diff --git a/tests/integration/__snapshots__/formatExports.test.ts.snap b/tests/integration/__snapshots__/formatExports.test.ts.snap index 4e06fef3..7deaf259 100644 --- a/tests/integration/__snapshots__/formatExports.test.ts.snap +++ b/tests/integration/__snapshots__/formatExports.test.ts.snap @@ -1,4303 +1,66 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`CycloneDX JSON alpine 1`] = ` -"{ - "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", - "bomFormat": "CycloneDX", - "specVersion": "1.5", - "serialNumber": "redacted", - "version": 1, - "metadata": { - "timestamp": "redacted", - "tools": [ - { - "vendor": "anchore", - "name": "syft", - "version": "redacted" - } - ], - "component": { - "bom-ref": "redacted", - "type": "container", - "name": "localhost:5000/match-coverage/alpine", - "version": "redacted" - } - }, - "components": [ - { - "bom-ref": "redacted", - "type": "library", - "publisher": "A. Wilcox ", - "name": "libvncserver", - "version": "redacted", - "description": "Library to make writing a vnc server easy", - "licenses": [ - { - "license": { - "id": "GPL-2.0-or-later" - } - } - ], - "cpe": "cpe:2.3:a:libvncserver:libvncserver:0.9.9:*:*:*:*:*:*:*", - "purl": "pkg:apk/alpine/libvncserver@0.9.9?arch=x86_64&distro=alpine-3.12.0", - "externalReferences": [ - { - "url": "http://libvncserver.sourceforge.net/", - "type": "distribution" - } - ], - "properties": [ - { - "name": "syft:package:foundBy", - "value": "redacted" - }, - { - "name": "syft:package:type", - "value": "redacted" - }, - { - "name": "syft:package:metadataType", - "value": "redacted" - }, - { - "name": "syft:location:0:layerID", - "value": "redacted" - }, - { - "name": "syft:location:0:path", - "value": "redacted" - }, - { - "name": "syft:metadata:gitCommitOfApkPort", - "value": "redacted" - }, - { - "name": "syft:metadata:installedSize", - "value": "redacted" - }, - { - "name": "syft:metadata:originPackage", - "value": "redacted" - }, - { - "name": "syft:metadata:provides:0", - "value": "redacted" - }, - { - "name": "syft:metadata:provides:1", - "value": "redacted" - }, - { - "name": "syft:metadata:pullChecksum", - "value": "redacted" - }, - { - "name": "syft:metadata:pullDependencies:0", - "value": "redacted" - }, - { - "name": "syft:metadata:pullDependencies:1", - "value": "redacted" - }, - { - "name": "syft:metadata:pullDependencies:2", - "value": "redacted" - }, - { - "name": "syft:metadata:pullDependencies:3", - "value": "redacted" - }, - { - "name": "syft:metadata:pullDependencies:4", - "value": "redacted" - }, - { - "name": "syft:metadata:pullDependencies:5", - "value": "redacted" - }, - { - "name": "syft:metadata:size", - "value": "redacted" - } - ] - }, - { - "type": "operating-system", - "name": "alpine", - "version": "redacted", - "description": "Alpine Linux v3.12", - "swid": { - "tagId": "alpine", - "name": "alpine", - "version": "redacted" - }, - "externalReferences": [ - { - "url": "https://bugs.alpinelinux.org/", - "type": "issue-tracker" - }, - { - "url": "https://alpinelinux.org/", - "type": "website" - } - ], - "properties": [ - { - "name": "syft:distro:id", - "value": "redacted" - }, - { - "name": "syft:distro:prettyName", - "value": "redacted" - }, - { - "name": "syft:distro:versionID", - "value": "redacted" - } - ] - } - ] -} +"{"$schema":"http://cyclonedx.org/schema/bom-1.5.schema.json","bomFormat":"CycloneDX","specVersion":"1.5","serialNumber": "redacted","version":1,"metadata":{"timestamp": "redacted","tools":[{"vendor":"anchore","name":"syft","version": "redacted"}],"component":{"bom-ref": "redacted","type":"container","name":"localhost:5000/match-coverage/alpine","version": "redacted"}},"components":[{"bom-ref": "redacted","type":"library","publisher":"A. Wilcox ","name":"libvncserver","version": "redacted","description":"Library to make writing a vnc server easy","licenses":[{"license":{"id":"GPL-2.0-or-later"}}],"cpe":"cpe:2.3:a:libvncserver:libvncserver:0.9.9:*:*:*:*:*:*:*","purl":"pkg:apk/alpine/libvncserver@0.9.9?arch=x86_64&distro=alpine-3.12.0","externalReferences":[{"url":"http://libvncserver.sourceforge.net/","type":"distribution"}],"properties":[{"name":"syft:package:foundBy","value": "redacted"},{"name":"syft:package:type","value": "redacted"},{"name":"syft:package:metadataType","value": "redacted"},{"name":"syft:location:0:layerID","value": "redacted"},{"name":"syft:location:0:path","value": "redacted"},{"name":"syft:metadata:gitCommitOfApkPort","value": "redacted"},{"name":"syft:metadata:installedSize","value": "redacted"},{"name":"syft:metadata:originPackage","value": "redacted"},{"name":"syft:metadata:provides:0","value": "redacted"},{"name":"syft:metadata:provides:1","value": "redacted"},{"name":"syft:metadata:pullChecksum","value": "redacted"},{"name":"syft:metadata:pullDependencies:0","value": "redacted"},{"name":"syft:metadata:pullDependencies:1","value": "redacted"},{"name":"syft:metadata:pullDependencies:2","value": "redacted"},{"name":"syft:metadata:pullDependencies:3","value": "redacted"},{"name":"syft:metadata:pullDependencies:4","value": "redacted"},{"name":"syft:metadata:pullDependencies:5","value": "redacted"},{"name":"syft:metadata:size","value": "redacted"}]},{"type":"operating-system","name":"alpine","version": "redacted","description":"Alpine Linux v3.12","swid":{"tagId":"alpine","name":"alpine","version": "redacted"},"externalReferences":[{"url":"https://bugs.alpinelinux.org/","type":"issue-tracker"},{"url":"https://alpinelinux.org/","type":"website"}],"properties":[{"name":"syft:distro:id","value": "redacted"},{"name":"syft:distro:prettyName","value": "redacted"},{"name":"syft:distro:versionID","value": "redacted"}]}]} " `; exports[`CycloneDX JSON debian 1`] = ` -"{ - "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", - "bomFormat": "CycloneDX", - "specVersion": "1.5", - "serialNumber": "redacted", - "version": 1, - "metadata": { - "timestamp": "redacted", - "tools": [ - { - "vendor": "anchore", - "name": "syft", - "version": "redacted" - } - ], - "component": { - "bom-ref": "redacted", - "type": "container", - "name": "localhost:5000/match-coverage/debian", - "version": "redacted" - } - }, - "components": [ - { - "bom-ref": "redacted", - "type": "library", - "author": "Georg Brandl ", - "name": "Pygments", - "version": "redacted", - "licenses": [ - { - "license": { - "name": "BSD License" - } - } - ], - "cpe": "cpe:2.3:a:georg_brandl_project:python-Pygments:2.6.1:*:*:*:*:*:*:*", - "purl": "pkg:pypi/Pygments@2.6.1", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "redacted" - }, - { - "name": "syft:package:language", - "value": "redacted" - }, - { - "name": "syft:package:type", - "value": "redacted" - }, - { - "name": "syft:package:metadataType", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:location:0:layerID", - "value": "redacted" - }, - { - "name": "syft:location:0:path", - "value": "redacted" - }, - { - "name": "syft:location:1:layerID", - "value": "redacted" - }, - { - "name": "syft:location:1:path", - "value": "redacted" - } - ] - }, - { - "bom-ref": "redacted", - "type": "library", - "publisher": "APT Development Team ", - "name": "apt", - "version": "redacted", - "cpe": "cpe:2.3:a:apt:apt:1.8.2:*:*:*:*:*:*:*", - "purl": "pkg:deb/debian/apt@1.8.2?arch=amd64&upstream=apt-dev&distro=debian-8", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "redacted" - }, - { - "name": "syft:package:type", - "value": "redacted" - }, - { - "name": "syft:package:metadataType", - "value": "redacted" - }, - { - "name": "syft:location:0:layerID", - "value": "redacted" - }, - { - "name": "syft:location:0:path", - "value": "redacted" - }, - { - "name": "syft:metadata:installedSize", - "value": "redacted" - }, - { - "name": "syft:metadata:source", - "value": "redacted" - } - ] - }, - { - "bom-ref": "redacted", - "type": "library", - "author": "André Arko,Samuel Giddins,Colby Swandale,Hiroshi Shibata,David Rodríguez,Grey Baker,Stephanie Morillo,Chris Morris,James Wen,Tim Moore,André Medeiros,Jessica Lynn Suttles,Terence Lee,Carl Lerche,Yehuda Katz", - "name": "bundler", - "version": "redacted", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "cpe": "cpe:2.3:a:jessica-lynn-suttles:bundler:2.1.4:*:*:*:*:*:*:*", - "purl": "pkg:gem/bundler@2.1.4", - "externalReferences": [ - { - "url": "https://bundler.io", - "type": "website" - } - ], - "properties": [ - { - "name": "syft:package:foundBy", - "value": "redacted" - }, - { - "name": "syft:package:language", - "value": "redacted" - }, - { - "name": "syft:package:type", - "value": "redacted" - }, - { - "name": "syft:package:metadataType", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:location:0:layerID", - "value": "redacted" - }, - { - "name": "syft:location:0:path", - "value": "redacted" - } - ] - }, - { - "bom-ref": "redacted", - "type": "library", - "group": "org.anchore", - "name": "example-java-app-maven", - "version": "redacted", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "cpe": "cpe:2.3:a:example-java-app-maven:example-java-app-maven:0.1.0:*:*:*:*:*:*:*", - "purl": "pkg:maven/org.anchore/example-java-app-maven@0.1.0", - "externalReferences": [ - { - "url": "", - "hashes": [ - { - "alg": "SHA-1", - "content": "100b566a7dcdb187bf9f14ecd96427cadd535bfe" - } - ], - "type": "build-meta" - } - ], - "properties": [ - { - "name": "syft:package:foundBy", - "value": "redacted" - }, - { - "name": "syft:package:language", - "value": "redacted" - }, - { - "name": "syft:package:type", - "value": "redacted" - }, - { - "name": "syft:package:metadataType", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:location:0:layerID", - "value": "redacted" - }, - { - "name": "syft:location:0:path", - "value": "redacted" - }, - { - "name": "syft:metadata:-:artifactID", - "value": "redacted" - }, - { - "name": "syft:metadata:-:groupID", - "value": "redacted" - }, - { - "name": "syft:metadata:virtualPath", - "value": "redacted" - } - ] - }, - { - "bom-ref": "redacted", - "type": "library", - "group": "joda-time", - "name": "joda-time", - "version": "redacted", - "licenses": [ - { - "license": { - "name": "Apache 2", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - } - } - ], - "cpe": "cpe:2.3:a:joda-time:joda-time:2.9.2:*:*:*:*:*:*:*", - "purl": "pkg:maven/joda-time/joda-time@2.9.2", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "redacted" - }, - { - "name": "syft:package:language", - "value": "redacted" - }, - { - "name": "syft:package:type", - "value": "redacted" - }, - { - "name": "syft:package:metadataType", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:location:0:layerID", - "value": "redacted" - }, - { - "name": "syft:location:0:path", - "value": "redacted" - }, - { - "name": "syft:metadata:-:artifactID", - "value": "redacted" - }, - { - "name": "syft:metadata:-:groupID", - "value": "redacted" - }, - { - "name": "syft:metadata:virtualPath", - "value": "redacted" - } - ] - }, - { - "bom-ref": "redacted", - "type": "library", - "author": "Isaac Z. Schlueter (http://blog.izs.me)", - "name": "npm", - "version": "redacted", - "description": "a package manager for JavaScript", - "licenses": [ - { - "license": { - "id": "Artistic-2.0" - } - } - ], - "cpe": "cpe:2.3:a:node_packaged_modules_project:node_packaged_modules:6.14.6:*:*:*:*:node.js:*:*", - "purl": "pkg:npm/npm@6.14.6", - "externalReferences": [ - { - "url": "https://github.com/npm/cli", - "type": "distribution" - }, - { - "url": "https://docs.npmjs.com/", - "type": "website" - } - ], - "properties": [ - { - "name": "syft:package:foundBy", - "value": "redacted" - }, - { - "name": "syft:package:language", - "value": "redacted" - }, - { - "name": "syft:package:type", - "value": "redacted" - }, - { - "name": "syft:package:metadataType", - "value": "redacted" - }, - { - "name": "syft:location:0:layerID", - "value": "redacted" - }, - { - "name": "syft:location:0:path", - "value": "redacted" - } - ] - }, - { - "type": "operating-system", - "name": "debian", - "version": "redacted", - "description": "Debian GNU/Linux 8 (jessie)", - "swid": { - "tagId": "debian", - "name": "debian", - "version": "redacted" - }, - "externalReferences": [ - { - "url": "https://bugs.debian.org/", - "type": "issue-tracker" - }, - { - "url": "http://www.debian.org/", - "type": "website" - }, - { - "url": "http://www.debian.org/support", - "comment": "support", - "type": "other" - } - ], - "properties": [ - { - "name": "syft:distro:id", - "value": "redacted" - }, - { - "name": "syft:distro:prettyName", - "value": "redacted" - }, - { - "name": "syft:distro:versionID", - "value": "redacted" - } - ] - } - ] -} +"{"$schema":"http://cyclonedx.org/schema/bom-1.5.schema.json","bomFormat":"CycloneDX","specVersion":"1.5","serialNumber": "redacted","version":1,"metadata":{"timestamp": "redacted","tools":[{"vendor":"anchore","name":"syft","version": "redacted"}],"component":{"bom-ref": "redacted","type":"container","name":"localhost:5000/match-coverage/debian","version": "redacted"}},"components":[{"bom-ref": "redacted","type":"library","author":"Georg Brandl ","name":"Pygments","version": "redacted","licenses":[{"license":{"name":"BSD License"}}],"cpe":"cpe:2.3:a:georg_brandl_project:python-Pygments:2.6.1:*:*:*:*:*:*:*","purl":"pkg:pypi/Pygments@2.6.1","properties":[{"name":"syft:package:foundBy","value": "redacted"},{"name":"syft:package:language","value": "redacted"},{"name":"syft:package:type","value": "redacted"},{"name":"syft:package:metadataType","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:location:0:layerID","value": "redacted"},{"name":"syft:location:0:path","value": "redacted"},{"name":"syft:location:1:layerID","value": "redacted"},{"name":"syft:location:1:path","value": "redacted"}]},{"bom-ref": "redacted","type":"library","publisher":"APT Development Team ","name":"apt","version": "redacted","cpe":"cpe:2.3:a:apt:apt:1.8.2:*:*:*:*:*:*:*","purl":"pkg:deb/debian/apt@1.8.2?arch=amd64&upstream=apt-dev&distro=debian-8","properties":[{"name":"syft:package:foundBy","value": "redacted"},{"name":"syft:package:type","value": "redacted"},{"name":"syft:package:metadataType","value": "redacted"},{"name":"syft:location:0:layerID","value": "redacted"},{"name":"syft:location:0:path","value": "redacted"},{"name":"syft:metadata:installedSize","value": "redacted"},{"name":"syft:metadata:source","value": "redacted"}]},{"bom-ref": "redacted","type":"library","author":"André Arko,Samuel Giddins,Colby Swandale,Hiroshi Shibata,David Rodríguez,Grey Baker,Stephanie Morillo,Chris Morris,James Wen,Tim Moore,André Medeiros,Jessica Lynn Suttles,Terence Lee,Carl Lerche,Yehuda Katz","name":"bundler","version": "redacted","licenses":[{"license":{"id":"MIT"}}],"cpe":"cpe:2.3:a:jessica-lynn-suttles:bundler:2.1.4:*:*:*:*:*:*:*","purl":"pkg:gem/bundler@2.1.4","externalReferences":[{"url":"https://bundler.io","type":"website"}],"properties":[{"name":"syft:package:foundBy","value": "redacted"},{"name":"syft:package:language","value": "redacted"},{"name":"syft:package:type","value": "redacted"},{"name":"syft:package:metadataType","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:location:0:layerID","value": "redacted"},{"name":"syft:location:0:path","value": "redacted"}]},{"bom-ref": "redacted","type":"library","group":"org.anchore","name":"example-java-app-maven","version": "redacted","licenses":[{"license":{"id":"Apache-2.0"}}],"cpe":"cpe:2.3:a:example-java-app-maven:example-java-app-maven:0.1.0:*:*:*:*:*:*:*","purl":"pkg:maven/org.anchore/example-java-app-maven@0.1.0","externalReferences":[{"url":"","hashes":[{"alg":"SHA-1","content":"100b566a7dcdb187bf9f14ecd96427cadd535bfe"}],"type":"build-meta"}],"properties":[{"name":"syft:package:foundBy","value": "redacted"},{"name":"syft:package:language","value": "redacted"},{"name":"syft:package:type","value": "redacted"},{"name":"syft:package:metadataType","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:location:0:layerID","value": "redacted"},{"name":"syft:location:0:path","value": "redacted"},{"name":"syft:metadata:-:artifactID","value": "redacted"},{"name":"syft:metadata:-:groupID","value": "redacted"},{"name":"syft:metadata:virtualPath","value": "redacted"}]},{"bom-ref": "redacted","type":"library","group":"joda-time","name":"joda-time","version": "redacted","licenses":[{"license":{"name":"Apache 2","url":"http://www.apache.org/licenses/LICENSE-2.0.txt"}}],"cpe":"cpe:2.3:a:joda-time:joda-time:2.9.2:*:*:*:*:*:*:*","purl":"pkg:maven/joda-time/joda-time@2.9.2","properties":[{"name":"syft:package:foundBy","value": "redacted"},{"name":"syft:package:language","value": "redacted"},{"name":"syft:package:type","value": "redacted"},{"name":"syft:package:metadataType","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:location:0:layerID","value": "redacted"},{"name":"syft:location:0:path","value": "redacted"},{"name":"syft:metadata:-:artifactID","value": "redacted"},{"name":"syft:metadata:-:groupID","value": "redacted"},{"name":"syft:metadata:virtualPath","value": "redacted"}]},{"bom-ref": "redacted","type":"library","author":"Isaac Z. Schlueter (http://blog.izs.me)","name":"npm","version": "redacted","description":"a package manager for JavaScript","licenses":[{"license":{"id":"Artistic-2.0"}}],"cpe":"cpe:2.3:a:node_packaged_modules_project:node_packaged_modules:6.14.6:*:*:*:*:node.js:*:*","purl":"pkg:npm/npm@6.14.6","externalReferences":[{"url":"https://github.com/npm/cli","type":"distribution"},{"url":"https://docs.npmjs.com/","type":"website"}],"properties":[{"name":"syft:package:foundBy","value": "redacted"},{"name":"syft:package:language","value": "redacted"},{"name":"syft:package:type","value": "redacted"},{"name":"syft:package:metadataType","value": "redacted"},{"name":"syft:location:0:layerID","value": "redacted"},{"name":"syft:location:0:path","value": "redacted"}]},{"type":"operating-system","name":"debian","version": "redacted","description":"Debian GNU/Linux 8 (jessie)","swid":{"tagId":"debian","name":"debian","version": "redacted"},"externalReferences":[{"url":"https://bugs.debian.org/","type":"issue-tracker"},{"url":"http://www.debian.org/","type":"website"},{"url":"http://www.debian.org/support","comment":"support","type":"other"}],"properties":[{"name":"syft:distro:id","value": "redacted"},{"name":"syft:distro:prettyName","value": "redacted"},{"name":"syft:distro:versionID","value": "redacted"}]}]} " `; exports[`CycloneDX JSON npm 1`] = ` -"{ - "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", - "bomFormat": "CycloneDX", - "specVersion": "1.5", - "serialNumber": "redacted", - "version": 1, - "metadata": { - "timestamp": "redacted", - "tools": [ - { - "vendor": "anchore", - "name": "syft", - "version": "redacted" - } - ], - "component": { - "bom-ref": "redacted", - "type": "file", - "name": "tests/fixtures/npm-project" - } - }, - "components": [ - { - "bom-ref": "redacted", - "type": "library", - "name": "chownr", - "version": "redacted", - "cpe": "cpe:2.3:a:chownr:chownr:2.0.0:*:*:*:*:*:*:*", - "purl": "pkg:npm/chownr@2.0.0", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "redacted" - }, - { - "name": "syft:package:language", - "value": "redacted" - }, - { - "name": "syft:package:type", - "value": "redacted" - }, - { - "name": "syft:package:metadataType", - "value": "redacted" - }, - { - "name": "syft:location:0:path", - "value": "redacted" - } - ] - }, - { - "bom-ref": "redacted", - "type": "library", - "name": "fs-minipass", - "version": "redacted", - "cpe": "cpe:2.3:a:fs-minipass:fs-minipass:2.1.0:*:*:*:*:*:*:*", - "purl": "pkg:npm/fs-minipass@2.1.0", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "redacted" - }, - { - "name": "syft:package:language", - "value": "redacted" - }, - { - "name": "syft:package:type", - "value": "redacted" - }, - { - "name": "syft:package:metadataType", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:location:0:path", - "value": "redacted" - } - ] - }, - { - "bom-ref": "redacted", - "type": "library", - "name": "js-tokens", - "version": "redacted", - "cpe": "cpe:2.3:a:js-tokens:js-tokens:4.0.0:*:*:*:*:*:*:*", - "purl": "pkg:npm/js-tokens@4.0.0", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "redacted" - }, - { - "name": "syft:package:language", - "value": "redacted" - }, - { - "name": "syft:package:type", - "value": "redacted" - }, - { - "name": "syft:package:metadataType", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:location:0:path", - "value": "redacted" - } - ] - }, - { - "bom-ref": "redacted", - "type": "library", - "name": "loose-envify", - "version": "redacted", - "cpe": "cpe:2.3:a:loose-envify:loose-envify:1.4.0:*:*:*:*:*:*:*", - "purl": "pkg:npm/loose-envify@1.4.0", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "redacted" - }, - { - "name": "syft:package:language", - "value": "redacted" - }, - { - "name": "syft:package:type", - "value": "redacted" - }, - { - "name": "syft:package:metadataType", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:location:0:path", - "value": "redacted" - } - ] - }, - { - "bom-ref": "redacted", - "type": "library", - "name": "minipass", - "version": "redacted", - "cpe": "cpe:2.3:a:minipass:minipass:3.1.3:*:*:*:*:*:*:*", - "purl": "pkg:npm/minipass@3.1.3", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "redacted" - }, - { - "name": "syft:package:language", - "value": "redacted" - }, - { - "name": "syft:package:type", - "value": "redacted" - }, - { - "name": "syft:package:metadataType", - "value": "redacted" - }, - { - "name": "syft:location:0:path", - "value": "redacted" - } - ] - }, - { - "bom-ref": "redacted", - "type": "library", - "name": "minizlib", - "version": "redacted", - "cpe": "cpe:2.3:a:minizlib:minizlib:2.1.2:*:*:*:*:*:*:*", - "purl": "pkg:npm/minizlib@2.1.2", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "redacted" - }, - { - "name": "syft:package:language", - "value": "redacted" - }, - { - "name": "syft:package:type", - "value": "redacted" - }, - { - "name": "syft:package:metadataType", - "value": "redacted" - }, - { - "name": "syft:location:0:path", - "value": "redacted" - } - ] - }, - { - "bom-ref": "redacted", - "type": "library", - "name": "mkdirp", - "version": "redacted", - "cpe": "cpe:2.3:a:mkdirp:mkdirp:1.0.4:*:*:*:*:*:*:*", - "purl": "pkg:npm/mkdirp@1.0.4", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "redacted" - }, - { - "name": "syft:package:language", - "value": "redacted" - }, - { - "name": "syft:package:type", - "value": "redacted" - }, - { - "name": "syft:package:metadataType", - "value": "redacted" - }, - { - "name": "syft:location:0:path", - "value": "redacted" - } - ] - }, - { - "bom-ref": "redacted", - "type": "library", - "name": "object-assign", - "version": "redacted", - "cpe": "cpe:2.3:a:object-assign:object-assign:4.1.1:*:*:*:*:*:*:*", - "purl": "pkg:npm/object-assign@4.1.1", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "redacted" - }, - { - "name": "syft:package:language", - "value": "redacted" - }, - { - "name": "syft:package:type", - "value": "redacted" - }, - { - "name": "syft:package:metadataType", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:location:0:path", - "value": "redacted" - } - ] - }, - { - "bom-ref": "redacted", - "type": "library", - "name": "prop-types", - "version": "redacted", - "cpe": "cpe:2.3:a:prop-types:prop-types:15.7.2:*:*:*:*:*:*:*", - "purl": "pkg:npm/prop-types@15.7.2", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "redacted" - }, - { - "name": "syft:package:language", - "value": "redacted" - }, - { - "name": "syft:package:type", - "value": "redacted" - }, - { - "name": "syft:package:metadataType", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:location:0:path", - "value": "redacted" - } - ] - }, - { - "bom-ref": "redacted", - "type": "library", - "name": "react", - "version": "redacted", - "cpe": "cpe:2.3:a:react:react:16.14.0:*:*:*:*:*:*:*", - "purl": "pkg:npm/react@16.14.0", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "redacted" - }, - { - "name": "syft:package:language", - "value": "redacted" - }, - { - "name": "syft:package:type", - "value": "redacted" - }, - { - "name": "syft:package:metadataType", - "value": "redacted" - }, - { - "name": "syft:location:0:path", - "value": "redacted" - } - ] - }, - { - "bom-ref": "redacted", - "type": "library", - "name": "react-is", - "version": "redacted", - "cpe": "cpe:2.3:a:react-is:react-is:16.13.1:*:*:*:*:*:*:*", - "purl": "pkg:npm/react-is@16.13.1", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "redacted" - }, - { - "name": "syft:package:language", - "value": "redacted" - }, - { - "name": "syft:package:type", - "value": "redacted" - }, - { - "name": "syft:package:metadataType", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:location:0:path", - "value": "redacted" - } - ] - }, - { - "bom-ref": "redacted", - "type": "library", - "name": "tar", - "version": "redacted", - "cpe": "cpe:2.3:a:tar_project:tar:6.1.0:*:*:*:*:node.js:*:*", - "purl": "pkg:npm/tar@6.1.0", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "redacted" - }, - { - "name": "syft:package:language", - "value": "redacted" - }, - { - "name": "syft:package:type", - "value": "redacted" - }, - { - "name": "syft:package:metadataType", - "value": "redacted" - }, - { - "name": "syft:location:0:path", - "value": "redacted" - } - ] - }, - { - "bom-ref": "redacted", - "type": "library", - "name": "yallist", - "version": "redacted", - "cpe": "cpe:2.3:a:yallist:yallist:4.0.0:*:*:*:*:*:*:*", - "purl": "pkg:npm/yallist@4.0.0", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "redacted" - }, - { - "name": "syft:package:language", - "value": "redacted" - }, - { - "name": "syft:package:type", - "value": "redacted" - }, - { - "name": "syft:package:metadataType", - "value": "redacted" - }, - { - "name": "syft:location:0:path", - "value": "redacted" - } - ] - } - ] -} +"{"$schema":"http://cyclonedx.org/schema/bom-1.5.schema.json","bomFormat":"CycloneDX","specVersion":"1.5","serialNumber": "redacted","version":1,"metadata":{"timestamp": "redacted","tools":[{"vendor":"anchore","name":"syft","version": "redacted"}],"component":{"bom-ref": "redacted","type":"file","name":"tests/fixtures/npm-project"}},"components":[{"bom-ref": "redacted","type":"library","name":"chownr","version": "redacted","cpe":"cpe:2.3:a:chownr:chownr:2.0.0:*:*:*:*:*:*:*","purl":"pkg:npm/chownr@2.0.0","properties":[{"name":"syft:package:foundBy","value": "redacted"},{"name":"syft:package:language","value": "redacted"},{"name":"syft:package:type","value": "redacted"},{"name":"syft:package:metadataType","value": "redacted"},{"name":"syft:location:0:path","value": "redacted"}]},{"bom-ref": "redacted","type":"library","name":"fs-minipass","version": "redacted","cpe":"cpe:2.3:a:fs-minipass:fs-minipass:2.1.0:*:*:*:*:*:*:*","purl":"pkg:npm/fs-minipass@2.1.0","properties":[{"name":"syft:package:foundBy","value": "redacted"},{"name":"syft:package:language","value": "redacted"},{"name":"syft:package:type","value": "redacted"},{"name":"syft:package:metadataType","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:location:0:path","value": "redacted"}]},{"bom-ref": "redacted","type":"library","name":"js-tokens","version": "redacted","cpe":"cpe:2.3:a:js-tokens:js-tokens:4.0.0:*:*:*:*:*:*:*","purl":"pkg:npm/js-tokens@4.0.0","properties":[{"name":"syft:package:foundBy","value": "redacted"},{"name":"syft:package:language","value": "redacted"},{"name":"syft:package:type","value": "redacted"},{"name":"syft:package:metadataType","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:location:0:path","value": "redacted"}]},{"bom-ref": "redacted","type":"library","name":"loose-envify","version": "redacted","cpe":"cpe:2.3:a:loose-envify:loose-envify:1.4.0:*:*:*:*:*:*:*","purl":"pkg:npm/loose-envify@1.4.0","properties":[{"name":"syft:package:foundBy","value": "redacted"},{"name":"syft:package:language","value": "redacted"},{"name":"syft:package:type","value": "redacted"},{"name":"syft:package:metadataType","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:location:0:path","value": "redacted"}]},{"bom-ref": "redacted","type":"library","name":"minipass","version": "redacted","cpe":"cpe:2.3:a:minipass:minipass:3.1.3:*:*:*:*:*:*:*","purl":"pkg:npm/minipass@3.1.3","properties":[{"name":"syft:package:foundBy","value": "redacted"},{"name":"syft:package:language","value": "redacted"},{"name":"syft:package:type","value": "redacted"},{"name":"syft:package:metadataType","value": "redacted"},{"name":"syft:location:0:path","value": "redacted"}]},{"bom-ref": "redacted","type":"library","name":"minizlib","version": "redacted","cpe":"cpe:2.3:a:minizlib:minizlib:2.1.2:*:*:*:*:*:*:*","purl":"pkg:npm/minizlib@2.1.2","properties":[{"name":"syft:package:foundBy","value": "redacted"},{"name":"syft:package:language","value": "redacted"},{"name":"syft:package:type","value": "redacted"},{"name":"syft:package:metadataType","value": "redacted"},{"name":"syft:location:0:path","value": "redacted"}]},{"bom-ref": "redacted","type":"library","name":"mkdirp","version": "redacted","cpe":"cpe:2.3:a:mkdirp:mkdirp:1.0.4:*:*:*:*:*:*:*","purl":"pkg:npm/mkdirp@1.0.4","properties":[{"name":"syft:package:foundBy","value": "redacted"},{"name":"syft:package:language","value": "redacted"},{"name":"syft:package:type","value": "redacted"},{"name":"syft:package:metadataType","value": "redacted"},{"name":"syft:location:0:path","value": "redacted"}]},{"bom-ref": "redacted","type":"library","name":"object-assign","version": "redacted","cpe":"cpe:2.3:a:object-assign:object-assign:4.1.1:*:*:*:*:*:*:*","purl":"pkg:npm/object-assign@4.1.1","properties":[{"name":"syft:package:foundBy","value": "redacted"},{"name":"syft:package:language","value": "redacted"},{"name":"syft:package:type","value": "redacted"},{"name":"syft:package:metadataType","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:location:0:path","value": "redacted"}]},{"bom-ref": "redacted","type":"library","name":"prop-types","version": "redacted","cpe":"cpe:2.3:a:prop-types:prop-types:15.7.2:*:*:*:*:*:*:*","purl":"pkg:npm/prop-types@15.7.2","properties":[{"name":"syft:package:foundBy","value": "redacted"},{"name":"syft:package:language","value": "redacted"},{"name":"syft:package:type","value": "redacted"},{"name":"syft:package:metadataType","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:location:0:path","value": "redacted"}]},{"bom-ref": "redacted","type":"library","name":"react","version": "redacted","cpe":"cpe:2.3:a:react:react:16.14.0:*:*:*:*:*:*:*","purl":"pkg:npm/react@16.14.0","properties":[{"name":"syft:package:foundBy","value": "redacted"},{"name":"syft:package:language","value": "redacted"},{"name":"syft:package:type","value": "redacted"},{"name":"syft:package:metadataType","value": "redacted"},{"name":"syft:location:0:path","value": "redacted"}]},{"bom-ref": "redacted","type":"library","name":"react-is","version": "redacted","cpe":"cpe:2.3:a:react-is:react-is:16.13.1:*:*:*:*:*:*:*","purl":"pkg:npm/react-is@16.13.1","properties":[{"name":"syft:package:foundBy","value": "redacted"},{"name":"syft:package:language","value": "redacted"},{"name":"syft:package:type","value": "redacted"},{"name":"syft:package:metadataType","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:location:0:path","value": "redacted"}]},{"bom-ref": "redacted","type":"library","name":"tar","version": "redacted","cpe":"cpe:2.3:a:tar_project:tar:6.1.0:*:*:*:*:node.js:*:*","purl":"pkg:npm/tar@6.1.0","properties":[{"name":"syft:package:foundBy","value": "redacted"},{"name":"syft:package:language","value": "redacted"},{"name":"syft:package:type","value": "redacted"},{"name":"syft:package:metadataType","value": "redacted"},{"name":"syft:location:0:path","value": "redacted"}]},{"bom-ref": "redacted","type":"library","name":"yallist","version": "redacted","cpe":"cpe:2.3:a:yallist:yallist:4.0.0:*:*:*:*:*:*:*","purl":"pkg:npm/yallist@4.0.0","properties":[{"name":"syft:package:foundBy","value": "redacted"},{"name":"syft:package:language","value": "redacted"},{"name":"syft:package:type","value": "redacted"},{"name":"syft:package:metadataType","value": "redacted"},{"name":"syft:location:0:path","value": "redacted"}]}]} " `; exports[`CycloneDX JSON yarn 1`] = ` -"{ - "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", - "bomFormat": "CycloneDX", - "specVersion": "1.5", - "serialNumber": "redacted", - "version": 1, - "metadata": { - "timestamp": "redacted", - "tools": [ - { - "vendor": "anchore", - "name": "syft", - "version": "redacted" - } - ], - "component": { - "bom-ref": "redacted", - "type": "file", - "name": "tests/fixtures/yarn-project" - } - }, - "components": [ - { - "bom-ref": "redacted", - "type": "library", - "name": "js-tokens", - "version": "redacted", - "cpe": "cpe:2.3:a:js-tokens:js-tokens:4.0.0:*:*:*:*:*:*:*", - "purl": "pkg:npm/js-tokens@4.0.0", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "redacted" - }, - { - "name": "syft:package:language", - "value": "redacted" - }, - { - "name": "syft:package:type", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:location:0:path", - "value": "redacted" - } - ] - }, - { - "bom-ref": "redacted", - "type": "library", - "name": "loose-envify", - "version": "redacted", - "cpe": "cpe:2.3:a:loose-envify:loose-envify:1.4.0:*:*:*:*:*:*:*", - "purl": "pkg:npm/loose-envify@1.4.0", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "redacted" - }, - { - "name": "syft:package:language", - "value": "redacted" - }, - { - "name": "syft:package:type", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:location:0:path", - "value": "redacted" - } - ] - }, - { - "bom-ref": "redacted", - "type": "library", - "name": "object-assign", - "version": "redacted", - "cpe": "cpe:2.3:a:object-assign:object-assign:4.1.1:*:*:*:*:*:*:*", - "purl": "pkg:npm/object-assign@4.1.1", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "redacted" - }, - { - "name": "syft:package:language", - "value": "redacted" - }, - { - "name": "syft:package:type", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:location:0:path", - "value": "redacted" - } - ] - }, - { - "bom-ref": "redacted", - "type": "library", - "name": "prop-types", - "version": "redacted", - "cpe": "cpe:2.3:a:prop-types:prop-types:15.7.2:*:*:*:*:*:*:*", - "purl": "pkg:npm/prop-types@15.7.2", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "redacted" - }, - { - "name": "syft:package:language", - "value": "redacted" - }, - { - "name": "syft:package:type", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:location:0:path", - "value": "redacted" - } - ] - }, - { - "bom-ref": "redacted", - "type": "library", - "name": "react", - "version": "redacted", - "cpe": "cpe:2.3:a:react:react:16.14.0:*:*:*:*:*:*:*", - "purl": "pkg:npm/react@16.14.0", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "redacted" - }, - { - "name": "syft:package:language", - "value": "redacted" - }, - { - "name": "syft:package:type", - "value": "redacted" - }, - { - "name": "syft:location:0:path", - "value": "redacted" - } - ] - }, - { - "bom-ref": "redacted", - "type": "library", - "name": "react-is", - "version": "redacted", - "cpe": "cpe:2.3:a:react-is:react-is:16.13.1:*:*:*:*:*:*:*", - "purl": "pkg:npm/react-is@16.13.1", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "redacted" - }, - { - "name": "syft:package:language", - "value": "redacted" - }, - { - "name": "syft:package:type", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:cpe23", - "value": "redacted" - }, - { - "name": "syft:location:0:path", - "value": "redacted" - } - ] - }, - { - "bom-ref": "redacted", - "type": "library", - "name": "trim", - "version": "redacted", - "cpe": "cpe:2.3:a:trim:trim:0.0.2:*:*:*:*:*:*:*", - "purl": "pkg:npm/trim@0.0.2", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "redacted" - }, - { - "name": "syft:package:language", - "value": "redacted" - }, - { - "name": "syft:package:type", - "value": "redacted" - }, - { - "name": "syft:location:0:path", - "value": "redacted" - } - ] - } - ] -} +"{"$schema":"http://cyclonedx.org/schema/bom-1.5.schema.json","bomFormat":"CycloneDX","specVersion":"1.5","serialNumber": "redacted","version":1,"metadata":{"timestamp": "redacted","tools":[{"vendor":"anchore","name":"syft","version": "redacted"}],"component":{"bom-ref": "redacted","type":"file","name":"tests/fixtures/yarn-project"}},"components":[{"bom-ref": "redacted","type":"library","name":"js-tokens","version": "redacted","cpe":"cpe:2.3:a:js-tokens:js-tokens:4.0.0:*:*:*:*:*:*:*","purl":"pkg:npm/js-tokens@4.0.0","properties":[{"name":"syft:package:foundBy","value": "redacted"},{"name":"syft:package:language","value": "redacted"},{"name":"syft:package:type","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:location:0:path","value": "redacted"}]},{"bom-ref": "redacted","type":"library","name":"loose-envify","version": "redacted","cpe":"cpe:2.3:a:loose-envify:loose-envify:1.4.0:*:*:*:*:*:*:*","purl":"pkg:npm/loose-envify@1.4.0","properties":[{"name":"syft:package:foundBy","value": "redacted"},{"name":"syft:package:language","value": "redacted"},{"name":"syft:package:type","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:location:0:path","value": "redacted"}]},{"bom-ref": "redacted","type":"library","name":"object-assign","version": "redacted","cpe":"cpe:2.3:a:object-assign:object-assign:4.1.1:*:*:*:*:*:*:*","purl":"pkg:npm/object-assign@4.1.1","properties":[{"name":"syft:package:foundBy","value": "redacted"},{"name":"syft:package:language","value": "redacted"},{"name":"syft:package:type","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:location:0:path","value": "redacted"}]},{"bom-ref": "redacted","type":"library","name":"prop-types","version": "redacted","cpe":"cpe:2.3:a:prop-types:prop-types:15.7.2:*:*:*:*:*:*:*","purl":"pkg:npm/prop-types@15.7.2","properties":[{"name":"syft:package:foundBy","value": "redacted"},{"name":"syft:package:language","value": "redacted"},{"name":"syft:package:type","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:location:0:path","value": "redacted"}]},{"bom-ref": "redacted","type":"library","name":"react","version": "redacted","cpe":"cpe:2.3:a:react:react:16.14.0:*:*:*:*:*:*:*","purl":"pkg:npm/react@16.14.0","properties":[{"name":"syft:package:foundBy","value": "redacted"},{"name":"syft:package:language","value": "redacted"},{"name":"syft:package:type","value": "redacted"},{"name":"syft:location:0:path","value": "redacted"}]},{"bom-ref": "redacted","type":"library","name":"react-is","version": "redacted","cpe":"cpe:2.3:a:react-is:react-is:16.13.1:*:*:*:*:*:*:*","purl":"pkg:npm/react-is@16.13.1","properties":[{"name":"syft:package:foundBy","value": "redacted"},{"name":"syft:package:language","value": "redacted"},{"name":"syft:package:type","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:cpe23","value": "redacted"},{"name":"syft:location:0:path","value": "redacted"}]},{"bom-ref": "redacted","type":"library","name":"trim","version": "redacted","cpe":"cpe:2.3:a:trim:trim:0.0.2:*:*:*:*:*:*:*","purl":"pkg:npm/trim@0.0.2","properties":[{"name":"syft:package:foundBy","value": "redacted"},{"name":"syft:package:language","value": "redacted"},{"name":"syft:package:type","value": "redacted"},{"name":"syft:location:0:path","value": "redacted"}]}]} " `; exports[`CycloneDX XML alpine 1`] = ` " - - - - - - anchore - syft - - - - - localhost:5000/match-coverage/alpine - - - - - - A. Wilcox <awilfox@adelielinux.org> - libvncserver - - Library to make writing a vnc server easy - - - GPL-2.0-or-later - - - cpe:2.3:a:libvncserver:libvncserver:0.9.9:*:*:*:*:*:*:* - pkg:apk/alpine/libvncserver@0.9.9?arch=x86_64&distro=alpine-3.12.0 - - - http://libvncserver.sourceforge.net/ - - - - apk-db-cataloger - apk - apk-db-entry - - - bf1ec813f662f128fc6b70f37ef1c0474bb24488 - 389120 - libvncserver - so:libvncclient.so.1=1.0.0 - so:libvncserver.so.1=1.0.0 - Q1z0MwWQKfva+S+q7XmOBYFfQgW/k= - so:libc.musl-x86_64.so.1 - so:libgcrypt.so.20 - so:libgnutls.so.30 - so:libjpeg.so.8 - so:libpng16.so.16 - so:libz.so.1 - 166239 - - - - alpine - - Alpine Linux v3.12 - - - - https://bugs.alpinelinux.org/ - - - https://alpinelinux.org/ - - - - alpine - Alpine Linux v3.12 - 3.12.0 - - - - +anchoresyftlocalhost:5000/match-coverage/alpineA. Wilcox <awilfox@adelielinux.org>libvncserverLibrary to make writing a vnc server easyGPL-2.0-or-latercpe:2.3:a:libvncserver:libvncserver:0.9.9:*:*:*:*:*:*:*pkg:apk/alpine/libvncserver@0.9.9?arch=x86_64&distro=alpine-3.12.0http://libvncserver.sourceforge.net/apk-db-catalogerapkapk-db-entrybf1ec813f662f128fc6b70f37ef1c0474bb24488389120libvncserverso:libvncclient.so.1=1.0.0so:libvncserver.so.1=1.0.0Q1z0MwWQKfva+S+q7XmOBYFfQgW/k=so:libc.musl-x86_64.so.1so:libgcrypt.so.20so:libgnutls.so.30so:libjpeg.so.8so:libpng16.so.16so:libz.so.1166239alpineAlpine Linux v3.12https://bugs.alpinelinux.org/https://alpinelinux.org/alpineAlpine Linux v3.123.12.0 " `; exports[`CycloneDX XML debian 1`] = ` " - - - - - - anchore - syft - - - - - localhost:5000/match-coverage/debian - - - - - - Georg Brandl <georg@python.org> - Pygments - - - - BSD License - - - cpe:2.3:a:georg_brandl_project:python-Pygments:2.6.1:*:*:*:*:*:*:* - pkg:pypi/Pygments@2.6.1 - - python-installed-package-cataloger - python - python - python-package - cpe:2.3:a:georg_brandl_project:python_Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georg_brandlproject:python-Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georg_brandlproject:python_Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:python-Pygments:python-Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:python-Pygments:python_Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:python_Pygments:python-Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:python_Pygments:python_Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georg_brandl_project:Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georg_project:python-Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georg_project:python_Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georg_brandl:python-Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georg_brandl:python_Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georg_brandlproject:Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georgproject:python-Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georgproject:python_Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:Pygments:python-Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:Pygments:python_Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:python-Pygments:Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:python_Pygments:Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georg_project:Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:python:python-Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:python:python_Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georg:python-Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georg:python_Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georg_brandl:Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georgproject:Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:Pygments:Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:python:Pygments:2.6.1:*:*:*:*:*:*:* - cpe:2.3:a:georg:Pygments:2.6.1:*:*:*:*:*:*:* - - - - - - - - APT Development Team <deity@lists.debian.org> - apt - - cpe:2.3:a:apt:apt:1.8.2:*:*:*:*:*:*:* - pkg:deb/debian/apt@1.8.2?arch=amd64&upstream=apt-dev&distro=debian-8 - - dpkg-db-cataloger - deb - dpkg-db-entry - - - 4064 - apt-dev - - - - André Arko,Samuel Giddins,Colby Swandale,Hiroshi Shibata,David Rodríguez,Grey Baker,Stephanie Morillo,Chris Morris,James Wen,Tim Moore,André Medeiros,Jessica Lynn Suttles,Terence Lee,Carl Lerche,Yehuda Katz - bundler - - - - MIT - - - cpe:2.3:a:jessica-lynn-suttles:bundler:2.1.4:*:*:*:*:*:*:* - pkg:gem/bundler@2.1.4 - - - https://bundler.io - - - - ruby-installed-gemspec-cataloger - ruby - gem - ruby-gemspec - cpe:2.3:a:jessica_lynn_suttles:bundler:2.1.4:*:*:*:*:*:*:* - cpe:2.3:a:stephanie-morillo:bundler:2.1.4:*:*:*:*:*:*:* - cpe:2.3:a:stephanie_morillo:bundler:2.1.4:*:*:*:*:*:*:* - cpe:2.3:a:hiroshi-shibata:bundler:2.1.4:*:*:*:*:*:*:* - cpe:2.3:a:hiroshi_shibata:bundler:2.1.4:*:*:*:*:*:*:* - cpe:2.3:a:colby-swandale:bundler:2.1.4:*:*:*:*:*:*:* - cpe:2.3:a:colby_swandale:bundler:2.1.4:*:*:*:*:*:*:* - cpe:2.3:a:samuel-giddins:bundler:2.1.4:*:*:*:*:*:*:* - cpe:2.3:a:samuel_giddins:bundler:2.1.4:*:*:*:*:*:*:* - cpe:2.3:a:chris-morris:bundler:2.1.4:*:*:*:*:*:*:* - cpe:2.3:a:chris_morris:bundler:2.1.4:*:*:*:*:*:*:* - cpe:2.3:a:carl-lerche:bundler:2.1.4:*:*:*:*:*:*:* - cpe:2.3:a:carl_lerche:bundler:2.1.4:*:*:*:*:*:*:* - cpe:2.3:a:terence-lee:bundler:2.1.4:*:*:*:*:*:*:* - cpe:2.3:a:terence_lee:bundler:2.1.4:*:*:*:*:*:*:* - cpe:2.3:a:yehuda-katz:bundler:2.1.4:*:*:*:*:*:*:* - cpe:2.3:a:yehuda_katz:bundler:2.1.4:*:*:*:*:*:*:* - cpe:2.3:a:grey-baker:bundler:2.1.4:*:*:*:*:*:*:* - cpe:2.3:a:grey_baker:bundler:2.1.4:*:*:*:*:*:*:* - cpe:2.3:a:james-wen:bundler:2.1.4:*:*:*:*:*:*:* - cpe:2.3:a:james_wen:bundler:2.1.4:*:*:*:*:*:*:* - cpe:2.3:a:ruby-lang:bundler:2.1.4:*:*:*:*:*:*:* - cpe:2.3:a:ruby_lang:bundler:2.1.4:*:*:*:*:*:*:* - cpe:2.3:a:tim-moore:bundler:2.1.4:*:*:*:*:*:*:* - cpe:2.3:a:tim_moore:bundler:2.1.4:*:*:*:*:*:*:* - cpe:2.3:a:bundler:bundler:2.1.4:*:*:*:*:*:*:* - cpe:2.3:a:ruby:bundler:2.1.4:*:*:*:*:*:*:* - - - - - - org.anchore - example-java-app-maven - - - - Apache-2.0 - - - cpe:2.3:a:example-java-app-maven:example-java-app-maven:0.1.0:*:*:*:*:*:*:* - pkg:maven/org.anchore/example-java-app-maven@0.1.0 - - - - - 100b566a7dcdb187bf9f14ecd96427cadd535bfe - - - - - java-archive-cataloger - java - java-archive - java-archive - cpe:2.3:a:example-java-app-maven:example_java_app_maven:0.1.0:*:*:*:*:*:*:* - cpe:2.3:a:example_java_app_maven:example-java-app-maven:0.1.0:*:*:*:*:*:*:* - cpe:2.3:a:example_java_app_maven:example_java_app_maven:0.1.0:*:*:*:*:*:*:* - cpe:2.3:a:example-java-app:example-java-app-maven:0.1.0:*:*:*:*:*:*:* - cpe:2.3:a:example-java-app:example_java_app_maven:0.1.0:*:*:*:*:*:*:* - cpe:2.3:a:example_java_app:example-java-app-maven:0.1.0:*:*:*:*:*:*:* - cpe:2.3:a:example_java_app:example_java_app_maven:0.1.0:*:*:*:*:*:*:* - cpe:2.3:a:example-java:example-java-app-maven:0.1.0:*:*:*:*:*:*:* - cpe:2.3:a:example-java:example_java_app_maven:0.1.0:*:*:*:*:*:*:* - cpe:2.3:a:example_java:example-java-app-maven:0.1.0:*:*:*:*:*:*:* - cpe:2.3:a:example_java:example_java_app_maven:0.1.0:*:*:*:*:*:*:* - cpe:2.3:a:anchore:example-java-app-maven:0.1.0:*:*:*:*:*:*:* - cpe:2.3:a:anchore:example_java_app_maven:0.1.0:*:*:*:*:*:*:* - cpe:2.3:a:example:example-java-app-maven:0.1.0:*:*:*:*:*:*:* - cpe:2.3:a:example:example_java_app_maven:0.1.0:*:*:*:*:*:*:* - - - example-java-app-maven - org.anchore - /java/example-java-app-maven-0.1.0.jar - - - - joda-time - joda-time - - - - Apache 2 - http://www.apache.org/licenses/LICENSE-2.0.txt - - - cpe:2.3:a:joda-time:joda-time:2.9.2:*:*:*:*:*:*:* - pkg:maven/joda-time/joda-time@2.9.2 - - java-archive-cataloger - java - java-archive - java-archive - cpe:2.3:a:joda-time:joda_time:2.9.2:*:*:*:*:*:*:* - cpe:2.3:a:joda_time:joda-time:2.9.2:*:*:*:*:*:*:* - cpe:2.3:a:joda_time:joda_time:2.9.2:*:*:*:*:*:*:* - cpe:2.3:a:joda:joda-time:2.9.2:*:*:*:*:*:*:* - cpe:2.3:a:joda:joda_time:2.9.2:*:*:*:*:*:*:* - - - joda-time - joda-time - /java/example-java-app-maven-0.1.0.jar:joda-time:joda-time - - - - Isaac Z. Schlueter <i@izs.me> (http://blog.izs.me) - npm - - a package manager for JavaScript - - - Artistic-2.0 - - - cpe:2.3:a:node_packaged_modules_project:node_packaged_modules:6.14.6:*:*:*:*:node.js:*:* - pkg:npm/npm@6.14.6 - - - https://github.com/npm/cli - - - https://docs.npmjs.com/ - - - - javascript-package-cataloger - javascript - npm - javascript-npm-package - - - - - - debian - - Debian GNU/Linux 8 (jessie) - - - - https://bugs.debian.org/ - - - http://www.debian.org/ - - - http://www.debian.org/support - support - - - - debian - Debian GNU/Linux 8 (jessie) - 8 - - - - +anchoresyftlocalhost:5000/match-coverage/debianGeorg Brandl <georg@python.org>PygmentsBSD Licensecpe:2.3:a:georg_brandl_project:python-Pygments:2.6.1:*:*:*:*:*:*:*pkg:pypi/Pygments@2.6.1python-installed-package-catalogerpythonpythonpython-packagecpe:2.3:a:georg_brandl_project:python_Pygments:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:georg_brandlproject:python-Pygments:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:georg_brandlproject:python_Pygments:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:python-Pygments:python-Pygments:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:python-Pygments:python_Pygments:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:python_Pygments:python-Pygments:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:python_Pygments:python_Pygments:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:georg_brandl_project:Pygments:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:georg_project:python-Pygments:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:georg_project:python_Pygments:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:georg_brandl:python-Pygments:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:georg_brandl:python_Pygments:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:georg_brandlproject:Pygments:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:georgproject:python-Pygments:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:georgproject:python_Pygments:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:Pygments:python-Pygments:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:Pygments:python_Pygments:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:python-Pygments:Pygments:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:python_Pygments:Pygments:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:georg_project:Pygments:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:python:python-Pygments:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:python:python_Pygments:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:georg:python-Pygments:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:georg:python_Pygments:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:georg_brandl:Pygments:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:georgproject:Pygments:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:Pygments:Pygments:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:python:Pygments:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:georg:Pygments:2.6.1:*:*:*:*:*:*:*APT Development Team <deity@lists.debian.org>aptcpe:2.3:a:apt:apt:1.8.2:*:*:*:*:*:*:*pkg:deb/debian/apt@1.8.2?arch=amd64&upstream=apt-dev&distro=debian-8dpkg-db-catalogerdebdpkg-db-entry4064apt-devAndré Arko,Samuel Giddins,Colby Swandale,Hiroshi Shibata,David Rodríguez,Grey Baker,Stephanie Morillo,Chris Morris,James Wen,Tim Moore,André Medeiros,Jessica Lynn Suttles,Terence Lee,Carl Lerche,Yehuda KatzbundlerMITcpe:2.3:a:jessica-lynn-suttles:bundler:2.1.4:*:*:*:*:*:*:*pkg:gem/bundler@2.1.4https://bundler.ioruby-installed-gemspec-catalogerrubygemruby-gemspeccpe:2.3:a:jessica_lynn_suttles:bundler:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:stephanie-morillo:bundler:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:stephanie_morillo:bundler:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:hiroshi-shibata:bundler:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:hiroshi_shibata:bundler:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:colby-swandale:bundler:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:colby_swandale:bundler:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:samuel-giddins:bundler:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:samuel_giddins:bundler:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:chris-morris:bundler:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:chris_morris:bundler:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:carl-lerche:bundler:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:carl_lerche:bundler:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:terence-lee:bundler:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:terence_lee:bundler:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:yehuda-katz:bundler:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:yehuda_katz:bundler:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:grey-baker:bundler:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:grey_baker:bundler:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:james-wen:bundler:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:james_wen:bundler:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:ruby-lang:bundler:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:ruby_lang:bundler:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:tim-moore:bundler:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:tim_moore:bundler:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:bundler:bundler:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:ruby:bundler:2.1.4:*:*:*:*:*:*:*org.anchoreexample-java-app-mavenApache-2.0cpe:2.3:a:example-java-app-maven:example-java-app-maven:0.1.0:*:*:*:*:*:*:*pkg:maven/org.anchore/example-java-app-maven@0.1.0100b566a7dcdb187bf9f14ecd96427cadd535bfejava-archive-catalogerjavajava-archivejava-archivecpe:2.3:a:example-java-app-maven:example_java_app_maven:0.1.0:*:*:*:*:*:*:*cpe:2.3:a:example_java_app_maven:example-java-app-maven:0.1.0:*:*:*:*:*:*:*cpe:2.3:a:example_java_app_maven:example_java_app_maven:0.1.0:*:*:*:*:*:*:*cpe:2.3:a:example-java-app:example-java-app-maven:0.1.0:*:*:*:*:*:*:*cpe:2.3:a:example-java-app:example_java_app_maven:0.1.0:*:*:*:*:*:*:*cpe:2.3:a:example_java_app:example-java-app-maven:0.1.0:*:*:*:*:*:*:*cpe:2.3:a:example_java_app:example_java_app_maven:0.1.0:*:*:*:*:*:*:*cpe:2.3:a:example-java:example-java-app-maven:0.1.0:*:*:*:*:*:*:*cpe:2.3:a:example-java:example_java_app_maven:0.1.0:*:*:*:*:*:*:*cpe:2.3:a:example_java:example-java-app-maven:0.1.0:*:*:*:*:*:*:*cpe:2.3:a:example_java:example_java_app_maven:0.1.0:*:*:*:*:*:*:*cpe:2.3:a:anchore:example-java-app-maven:0.1.0:*:*:*:*:*:*:*cpe:2.3:a:anchore:example_java_app_maven:0.1.0:*:*:*:*:*:*:*cpe:2.3:a:example:example-java-app-maven:0.1.0:*:*:*:*:*:*:*cpe:2.3:a:example:example_java_app_maven:0.1.0:*:*:*:*:*:*:*example-java-app-mavenorg.anchore/java/example-java-app-maven-0.1.0.jarjoda-timejoda-timeApache 2http://www.apache.org/licenses/LICENSE-2.0.txtcpe:2.3:a:joda-time:joda-time:2.9.2:*:*:*:*:*:*:*pkg:maven/joda-time/joda-time@2.9.2java-archive-catalogerjavajava-archivejava-archivecpe:2.3:a:joda-time:joda_time:2.9.2:*:*:*:*:*:*:*cpe:2.3:a:joda_time:joda-time:2.9.2:*:*:*:*:*:*:*cpe:2.3:a:joda_time:joda_time:2.9.2:*:*:*:*:*:*:*cpe:2.3:a:joda:joda-time:2.9.2:*:*:*:*:*:*:*cpe:2.3:a:joda:joda_time:2.9.2:*:*:*:*:*:*:*joda-timejoda-time/java/example-java-app-maven-0.1.0.jar:joda-time:joda-timeIsaac Z. Schlueter <i@izs.me> (http://blog.izs.me)npma package manager for JavaScriptArtistic-2.0cpe:2.3:a:node_packaged_modules_project:node_packaged_modules:6.14.6:*:*:*:*:node.js:*:*pkg:npm/npm@6.14.6https://github.com/npm/clihttps://docs.npmjs.com/javascript-package-catalogerjavascriptnpmjavascript-npm-packagedebianDebian GNU/Linux 8 (jessie)https://bugs.debian.org/http://www.debian.org/http://www.debian.org/supportsupportdebianDebian GNU/Linux 8 (jessie)8 " `; exports[`CycloneDX XML npm 1`] = ` " - - - - - - anchore - syft - - - - - tests/fixtures/npm-project - - - - - chownr - - cpe:2.3:a:chownr:chownr:2.0.0:*:*:*:*:*:*:* - pkg:npm/chownr@2.0.0 - - javascript-lock-cataloger - javascript - npm - javascript-npm-package-lock-entry - - - - - fs-minipass - - cpe:2.3:a:fs-minipass:fs-minipass:2.1.0:*:*:*:*:*:*:* - pkg:npm/fs-minipass@2.1.0 - - javascript-lock-cataloger - javascript - npm - javascript-npm-package-lock-entry - cpe:2.3:a:fs-minipass:fs_minipass:2.1.0:*:*:*:*:*:*:* - cpe:2.3:a:fs_minipass:fs-minipass:2.1.0:*:*:*:*:*:*:* - cpe:2.3:a:fs_minipass:fs_minipass:2.1.0:*:*:*:*:*:*:* - cpe:2.3:a:fs:fs-minipass:2.1.0:*:*:*:*:*:*:* - cpe:2.3:a:fs:fs_minipass:2.1.0:*:*:*:*:*:*:* - - - - - js-tokens - - cpe:2.3:a:js-tokens:js-tokens:4.0.0:*:*:*:*:*:*:* - pkg:npm/js-tokens@4.0.0 - - javascript-lock-cataloger - javascript - npm - javascript-npm-package-lock-entry - cpe:2.3:a:js-tokens:js_tokens:4.0.0:*:*:*:*:*:*:* - cpe:2.3:a:js_tokens:js-tokens:4.0.0:*:*:*:*:*:*:* - cpe:2.3:a:js_tokens:js_tokens:4.0.0:*:*:*:*:*:*:* - cpe:2.3:a:js:js-tokens:4.0.0:*:*:*:*:*:*:* - cpe:2.3:a:js:js_tokens:4.0.0:*:*:*:*:*:*:* - - - - - loose-envify - - cpe:2.3:a:loose-envify:loose-envify:1.4.0:*:*:*:*:*:*:* - pkg:npm/loose-envify@1.4.0 - - javascript-lock-cataloger - javascript - npm - javascript-npm-package-lock-entry - cpe:2.3:a:loose-envify:loose_envify:1.4.0:*:*:*:*:*:*:* - cpe:2.3:a:loose_envify:loose-envify:1.4.0:*:*:*:*:*:*:* - cpe:2.3:a:loose_envify:loose_envify:1.4.0:*:*:*:*:*:*:* - cpe:2.3:a:loose:loose-envify:1.4.0:*:*:*:*:*:*:* - cpe:2.3:a:loose:loose_envify:1.4.0:*:*:*:*:*:*:* - - - - - minipass - - cpe:2.3:a:minipass:minipass:3.1.3:*:*:*:*:*:*:* - pkg:npm/minipass@3.1.3 - - javascript-lock-cataloger - javascript - npm - javascript-npm-package-lock-entry - - - - - minizlib - - cpe:2.3:a:minizlib:minizlib:2.1.2:*:*:*:*:*:*:* - pkg:npm/minizlib@2.1.2 - - javascript-lock-cataloger - javascript - npm - javascript-npm-package-lock-entry - - - - - mkdirp - - cpe:2.3:a:mkdirp:mkdirp:1.0.4:*:*:*:*:*:*:* - pkg:npm/mkdirp@1.0.4 - - javascript-lock-cataloger - javascript - npm - javascript-npm-package-lock-entry - - - - - object-assign - - cpe:2.3:a:object-assign:object-assign:4.1.1:*:*:*:*:*:*:* - pkg:npm/object-assign@4.1.1 - - javascript-lock-cataloger - javascript - npm - javascript-npm-package-lock-entry - cpe:2.3:a:object-assign:object_assign:4.1.1:*:*:*:*:*:*:* - cpe:2.3:a:object_assign:object-assign:4.1.1:*:*:*:*:*:*:* - cpe:2.3:a:object_assign:object_assign:4.1.1:*:*:*:*:*:*:* - cpe:2.3:a:object:object-assign:4.1.1:*:*:*:*:*:*:* - cpe:2.3:a:object:object_assign:4.1.1:*:*:*:*:*:*:* - - - - - prop-types - - cpe:2.3:a:prop-types:prop-types:15.7.2:*:*:*:*:*:*:* - pkg:npm/prop-types@15.7.2 - - javascript-lock-cataloger - javascript - npm - javascript-npm-package-lock-entry - cpe:2.3:a:prop-types:prop_types:15.7.2:*:*:*:*:*:*:* - cpe:2.3:a:prop_types:prop-types:15.7.2:*:*:*:*:*:*:* - cpe:2.3:a:prop_types:prop_types:15.7.2:*:*:*:*:*:*:* - cpe:2.3:a:prop:prop-types:15.7.2:*:*:*:*:*:*:* - cpe:2.3:a:prop:prop_types:15.7.2:*:*:*:*:*:*:* - - - - - react - - cpe:2.3:a:react:react:16.14.0:*:*:*:*:*:*:* - pkg:npm/react@16.14.0 - - javascript-lock-cataloger - javascript - npm - javascript-npm-package-lock-entry - - - - - react-is - - cpe:2.3:a:react-is:react-is:16.13.1:*:*:*:*:*:*:* - pkg:npm/react-is@16.13.1 - - javascript-lock-cataloger - javascript - npm - javascript-npm-package-lock-entry - cpe:2.3:a:react-is:react_is:16.13.1:*:*:*:*:*:*:* - cpe:2.3:a:react_is:react-is:16.13.1:*:*:*:*:*:*:* - cpe:2.3:a:react_is:react_is:16.13.1:*:*:*:*:*:*:* - cpe:2.3:a:react:react-is:16.13.1:*:*:*:*:*:*:* - cpe:2.3:a:react:react_is:16.13.1:*:*:*:*:*:*:* - - - - - tar - - cpe:2.3:a:tar_project:tar:6.1.0:*:*:*:*:node.js:*:* - pkg:npm/tar@6.1.0 - - javascript-lock-cataloger - javascript - npm - javascript-npm-package-lock-entry - - - - - yallist - - cpe:2.3:a:yallist:yallist:4.0.0:*:*:*:*:*:*:* - pkg:npm/yallist@4.0.0 - - javascript-lock-cataloger - javascript - npm - javascript-npm-package-lock-entry - - - - - +anchoresyfttests/fixtures/npm-projectchownrcpe:2.3:a:chownr:chownr:2.0.0:*:*:*:*:*:*:*pkg:npm/chownr@2.0.0javascript-lock-catalogerjavascriptnpmjavascript-npm-package-lock-entryfs-minipasscpe:2.3:a:fs-minipass:fs-minipass:2.1.0:*:*:*:*:*:*:*pkg:npm/fs-minipass@2.1.0javascript-lock-catalogerjavascriptnpmjavascript-npm-package-lock-entrycpe:2.3:a:fs-minipass:fs_minipass:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:fs_minipass:fs-minipass:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:fs_minipass:fs_minipass:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:fs:fs-minipass:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:fs:fs_minipass:2.1.0:*:*:*:*:*:*:*js-tokenscpe:2.3:a:js-tokens:js-tokens:4.0.0:*:*:*:*:*:*:*pkg:npm/js-tokens@4.0.0javascript-lock-catalogerjavascriptnpmjavascript-npm-package-lock-entrycpe:2.3:a:js-tokens:js_tokens:4.0.0:*:*:*:*:*:*:*cpe:2.3:a:js_tokens:js-tokens:4.0.0:*:*:*:*:*:*:*cpe:2.3:a:js_tokens:js_tokens:4.0.0:*:*:*:*:*:*:*cpe:2.3:a:js:js-tokens:4.0.0:*:*:*:*:*:*:*cpe:2.3:a:js:js_tokens:4.0.0:*:*:*:*:*:*:*loose-envifycpe:2.3:a:loose-envify:loose-envify:1.4.0:*:*:*:*:*:*:*pkg:npm/loose-envify@1.4.0javascript-lock-catalogerjavascriptnpmjavascript-npm-package-lock-entrycpe:2.3:a:loose-envify:loose_envify:1.4.0:*:*:*:*:*:*:*cpe:2.3:a:loose_envify:loose-envify:1.4.0:*:*:*:*:*:*:*cpe:2.3:a:loose_envify:loose_envify:1.4.0:*:*:*:*:*:*:*cpe:2.3:a:loose:loose-envify:1.4.0:*:*:*:*:*:*:*cpe:2.3:a:loose:loose_envify:1.4.0:*:*:*:*:*:*:*minipasscpe:2.3:a:minipass:minipass:3.1.3:*:*:*:*:*:*:*pkg:npm/minipass@3.1.3javascript-lock-catalogerjavascriptnpmjavascript-npm-package-lock-entryminizlibcpe:2.3:a:minizlib:minizlib:2.1.2:*:*:*:*:*:*:*pkg:npm/minizlib@2.1.2javascript-lock-catalogerjavascriptnpmjavascript-npm-package-lock-entrymkdirpcpe:2.3:a:mkdirp:mkdirp:1.0.4:*:*:*:*:*:*:*pkg:npm/mkdirp@1.0.4javascript-lock-catalogerjavascriptnpmjavascript-npm-package-lock-entryobject-assigncpe:2.3:a:object-assign:object-assign:4.1.1:*:*:*:*:*:*:*pkg:npm/object-assign@4.1.1javascript-lock-catalogerjavascriptnpmjavascript-npm-package-lock-entrycpe:2.3:a:object-assign:object_assign:4.1.1:*:*:*:*:*:*:*cpe:2.3:a:object_assign:object-assign:4.1.1:*:*:*:*:*:*:*cpe:2.3:a:object_assign:object_assign:4.1.1:*:*:*:*:*:*:*cpe:2.3:a:object:object-assign:4.1.1:*:*:*:*:*:*:*cpe:2.3:a:object:object_assign:4.1.1:*:*:*:*:*:*:*prop-typescpe:2.3:a:prop-types:prop-types:15.7.2:*:*:*:*:*:*:*pkg:npm/prop-types@15.7.2javascript-lock-catalogerjavascriptnpmjavascript-npm-package-lock-entrycpe:2.3:a:prop-types:prop_types:15.7.2:*:*:*:*:*:*:*cpe:2.3:a:prop_types:prop-types:15.7.2:*:*:*:*:*:*:*cpe:2.3:a:prop_types:prop_types:15.7.2:*:*:*:*:*:*:*cpe:2.3:a:prop:prop-types:15.7.2:*:*:*:*:*:*:*cpe:2.3:a:prop:prop_types:15.7.2:*:*:*:*:*:*:*reactcpe:2.3:a:react:react:16.14.0:*:*:*:*:*:*:*pkg:npm/react@16.14.0javascript-lock-catalogerjavascriptnpmjavascript-npm-package-lock-entryreact-iscpe:2.3:a:react-is:react-is:16.13.1:*:*:*:*:*:*:*pkg:npm/react-is@16.13.1javascript-lock-catalogerjavascriptnpmjavascript-npm-package-lock-entrycpe:2.3:a:react-is:react_is:16.13.1:*:*:*:*:*:*:*cpe:2.3:a:react_is:react-is:16.13.1:*:*:*:*:*:*:*cpe:2.3:a:react_is:react_is:16.13.1:*:*:*:*:*:*:*cpe:2.3:a:react:react-is:16.13.1:*:*:*:*:*:*:*cpe:2.3:a:react:react_is:16.13.1:*:*:*:*:*:*:*tarcpe:2.3:a:tar_project:tar:6.1.0:*:*:*:*:node.js:*:*pkg:npm/tar@6.1.0javascript-lock-catalogerjavascriptnpmjavascript-npm-package-lock-entryyallistcpe:2.3:a:yallist:yallist:4.0.0:*:*:*:*:*:*:*pkg:npm/yallist@4.0.0javascript-lock-catalogerjavascriptnpmjavascript-npm-package-lock-entry " `; exports[`CycloneDX XML yarn 1`] = ` " - - - - - - anchore - syft - - - - - tests/fixtures/yarn-project - - - - - js-tokens - - cpe:2.3:a:js-tokens:js-tokens:4.0.0:*:*:*:*:*:*:* - pkg:npm/js-tokens@4.0.0 - - javascript-lock-cataloger - javascript - npm - cpe:2.3:a:js-tokens:js_tokens:4.0.0:*:*:*:*:*:*:* - cpe:2.3:a:js_tokens:js-tokens:4.0.0:*:*:*:*:*:*:* - cpe:2.3:a:js_tokens:js_tokens:4.0.0:*:*:*:*:*:*:* - cpe:2.3:a:js:js-tokens:4.0.0:*:*:*:*:*:*:* - cpe:2.3:a:js:js_tokens:4.0.0:*:*:*:*:*:*:* - - - - - loose-envify - - cpe:2.3:a:loose-envify:loose-envify:1.4.0:*:*:*:*:*:*:* - pkg:npm/loose-envify@1.4.0 - - javascript-lock-cataloger - javascript - npm - cpe:2.3:a:loose-envify:loose_envify:1.4.0:*:*:*:*:*:*:* - cpe:2.3:a:loose_envify:loose-envify:1.4.0:*:*:*:*:*:*:* - cpe:2.3:a:loose_envify:loose_envify:1.4.0:*:*:*:*:*:*:* - cpe:2.3:a:loose:loose-envify:1.4.0:*:*:*:*:*:*:* - cpe:2.3:a:loose:loose_envify:1.4.0:*:*:*:*:*:*:* - - - - - object-assign - - cpe:2.3:a:object-assign:object-assign:4.1.1:*:*:*:*:*:*:* - pkg:npm/object-assign@4.1.1 - - javascript-lock-cataloger - javascript - npm - cpe:2.3:a:object-assign:object_assign:4.1.1:*:*:*:*:*:*:* - cpe:2.3:a:object_assign:object-assign:4.1.1:*:*:*:*:*:*:* - cpe:2.3:a:object_assign:object_assign:4.1.1:*:*:*:*:*:*:* - cpe:2.3:a:object:object-assign:4.1.1:*:*:*:*:*:*:* - cpe:2.3:a:object:object_assign:4.1.1:*:*:*:*:*:*:* - - - - - prop-types - - cpe:2.3:a:prop-types:prop-types:15.7.2:*:*:*:*:*:*:* - pkg:npm/prop-types@15.7.2 - - javascript-lock-cataloger - javascript - npm - cpe:2.3:a:prop-types:prop_types:15.7.2:*:*:*:*:*:*:* - cpe:2.3:a:prop_types:prop-types:15.7.2:*:*:*:*:*:*:* - cpe:2.3:a:prop_types:prop_types:15.7.2:*:*:*:*:*:*:* - cpe:2.3:a:prop:prop-types:15.7.2:*:*:*:*:*:*:* - cpe:2.3:a:prop:prop_types:15.7.2:*:*:*:*:*:*:* - - - - - react - - cpe:2.3:a:react:react:16.14.0:*:*:*:*:*:*:* - pkg:npm/react@16.14.0 - - javascript-lock-cataloger - javascript - npm - - - - - react-is - - cpe:2.3:a:react-is:react-is:16.13.1:*:*:*:*:*:*:* - pkg:npm/react-is@16.13.1 - - javascript-lock-cataloger - javascript - npm - cpe:2.3:a:react-is:react_is:16.13.1:*:*:*:*:*:*:* - cpe:2.3:a:react_is:react-is:16.13.1:*:*:*:*:*:*:* - cpe:2.3:a:react_is:react_is:16.13.1:*:*:*:*:*:*:* - cpe:2.3:a:react:react-is:16.13.1:*:*:*:*:*:*:* - cpe:2.3:a:react:react_is:16.13.1:*:*:*:*:*:*:* - - - - - trim - - cpe:2.3:a:trim:trim:0.0.2:*:*:*:*:*:*:* - pkg:npm/trim@0.0.2 - - javascript-lock-cataloger - javascript - npm - - - - - +anchoresyfttests/fixtures/yarn-projectjs-tokenscpe:2.3:a:js-tokens:js-tokens:4.0.0:*:*:*:*:*:*:*pkg:npm/js-tokens@4.0.0javascript-lock-catalogerjavascriptnpmcpe:2.3:a:js-tokens:js_tokens:4.0.0:*:*:*:*:*:*:*cpe:2.3:a:js_tokens:js-tokens:4.0.0:*:*:*:*:*:*:*cpe:2.3:a:js_tokens:js_tokens:4.0.0:*:*:*:*:*:*:*cpe:2.3:a:js:js-tokens:4.0.0:*:*:*:*:*:*:*cpe:2.3:a:js:js_tokens:4.0.0:*:*:*:*:*:*:*loose-envifycpe:2.3:a:loose-envify:loose-envify:1.4.0:*:*:*:*:*:*:*pkg:npm/loose-envify@1.4.0javascript-lock-catalogerjavascriptnpmcpe:2.3:a:loose-envify:loose_envify:1.4.0:*:*:*:*:*:*:*cpe:2.3:a:loose_envify:loose-envify:1.4.0:*:*:*:*:*:*:*cpe:2.3:a:loose_envify:loose_envify:1.4.0:*:*:*:*:*:*:*cpe:2.3:a:loose:loose-envify:1.4.0:*:*:*:*:*:*:*cpe:2.3:a:loose:loose_envify:1.4.0:*:*:*:*:*:*:*object-assigncpe:2.3:a:object-assign:object-assign:4.1.1:*:*:*:*:*:*:*pkg:npm/object-assign@4.1.1javascript-lock-catalogerjavascriptnpmcpe:2.3:a:object-assign:object_assign:4.1.1:*:*:*:*:*:*:*cpe:2.3:a:object_assign:object-assign:4.1.1:*:*:*:*:*:*:*cpe:2.3:a:object_assign:object_assign:4.1.1:*:*:*:*:*:*:*cpe:2.3:a:object:object-assign:4.1.1:*:*:*:*:*:*:*cpe:2.3:a:object:object_assign:4.1.1:*:*:*:*:*:*:*prop-typescpe:2.3:a:prop-types:prop-types:15.7.2:*:*:*:*:*:*:*pkg:npm/prop-types@15.7.2javascript-lock-catalogerjavascriptnpmcpe:2.3:a:prop-types:prop_types:15.7.2:*:*:*:*:*:*:*cpe:2.3:a:prop_types:prop-types:15.7.2:*:*:*:*:*:*:*cpe:2.3:a:prop_types:prop_types:15.7.2:*:*:*:*:*:*:*cpe:2.3:a:prop:prop-types:15.7.2:*:*:*:*:*:*:*cpe:2.3:a:prop:prop_types:15.7.2:*:*:*:*:*:*:*reactcpe:2.3:a:react:react:16.14.0:*:*:*:*:*:*:*pkg:npm/react@16.14.0javascript-lock-catalogerjavascriptnpmreact-iscpe:2.3:a:react-is:react-is:16.13.1:*:*:*:*:*:*:*pkg:npm/react-is@16.13.1javascript-lock-catalogerjavascriptnpmcpe:2.3:a:react-is:react_is:16.13.1:*:*:*:*:*:*:*cpe:2.3:a:react_is:react-is:16.13.1:*:*:*:*:*:*:*cpe:2.3:a:react_is:react_is:16.13.1:*:*:*:*:*:*:*cpe:2.3:a:react:react-is:16.13.1:*:*:*:*:*:*:*cpe:2.3:a:react:react_is:16.13.1:*:*:*:*:*:*:*trimcpe:2.3:a:trim:trim:0.0.2:*:*:*:*:*:*:*pkg:npm/trim@0.0.2javascript-lock-catalogerjavascriptnpm " `; exports[`SPDX JSON alpine 1`] = ` -"{ - "spdxVersion": "SPDX-2.3", - "dataLicense": "CC0-1.0", - "SPDXID": "redacted", - "name": "localhost:5000/match-coverage/alpine", - "documentNamespace": "redacted", - "creationInfo": { - "licenseListVersion": "redacted", - "creators": [ - "Organization: Anchore, Inc", - - ], - "created": "redacted" - }, - "packages": [ - { - "name": "libvncserver", - "SPDXID": "redacted", - "versionInfo": "0.9.9", - "supplier": "Person: A. Wilcox \\u003cawilfox@adelielinux.org\\u003e", - "originator": "Person: A. Wilcox \\u003cawilfox@adelielinux.org\\u003e", - "downloadLocation": "http://libvncserver.sourceforge.net/", - "filesAnalyzed": false, - "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "GPL-2.0-or-later", - "copyrightText": "NOASSERTION", - "description": "Library to make writing a vnc server easy", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:libvncserver:libvncserver:0.9.9:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:apk/alpine/libvncserver@0.9.9?arch=x86_64\\u0026distro=alpine-3.12.0" - } - ] - }, - { - "name": "localhost:5000/match-coverage/alpine", - "SPDXID": "redacted", - "versionInfo": "sha256:redacted", - "supplier": "NOASSERTION", - "downloadLocation": "NOASSERTION", - "filesAnalyzed": false, - "checksums": [ - { - "algorithm": "SHA256", - "checksumValue": "shas256:redacted" - } - ], - "externalRefs": [ - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:oci/localhost:5000/match-coverage/alpine@sha256:redacted?arch=amd64\\u0026tag=latest" - } - ], - "primaryPackagePurpose": "CONTAINER" - } - ], - "files": [ - { - "fileName": "/lib/apk/db/installed", - "SPDXID": "redacted", - "checksums": [ - { - "algorithm": "SHA1", - "checksumValue": "0000000000000000000000000000000000000000" - } - ], - "licenseConcluded": "NOASSERTION", - "copyrightText": "", - "comment": "layerID: sha256:redacted" - } - ], - "relationships": [ - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "OTHER", - "comment": "evident-by: indicates the package's existence is evident by the given file" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "DESCRIBES" - } - ] -} +"{"spdxVersion":"SPDX-2.3","dataLicense":"CC0-1.0","SPDXID": "redacted","name":"localhost:5000/match-coverage/alpine","documentNamespace": "redacted","creationInfo":{"licenseListVersion": "redacted","creators":["Organization: Anchore, Inc",],"created": "redacted"},"packages":[{"name":"libvncserver","SPDXID": "redacted","versionInfo":"0.9.9","supplier":"Person: A. Wilcox \\u003cawilfox@adelielinux.org\\u003e","originator":"Person: A. Wilcox \\u003cawilfox@adelielinux.org\\u003e","downloadLocation":"http://libvncserver.sourceforge.net/","filesAnalyzed":false,"sourceInfo":"acquired package info from APK DB: /lib/apk/db/installed","licenseConcluded":"NOASSERTION","licenseDeclared":"GPL-2.0-or-later","copyrightText":"NOASSERTION","description":"Library to make writing a vnc server easy","externalRefs":[{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:libvncserver:libvncserver:0.9.9:*:*:*:*:*:*:*"},{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:apk/alpine/libvncserver@0.9.9?arch=x86_64\\u0026distro=alpine-3.12.0"}]},{"name":"localhost:5000/match-coverage/alpine","SPDXID": "redacted","versionInfo":"sha256:redacted","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"checksums":[{"algorithm":"SHA256","checksumValue":"shas256:redacted"}],"externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:oci/localhost:5000/match-coverage/alpine@sha256:redacted?arch=amd64\\u0026tag=latest"}],"primaryPackagePurpose":"CONTAINER"}],"files":[{"fileName":"/lib/apk/db/installed","SPDXID": "redacted","checksums":[{"algorithm":"SHA1","checksumValue":"0000000000000000000000000000000000000000"}],"licenseConcluded":"NOASSERTION","copyrightText":"","comment":"layerID: sha256:redacted"}],"relationships":[{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"OTHER","comment":"evident-by: indicates the package's existence is evident by the given file"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"CONTAINS"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"DESCRIBES"}]} " `; exports[`SPDX JSON debian 1`] = ` -"{ - "spdxVersion": "SPDX-2.3", - "dataLicense": "CC0-1.0", - "SPDXID": "redacted", - "name": "localhost:5000/match-coverage/debian", - "documentNamespace": "redacted", - "creationInfo": { - "licenseListVersion": "redacted", - "creators": [ - "Organization: Anchore, Inc", - - ], - "created": "redacted" - }, - "packages": [ - { - "name": "Pygments", - "SPDXID": "redacted", - "versionInfo": "2.6.1", - "supplier": "Person: Georg Brandl (georg@python.org)", - "originator": "Person: Georg Brandl (georg@python.org)", - "downloadLocation": "NOASSERTION", - "filesAnalyzed": false, - "sourceInfo": "acquired package info from installed python package manifest file: /python/dist-info/METADATA, /python/dist-info/top_level.txt", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "LicenseRef-BSD-License", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg_brandl_project:python-Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg_brandl_project:python_Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg_brandlproject:python-Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg_brandlproject:python_Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:python-Pygments:python-Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:python-Pygments:python_Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:python_Pygments:python-Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:python_Pygments:python_Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg_brandl_project:Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg_project:python-Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg_project:python_Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg_brandl:python-Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg_brandl:python_Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg_brandlproject:Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georgproject:python-Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georgproject:python_Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:Pygments:python-Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:Pygments:python_Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:python-Pygments:Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:python_Pygments:Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg_project:Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:python:python-Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:python:python_Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg:python-Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg:python_Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg_brandl:Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georgproject:Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:Pygments:Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:python:Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:georg:Pygments:2.6.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:pypi/Pygments@2.6.1" - } - ] - }, - { - "name": "apt", - "SPDXID": "redacted", - "versionInfo": "1.8.2", - "supplier": "Person: APT Development Team \\u003cdeity@lists.debian.org\\u003e", - "originator": "Person: APT Development Team \\u003cdeity@lists.debian.org\\u003e", - "downloadLocation": "NOASSERTION", - "filesAnalyzed": false, - "sourceInfo": "acquired package info from DPKG DB: /var/lib/dpkg/status", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:apt:apt:1.8.2:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:deb/debian/apt@1.8.2?arch=amd64\\u0026upstream=apt-dev\\u0026distro=debian-8" - } - ] - }, - { - "name": "bundler", - "SPDXID": "redacted", - "versionInfo": "2.1.4", - "supplier": "Person: André Arko", - "originator": "Person: André Arko", - "downloadLocation": "NOASSERTION", - "filesAnalyzed": false, - "homepage": "https://bundler.io", - "sourceInfo": "acquired package info from installed gem metadata file: /ruby/specifications/bundler.gemspec", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:jessica-lynn-suttles:bundler:2.1.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:jessica_lynn_suttles:bundler:2.1.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:stephanie-morillo:bundler:2.1.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:stephanie_morillo:bundler:2.1.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:hiroshi-shibata:bundler:2.1.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:hiroshi_shibata:bundler:2.1.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:colby-swandale:bundler:2.1.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:colby_swandale:bundler:2.1.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:samuel-giddins:bundler:2.1.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:samuel_giddins:bundler:2.1.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:chris-morris:bundler:2.1.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:chris_morris:bundler:2.1.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:carl-lerche:bundler:2.1.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:carl_lerche:bundler:2.1.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:terence-lee:bundler:2.1.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:terence_lee:bundler:2.1.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:yehuda-katz:bundler:2.1.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:yehuda_katz:bundler:2.1.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:grey-baker:bundler:2.1.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:grey_baker:bundler:2.1.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:james-wen:bundler:2.1.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:james_wen:bundler:2.1.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:ruby-lang:bundler:2.1.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:ruby_lang:bundler:2.1.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:tim-moore:bundler:2.1.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:tim_moore:bundler:2.1.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:bundler:bundler:2.1.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:ruby:bundler:2.1.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:gem/bundler@2.1.4" - } - ] - }, - { - "name": "example-java-app-maven", - "SPDXID": "redacted", - "versionInfo": "0.1.0", - "supplier": "NOASSERTION", - "downloadLocation": "NOASSERTION", - "filesAnalyzed": false, - "checksums": [ - { - "algorithm": "SHA1", - "checksumValue": "100b566a7dcdb187bf9f14ecd96427cadd535bfe" - } - ], - "sourceInfo": "acquired package info from installed java archive: /java/example-java-app-maven-0.1.0.jar", - "licenseConcluded": "Apache-2.0", - "licenseDeclared": "NOASSERTION", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:example-java-app-maven:example-java-app-maven:0.1.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:example-java-app-maven:example_java_app_maven:0.1.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:example_java_app_maven:example-java-app-maven:0.1.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:example_java_app_maven:example_java_app_maven:0.1.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:example-java-app:example-java-app-maven:0.1.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:example-java-app:example_java_app_maven:0.1.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:example_java_app:example-java-app-maven:0.1.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:example_java_app:example_java_app_maven:0.1.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:example-java:example-java-app-maven:0.1.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:example-java:example_java_app_maven:0.1.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:example_java:example-java-app-maven:0.1.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:example_java:example_java_app_maven:0.1.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:anchore:example-java-app-maven:0.1.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:anchore:example_java_app_maven:0.1.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:example:example-java-app-maven:0.1.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:example:example_java_app_maven:0.1.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:maven/org.anchore/example-java-app-maven@0.1.0" - } - ] - }, - { - "name": "joda-time", - "SPDXID": "redacted", - "versionInfo": "2.9.2", - "supplier": "NOASSERTION", - "downloadLocation": "NOASSERTION", - "filesAnalyzed": false, - "sourceInfo": "acquired package info from installed java archive: /java/example-java-app-maven-0.1.0.jar", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "LicenseRef-Apache-2", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:joda-time:joda-time:2.9.2:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:joda-time:joda_time:2.9.2:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:joda_time:joda-time:2.9.2:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:joda_time:joda_time:2.9.2:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:joda:joda-time:2.9.2:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:joda:joda_time:2.9.2:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:maven/joda-time/joda-time@2.9.2" - } - ] - }, - { - "name": "npm", - "SPDXID": "redacted", - "versionInfo": "6.14.6", - "supplier": "Person: Isaac Z. Schlueter \\u003ci@izs.me\\u003e (http://blog.izs.me)", - "originator": "Person: Isaac Z. Schlueter \\u003ci@izs.me\\u003e (http://blog.izs.me)", - "downloadLocation": "https://github.com/npm/cli", - "filesAnalyzed": false, - "homepage": "https://docs.npmjs.com/", - "sourceInfo": "acquired package info from installed node module manifest file: /javascript/pkg-json/package.json", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "Artistic-2.0", - "copyrightText": "NOASSERTION", - "description": "a package manager for JavaScript", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:node_packaged_modules_project:node_packaged_modules:6.14.6:*:*:*:*:node.js:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/npm@6.14.6" - } - ] - }, - { - "name": "localhost:5000/match-coverage/debian", - "SPDXID": "redacted", - "versionInfo": "sha256:redacted", - "supplier": "NOASSERTION", - "downloadLocation": "NOASSERTION", - "filesAnalyzed": false, - "checksums": [ - { - "algorithm": "SHA256", - "checksumValue": "shas256:redacted" - } - ], - "externalRefs": [ - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:oci/localhost:5000/match-coverage/debian@sha256:redacted?arch=amd64\\u0026tag=latest" - } - ], - "primaryPackagePurpose": "CONTAINER" - } - ], - "files": [ - { - "fileName": "/java/example-java-app-maven-0.1.0.jar", - "SPDXID": "redacted", - "checksums": [ - { - "algorithm": "SHA1", - "checksumValue": "0000000000000000000000000000000000000000" - } - ], - "licenseConcluded": "NOASSERTION", - "copyrightText": "", - "comment": "layerID: sha256:redacted" - }, - { - "fileName": "/javascript/pkg-json/package.json", - "SPDXID": "redacted", - "checksums": [ - { - "algorithm": "SHA1", - "checksumValue": "0000000000000000000000000000000000000000" - } - ], - "licenseConcluded": "NOASSERTION", - "copyrightText": "", - "comment": "layerID: sha256:redacted" - }, - { - "fileName": "/python/dist-info/METADATA", - "SPDXID": "redacted", - "checksums": [ - { - "algorithm": "SHA1", - "checksumValue": "0000000000000000000000000000000000000000" - } - ], - "licenseConcluded": "NOASSERTION", - "copyrightText": "", - "comment": "layerID: sha256:redacted" - }, - { - "fileName": "/ruby/specifications/bundler.gemspec", - "SPDXID": "redacted", - "checksums": [ - { - "algorithm": "SHA1", - "checksumValue": "0000000000000000000000000000000000000000" - } - ], - "licenseConcluded": "NOASSERTION", - "copyrightText": "", - "comment": "layerID: sha256:redacted" - }, - { - "fileName": "/var/lib/dpkg/status", - "SPDXID": "redacted", - "checksums": [ - { - "algorithm": "SHA1", - "checksumValue": "0000000000000000000000000000000000000000" - } - ], - "licenseConcluded": "NOASSERTION", - "copyrightText": "", - "comment": "layerID: sha256:redacted" - } - ], - "hasExtractedLicensingInfos": [ - { - "licenseId": "LicenseRef-Apache-2", - "extractedText": "Apache 2" - }, - { - "licenseId": "LicenseRef-BSD-License", - "extractedText": "BSD License" - } - ], - "relationships": [ - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "OTHER", - "comment": "evident-by: indicates the package's existence is evident by the given file" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "OTHER", - "comment": "evident-by: indicates the package's existence is evident by the given file" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "OTHER", - "comment": "evident-by: indicates the package's existence is evident by the given file" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "OTHER", - "comment": "evident-by: indicates the package's existence is evident by the given file" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "OTHER", - "comment": "evident-by: indicates the package's existence is evident by the given file" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "OTHER", - "comment": "evident-by: indicates the package's existence is evident by the given file" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "DESCRIBES" - } - ] -} +"{"spdxVersion":"SPDX-2.3","dataLicense":"CC0-1.0","SPDXID": "redacted","name":"localhost:5000/match-coverage/debian","documentNamespace": "redacted","creationInfo":{"licenseListVersion": "redacted","creators":["Organization: Anchore, Inc",],"created": "redacted"},"packages":[{"name":"Pygments","SPDXID": "redacted","versionInfo":"2.6.1","supplier":"Person: Georg Brandl (georg@python.org)","originator":"Person: Georg Brandl (georg@python.org)","downloadLocation":"NOASSERTION","filesAnalyzed":false,"sourceInfo":"acquired package info from installed python package manifest file: /python/dist-info/METADATA, /python/dist-info/top_level.txt","licenseConcluded":"NOASSERTION","licenseDeclared":"LicenseRef-BSD-License","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:georg_brandl_project:python-Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:georg_brandl_project:python_Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:georg_brandlproject:python-Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:georg_brandlproject:python_Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:python-Pygments:python-Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:python-Pygments:python_Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:python_Pygments:python-Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:python_Pygments:python_Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:georg_brandl_project:Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:georg_project:python-Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:georg_project:python_Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:georg_brandl:python-Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:georg_brandl:python_Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:georg_brandlproject:Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:georgproject:python-Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:georgproject:python_Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:Pygments:python-Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:Pygments:python_Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:python-Pygments:Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:python_Pygments:Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:georg_project:Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:python:python-Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:python:python_Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:georg:python-Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:georg:python_Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:georg_brandl:Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:georgproject:Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:Pygments:Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:python:Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:georg:Pygments:2.6.1:*:*:*:*:*:*:*"},{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:pypi/Pygments@2.6.1"}]},{"name":"apt","SPDXID": "redacted","versionInfo":"1.8.2","supplier":"Person: APT Development Team \\u003cdeity@lists.debian.org\\u003e","originator":"Person: APT Development Team \\u003cdeity@lists.debian.org\\u003e","downloadLocation":"NOASSERTION","filesAnalyzed":false,"sourceInfo":"acquired package info from DPKG DB: /var/lib/dpkg/status","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:apt:apt:1.8.2:*:*:*:*:*:*:*"},{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:deb/debian/apt@1.8.2?arch=amd64\\u0026upstream=apt-dev\\u0026distro=debian-8"}]},{"name":"bundler","SPDXID": "redacted","versionInfo":"2.1.4","supplier":"Person: André Arko","originator":"Person: André Arko","downloadLocation":"NOASSERTION","filesAnalyzed":false,"homepage":"https://bundler.io","sourceInfo":"acquired package info from installed gem metadata file: /ruby/specifications/bundler.gemspec","licenseConcluded":"NOASSERTION","licenseDeclared":"MIT","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:jessica-lynn-suttles:bundler:2.1.4:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:jessica_lynn_suttles:bundler:2.1.4:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:stephanie-morillo:bundler:2.1.4:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:stephanie_morillo:bundler:2.1.4:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:hiroshi-shibata:bundler:2.1.4:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:hiroshi_shibata:bundler:2.1.4:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:colby-swandale:bundler:2.1.4:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:colby_swandale:bundler:2.1.4:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:samuel-giddins:bundler:2.1.4:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:samuel_giddins:bundler:2.1.4:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:chris-morris:bundler:2.1.4:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:chris_morris:bundler:2.1.4:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:carl-lerche:bundler:2.1.4:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:carl_lerche:bundler:2.1.4:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:terence-lee:bundler:2.1.4:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:terence_lee:bundler:2.1.4:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:yehuda-katz:bundler:2.1.4:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:yehuda_katz:bundler:2.1.4:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:grey-baker:bundler:2.1.4:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:grey_baker:bundler:2.1.4:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:james-wen:bundler:2.1.4:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:james_wen:bundler:2.1.4:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:ruby-lang:bundler:2.1.4:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:ruby_lang:bundler:2.1.4:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:tim-moore:bundler:2.1.4:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:tim_moore:bundler:2.1.4:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:bundler:bundler:2.1.4:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:ruby:bundler:2.1.4:*:*:*:*:*:*:*"},{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:gem/bundler@2.1.4"}]},{"name":"example-java-app-maven","SPDXID": "redacted","versionInfo":"0.1.0","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"checksums":[{"algorithm":"SHA1","checksumValue":"100b566a7dcdb187bf9f14ecd96427cadd535bfe"}],"sourceInfo":"acquired package info from installed java archive: /java/example-java-app-maven-0.1.0.jar","licenseConcluded":"Apache-2.0","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:example-java-app-maven:example-java-app-maven:0.1.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:example-java-app-maven:example_java_app_maven:0.1.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:example_java_app_maven:example-java-app-maven:0.1.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:example_java_app_maven:example_java_app_maven:0.1.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:example-java-app:example-java-app-maven:0.1.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:example-java-app:example_java_app_maven:0.1.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:example_java_app:example-java-app-maven:0.1.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:example_java_app:example_java_app_maven:0.1.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:example-java:example-java-app-maven:0.1.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:example-java:example_java_app_maven:0.1.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:example_java:example-java-app-maven:0.1.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:example_java:example_java_app_maven:0.1.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:anchore:example-java-app-maven:0.1.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:anchore:example_java_app_maven:0.1.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:example:example-java-app-maven:0.1.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:example:example_java_app_maven:0.1.0:*:*:*:*:*:*:*"},{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:maven/org.anchore/example-java-app-maven@0.1.0"}]},{"name":"joda-time","SPDXID": "redacted","versionInfo":"2.9.2","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"sourceInfo":"acquired package info from installed java archive: /java/example-java-app-maven-0.1.0.jar","licenseConcluded":"NOASSERTION","licenseDeclared":"LicenseRef-Apache-2","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:joda-time:joda-time:2.9.2:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:joda-time:joda_time:2.9.2:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:joda_time:joda-time:2.9.2:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:joda_time:joda_time:2.9.2:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:joda:joda-time:2.9.2:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:joda:joda_time:2.9.2:*:*:*:*:*:*:*"},{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:maven/joda-time/joda-time@2.9.2"}]},{"name":"npm","SPDXID": "redacted","versionInfo":"6.14.6","supplier":"Person: Isaac Z. Schlueter \\u003ci@izs.me\\u003e (http://blog.izs.me)","originator":"Person: Isaac Z. Schlueter \\u003ci@izs.me\\u003e (http://blog.izs.me)","downloadLocation":"https://github.com/npm/cli","filesAnalyzed":false,"homepage":"https://docs.npmjs.com/","sourceInfo":"acquired package info from installed node module manifest file: /javascript/pkg-json/package.json","licenseConcluded":"NOASSERTION","licenseDeclared":"Artistic-2.0","copyrightText":"NOASSERTION","description":"a package manager for JavaScript","externalRefs":[{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:node_packaged_modules_project:node_packaged_modules:6.14.6:*:*:*:*:node.js:*:*"},{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:npm/npm@6.14.6"}]},{"name":"localhost:5000/match-coverage/debian","SPDXID": "redacted","versionInfo":"sha256:redacted","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"checksums":[{"algorithm":"SHA256","checksumValue":"shas256:redacted"}],"externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:oci/localhost:5000/match-coverage/debian@sha256:redacted?arch=amd64\\u0026tag=latest"}],"primaryPackagePurpose":"CONTAINER"}],"files":[{"fileName":"/java/example-java-app-maven-0.1.0.jar","SPDXID": "redacted","checksums":[{"algorithm":"SHA1","checksumValue":"0000000000000000000000000000000000000000"}],"licenseConcluded":"NOASSERTION","copyrightText":"","comment":"layerID: sha256:redacted"},{"fileName":"/javascript/pkg-json/package.json","SPDXID": "redacted","checksums":[{"algorithm":"SHA1","checksumValue":"0000000000000000000000000000000000000000"}],"licenseConcluded":"NOASSERTION","copyrightText":"","comment":"layerID: sha256:redacted"},{"fileName":"/python/dist-info/METADATA","SPDXID": "redacted","checksums":[{"algorithm":"SHA1","checksumValue":"0000000000000000000000000000000000000000"}],"licenseConcluded":"NOASSERTION","copyrightText":"","comment":"layerID: sha256:redacted"},{"fileName":"/ruby/specifications/bundler.gemspec","SPDXID": "redacted","checksums":[{"algorithm":"SHA1","checksumValue":"0000000000000000000000000000000000000000"}],"licenseConcluded":"NOASSERTION","copyrightText":"","comment":"layerID: sha256:redacted"},{"fileName":"/var/lib/dpkg/status","SPDXID": "redacted","checksums":[{"algorithm":"SHA1","checksumValue":"0000000000000000000000000000000000000000"}],"licenseConcluded":"NOASSERTION","copyrightText":"","comment":"layerID: sha256:redacted"}],"hasExtractedLicensingInfos":[{"licenseId":"LicenseRef-Apache-2","extractedText":"Apache 2"},{"licenseId":"LicenseRef-BSD-License","extractedText":"BSD License"}],"relationships":[{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"OTHER","comment":"evident-by: indicates the package's existence is evident by the given file"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"OTHER","comment":"evident-by: indicates the package's existence is evident by the given file"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"OTHER","comment":"evident-by: indicates the package's existence is evident by the given file"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"OTHER","comment":"evident-by: indicates the package's existence is evident by the given file"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"OTHER","comment":"evident-by: indicates the package's existence is evident by the given file"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"OTHER","comment":"evident-by: indicates the package's existence is evident by the given file"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"CONTAINS"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"CONTAINS"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"CONTAINS"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"CONTAINS"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"CONTAINS"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"CONTAINS"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"DESCRIBES"}]} " `; exports[`SPDX JSON npm 1`] = ` -"{ - "spdxVersion": "SPDX-2.3", - "dataLicense": "CC0-1.0", - "SPDXID": "redacted", - "name": "tests/fixtures/npm-project", - "documentNamespace": "redacted", - "creationInfo": { - "licenseListVersion": "redacted", - "creators": [ - "Organization: Anchore, Inc", - - ], - "created": "redacted" - }, - "packages": [ - { - "name": "chownr", - "SPDXID": "redacted", - "versionInfo": "2.0.0", - "supplier": "NOASSERTION", - "downloadLocation": "https://registry.npmjs.org/chownr/-/chownr-2.0.0.tgz", - "filesAnalyzed": false, - "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:chownr:chownr:2.0.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/chownr@2.0.0" - } - ] - }, - { - "name": "fs-minipass", - "SPDXID": "redacted", - "versionInfo": "2.1.0", - "supplier": "NOASSERTION", - "downloadLocation": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-2.1.0.tgz", - "filesAnalyzed": false, - "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:fs-minipass:fs-minipass:2.1.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:fs-minipass:fs_minipass:2.1.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:fs_minipass:fs-minipass:2.1.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:fs_minipass:fs_minipass:2.1.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:fs:fs-minipass:2.1.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:fs:fs_minipass:2.1.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/fs-minipass@2.1.0" - } - ] - }, - { - "name": "js-tokens", - "SPDXID": "redacted", - "versionInfo": "4.0.0", - "supplier": "NOASSERTION", - "downloadLocation": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", - "filesAnalyzed": false, - "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:js-tokens:js-tokens:4.0.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:js-tokens:js_tokens:4.0.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:js_tokens:js-tokens:4.0.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:js_tokens:js_tokens:4.0.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:js:js-tokens:4.0.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:js:js_tokens:4.0.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/js-tokens@4.0.0" - } - ] - }, - { - "name": "loose-envify", - "SPDXID": "redacted", - "versionInfo": "1.4.0", - "supplier": "NOASSERTION", - "downloadLocation": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz", - "filesAnalyzed": false, - "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:loose-envify:loose-envify:1.4.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:loose-envify:loose_envify:1.4.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:loose_envify:loose-envify:1.4.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:loose_envify:loose_envify:1.4.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:loose:loose-envify:1.4.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:loose:loose_envify:1.4.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/loose-envify@1.4.0" - } - ] - }, - { - "name": "minipass", - "SPDXID": "redacted", - "versionInfo": "3.1.3", - "supplier": "NOASSERTION", - "downloadLocation": "https://registry.npmjs.org/minipass/-/minipass-3.1.3.tgz", - "filesAnalyzed": false, - "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:minipass:minipass:3.1.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/minipass@3.1.3" - } - ] - }, - { - "name": "minizlib", - "SPDXID": "redacted", - "versionInfo": "2.1.2", - "supplier": "NOASSERTION", - "downloadLocation": "https://registry.npmjs.org/minizlib/-/minizlib-2.1.2.tgz", - "filesAnalyzed": false, - "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:minizlib:minizlib:2.1.2:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/minizlib@2.1.2" - } - ] - }, - { - "name": "mkdirp", - "SPDXID": "redacted", - "versionInfo": "1.0.4", - "supplier": "NOASSERTION", - "downloadLocation": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz", - "filesAnalyzed": false, - "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:mkdirp:mkdirp:1.0.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/mkdirp@1.0.4" - } - ] - }, - { - "name": "object-assign", - "SPDXID": "redacted", - "versionInfo": "4.1.1", - "supplier": "NOASSERTION", - "downloadLocation": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", - "filesAnalyzed": false, - "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:object-assign:object-assign:4.1.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:object-assign:object_assign:4.1.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:object_assign:object-assign:4.1.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:object_assign:object_assign:4.1.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:object:object-assign:4.1.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:object:object_assign:4.1.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/object-assign@4.1.1" - } - ] - }, - { - "name": "prop-types", - "SPDXID": "redacted", - "versionInfo": "15.7.2", - "supplier": "NOASSERTION", - "downloadLocation": "https://registry.npmjs.org/prop-types/-/prop-types-15.7.2.tgz", - "filesAnalyzed": false, - "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:prop-types:prop-types:15.7.2:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:prop-types:prop_types:15.7.2:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:prop_types:prop-types:15.7.2:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:prop_types:prop_types:15.7.2:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:prop:prop-types:15.7.2:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:prop:prop_types:15.7.2:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/prop-types@15.7.2" - } - ] - }, - { - "name": "react", - "SPDXID": "redacted", - "versionInfo": "16.14.0", - "supplier": "NOASSERTION", - "downloadLocation": "https://registry.npmjs.org/react/-/react-16.14.0.tgz", - "filesAnalyzed": false, - "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:react:react:16.14.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/react@16.14.0" - } - ] - }, - { - "name": "react-is", - "SPDXID": "redacted", - "versionInfo": "16.13.1", - "supplier": "NOASSERTION", - "downloadLocation": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz", - "filesAnalyzed": false, - "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:react-is:react-is:16.13.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:react-is:react_is:16.13.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:react_is:react-is:16.13.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:react_is:react_is:16.13.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:react:react-is:16.13.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:react:react_is:16.13.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/react-is@16.13.1" - } - ] - }, - { - "name": "tar", - "SPDXID": "redacted", - "versionInfo": "6.1.0", - "supplier": "NOASSERTION", - "downloadLocation": "https://registry.npmjs.org/tar/-/tar-6.1.0.tgz", - "filesAnalyzed": false, - "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:tar_project:tar:6.1.0:*:*:*:*:node.js:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/tar@6.1.0" - } - ] - }, - { - "name": "yallist", - "SPDXID": "redacted", - "versionInfo": "4.0.0", - "supplier": "NOASSERTION", - "downloadLocation": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", - "filesAnalyzed": false, - "sourceInfo": "acquired package info from installed node module manifest file: /package-lock.json", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:yallist:yallist:4.0.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/yallist@4.0.0" - } - ] - }, - { - "name": "tests/fixtures/npm-project", - "SPDXID": "redacted", - "supplier": "NOASSERTION", - "downloadLocation": "NOASSERTION", - "filesAnalyzed": false, - "primaryPackagePurpose": "FILE" - } - ], - "files": [ - { - "fileName": "/package-lock.json", - "SPDXID": "redacted", - "checksums": [ - { - "algorithm": "SHA1", - "checksumValue": "0000000000000000000000000000000000000000" - } - ], - "licenseConcluded": "NOASSERTION", - "copyrightText": "" - } - ], - "relationships": [ - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "OTHER", - "comment": "evident-by: indicates the package's existence is evident by the given file" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "OTHER", - "comment": "evident-by: indicates the package's existence is evident by the given file" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "OTHER", - "comment": "evident-by: indicates the package's existence is evident by the given file" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "OTHER", - "comment": "evident-by: indicates the package's existence is evident by the given file" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "OTHER", - "comment": "evident-by: indicates the package's existence is evident by the given file" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "OTHER", - "comment": "evident-by: indicates the package's existence is evident by the given file" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "OTHER", - "comment": "evident-by: indicates the package's existence is evident by the given file" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "OTHER", - "comment": "evident-by: indicates the package's existence is evident by the given file" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "OTHER", - "comment": "evident-by: indicates the package's existence is evident by the given file" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "OTHER", - "comment": "evident-by: indicates the package's existence is evident by the given file" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "OTHER", - "comment": "evident-by: indicates the package's existence is evident by the given file" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "OTHER", - "comment": "evident-by: indicates the package's existence is evident by the given file" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "OTHER", - "comment": "evident-by: indicates the package's existence is evident by the given file" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "DESCRIBES" - } - ] -} +"{"spdxVersion":"SPDX-2.3","dataLicense":"CC0-1.0","SPDXID": "redacted","name":"tests/fixtures/npm-project","documentNamespace": "redacted","creationInfo":{"licenseListVersion": "redacted","creators":["Organization: Anchore, Inc",],"created": "redacted"},"packages":[{"name":"chownr","SPDXID": "redacted","versionInfo":"2.0.0","supplier":"NOASSERTION","downloadLocation":"https://registry.npmjs.org/chownr/-/chownr-2.0.0.tgz","filesAnalyzed":false,"sourceInfo":"acquired package info from installed node module manifest file: /package-lock.json","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:chownr:chownr:2.0.0:*:*:*:*:*:*:*"},{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:npm/chownr@2.0.0"}]},{"name":"fs-minipass","SPDXID": "redacted","versionInfo":"2.1.0","supplier":"NOASSERTION","downloadLocation":"https://registry.npmjs.org/fs-minipass/-/fs-minipass-2.1.0.tgz","filesAnalyzed":false,"sourceInfo":"acquired package info from installed node module manifest file: /package-lock.json","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:fs-minipass:fs-minipass:2.1.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:fs-minipass:fs_minipass:2.1.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:fs_minipass:fs-minipass:2.1.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:fs_minipass:fs_minipass:2.1.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:fs:fs-minipass:2.1.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:fs:fs_minipass:2.1.0:*:*:*:*:*:*:*"},{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:npm/fs-minipass@2.1.0"}]},{"name":"js-tokens","SPDXID": "redacted","versionInfo":"4.0.0","supplier":"NOASSERTION","downloadLocation":"https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz","filesAnalyzed":false,"sourceInfo":"acquired package info from installed node module manifest file: /package-lock.json","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:js-tokens:js-tokens:4.0.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:js-tokens:js_tokens:4.0.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:js_tokens:js-tokens:4.0.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:js_tokens:js_tokens:4.0.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:js:js-tokens:4.0.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:js:js_tokens:4.0.0:*:*:*:*:*:*:*"},{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:npm/js-tokens@4.0.0"}]},{"name":"loose-envify","SPDXID": "redacted","versionInfo":"1.4.0","supplier":"NOASSERTION","downloadLocation":"https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz","filesAnalyzed":false,"sourceInfo":"acquired package info from installed node module manifest file: /package-lock.json","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:loose-envify:loose-envify:1.4.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:loose-envify:loose_envify:1.4.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:loose_envify:loose-envify:1.4.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:loose_envify:loose_envify:1.4.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:loose:loose-envify:1.4.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:loose:loose_envify:1.4.0:*:*:*:*:*:*:*"},{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:npm/loose-envify@1.4.0"}]},{"name":"minipass","SPDXID": "redacted","versionInfo":"3.1.3","supplier":"NOASSERTION","downloadLocation":"https://registry.npmjs.org/minipass/-/minipass-3.1.3.tgz","filesAnalyzed":false,"sourceInfo":"acquired package info from installed node module manifest file: /package-lock.json","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:minipass:minipass:3.1.3:*:*:*:*:*:*:*"},{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:npm/minipass@3.1.3"}]},{"name":"minizlib","SPDXID": "redacted","versionInfo":"2.1.2","supplier":"NOASSERTION","downloadLocation":"https://registry.npmjs.org/minizlib/-/minizlib-2.1.2.tgz","filesAnalyzed":false,"sourceInfo":"acquired package info from installed node module manifest file: /package-lock.json","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:minizlib:minizlib:2.1.2:*:*:*:*:*:*:*"},{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:npm/minizlib@2.1.2"}]},{"name":"mkdirp","SPDXID": "redacted","versionInfo":"1.0.4","supplier":"NOASSERTION","downloadLocation":"https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz","filesAnalyzed":false,"sourceInfo":"acquired package info from installed node module manifest file: /package-lock.json","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:mkdirp:mkdirp:1.0.4:*:*:*:*:*:*:*"},{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:npm/mkdirp@1.0.4"}]},{"name":"object-assign","SPDXID": "redacted","versionInfo":"4.1.1","supplier":"NOASSERTION","downloadLocation":"https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz","filesAnalyzed":false,"sourceInfo":"acquired package info from installed node module manifest file: /package-lock.json","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:object-assign:object-assign:4.1.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:object-assign:object_assign:4.1.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:object_assign:object-assign:4.1.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:object_assign:object_assign:4.1.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:object:object-assign:4.1.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:object:object_assign:4.1.1:*:*:*:*:*:*:*"},{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:npm/object-assign@4.1.1"}]},{"name":"prop-types","SPDXID": "redacted","versionInfo":"15.7.2","supplier":"NOASSERTION","downloadLocation":"https://registry.npmjs.org/prop-types/-/prop-types-15.7.2.tgz","filesAnalyzed":false,"sourceInfo":"acquired package info from installed node module manifest file: /package-lock.json","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:prop-types:prop-types:15.7.2:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:prop-types:prop_types:15.7.2:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:prop_types:prop-types:15.7.2:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:prop_types:prop_types:15.7.2:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:prop:prop-types:15.7.2:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:prop:prop_types:15.7.2:*:*:*:*:*:*:*"},{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:npm/prop-types@15.7.2"}]},{"name":"react","SPDXID": "redacted","versionInfo":"16.14.0","supplier":"NOASSERTION","downloadLocation":"https://registry.npmjs.org/react/-/react-16.14.0.tgz","filesAnalyzed":false,"sourceInfo":"acquired package info from installed node module manifest file: /package-lock.json","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:react:react:16.14.0:*:*:*:*:*:*:*"},{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:npm/react@16.14.0"}]},{"name":"react-is","SPDXID": "redacted","versionInfo":"16.13.1","supplier":"NOASSERTION","downloadLocation":"https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz","filesAnalyzed":false,"sourceInfo":"acquired package info from installed node module manifest file: /package-lock.json","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:react-is:react-is:16.13.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:react-is:react_is:16.13.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:react_is:react-is:16.13.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:react_is:react_is:16.13.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:react:react-is:16.13.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:react:react_is:16.13.1:*:*:*:*:*:*:*"},{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:npm/react-is@16.13.1"}]},{"name":"tar","SPDXID": "redacted","versionInfo":"6.1.0","supplier":"NOASSERTION","downloadLocation":"https://registry.npmjs.org/tar/-/tar-6.1.0.tgz","filesAnalyzed":false,"sourceInfo":"acquired package info from installed node module manifest file: /package-lock.json","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:tar_project:tar:6.1.0:*:*:*:*:node.js:*:*"},{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:npm/tar@6.1.0"}]},{"name":"yallist","SPDXID": "redacted","versionInfo":"4.0.0","supplier":"NOASSERTION","downloadLocation":"https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz","filesAnalyzed":false,"sourceInfo":"acquired package info from installed node module manifest file: /package-lock.json","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:yallist:yallist:4.0.0:*:*:*:*:*:*:*"},{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:npm/yallist@4.0.0"}]},{"name":"tests/fixtures/npm-project","SPDXID": "redacted","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"primaryPackagePurpose":"FILE"}],"files":[{"fileName":"/package-lock.json","SPDXID": "redacted","checksums":[{"algorithm":"SHA1","checksumValue":"0000000000000000000000000000000000000000"}],"licenseConcluded":"NOASSERTION","copyrightText":""}],"relationships":[{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"OTHER","comment":"evident-by: indicates the package's existence is evident by the given file"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"OTHER","comment":"evident-by: indicates the package's existence is evident by the given file"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"OTHER","comment":"evident-by: indicates the package's existence is evident by the given file"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"OTHER","comment":"evident-by: indicates the package's existence is evident by the given file"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"OTHER","comment":"evident-by: indicates the package's existence is evident by the given file"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"OTHER","comment":"evident-by: indicates the package's existence is evident by the given file"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"OTHER","comment":"evident-by: indicates the package's existence is evident by the given file"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"OTHER","comment":"evident-by: indicates the package's existence is evident by the given file"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"OTHER","comment":"evident-by: indicates the package's existence is evident by the given file"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"OTHER","comment":"evident-by: indicates the package's existence is evident by the given file"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"OTHER","comment":"evident-by: indicates the package's existence is evident by the given file"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"OTHER","comment":"evident-by: indicates the package's existence is evident by the given file"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"OTHER","comment":"evident-by: indicates the package's existence is evident by the given file"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"CONTAINS"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"CONTAINS"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"CONTAINS"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"CONTAINS"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"CONTAINS"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"CONTAINS"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"CONTAINS"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"CONTAINS"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"CONTAINS"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"CONTAINS"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"CONTAINS"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"CONTAINS"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"CONTAINS"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"DESCRIBES"}]} " `; exports[`SPDX JSON yarn 1`] = ` -"{ - "spdxVersion": "SPDX-2.3", - "dataLicense": "CC0-1.0", - "SPDXID": "redacted", - "name": "tests/fixtures/yarn-project", - "documentNamespace": "redacted", - "creationInfo": { - "licenseListVersion": "redacted", - "creators": [ - "Organization: Anchore, Inc", - - ], - "created": "redacted" - }, - "packages": [ - { - "name": "js-tokens", - "SPDXID": "redacted", - "versionInfo": "4.0.0", - "supplier": "NOASSERTION", - "downloadLocation": "NOASSERTION", - "filesAnalyzed": false, - "sourceInfo": "acquired package info from installed node module manifest file: /yarn.lock", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:js-tokens:js-tokens:4.0.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:js-tokens:js_tokens:4.0.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:js_tokens:js-tokens:4.0.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:js_tokens:js_tokens:4.0.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:js:js-tokens:4.0.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:js:js_tokens:4.0.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/js-tokens@4.0.0" - } - ] - }, - { - "name": "loose-envify", - "SPDXID": "redacted", - "versionInfo": "1.4.0", - "supplier": "NOASSERTION", - "downloadLocation": "NOASSERTION", - "filesAnalyzed": false, - "sourceInfo": "acquired package info from installed node module manifest file: /yarn.lock", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:loose-envify:loose-envify:1.4.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:loose-envify:loose_envify:1.4.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:loose_envify:loose-envify:1.4.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:loose_envify:loose_envify:1.4.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:loose:loose-envify:1.4.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:loose:loose_envify:1.4.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/loose-envify@1.4.0" - } - ] - }, - { - "name": "object-assign", - "SPDXID": "redacted", - "versionInfo": "4.1.1", - "supplier": "NOASSERTION", - "downloadLocation": "NOASSERTION", - "filesAnalyzed": false, - "sourceInfo": "acquired package info from installed node module manifest file: /yarn.lock", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:object-assign:object-assign:4.1.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:object-assign:object_assign:4.1.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:object_assign:object-assign:4.1.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:object_assign:object_assign:4.1.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:object:object-assign:4.1.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:object:object_assign:4.1.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/object-assign@4.1.1" - } - ] - }, - { - "name": "prop-types", - "SPDXID": "redacted", - "versionInfo": "15.7.2", - "supplier": "NOASSERTION", - "downloadLocation": "NOASSERTION", - "filesAnalyzed": false, - "sourceInfo": "acquired package info from installed node module manifest file: /yarn.lock", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:prop-types:prop-types:15.7.2:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:prop-types:prop_types:15.7.2:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:prop_types:prop-types:15.7.2:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:prop_types:prop_types:15.7.2:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:prop:prop-types:15.7.2:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:prop:prop_types:15.7.2:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/prop-types@15.7.2" - } - ] - }, - { - "name": "react", - "SPDXID": "redacted", - "versionInfo": "16.14.0", - "supplier": "NOASSERTION", - "downloadLocation": "NOASSERTION", - "filesAnalyzed": false, - "sourceInfo": "acquired package info from installed node module manifest file: /yarn.lock", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:react:react:16.14.0:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/react@16.14.0" - } - ] - }, - { - "name": "react-is", - "SPDXID": "redacted", - "versionInfo": "16.13.1", - "supplier": "NOASSERTION", - "downloadLocation": "NOASSERTION", - "filesAnalyzed": false, - "sourceInfo": "acquired package info from installed node module manifest file: /yarn.lock", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:react-is:react-is:16.13.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:react-is:react_is:16.13.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:react_is:react-is:16.13.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:react_is:react_is:16.13.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:react:react-is:16.13.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:react:react_is:16.13.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/react-is@16.13.1" - } - ] - }, - { - "name": "trim", - "SPDXID": "redacted", - "versionInfo": "0.0.2", - "supplier": "NOASSERTION", - "downloadLocation": "NOASSERTION", - "filesAnalyzed": false, - "sourceInfo": "acquired package info from installed node module manifest file: /yarn.lock", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:trim:trim:0.0.2:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/trim@0.0.2" - } - ] - }, - { - "name": "tests/fixtures/yarn-project", - "SPDXID": "redacted", - "supplier": "NOASSERTION", - "downloadLocation": "NOASSERTION", - "filesAnalyzed": false, - "primaryPackagePurpose": "FILE" - } - ], - "files": [ - { - "fileName": "/yarn.lock", - "SPDXID": "redacted", - "checksums": [ - { - "algorithm": "SHA1", - "checksumValue": "0000000000000000000000000000000000000000" - } - ], - "licenseConcluded": "NOASSERTION", - "copyrightText": "" - } - ], - "relationships": [ - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "OTHER", - "comment": "evident-by: indicates the package's existence is evident by the given file" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "OTHER", - "comment": "evident-by: indicates the package's existence is evident by the given file" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "OTHER", - "comment": "evident-by: indicates the package's existence is evident by the given file" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "OTHER", - "comment": "evident-by: indicates the package's existence is evident by the given file" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "OTHER", - "comment": "evident-by: indicates the package's existence is evident by the given file" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "OTHER", - "comment": "evident-by: indicates the package's existence is evident by the given file" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "OTHER", - "comment": "evident-by: indicates the package's existence is evident by the given file" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "redacted", - "relatedSpdxElement": "redacted", - "relationshipType": "DESCRIBES" - } - ] -} +"{"spdxVersion":"SPDX-2.3","dataLicense":"CC0-1.0","SPDXID": "redacted","name":"tests/fixtures/yarn-project","documentNamespace": "redacted","creationInfo":{"licenseListVersion": "redacted","creators":["Organization: Anchore, Inc",],"created": "redacted"},"packages":[{"name":"js-tokens","SPDXID": "redacted","versionInfo":"4.0.0","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"sourceInfo":"acquired package info from installed node module manifest file: /yarn.lock","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:js-tokens:js-tokens:4.0.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:js-tokens:js_tokens:4.0.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:js_tokens:js-tokens:4.0.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:js_tokens:js_tokens:4.0.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:js:js-tokens:4.0.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:js:js_tokens:4.0.0:*:*:*:*:*:*:*"},{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:npm/js-tokens@4.0.0"}]},{"name":"loose-envify","SPDXID": "redacted","versionInfo":"1.4.0","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"sourceInfo":"acquired package info from installed node module manifest file: /yarn.lock","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:loose-envify:loose-envify:1.4.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:loose-envify:loose_envify:1.4.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:loose_envify:loose-envify:1.4.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:loose_envify:loose_envify:1.4.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:loose:loose-envify:1.4.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:loose:loose_envify:1.4.0:*:*:*:*:*:*:*"},{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:npm/loose-envify@1.4.0"}]},{"name":"object-assign","SPDXID": "redacted","versionInfo":"4.1.1","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"sourceInfo":"acquired package info from installed node module manifest file: /yarn.lock","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:object-assign:object-assign:4.1.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:object-assign:object_assign:4.1.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:object_assign:object-assign:4.1.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:object_assign:object_assign:4.1.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:object:object-assign:4.1.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:object:object_assign:4.1.1:*:*:*:*:*:*:*"},{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:npm/object-assign@4.1.1"}]},{"name":"prop-types","SPDXID": "redacted","versionInfo":"15.7.2","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"sourceInfo":"acquired package info from installed node module manifest file: /yarn.lock","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:prop-types:prop-types:15.7.2:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:prop-types:prop_types:15.7.2:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:prop_types:prop-types:15.7.2:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:prop_types:prop_types:15.7.2:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:prop:prop-types:15.7.2:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:prop:prop_types:15.7.2:*:*:*:*:*:*:*"},{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:npm/prop-types@15.7.2"}]},{"name":"react","SPDXID": "redacted","versionInfo":"16.14.0","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"sourceInfo":"acquired package info from installed node module manifest file: /yarn.lock","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:react:react:16.14.0:*:*:*:*:*:*:*"},{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:npm/react@16.14.0"}]},{"name":"react-is","SPDXID": "redacted","versionInfo":"16.13.1","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"sourceInfo":"acquired package info from installed node module manifest file: /yarn.lock","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:react-is:react-is:16.13.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:react-is:react_is:16.13.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:react_is:react-is:16.13.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:react_is:react_is:16.13.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:react:react-is:16.13.1:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:react:react_is:16.13.1:*:*:*:*:*:*:*"},{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:npm/react-is@16.13.1"}]},{"name":"trim","SPDXID": "redacted","versionInfo":"0.0.2","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"sourceInfo":"acquired package info from installed node module manifest file: /yarn.lock","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:trim:trim:0.0.2:*:*:*:*:*:*:*"},{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:npm/trim@0.0.2"}]},{"name":"tests/fixtures/yarn-project","SPDXID": "redacted","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"primaryPackagePurpose":"FILE"}],"files":[{"fileName":"/yarn.lock","SPDXID": "redacted","checksums":[{"algorithm":"SHA1","checksumValue":"0000000000000000000000000000000000000000"}],"licenseConcluded":"NOASSERTION","copyrightText":""}],"relationships":[{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"OTHER","comment":"evident-by: indicates the package's existence is evident by the given file"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"OTHER","comment":"evident-by: indicates the package's existence is evident by the given file"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"OTHER","comment":"evident-by: indicates the package's existence is evident by the given file"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"OTHER","comment":"evident-by: indicates the package's existence is evident by the given file"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"OTHER","comment":"evident-by: indicates the package's existence is evident by the given file"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"OTHER","comment":"evident-by: indicates the package's existence is evident by the given file"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"OTHER","comment":"evident-by: indicates the package's existence is evident by the given file"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"CONTAINS"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"CONTAINS"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"CONTAINS"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"CONTAINS"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"CONTAINS"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"CONTAINS"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"CONTAINS"},{"spdxElementId": "redacted","relatedSpdxElement": "redacted","relationshipType":"DESCRIBES"}]} " `; diff --git a/tests/integration/formatExports.test.ts b/tests/integration/formatExports.test.ts index 040e7433..972973b4 100644 --- a/tests/integration/formatExports.test.ts +++ b/tests/integration/formatExports.test.ts @@ -107,7 +107,7 @@ const testSource = async (source: string, format = "spdx"): Promise => { .replace(/[^<]+<\/version>/g, ""); case "cyclonedx-json": return sbom - .replace(/"(bom-ref|serialNumber|timestamp|value|version)": "[^"]+"/g, `"$1": "redacted"`); + .replace(/"(bom-ref|serialNumber|timestamp|value|version)":( )*"[^"]+"/g, `"$1": "redacted"`); } return sbom;