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ibm-pibs": {
Reference: "https://spdx.org/licenses/IBM-pibs.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/IBM-pibs.json",
ReferenceNumber: 242,
Name: "IBM PowerPC Initialization and Boot Software",
LicenseID: "IBM-pibs",
SeeAlso: []string{
"http://git.denx.de/?p=u-boot.git;a=blob;f=arch/powerpc/cpu/ppc4xx/miiphy.c;h=297155fdafa064b955e53e9832de93bfb0cfb85b;hb=9fab4bf4cc077c21e43941866f3f2c196f28670d",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bzip2-1.0.6": {
Reference: "https://spdx.org/licenses/bzip2-1.0.6.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/bzip2-1.0.6.json",
ReferenceNumber: 243,
Name: "bzip2 and libbzip2 License v1.0.6",
LicenseID: "bzip2-1.0.6",
SeeAlso: []string{
"https://sourceware.org/git/?p=bzip2.git;a=blob;f=LICENSE;hb=bzip2-1.0.6",
"http://bzip.org/1.0.5/bzip2-manual-1.0.5.html",
"https://sourceware.org/cgit/valgrind/tree/mpi/libmpiwrap.c",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gfdl-1.2-no-invariants-or-later": {
Reference: "https://spdx.org/licenses/GFDL-1.2-no-invariants-or-later.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/GFDL-1.2-no-invariants-or-later.json",
ReferenceNumber: 244,
Name: "GNU Free Documentation License v1.2 or later - no invariants",
LicenseID: "GFDL-1.2-no-invariants-or-later",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"fsfullrwd": {
Reference: "https://spdx.org/licenses/FSFULLRWD.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/FSFULLRWD.json",
ReferenceNumber: 245,
Name: "FSF Unlimited License (With License Retention and Warranty Disclaimer)",
LicenseID: "FSFULLRWD",
SeeAlso: []string{
"https://lists.gnu.org/archive/html/autoconf/2012-04/msg00061.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"game-programming-gems": {
Reference: "https://spdx.org/licenses/Game-Programming-Gems.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Game-Programming-Gems.json",
ReferenceNumber: 246,
Name: "Game Programming Gems License",
LicenseID: "Game-Programming-Gems",
SeeAlso: []string{
"https://github.com/OGRECave/ogre/blob/master/OgreMain/include/OgreSingleton.h#L28C3-L35C46",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gnuplot": {
Reference: "https://spdx.org/licenses/gnuplot.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/gnuplot.json",
ReferenceNumber: 247,
Name: "gnuplot License",
LicenseID: "gnuplot",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Gnuplot",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"x11-swapped": {
Reference: "https://spdx.org/licenses/X11-swapped.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/X11-swapped.json",
ReferenceNumber: 248,
Name: "X11 swapped final paragraphs",
LicenseID: "X11-swapped",
SeeAlso: []string{
"https://github.com/fedeinthemix/chez-srfi/blob/master/srfi/LICENSE",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"nlod-1.0": {
Reference: "https://spdx.org/licenses/NLOD-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/NLOD-1.0.json",
ReferenceNumber: 249,
Name: "Norwegian Licence for Open Government Data (NLOD) 1.0",
LicenseID: "NLOD-1.0",
SeeAlso: []string{
"http://data.norge.no/nlod/en/1.0",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cpol-1.02": {
Reference: "https://spdx.org/licenses/CPOL-1.02.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CPOL-1.02.json",
ReferenceNumber: 250,
Name: "Code Project Open License 1.02",
LicenseID: "CPOL-1.02",
SeeAlso: []string{
"http://www.codeproject.com/info/cpol10.aspx",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"oar": {
Reference: "https://spdx.org/licenses/OAR.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OAR.json",
ReferenceNumber: 251,
Name: "OAR License",
LicenseID: "OAR",
SeeAlso: []string{
"https://sourceware.org/git/?p=newlib-cygwin.git;a=blob;f=newlib/libc/string/strsignal.c;hb=HEAD#l35",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"abstyles": {
Reference: "https://spdx.org/licenses/Abstyles.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Abstyles.json",
ReferenceNumber: 252,
Name: "Abstyles License",
LicenseID: "Abstyles",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Abstyles",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"sissl-1.2": {
Reference: "https://spdx.org/licenses/SISSL-1.2.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SISSL-1.2.json",
ReferenceNumber: 253,
Name: "Sun Industry Standards Source License v1.2",
LicenseID: "SISSL-1.2",
SeeAlso: []string{
"http://gridscheduler.sourceforge.net/Gridengine_SISSL_license.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"unicode-dfs-2015": {
Reference: "https://spdx.org/licenses/Unicode-DFS-2015.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Unicode-DFS-2015.json",
ReferenceNumber: 254,
Name: "Unicode License Agreement - Data Files and Software (2015)",
LicenseID: "Unicode-DFS-2015",
SeeAlso: []string{
"https://web.archive.org/web/20151224134844/http://unicode.org/copyright.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"graphics-gems": {
Reference: "https://spdx.org/licenses/Graphics-Gems.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Graphics-Gems.json",
ReferenceNumber: 255,
Name: "Graphics Gems License",
LicenseID: "Graphics-Gems",
SeeAlso: []string{
"https://github.com/erich666/GraphicsGems/blob/master/LICENSE.md",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-sa-4.0": {
Reference: "https://spdx.org/licenses/CC-BY-SA-4.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-SA-4.0.json",
ReferenceNumber: 256,
Name: "Creative Commons Attribution Share Alike 4.0 International",
LicenseID: "CC-BY-SA-4.0",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-sa/4.0/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"dotseqn": {
Reference: "https://spdx.org/licenses/Dotseqn.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Dotseqn.json",
ReferenceNumber: 257,
Name: "Dotseqn License",
LicenseID: "Dotseqn",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Dotseqn",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"rhecos-1.1": {
Reference: "https://spdx.org/licenses/RHeCos-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/RHeCos-1.1.json",
ReferenceNumber: 258,
Name: "Red Hat eCos Public License v1.1",
LicenseID: "RHeCos-1.1",
SeeAlso: []string{
"http://ecos.sourceware.org/old-license.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bsd-3-clause-clear": {
Reference: "https://spdx.org/licenses/BSD-3-Clause-Clear.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-3-Clause-Clear.json",
ReferenceNumber: 259,
Name: "BSD 3-Clause Clear License",
LicenseID: "BSD-3-Clause-Clear",
SeeAlso: []string{
"http://labs.metacarta.com/license-explanation.html#license",
},
IsOsiApproved: false,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"cc-by-sa-2.0": {
Reference: "https://spdx.org/licenses/CC-BY-SA-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-SA-2.0.json",
ReferenceNumber: 260,
Name: "Creative Commons Attribution Share Alike 2.0 Generic",
LicenseID: "CC-BY-SA-2.0",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-sa/2.0/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gfdl-1.2-invariants-or-later": {
Reference: "https://spdx.org/licenses/GFDL-1.2-invariants-or-later.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/GFDL-1.2-invariants-or-later.json",
ReferenceNumber: 261,
Name: "GNU Free Documentation License v1.2 or later - invariants",
LicenseID: "GFDL-1.2-invariants-or-later",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"eudatagrid": {
Reference: "https://spdx.org/licenses/EUDatagrid.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/EUDatagrid.json",
ReferenceNumber: 262,
Name: "EU DataGrid Software License",
LicenseID: "EUDatagrid",
SeeAlso: []string{
"http://eu-datagrid.web.cern.ch/eu-datagrid/license.html",
"https://opensource.org/licenses/EUDatagrid",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"libselinux-1.0": {
Reference: "https://spdx.org/licenses/libselinux-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/libselinux-1.0.json",
ReferenceNumber: 263,
Name: "libselinux public domain notice",
LicenseID: "libselinux-1.0",
SeeAlso: []string{
"https://github.com/SELinuxProject/selinux/blob/master/libselinux/LICENSE",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"freeimage": {
Reference: "https://spdx.org/licenses/FreeImage.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/FreeImage.json",
ReferenceNumber: 264,
Name: "FreeImage Public License v1.0",
LicenseID: "FreeImage",
SeeAlso: []string{
"http://freeimage.sourceforge.net/freeimage-license.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"apsl-1.2": {
Reference: "https://spdx.org/licenses/APSL-1.2.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/APSL-1.2.json",
ReferenceNumber: 265,
Name: "Apple Public Source License 1.2",
LicenseID: "APSL-1.2",
SeeAlso: []string{
"http://www.samurajdata.se/opensource/mirror/licenses/apsl.php",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"sendmail": {
Reference: "https://spdx.org/licenses/Sendmail.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Sendmail.json",
ReferenceNumber: 266,
Name: "Sendmail License",
LicenseID: "Sendmail",
SeeAlso: []string{
"http://www.sendmail.com/pdfs/open_source/sendmail_license.pdf",
"https://web.archive.org/web/20160322142305/https://www.sendmail.com/pdfs/open_source/sendmail_license.pdf",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"shl-0.5": {
Reference: "https://spdx.org/licenses/SHL-0.5.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SHL-0.5.json",
ReferenceNumber: 267,
Name: "Solderpad Hardware License v0.5",
LicenseID: "SHL-0.5",
SeeAlso: []string{
"https://solderpad.org/licenses/SHL-0.5/",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ubuntu-font-1.0": {
Reference: "https://spdx.org/licenses/Ubuntu-font-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Ubuntu-font-1.0.json",
ReferenceNumber: 268,
Name: "Ubuntu Font Licence v1.0",
LicenseID: "Ubuntu-font-1.0",
SeeAlso: []string{
"https://ubuntu.com/legal/font-licence",
"https://assets.ubuntu.com/v1/81e5605d-ubuntu-font-licence-1.0.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bsd-4-clause-shortened": {
Reference: "https://spdx.org/licenses/BSD-4-Clause-Shortened.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-4-Clause-Shortened.json",
ReferenceNumber: 269,
Name: "BSD 4 Clause Shortened",
LicenseID: "BSD-4-Clause-Shortened",
SeeAlso: []string{
"https://metadata.ftp-master.debian.org/changelogs//main/a/arpwatch/arpwatch_2.1a15-7_copyright",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gcr-docs": {
Reference: "https://spdx.org/licenses/GCR-docs.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/GCR-docs.json",
ReferenceNumber: 270,
Name: "Gnome GCR Documentation License",
LicenseID: "GCR-docs",
SeeAlso: []string{
"https://github.com/GNOME/gcr/blob/master/docs/COPYING",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gfdl-1.1-invariants-only": {
Reference: "https://spdx.org/licenses/GFDL-1.1-invariants-only.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/GFDL-1.1-invariants-only.json",
ReferenceNumber: 271,
Name: "GNU Free Documentation License v1.1 only - invariants",
LicenseID: "GFDL-1.1-invariants-only",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"zpl-2.1": {
Reference: "https://spdx.org/licenses/ZPL-2.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/ZPL-2.1.json",
ReferenceNumber: 272,
Name: "Zope Public License 2.1",
LicenseID: "ZPL-2.1",
SeeAlso: []string{
"http://old.zope.org/Resources/ZPL/",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"cc-pddc": {
Reference: "https://spdx.org/licenses/CC-PDDC.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-PDDC.json",
ReferenceNumber: 273,
Name: "Creative Commons Public Domain Dedication and Certification",
LicenseID: "CC-PDDC",
SeeAlso: []string{
"https://creativecommons.org/licenses/publicdomain/",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"oclc-2.0": {
Reference: "https://spdx.org/licenses/OCLC-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OCLC-2.0.json",
ReferenceNumber: 274,
Name: "OCLC Research Public License 2.0",
LicenseID: "OCLC-2.0",
SeeAlso: []string{
"http://www.oclc.org/research/activities/software/license/v2final.htm",
"https://opensource.org/licenses/OCLC-2.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"openssl": {
Reference: "https://spdx.org/licenses/OpenSSL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OpenSSL.json",
ReferenceNumber: 275,
Name: "OpenSSL License",
LicenseID: "OpenSSL",
SeeAlso: []string{
"http://www.openssl.org/source/license.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ms-rl": {
Reference: "https://spdx.org/licenses/MS-RL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MS-RL.json",
ReferenceNumber: 276,
Name: "Microsoft Reciprocal License",
LicenseID: "MS-RL",
SeeAlso: []string{
"http://www.microsoft.com/opensource/licenses.mspx",
"https://opensource.org/licenses/MS-RL",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"bsd-3-clause-acpica": {
Reference: "https://spdx.org/licenses/BSD-3-Clause-acpica.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-3-Clause-acpica.json",
ReferenceNumber: 277,
Name: "BSD 3-Clause acpica variant",
LicenseID: "BSD-3-Clause-acpica",
SeeAlso: []string{
"https://github.com/acpica/acpica/blob/master/source/common/acfileio.c#L119",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"tcp-wrappers": {
Reference: "https://spdx.org/licenses/TCP-wrappers.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/TCP-wrappers.json",
ReferenceNumber: 278,
Name: "TCP Wrappers License",
LicenseID: "TCP-wrappers",
SeeAlso: []string{
"http://rc.quest.com/topics/openssh/license.php#tcpwrappers",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-nc-sa-3.0-de": {
Reference: "https://spdx.org/licenses/CC-BY-NC-SA-3.0-DE.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-NC-SA-3.0-DE.json",
ReferenceNumber: 279,
Name: "Creative Commons Attribution Non Commercial Share Alike 3.0 Germany",
LicenseID: "CC-BY-NC-SA-3.0-DE",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nc-sa/3.0/de/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"lppl-1.3a": {
Reference: "https://spdx.org/licenses/LPPL-1.3a.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/LPPL-1.3a.json",
ReferenceNumber: 280,
Name: "LaTeX Project Public License v1.3a",
LicenseID: "LPPL-1.3a",
SeeAlso: []string{
"http://www.latex-project.org/lppl/lppl-1-3a.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"oldap-1.2": {
Reference: "https://spdx.org/licenses/OLDAP-1.2.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OLDAP-1.2.json",
ReferenceNumber: 281,
Name: "Open LDAP Public License v1.2",
LicenseID: "OLDAP-1.2",
SeeAlso: []string{
"http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=42b0383c50c299977b5893ee695cf4e486fb0dc7",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"hp-1986": {
Reference: "https://spdx.org/licenses/HP-1986.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HP-1986.json",
ReferenceNumber: 282,
Name: "Hewlett-Packard 1986 License",
LicenseID: "HP-1986",
SeeAlso: []string{
"https://sourceware.org/git/?p=newlib-cygwin.git;a=blob;f=newlib/libc/machine/hppa/memchr.S;h=1cca3e5e8867aa4bffef1f75a5c1bba25c0c441e;hb=HEAD#l2",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"hdparm": {
Reference: "https://spdx.org/licenses/hdparm.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/hdparm.json",
ReferenceNumber: 283,
Name: "hdparm License",
LicenseID: "hdparm",
SeeAlso: []string{
"https://github.com/Distrotech/hdparm/blob/4517550db29a91420fb2b020349523b1b4512df2/LICENSE.TXT",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"padl": {
Reference: "https://spdx.org/licenses/PADL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/PADL.json",
ReferenceNumber: 284,
Name: "PADL License",
LicenseID: "PADL",
SeeAlso: []string{
"https://git.openldap.org/openldap/openldap/-/blob/master/libraries/libldap/os-local.c?ref_type=heads#L19-23",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"opl-uk-3.0": {
Reference: "https://spdx.org/licenses/OPL-UK-3.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OPL-UK-3.0.json",
ReferenceNumber: 285,
Name: "United Kingdom Open Parliament Licence v3.0",
LicenseID: "OPL-UK-3.0",
SeeAlso: []string{
"https://www.parliament.uk/site-information/copyright-parliament/open-parliament-licence/",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bsd-1-clause": {
Reference: "https://spdx.org/licenses/BSD-1-Clause.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-1-Clause.json",
ReferenceNumber: 286,
Name: "BSD 1-Clause License",
LicenseID: "BSD-1-Clause",
SeeAlso: []string{
"https://svnweb.freebsd.org/base/head/include/ifaddrs.h?revision=326823",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"mit-cmu": {
Reference: "https://spdx.org/licenses/MIT-CMU.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MIT-CMU.json",
ReferenceNumber: 287,
Name: "CMU License",
LicenseID: "MIT-CMU",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing:MIT?rd=Licensing/MIT#CMU_Style",
"https://github.com/python-pillow/Pillow/blob/fffb426092c8db24a5f4b6df243a8a3c01fb63cd/LICENSE",
},
IsOsiApproved: false,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"mup": {
Reference: "https://spdx.org/licenses/Mup.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Mup.json",
ReferenceNumber: 288,
Name: "Mup License",
LicenseID: "Mup",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Mup",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"icu": {
Reference: "https://spdx.org/licenses/ICU.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/ICU.json",
ReferenceNumber: 289,
Name: "ICU License",
LicenseID: "ICU",
SeeAlso: []string{
"http://source.icu-project.org/repos/icu/icu/trunk/license.html",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"xpp": {
Reference: "https://spdx.org/licenses/xpp.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/xpp.json",
ReferenceNumber: 290,
Name: "XPP License",
LicenseID: "xpp",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/xpp",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"artistic-1.0-cl8": {
Reference: "https://spdx.org/licenses/Artistic-1.0-cl8.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Artistic-1.0-cl8.json",
ReferenceNumber: 291,
Name: "Artistic License 1.0 w/clause 8",
LicenseID: "Artistic-1.0-cl8",
SeeAlso: []string{
"https://opensource.org/licenses/Artistic-1.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"cc-by-2.5": {
Reference: "https://spdx.org/licenses/CC-BY-2.5.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-2.5.json",
ReferenceNumber: 292,
Name: "Creative Commons Attribution 2.5 Generic",
LicenseID: "CC-BY-2.5",
SeeAlso: []string{
"https://creativecommons.org/licenses/by/2.5/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"xskat": {
Reference: "https://spdx.org/licenses/XSkat.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/XSkat.json",
ReferenceNumber: 293,
Name: "XSkat License",
LicenseID: "XSkat",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/XSkat_License",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ypl-1.0": {
Reference: "https://spdx.org/licenses/YPL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/YPL-1.0.json",
ReferenceNumber: 294,
Name: "Yahoo! Public License v1.0",
LicenseID: "YPL-1.0",
SeeAlso: []string{
"http://www.zimbra.com/license/yahoo_public_license_1.0.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"w3c-20150513": {
Reference: "https://spdx.org/licenses/W3C-20150513.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/W3C-20150513.json",
ReferenceNumber: 295,
Name: "W3C Software Notice and Document License (2015-05-13)",
LicenseID: "W3C-20150513",
SeeAlso: []string{
"https://www.w3.org/Consortium/Legal/2015/copyright-software-and-document",
"https://www.w3.org/copyright/software-license-2015/",
"https://www.w3.org/copyright/software-license-2023/",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"sgi-b-1.1": {
Reference: "https://spdx.org/licenses/SGI-B-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SGI-B-1.1.json",
ReferenceNumber: 296,
Name: "SGI Free Software License B v1.1",
LicenseID: "SGI-B-1.1",
SeeAlso: []string{
"http://oss.sgi.com/projects/FreeB/",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"lgpl-2.1-only": {
Reference: "https://spdx.org/licenses/LGPL-2.1-only.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/LGPL-2.1-only.json",
ReferenceNumber: 297,
Name: "GNU Lesser General Public License v2.1 only",
LicenseID: "LGPL-2.1-only",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html",
"https://opensource.org/licenses/LGPL-2.1",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Weak Copyleft (Medium Risk)"),
},
"cua-opl-1.0": {
Reference: "https://spdx.org/licenses/CUA-OPL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CUA-OPL-1.0.json",
ReferenceNumber: 298,
Name: "CUA Office Public License v1.0",
LicenseID: "CUA-OPL-1.0",
SeeAlso: []string{
"https://opensource.org/licenses/CUA-OPL-1.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"eurosym": {
Reference: "https://spdx.org/licenses/Eurosym.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Eurosym.json",
ReferenceNumber: 299,
Name: "Eurosym License",
LicenseID: "Eurosym",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Eurosym",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"fsfullrsd": {
Reference: "https://spdx.org/licenses/FSFULLRSD.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/FSFULLRSD.json",
ReferenceNumber: 300,
Name: "FSF Unlimited License (with License Retention and Short Disclaimer)",
LicenseID: "FSFULLRSD",
SeeAlso: []string{
"https://git.savannah.gnu.org/cgit/gnulib.git/tree/modules/COPYING?id=7b08932179d0d6b017f7df01a2ddf6e096b038e3",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-nc-sa-2.0-fr": {
Reference: "https://spdx.org/licenses/CC-BY-NC-SA-2.0-FR.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-NC-SA-2.0-FR.json",
ReferenceNumber: 301,
Name: "Creative Commons Attribution-NonCommercial-ShareAlike 2.0 France",
LicenseID: "CC-BY-NC-SA-2.0-FR",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nc-sa/2.0/fr/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"x11-distribute-modifications-variant": {
Reference: "https://spdx.org/licenses/X11-distribute-modifications-variant.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/X11-distribute-modifications-variant.json",
ReferenceNumber: 302,
Name: "X11 License Distribution Modification Variant",
LicenseID: "X11-distribute-modifications-variant",
SeeAlso: []string{
"https://github.com/mirror/ncurses/blob/master/COPYING",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"mpeg-ssg": {
Reference: "https://spdx.org/licenses/MPEG-SSG.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MPEG-SSG.json",
ReferenceNumber: 303,
Name: "MPEG Software Simulation",
LicenseID: "MPEG-SSG",
SeeAlso: []string{
"https://sourceforge.net/p/netpbm/code/HEAD/tree/super_stable/converter/ppm/ppmtompeg/jrevdct.c#l1189",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"mit-modern-variant": {
Reference: "https://spdx.org/licenses/MIT-Modern-Variant.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MIT-Modern-Variant.json",
ReferenceNumber: 304,
Name: "MIT License Modern Variant",
LicenseID: "MIT-Modern-Variant",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing:MIT#Modern_Variants",
"https://ptolemy.berkeley.edu/copyright.htm",
"https://pirlwww.lpl.arizona.edu/resources/guide/software/PerlTk/Tixlic.html",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"cal-1.0": {
Reference: "https://spdx.org/licenses/CAL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CAL-1.0.json",
ReferenceNumber: 305,
Name: "Cryptographic Autonomy License 1.0",
LicenseID: "CAL-1.0",
SeeAlso: []string{
"http://cryptographicautonomylicense.com/license-text.html",
"https://opensource.org/licenses/CAL-1.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"hpnd-doc-sell": {
Reference: "https://spdx.org/licenses/HPND-doc-sell.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HPND-doc-sell.json",
ReferenceNumber: 306,
Name: "Historical Permission Notice and Disclaimer - documentation sell variant",
LicenseID: "HPND-doc-sell",
SeeAlso: []string{
"https://gitlab.freedesktop.org/xorg/lib/libxtst/-/blob/master/COPYING?ref_type=heads#L108-117",
"https://gitlab.freedesktop.org/xorg/lib/libxext/-/blob/master/COPYING?ref_type=heads#L153-162",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"naumen": {
Reference: "https://spdx.org/licenses/Naumen.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Naumen.json",
ReferenceNumber: 307,
Name: "Naumen Public License",
LicenseID: "Naumen",
SeeAlso: []string{
"https://opensource.org/licenses/Naumen",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"unicode-3.0": {
Reference: "https://spdx.org/licenses/Unicode-3.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Unicode-3.0.json",
ReferenceNumber: 308,
Name: "Unicode License v3",
LicenseID: "Unicode-3.0",
SeeAlso: []string{
"https://www.unicode.org/license.txt",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"unicode-dfs-2016": {
Reference: "https://spdx.org/licenses/Unicode-DFS-2016.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Unicode-DFS-2016.json",
ReferenceNumber: 309,
Name: "Unicode License Agreement - Data Files and Software (2016)",
LicenseID: "Unicode-DFS-2016",
SeeAlso: []string{
"https://www.unicode.org/license.txt",
"http://web.archive.org/web/20160823201924/http://www.unicode.org/copyright.html#License",
"http://www.unicode.org/copyright.html",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"hidapi": {
Reference: "https://spdx.org/licenses/HIDAPI.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HIDAPI.json",
ReferenceNumber: 310,
Name: "HIDAPI License",
LicenseID: "HIDAPI",
SeeAlso: []string{
"https://github.com/signal11/hidapi/blob/master/LICENSE-orig.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"baekmuk": {
Reference: "https://spdx.org/licenses/Baekmuk.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Baekmuk.json",
ReferenceNumber: 311,
Name: "Baekmuk License",
LicenseID: "Baekmuk",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing:Baekmuk?rd=Licensing/Baekmuk",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"kazlib": {
Reference: "https://spdx.org/licenses/Kazlib.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Kazlib.json",
ReferenceNumber: 312,
Name: "Kazlib License",
LicenseID: "Kazlib",
SeeAlso: []string{
"http://git.savannah.gnu.org/cgit/kazlib.git/tree/except.c?id=0062df360c2d17d57f6af19b0e444c51feb99036",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"hpnd-mit-disclaimer": {
Reference: "https://spdx.org/licenses/HPND-MIT-disclaimer.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HPND-MIT-disclaimer.json",
ReferenceNumber: 313,
Name: "Historical Permission Notice and Disclaimer with MIT disclaimer",
LicenseID: "HPND-MIT-disclaimer",
SeeAlso: []string{
"https://metacpan.org/release/NLNETLABS/Net-DNS-SEC-1.22/source/LICENSE",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"oldap-2.2.2": {
Reference: "https://spdx.org/licenses/OLDAP-2.2.2.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OLDAP-2.2.2.json",
ReferenceNumber: 314,
Name: "Open LDAP Public License 2.2.2",
LicenseID: "OLDAP-2.2.2",
SeeAlso: []string{
"http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=df2cc1e21eb7c160695f5b7cffd6296c151ba188",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"adacore-doc": {
Reference: "https://spdx.org/licenses/AdaCore-doc.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/AdaCore-doc.json",
ReferenceNumber: 315,
Name: "AdaCore Doc License",
LicenseID: "AdaCore-doc",
SeeAlso: []string{
"https://github.com/AdaCore/xmlada/blob/master/docs/index.rst",
"https://github.com/AdaCore/gnatcoll-core/blob/master/docs/index.rst",
"https://github.com/AdaCore/gnatcoll-db/blob/master/docs/index.rst",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"0bsd": {
Reference: "https://spdx.org/licenses/0BSD.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/0BSD.json",
ReferenceNumber: 316,
Name: "BSD Zero Clause License",
LicenseID: "0BSD",
SeeAlso: []string{
"http://landley.net/toybox/license.html",
"https://opensource.org/licenses/0BSD",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"isc-veillard": {
Reference: "https://spdx.org/licenses/ISC-Veillard.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/ISC-Veillard.json",
ReferenceNumber: 317,
Name: "ISC Veillard variant",
LicenseID: "ISC-Veillard",
SeeAlso: []string{
"https://raw.githubusercontent.com/GNOME/libxml2/4c2e7c651f6c2f0d1a74f350cbda95f7df3e7017/hash.c",
"https://github.com/GNOME/libxml2/blob/master/dict.c",
"https://sourceforge.net/p/ctrio/git/ci/master/tree/README",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cern-ohl-1.2": {
Reference: "https://spdx.org/licenses/CERN-OHL-1.2.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CERN-OHL-1.2.json",
ReferenceNumber: 318,
Name: "CERN Open Hardware Licence v1.2",
LicenseID: "CERN-OHL-1.2",
SeeAlso: []string{
"https://www.ohwr.org/project/licenses/wikis/cern-ohl-v1.2",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"dvipdfm": {
Reference: "https://spdx.org/licenses/dvipdfm.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/dvipdfm.json",
ReferenceNumber: 319,
Name: "dvipdfm License",
LicenseID: "dvipdfm",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/dvipdfm",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"mulanpsl-1.0": {
Reference: "https://spdx.org/licenses/MulanPSL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MulanPSL-1.0.json",
ReferenceNumber: 320,
Name: "Mulan Permissive Software License, Version 1",
LicenseID: "MulanPSL-1.0",
SeeAlso: []string{
"https://license.coscl.org.cn/MulanPSL/",
"https://github.com/yuwenlong/longphp/blob/25dfb70cc2a466dc4bb55ba30901cbce08d164b5/LICENSE",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"jpl-image": {
Reference: "https://spdx.org/licenses/JPL-image.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/JPL-image.json",
ReferenceNumber: 321,
Name: "JPL Image Use Policy",
LicenseID: "JPL-image",
SeeAlso: []string{
"https://www.jpl.nasa.gov/jpl-image-use-policy",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"fsfullr": {
Reference: "https://spdx.org/licenses/FSFULLR.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/FSFULLR.json",
ReferenceNumber: 322,
Name: "FSF Unlimited License (with License Retention)",
LicenseID: "FSFULLR",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/FSF_Unlimited_License#License_Retention_Variant",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cryptoswift": {
Reference: "https://spdx.org/licenses/CryptoSwift.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CryptoSwift.json",
ReferenceNumber: 323,
Name: "CryptoSwift License",
LicenseID: "CryptoSwift",
SeeAlso: []string{
"https://github.com/krzyzanowskim/CryptoSwift/blob/main/LICENSE",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-nc-3.0-de": {
Reference: "https://spdx.org/licenses/CC-BY-NC-3.0-DE.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-NC-3.0-DE.json",
ReferenceNumber: 324,
Name: "Creative Commons Attribution Non Commercial 3.0 Germany",
LicenseID: "CC-BY-NC-3.0-DE",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nc/3.0/de/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bittorrent-1.1": {
Reference: "https://spdx.org/licenses/BitTorrent-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BitTorrent-1.1.json",
ReferenceNumber: 325,
Name: "BitTorrent Open Source License v1.1",
LicenseID: "BitTorrent-1.1",
SeeAlso: []string{
"http://directory.fsf.org/wiki/License:BitTorrentOSL1.1",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"epl-2.0": {
Reference: "https://spdx.org/licenses/EPL-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/EPL-2.0.json",
ReferenceNumber: 326,
Name: "Eclipse Public License 2.0",
LicenseID: "EPL-2.0",
SeeAlso: []string{
"https://www.eclipse.org/legal/epl-2.0",
"https://www.opensource.org/licenses/EPL-2.0",
"https://www.eclipse.org/legal/epl-v20.html",
"https://projects.eclipse.org/license/epl-2.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Weak Copyleft (Medium Risk)"),
},
"vim": {
Reference: "https://spdx.org/licenses/Vim.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Vim.json",
ReferenceNumber: 327,
Name: "Vim License",
LicenseID: "Vim",
SeeAlso: []string{
"http://vimdoc.sourceforge.net/htmldoc/uganda.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"inner-net-2.0": {
Reference: "https://spdx.org/licenses/Inner-Net-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Inner-Net-2.0.json",
ReferenceNumber: 328,
Name: "Inner Net License v2.0",
LicenseID: "Inner-Net-2.0",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Inner_Net_License",
"https://sourceware.org/git/?p=glibc.git;a=blob;f=LICENSES;h=530893b1dc9ea00755603c68fb36bd4fc38a7be8;hb=HEAD#l207",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"lgpl-2.0-only": {
Reference: "https://spdx.org/licenses/LGPL-2.0-only.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/LGPL-2.0-only.json",
ReferenceNumber: 329,
Name: "GNU Library General Public License v2 only",
LicenseID: "LGPL-2.0-only",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/lgpl-2.0-standalone.html",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Weak Copyleft (Medium Risk)"),
},
"zimbra-1.4": {
Reference: "https://spdx.org/licenses/Zimbra-1.4.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Zimbra-1.4.json",
ReferenceNumber: 330,
Name: "Zimbra Public License v1.4",
LicenseID: "Zimbra-1.4",
SeeAlso: []string{
"http://www.zimbra.com/legal/zimbra-public-license-1-4",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cornell-lossless-jpeg": {
Reference: "https://spdx.org/licenses/Cornell-Lossless-JPEG.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Cornell-Lossless-JPEG.json",
ReferenceNumber: 331,
Name: "Cornell Lossless JPEG License",
LicenseID: "Cornell-Lossless-JPEG",
SeeAlso: []string{
"https://android.googlesource.com/platform/external/dng_sdk/+/refs/heads/master/source/dng_lossless_jpeg.cpp#16",
"https://www.mssl.ucl.ac.uk/~mcrw/src/20050920/proto.h",
"https://gitlab.freedesktop.org/libopenraw/libopenraw/blob/master/lib/ljpegdecompressor.cpp#L32",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"knuth-ctan": {
Reference: "https://spdx.org/licenses/Knuth-CTAN.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Knuth-CTAN.json",
ReferenceNumber: 332,
Name: "Knuth CTAN License",
LicenseID: "Knuth-CTAN",
SeeAlso: []string{
"https://ctan.org/license/knuth",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"oldap-1.1": {
Reference: "https://spdx.org/licenses/OLDAP-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OLDAP-1.1.json",
ReferenceNumber: 333,
Name: "Open LDAP Public License v1.1",
LicenseID: "OLDAP-1.1",
SeeAlso: []string{
"http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=806557a5ad59804ef3a44d5abfbe91d706b0791f",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-nc-nd-2.0": {
Reference: "https://spdx.org/licenses/CC-BY-NC-ND-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-NC-ND-2.0.json",
ReferenceNumber: 334,
Name: "Creative Commons Attribution Non Commercial No Derivatives 2.0 Generic",
LicenseID: "CC-BY-NC-ND-2.0",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nc-nd/2.0/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"borceux": {
Reference: "https://spdx.org/licenses/Borceux.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Borceux.json",
ReferenceNumber: 335,
Name: "Borceux license",
LicenseID: "Borceux",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Borceux",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"dsdp": {
Reference: "https://spdx.org/licenses/DSDP.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/DSDP.json",
ReferenceNumber: 336,
Name: "DSDP License",
LicenseID: "DSDP",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/DSDP",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"unlicense": {
Reference: "https://spdx.org/licenses/Unlicense.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Unlicense.json",
ReferenceNumber: 337,
Name: "The Unlicense",
LicenseID: "Unlicense",
SeeAlso: []string{
"https://unlicense.org/",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"ecl-2.0": {
Reference: "https://spdx.org/licenses/ECL-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/ECL-2.0.json",
ReferenceNumber: 338,
Name: "Educational Community License v2.0",
LicenseID: "ECL-2.0",
SeeAlso: []string{
"https://opensource.org/licenses/ECL-2.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"hpnd-pbmplus": {
Reference: "https://spdx.org/licenses/HPND-Pbmplus.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HPND-Pbmplus.json",
ReferenceNumber: 339,
Name: "Historical Permission Notice and Disclaimer - Pbmplus variant",
LicenseID: "HPND-Pbmplus",
SeeAlso: []string{
"https://sourceforge.net/p/netpbm/code/HEAD/tree/super_stable/netpbm.c#l8",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"aswf-digital-assets-1.0": {
Reference: "https://spdx.org/licenses/ASWF-Digital-Assets-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/ASWF-Digital-Assets-1.0.json",
ReferenceNumber: 340,
Name: "ASWF Digital Assets License version 1.0",
LicenseID: "ASWF-Digital-Assets-1.0",
SeeAlso: []string{
"https://github.com/AcademySoftwareFoundation/foundation/blob/main/digital_assets/aswf_digital_assets_license_v1.0.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"hpnd-sell-mit-disclaimer-xserver": {
Reference: "https://spdx.org/licenses/HPND-sell-MIT-disclaimer-xserver.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HPND-sell-MIT-disclaimer-xserver.json",
ReferenceNumber: 341,
Name: "Historical Permission Notice and Disclaimer - sell xserver variant with MIT disclaimer",
LicenseID: "HPND-sell-MIT-disclaimer-xserver",
SeeAlso: []string{
"https://gitlab.freedesktop.org/xorg/xserver/-/blob/master/COPYING?ref_type=heads#L1781",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"spl-1.0": {
Reference: "https://spdx.org/licenses/SPL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SPL-1.0.json",
ReferenceNumber: 342,
Name: "Sun Public License v1.0",
LicenseID: "SPL-1.0",
SeeAlso: []string{
"https://opensource.org/licenses/SPL-1.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"afl-3.0": {
Reference: "https://spdx.org/licenses/AFL-3.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/AFL-3.0.json",
ReferenceNumber: 343,
Name: "Academic Free License v3.0",
LicenseID: "AFL-3.0",
SeeAlso: []string{
"http://www.rosenlaw.com/AFL3.0.htm",
"https://opensource.org/licenses/afl-3.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"oldap-2.6": {
Reference: "https://spdx.org/licenses/OLDAP-2.6.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OLDAP-2.6.json",
ReferenceNumber: 344,
Name: "Open LDAP Public License v2.6",
LicenseID: "OLDAP-2.6",
SeeAlso: []string{
"http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=1cae062821881f41b73012ba816434897abf4205",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bsd-advertising-acknowledgement": {
Reference: "https://spdx.org/licenses/BSD-Advertising-Acknowledgement.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-Advertising-Acknowledgement.json",
ReferenceNumber: 345,
Name: "BSD Advertising Acknowledgement License",
LicenseID: "BSD-Advertising-Acknowledgement",
SeeAlso: []string{
"https://github.com/python-excel/xlrd/blob/master/LICENSE#L33",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"sax-pd-2.0": {
Reference: "https://spdx.org/licenses/SAX-PD-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SAX-PD-2.0.json",
ReferenceNumber: 346,
Name: "Sax Public Domain Notice 2.0",
LicenseID: "SAX-PD-2.0",
SeeAlso: []string{
"http://www.saxproject.org/copying.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"crossword": {
Reference: "https://spdx.org/licenses/Crossword.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Crossword.json",
ReferenceNumber: 347,
Name: "Crossword License",
LicenseID: "Crossword",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Crossword",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"swrule": {
Reference: "https://spdx.org/licenses/swrule.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/swrule.json",
ReferenceNumber: 348,
Name: "swrule License",
LicenseID: "swrule",
SeeAlso: []string{
"https://ctan.math.utah.edu/ctan/tex-archive/macros/generic/misc/swrule.sty",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"lzma-sdk-9.11-to-9.20": {
Reference: "https://spdx.org/licenses/LZMA-SDK-9.11-to-9.20.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/LZMA-SDK-9.11-to-9.20.json",
ReferenceNumber: 349,
Name: "LZMA SDK License (versions 9.11 to 9.20)",
LicenseID: "LZMA-SDK-9.11-to-9.20",
SeeAlso: []string{
"https://www.7-zip.org/sdk.html",
"https://sourceforge.net/projects/sevenzip/files/LZMA%20SDK/",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gfdl-1.2": {
Reference: "https://spdx.org/licenses/GFDL-1.2.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/GFDL-1.2.json",
ReferenceNumber: 350,
Name: "GNU Free Documentation License v1.2",
LicenseID: "GFDL-1.2",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"mips": {
Reference: "https://spdx.org/licenses/MIPS.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MIPS.json",
ReferenceNumber: 351,
Name: "MIPS License",
LicenseID: "MIPS",
SeeAlso: []string{
"https://sourceware.org/cgit/binutils-gdb/tree/include/coff/sym.h#n11",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cnri-python": {
Reference: "https://spdx.org/licenses/CNRI-Python.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CNRI-Python.json",
ReferenceNumber: 352,
Name: "CNRI Python License",
LicenseID: "CNRI-Python",
SeeAlso: []string{
"https://opensource.org/licenses/CNRI-Python",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"ucar": {
Reference: "https://spdx.org/licenses/UCAR.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/UCAR.json",
ReferenceNumber: 353,
Name: "UCAR License",
LicenseID: "UCAR",
SeeAlso: []string{
"https://github.com/Unidata/UDUNITS-2/blob/master/COPYRIGHT",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"innosetup": {
Reference: "https://spdx.org/licenses/InnoSetup.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/InnoSetup.json",
ReferenceNumber: 354,
Name: "Inno Setup License",
LicenseID: "InnoSetup",
SeeAlso: []string{
"https://github.com/jrsoftware/issrc/blob/HEAD/license.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"mit-wu": {
Reference: "https://spdx.org/licenses/MIT-Wu.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MIT-Wu.json",
ReferenceNumber: 355,
Name: "MIT Tom Wu Variant",
LicenseID: "MIT-Wu",
SeeAlso: []string{
"https://github.com/chromium/octane/blob/master/crypto.js",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-nc-sa-2.0-de": {
Reference: "https://spdx.org/licenses/CC-BY-NC-SA-2.0-DE.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-NC-SA-2.0-DE.json",
ReferenceNumber: 356,
Name: "Creative Commons Attribution Non Commercial Share Alike 2.0 Germany",
LicenseID: "CC-BY-NC-SA-2.0-DE",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nc-sa/2.0/de/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"hpnd-sell-variant-mit-disclaimer-rev": {
Reference: "https://spdx.org/licenses/HPND-sell-variant-MIT-disclaimer-rev.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HPND-sell-variant-MIT-disclaimer-rev.json",
ReferenceNumber: 357,
Name: "HPND sell variant with MIT disclaimer - reverse",
LicenseID: "HPND-sell-variant-MIT-disclaimer-rev",
SeeAlso: []string{
"https://github.com/sigmavirus24/x11-ssh-askpass/blob/master/dynlist.c",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gpl-2.0-with-bison-exception": {
Reference: "https://spdx.org/licenses/GPL-2.0-with-bison-exception.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/GPL-2.0-with-bison-exception.json",
ReferenceNumber: 358,
Name: "GNU General Public License v2.0 w/Bison exception",
LicenseID: "GPL-2.0-with-bison-exception",
SeeAlso: []string{
"http://git.savannah.gnu.org/cgit/bison.git/tree/data/yacc.c?id=193d7c7054ba7197b0789e14965b739162319b5e#n141",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-nc-sa-3.0": {
Reference: "https://spdx.org/licenses/CC-BY-NC-SA-3.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-NC-SA-3.0.json",
ReferenceNumber: 359,
Name: "Creative Commons Attribution Non Commercial Share Alike 3.0 Unported",
LicenseID: "CC-BY-NC-SA-3.0",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nc-sa/3.0/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gl2ps": {
Reference: "https://spdx.org/licenses/GL2PS.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/GL2PS.json",
ReferenceNumber: 360,
Name: "GL2PS License",
LicenseID: "GL2PS",
SeeAlso: []string{
"http://www.geuz.org/gl2ps/COPYING.GL2PS",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"martin-birgmeier": {
Reference: "https://spdx.org/licenses/Martin-Birgmeier.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Martin-Birgmeier.json",
ReferenceNumber: 361,
Name: "Martin Birgmeier License",
LicenseID: "Martin-Birgmeier",
SeeAlso: []string{
"https://github.com/Perl/perl5/blob/blead/util.c#L6136",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"xlock": {
Reference: "https://spdx.org/licenses/xlock.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/xlock.json",
ReferenceNumber: 362,
Name: "xlock License",
LicenseID: "xlock",
SeeAlso: []string{
"https://fossies.org/linux/tiff/contrib/ras/ras2tif.c",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"etalab-2.0": {
Reference: "https://spdx.org/licenses/etalab-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/etalab-2.0.json",
ReferenceNumber: 363,
Name: "Etalab Open License 2.0",
LicenseID: "etalab-2.0",
SeeAlso: []string{
"https://github.com/DISIC/politique-de-contribution-open-source/blob/master/LICENSE.pdf",
"https://raw.githubusercontent.com/DISIC/politique-de-contribution-open-source/master/LICENSE",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"oldap-2.8": {
Reference: "https://spdx.org/licenses/OLDAP-2.8.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OLDAP-2.8.json",
ReferenceNumber: 364,
Name: "Open LDAP Public License v2.8",
LicenseID: "OLDAP-2.8",
SeeAlso: []string{
"http://www.openldap.org/software/release/license.html",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"w3c-19980720": {
Reference: "https://spdx.org/licenses/W3C-19980720.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/W3C-19980720.json",
ReferenceNumber: 365,
Name: "W3C Software Notice and License (1998-07-20)",
LicenseID: "W3C-19980720",
SeeAlso: []string{
"http://www.w3.org/Consortium/Legal/copyright-software-19980720.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-3.0-us": {
Reference: "https://spdx.org/licenses/CC-BY-3.0-US.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-3.0-US.json",
ReferenceNumber: 366,
Name: "Creative Commons Attribution 3.0 United States",
LicenseID: "CC-BY-3.0-US",
SeeAlso: []string{
"https://creativecommons.org/licenses/by/3.0/us/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cpl-1.0": {
Reference: "https://spdx.org/licenses/CPL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CPL-1.0.json",
ReferenceNumber: 367,
Name: "Common Public License 1.0",
LicenseID: "CPL-1.0",
SeeAlso: []string{
"https://opensource.org/licenses/CPL-1.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Weak Copyleft (Medium Risk)"),
},
"offis": {
Reference: "https://spdx.org/licenses/OFFIS.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OFFIS.json",
ReferenceNumber: 368,
Name: "OFFIS License",
LicenseID: "OFFIS",
SeeAlso: []string{
"https://sourceforge.net/p/xmedcon/code/ci/master/tree/libs/dicom/README",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc0-1.0": {
Reference: "https://spdx.org/licenses/CC0-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC0-1.0.json",
ReferenceNumber: 369,
Name: "Creative Commons Zero v1.0 Universal",
LicenseID: "CC0-1.0",
SeeAlso: []string{
"https://creativecommons.org/publicdomain/zero/1.0/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cecill-2.0": {
Reference: "https://spdx.org/licenses/CECILL-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CECILL-2.0.json",
ReferenceNumber: 370,
Name: "CeCILL Free Software License Agreement v2.0",
LicenseID: "CECILL-2.0",
SeeAlso: []string{
"http://www.cecill.info/licences/Licence_CeCILL_V2-en.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"occt-pl": {
Reference: "https://spdx.org/licenses/OCCT-PL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OCCT-PL.json",
ReferenceNumber: 371,
Name: "Open CASCADE Technology Public License",
LicenseID: "OCCT-PL",
SeeAlso: []string{
"http://www.opencascade.com/content/occt-public-license",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"npl-1.0": {
Reference: "https://spdx.org/licenses/NPL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/NPL-1.0.json",
ReferenceNumber: 372,
Name: "Netscape Public License v1.0",
LicenseID: "NPL-1.0",
SeeAlso: []string{
"http://www.mozilla.org/MPL/NPL/1.0/",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"magaz": {
Reference: "https://spdx.org/licenses/magaz.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/magaz.json",
ReferenceNumber: 373,
Name: "magaz License",
LicenseID: "magaz",
SeeAlso: []string{
"https://mirrors.nic.cz/tex-archive/macros/latex/contrib/magaz/magaz.tex",
"https://mirrors.ctan.org/macros/latex/contrib/version/version.sty",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"soundex": {
Reference: "https://spdx.org/licenses/Soundex.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Soundex.json",
ReferenceNumber: 374,
Name: "Soundex License",
LicenseID: "Soundex",
SeeAlso: []string{
"https://metacpan.org/release/RJBS/Text-Soundex-3.05/source/Soundex.pm#L3-11",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"sofa": {
Reference: "https://spdx.org/licenses/SOFA.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SOFA.json",
ReferenceNumber: 375,
Name: "SOFA Software License",
LicenseID: "SOFA",
SeeAlso: []string{
"http://www.iausofa.org/tandc.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"frameworx-1.0": {
Reference: "https://spdx.org/licenses/Frameworx-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Frameworx-1.0.json",
ReferenceNumber: 376,
Name: "Frameworx Open License 1.0",
LicenseID: "Frameworx-1.0",
SeeAlso: []string{
"https://opensource.org/licenses/Frameworx-1.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"check-cvs": {
Reference: "https://spdx.org/licenses/check-cvs.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/check-cvs.json",
ReferenceNumber: 377,
Name: "check-cvs License",
LicenseID: "check-cvs",
SeeAlso: []string{
"http://cvs.savannah.gnu.org/viewvc/cvs/ccvs/contrib/check_cvs.in?revision=1.1.4.3&view=markup&pathrev=cvs1-11-23#l2",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"oldap-2.2.1": {
Reference: "https://spdx.org/licenses/OLDAP-2.2.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OLDAP-2.2.1.json",
ReferenceNumber: 378,
Name: "Open LDAP Public License v2.2.1",
LicenseID: "OLDAP-2.2.1",
SeeAlso: []string{
"http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=4bc786f34b50aa301be6f5600f58a980070f481e",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"apache-1.0": {
Reference: "https://spdx.org/licenses/Apache-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Apache-1.0.json",
ReferenceNumber: 379,
Name: "Apache License 1.0",
LicenseID: "Apache-1.0",
SeeAlso: []string{
"http://www.apache.org/licenses/LICENSE-1.0",
},
IsOsiApproved: false,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"urt-rle": {
Reference: "https://spdx.org/licenses/URT-RLE.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/URT-RLE.json",
ReferenceNumber: 380,
Name: "Utah Raster Toolkit Run Length Encoded License",
LicenseID: "URT-RLE",
SeeAlso: []string{
"https://sourceforge.net/p/netpbm/code/HEAD/tree/super_stable/converter/other/pnmtorle.c",
"https://sourceforge.net/p/netpbm/code/HEAD/tree/super_stable/converter/other/rletopnm.c",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"mailprio": {
Reference: "https://spdx.org/licenses/mailprio.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/mailprio.json",
ReferenceNumber: 381,
Name: "mailprio License",
LicenseID: "mailprio",
SeeAlso: []string{
"https://fossies.org/linux/sendmail/contrib/mailprio",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"oldap-2.4": {
Reference: "https://spdx.org/licenses/OLDAP-2.4.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OLDAP-2.4.json",
ReferenceNumber: 382,
Name: "Open LDAP Public License v2.4",
LicenseID: "OLDAP-2.4",
SeeAlso: []string{
"http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=cd1284c4a91a8a380d904eee68d1583f989ed386",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bsd-source-beginning-file": {
Reference: "https://spdx.org/licenses/BSD-Source-beginning-file.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-Source-beginning-file.json",
ReferenceNumber: 383,
Name: "BSD Source Code Attribution - beginning of file variant",
LicenseID: "BSD-Source-beginning-file",
SeeAlso: []string{
"https://github.com/lattera/freebsd/blob/master/sys/cam/cam.c#L4",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-sa-1.0": {
Reference: "https://spdx.org/licenses/CC-BY-SA-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-SA-1.0.json",
ReferenceNumber: 384,
Name: "Creative Commons Attribution Share Alike 1.0 Generic",
LicenseID: "CC-BY-SA-1.0",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-sa/1.0/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cdl-1.0": {
Reference: "https://spdx.org/licenses/CDL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CDL-1.0.json",
ReferenceNumber: 385,
Name: "Common Documentation License 1.0",
LicenseID: "CDL-1.0",
SeeAlso: []string{
"http://www.opensource.apple.com/cdl/",
"https://fedoraproject.org/wiki/Licensing/Common_Documentation_License",
"https://www.gnu.org/licenses/license-list.html#ACDL",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"oldap-1.3": {
Reference: "https://spdx.org/licenses/OLDAP-1.3.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OLDAP-1.3.json",
ReferenceNumber: 386,
Name: "Open LDAP Public License v1.3",
LicenseID: "OLDAP-1.3",
SeeAlso: []string{
"http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=e5f8117f0ce088d0bd7a8e18ddf37eaa40eb09b1",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"hpnd-netrek": {
Reference: "https://spdx.org/licenses/HPND-Netrek.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HPND-Netrek.json",
ReferenceNumber: 387,
Name: "Historical Permission Notice and Disclaimer - Netrek variant",
LicenseID: "HPND-Netrek",
SeeAlso: []string{},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"artistic-1.0": {
Reference: "https://spdx.org/licenses/Artistic-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Artistic-1.0.json",
ReferenceNumber: 388,
Name: "Artistic License 1.0",
LicenseID: "Artistic-1.0",
SeeAlso: []string{
"https://opensource.org/licenses/Artistic-1.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"checkmk": {
Reference: "https://spdx.org/licenses/checkmk.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/checkmk.json",
ReferenceNumber: 389,
Name: "Checkmk License",
LicenseID: "checkmk",
SeeAlso: []string{
"https://github.com/libcheck/check/blob/master/checkmk/checkmk.in",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"saxpath": {
Reference: "https://spdx.org/licenses/Saxpath.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Saxpath.json",
ReferenceNumber: 390,
Name: "Saxpath License",
LicenseID: "Saxpath",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Saxpath_License",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cmu-mach-nodoc": {
Reference: "https://spdx.org/licenses/CMU-Mach-nodoc.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CMU-Mach-nodoc.json",
ReferenceNumber: 391,
Name: "CMU Mach - no notices-in-documentation variant",
LicenseID: "CMU-Mach-nodoc",
SeeAlso: []string{
"https://github.com/krb5/krb5/blob/krb5-1.21.2-final/NOTICE#L718-L728",
"https://web.mit.edu/kerberos/krb5-1.21/doc/mitK5license.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ncgl-uk-2.0": {
Reference: "https://spdx.org/licenses/NCGL-UK-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/NCGL-UK-2.0.json",
ReferenceNumber: 392,
Name: "Non-Commercial Government Licence",
LicenseID: "NCGL-UK-2.0",
SeeAlso: []string{
"http://www.nationalarchives.gov.uk/doc/non-commercial-government-licence/version/2/",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"eupl-1.1": {
Reference: "https://spdx.org/licenses/EUPL-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/EUPL-1.1.json",
ReferenceNumber: 393,
Name: "European Union Public License 1.1",
LicenseID: "EUPL-1.1",
SeeAlso: []string{
"https://joinup.ec.europa.eu/software/page/eupl/licence-eupl",
"https://joinup.ec.europa.eu/sites/default/files/custom-page/attachment/eupl1.1.-licence-en_0.pdf",
"https://opensource.org/licenses/EUPL-1.1",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Strong Copyleft (High Risk)"),
},
"cc-by-nd-2.5": {
Reference: "https://spdx.org/licenses/CC-BY-ND-2.5.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-ND-2.5.json",
ReferenceNumber: 394,
Name: "Creative Commons Attribution No Derivatives 2.5 Generic",
LicenseID: "CC-BY-ND-2.5",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nd/2.5/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"sunpro": {
Reference: "https://spdx.org/licenses/SunPro.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SunPro.json",
ReferenceNumber: 395,
Name: "SunPro License",
LicenseID: "SunPro",
SeeAlso: []string{
"https://github.com/freebsd/freebsd-src/blob/main/lib/msun/src/e_acosh.c",
"https://github.com/freebsd/freebsd-src/blob/main/lib/msun/src/e_lgammal.c",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"elastic-2.0": {
Reference: "https://spdx.org/licenses/Elastic-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Elastic-2.0.json",
ReferenceNumber: 396,
Name: "Elastic License 2.0",
LicenseID: "Elastic-2.0",
SeeAlso: []string{
"https://www.elastic.co/licensing/elastic-license",
"https://github.com/elastic/elasticsearch/blob/master/licenses/ELASTIC-LICENSE-2.0.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"odbl-1.0": {
Reference: "https://spdx.org/licenses/ODbL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/ODbL-1.0.json",
ReferenceNumber: 397,
Name: "Open Data Commons Open Database License v1.0",
LicenseID: "ODbL-1.0",
SeeAlso: []string{
"http://www.opendatacommons.org/licenses/odbl/1.0/",
"https://opendatacommons.org/licenses/odbl/1-0/",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cern-ohl-1.1": {
Reference: "https://spdx.org/licenses/CERN-OHL-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CERN-OHL-1.1.json",
ReferenceNumber: 398,
Name: "CERN Open Hardware Licence v1.1",
LicenseID: "CERN-OHL-1.1",
SeeAlso: []string{
"https://www.ohwr.org/project/licenses/wikis/cern-ohl-v1.1",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"iec-code-components-eula": {
Reference: "https://spdx.org/licenses/IEC-Code-Components-EULA.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/IEC-Code-Components-EULA.json",
ReferenceNumber: 399,
Name: "IEC Code Components End-user licence agreement",
LicenseID: "IEC-Code-Components-EULA",
SeeAlso: []string{
"https://www.iec.ch/webstore/custserv/pdf/CC-EULA.pdf",
"https://www.iec.ch/CCv1",
"https://www.iec.ch/copyright",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ogl-uk-2.0": {
Reference: "https://spdx.org/licenses/OGL-UK-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OGL-UK-2.0.json",
ReferenceNumber: 400,
Name: "Open Government Licence v2.0",
LicenseID: "OGL-UK-2.0",
SeeAlso: []string{
"http://www.nationalarchives.gov.uk/doc/open-government-licence/version/2/",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"caldera-no-preamble": {
Reference: "https://spdx.org/licenses/Caldera-no-preamble.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Caldera-no-preamble.json",
ReferenceNumber: 401,
Name: "Caldera License (without preamble)",
LicenseID: "Caldera-no-preamble",
SeeAlso: []string{
"https://github.com/apache/apr/blob/trunk/LICENSE#L298C6-L298C29",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"libutil-david-nugent": {
Reference: "https://spdx.org/licenses/libutil-David-Nugent.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/libutil-David-Nugent.json",
ReferenceNumber: 402,
Name: "libutil David Nugent License",
LicenseID: "libutil-David-Nugent",
SeeAlso: []string{
"http://web.mit.edu/freebsd/head/lib/libutil/login_ok.3",
"https://cgit.freedesktop.org/libbsd/tree/man/setproctitle.3bsd",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"thirdeye": {
Reference: "https://spdx.org/licenses/ThirdEye.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/ThirdEye.json",
ReferenceNumber: 403,
Name: "ThirdEye License",
LicenseID: "ThirdEye",
SeeAlso: []string{
"https://sourceware.org/cgit/binutils-gdb/tree/include/coff/symconst.h#n11",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"mit-open-group": {
Reference: "https://spdx.org/licenses/MIT-open-group.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MIT-open-group.json",
ReferenceNumber: 404,
Name: "MIT Open Group variant",
LicenseID: "MIT-open-group",
SeeAlso: []string{
"https://gitlab.freedesktop.org/xorg/app/iceauth/-/blob/master/COPYING",
"https://gitlab.freedesktop.org/xorg/app/xsetroot/-/blob/master/COPYING",
"https://gitlab.freedesktop.org/xorg/app/xauth/-/blob/master/COPYING",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"eupl-1.0": {
Reference: "https://spdx.org/licenses/EUPL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/EUPL-1.0.json",
ReferenceNumber: 405,
Name: "European Union Public License 1.0",
LicenseID: "EUPL-1.0",
SeeAlso: []string{
"http://ec.europa.eu/idabc/en/document/7330.html",
"http://ec.europa.eu/idabc/servlets/Doc027f.pdf?id=31096",
},
IsOsiApproved: false,
RiskCategory: RiskCategory("Strong Copyleft (High Risk)"),
},
"nicta-1.0": {
Reference: "https://spdx.org/licenses/NICTA-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/NICTA-1.0.json",
ReferenceNumber: 406,
Name: "NICTA Public Software License, Version 1.0",
LicenseID: "NICTA-1.0",
SeeAlso: []string{
"https://opensource.apple.com/source/mDNSResponder/mDNSResponder-320.10/mDNSPosix/nss_ReadMe.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cddl-1.0": {
Reference: "https://spdx.org/licenses/CDDL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CDDL-1.0.json",
ReferenceNumber: 407,
Name: "Common Development and Distribution License 1.0",
LicenseID: "CDDL-1.0",
SeeAlso: []string{
"https://opensource.org/licenses/cddl1",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Weak Copyleft (Medium Risk)"),
},
"mit-feh": {
Reference: "https://spdx.org/licenses/MIT-feh.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MIT-feh.json",
ReferenceNumber: 408,
Name: "feh License",
LicenseID: "MIT-feh",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/MIT#feh",
},
IsOsiApproved: false,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"lgpl-2.0+": {
Reference: "https://spdx.org/licenses/LGPL-2.0+.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/LGPL-2.0+.json",
ReferenceNumber: 409,
Name: "GNU Library General Public License v2 or later",
LicenseID: "LGPL-2.0+",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/lgpl-2.0-standalone.html",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"cc-by-3.0-igo": {
Reference: "https://spdx.org/licenses/CC-BY-3.0-IGO.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-3.0-IGO.json",
ReferenceNumber: 410,
Name: "Creative Commons Attribution 3.0 IGO",
LicenseID: "CC-BY-3.0-IGO",
SeeAlso: []string{
"https://creativecommons.org/licenses/by/3.0/igo/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"oldap-2.3": {
Reference: "https://spdx.org/licenses/OLDAP-2.3.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OLDAP-2.3.json",
ReferenceNumber: 411,
Name: "Open LDAP Public License v2.3",
LicenseID: "OLDAP-2.3",
SeeAlso: []string{
"http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=d32cf54a32d581ab475d23c810b0a7fbaf8d63c3",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bzip2-1.0.5": {
Reference: "https://spdx.org/licenses/bzip2-1.0.5.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/bzip2-1.0.5.json",
ReferenceNumber: 412,
Name: "bzip2 and libbzip2 License v1.0.5",
LicenseID: "bzip2-1.0.5",
SeeAlso: []string{
"https://sourceware.org/bzip2/1.0.5/bzip2-manual-1.0.5.html",
"http://bzip.org/1.0.5/bzip2-manual-1.0.5.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"rpl-1.5": {
Reference: "https://spdx.org/licenses/RPL-1.5.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/RPL-1.5.json",
ReferenceNumber: 413,
Name: "Reciprocal Public License 1.5",
LicenseID: "RPL-1.5",
SeeAlso: []string{
"https://opensource.org/licenses/RPL-1.5",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Strong Copyleft (High Risk)"),
},
"opubl-1.0": {
Reference: "https://spdx.org/licenses/OPUBL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OPUBL-1.0.json",
ReferenceNumber: 414,
Name: "Open Publication License v1.0",
LicenseID: "OPUBL-1.0",
SeeAlso: []string{
"http://opencontent.org/openpub/",
"https://www.debian.org/opl",
"https://www.ctan.org/license/opl",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"agpl-1.0-only": {
Reference: "https://spdx.org/licenses/AGPL-1.0-only.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/AGPL-1.0-only.json",
ReferenceNumber: 415,
Name: "Affero General Public License v1.0 only",
LicenseID: "AGPL-1.0-only",
SeeAlso: []string{
"http://www.affero.org/oagpl.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory("Strong Copyleft (High Risk)"),
},
"tosl": {
Reference: "https://spdx.org/licenses/TOSL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/TOSL.json",
ReferenceNumber: 416,
Name: "Trusster Open Source License",
LicenseID: "TOSL",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/TOSL",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ftl": {
Reference: "https://spdx.org/licenses/FTL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/FTL.json",
ReferenceNumber: 417,
Name: "Freetype Project License",
LicenseID: "FTL",
SeeAlso: []string{
"http://freetype.fis.uniroma2.it/FTL.TXT",
"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/docs/FTL.TXT",
"http://gitlab.freedesktop.org/freetype/freetype/-/raw/master/docs/FTL.TXT",
},
IsOsiApproved: false,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"wtfpl": {
Reference: "https://spdx.org/licenses/WTFPL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/WTFPL.json",
ReferenceNumber: 418,
Name: "Do What The F*ck You Want To Public License",
LicenseID: "WTFPL",
SeeAlso: []string{
"http://www.wtfpl.net/about/",
"http://sam.zoy.org/wtfpl/COPYING",
},
IsOsiApproved: false,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"intel": {
Reference: "https://spdx.org/licenses/Intel.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Intel.json",
ReferenceNumber: 419,
Name: "Intel Open Source License",
LicenseID: "Intel",
SeeAlso: []string{
"https://opensource.org/licenses/Intel",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"barr": {
Reference: "https://spdx.org/licenses/Barr.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Barr.json",
ReferenceNumber: 420,
Name: "Barr License",
LicenseID: "Barr",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Barr",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"zlib": {
Reference: "https://spdx.org/licenses/Zlib.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Zlib.json",
ReferenceNumber: 421,
Name: "zlib License",
LicenseID: "Zlib",
SeeAlso: []string{
"http://www.zlib.net/zlib_license.html",
"https://opensource.org/licenses/Zlib",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"bsd-systemics-w3works": {
Reference: "https://spdx.org/licenses/BSD-Systemics-W3Works.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-Systemics-W3Works.json",
ReferenceNumber: 422,
Name: "Systemics W3Works BSD variant license",
LicenseID: "BSD-Systemics-W3Works",
SeeAlso: []string{
"https://metacpan.org/release/DPARIS/Crypt-Blowfish-2.14/source/COPYRIGHT#L7",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"psfrag": {
Reference: "https://spdx.org/licenses/psfrag.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/psfrag.json",
ReferenceNumber: 423,
Name: "psfrag License",
LicenseID: "psfrag",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/psfrag",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"aal": {
Reference: "https://spdx.org/licenses/AAL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/AAL.json",
ReferenceNumber: 424,
Name: "Attribution Assurance License",
LicenseID: "AAL",
SeeAlso: []string{
"https://opensource.org/licenses/attribution",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"cecill-b": {
Reference: "https://spdx.org/licenses/CECILL-B.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CECILL-B.json",
ReferenceNumber: 425,
Name: "CeCILL-B Free Software License Agreement",
LicenseID: "CECILL-B",
SeeAlso: []string{
"http://www.cecill.info/licences/Licence_CeCILL-B_V1-en.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ntia-pd": {
Reference: "https://spdx.org/licenses/NTIA-PD.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/NTIA-PD.json",
ReferenceNumber: 426,
Name: "NTIA Public Domain Notice",
LicenseID: "NTIA-PD",
SeeAlso: []string{
"https://raw.githubusercontent.com/NTIA/itm/refs/heads/master/LICENSE.md",
"https://raw.githubusercontent.com/NTIA/scos-sensor/refs/heads/master/LICENSE.md",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"agpl-3.0": {
Reference: "https://spdx.org/licenses/AGPL-3.0.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/AGPL-3.0.json",
ReferenceNumber: 427,
Name: "GNU Affero General Public License v3.0",
LicenseID: "AGPL-3.0",
SeeAlso: []string{
"https://www.gnu.org/licenses/agpl.txt",
"https://opensource.org/licenses/AGPL-3.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Strong Copyleft (High Risk)"),
},
"cc-by-nc-1.0": {
Reference: "https://spdx.org/licenses/CC-BY-NC-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-NC-1.0.json",
ReferenceNumber: 428,
Name: "Creative Commons Attribution Non Commercial 1.0 Generic",
LicenseID: "CC-BY-NC-1.0",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nc/1.0/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"libpng-1.6.35": {
Reference: "https://spdx.org/licenses/libpng-1.6.35.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/libpng-1.6.35.json",
ReferenceNumber: 429,
Name: "PNG Reference Library License v1 (for libpng 0.5 through 1.6.35)",
LicenseID: "libpng-1.6.35",
SeeAlso: []string{
"http://www.libpng.org/pub/png/src/libpng-LICENSE.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bsd-2-clause": {
Reference: "https://spdx.org/licenses/BSD-2-Clause.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-2-Clause.json",
ReferenceNumber: 430,
Name: "BSD 2-Clause \"Simplified\" License",
LicenseID: "BSD-2-Clause",
SeeAlso: []string{
"https://opensource.org/licenses/BSD-2-Clause",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"wxwindows": {
Reference: "https://spdx.org/licenses/wxWindows.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/wxWindows.json",
ReferenceNumber: 431,
Name: "wxWindows Library License",
LicenseID: "wxWindows",
SeeAlso: []string{
"https://opensource.org/licenses/WXwindows",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"nasa-1.3": {
Reference: "https://spdx.org/licenses/NASA-1.3.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/NASA-1.3.json",
ReferenceNumber: 432,
Name: "NASA Open Source Agreement 1.3",
LicenseID: "NASA-1.3",
SeeAlso: []string{
"http://ti.arc.nasa.gov/opensource/nosa/",
"https://opensource.org/licenses/NASA-1.3",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"mackerras-3-clause-acknowledgment": {
Reference: "https://spdx.org/licenses/Mackerras-3-Clause-acknowledgment.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Mackerras-3-Clause-acknowledgment.json",
ReferenceNumber: 433,
Name: "Mackerras 3-Clause - acknowledgment variant",
LicenseID: "Mackerras-3-Clause-acknowledgment",
SeeAlso: []string{
"https://github.com/ppp-project/ppp/blob/master/pppd/auth.c#L6-L28",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bsd-4.3reno": {
Reference: "https://spdx.org/licenses/BSD-4.3RENO.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-4.3RENO.json",
ReferenceNumber: 434,
Name: "BSD 4.3 RENO License",
LicenseID: "BSD-4.3RENO",
SeeAlso: []string{
"https://sourceware.org/git/?p=binutils-gdb.git;a=blob;f=libiberty/strcasecmp.c;h=131d81c2ce7881fa48c363dc5bf5fb302c61ce0b;hb=HEAD",
"https://git.openldap.org/openldap/openldap/-/blob/master/COPYRIGHT#L55-63",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"pixar": {
Reference: "https://spdx.org/licenses/Pixar.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Pixar.json",
ReferenceNumber: 435,
Name: "Pixar License",
LicenseID: "Pixar",
SeeAlso: []string{
"https://github.com/PixarAnimationStudios/OpenSubdiv/raw/v3_5_0/LICENSE.txt",
"https://graphics.pixar.com/opensubdiv/docs/license.html",
"https://github.com/PixarAnimationStudios/OpenSubdiv/blob/v3_5_0/opensubdiv/version.cpp#L2-L22",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-3.0-nl": {
Reference: "https://spdx.org/licenses/CC-BY-3.0-NL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-3.0-NL.json",
ReferenceNumber: 436,
Name: "Creative Commons Attribution 3.0 Netherlands",
LicenseID: "CC-BY-3.0-NL",
SeeAlso: []string{
"https://creativecommons.org/licenses/by/3.0/nl/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"amd-newlib": {
Reference: "https://spdx.org/licenses/AMD-newlib.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/AMD-newlib.json",
ReferenceNumber: 437,
Name: "AMD newlib License",
LicenseID: "AMD-newlib",
SeeAlso: []string{
"https://sourceware.org/git/?p=newlib-cygwin.git;a=blob;f=newlib/libc/sys/a29khif/_close.S;h=04f52ae00de1dafbd9055ad8d73c5c697a3aae7f;hb=HEAD",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"mit-click": {
Reference: "https://spdx.org/licenses/MIT-Click.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MIT-Click.json",
ReferenceNumber: 438,
Name: "MIT Click License",
LicenseID: "MIT-Click",
SeeAlso: []string{
"https://github.com/kohler/t1utils/blob/master/LICENSE",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"aml-glslang": {
Reference: "https://spdx.org/licenses/AML-glslang.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/AML-glslang.json",
ReferenceNumber: 439,
Name: "AML glslang variant License",
LicenseID: "AML-glslang",
SeeAlso: []string{
"https://github.com/KhronosGroup/glslang/blob/main/LICENSE.txt#L949",
"https://docs.omniverse.nvidia.com/install-guide/latest/common/licenses.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"mit-advertising": {
Reference: "https://spdx.org/licenses/MIT-advertising.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MIT-advertising.json",
ReferenceNumber: 440,
Name: "Enlightenment License (e16)",
LicenseID: "MIT-advertising",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/MIT_With_Advertising",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-2.0": {
Reference: "https://spdx.org/licenses/CC-BY-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-2.0.json",
ReferenceNumber: 441,
Name: "Creative Commons Attribution 2.0 Generic",
LicenseID: "CC-BY-2.0",
SeeAlso: []string{
"https://creativecommons.org/licenses/by/2.0/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-nc-nd-1.0": {
Reference: "https://spdx.org/licenses/CC-BY-NC-ND-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-NC-ND-1.0.json",
ReferenceNumber: 442,
Name: "Creative Commons Attribution Non Commercial No Derivatives 1.0 Generic",
LicenseID: "CC-BY-NC-ND-1.0",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nd-nc/1.0/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"oldap-2.5": {
Reference: "https://spdx.org/licenses/OLDAP-2.5.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OLDAP-2.5.json",
ReferenceNumber: 443,
Name: "Open LDAP Public License v2.5",
LicenseID: "OLDAP-2.5",
SeeAlso: []string{
"http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=6852b9d90022e8593c98205413380536b1b5a7cf",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"zend-2.0": {
Reference: "https://spdx.org/licenses/Zend-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Zend-2.0.json",
ReferenceNumber: 444,
Name: "Zend License v2.0",
LicenseID: "Zend-2.0",
SeeAlso: []string{
"https://web.archive.org/web/20130517195954/http://www.zend.com/license/2_00.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"hpnd-fenneberg-livingston": {
Reference: "https://spdx.org/licenses/HPND-Fenneberg-Livingston.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HPND-Fenneberg-Livingston.json",
ReferenceNumber: 445,
Name: "Historical Permission Notice and Disclaimer - Fenneberg-Livingston variant",
LicenseID: "HPND-Fenneberg-Livingston",
SeeAlso: []string{
"https://github.com/FreeRADIUS/freeradius-client/blob/master/COPYRIGHT#L32",
"https://github.com/radcli/radcli/blob/master/COPYRIGHT#L34",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"drl-1.0": {
Reference: "https://spdx.org/licenses/DRL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/DRL-1.0.json",
ReferenceNumber: 446,
Name: "Detection Rule License 1.0",
LicenseID: "DRL-1.0",
SeeAlso: []string{
"https://github.com/Neo23x0/sigma/blob/master/LICENSE.Detection.Rules.md",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"nist-software": {
Reference: "https://spdx.org/licenses/NIST-Software.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/NIST-Software.json",
ReferenceNumber: 447,
Name: "NIST Software License",
LicenseID: "NIST-Software",
SeeAlso: []string{
"https://github.com/open-quantum-safe/liboqs/blob/40b01fdbb270f8614fde30e65d30e9da18c02393/src/common/rand/rand_nist.c#L1-L15",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"lgpl-2.1+": {
Reference: "https://spdx.org/licenses/LGPL-2.1+.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/LGPL-2.1+.json",
ReferenceNumber: 448,
Name: "GNU Lesser General Public License v2.1 or later",
LicenseID: "LGPL-2.1+",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html",
"https://opensource.org/licenses/LGPL-2.1",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"crystalstacker": {
Reference: "https://spdx.org/licenses/CrystalStacker.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CrystalStacker.json",
ReferenceNumber: 449,
Name: "CrystalStacker License",
LicenseID: "CrystalStacker",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing:CrystalStacker?rd=Licensing/CrystalStacker",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bsd-source-code": {
Reference: "https://spdx.org/licenses/BSD-Source-Code.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-Source-Code.json",
ReferenceNumber: 450,
Name: "BSD Source Code Attribution",
LicenseID: "BSD-Source-Code",
SeeAlso: []string{
"https://github.com/robbiehanson/CocoaHTTPServer/blob/master/LICENSE.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"spencer-94": {
Reference: "https://spdx.org/licenses/Spencer-94.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Spencer-94.json",
ReferenceNumber: 451,
Name: "Spencer License 94",
LicenseID: "Spencer-94",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Henry_Spencer_Reg-Ex_Library_License",
"https://metacpan.org/release/KNOK/File-MMagic-1.30/source/COPYING#L28",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"simpl-2.0": {
Reference: "https://spdx.org/licenses/SimPL-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SimPL-2.0.json",
ReferenceNumber: 452,
Name: "Simple Public License 2.0",
LicenseID: "SimPL-2.0",
SeeAlso: []string{
"https://opensource.org/licenses/SimPL-2.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"osl-1.1": {
Reference: "https://spdx.org/licenses/OSL-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OSL-1.1.json",
ReferenceNumber: 453,
Name: "Open Software License 1.1",
LicenseID: "OSL-1.1",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/OSL1.1",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cdla-permissive-1.0": {
Reference: "https://spdx.org/licenses/CDLA-Permissive-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CDLA-Permissive-1.0.json",
ReferenceNumber: 454,
Name: "Community Data License Agreement Permissive 1.0",
LicenseID: "CDLA-Permissive-1.0",
SeeAlso: []string{
"https://cdla.io/permissive-1-0",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"metamail": {
Reference: "https://spdx.org/licenses/metamail.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/metamail.json",
ReferenceNumber: 455,
Name: "metamail License",
LicenseID: "metamail",
SeeAlso: []string{
"https://github.com/Dual-Life/mime-base64/blob/master/Base64.xs#L12",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gfdl-1.1-only": {
Reference: "https://spdx.org/licenses/GFDL-1.1-only.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/GFDL-1.1-only.json",
ReferenceNumber: 456,
Name: "GNU Free Documentation License v1.1 only",
LicenseID: "GFDL-1.1-only",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-nd-3.0": {
Reference: "https://spdx.org/licenses/CC-BY-ND-3.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-ND-3.0.json",
ReferenceNumber: 457,
Name: "Creative Commons Attribution No Derivatives 3.0 Unported",
LicenseID: "CC-BY-ND-3.0",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nd/3.0/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-3.0-de": {
Reference: "https://spdx.org/licenses/CC-BY-3.0-DE.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-3.0-DE.json",
ReferenceNumber: 458,
Name: "Creative Commons Attribution 3.0 Germany",
LicenseID: "CC-BY-3.0-DE",
SeeAlso: []string{
"https://creativecommons.org/licenses/by/3.0/de/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"hpnd-export-us": {
Reference: "https://spdx.org/licenses/HPND-export-US.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HPND-export-US.json",
ReferenceNumber: 459,
Name: "HPND with US Government export control warning",
LicenseID: "HPND-export-US",
SeeAlso: []string{
"https://www.kermitproject.org/ck90.html#source",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"nbpl-1.0": {
Reference: "https://spdx.org/licenses/NBPL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/NBPL-1.0.json",
ReferenceNumber: 460,
Name: "Net Boolean Public License v1",
LicenseID: "NBPL-1.0",
SeeAlso: []string{
"http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=37b4b3f6cc4bf34e1d3dec61e69914b9819d8894",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gpl-2.0-only": {
Reference: "https://spdx.org/licenses/GPL-2.0-only.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/GPL-2.0-only.json",
ReferenceNumber: 461,
Name: "GNU General Public License v2.0 only",
LicenseID: "GPL-2.0-only",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html",
"https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt",
"https://opensource.org/licenses/GPL-2.0",
"https://github.com/openjdk/jdk/blob/6162e2c5213c5dd7c1127fd9616b543efa898962/LICENSE",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Strong Copyleft (High Risk)"),
},
"naist-2003": {
Reference: "https://spdx.org/licenses/NAIST-2003.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/NAIST-2003.json",
ReferenceNumber: 462,
Name: "Nara Institute of Science and Technology License (2003)",
LicenseID: "NAIST-2003",
SeeAlso: []string{
"https://enterprise.dejacode.com/licenses/public/naist-2003/#license-text",
"https://github.com/nodejs/node/blob/4a19cc8947b1bba2b2d27816ec3d0edf9b28e503/LICENSE#L343",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ssh-openssh": {
Reference: "https://spdx.org/licenses/SSH-OpenSSH.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SSH-OpenSSH.json",
ReferenceNumber: 463,
Name: "SSH OpenSSH license",
LicenseID: "SSH-OpenSSH",
SeeAlso: []string{
"https://github.com/openssh/openssh-portable/blob/1b11ea7c58cd5c59838b5fa574cd456d6047b2d4/LICENCE#L10",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"nokia": {
Reference: "https://spdx.org/licenses/Nokia.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Nokia.json",
ReferenceNumber: 464,
Name: "Nokia Open Source License",
LicenseID: "Nokia",
SeeAlso: []string{
"https://opensource.org/licenses/nokia",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"gtkbook": {
Reference: "https://spdx.org/licenses/gtkbook.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/gtkbook.json",
ReferenceNumber: 465,
Name: "gtkbook License",
LicenseID: "gtkbook",
SeeAlso: []string{
"https://github.com/slogan621/gtkbook",
"https://github.com/oetiker/rrdtool-1.x/blob/master/src/plbasename.c#L8-L11",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"boehm-gc-without-fee": {
Reference: "https://spdx.org/licenses/Boehm-GC-without-fee.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Boehm-GC-without-fee.json",
ReferenceNumber: 466,
Name: "Boehm-Demers-Weiser GC License (without fee)",
LicenseID: "Boehm-GC-without-fee",
SeeAlso: []string{
"https://github.com/MariaDB/server/blob/11.6/libmysqld/lib_sql.cc",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gpl-3.0-or-later": {
Reference: "https://spdx.org/licenses/GPL-3.0-or-later.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/GPL-3.0-or-later.json",
ReferenceNumber: 467,
Name: "GNU General Public License v3.0 or later",
LicenseID: "GPL-3.0-or-later",
SeeAlso: []string{
"https://www.gnu.org/licenses/gpl-3.0-standalone.html",
"https://opensource.org/licenses/GPL-3.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Strong Copyleft (High Risk)"),
},
"cecill-1.0": {
Reference: "https://spdx.org/licenses/CECILL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CECILL-1.0.json",
ReferenceNumber: 468,
Name: "CeCILL Free Software License Agreement v1.0",
LicenseID: "CECILL-1.0",
SeeAlso: []string{
"http://www.cecill.info/licences/Licence_CeCILL_V1-fr.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"agpl-3.0-or-later": {
Reference: "https://spdx.org/licenses/AGPL-3.0-or-later.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/AGPL-3.0-or-later.json",
ReferenceNumber: 469,
Name: "GNU Affero General Public License v3.0 or later",
LicenseID: "AGPL-3.0-or-later",
SeeAlso: []string{
"https://www.gnu.org/licenses/agpl.txt",
"https://opensource.org/licenses/AGPL-3.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Strong Copyleft (High Risk)"),
},
"xnet": {
Reference: "https://spdx.org/licenses/Xnet.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Xnet.json",
ReferenceNumber: 470,
Name: "X.Net License",
LicenseID: "Xnet",
SeeAlso: []string{
"https://opensource.org/licenses/Xnet",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"nosl": {
Reference: "https://spdx.org/licenses/NOSL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/NOSL.json",
ReferenceNumber: 471,
Name: "Netizen Open Source License",
LicenseID: "NOSL",
SeeAlso: []string{
"http://bits.netizen.com.au/licenses/NOSL/nosl.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"imagemagick": {
Reference: "https://spdx.org/licenses/ImageMagick.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/ImageMagick.json",
ReferenceNumber: 472,
Name: "ImageMagick License",
LicenseID: "ImageMagick",
SeeAlso: []string{
"http://www.imagemagick.org/script/license.php",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"mitnfa": {
Reference: "https://spdx.org/licenses/MITNFA.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MITNFA.json",
ReferenceNumber: 473,
Name: "MIT +no-false-attribs license",
LicenseID: "MITNFA",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/MITNFA",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"apafml": {
Reference: "https://spdx.org/licenses/APAFML.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/APAFML.json",
ReferenceNumber: 474,
Name: "Adobe Postscript AFM License",
LicenseID: "APAFML",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/AdobePostscriptAFM",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"jam": {
Reference: "https://spdx.org/licenses/Jam.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Jam.json",
ReferenceNumber: 475,
Name: "Jam License",
LicenseID: "Jam",
SeeAlso: []string{
"https://www.boost.org/doc/libs/1_35_0/doc/html/jam.html",
"https://web.archive.org/web/20160330173339/https://swarm.workshop.perforce.com/files/guest/perforce_software/jam/src/README",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"fbm": {
Reference: "https://spdx.org/licenses/FBM.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/FBM.json",
ReferenceNumber: 476,
Name: "Fuzzy Bitmap License",
LicenseID: "FBM",
SeeAlso: []string{
"https://github.com/SWI-Prolog/packages-xpce/blob/161a40cd82004f731ba48024f9d30af388a7edf5/src/img/gifwrite.c#L21-L26",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bsd-2-clause-darwin": {
Reference: "https://spdx.org/licenses/BSD-2-Clause-Darwin.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-2-Clause-Darwin.json",
ReferenceNumber: 477,
Name: "BSD 2-Clause - Ian Darwin variant",
LicenseID: "BSD-2-Clause-Darwin",
SeeAlso: []string{
"https://github.com/file/file/blob/master/COPYING",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"htmltidy": {
Reference: "https://spdx.org/licenses/HTMLTIDY.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HTMLTIDY.json",
ReferenceNumber: 478,
Name: "HTML Tidy License",
LicenseID: "HTMLTIDY",
SeeAlso: []string{
"https://github.com/htacg/tidy-html5/blob/next/README/LICENSE.md",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"w3c": {
Reference: "https://spdx.org/licenses/W3C.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/W3C.json",
ReferenceNumber: 479,
Name: "W3C Software Notice and License (2002-12-31)",
LicenseID: "W3C",
SeeAlso: []string{
"http://www.w3.org/Consortium/Legal/2002/copyright-software-20021231.html",
"https://opensource.org/licenses/W3C",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"afl-1.2": {
Reference: "https://spdx.org/licenses/AFL-1.2.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/AFL-1.2.json",
ReferenceNumber: 480,
Name: "Academic Free License v1.2",
LicenseID: "AFL-1.2",
SeeAlso: []string{
"http://opensource.linux-mirror.org/licenses/afl-1.2.txt",
"http://wayback.archive.org/web/20021204204652/http://www.opensource.org/licenses/academic.php",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"ypl-1.1": {
Reference: "https://spdx.org/licenses/YPL-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/YPL-1.1.json",
ReferenceNumber: 481,
Name: "Yahoo! Public License v1.1",
LicenseID: "YPL-1.1",
SeeAlso: []string{
"http://www.zimbra.com/license/yahoo_public_license_1.1.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"imatix": {
Reference: "https://spdx.org/licenses/iMatix.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/iMatix.json",
ReferenceNumber: 482,
Name: "iMatix Standard Function Library Agreement",
LicenseID: "iMatix",
SeeAlso: []string{
"http://legacy.imatix.com/html/sfl/sfl4.htm#license",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"caldera": {
Reference: "https://spdx.org/licenses/Caldera.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Caldera.json",
ReferenceNumber: 483,
Name: "Caldera License",
LicenseID: "Caldera",
SeeAlso: []string{
"http://www.lemis.com/grog/UNIX/ancient-source-all.pdf",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"scea": {
Reference: "https://spdx.org/licenses/SCEA.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SCEA.json",
ReferenceNumber: 484,
Name: "SCEA Shared Source License",
LicenseID: "SCEA",
SeeAlso: []string{
"http://research.scea.com/scea_shared_source_license.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"o-uda-1.0": {
Reference: "https://spdx.org/licenses/O-UDA-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/O-UDA-1.0.json",
ReferenceNumber: 485,
Name: "Open Use of Data Agreement v1.0",
LicenseID: "O-UDA-1.0",
SeeAlso: []string{
"https://github.com/microsoft/Open-Use-of-Data-Agreement/blob/v1.0/O-UDA-1.0.md",
"https://cdla.dev/open-use-of-data-agreement-v1-0/",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"lppl-1.2": {
Reference: "https://spdx.org/licenses/LPPL-1.2.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/LPPL-1.2.json",
ReferenceNumber: 486,
Name: "LaTeX Project Public License v1.2",
LicenseID: "LPPL-1.2",
SeeAlso: []string{
"http://www.latex-project.org/lppl/lppl-1-2.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"hpnd-export-us-acknowledgement": {
Reference: "https://spdx.org/licenses/HPND-export-US-acknowledgement.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HPND-export-US-acknowledgement.json",
ReferenceNumber: 487,
Name: "HPND with US Government export control warning and acknowledgment",
LicenseID: "HPND-export-US-acknowledgement",
SeeAlso: []string{
"https://github.com/krb5/krb5/blob/krb5-1.21.2-final/NOTICE#L831-L852",
"https://web.mit.edu/kerberos/krb5-1.21/doc/mitK5license.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gfdl-1.2-or-later": {
Reference: "https://spdx.org/licenses/GFDL-1.2-or-later.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/GFDL-1.2-or-later.json",
ReferenceNumber: 488,
Name: "GNU Free Documentation License v1.2 or later",
LicenseID: "GFDL-1.2-or-later",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"mcphee-slideshow": {
Reference: "https://spdx.org/licenses/McPhee-slideshow.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/McPhee-slideshow.json",
ReferenceNumber: 489,
Name: "McPhee Slideshow License",
LicenseID: "McPhee-slideshow",
SeeAlso: []string{
"https://mirror.las.iastate.edu/tex-archive/graphics/metapost/contrib/macros/slideshow/slideshow.mp",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ruby": {
Reference: "https://spdx.org/licenses/Ruby.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Ruby.json",
ReferenceNumber: 490,
Name: "Ruby License",
LicenseID: "Ruby",
SeeAlso: []string{
"https://www.ruby-lang.org/en/about/license.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"kastrup": {
Reference: "https://spdx.org/licenses/Kastrup.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Kastrup.json",
ReferenceNumber: 491,
Name: "Kastrup License",
LicenseID: "Kastrup",
SeeAlso: []string{
"https://ctan.math.utah.edu/ctan/tex-archive/macros/generic/kastrup/binhex.dtx",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"adobe-glyph": {
Reference: "https://spdx.org/licenses/Adobe-Glyph.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Adobe-Glyph.json",
ReferenceNumber: 492,
Name: "Adobe Glyph List License",
LicenseID: "Adobe-Glyph",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/MIT#AdobeGlyph",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-sa-3.0-at": {
Reference: "https://spdx.org/licenses/CC-BY-SA-3.0-AT.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-SA-3.0-AT.json",
ReferenceNumber: 493,
Name: "Creative Commons Attribution Share Alike 3.0 Austria",
LicenseID: "CC-BY-SA-3.0-AT",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-sa/3.0/at/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"docbook-stylesheet": {
Reference: "https://spdx.org/licenses/DocBook-Stylesheet.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/DocBook-Stylesheet.json",
ReferenceNumber: 494,
Name: "DocBook Stylesheet License",
LicenseID: "DocBook-Stylesheet",
SeeAlso: []string{
"http://www.docbook.org/xml/5.0/docbook-5.0.zip",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"aladdin": {
Reference: "https://spdx.org/licenses/Aladdin.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Aladdin.json",
ReferenceNumber: 495,
Name: "Aladdin Free Public License",
LicenseID: "Aladdin",
SeeAlso: []string{
"http://pages.cs.wisc.edu/~ghost/doc/AFPL/6.01/Public.htm",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"mit-testregex": {
Reference: "https://spdx.org/licenses/MIT-testregex.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MIT-testregex.json",
ReferenceNumber: 496,
Name: "MIT testregex Variant",
LicenseID: "MIT-testregex",
SeeAlso: []string{
"https://github.com/dotnet/runtime/blob/55e1ac7c07df62c4108d4acedf78f77574470ce5/src/libraries/System.Text.RegularExpressions/tests/FunctionalTests/AttRegexTests.cs#L12-L28",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bsd-3-clause-modification": {
Reference: "https://spdx.org/licenses/BSD-3-Clause-Modification.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-3-Clause-Modification.json",
ReferenceNumber: 497,
Name: "BSD 3-Clause Modification",
LicenseID: "BSD-3-Clause-Modification",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing:BSD#Modification_Variant",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bsd-3-clause-no-military-license": {
Reference: "https://spdx.org/licenses/BSD-3-Clause-No-Military-License.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-3-Clause-No-Military-License.json",
ReferenceNumber: 498,
Name: "BSD 3-Clause No Military License",
LicenseID: "BSD-3-Clause-No-Military-License",
SeeAlso: []string{
"https://gitlab.syncad.com/hive/dhive/-/blob/master/LICENSE",
"https://github.com/greymass/swift-eosio/blob/master/LICENSE",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"adobe-display-postscript": {
Reference: "https://spdx.org/licenses/Adobe-Display-PostScript.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Adobe-Display-PostScript.json",
ReferenceNumber: 499,
Name: "Adobe Display PostScript License",
LicenseID: "Adobe-Display-PostScript",
SeeAlso: []string{
"https://gitlab.freedesktop.org/xorg/xserver/-/blob/master/COPYING?ref_type=heads#L752",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"psutils": {
Reference: "https://spdx.org/licenses/psutils.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/psutils.json",
ReferenceNumber: 500,
Name: "psutils License",
LicenseID: "psutils",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/psutils",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"standardml-nj": {
Reference: "https://spdx.org/licenses/StandardML-NJ.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/StandardML-NJ.json",
ReferenceNumber: 501,
Name: "Standard ML of New Jersey License",
LicenseID: "StandardML-NJ",
SeeAlso: []string{
"https://www.smlnj.org/license.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"lgpl-3.0-or-later": {
Reference: "https://spdx.org/licenses/LGPL-3.0-or-later.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/LGPL-3.0-or-later.json",
ReferenceNumber: 502,
Name: "GNU Lesser General Public License v3.0 or later",
LicenseID: "LGPL-3.0-or-later",
SeeAlso: []string{
"https://www.gnu.org/licenses/lgpl-3.0-standalone.html",
"https://www.gnu.org/licenses/lgpl+gpl-3.0.txt",
"https://opensource.org/licenses/LGPL-3.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Weak Copyleft (Medium Risk)"),
},
"gpl-3.0": {
Reference: "https://spdx.org/licenses/GPL-3.0.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/GPL-3.0.json",
ReferenceNumber: 503,
Name: "GNU General Public License v3.0 only",
LicenseID: "GPL-3.0",
SeeAlso: []string{
"https://www.gnu.org/licenses/gpl-3.0-standalone.html",
"https://opensource.org/licenses/GPL-3.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Strong Copyleft (High Risk)"),
},
"lzma-sdk-9.22": {
Reference: "https://spdx.org/licenses/LZMA-SDK-9.22.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/LZMA-SDK-9.22.json",
ReferenceNumber: 504,
Name: "LZMA SDK License (versions 9.22 and beyond)",
LicenseID: "LZMA-SDK-9.22",
SeeAlso: []string{
"https://www.7-zip.org/sdk.html",
"https://sourceforge.net/projects/sevenzip/files/LZMA%20SDK/",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bahyph": {
Reference: "https://spdx.org/licenses/Bahyph.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Bahyph.json",
ReferenceNumber: 505,
Name: "Bahyph License",
LicenseID: "Bahyph",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Bahyph",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bsd-attribution-hpnd-disclaimer": {
Reference: "https://spdx.org/licenses/BSD-Attribution-HPND-disclaimer.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-Attribution-HPND-disclaimer.json",
ReferenceNumber: 506,
Name: "BSD with Attribution and HPND disclaimer",
LicenseID: "BSD-Attribution-HPND-disclaimer",
SeeAlso: []string{
"https://github.com/cyrusimap/cyrus-sasl/blob/master/COPYING",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"motosoto": {
Reference: "https://spdx.org/licenses/Motosoto.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Motosoto.json",
ReferenceNumber: 507,
Name: "Motosoto License",
LicenseID: "Motosoto",
SeeAlso: []string{
"https://opensource.org/licenses/Motosoto",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"mit-khronos-old": {
Reference: "https://spdx.org/licenses/MIT-Khronos-old.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MIT-Khronos-old.json",
ReferenceNumber: 508,
Name: "MIT Khronos - old variant",
LicenseID: "MIT-Khronos-old",
SeeAlso: []string{
"https://github.com/KhronosGroup/SPIRV-Cross/blob/main/LICENSES/LicenseRef-KhronosFreeUse.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ruby-pty": {
Reference: "https://spdx.org/licenses/Ruby-pty.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Ruby-pty.json",
ReferenceNumber: 509,
Name: "Ruby pty extension license",
LicenseID: "Ruby-pty",
SeeAlso: []string{
"https://github.com/ruby/ruby/blob/9f6deaa6888a423720b4b127b5314f0ad26cc2e6/ext/pty/pty.c#L775-L786",
"https://github.com/ruby/ruby/commit/0a64817fb80016030c03518fb9459f63c11605ea#diff-ef5fa30838d6d0cecad9e675cc50b24628cfe2cb277c346053fafcc36c91c204",
"https://github.com/ruby/ruby/commit/0a64817fb80016030c03518fb9459f63c11605ea#diff-fedf217c1ce44bda01f0a678d3ff8b198bed478754d699c527a698ad933979a0",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-nc-sa-1.0": {
Reference: "https://spdx.org/licenses/CC-BY-NC-SA-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-NC-SA-1.0.json",
ReferenceNumber: 510,
Name: "Creative Commons Attribution Non Commercial Share Alike 1.0 Generic",
LicenseID: "CC-BY-NC-SA-1.0",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nc-sa/1.0/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"artistic-dist": {
Reference: "https://spdx.org/licenses/Artistic-dist.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Artistic-dist.json",
ReferenceNumber: 511,
Name: "Artistic License 1.0 (dist)",
LicenseID: "Artistic-dist",
SeeAlso: []string{
"https://github.com/pexip/os-perl/blob/833cf4c86cc465ccfc627ff16db67e783156a248/debian/copyright#L2720-L2845",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ijg": {
Reference: "https://spdx.org/licenses/IJG.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/IJG.json",
ReferenceNumber: 512,
Name: "Independent JPEG Group License",
LicenseID: "IJG",
SeeAlso: []string{
"http://dev.w3.org/cvsweb/Amaya/libjpeg/Attic/README?rev=1.2",
},
IsOsiApproved: false,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"linux-openib": {
Reference: "https://spdx.org/licenses/Linux-OpenIB.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Linux-OpenIB.json",
ReferenceNumber: 513,
Name: "Linux Kernel Variant of OpenIB.org license",
LicenseID: "Linux-OpenIB",
SeeAlso: []string{
"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/infiniband/core/sa.h",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ulem": {
Reference: "https://spdx.org/licenses/ulem.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/ulem.json",
ReferenceNumber: 514,
Name: "ulem License",
LicenseID: "ulem",
SeeAlso: []string{
"https://mirrors.ctan.org/macros/latex/contrib/ulem/README",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"mit": {
Reference: "https://spdx.org/licenses/MIT.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MIT.json",
ReferenceNumber: 515,
Name: "MIT License",
LicenseID: "MIT",
SeeAlso: []string{
"https://opensource.org/license/mit/",
"http://opensource.org/licenses/MIT",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"gfdl-1.3-no-invariants-only": {
Reference: "https://spdx.org/licenses/GFDL-1.3-no-invariants-only.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/GFDL-1.3-no-invariants-only.json",
ReferenceNumber: 516,
Name: "GNU Free Documentation License v1.3 only - no invariants",
LicenseID: "GFDL-1.3-no-invariants-only",
SeeAlso: []string{
"https://www.gnu.org/licenses/fdl-1.3.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"symlinks": {
Reference: "https://spdx.org/licenses/Symlinks.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Symlinks.json",
ReferenceNumber: 517,
Name: "Symlinks License",
LicenseID: "Symlinks",
SeeAlso: []string{
"https://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg11494.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"npl-1.1": {
Reference: "https://spdx.org/licenses/NPL-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/NPL-1.1.json",
ReferenceNumber: 518,
Name: "Netscape Public License v1.1",
LicenseID: "NPL-1.1",
SeeAlso: []string{
"http://www.mozilla.org/MPL/NPL/1.1/",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"giftware": {
Reference: "https://spdx.org/licenses/Giftware.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Giftware.json",
ReferenceNumber: 519,
Name: "Giftware License",
LicenseID: "Giftware",
SeeAlso: []string{
"http://liballeg.org/license.html#allegro-4-the-giftware-license",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cdla-permissive-2.0": {
Reference: "https://spdx.org/licenses/CDLA-Permissive-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CDLA-Permissive-2.0.json",
ReferenceNumber: 520,
Name: "Community Data License Agreement Permissive 2.0",
LicenseID: "CDLA-Permissive-2.0",
SeeAlso: []string{
"https://cdla.dev/permissive-2-0",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"lal-1.3": {
Reference: "https://spdx.org/licenses/LAL-1.3.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/LAL-1.3.json",
ReferenceNumber: 521,
Name: "Licence Art Libre 1.3",
LicenseID: "LAL-1.3",
SeeAlso: []string{
"https://artlibre.org/",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"widget-workshop": {
Reference: "https://spdx.org/licenses/Widget-Workshop.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Widget-Workshop.json",
ReferenceNumber: 522,
Name: "Widget Workshop License",
LicenseID: "Widget-Workshop",
SeeAlso: []string{
"https://github.com/novnc/noVNC/blob/master/core/crypto/des.js#L24",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"latex2e-translated-notice": {
Reference: "https://spdx.org/licenses/Latex2e-translated-notice.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Latex2e-translated-notice.json",
ReferenceNumber: 523,
Name: "Latex2e with translated notice permission",
LicenseID: "Latex2e-translated-notice",
SeeAlso: []string{
"https://git.savannah.gnu.org/cgit/indent.git/tree/doc/indent.texi?id=a74c6b4ee49397cf330b333da1042bffa60ed14f#n74",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gutmann": {
Reference: "https://spdx.org/licenses/Gutmann.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Gutmann.json",
ReferenceNumber: 524,
Name: "Gutmann License",
LicenseID: "Gutmann",
SeeAlso: []string{
"https://www.cs.auckland.ac.nz/~pgut001/dumpasn1.c",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gpl-2.0-with-gcc-exception": {
Reference: "https://spdx.org/licenses/GPL-2.0-with-GCC-exception.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/GPL-2.0-with-GCC-exception.json",
ReferenceNumber: 525,
Name: "GNU General Public License v2.0 w/GCC Runtime Library exception",
LicenseID: "GPL-2.0-with-GCC-exception",
SeeAlso: []string{
"https://gcc.gnu.org/git/?p=gcc.git;a=blob;f=gcc/libgcc1.c;h=762f5143fc6eed57b6797c82710f3538aa52b40b;hb=cb143a3ce4fb417c68f5fa2691a1b1b1053dfba9#l10",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"coil-1.0": {
Reference: "https://spdx.org/licenses/COIL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/COIL-1.0.json",
ReferenceNumber: 526,
Name: "Copyfree Open Innovation License",
LicenseID: "COIL-1.0",
SeeAlso: []string{
"https://coil.apotheon.org/plaintext/01.0.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"watcom-1.0": {
Reference: "https://spdx.org/licenses/Watcom-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Watcom-1.0.json",
ReferenceNumber: 527,
Name: "Sybase Open Watcom Public License 1.0",
LicenseID: "Watcom-1.0",
SeeAlso: []string{
"https://opensource.org/licenses/Watcom-1.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"hpnd-kevlin-henney": {
Reference: "https://spdx.org/licenses/HPND-Kevlin-Henney.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HPND-Kevlin-Henney.json",
ReferenceNumber: 528,
Name: "Historical Permission Notice and Disclaimer - Kevlin Henney variant",
LicenseID: "HPND-Kevlin-Henney",
SeeAlso: []string{
"https://github.com/mruby/mruby/blob/83d12f8d52522cdb7c8cc46fad34821359f453e6/mrbgems/mruby-dir/src/Win/dirent.c#L127-L140",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"fwlw": {
Reference: "https://spdx.org/licenses/fwlw.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/fwlw.json",
ReferenceNumber: 529,
Name: "fwlw License",
LicenseID: "fwlw",
SeeAlso: []string{
"https://mirrors.nic.cz/tex-archive/macros/latex/contrib/fwlw/README",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"dl-de-by-2.0": {
Reference: "https://spdx.org/licenses/DL-DE-BY-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/DL-DE-BY-2.0.json",
ReferenceNumber: 530,
Name: "Data licence Germany – attribution – version 2.0",
LicenseID: "DL-DE-BY-2.0",
SeeAlso: []string{
"https://www.govdata.de/dl-de/by-2-0",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bsd-2-clause-netbsd": {
Reference: "https://spdx.org/licenses/BSD-2-Clause-NetBSD.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/BSD-2-Clause-NetBSD.json",
ReferenceNumber: 531,
Name: "BSD 2-Clause NetBSD License",
LicenseID: "BSD-2-Clause-NetBSD",
SeeAlso: []string{
"http://www.netbsd.org/about/redistribution.html#default",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"interbase-1.0": {
Reference: "https://spdx.org/licenses/Interbase-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Interbase-1.0.json",
ReferenceNumber: 532,
Name: "Interbase Public License v1.0",
LicenseID: "Interbase-1.0",
SeeAlso: []string{
"https://web.archive.org/web/20060319014854/http://info.borland.com/devsupport/interbase/opensource/IPL.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gfdl-1.1": {
Reference: "https://spdx.org/licenses/GFDL-1.1.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/GFDL-1.1.json",
ReferenceNumber: 533,
Name: "GNU Free Documentation License v1.1",
LicenseID: "GFDL-1.1",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ogtsl": {
Reference: "https://spdx.org/licenses/OGTSL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OGTSL.json",
ReferenceNumber: 534,
Name: "Open Group Test Suite License",
LicenseID: "OGTSL",
SeeAlso: []string{
"http://www.opengroup.org/testing/downloads/The_Open_Group_TSL.txt",
"https://opensource.org/licenses/OGTSL",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"bsd-inferno-nettverk": {
Reference: "https://spdx.org/licenses/BSD-Inferno-Nettverk.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-Inferno-Nettverk.json",
ReferenceNumber: 535,
Name: "BSD-Inferno-Nettverk",
LicenseID: "BSD-Inferno-Nettverk",
SeeAlso: []string{
"https://www.inet.no/dante/LICENSE",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bsd-2-clause-views": {
Reference: "https://spdx.org/licenses/BSD-2-Clause-Views.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-2-Clause-Views.json",
ReferenceNumber: 536,
Name: "BSD 2-Clause with views sentence",
LicenseID: "BSD-2-Clause-Views",
SeeAlso: []string{
"http://www.freebsd.org/copyright/freebsd-license.html",
"https://people.freebsd.org/~ivoras/wine/patch-wine-nvidia.sh",
"https://github.com/protegeproject/protege/blob/master/license.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"ssh-keyscan": {
Reference: "https://spdx.org/licenses/ssh-keyscan.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/ssh-keyscan.json",
ReferenceNumber: 537,
Name: "ssh-keyscan License",
LicenseID: "ssh-keyscan",
SeeAlso: []string{
"https://github.com/openssh/openssh-portable/blob/master/LICENCE#L82",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gfdl-1.1-invariants-or-later": {
Reference: "https://spdx.org/licenses/GFDL-1.1-invariants-or-later.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/GFDL-1.1-invariants-or-later.json",
ReferenceNumber: 538,
Name: "GNU Free Documentation License v1.1 or later - invariants",
LicenseID: "GFDL-1.1-invariants-or-later",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"mackerras-3-clause": {
Reference: "https://spdx.org/licenses/Mackerras-3-Clause.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Mackerras-3-Clause.json",
ReferenceNumber: 539,
Name: "Mackerras 3-Clause License",
LicenseID: "Mackerras-3-Clause",
SeeAlso: []string{
"https://github.com/ppp-project/ppp/blob/master/pppd/chap_ms.c#L6-L28",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"tpl-1.0": {
Reference: "https://spdx.org/licenses/TPL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/TPL-1.0.json",
ReferenceNumber: 540,
Name: "THOR Public License 1.0",
LicenseID: "TPL-1.0",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing:ThorPublicLicense",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"erlpl-1.1": {
Reference: "https://spdx.org/licenses/ErlPL-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/ErlPL-1.1.json",
ReferenceNumber: 541,
Name: "Erlang Public License v1.1",
LicenseID: "ErlPL-1.1",
SeeAlso: []string{
"http://www.erlang.org/EPLICENSE",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"lppl-1.1": {
Reference: "https://spdx.org/licenses/LPPL-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/LPPL-1.1.json",
ReferenceNumber: 542,
Name: "LaTeX Project Public License v1.1",
LicenseID: "LPPL-1.1",
SeeAlso: []string{
"http://www.latex-project.org/lppl/lppl-1-1.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bsd-2-clause-first-lines": {
Reference: "https://spdx.org/licenses/BSD-2-Clause-first-lines.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-2-Clause-first-lines.json",
ReferenceNumber: 543,
Name: "BSD 2-Clause - first lines requirement",
LicenseID: "BSD-2-Clause-first-lines",
SeeAlso: []string{
"https://github.com/krb5/krb5/blob/krb5-1.21.2-final/NOTICE#L664-L690",
"https://web.mit.edu/kerberos/krb5-1.21/doc/mitK5license.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ogl-canada-2.0": {
Reference: "https://spdx.org/licenses/OGL-Canada-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OGL-Canada-2.0.json",
ReferenceNumber: 544,
Name: "Open Government Licence - Canada",
LicenseID: "OGL-Canada-2.0",
SeeAlso: []string{
"https://open.canada.ca/en/open-government-licence-canada",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"d-fsl-1.0": {
Reference: "https://spdx.org/licenses/D-FSL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/D-FSL-1.0.json",
ReferenceNumber: 545,
Name: "Deutsche Freie Software Lizenz",
LicenseID: "D-FSL-1.0",
SeeAlso: []string{
"http://www.dipp.nrw.de/d-fsl/lizenzen/",
"http://www.dipp.nrw.de/d-fsl/index_html/lizenzen/de/D-FSL-1_0_de.txt",
"http://www.dipp.nrw.de/d-fsl/index_html/lizenzen/en/D-FSL-1_0_en.txt",
"https://www.hbz-nrw.de/produkte/open-access/lizenzen/dfsl",
"https://www.hbz-nrw.de/produkte/open-access/lizenzen/dfsl/deutsche-freie-software-lizenz",
"https://www.hbz-nrw.de/produkte/open-access/lizenzen/dfsl/german-free-software-license",
"https://www.hbz-nrw.de/produkte/open-access/lizenzen/dfsl/D-FSL-1_0_de.txt/at_download/file",
"https://www.hbz-nrw.de/produkte/open-access/lizenzen/dfsl/D-FSL-1_0_en.txt/at_download/file",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"smail-gpl": {
Reference: "https://spdx.org/licenses/SMAIL-GPL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SMAIL-GPL.json",
ReferenceNumber: 546,
Name: "SMAIL General Public License",
LicenseID: "SMAIL-GPL",
SeeAlso: []string{
"https://sources.debian.org/copyright/license/debianutils/4.11.2/",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-pdm-1.0": {
Reference: "https://spdx.org/licenses/CC-PDM-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-PDM-1.0.json",
ReferenceNumber: 547,
Name: "Creative Commons Public Domain Mark 1.0 Universal",
LicenseID: "CC-PDM-1.0",
SeeAlso: []string{
"https://creativecommons.org/publicdomain/mark/1.0/",
"https://creativecommons.org/share-your-work/cclicenses/",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cdla-sharing-1.0": {
Reference: "https://spdx.org/licenses/CDLA-Sharing-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CDLA-Sharing-1.0.json",
ReferenceNumber: 548,
Name: "Community Data License Agreement Sharing 1.0",
LicenseID: "CDLA-Sharing-1.0",
SeeAlso: []string{
"https://cdla.io/sharing-1-0",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gd": {
Reference: "https://spdx.org/licenses/GD.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/GD.json",
ReferenceNumber: 549,
Name: "GD License",
LicenseID: "GD",
SeeAlso: []string{
"https://libgd.github.io/manuals/2.3.0/files/license-txt.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gfdl-1.3-invariants-or-later": {
Reference: "https://spdx.org/licenses/GFDL-1.3-invariants-or-later.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/GFDL-1.3-invariants-or-later.json",
ReferenceNumber: 550,
Name: "GNU Free Documentation License v1.3 or later - invariants",
LicenseID: "GFDL-1.3-invariants-or-later",
SeeAlso: []string{
"https://www.gnu.org/licenses/fdl-1.3.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"zeeff": {
Reference: "https://spdx.org/licenses/Zeeff.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Zeeff.json",
ReferenceNumber: 551,
Name: "Zeeff License",
LicenseID: "Zeeff",
SeeAlso: []string{
"ftp://ftp.tin.org/pub/news/utils/newsx/newsx-1.6.tar.gz",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"imlib2": {
Reference: "https://spdx.org/licenses/Imlib2.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Imlib2.json",
ReferenceNumber: 552,
Name: "Imlib2 License",
LicenseID: "Imlib2",
SeeAlso: []string{
"http://trac.enlightenment.org/e/browser/trunk/imlib2/COPYING",
"https://git.enlightenment.org/legacy/imlib2.git/tree/COPYING",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-nc-2.0": {
Reference: "https://spdx.org/licenses/CC-BY-NC-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-NC-2.0.json",
ReferenceNumber: 553,
Name: "Creative Commons Attribution Non Commercial 2.0 Generic",
LicenseID: "CC-BY-NC-2.0",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nc/2.0/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"adobe-utopia": {
Reference: "https://spdx.org/licenses/Adobe-Utopia.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Adobe-Utopia.json",
ReferenceNumber: 554,
Name: "Adobe Utopia Font License",
LicenseID: "Adobe-Utopia",
SeeAlso: []string{
"https://gitlab.freedesktop.org/xorg/font/adobe-utopia-100dpi/-/blob/master/COPYING?ref_type=heads",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"zpl-2.0": {
Reference: "https://spdx.org/licenses/ZPL-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/ZPL-2.0.json",
ReferenceNumber: 555,
Name: "Zope Public License 2.0",
LicenseID: "ZPL-2.0",
SeeAlso: []string{
"http://old.zope.org/Resources/License/ZPL-2.0",
"https://opensource.org/licenses/ZPL-2.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"beerware": {
Reference: "https://spdx.org/licenses/Beerware.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Beerware.json",
ReferenceNumber: 556,
Name: "Beerware License",
LicenseID: "Beerware",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Beerware",
"https://people.freebsd.org/~phk/",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"sul-1.0": {
Reference: "https://spdx.org/licenses/SUL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SUL-1.0.json",
ReferenceNumber: 557,
Name: "Sustainable Use License v1.0",
LicenseID: "SUL-1.0",
SeeAlso: []string{
"https://github.com/n8n-io/n8n/blob/master/LICENSE.md",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"epl-1.0": {
Reference: "https://spdx.org/licenses/EPL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/EPL-1.0.json",
ReferenceNumber: 558,
Name: "Eclipse Public License 1.0",
LicenseID: "EPL-1.0",
SeeAlso: []string{
"http://www.eclipse.org/legal/epl-v10.html",
"https://opensource.org/licenses/EPL-1.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Weak Copyleft (Medium Risk)"),
},
"cc-by-1.0": {
Reference: "https://spdx.org/licenses/CC-BY-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-1.0.json",
ReferenceNumber: 559,
Name: "Creative Commons Attribution 1.0 Generic",
LicenseID: "CC-BY-1.0",
SeeAlso: []string{
"https://creativecommons.org/licenses/by/1.0/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-nc-4.0": {
Reference: "https://spdx.org/licenses/CC-BY-NC-4.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-NC-4.0.json",
ReferenceNumber: 560,
Name: "Creative Commons Attribution Non Commercial 4.0 International",
LicenseID: "CC-BY-NC-4.0",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nc/4.0/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"fsfap": {
Reference: "https://spdx.org/licenses/FSFAP.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/FSFAP.json",
ReferenceNumber: 561,
Name: "FSF All Permissive License",
LicenseID: "FSFAP",
SeeAlso: []string{
"https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"vsl-1.0": {
Reference: "https://spdx.org/licenses/VSL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/VSL-1.0.json",
ReferenceNumber: 562,
Name: "Vovida Software License v1.0",
LicenseID: "VSL-1.0",
SeeAlso: []string{
"https://opensource.org/licenses/VSL-1.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"lsof": {
Reference: "https://spdx.org/licenses/lsof.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/lsof.json",
ReferenceNumber: 563,
Name: "lsof License",
LicenseID: "lsof",
SeeAlso: []string{
"https://github.com/lsof-org/lsof/blob/master/COPYING",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"wsuipa": {
Reference: "https://spdx.org/licenses/Wsuipa.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Wsuipa.json",
ReferenceNumber: 564,
Name: "Wsuipa License",
LicenseID: "Wsuipa",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Wsuipa",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"unlicense-libwhirlpool": {
Reference: "https://spdx.org/licenses/Unlicense-libwhirlpool.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Unlicense-libwhirlpool.json",
ReferenceNumber: 565,
Name: "Unlicense - libwhirlpool variant",
LicenseID: "Unlicense-libwhirlpool",
SeeAlso: []string{
"https://github.com/dfateyev/libwhirlpool/blob/master/README#L27",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ntp-0": {
Reference: "https://spdx.org/licenses/NTP-0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/NTP-0.json",
ReferenceNumber: 566,
Name: "NTP No Attribution",
LicenseID: "NTP-0",
SeeAlso: []string{
"https://github.com/tytso/e2fsprogs/blob/master/lib/et/et_name.c",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bsd-3-clause": {
Reference: "https://spdx.org/licenses/BSD-3-Clause.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-3-Clause.json",
ReferenceNumber: 567,
Name: "BSD 3-Clause \"New\" or \"Revised\" License",
LicenseID: "BSD-3-Clause",
SeeAlso: []string{
"https://opensource.org/licenses/BSD-3-Clause",
"https://www.eclipse.org/org/documents/edl-v10.php",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"apsl-2.0": {
Reference: "https://spdx.org/licenses/APSL-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/APSL-2.0.json",
ReferenceNumber: 568,
Name: "Apple Public Source License 2.0",
LicenseID: "APSL-2.0",
SeeAlso: []string{
"http://www.opensource.apple.com/license/apsl/",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"cal-1.0-combined-work-exception": {
Reference: "https://spdx.org/licenses/CAL-1.0-Combined-Work-Exception.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CAL-1.0-Combined-Work-Exception.json",
ReferenceNumber: 569,
Name: "Cryptographic Autonomy License 1.0 (Combined Work Exception)",
LicenseID: "CAL-1.0-Combined-Work-Exception",
SeeAlso: []string{
"http://cryptographicautonomylicense.com/license-text.html",
"https://opensource.org/licenses/CAL-1.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"ogl-uk-3.0": {
Reference: "https://spdx.org/licenses/OGL-UK-3.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OGL-UK-3.0.json",
ReferenceNumber: 570,
Name: "Open Government Licence v3.0",
LicenseID: "OGL-UK-3.0",
SeeAlso: []string{
"http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-sa-3.0-igo": {
Reference: "https://spdx.org/licenses/CC-BY-SA-3.0-IGO.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-SA-3.0-IGO.json",
ReferenceNumber: 571,
Name: "Creative Commons Attribution-ShareAlike 3.0 IGO",
LicenseID: "CC-BY-SA-3.0-IGO",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-sa/3.0/igo/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"sgp4": {
Reference: "https://spdx.org/licenses/SGP4.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SGP4.json",
ReferenceNumber: 572,
Name: "SGP4 Permission Notice",
LicenseID: "SGP4",
SeeAlso: []string{
"https://celestrak.org/publications/AIAA/2006-6753/faq.php",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ssh-short": {
Reference: "https://spdx.org/licenses/SSH-short.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SSH-short.json",
ReferenceNumber: 573,
Name: "SSH short notice",
LicenseID: "SSH-short",
SeeAlso: []string{
"https://github.com/openssh/openssh-portable/blob/1b11ea7c58cd5c59838b5fa574cd456d6047b2d4/pathnames.h",
"http://web.mit.edu/kolya/.f/root/athena.mit.edu/sipb.mit.edu/project/openssh/OldFiles/src/openssh-2.9.9p2/ssh-add.1",
"https://joinup.ec.europa.eu/svn/lesoll/trunk/italc/lib/src/dsa_key.cpp",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"oldap-2.7": {
Reference: "https://spdx.org/licenses/OLDAP-2.7.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OLDAP-2.7.json",
ReferenceNumber: 574,
Name: "Open LDAP Public License v2.7",
LicenseID: "OLDAP-2.7",
SeeAlso: []string{
"http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=47c2415c1df81556eeb39be6cad458ef87c534a2",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"vostrom": {
Reference: "https://spdx.org/licenses/VOSTROM.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/VOSTROM.json",
ReferenceNumber: 575,
Name: "VOSTROM Public License for Open Source",
LicenseID: "VOSTROM",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/VOSTROM",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-3.0": {
Reference: "https://spdx.org/licenses/CC-BY-3.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-3.0.json",
ReferenceNumber: 576,
Name: "Creative Commons Attribution 3.0 Unported",
LicenseID: "CC-BY-3.0",
SeeAlso: []string{
"https://creativecommons.org/licenses/by/3.0/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-nc-nd-3.0-igo": {
Reference: "https://spdx.org/licenses/CC-BY-NC-ND-3.0-IGO.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-NC-ND-3.0-IGO.json",
ReferenceNumber: 577,
Name: "Creative Commons Attribution Non Commercial No Derivatives 3.0 IGO",
LicenseID: "CC-BY-NC-ND-3.0-IGO",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nc-nd/3.0/igo/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"dtoa": {
Reference: "https://spdx.org/licenses/dtoa.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/dtoa.json",
ReferenceNumber: 578,
Name: "David M. Gay dtoa License",
LicenseID: "dtoa",
SeeAlso: []string{
"https://github.com/SWI-Prolog/swipl-devel/blob/master/src/os/dtoa.c",
"https://sourceware.org/git/?p=newlib-cygwin.git;a=blob;f=newlib/libc/stdlib/mprec.h;hb=HEAD",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"smppl": {
Reference: "https://spdx.org/licenses/SMPPL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SMPPL.json",
ReferenceNumber: 579,
Name: "Secure Messaging Protocol Public License",
LicenseID: "SMPPL",
SeeAlso: []string{
"https://github.com/dcblake/SMP/blob/master/Documentation/License.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"mit-enna": {
Reference: "https://spdx.org/licenses/MIT-enna.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MIT-enna.json",
ReferenceNumber: 580,
Name: "enna License",
LicenseID: "MIT-enna",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/MIT#enna",
},
IsOsiApproved: false,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"catharon": {
Reference: "https://spdx.org/licenses/Catharon.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Catharon.json",
ReferenceNumber: 581,
Name: "Catharon License",
LicenseID: "Catharon",
SeeAlso: []string{
"https://github.com/scummvm/scummvm/blob/v2.8.0/LICENSES/CatharonLicense.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"shl-0.51": {
Reference: "https://spdx.org/licenses/SHL-0.51.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SHL-0.51.json",
ReferenceNumber: 582,
Name: "Solderpad Hardware License, Version 0.51",
LicenseID: "SHL-0.51",
SeeAlso: []string{
"https://solderpad.org/licenses/SHL-0.51/",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"copyleft-next-0.3.1": {
Reference: "https://spdx.org/licenses/copyleft-next-0.3.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/copyleft-next-0.3.1.json",
ReferenceNumber: 583,
Name: "copyleft-next 0.3.1",
LicenseID: "copyleft-next-0.3.1",
SeeAlso: []string{
"https://github.com/copyleft-next/copyleft-next/blob/master/Releases/copyleft-next-0.3.1",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bsd-2-clause-patent": {
Reference: "https://spdx.org/licenses/BSD-2-Clause-Patent.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-2-Clause-Patent.json",
ReferenceNumber: 584,
Name: "BSD-2-Clause Plus Patent License",
LicenseID: "BSD-2-Clause-Patent",
SeeAlso: []string{
"https://opensource.org/licenses/BSDplusPatent",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"fsl-1.1-alv2": {
Reference: "https://spdx.org/licenses/FSL-1.1-ALv2.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/FSL-1.1-ALv2.json",
ReferenceNumber: 585,
Name: "Functional Source License, Version 1.1, ALv2 Future License",
LicenseID: "FSL-1.1-ALv2",
SeeAlso: []string{
"https://fsl.software/FSL-1.1-ALv2.template.md",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"python-2.0.1": {
Reference: "https://spdx.org/licenses/Python-2.0.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Python-2.0.1.json",
ReferenceNumber: 586,
Name: "Python License 2.0.1",
LicenseID: "Python-2.0.1",
SeeAlso: []string{
"https://www.python.org/download/releases/2.0.1/license/",
"https://docs.python.org/3/license.html",
"https://github.com/python/cpython/blob/main/LICENSE",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-nd-2.0": {
Reference: "https://spdx.org/licenses/CC-BY-ND-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-ND-2.0.json",
ReferenceNumber: 587,
Name: "Creative Commons Attribution No Derivatives 2.0 Generic",
LicenseID: "CC-BY-ND-2.0",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nd/2.0/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"mtll": {
Reference: "https://spdx.org/licenses/MTLL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MTLL.json",
ReferenceNumber: 588,
Name: "Matrix Template Library License",
LicenseID: "MTLL",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Matrix_Template_Library_License",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ofl-1.0": {
Reference: "https://spdx.org/licenses/OFL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OFL-1.0.json",
ReferenceNumber: 589,
Name: "SIL Open Font License 1.0",
LicenseID: "OFL-1.0",
SeeAlso: []string{
"http://scripts.sil.org/cms/scripts/page.php?item_id=OFL10_web",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"qhull": {
Reference: "https://spdx.org/licenses/Qhull.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Qhull.json",
ReferenceNumber: 590,
Name: "Qhull License",
LicenseID: "Qhull",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Qhull",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ipl-1.0": {
Reference: "https://spdx.org/licenses/IPL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/IPL-1.0.json",
ReferenceNumber: 591,
Name: "IBM Public License v1.0",
LicenseID: "IPL-1.0",
SeeAlso: []string{
"https://opensource.org/licenses/IPL-1.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Weak Copyleft (Medium Risk)"),
},
"linux-man-pages-copyleft-2-para": {
Reference: "https://spdx.org/licenses/Linux-man-pages-copyleft-2-para.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Linux-man-pages-copyleft-2-para.json",
ReferenceNumber: 592,
Name: "Linux man-pages Copyleft - 2 paragraphs",
LicenseID: "Linux-man-pages-copyleft-2-para",
SeeAlso: []string{
"https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/tree/man2/move_pages.2#n5",
"https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/tree/man2/migrate_pages.2#n8",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"softsurfer": {
Reference: "https://spdx.org/licenses/softSurfer.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/softSurfer.json",
ReferenceNumber: 593,
Name: "softSurfer License",
LicenseID: "softSurfer",
SeeAlso: []string{
"https://github.com/mm2/Little-CMS/blob/master/src/cmssm.c#L207",
"https://fedoraproject.org/wiki/Licensing/softSurfer",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"snprintf": {
Reference: "https://spdx.org/licenses/snprintf.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/snprintf.json",
ReferenceNumber: 594,
Name: "snprintf License",
LicenseID: "snprintf",
SeeAlso: []string{
"https://github.com/openssh/openssh-portable/blob/master/openbsd-compat/bsd-snprintf.c#L2",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gfdl-1.2-only": {
Reference: "https://spdx.org/licenses/GFDL-1.2-only.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/GFDL-1.2-only.json",
ReferenceNumber: 595,
Name: "GNU Free Documentation License v1.2 only",
LicenseID: "GFDL-1.2-only",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"eupl-1.2": {
Reference: "https://spdx.org/licenses/EUPL-1.2.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/EUPL-1.2.json",
ReferenceNumber: 596,
Name: "European Union Public License 1.2",
LicenseID: "EUPL-1.2",
SeeAlso: []string{
"https://joinup.ec.europa.eu/page/eupl-text-11-12",
"https://joinup.ec.europa.eu/sites/default/files/custom-page/attachment/eupl_v1.2_en.pdf",
"https://joinup.ec.europa.eu/sites/default/files/custom-page/attachment/2020-03/EUPL-1.2%20EN.txt",
"https://joinup.ec.europa.eu/sites/default/files/inline-files/EUPL%20v1_2%20EN(1).txt",
"http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32017D0863",
"https://opensource.org/licenses/EUPL-1.2",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Strong Copyleft (High Risk)"),
},
"zpl-1.1": {
Reference: "https://spdx.org/licenses/ZPL-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/ZPL-1.1.json",
ReferenceNumber: 597,
Name: "Zope Public License 1.1",
LicenseID: "ZPL-1.1",
SeeAlso: []string{
"http://old.zope.org/Resources/License/ZPL-1.1",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ttwl": {
Reference: "https://spdx.org/licenses/TTWL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/TTWL.json",
ReferenceNumber: 598,
Name: "Text-Tabs+Wrap License",
LicenseID: "TTWL",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/TTWL",
"https://github.com/ap/Text-Tabs/blob/master/lib.modern/Text/Tabs.pm#L148",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"mpl-2.0": {
Reference: "https://spdx.org/licenses/MPL-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MPL-2.0.json",
ReferenceNumber: 599,
Name: "Mozilla Public License 2.0",
LicenseID: "MPL-2.0",
SeeAlso: []string{
"https://www.mozilla.org/MPL/2.0/",
"https://opensource.org/licenses/MPL-2.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Weak Copyleft (Medium Risk)"),
},
"hpnd-doc": {
Reference: "https://spdx.org/licenses/HPND-doc.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HPND-doc.json",
ReferenceNumber: 600,
Name: "Historical Permission Notice and Disclaimer - documentation variant",
LicenseID: "HPND-doc",
SeeAlso: []string{
"https://gitlab.freedesktop.org/xorg/lib/libxext/-/blob/master/COPYING?ref_type=heads#L185-197",
"https://gitlab.freedesktop.org/xorg/lib/libxtst/-/blob/master/COPYING?ref_type=heads#L70-77",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gpl-3.0-with-gcc-exception": {
Reference: "https://spdx.org/licenses/GPL-3.0-with-GCC-exception.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/GPL-3.0-with-GCC-exception.json",
ReferenceNumber: 601,
Name: "GNU General Public License v3.0 w/GCC Runtime Library exception",
LicenseID: "GPL-3.0-with-GCC-exception",
SeeAlso: []string{
"https://www.gnu.org/licenses/gcc-exception-3.1.html",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"bsd-systemics": {
Reference: "https://spdx.org/licenses/BSD-Systemics.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-Systemics.json",
ReferenceNumber: 602,
Name: "Systemics BSD variant license",
LicenseID: "BSD-Systemics",
SeeAlso: []string{
"https://metacpan.org/release/DPARIS/Crypt-DES-2.07/source/COPYRIGHT",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"docbook-dtd": {
Reference: "https://spdx.org/licenses/DocBook-DTD.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/DocBook-DTD.json",
ReferenceNumber: 603,
Name: "DocBook DTD License",
LicenseID: "DocBook-DTD",
SeeAlso: []string{
"http://www.docbook.org/xml/simple/1.1/docbook-simple-1.1.zip",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"efl-2.0": {
Reference: "https://spdx.org/licenses/EFL-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/EFL-2.0.json",
ReferenceNumber: 604,
Name: "Eiffel Forum License v2.0",
LicenseID: "EFL-2.0",
SeeAlso: []string{
"http://www.eiffel-nice.org/license/eiffel-forum-license-2.html",
"https://opensource.org/licenses/EFL-2.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"haskellreport": {
Reference: "https://spdx.org/licenses/HaskellReport.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HaskellReport.json",
ReferenceNumber: 605,
Name: "Haskell Language Report License",
LicenseID: "HaskellReport",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Haskell_Language_Report_License",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bsd-3-clause-no-nuclear-warranty": {
Reference: "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-Warranty.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-Warranty.json",
ReferenceNumber: 606,
Name: "BSD 3-Clause No Nuclear Warranty",
LicenseID: "BSD-3-Clause-No-Nuclear-Warranty",
SeeAlso: []string{
"https://jogamp.org/git/?p=gluegen.git;a=blob_plain;f=LICENSE.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"newsletr": {
Reference: "https://spdx.org/licenses/Newsletr.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Newsletr.json",
ReferenceNumber: 607,
Name: "Newsletr License",
LicenseID: "Newsletr",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Newsletr",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ofl-1.1": {
Reference: "https://spdx.org/licenses/OFL-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OFL-1.1.json",
ReferenceNumber: 608,
Name: "SIL Open Font License 1.1",
LicenseID: "OFL-1.1",
SeeAlso: []string{
"http://scripts.sil.org/cms/scripts/page.php?item_id=OFL_web",
"https://opensource.org/licenses/OFL-1.1",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"gfdl-1.1-no-invariants-only": {
Reference: "https://spdx.org/licenses/GFDL-1.1-no-invariants-only.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/GFDL-1.1-no-invariants-only.json",
ReferenceNumber: 609,
Name: "GNU Free Documentation License v1.1 only - no invariants",
LicenseID: "GFDL-1.1-no-invariants-only",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-nd-3.0-de": {
Reference: "https://spdx.org/licenses/CC-BY-ND-3.0-DE.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-ND-3.0-DE.json",
ReferenceNumber: 610,
Name: "Creative Commons Attribution No Derivatives 3.0 Germany",
LicenseID: "CC-BY-ND-3.0-DE",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nd/3.0/de/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ucl-1.0": {
Reference: "https://spdx.org/licenses/UCL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/UCL-1.0.json",
ReferenceNumber: 611,
Name: "Upstream Compatibility License v1.0",
LicenseID: "UCL-1.0",
SeeAlso: []string{
"https://opensource.org/licenses/UCL-1.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"ogc-1.0": {
Reference: "https://spdx.org/licenses/OGC-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OGC-1.0.json",
ReferenceNumber: 612,
Name: "OGC Software License, Version 1.0",
LicenseID: "OGC-1.0",
SeeAlso: []string{
"https://www.ogc.org/ogc/software/1.0",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"egenix": {
Reference: "https://spdx.org/licenses/eGenix.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/eGenix.json",
ReferenceNumber: 613,
Name: "eGenix.com Public License 1.1.0",
LicenseID: "eGenix",
SeeAlso: []string{
"http://www.egenix.com/products/eGenix.com-Public-License-1.1.0.pdf",
"https://fedoraproject.org/wiki/Licensing/eGenix.com_Public_License_1.1.0",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"opl-1.0": {
Reference: "https://spdx.org/licenses/OPL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OPL-1.0.json",
ReferenceNumber: 614,
Name: "Open Public License v1.0",
LicenseID: "OPL-1.0",
SeeAlso: []string{
"http://old.koalateam.com/jackaroo/OPL_1_0.TXT",
"https://fedoraproject.org/wiki/Licensing/Open_Public_License",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"xerox": {
Reference: "https://spdx.org/licenses/Xerox.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Xerox.json",
ReferenceNumber: 615,
Name: "Xerox License",
LicenseID: "Xerox",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Xerox",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"nist-pd-fallback": {
Reference: "https://spdx.org/licenses/NIST-PD-fallback.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/NIST-PD-fallback.json",
ReferenceNumber: 616,
Name: "NIST Public Domain Notice with license fallback",
LicenseID: "NIST-PD-fallback",
SeeAlso: []string{
"https://github.com/usnistgov/jsip/blob/59700e6926cbe96c5cdae897d9a7d2656b42abe3/LICENSE",
"https://github.com/usnistgov/fipy/blob/86aaa5c2ba2c6f1be19593c5986071cf6568cc34/LICENSE.rst",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"sgi-b-2.0": {
Reference: "https://spdx.org/licenses/SGI-B-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SGI-B-2.0.json",
ReferenceNumber: 617,
Name: "SGI Free Software License B v2.0",
LicenseID: "SGI-B-2.0",
SeeAlso: []string{
"http://oss.sgi.com/projects/FreeB/SGIFreeSWLicB.2.0.pdf",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gpl-2.0-with-autoconf-exception": {
Reference: "https://spdx.org/licenses/GPL-2.0-with-autoconf-exception.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/GPL-2.0-with-autoconf-exception.json",
ReferenceNumber: 618,
Name: "GNU General Public License v2.0 w/Autoconf exception",
LicenseID: "GPL-2.0-with-autoconf-exception",
SeeAlso: []string{
"http://ac-archive.sourceforge.net/doc/copyright.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"termreadkey": {
Reference: "https://spdx.org/licenses/TermReadKey.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/TermReadKey.json",
ReferenceNumber: 619,
Name: "TermReadKey License",
LicenseID: "TermReadKey",
SeeAlso: []string{
"https://github.com/jonathanstowe/TermReadKey/blob/master/README#L9-L10",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"sendmail-open-source-1.1": {
Reference: "https://spdx.org/licenses/Sendmail-Open-Source-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Sendmail-Open-Source-1.1.json",
ReferenceNumber: 620,
Name: "Sendmail Open Source License v1.1",
LicenseID: "Sendmail-Open-Source-1.1",
SeeAlso: []string{
"https://github.com/trusteddomainproject/OpenDMARC/blob/master/LICENSE.Sendmail",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ntp": {
Reference: "https://spdx.org/licenses/NTP.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/NTP.json",
ReferenceNumber: 621,
Name: "NTP License",
LicenseID: "NTP",
SeeAlso: []string{
"https://opensource.org/licenses/NTP",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"bsd-2-clause-freebsd": {
Reference: "https://spdx.org/licenses/BSD-2-Clause-FreeBSD.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/BSD-2-Clause-FreeBSD.json",
ReferenceNumber: 622,
Name: "BSD 2-Clause FreeBSD License",
LicenseID: "BSD-2-Clause-FreeBSD",
SeeAlso: []string{
"http://www.freebsd.org/copyright/freebsd-license.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"hpnd-markus-kuhn": {
Reference: "https://spdx.org/licenses/HPND-Markus-Kuhn.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HPND-Markus-Kuhn.json",
ReferenceNumber: 623,
Name: "Historical Permission Notice and Disclaimer - Markus Kuhn variant",
LicenseID: "HPND-Markus-Kuhn",
SeeAlso: []string{
"https://www.cl.cam.ac.uk/~mgk25/ucs/wcwidth.c",
"https://sourceware.org/git/?p=binutils-gdb.git;a=blob;f=readline/readline/support/wcwidth.c;h=0f5ec995796f4813abbcf4972aec0378ab74722a;hb=HEAD#l55",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bsd-2-clause-pkgconf-disclaimer": {
Reference: "https://spdx.org/licenses/BSD-2-Clause-pkgconf-disclaimer.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-2-Clause-pkgconf-disclaimer.json",
ReferenceNumber: 624,
Name: "BSD 2-Clause pkgconf disclaimer variant",
LicenseID: "BSD-2-Clause-pkgconf-disclaimer",
SeeAlso: []string{
"https://github.com/audacious-media-player/audacious/blob/master/src/audacious/main.cc",
"https://github.com/audacious-media-player/audacious/blob/master/COPYING",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"tcl": {
Reference: "https://spdx.org/licenses/TCL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/TCL.json",
ReferenceNumber: 625,
Name: "TCL/TK License",
LicenseID: "TCL",
SeeAlso: []string{
"http://www.tcl.tk/software/tcltk/license.html",
"https://fedoraproject.org/wiki/Licensing/TCL",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"netcdf": {
Reference: "https://spdx.org/licenses/NetCDF.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/NetCDF.json",
ReferenceNumber: 626,
Name: "NetCDF license",
LicenseID: "NetCDF",
SeeAlso: []string{
"http://www.unidata.ucar.edu/software/netcdf/copyright.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"wwl": {
Reference: "https://spdx.org/licenses/wwl.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/wwl.json",
ReferenceNumber: 627,
Name: "WWL License",
LicenseID: "wwl",
SeeAlso: []string{
"http://www.db.net/downloads/wwl+db-1.3.tgz",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"python-2.0": {
Reference: "https://spdx.org/licenses/Python-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Python-2.0.json",
ReferenceNumber: 628,
Name: "Python License 2.0",
LicenseID: "Python-2.0",
SeeAlso: []string{
"https://opensource.org/licenses/Python-2.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"fsfap-no-warranty-disclaimer": {
Reference: "https://spdx.org/licenses/FSFAP-no-warranty-disclaimer.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/FSFAP-no-warranty-disclaimer.json",
ReferenceNumber: 629,
Name: "FSF All Permissive License (without Warranty)",
LicenseID: "FSFAP-no-warranty-disclaimer",
SeeAlso: []string{
"https://git.savannah.gnu.org/cgit/wget.git/tree/util/trunc.c?h=v1.21.3&id=40747a11e44ced5a8ac628a41f879ced3e2ebce9#n6",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"python-ldap": {
Reference: "https://spdx.org/licenses/python-ldap.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/python-ldap.json",
ReferenceNumber: 630,
Name: "Python ldap License",
LicenseID: "python-ldap",
SeeAlso: []string{
"https://github.com/python-ldap/python-ldap/blob/main/LICENCE",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-sa-2.5": {
Reference: "https://spdx.org/licenses/CC-BY-SA-2.5.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-SA-2.5.json",
ReferenceNumber: 631,
Name: "Creative Commons Attribution Share Alike 2.5 Generic",
LicenseID: "CC-BY-SA-2.5",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-sa/2.5/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gpl-3.0-only": {
Reference: "https://spdx.org/licenses/GPL-3.0-only.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/GPL-3.0-only.json",
ReferenceNumber: 632,
Name: "GNU General Public License v3.0 only",
LicenseID: "GPL-3.0-only",
SeeAlso: []string{
"https://www.gnu.org/licenses/gpl-3.0-standalone.html",
"https://opensource.org/licenses/GPL-3.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Strong Copyleft (High Risk)"),
},
"gfdl-1.3-or-later": {
Reference: "https://spdx.org/licenses/GFDL-1.3-or-later.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/GFDL-1.3-or-later.json",
ReferenceNumber: 633,
Name: "GNU Free Documentation License v1.3 or later",
LicenseID: "GFDL-1.3-or-later",
SeeAlso: []string{
"https://www.gnu.org/licenses/fdl-1.3.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"lgpl-3.0-only": {
Reference: "https://spdx.org/licenses/LGPL-3.0-only.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/LGPL-3.0-only.json",
ReferenceNumber: 634,
Name: "GNU Lesser General Public License v3.0 only",
LicenseID: "LGPL-3.0-only",
SeeAlso: []string{
"https://www.gnu.org/licenses/lgpl-3.0-standalone.html",
"https://www.gnu.org/licenses/lgpl+gpl-3.0.txt",
"https://opensource.org/licenses/LGPL-3.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Weak Copyleft (Medium Risk)"),
},
"glulxe": {
Reference: "https://spdx.org/licenses/Glulxe.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Glulxe.json",
ReferenceNumber: 635,
Name: "Glulxe License",
LicenseID: "Glulxe",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Glulxe",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-nc-sa-3.0-igo": {
Reference: "https://spdx.org/licenses/CC-BY-NC-SA-3.0-IGO.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-NC-SA-3.0-IGO.json",
ReferenceNumber: 636,
Name: "Creative Commons Attribution Non Commercial Share Alike 3.0 IGO",
LicenseID: "CC-BY-NC-SA-3.0-IGO",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nc-sa/3.0/igo/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bsd-3-clause-open-mpi": {
Reference: "https://spdx.org/licenses/BSD-3-Clause-Open-MPI.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-3-Clause-Open-MPI.json",
ReferenceNumber: 637,
Name: "BSD 3-Clause Open MPI variant",
LicenseID: "BSD-3-Clause-Open-MPI",
SeeAlso: []string{
"https://www.open-mpi.org/community/license.php",
"http://www.netlib.org/lapack/LICENSE.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"net-snmp": {
Reference: "https://spdx.org/licenses/Net-SNMP.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/Net-SNMP.json",
ReferenceNumber: 638,
Name: "Net-SNMP License",
LicenseID: "Net-SNMP",
SeeAlso: []string{
"http://net-snmp.sourceforge.net/about/license.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"fsl-1.1-mit": {
Reference: "https://spdx.org/licenses/FSL-1.1-MIT.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/FSL-1.1-MIT.json",
ReferenceNumber: 639,
Name: "Functional Source License, Version 1.1, MIT Future License",
LicenseID: "FSL-1.1-MIT",
SeeAlso: []string{
"https://fsl.software/FSL-1.1-MIT.template.md",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"linux-man-pages-copyleft": {
Reference: "https://spdx.org/licenses/Linux-man-pages-copyleft.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Linux-man-pages-copyleft.json",
ReferenceNumber: 640,
Name: "Linux man-pages Copyleft",
LicenseID: "Linux-man-pages-copyleft",
SeeAlso: []string{
"https://www.kernel.org/doc/man-pages/licenses.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ecl-1.0": {
Reference: "https://spdx.org/licenses/ECL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/ECL-1.0.json",
ReferenceNumber: 641,
Name: "Educational Community License v1.0",
LicenseID: "ECL-1.0",
SeeAlso: []string{
"https://opensource.org/licenses/ECL-1.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"jove": {
Reference: "https://spdx.org/licenses/jove.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/jove.json",
ReferenceNumber: 642,
Name: "Jove License",
LicenseID: "jove",
SeeAlso: []string{
"https://github.com/jonmacs/jove/blob/4_17/LICENSE",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bsd-3-clause-hp": {
Reference: "https://spdx.org/licenses/BSD-3-Clause-HP.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-3-Clause-HP.json",
ReferenceNumber: 643,
Name: "Hewlett-Packard BSD variant license",
LicenseID: "BSD-3-Clause-HP",
SeeAlso: []string{
"https://github.com/zdohnal/hplip/blob/master/COPYING#L939",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"aml": {
Reference: "https://spdx.org/licenses/AML.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/AML.json",
ReferenceNumber: 644,
Name: "Apple MIT License",
LicenseID: "AML",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/Apple_MIT_License",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"freebsd-doc": {
Reference: "https://spdx.org/licenses/FreeBSD-DOC.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/FreeBSD-DOC.json",
ReferenceNumber: 645,
Name: "FreeBSD Documentation License",
LicenseID: "FreeBSD-DOC",
SeeAlso: []string{
"https://www.freebsd.org/copyright/freebsd-doc-license/",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"xfree86-1.1": {
Reference: "https://spdx.org/licenses/XFree86-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/XFree86-1.1.json",
ReferenceNumber: 646,
Name: "XFree86 License 1.1",
LicenseID: "XFree86-1.1",
SeeAlso: []string{
"http://www.xfree86.org/current/LICENSE4.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ecos-2.0": {
Reference: "https://spdx.org/licenses/eCos-2.0.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/eCos-2.0.json",
ReferenceNumber: 647,
Name: "eCos license version 2.0",
LicenseID: "eCos-2.0",
SeeAlso: []string{
"https://www.gnu.org/licenses/ecos-license.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-3.0-au": {
Reference: "https://spdx.org/licenses/CC-BY-3.0-AU.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-3.0-AU.json",
ReferenceNumber: 648,
Name: "Creative Commons Attribution 3.0 Australia",
LicenseID: "CC-BY-3.0-AU",
SeeAlso: []string{
"https://creativecommons.org/licenses/by/3.0/au/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"arphic-1999": {
Reference: "https://spdx.org/licenses/Arphic-1999.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Arphic-1999.json",
ReferenceNumber: 649,
Name: "Arphic Public License",
LicenseID: "Arphic-1999",
SeeAlso: []string{
"http://ftp.gnu.org/gnu/non-gnu/chinese-fonts-truetype/LICENSE",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gpl-3.0-with-autoconf-exception": {
Reference: "https://spdx.org/licenses/GPL-3.0-with-autoconf-exception.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/GPL-3.0-with-autoconf-exception.json",
ReferenceNumber: 650,
Name: "GNU General Public License v3.0 w/Autoconf exception",
LicenseID: "GPL-3.0-with-autoconf-exception",
SeeAlso: []string{
"https://www.gnu.org/licenses/autoconf-exception-3.0.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"osl-1.0": {
Reference: "https://spdx.org/licenses/OSL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OSL-1.0.json",
ReferenceNumber: 651,
Name: "Open Software License 1.0",
LicenseID: "OSL-1.0",
SeeAlso: []string{
"https://opensource.org/licenses/OSL-1.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Strong Copyleft (High Risk)"),
},
"gfdl-1.3": {
Reference: "https://spdx.org/licenses/GFDL-1.3.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/GFDL-1.3.json",
ReferenceNumber: 652,
Name: "GNU Free Documentation License v1.3",
LicenseID: "GFDL-1.3",
SeeAlso: []string{
"https://www.gnu.org/licenses/fdl-1.3.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ofl-1.0-no-rfn": {
Reference: "https://spdx.org/licenses/OFL-1.0-no-RFN.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OFL-1.0-no-RFN.json",
ReferenceNumber: 653,
Name: "SIL Open Font License 1.0 with no Reserved Font Name",
LicenseID: "OFL-1.0-no-RFN",
SeeAlso: []string{
"http://scripts.sil.org/cms/scripts/page.php?item_id=OFL10_web",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"oldap-2.0.1": {
Reference: "https://spdx.org/licenses/OLDAP-2.0.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OLDAP-2.0.1.json",
ReferenceNumber: 654,
Name: "Open LDAP Public License v2.0.1",
LicenseID: "OLDAP-2.0.1",
SeeAlso: []string{
"http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=b6d68acd14e51ca3aab4428bf26522aa74873f0e",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"jpnic": {
Reference: "https://spdx.org/licenses/JPNIC.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/JPNIC.json",
ReferenceNumber: 655,
Name: "Japan Network Information Center License",
LicenseID: "JPNIC",
SeeAlso: []string{
"https://gitlab.isc.org/isc-projects/bind9/blob/master/COPYRIGHT#L366",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"lpl-1.02": {
Reference: "https://spdx.org/licenses/LPL-1.02.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/LPL-1.02.json",
ReferenceNumber: 656,
Name: "Lucent Public License v1.02",
LicenseID: "LPL-1.02",
SeeAlso: []string{
"http://plan9.bell-labs.com/plan9/license.html",
"https://opensource.org/licenses/LPL-1.02",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"oldap-2.0": {
Reference: "https://spdx.org/licenses/OLDAP-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OLDAP-2.0.json",
ReferenceNumber: 657,
Name: "Open LDAP Public License v2.0 (or possibly 2.0A and 2.0B)",
LicenseID: "OLDAP-2.0",
SeeAlso: []string{
"http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=cbf50f4e1185a21abd4c0a54d3f4341fe28f36ea",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"adobe-2006": {
Reference: "https://spdx.org/licenses/Adobe-2006.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Adobe-2006.json",
ReferenceNumber: 658,
Name: "Adobe Systems Incorporated Source Code License Agreement",
LicenseID: "Adobe-2006",
SeeAlso: []string{
"https://fedoraproject.org/wiki/Licensing/AdobeLicense",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-nc-sa-2.5": {
Reference: "https://spdx.org/licenses/CC-BY-NC-SA-2.5.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-NC-SA-2.5.json",
ReferenceNumber: 659,
Name: "Creative Commons Attribution Non Commercial Share Alike 2.5 Generic",
LicenseID: "CC-BY-NC-SA-2.5",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nc-sa/2.5/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"c-uda-1.0": {
Reference: "https://spdx.org/licenses/C-UDA-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/C-UDA-1.0.json",
ReferenceNumber: 660,
Name: "Computational Use of Data Agreement v1.0",
LicenseID: "C-UDA-1.0",
SeeAlso: []string{
"https://github.com/microsoft/Computational-Use-of-Data-Agreement/blob/master/C-UDA-1.0.md",
"https://cdla.dev/computational-use-of-data-agreement-v1-0/",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"lucida-bitmap-fonts": {
Reference: "https://spdx.org/licenses/Lucida-Bitmap-Fonts.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Lucida-Bitmap-Fonts.json",
ReferenceNumber: 661,
Name: "Lucida Bitmap Fonts License",
LicenseID: "Lucida-Bitmap-Fonts",
SeeAlso: []string{
"https://gitlab.freedesktop.org/xorg/font/bh-100dpi/-/blob/master/COPYING?ref_type=heads",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ferguson-twofish": {
Reference: "https://spdx.org/licenses/Ferguson-Twofish.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Ferguson-Twofish.json",
ReferenceNumber: 662,
Name: "Ferguson Twofish License",
LicenseID: "Ferguson-Twofish",
SeeAlso: []string{
"https://github.com/wernerd/ZRTPCPP/blob/6b3cd8e6783642292bad0c21e3e5e5ce45ff3e03/cryptcommon/twofish.c#L113C3-L127",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"mmixware": {
Reference: "https://spdx.org/licenses/MMIXware.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MMIXware.json",
ReferenceNumber: 663,
Name: "MMIXware License",
LicenseID: "MMIXware",
SeeAlso: []string{
"https://gitlab.lrz.de/mmix/mmixware/-/blob/master/boilerplate.w",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"sspl-1.0": {
Reference: "https://spdx.org/licenses/SSPL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/SSPL-1.0.json",
ReferenceNumber: 664,
Name: "Server Side Public License, v 1",
LicenseID: "SSPL-1.0",
SeeAlso: []string{
"https://www.mongodb.com/licensing/server-side-public-license",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"mpl-1.0": {
Reference: "https://spdx.org/licenses/MPL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MPL-1.0.json",
ReferenceNumber: 665,
Name: "Mozilla Public License 1.0",
LicenseID: "MPL-1.0",
SeeAlso: []string{
"http://www.mozilla.org/MPL/MPL-1.0.html",
"https://opensource.org/licenses/MPL-1.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Weak Copyleft (Medium Risk)"),
},
"tpdl": {
Reference: "https://spdx.org/licenses/TPDL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/TPDL.json",
ReferenceNumber: 666,
Name: "Time::ParseDate License",
LicenseID: "TPDL",
SeeAlso: []string{
"https://metacpan.org/pod/Time::ParseDate#LICENSE",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"oldap-2.2": {
Reference: "https://spdx.org/licenses/OLDAP-2.2.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/OLDAP-2.2.json",
ReferenceNumber: 667,
Name: "Open LDAP Public License v2.2",
LicenseID: "OLDAP-2.2",
SeeAlso: []string{
"http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=470b0c18ec67621c85881b2733057fecf4a1acc3",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gsoap-1.3b": {
Reference: "https://spdx.org/licenses/gSOAP-1.3b.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/gSOAP-1.3b.json",
ReferenceNumber: 668,
Name: "gSOAP Public License v1.3b",
LicenseID: "gSOAP-1.3b",
SeeAlso: []string{
"http://www.cs.fsu.edu/~engelen/license.html",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"tu-berlin-2.0": {
Reference: "https://spdx.org/licenses/TU-Berlin-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/TU-Berlin-2.0.json",
ReferenceNumber: 669,
Name: "Technische Universitaet Berlin License 2.0",
LicenseID: "TU-Berlin-2.0",
SeeAlso: []string{
"https://github.com/CorsixTH/deps/blob/fd339a9f526d1d9c9f01ccf39e438a015da50035/licences/libgsm.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"pkgconf": {
Reference: "https://spdx.org/licenses/pkgconf.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/pkgconf.json",
ReferenceNumber: 670,
Name: "pkgconf License",
LicenseID: "pkgconf",
SeeAlso: []string{
"https://github.com/pkgconf/pkgconf/blob/master/cli/main.c#L8",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-nc-sa-2.0-uk": {
Reference: "https://spdx.org/licenses/CC-BY-NC-SA-2.0-UK.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-NC-SA-2.0-UK.json",
ReferenceNumber: 671,
Name: "Creative Commons Attribution Non Commercial Share Alike 2.0 England and Wales",
LicenseID: "CC-BY-NC-SA-2.0-UK",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nc-sa/2.0/uk/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"docbook-xml": {
Reference: "https://spdx.org/licenses/DocBook-XML.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/DocBook-XML.json",
ReferenceNumber: 672,
Name: "DocBook XML License",
LicenseID: "DocBook-XML",
SeeAlso: []string{
"https://github.com/docbook/xslt10-stylesheets/blob/efd62655c11cc8773708df7a843613fa1e932bf8/xsl/COPYING#L27",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cnri-python-gpl-compatible": {
Reference: "https://spdx.org/licenses/CNRI-Python-GPL-Compatible.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CNRI-Python-GPL-Compatible.json",
ReferenceNumber: 673,
Name: "CNRI Python Open Source GPL Compatible License Agreement",
LicenseID: "CNRI-Python-GPL-Compatible",
SeeAlso: []string{
"http://www.python.org/download/releases/1.6.1/download_win/",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ms-lpl": {
Reference: "https://spdx.org/licenses/MS-LPL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MS-LPL.json",
ReferenceNumber: 674,
Name: "Microsoft Limited Public License",
LicenseID: "MS-LPL",
SeeAlso: []string{
"https://www.openhub.net/licenses/mslpl",
"https://github.com/gabegundy/atlserver/blob/master/License.txt",
"https://en.wikipedia.org/wiki/Shared_Source_Initiative#Microsoft_Limited_Public_License_(Ms-LPL)",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"brian-gladman-3-clause": {
Reference: "https://spdx.org/licenses/Brian-Gladman-3-Clause.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Brian-Gladman-3-Clause.json",
ReferenceNumber: 675,
Name: "Brian Gladman 3-Clause License",
LicenseID: "Brian-Gladman-3-Clause",
SeeAlso: []string{
"https://github.com/SWI-Prolog/packages-clib/blob/master/sha1/brg_endian.h",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"lgpl-2.0": {
Reference: "https://spdx.org/licenses/LGPL-2.0.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/LGPL-2.0.json",
ReferenceNumber: 676,
Name: "GNU Library General Public License v2 only",
LicenseID: "LGPL-2.0",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/lgpl-2.0-standalone.html",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Weak Copyleft (Medium Risk)"),
},
"lgpl-2.1": {
Reference: "https://spdx.org/licenses/LGPL-2.1.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/LGPL-2.1.json",
ReferenceNumber: 677,
Name: "GNU Lesser General Public License v2.1 only",
LicenseID: "LGPL-2.1",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html",
"https://opensource.org/licenses/LGPL-2.1",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Weak Copyleft (Medium Risk)"),
},
"radvd": {
Reference: "https://spdx.org/licenses/radvd.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/radvd.json",
ReferenceNumber: 678,
Name: "radvd License",
LicenseID: "radvd",
SeeAlso: []string{
"https://github.com/radvd-project/radvd/blob/master/COPYRIGHT",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"mpl-1.1": {
Reference: "https://spdx.org/licenses/MPL-1.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MPL-1.1.json",
ReferenceNumber: 679,
Name: "Mozilla Public License 1.1",
LicenseID: "MPL-1.1",
SeeAlso: []string{
"http://www.mozilla.org/MPL/MPL-1.1.html",
"https://opensource.org/licenses/MPL-1.1",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Weak Copyleft (Medium Risk)"),
},
"blessing": {
Reference: "https://spdx.org/licenses/blessing.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/blessing.json",
ReferenceNumber: 680,
Name: "SQLite Blessing",
LicenseID: "blessing",
SeeAlso: []string{
"https://www.sqlite.org/src/artifact/e33a4df7e32d742a?ln=4-9",
"https://sqlite.org/src/artifact/df5091916dbb40e6",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"hpnd-sell-regexpr": {
Reference: "https://spdx.org/licenses/HPND-sell-regexpr.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/HPND-sell-regexpr.json",
ReferenceNumber: 681,
Name: "Historical Permission Notice and Disclaimer - sell regexpr variant",
LicenseID: "HPND-sell-regexpr",
SeeAlso: []string{
"https://gitlab.com/bacula-org/bacula/-/blob/Branch-11.0/bacula/LICENSE-FOSS?ref_type=heads#L245",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"afl-2.1": {
Reference: "https://spdx.org/licenses/AFL-2.1.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/AFL-2.1.json",
ReferenceNumber: 682,
Name: "Academic Free License v2.1",
LicenseID: "AFL-2.1",
SeeAlso: []string{
"http://opensource.linux-mirror.org/licenses/afl-2.1.txt",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"cc-by-sa-3.0-de": {
Reference: "https://spdx.org/licenses/CC-BY-SA-3.0-DE.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-SA-3.0-DE.json",
ReferenceNumber: 683,
Name: "Creative Commons Attribution Share Alike 3.0 Germany",
LicenseID: "CC-BY-SA-3.0-DE",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-sa/3.0/de/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"pddl-1.0": {
Reference: "https://spdx.org/licenses/PDDL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/PDDL-1.0.json",
ReferenceNumber: 684,
Name: "Open Data Commons Public Domain Dedication & License 1.0",
LicenseID: "PDDL-1.0",
SeeAlso: []string{
"http://opendatacommons.org/licenses/pddl/1.0/",
"https://opendatacommons.org/licenses/pddl/",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"bsd-4.3tahoe": {
Reference: "https://spdx.org/licenses/BSD-4.3TAHOE.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/BSD-4.3TAHOE.json",
ReferenceNumber: 685,
Name: "BSD 4.3 TAHOE License",
LicenseID: "BSD-4.3TAHOE",
SeeAlso: []string{
"https://github.com/389ds/389-ds-base/blob/main/ldap/include/sysexits-compat.h#L15",
"https://git.savannah.gnu.org/cgit/indent.git/tree/doc/indent.texi?id=a74c6b4ee49397cf330b333da1042bffa60ed14f#n1788",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"cc-by-nc-3.0": {
Reference: "https://spdx.org/licenses/CC-BY-NC-3.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/CC-BY-NC-3.0.json",
ReferenceNumber: 686,
Name: "Creative Commons Attribution Non Commercial 3.0 Unported",
LicenseID: "CC-BY-NC-3.0",
SeeAlso: []string{
"https://creativecommons.org/licenses/by-nc/3.0/legalcode",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"nlod-2.0": {
Reference: "https://spdx.org/licenses/NLOD-2.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/NLOD-2.0.json",
ReferenceNumber: 687,
Name: "Norwegian Licence for Open Government Data (NLOD) 2.0",
LicenseID: "NLOD-2.0",
SeeAlso: []string{
"http://data.norge.no/nlod/en/2.0",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"gpl-2.0": {
Reference: "https://spdx.org/licenses/GPL-2.0.html",
IsDeprecatedLicenseID: true,
DetailsURL: "https://spdx.org/licenses/GPL-2.0.json",
ReferenceNumber: 688,
Name: "GNU General Public License v2.0 only",
LicenseID: "GPL-2.0",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html",
"https://opensource.org/licenses/GPL-2.0",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Strong Copyleft (High Risk)"),
},
"gfdl-1.1-no-invariants-or-later": {
Reference: "https://spdx.org/licenses/GFDL-1.1-no-invariants-or-later.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/GFDL-1.1-no-invariants-or-later.json",
ReferenceNumber: 689,
Name: "GNU Free Documentation License v1.1 or later - no invariants",
LicenseID: "GFDL-1.1-no-invariants-or-later",
SeeAlso: []string{
"https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"clartistic": {
Reference: "https://spdx.org/licenses/ClArtistic.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/ClArtistic.json",
ReferenceNumber: 690,
Name: "Clarified Artistic License",
LicenseID: "ClArtistic",
SeeAlso: []string{
"http://gianluca.dellavedova.org/2011/01/03/clarified-artistic-license/",
"http://www.ncftp.com/ncftp/doc/LICENSE.txt",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"pnmstitch": {
Reference: "https://spdx.org/licenses/pnmstitch.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/pnmstitch.json",
ReferenceNumber: 691,
Name: "pnmstitch License",
LicenseID: "pnmstitch",
SeeAlso: []string{
"https://sourceforge.net/p/netpbm/code/HEAD/tree/super_stable/editor/pnmstitch.c#l2",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"miros": {
Reference: "https://spdx.org/licenses/MirOS.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MirOS.json",
ReferenceNumber: 692,
Name: "The MirOS Licence",
LicenseID: "MirOS",
SeeAlso: []string{
"https://opensource.org/licenses/MirOS",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"qpl-1.0": {
Reference: "https://spdx.org/licenses/QPL-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/QPL-1.0.json",
ReferenceNumber: 693,
Name: "Q Public License 1.0",
LicenseID: "QPL-1.0",
SeeAlso: []string{
"http://doc.qt.nokia.com/3.3/license.html",
"https://opensource.org/licenses/QPL-1.0",
"https://doc.qt.io/archives/3.3/license.html",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
"ijg-short": {
Reference: "https://spdx.org/licenses/IJG-short.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/IJG-short.json",
ReferenceNumber: 694,
Name: "Independent JPEG Group License - short",
LicenseID: "IJG-short",
SeeAlso: []string{
"https://sourceforge.net/p/xmedcon/code/ci/master/tree/libs/ljpg/",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"community-spec-1.0": {
Reference: "https://spdx.org/licenses/Community-Spec-1.0.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/Community-Spec-1.0.json",
ReferenceNumber: 695,
Name: "Community Specification License 1.0",
LicenseID: "Community-Spec-1.0",
SeeAlso: []string{
"https://github.com/CommunitySpecification/1.0/blob/master/1._Community_Specification_License-v1.md",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"ncbi-pd": {
Reference: "https://spdx.org/licenses/NCBI-PD.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/NCBI-PD.json",
ReferenceNumber: 696,
Name: "NCBI Public Domain Notice",
LicenseID: "NCBI-PD",
SeeAlso: []string{
"https://github.com/ncbi/sra-tools/blob/e8e5b6af4edc460156ad9ce5902d0779cffbf685/LICENSE",
"https://github.com/ncbi/datasets/blob/0ea4cd16b61e5b799d9cc55aecfa016d6c9bd2bf/LICENSE.md",
"https://github.com/ncbi/gprobe/blob/de64d30fee8b4c4013094d7d3139ea89b5dd1ace/LICENSE",
"https://github.com/ncbi/egapx/blob/08930b9dec0c69b2d1a05e5153c7b95ef0a3eb0f/LICENSE",
"https://github.com/ncbi/datasets/blob/master/LICENSE.md",
},
IsOsiApproved: false,
RiskCategory: RiskCategory(""),
},
"postgresql": {
Reference: "https://spdx.org/licenses/PostgreSQL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/PostgreSQL.json",
ReferenceNumber: 697,
Name: "PostgreSQL License",
LicenseID: "PostgreSQL",
SeeAlso: []string{
"http://www.postgresql.org/about/licence",
"https://opensource.org/licenses/PostgreSQL",
},
IsOsiApproved: true,
RiskCategory: RiskCategory("Permissive (Low Risk)"),
},
"ms-pl": {
Reference: "https://spdx.org/licenses/MS-PL.html",
IsDeprecatedLicenseID: false,
DetailsURL: "https://spdx.org/licenses/MS-PL.json",
ReferenceNumber: 698,
Name: "Microsoft Public License",
LicenseID: "MS-PL",
SeeAlso: []string{
"http://www.microsoft.com/opensource/licenses.mspx",
"https://opensource.org/licenses/MS-PL",
},
IsOsiApproved: true,
RiskCategory: RiskCategory(""),
},
}
07070100000061000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000002100000000grant-0.3.2/internal/stdinbuffer07070100000062000081A400000000000000000000000168CB9D630000036F000000000000000000000000000000000000002B00000000grant-0.3.2/internal/stdinbuffer/buffer.gopackage stdinbuffer
import (
"bytes"
"io"
"sync"
)
var (
mu sync.Mutex
buffer *bytes.Reader
)
// Set stores stdin data that was read but needs to be processed later
func Set(data []byte) {
mu.Lock()
defer mu.Unlock()
buffer = bytes.NewReader(data)
}
// Get retrieves the stored stdin data and clears the buffer
// Returns nil if no data is available or if seek fails
func Get() io.ReadSeeker {
mu.Lock()
defer mu.Unlock()
if buffer == nil {
return nil
}
// Reset seek position to beginning
if _, err := buffer.Seek(0, io.SeekStart); err != nil {
// If we can't seek to the beginning, the buffer is unusable
buffer = nil
return nil
}
// Return the buffer and clear it for next use
b := buffer
buffer = nil
return b
}
// HasData checks if there's data in the buffer
func HasData() bool {
mu.Lock()
defer mu.Unlock()
return buffer != nil
}
07070100000063000081A400000000000000000000000168CB9D6300000447000000000000000000000000000000000000001500000000grant-0.3.2/llms.txt# Grant - License Compliance Tool
Grant is a command-line tool for viewing and analyzing licenses in container images, SBOM documents, and filesystems. It helps build license compliance reports by applying configurable rules.
## Key Components
- **CLI Interface**: Main entry point in `cmd/grant/main.go`
- **Commands**: Check, list, and inspect operations for license analysis
- **Core Logic**: License evaluation, policy rules, and pattern matching in `grant/` directory
- **Configuration**: YAML-based rule configuration with allow/deny patterns
- **Output Formats**: Table and JSON reporting
## Primary Use Cases
1. Scan container images for licenses: `grant check redis:latest`
2. Analyze SBOM documents: `grant check alpine.spdx.json`
3. Apply license compliance policies with configurable rules
4. Generate reports for license compliance workflows
## Architecture
- Go-based CLI tool using the Anchore Clio framework
- SPDX license identification and pattern matching
- Rule-based evaluation engine with glob pattern support
- Integration with Syft for SBOM generation and analysis07070100000064000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000001200000000grant-0.3.2/tests07070100000065000041ED00000000000000000000000268CB9D6300000000000000000000000000000000000000000000001600000000grant-0.3.2/tests/cli07070100000066000081A400000000000000000000000168CB9D63000003EA000000000000000000000000000000000000002400000000grant-0.3.2/tests/cli/check_test.gopackage cli
import (
"os/exec"
"strings"
"testing"
)
func Test_CheckCmd(t *testing.T) {
tests := []struct {
name string
args []string
expectedInOutput []string
}{
{
name: "check command will deny all on empty config",
args: []string{"-c", emptyConfigPath, "check", "dir:../../."},
expectedInOutput: []string{
"check failed",
"✗", // Non-compliant indicator
"DENIED", // Shows denied packages
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
cmd := exec.Command(grantTmpPath, tt.args...)
output, err := cmd.CombinedOutput()
if err != nil && !strings.Contains(err.Error(), "exit status 1") {
t.Fatalf("cmd.CombinedOutput() failed with %s\n %s", err, string(output))
}
for _, expected := range tt.expectedInOutput {
if !strings.Contains(string(output), expected) {
t.Errorf("expected %s to be in output, but it wasn't; output: %s", expected, string(output))
}
}
})
}
}
07070100000067000081A400000000000000000000000168CB9D63000004D9000000000000000000000000000000000000002300000000grant-0.3.2/tests/cli/main_test.gopackage cli
import (
"log"
"os"
"os/exec"
"testing"
)
const (
grantTmpPath = "../../.tmp/grant"
emptyConfigPath = "../../.tmp/grant_empty.yaml"
)
func buildBinary() (string, error) {
buildCmd := exec.Command("go", "build", "-o", grantTmpPath, "../../cmd/grant/main.go") // Adjust the last argument to your package path if necessary
err := buildCmd.Run()
return grantTmpPath, err
}
func generateEmptyConfig() (string, error) {
emptyConfigCmd := exec.Command("touch", emptyConfigPath)
err := emptyConfigCmd.Run()
return emptyConfigPath, err
}
// setup function that you want to run before any tests
func setup(m *testing.M) {
_, err := buildBinary()
if err != nil {
log.Fatalf("Failed to build binary: %v", err)
}
_, err = generateEmptyConfig()
if err != nil {
log.Fatalf("Failed to generate empty config: %v", err)
}
}
// teardown function to clean up after the tests
func teardown() {
// Your cleanup code here
println("Running teardown after all tests.")
}
// TestMain is the entry point for testing
func TestMain(m *testing.M) {
setup(m) // Call setup
code := m.Run() // Run the tests and store the result
teardown() // Call teardown
os.Exit(code) // Exit with the result of the tests
}
07070100000068000081A400000000000000000000000168CB9D63000000E2000000000000000000000000000000000000002400000000grant-0.3.2/tests/cli/utils_test.gopackage cli
import "os"
func fileExists(filename string) bool {
info, err := os.Stat(filename)
if os.IsNotExist(err) {
return false
}
// We also check if the file might actually be a directory.
return !info.IsDir()
}
07070100000069000081A400000000000000000000000168CB9D63000004FB000000000000000000000000000000000000002600000000grant-0.3.2/tests/cli/version_test.gopackage cli
import (
"os/exec"
"testing"
"github.com/stretchr/testify/assert"
)
// Note main_test.go is used to set up and teardown the tests. This is the entry point for testing and
// responsible for building the most recent version of the grant binary.
func Test_VersionCommand(t *testing.T) {
tests := []struct {
name string
command string
expectedInOutput []string
}{
{
name: "text output",
command: "--version",
expectedInOutput: []string{"[not provided]"},
},
{
name: "long form",
command: "version",
expectedInOutput: []string{
"Application:",
"Version:",
"BuildDate:",
"GitCommit:",
"GitDescription:",
"Platform:",
"GoVersion:",
"Compiler:",
},
},
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
// check if the command is available
cmd := exec.Command(grantTmpPath, test.command)
output, err := cmd.CombinedOutput()
if err != nil {
t.Fatalf("command failed: %v: cmd output: %s", err, string(output))
}
for _, expected := range test.expectedInOutput {
assert.Contains(t, string(output), expected, "expected output: %s not found in command output: %s", expected, string(output))
}
})
}
}
0707010000006A000081A400000000000000000000000168CB9D6300001DA6000000000000000000000000000000000000002600000000grant-0.3.2/tests/integration_test.gopackage tests
import (
"os"
"testing"
"github.com/anchore/grant/grant"
)
func TestIntegration_MinimalConfig(t *testing.T) {
// Load minimal.yaml config
minimalConfigData := `allow:
- MIT
- Apache-2.0
- BSD-*`
policy, err := grant.LoadPolicy([]byte(minimalConfigData))
if err != nil {
t.Fatalf("Failed to load minimal config: %v", err)
}
// Verify policy loaded correctly
if len(policy.Allow) != 3 {
t.Errorf("Expected 3 allowed licenses, got %d", len(policy.Allow))
}
// Test license permission checking
testCases := []struct {
license string
allowed bool
}{
{"MIT", true},
{"Apache-2.0", true},
{"BSD-2-Clause", true},
{"BSD-3-Clause", true},
{"GPL-3.0", false},
{"ISC", false},
}
for _, tc := range testCases {
if got := policy.IsLicensePermitted(tc.license); got != tc.allowed {
t.Errorf("License %s: expected %v, got %v", tc.license, tc.allowed, got)
}
}
}
func TestIntegration_SimplifiedBasicConfig(t *testing.T) {
// Load simplified-basic.yaml config
basicConfigData := `allow:
- MIT
- MIT-*
- Apache-2.0
- Apache-2.0-*
- BSD-2-Clause
- BSD-3-Clause
- BSD-3-Clause-Clear
- ISC
- 0BSD
- Unlicense
- CC0-1.0
ignore-packages:
- github.com/mycompany/*
- "@mycompany/*"
- mycompany-*`
policy, err := grant.LoadPolicy([]byte(basicConfigData))
if err != nil {
t.Fatalf("Failed to load basic config: %v", err)
}
// Test license permissions
licenseTests := []struct {
license string
allowed bool
}{
{"MIT", true},
{"MIT-Modern-Variant", true},
{"Apache-2.0", true},
{"Apache-2.0-with-LLVM-exception", true},
{"BSD-2-Clause", true},
{"BSD-3-Clause", true},
{"ISC", true},
{"0BSD", true},
{"Unlicense", true},
{"CC0-1.0", true},
{"GPL-3.0", false},
{"AGPL-3.0", false},
{"Proprietary", false},
}
for _, tc := range licenseTests {
if got := policy.IsLicensePermitted(tc.license); got != tc.allowed {
t.Errorf("License %s: expected %v, got %v", tc.license, tc.allowed, got)
}
}
// Test package ignore patterns
packageTests := []struct {
packageName string
ignored bool
}{
{"github.com/mycompany/repo", true},
{"github.com/mycompany/deep/nested/repo", true},
{"@mycompany/utils", true},
{"@mycompany/scoped/package", true},
{"mycompany-tools", true},
{"mycompany-internal-lib", true},
{"github.com/other/repo", false},
{"@other/utils", false},
{"some-package", false},
{"github.com/mycompany", false}, // Should not match without trailing slash
}
for _, tc := range packageTests {
if got := policy.IsPackageIgnored(tc.packageName); got != tc.ignored {
t.Errorf("Package %s: expected ignored=%v, got %v", tc.packageName, tc.ignored, got)
}
}
}
func TestIntegration_LoadPolicyFromExamples(t *testing.T) {
// Test loading actual example files
examples := []struct {
name string
path string
}{
{"minimal", "./examples/minimal.yaml"},
{"simplified-basic", "./examples/simplified-basic.yaml"},
}
for _, example := range examples {
t.Run(example.name, func(t *testing.T) {
// Check if file exists
if _, err := os.Stat(example.path); os.IsNotExist(err) {
t.Skipf("Example file %s does not exist, skipping", example.path)
return
}
policy, err := grant.LoadPolicyFromFile(example.path)
if err != nil {
t.Errorf("Failed to load policy from %s: %v", example.path, err)
return
}
// Basic validation that policy loaded correctly
if len(policy.Allow) == 0 {
t.Errorf("Expected non-empty Allow list in %s", example.name)
}
// MIT should be allowed in both example configs
if !policy.IsLicensePermitted("MIT") {
t.Errorf("Expected MIT to be allowed in %s config", example.name)
}
// GPL should be denied in both example configs
if policy.IsLicensePermitted("GPL-3.0") {
t.Errorf("Expected GPL-3.0 to be denied in %s config", example.name)
}
})
}
}
func TestIntegration_EmptyPolicy(t *testing.T) {
// Test with empty policy (should deny everything)
policy, err := grant.LoadPolicy([]byte(``))
if err != nil {
t.Fatalf("Failed to load empty policy: %v", err)
}
// Everything should be denied with empty policy
testLicenses := []string{"MIT", "Apache-2.0", "BSD-2-Clause", "GPL-3.0", ""}
for _, license := range testLicenses {
if policy.IsLicensePermitted(license) {
t.Errorf("Expected license %s to be denied with empty policy", license)
}
}
// No packages should be ignored with empty policy
testPackages := []string{"github.com/any/package", "internal", "test"}
for _, pkg := range testPackages {
if policy.IsPackageIgnored(pkg) {
t.Errorf("Expected package %s to not be ignored with empty policy", pkg)
}
}
}
func TestIntegration_PolicyValidation(t *testing.T) {
// Test various valid and invalid YAML configurations
testCases := []struct {
name string
yaml string
wantErr bool
}{
{
name: "valid minimal config",
yaml: `allow:
- MIT
- Apache-2.0`,
wantErr: false,
},
{
name: "valid config with ignore-packages",
yaml: `allow:
- MIT
ignore-packages:
- internal/*`,
wantErr: false,
},
{
name: "empty config is valid",
yaml: ``,
wantErr: false,
},
{
name: "only allow section",
yaml: `allow:
- MIT`,
wantErr: false,
},
{
name: "only ignore-packages section",
yaml: `ignore-packages:
- internal/*`,
wantErr: false,
},
{
name: "invalid yaml syntax",
yaml: `allow:
- MIT
invalid: [`,
wantErr: true,
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
_, err := grant.LoadPolicy([]byte(tc.yaml))
if (err != nil) != tc.wantErr {
t.Errorf("LoadPolicy() error = %v, wantErr %v", err, tc.wantErr)
}
})
}
}
func TestIntegration_GlobPatterns(t *testing.T) {
policy := &grant.Policy{
Allow: []string{
"MIT",
"Apache-*",
"BSD-*-Clause",
"*GPL*", // Dangerous but valid glob
},
IgnorePackages: []string{
"github.com/company/*",
"@scope/*",
"prefix-*",
"*-suffix",
},
}
// Test license glob patterns
licenseTests := []struct {
license string
allowed bool
}{
// Exact matches
{"MIT", true},
// Apache glob
{"Apache-2.0", true},
{"Apache-1.1", true},
{"Apache-2.0-with-LLVM-exception", true},
// BSD glob
{"BSD-2-Clause", true},
{"BSD-3-Clause", true},
{"BSD-4-Clause", true},
// GPL glob (matches anything with GPL)
{"GPL-2.0", true},
{"GPL-3.0", true},
{"LGPL-2.1", true},
{"AGPL-3.0", true},
// Non-matches
{"ISC", false},
{"Unlicense", false},
{"Custom", false},
}
for _, tc := range licenseTests {
if got := policy.IsLicensePermitted(tc.license); got != tc.allowed {
t.Errorf("License %s: expected %v, got %v", tc.license, tc.allowed, got)
}
}
// Test package ignore glob patterns
packageTests := []struct {
packageName string
ignored bool
}{
// github.com/company/* pattern
{"github.com/company/repo", true},
{"github.com/company/nested/repo", true},
{"github.com/other/repo", false},
{"github.com/company", false},
// @scope/* pattern
{"@scope/package", true},
{"@scope/nested/package", true},
{"@other/package", false},
// prefix-* pattern
{"prefix-tool", true},
{"prefix-anything", true},
{"other-prefix", false},
// *-suffix pattern
{"tool-suffix", true},
{"anything-suffix", true},
{"suffix-other", false},
}
for _, tc := range packageTests {
if got := policy.IsPackageIgnored(tc.packageName); got != tc.ignored {
t.Errorf("Package %s: expected ignored=%v, got %v", tc.packageName, tc.ignored, got)
}
}
}
07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000B00000000TRAILER!!!1873 blocks
