• spdx-sbom-generator使用记录

    简介

    作为一个独立的开源工具,SPDX SBOM Generator可在用户当前的包管理器或开发系统中创建SPDX SBOM。用户可以使用它的CLI从代码中生成SBOM数据。它报告代码的组件、许可证、版权和安全参考。此数据以SPDX v2.2规范导出。如果你只需要基础的SBOM功能,那么SPDX SBOM Generator是个不错的选择。

    主页

    spdx-sbom-generator — Homebrew Formulae

    github地址

    Support CI generation of SBOMs via golang tooling.

    GitHub - opensbom-generator/spdx-sbom-generator: Support CI generation of SBOMs via golang tooling.

    下载

    github地址中提供了命令的下载方式,如下图所示:

    选择你自己的实际环境进行下载。笔者的运行环境是Ubuntu,因此选择Linux(x64)。鼠标点击即可直接开始下载(压缩包格式)。

    下载完成后,得到spdx-sbom-generator-v0.0.10-linux-amd64.tar.gz压缩包。通过图形界面解压,或者运行命令tar zxvf spdx-sbom-generator-v0.0.10-linux-amd64.tar.gz解压即可。之后放到某一特定目录下。

    运行

    基本运行

    按照github中的步骤,运行以下命令查看基本的命令用法:

    $ ./spdx-sbom-generator -h
    Output Package Manager dependency on SPDX format

    Usage:
      spdx-sbom-generator [flags]

    Flags:
      -f, --format string          output file format (default: spdx) (default "spdx")
      -h, --help                   help for spdx-sbom-generator
      -i, --include-license-text    Include full license text (default: false)
      -o, --output-dir string      directory to Write SPDX to file (default: current directory) (default ".")
      -p, --path string            the path to package file or the path to a directory which will be recursively analyzed for the package files (default '.') (default ".")
      -s, --schema string          Target schema version (default: '2.2') (default "2.2")

    实际运行

    实际运行需要先行安装go。在Ubuntu环境下安装go的步骤如下:

    $ go
    Command 'go' not found, but can be installed with:
    sudo apt install golang-go  # version 2:1.18~0ubuntu2, or
    sudo apt install gccgo-go   # version 2:1.18~0ubuntu2

    (1)安装golong-go

    $ sudo apt install golang-go
    正在读取软件包列表... 完成
    正在分析软件包的依赖关系树... 完成
    正在读取状态信息... 完成                 
    将会同时安装下列软件:
      golang-1.18-go golang-1.18-src golang-src pkg-config
    建议安装:
      bzr | brz mercurial subversion
    下列【新】软件包将被安装:
      golang-1.18-go golang-1.18-src golang-go golang-src pkg-config
    升级了 0 个软件包,新安装了 5 个软件包,要卸载 0 个软件包,有 17 个软件包未被升级。
    需要下载 82.3 MB 的归档。
    解压缩后会消耗 436 MB 的额外空间。
    您希望继续执行吗? [Y/n] y
    获取:1 http://cn.archive.ubuntu.com/ubuntu jammy/main amd64 golang-1.18-src all 1.18.1-1ubuntu1 [16.2 MB]
    获取:2 http://cn.archive.ubuntu.com/ubuntu jammy/main amd64 golang-1.18-go amd64 1.18.1-1ubuntu1 [66.0 MB]                                                                                                
    获取:3 http://cn.archive.ubuntu.com/ubuntu jammy/main amd64 golang-src all 2:1.18~0ubuntu2 [4,438 B]                                                                                                      
    获取:4 http://cn.archive.ubuntu.com/ubuntu jammy/main amd64 golang-go amd64 2:1.18~0ubuntu2 [41.8 kB]                                                                                                     
    获取:5 http://cn.archive.ubuntu.com/ubuntu jammy/main amd64 pkg-config amd64 0.29.2-1ubuntu3 [48.2 kB]                                                                                                    
    已下载 82.3 MB,耗时 50秒 (1,640 kB/s)                                                                                                                                                                    
    正在选中未选择的软件包 golang-1.18-src。
    (正在读取数据库 ... 系统当前共安装有 233060 个文件和目录。)
    准备解压 .../golang-1.18-src_1.18.1-1ubuntu1_all.deb  ...
    正在解压 golang-1.18-src (1.18.1-1ubuntu1) ...
    正在选中未选择的软件包 golang-1.18-go。
    准备解压 .../golang-1.18-go_1.18.1-1ubuntu1_amd64.deb  ...
    正在解压 golang-1.18-go (1.18.1-1ubuntu1) ...
    正在选中未选择的软件包 golang-src。
    准备解压 .../golang-src_2%3a1.18~0ubuntu2_all.deb  ...
    正在解压 golang-src (2:1.18~0ubuntu2) ...
    正在选中未选择的软件包 golang-go:amd64。
    准备解压 .../golang-go_2%3a1.18~0ubuntu2_amd64.deb  ...
    正在解压 golang-go:amd64 (2:1.18~0ubuntu2) ...
    正在选中未选择的软件包 pkg-config。
    准备解压 .../pkg-config_0.29.2-1ubuntu3_amd64.deb  ...
    正在解压 pkg-config (0.29.2-1ubuntu3) ...
    正在设置 pkg-config (0.29.2-1ubuntu3) ...
    正在设置 golang-1.18-src (1.18.1-1ubuntu1) ...
    正在设置 golang-src (2:1.18~0ubuntu2) ...
    正在设置 golang-1.18-go (1.18.1-1ubuntu1) ...
    正在设置 golang-go:amd64 (2:1.18~0ubuntu2) ...
    正在处理用于 man-db (2.10.2-1) 的触发器 ...

    (2)安装gccgogo

    $ sudo apt install gccgo-go
    正在读取软件包列表... 完成
    正在分析软件包的依赖关系树... 完成
    正在读取状态信息... 完成                 
    下列软件包是自动安装的并且现在不需要了:
      golang-1.18-go golang-1.18-src golang-src pkg-config
    使用'sudo apt autoremove'来卸载它(它们)。
    将会同时安装下列软件:
      gccgo-11 libgo-11-dev libgo19
    建议安装:
      gccgo-11-doc
    下列软件包将被【卸载】:
      golang-go
    下列【新】软件包将被安装:
      gccgo-11 gccgo-go libgo-11-dev libgo19
    升级了 0 个软件包,新安装了 4 个软件包,要卸载 1 个软件包,有 17 个软件包未被升级。
    需要下载 43.7 MB 的归档。
    解压缩后会消耗 201 MB 的额外空间。
    您希望继续执行吗? [Y/n] y
    获取:1 http://cn.archive.ubuntu.com/ubuntu jammy/main amd64 libgo19 amd64 11.2.0-19ubuntu1 [13.1 MB]
    获取:2 http://cn.archive.ubuntu.com/ubuntu jammy/main amd64 libgo-11-dev amd64 11.2.0-19ubuntu1 [17.3 MB]                                                                                                 
    获取:3 http://cn.archive.ubuntu.com/ubuntu jammy/universe amd64 gccgo-11 amd64 11.2.0-19ubuntu1 [13.2 MB]                                                                                                 
    获取:4 http://cn.archive.ubuntu.com/ubuntu jammy/universe amd64 gccgo-go amd64 2:1.18~0ubuntu2 [41.2 kB]                                                                                                  
    已下载 43.7 MB,耗时 33秒 (1,315 kB/s)                                                                                                                                                                    
    (正在读取数据库 ... 系统当前共安装有 246224 个文件和目录。)
    正在卸载 golang-go:amd64 (2:1.18~0ubuntu2) ...
    正在选中未选择的软件包 libgo19:amd64。
    (正在读取数据库 ... 系统当前共安装有 246196 个文件和目录。)
    准备解压 .../libgo19_11.2.0-19ubuntu1_amd64.deb  ...
    正在解压 libgo19:amd64 (11.2.0-19ubuntu1) ...
    正在选中未选择的软件包 libgo-11-dev:amd64。
    准备解压 .../libgo-11-dev_11.2.0-19ubuntu1_amd64.deb  ...
    正在解压 libgo-11-dev:amd64 (11.2.0-19ubuntu1) ...
    正在选中未选择的软件包 gccgo-11。
    准备解压 .../gccgo-11_11.2.0-19ubuntu1_amd64.deb  ...
    正在解压 gccgo-11 (11.2.0-19ubuntu1) ...
    正在选中未选择的软件包 gccgo-go:amd64。
    准备解压 .../gccgo-go_2%3a1.18~0ubuntu2_amd64.deb  ...
    正在解压 gccgo-go:amd64 (2:1.18~0ubuntu2) ...
    正在设置 libgo19:amd64 (11.2.0-19ubuntu1) ...
    正在设置 libgo-11-dev:amd64 (11.2.0-19ubuntu1) ...
    正在设置 gccgo-11 (11.2.0-19ubuntu1) ...
    正在设置 gccgo-go:amd64 (2:1.18~0ubuntu2) ...
    正在处理用于 man-db (2.10.2-1) 的触发器 ...
    正在处理用于 libc-bin (2.35-0ubuntu3.1) 的触发器 ...

    安装go完成后,可以运行实际的命令进行SBOM的生成,具体命令及结果如下所示:

    $ ./exec/spdx-sbom-generator -p ./spdx-sbom-generator/ -o ./
    INFO[2022-08-18T11:43:39+08:00] Starting to generate SPDX ...                
    INFO[2022-08-18T11:43:43+08:00] Running generator for Module Manager: `go-mod` with output `bom-go-mod.spdx`
    INFO[2022-08-18T11:43:43+08:00] Current Language Version go version go1.16.5 gccgo (Ubuntu 11.2.0-19ubuntu1) 11.2.0 linux/amd64
    INFO[2022-08-18T11:44:45+08:00] Command completed successful for below package managers
    INFO[2022-08-18T11:44:45+08:00] Plugin go-mod generated output at bom-go-mod.spdx

    执行以上命令后,会生成默认的bom-go-mod.spdx文件,文件内容如下所示:

    $ cat bom-go-mod.spdx
    SPDXVersion: SPDX-2.2
    DataLicense: CC0-1.0
    SPDXID: SPDXRef-DOCUMENT
    DocumentName: github.com/spdx/spdx-sbom-generator
    DocumentNamespace: http://spdx.org/spdxpackages/github.com/spdx/spdx-sbom-generator-354b4f77-ceb8-45ea-8319-3f54f6ae14e5
    Creator: Tool: spdx-sbom-generator-v0.0.10
    Created: 2022-08-18T03:44:45Z

    ##### Package representing the github.com/spdx/spdx-sbom-generator

    PackageName: github.com/spdx/spdx-sbom-generator
    SPDXID: SPDXRef-Package-github.com.spdx.spdx-sbom-generator
    PackageVersion: d159769
    PackageSupplier: Organization: github.com/spdx/spdx-sbom-generator
    PackageDownloadLocation: git+https://github.com/opensbom-generator/spdx-sbom-generator.git
    FilesAnalyzed: false
    PackageChecksum: SHA256: 4681b3ebb1501732d2923fba8f05b915006a7fe95211e9d53a12c398ff9ca08b
    PackageHomePage: https://github.com/spdx/spdx-sbom-generator
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-github.com.spdx.spdx-sbom-generator

    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-github.com.sergi.go-diff-v1.1.0
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-github.com.spf13.cobra-v1.1.3
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-golang.org.x.net-v0.0.0-20200301022130-244492dfa37a
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-golang.org.x.sys-v0.0.0-20220712014510-0a85c31ab51e
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-gopkg.in.warnings.v0-v0.1.2
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-github.com.dgryski.go-minhash-v0.0.0-20170608043002-7fe510aff544
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-github.com.montanaflynn.stats-v0.0.0-20151014174947-eeaced052adb
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-github.com.shogo82148.go-shuffle-v0.0.0-20170808115208-59829097ff3b
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-github.com.mitchellh.go-homedir-v1.1.0
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-golang.org.x.crypto-v0.0.0-20200302210943-78000ba7a073
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-golang.org.x.text-v0.3.6
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-gonum.org.v1.gonum-v0.7.0
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-github.com.emirpasic.gods-v1.12.0
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-github.com.hhatto.gorst-v0.0.0-20181029133204-ca9f730cac5b
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-github.com.pkg.errors-v0.9.1
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-github.com.vifraa.gopom-v0.1.0
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-gopkg.in.neurosnap.sentences.v1-v1.0.6
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-github.com.ekzhu.minhash-lsh-v0.0.0-20171225071031-5c06ee8586a1
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-github.com.go-enry.go-license-detector.v4-v4.2.0
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-github.com.go-git.go-billy.v5-v5.0.0
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-github.com.kevinburke.ssh-config-v0.0.0-20190725054713-01f96b0aa0cd
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-github.com.shurcooL.sanitized-anchor-name-v1.0.0
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-github.com.spf13.pflag-v1.0.5
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-github.com.go-git.gcfg-v1.5.0
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-github.com.imdario.mergo-v0.3.9
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-github.com.jdkato.prose-v1.1.0
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-github.com.go-git.go-git.v5-v5.1.0
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-github.com.google.uuid-v1.2.0
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-github.com.jbenet.go-context-v0.0.0-20150711004518-d14ea06fba99
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-github.com.russross.blackfriday.v2-v2.0.1
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-golang.org.x.exp-v0.0.0-20191030013958-a1ab85dbe136
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-golang.org.x.mod-v0.4.2
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-github.com.sirupsen.logrus-v1.8.1
    Relationship: SPDXRef-Package-github.com.spdx.spdx-sbom-generator DEPENDS_ON SPDXRef-Package-github.com.xanzy.ssh-agent-v0.2.1

    ##### Package representing the golang.org/x/sys

    PackageName: golang.org/x/sys
    SPDXID: SPDXRef-Package-golang.org.x.sys-v0.0.0-20220712014510-0a85c31ab51e
    PackageVersion: v0.0.0-20220712014510-0a85c31ab51e
    PackageSupplier: Organization: golang.org/x/sys
    PackageDownloadLocation: https://golang.org/x/sys
    FilesAnalyzed: false
    PackageChecksum: SHA256: 545c574cfb1d35232860cf1bd324565a6f0b9cc31893eb115ee8c5be807af5e6
    PackageHomePage: https://golang.org/x/sys
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    ##### Package representing the github.com/sirupsen/logrus

    PackageName: github.com/sirupsen/logrus
    SPDXID: SPDXRef-Package-github.com.sirupsen.logrus-v1.8.1
    PackageVersion: v1.8.1
    PackageSupplier: Organization: github.com/sirupsen/logrus
    PackageDownloadLocation: https://github.com/sirupsen/logrus/releases/tag/v1.8.1
    FilesAnalyzed: false
    PackageChecksum: SHA256: 155fe1df061eba2691efa3e865e6a549fc4fb6105a3d9eb8be7c6a152b63a45b
    PackageHomePage: https://github.com/sirupsen/logrus
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    Relationship: SPDXRef-Package-github.com.sirupsen.logrus-v1.8.1 DEPENDS_ON SPDXRef-Package-golang.org.x.crypto-v0.0.0-20200302210943-78000ba7a073
    Relationship: SPDXRef-Package-github.com.sirupsen.logrus-v1.8.1 DEPENDS_ON SPDXRef-Package-golang.org.x.sys-v0.0.0-20220712014510-0a85c31ab51e

    ##### Package representing the github.com/go-git/go-billy/v5

    PackageName: github.com/go-git/go-billy/v5
    SPDXID: SPDXRef-Package-github.com.go-git.go-billy.v5-v5.0.0
    PackageVersion: v5.0.0
    PackageSupplier: Organization: github.com/go-git/go-billy/v5
    PackageDownloadLocation: https://github.com/go-git/go-billy/v5/releases/tag/v5.0.0
    FilesAnalyzed: false
    PackageChecksum: SHA256: 6f7740c3d1dad325c03101fa0acea11abf2d37d92c15bd1cf468c3f617fe042d
    PackageHomePage: https://github.com/go-git/go-billy/v5
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    Relationship: SPDXRef-Package-github.com.go-git.go-billy.v5-v5.0.0 DEPENDS_ON SPDXRef-Package-golang.org.x.sys-v0.0.0-20220712014510-0a85c31ab51e

    ##### Package representing the github.com/go-git/go-git/v5

    PackageName: github.com/go-git/go-git/v5
    SPDXID: SPDXRef-Package-github.com.go-git.go-git.v5-v5.1.0
    PackageVersion: v5.1.0
    PackageSupplier: Organization: github.com/go-git/go-git/v5
    PackageDownloadLocation: https://github.com/go-git/go-git/v5/releases/tag/v5.1.0
    FilesAnalyzed: false
    PackageChecksum: SHA256: 0e34d9f344539d90e196396c649533be3a85322c2a6c1ba34ec703b796240144
    PackageHomePage: https://github.com/go-git/go-git/v5
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    Relationship: SPDXRef-Package-github.com.go-git.go-git.v5-v5.1.0 DEPENDS_ON SPDXRef-Package-golang.org.x.net-v0.0.0-20200301022130-244492dfa37a
    Relationship: SPDXRef-Package-github.com.go-git.go-git.v5-v5.1.0 DEPENDS_ON SPDXRef-Package-github.com.xanzy.ssh-agent-v0.2.1
    Relationship: SPDXRef-Package-github.com.go-git.go-git.v5-v5.1.0 DEPENDS_ON SPDXRef-Package-github.com.kevinburke.ssh-config-v0.0.0-20190725054713-01f96b0aa0cd
    Relationship: SPDXRef-Package-github.com.go-git.go-git.v5-v5.1.0 DEPENDS_ON SPDXRef-Package-github.com.go-git.go-billy.v5-v5.0.0
    Relationship: SPDXRef-Package-github.com.go-git.go-git.v5-v5.1.0 DEPENDS_ON SPDXRef-Package-golang.org.x.text-v0.3.6
    Relationship: SPDXRef-Package-github.com.go-git.go-git.v5-v5.1.0 DEPENDS_ON SPDXRef-Package-gopkg.in.warnings.v0-v0.1.2
    Relationship: SPDXRef-Package-github.com.go-git.go-git.v5-v5.1.0 DEPENDS_ON SPDXRef-Package-github.com.sergi.go-diff-v1.1.0
    Relationship: SPDXRef-Package-github.com.go-git.go-git.v5-v5.1.0 DEPENDS_ON SPDXRef-Package-github.com.pkg.errors-v0.9.1
    Relationship: SPDXRef-Package-github.com.go-git.go-git.v5-v5.1.0 DEPENDS_ON SPDXRef-Package-github.com.mitchellh.go-homedir-v1.1.0
    Relationship: SPDXRef-Package-github.com.go-git.go-git.v5-v5.1.0 DEPENDS_ON SPDXRef-Package-github.com.emirpasic.gods-v1.12.0
    Relationship: SPDXRef-Package-github.com.go-git.go-git.v5-v5.1.0 DEPENDS_ON SPDXRef-Package-golang.org.x.crypto-v0.0.0-20200302210943-78000ba7a073
    Relationship: SPDXRef-Package-github.com.go-git.go-git.v5-v5.1.0 DEPENDS_ON SPDXRef-Package-github.com.imdario.mergo-v0.3.9
    Relationship: SPDXRef-Package-github.com.go-git.go-git.v5-v5.1.0 DEPENDS_ON SPDXRef-Package-github.com.go-git.gcfg-v1.5.0
    Relationship: SPDXRef-Package-github.com.go-git.go-git.v5-v5.1.0 DEPENDS_ON SPDXRef-Package-github.com.jbenet.go-context-v0.0.0-20150711004518-d14ea06fba99

    ##### Package representing the github.com/go-git/gcfg

    PackageName: github.com/go-git/gcfg
    SPDXID: SPDXRef-Package-github.com.go-git.gcfg-v1.5.0
    PackageVersion: v1.5.0
    PackageSupplier: Organization: github.com/go-git/gcfg
    PackageDownloadLocation: https://github.com/go-git/gcfg/releases/tag/v1.5.0
    FilesAnalyzed: false
    PackageChecksum: SHA256: dfd5db1bff1d841a71db7043c10e98144c34ff9b0f2b7fb7d82dd9aa19e09a29
    PackageHomePage: https://github.com/go-git/gcfg
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    ##### Package representing the gopkg.in/warnings.v0

    PackageName: gopkg.in/warnings.v0
    SPDXID: SPDXRef-Package-gopkg.in.warnings.v0-v0.1.2
    PackageVersion: v0.1.2
    PackageSupplier: Organization: gopkg.in/warnings.v0
    PackageDownloadLocation: https://gopkg.in/warnings.v0
    FilesAnalyzed: false
    PackageChecksum: SHA256: 31acbcd7c7b5a2b3110efa982b56462531e880d044dd1f28f6e72fc86a85cc9f
    PackageHomePage: https://gopkg.in/warnings.v0
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    ##### Package representing the github.com/mitchellh/go-homedir

    PackageName: github.com/mitchellh/go-homedir
    SPDXID: SPDXRef-Package-github.com.mitchellh.go-homedir-v1.1.0
    PackageVersion: v1.1.0
    PackageSupplier: Organization: github.com/mitchellh/go-homedir
    PackageDownloadLocation: https://github.com/mitchellh/go-homedir/releases/tag/v1.1.0
    FilesAnalyzed: false
    PackageChecksum: SHA256: 68bf6e4a4ed2cc7fe568a43ad97c29bc540197a62bd30f1d0c2ca084cbd6ff03
    PackageHomePage: https://github.com/mitchellh/go-homedir
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    ##### Package representing the golang.org/x/net

    PackageName: golang.org/x/net
    SPDXID: SPDXRef-Package-golang.org.x.net-v0.0.0-20200301022130-244492dfa37a
    PackageVersion: v0.0.0-20200301022130-244492dfa37a
    PackageSupplier: Organization: golang.org/x/net
    PackageDownloadLocation: https://golang.org/x/net
    FilesAnalyzed: false
    PackageChecksum: SHA256: 82bf3520faadba3ed982034205cae106fedab04ac6b45956e45491b611a987f2
    PackageHomePage: https://golang.org/x/net
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    Relationship: SPDXRef-Package-golang.org.x.net-v0.0.0-20200301022130-244492dfa37a DEPENDS_ON SPDXRef-Package-golang.org.x.crypto-v0.0.0-20200302210943-78000ba7a073
    Relationship: SPDXRef-Package-golang.org.x.net-v0.0.0-20200301022130-244492dfa37a DEPENDS_ON SPDXRef-Package-golang.org.x.sys-v0.0.0-20220712014510-0a85c31ab51e
    Relationship: SPDXRef-Package-golang.org.x.net-v0.0.0-20200301022130-244492dfa37a DEPENDS_ON SPDXRef-Package-golang.org.x.text-v0.3.6

    ##### Package representing the github.com/jbenet/go-context

    PackageName: github.com/jbenet/go-context
    SPDXID: SPDXRef-Package-github.com.jbenet.go-context-v0.0.0-20150711004518-d14ea06fba99
    PackageVersion: v0.0.0-20150711004518-d14ea06fba99
    PackageSupplier: Organization: github.com/jbenet/go-context
    PackageDownloadLocation: https://github.com/jbenet/go-context/releases/tag/v0.0.0-20150711004518-d14ea06fba99
    FilesAnalyzed: false
    PackageChecksum: SHA256: 5dae2f1144854a066009d1a637b8d63037d1e996f68721143553d13e5c4f83b3
    PackageHomePage: https://github.com/jbenet/go-context
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    ##### Package representing the github.com/emirpasic/gods

    PackageName: github.com/emirpasic/gods
    SPDXID: SPDXRef-Package-github.com.emirpasic.gods-v1.12.0
    PackageVersion: v1.12.0
    PackageSupplier: Organization: github.com/emirpasic/gods
    PackageDownloadLocation: https://github.com/emirpasic/gods/releases/tag/v1.12.0
    FilesAnalyzed: false
    PackageChecksum: SHA256: 166f4e1cbed0b2a2061650b16240db325a06264c587d47d7d225dca2fd11b419
    PackageHomePage: https://github.com/emirpasic/gods
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    ##### Package representing the github.com/sergi/go-diff

    PackageName: github.com/sergi/go-diff
    SPDXID: SPDXRef-Package-github.com.sergi.go-diff-v1.1.0
    PackageVersion: v1.1.0
    PackageSupplier: Organization: github.com/sergi/go-diff
    PackageDownloadLocation: https://github.com/sergi/go-diff/releases/tag/v1.1.0
    FilesAnalyzed: false
    PackageChecksum: SHA256: da9441e0d357a679cc99f63e94e16e753861f1331bd334b2d5d70f7f088da6fb
    PackageHomePage: https://github.com/sergi/go-diff
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    ##### Package representing the golang.org/x/crypto

    PackageName: golang.org/x/crypto
    SPDXID: SPDXRef-Package-golang.org.x.crypto-v0.0.0-20200302210943-78000ba7a073
    PackageVersion: v0.0.0-20200302210943-78000ba7a073
    PackageSupplier: Organization: golang.org/x/crypto
    PackageDownloadLocation: https://golang.org/x/crypto
    FilesAnalyzed: false
    PackageChecksum: SHA256: 062f2b97d6c9066d970b048808d4fde8d9996ccf0191651d1cb395c65e7df72c
    PackageHomePage: https://golang.org/x/crypto
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    Relationship: SPDXRef-Package-golang.org.x.crypto-v0.0.0-20200302210943-78000ba7a073 DEPENDS_ON SPDXRef-Package-golang.org.x.sys-v0.0.0-20220712014510-0a85c31ab51e
    Relationship: SPDXRef-Package-golang.org.x.crypto-v0.0.0-20200302210943-78000ba7a073 DEPENDS_ON SPDXRef-Package-golang.org.x.net-v0.0.0-20200301022130-244492dfa37a

    ##### Package representing the github.com/kevinburke/ssh_config

    PackageName: github.com/kevinburke/ssh_config
    SPDXID: SPDXRef-Package-github.com.kevinburke.ssh-config-v0.0.0-20190725054713-01f96b0aa0cd
    PackageVersion: v0.0.0-20190725054713-01f96b0aa0cd
    PackageSupplier: Organization: github.com/kevinburke/ssh_config
    PackageDownloadLocation: https://github.com/kevinburke/ssh_config/releases/tag/v0.0.0-20190725054713-01f96b0aa0cd
    FilesAnalyzed: false
    PackageChecksum: SHA256: b81fb491c3abfef01675797c5f1632f1d4e89d43da647c22682419ea109f1a73
    PackageHomePage: https://github.com/kevinburke/ssh_config
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    ##### Package representing the github.com/xanzy/ssh-agent

    PackageName: github.com/xanzy/ssh-agent
    SPDXID: SPDXRef-Package-github.com.xanzy.ssh-agent-v0.2.1
    PackageVersion: v0.2.1
    PackageSupplier: Organization: github.com/xanzy/ssh-agent
    PackageDownloadLocation: https://github.com/xanzy/ssh-agent/releases/tag/v0.2.1
    FilesAnalyzed: false
    PackageChecksum: SHA256: 153d910af316896fecc21375f38a01dff1426956662f64591e11833479905aa8
    PackageHomePage: https://github.com/xanzy/ssh-agent
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    Relationship: SPDXRef-Package-github.com.xanzy.ssh-agent-v0.2.1 DEPENDS_ON SPDXRef-Package-golang.org.x.sys-v0.0.0-20220712014510-0a85c31ab51e
    Relationship: SPDXRef-Package-github.com.xanzy.ssh-agent-v0.2.1 DEPENDS_ON SPDXRef-Package-golang.org.x.crypto-v0.0.0-20200302210943-78000ba7a073

    ##### Package representing the github.com/imdario/mergo

    PackageName: github.com/imdario/mergo
    SPDXID: SPDXRef-Package-github.com.imdario.mergo-v0.3.9
    PackageVersion: v0.3.9
    PackageSupplier: Organization: github.com/imdario/mergo
    PackageDownloadLocation: https://github.com/imdario/mergo/releases/tag/v0.3.9
    FilesAnalyzed: false
    PackageChecksum: SHA256: 61cb10808400f1f0cc38d9566ebe03d726e9828156c57161c1c58509b0b85316
    PackageHomePage: https://github.com/imdario/mergo
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    ##### Package representing the github.com/google/uuid

    PackageName: github.com/google/uuid
    SPDXID: SPDXRef-Package-github.com.google.uuid-v1.2.0
    PackageVersion: v1.2.0
    PackageSupplier: Organization: github.com/google/uuid
    PackageDownloadLocation: https://github.com/google/uuid/releases/tag/v1.2.0
    FilesAnalyzed: false
    PackageChecksum: SHA256: 64a146a0fddb06f3bf07eb6cce82ae187cc76664302e94bd2942d565af52b7c9
    PackageHomePage: https://github.com/google/uuid
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    ##### Package representing the github.com/go-enry/go-license-detector/v4

    PackageName: github.com/go-enry/go-license-detector/v4
    SPDXID: SPDXRef-Package-github.com.go-enry.go-license-detector.v4-v4.2.0
    PackageVersion: v4.2.0
    PackageSupplier: Organization: github.com/go-enry/go-license-detector/v4
    PackageDownloadLocation: https://github.com/go-enry/go-license-detector/v4/releases/tag/v4.2.0
    FilesAnalyzed: false
    PackageChecksum: SHA256: d8bc784f2e6d0fe697e86be303aef3628698bbbdce7c56eac0977edba318dbc9
    PackageHomePage: https://github.com/go-enry/go-license-detector/v4
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    Relationship: SPDXRef-Package-github.com.go-enry.go-license-detector.v4-v4.2.0 DEPENDS_ON SPDXRef-Package-gopkg.in.neurosnap.sentences.v1-v1.0.6
    Relationship: SPDXRef-Package-github.com.go-enry.go-license-detector.v4-v4.2.0 DEPENDS_ON SPDXRef-Package-gonum.org.v1.gonum-v0.7.0
    Relationship: SPDXRef-Package-github.com.go-enry.go-license-detector.v4-v4.2.0 DEPENDS_ON SPDXRef-Package-github.com.pkg.errors-v0.9.1
    Relationship: SPDXRef-Package-github.com.go-enry.go-license-detector.v4-v4.2.0 DEPENDS_ON SPDXRef-Package-github.com.jdkato.prose-v1.1.0
    Relationship: SPDXRef-Package-github.com.go-enry.go-license-detector.v4-v4.2.0 DEPENDS_ON SPDXRef-Package-golang.org.x.exp-v0.0.0-20191030013958-a1ab85dbe136
    Relationship: SPDXRef-Package-github.com.go-enry.go-license-detector.v4-v4.2.0 DEPENDS_ON SPDXRef-Package-github.com.shogo82148.go-shuffle-v0.0.0-20170808115208-59829097ff3b
    Relationship: SPDXRef-Package-github.com.go-enry.go-license-detector.v4-v4.2.0 DEPENDS_ON SPDXRef-Package-github.com.sergi.go-diff-v1.1.0
    Relationship: SPDXRef-Package-github.com.go-enry.go-license-detector.v4-v4.2.0 DEPENDS_ON SPDXRef-Package-github.com.russross.blackfriday.v2-v2.0.1
    Relationship: SPDXRef-Package-github.com.go-enry.go-license-detector.v4-v4.2.0 DEPENDS_ON SPDXRef-Package-github.com.go-git.go-git.v5-v5.1.0
    Relationship: SPDXRef-Package-github.com.go-enry.go-license-detector.v4-v4.2.0 DEPENDS_ON SPDXRef-Package-github.com.shurcooL.sanitized-anchor-name-v1.0.0
    Relationship: SPDXRef-Package-github.com.go-enry.go-license-detector.v4-v4.2.0 DEPENDS_ON SPDXRef-Package-github.com.hhatto.gorst-v0.0.0-20181029133204-ca9f730cac5b
    Relationship: SPDXRef-Package-github.com.go-enry.go-license-detector.v4-v4.2.0 DEPENDS_ON SPDXRef-Package-golang.org.x.text-v0.3.6
    Relationship: SPDXRef-Package-github.com.go-enry.go-license-detector.v4-v4.2.0 DEPENDS_ON SPDXRef-Package-golang.org.x.net-v0.0.0-20200301022130-244492dfa37a
    Relationship: SPDXRef-Package-github.com.go-enry.go-license-detector.v4-v4.2.0 DEPENDS_ON SPDXRef-Package-github.com.spf13.pflag-v1.0.5
    Relationship: SPDXRef-Package-github.com.go-enry.go-license-detector.v4-v4.2.0 DEPENDS_ON SPDXRef-Package-github.com.montanaflynn.stats-v0.0.0-20151014174947-eeaced052adb
    Relationship: SPDXRef-Package-github.com.go-enry.go-license-detector.v4-v4.2.0 DEPENDS_ON SPDXRef-Package-github.com.ekzhu.minhash-lsh-v0.0.0-20171225071031-5c06ee8586a1
    Relationship: SPDXRef-Package-github.com.go-enry.go-license-detector.v4-v4.2.0 DEPENDS_ON SPDXRef-Package-github.com.dgryski.go-minhash-v0.0.0-20170608043002-7fe510aff544

    ##### Package representing the github.com/pkg/errors

    PackageName: github.com/pkg/errors
    SPDXID: SPDXRef-Package-github.com.pkg.errors-v0.9.1
    PackageVersion: v0.9.1
    PackageSupplier: Organization: github.com/pkg/errors
    PackageDownloadLocation: https://github.com/pkg/errors/releases/tag/v0.9.1
    FilesAnalyzed: false
    PackageChecksum: SHA256: 57244d185d14147321a393ff73230cf40c2c7926974dd15a7f104cf205a14981
    PackageHomePage: https://github.com/pkg/errors
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    ##### Package representing the github.com/dgryski/go-minhash

    PackageName: github.com/dgryski/go-minhash
    SPDXID: SPDXRef-Package-github.com.dgryski.go-minhash-v0.0.0-20170608043002-7fe510aff544
    PackageVersion: v0.0.0-20170608043002-7fe510aff544
    PackageSupplier: Organization: github.com/dgryski/go-minhash
    PackageDownloadLocation: https://github.com/dgryski/go-minhash/releases/tag/v0.0.0-20170608043002-7fe510aff544
    FilesAnalyzed: false
    PackageChecksum: SHA256: b1b00f78f21fd86a6f66a9052137398c6cde8d030ba24a910e971f6e5b1aea8b
    PackageHomePage: https://github.com/dgryski/go-minhash
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    ##### Package representing the github.com/ekzhu/minhash-lsh

    PackageName: github.com/ekzhu/minhash-lsh
    SPDXID: SPDXRef-Package-github.com.ekzhu.minhash-lsh-v0.0.0-20171225071031-5c06ee8586a1
    PackageVersion: v0.0.0-20171225071031-5c06ee8586a1
    PackageSupplier: Organization: github.com/ekzhu/minhash-lsh
    PackageDownloadLocation: https://github.com/ekzhu/minhash-lsh/releases/tag/v0.0.0-20171225071031-5c06ee8586a1
    FilesAnalyzed: false
    PackageChecksum: SHA256: 2fd78fb5ac18e57b3e983ca5cc043e0a23eb536d37fd35e86ba4ba9f71013811
    PackageHomePage: https://github.com/ekzhu/minhash-lsh
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    ##### Package representing the golang.org/x/text

    PackageName: golang.org/x/text
    SPDXID: SPDXRef-Package-golang.org.x.text-v0.3.6
    PackageVersion: v0.3.6
    PackageSupplier: Organization: golang.org/x/text
    PackageDownloadLocation: https://golang.org/x/text
    FilesAnalyzed: false
    PackageChecksum: SHA256: 1477b75561f2b0283dc7abe10eb5f3ac1738566cf8980810da58e41f1e13ffc6
    PackageHomePage: https://golang.org/x/text
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    ##### Package representing the github.com/hhatto/gorst

    PackageName: github.com/hhatto/gorst
    SPDXID: SPDXRef-Package-github.com.hhatto.gorst-v0.0.0-20181029133204-ca9f730cac5b
    PackageVersion: v0.0.0-20181029133204-ca9f730cac5b
    PackageSupplier: Organization: github.com/hhatto/gorst
    PackageDownloadLocation: https://github.com/hhatto/gorst/releases/tag/v0.0.0-20181029133204-ca9f730cac5b
    FilesAnalyzed: false
    PackageChecksum: SHA256: 8ebf2848ef6908d4f22923dae6af5194c1d3948a38937e130d95a24bdba7d978
    PackageHomePage: https://github.com/hhatto/gorst
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    ##### Package representing the github.com/shurcooL/sanitized_anchor_name

    PackageName: github.com/shurcooL/sanitized_anchor_name
    SPDXID: SPDXRef-Package-github.com.shurcooL.sanitized-anchor-name-v1.0.0
    PackageVersion: v1.0.0
    PackageSupplier: Organization: github.com/shurcooL/sanitized_anchor_name
    PackageDownloadLocation: https://github.com/shurcooL/sanitized_anchor_name/releases/tag/v1.0.0
    FilesAnalyzed: false
    PackageChecksum: SHA256: 240acea2b337bf567830e77c26ec788e60b54bca5b2dc2cff271a7e749640161
    PackageHomePage: https://github.com/shurcooL/sanitized_anchor_name
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    ##### Package representing the github.com/russross/blackfriday/v2

    PackageName: github.com/russross/blackfriday/v2
    SPDXID: SPDXRef-Package-github.com.russross.blackfriday.v2-v2.0.1
    PackageVersion: v2.0.1
    PackageSupplier: Organization: github.com/russross/blackfriday/v2
    PackageDownloadLocation: https://github.com/russross/blackfriday/v2/releases/tag/v2.0.1
    FilesAnalyzed: false
    PackageChecksum: SHA256: ea35ba96a6f54befa4aa44a434feed32d293aa4219748c08fcd828b74f179640
    PackageHomePage: https://github.com/russross/blackfriday/v2
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    ##### Package representing the golang.org/x/exp

    PackageName: golang.org/x/exp
    SPDXID: SPDXRef-Package-golang.org.x.exp-v0.0.0-20191030013958-a1ab85dbe136
    PackageVersion: v0.0.0-20191030013958-a1ab85dbe136
    PackageSupplier: Organization: golang.org/x/exp
    PackageDownloadLocation: https://golang.org/x/exp
    FilesAnalyzed: false
    PackageChecksum: SHA256: 97cee855cc4f7fea008f28020dd491aff78c83f80964f35c512c863361a7ba94
    PackageHomePage: https://golang.org/x/exp
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    Relationship: SPDXRef-Package-golang.org.x.exp-v0.0.0-20191030013958-a1ab85dbe136 DEPENDS_ON SPDXRef-Package-golang.org.x.sys-v0.0.0-20220712014510-0a85c31ab51e
    Relationship: SPDXRef-Package-golang.org.x.exp-v0.0.0-20191030013958-a1ab85dbe136 DEPENDS_ON SPDXRef-Package-golang.org.x.mod-v0.4.2

    ##### Package representing the gonum.org/v1/gonum

    PackageName: gonum.org/v1/gonum
    SPDXID: SPDXRef-Package-gonum.org.v1.gonum-v0.7.0
    PackageVersion: v0.7.0
    PackageSupplier: Organization: gonum.org/v1/gonum
    PackageDownloadLocation: https://gonum.org/v1/gonum
    FilesAnalyzed: false
    PackageChecksum: SHA256: 2fec87d27a8cfd929343c555d7901fcb785b0e092feaa0da71d397a3e95f38a4
    PackageHomePage: https://gonum.org/v1/gonum
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    Relationship: SPDXRef-Package-gonum.org.v1.gonum-v0.7.0 DEPENDS_ON SPDXRef-Package-golang.org.x.exp-v0.0.0-20191030013958-a1ab85dbe136

    ##### Package representing the github.com/jdkato/prose

    PackageName: github.com/jdkato/prose
    SPDXID: SPDXRef-Package-github.com.jdkato.prose-v1.1.0
    PackageVersion: v1.1.0
    PackageSupplier: Organization: github.com/jdkato/prose
    PackageDownloadLocation: https://github.com/jdkato/prose/releases/tag/v1.1.0
    FilesAnalyzed: false
    PackageChecksum: SHA256: fd7a6ad2ba96c63f44d958a2fb6ebd728ef089d6611c4a672085119dd73a200e
    PackageHomePage: https://github.com/jdkato/prose
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    ##### Package representing the github.com/montanaflynn/stats

    PackageName: github.com/montanaflynn/stats
    SPDXID: SPDXRef-Package-github.com.montanaflynn.stats-v0.0.0-20151014174947-eeaced052adb
    PackageVersion: v0.0.0-20151014174947-eeaced052adb
    PackageSupplier: Organization: github.com/montanaflynn/stats
    PackageDownloadLocation: https://github.com/montanaflynn/stats/releases/tag/v0.0.0-20151014174947-eeaced052adb
    FilesAnalyzed: false
    PackageChecksum: SHA256: 7b627074d4373de13c7c70eeec6c8d8e7e4a9762fc79514fe0f4acdf9c83b1a8
    PackageHomePage: https://github.com/montanaflynn/stats
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    ##### Package representing the github.com/shogo82148/go-shuffle

    PackageName: github.com/shogo82148/go-shuffle
    SPDXID: SPDXRef-Package-github.com.shogo82148.go-shuffle-v0.0.0-20170808115208-59829097ff3b
    PackageVersion: v0.0.0-20170808115208-59829097ff3b
    PackageSupplier: Organization: github.com/shogo82148/go-shuffle
    PackageDownloadLocation: https://github.com/shogo82148/go-shuffle/releases/tag/v0.0.0-20170808115208-59829097ff3b
    FilesAnalyzed: false
    PackageChecksum: SHA256: 983e9423bda4943a8c2cc5be2b0ad7db8c4deca7b3b12a0e2c435f8d0962a659
    PackageHomePage: https://github.com/shogo82148/go-shuffle
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    ##### Package representing the gopkg.in/neurosnap/sentences.v1

    PackageName: gopkg.in/neurosnap/sentences.v1
    SPDXID: SPDXRef-Package-gopkg.in.neurosnap.sentences.v1-v1.0.6
    PackageVersion: v1.0.6
    PackageSupplier: Organization: gopkg.in/neurosnap/sentences.v1
    PackageDownloadLocation: https://gopkg.in/neurosnap/sentences.v1
    FilesAnalyzed: false
    PackageChecksum: SHA256: b5ab1d8e81338e4b1fffd267314c38dd544ea3989b2ef80f68df581d08db37a7
    PackageHomePage: https://gopkg.in/neurosnap/sentences.v1
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    ##### Package representing the github.com/vifraa/gopom

    PackageName: github.com/vifraa/gopom
    SPDXID: SPDXRef-Package-github.com.vifraa.gopom-v0.1.0
    PackageVersion: v0.1.0
    PackageSupplier: Organization: github.com/vifraa/gopom
    PackageDownloadLocation: https://github.com/vifraa/gopom/releases/tag/v0.1.0
    FilesAnalyzed: false
    PackageChecksum: SHA256: 52dab5ea31c5ebe64a238d12ee5ba88d989de558f2f3ecf511bf99978460e090
    PackageHomePage: https://github.com/vifraa/gopom
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    ##### Package representing the golang.org/x/mod

    PackageName: golang.org/x/mod
    SPDXID: SPDXRef-Package-golang.org.x.mod-v0.4.2
    PackageVersion: v0.4.2
    PackageSupplier: Organization: golang.org/x/mod
    PackageDownloadLocation: https://golang.org/x/mod
    FilesAnalyzed: false
    PackageChecksum: SHA256: dfae27048d5f4e4944507cec0080b9a3ab66795367757891414b8f5405281f34
    PackageHomePage: https://golang.org/x/mod
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    Relationship: SPDXRef-Package-golang.org.x.mod-v0.4.2 DEPENDS_ON SPDXRef-Package-golang.org.x.crypto-v0.0.0-20200302210943-78000ba7a073

    ##### Package representing the github.com/spf13/pflag

    PackageName: github.com/spf13/pflag
    SPDXID: SPDXRef-Package-github.com.spf13.pflag-v1.0.5
    PackageVersion: v1.0.5
    PackageSupplier: Organization: github.com/spf13/pflag
    PackageDownloadLocation: https://github.com/spf13/pflag/releases/tag/v1.0.5
    FilesAnalyzed: false
    PackageChecksum: SHA256: fc85129fd574a71a2e6efbd08d6acf8731dbae7c7ed58e26411718590f0f255a
    PackageHomePage: https://github.com/spf13/pflag
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    ##### Package representing the github.com/spf13/cobra

    PackageName: github.com/spf13/cobra
    SPDXID: SPDXRef-Package-github.com.spf13.cobra-v1.1.3
    PackageVersion: v1.1.3
    PackageSupplier: Organization: github.com/spf13/cobra
    PackageDownloadLocation: https://github.com/spf13/cobra/releases/tag/v1.1.3
    FilesAnalyzed: false
    PackageChecksum: SHA256: ee57970e525f84152399dc26379dc8841977b5045cd948ca5ce5f2f9c941e9c6
    PackageHomePage: https://github.com/spf13/cobra
    PackageLicenseConcluded: NOASSERTION
    PackageLicenseDeclared: NOASSERTION
    PackageCopyrightText: NOASSERTION
    PackageLicenseComments: NOASSERTION
    PackageComment: NOASSERTION

    Relationship: SPDXRef-Package-github.com.spf13.cobra-v1.1.3 DEPENDS_ON SPDXRef-Package-github.com.spf13.pflag-v1.0.5
    Relationship: SPDXRef-Package-github.com.spf13.cobra-v1.1.3 DEPENDS_ON SPDXRef-Package-github.com.mitchellh.go-homedir-v1.1.0

  • 相关阅读:
    常用端口与udp协议
    结构体类型
    [vue]——vue3.0+高德地图的正确打开方式
    数据库实践 Hw09
    工业互联网数据监测预警解决方案
    Nginx的配置
    re:Invent 构建未来:云计算&生成式 AI 诞生科技新局面
    Discrete Optimization课程笔记(2)—Constraint Programming约束规划(上)
    Qemu 启动无法交互的处理方法
    Nacos安装
  • 原文地址:https://blog.csdn.net/phmatthaus/article/details/126402756