diff --git a/.github/workflows/build_push_dev.yml b/.github/workflows/build_push_dev.yml index a4891cdd5..57b58a048 100644 --- a/.github/workflows/build_push_dev.yml +++ b/.github/workflows/build_push_dev.yml @@ -52,7 +52,7 @@ jobs: VERSION=dev - name: Run SCA vulnerability scanners - uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@5606a843f40e25d002053dfd14cd525496c76560 # main + uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@d15c2401857055841b487d2f25d4a9eb6c4f4ef2 # main with: so_configuration: 'so_configuration_sca_dev.yml' SO_API_TOKEN: ${{ secrets.SO_API_TOKEN }} diff --git a/.github/workflows/build_push_release.yml b/.github/workflows/build_push_release.yml index 740aba719..67c013166 100644 --- a/.github/workflows/build_push_release.yml +++ b/.github/workflows/build_push_release.yml @@ -64,13 +64,13 @@ jobs: VERSION=${{ github.event.inputs.release }} - name: Run vulnerability scanners for images - uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@5606a843f40e25d002053dfd14cd525496c76560 # main + uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@d15c2401857055841b487d2f25d4a9eb6c4f4ef2 # main with: so_configuration: 'so_configuration_sca_current.yml' SO_API_TOKEN: ${{ secrets.SO_API_TOKEN }} - name: Run vulnerability scanners for endpoints - uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@5606a843f40e25d002053dfd14cd525496c76560 # main + uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@d15c2401857055841b487d2f25d4a9eb6c4f4ef2 # main with: so_configuration: 'so_configuration_endpoints.yml' SO_API_TOKEN: ${{ secrets.SO_API_TOKEN }} diff --git a/.github/workflows/check_licenses_dev.yml b/.github/workflows/check_licenses_dev.yml index 9af3383c8..4a73470d8 100644 --- a/.github/workflows/check_licenses_dev.yml +++ b/.github/workflows/check_licenses_dev.yml @@ -37,7 +37,7 @@ jobs: cdxgen ./frontend --type npm --no-babel --required-only --profile license-compliance --no-auto-compositions --project-name secobserve --output sbom_frontend_application.json - name: Import backend SBOM - uses: MaibornWolff/secobserve_actions_templates/actions/importer@5606a843f40e25d002053dfd14cd525496c76560 # main + uses: MaibornWolff/secobserve_actions_templates/actions/importer@d15c2401857055841b487d2f25d4a9eb6c4f4ef2 # main with: so_product_name: 'SecObserve' so_file_name: 'sbom_backend_application.json' @@ -47,7 +47,7 @@ jobs: so_api_token: ${{ secrets.SO_API_TOKEN }} - name: Import frontend SBOM - uses: MaibornWolff/secobserve_actions_templates/actions/importer@5606a843f40e25d002053dfd14cd525496c76560 # main + uses: MaibornWolff/secobserve_actions_templates/actions/importer@d15c2401857055841b487d2f25d4a9eb6c4f4ef2 # main with: so_product_name: 'SecObserve' so_file_name: 'sbom_frontend_application.json' diff --git a/.github/workflows/check_vulnerabilities.yml b/.github/workflows/check_vulnerabilities.yml index a6b119421..224e82fc9 100644 --- a/.github/workflows/check_vulnerabilities.yml +++ b/.github/workflows/check_vulnerabilities.yml @@ -14,7 +14,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run vulnerability scanners for code - uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@5606a843f40e25d002053dfd14cd525496c76560 # main + uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@d15c2401857055841b487d2f25d4a9eb6c4f4ef2 # main with: so_configuration: 'so_configuration_code.yml' SO_API_TOKEN: ${{ secrets.SO_API_TOKEN }} diff --git a/.github/workflows/publish_docs.yml b/.github/workflows/publish_docs.yml index 4f894d079..f6ffa92db 100644 --- a/.github/workflows/publish_docs.yml +++ b/.github/workflows/publish_docs.yml @@ -4,7 +4,7 @@ on: push: branches: - main - - chore/doc_trivy_secrets + - chore/documentation_check_security_gate permissions: read-all diff --git a/.github/workflows/scan_sca_current.yml b/.github/workflows/scan_sca_current.yml index f27c01d5c..a6ba9db27 100644 --- a/.github/workflows/scan_sca_current.yml +++ b/.github/workflows/scan_sca_current.yml @@ -18,13 +18,13 @@ jobs: ref: 'v1.22.2' - name: Run SCA vulnerability scanners - uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@5606a843f40e25d002053dfd14cd525496c76560 # main + uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@d15c2401857055841b487d2f25d4a9eb6c4f4ef2 # main with: so_configuration: 'so_configuration_sca_current.yml' SO_API_TOKEN: ${{ secrets.SO_API_TOKEN }} - name: Run endpoint vulnerability scanners - uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@5606a843f40e25d002053dfd14cd525496c76560 # main + uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@d15c2401857055841b487d2f25d4a9eb6c4f4ef2 # main with: so_configuration: 'so_configuration_endpoints.yml' SO_API_TOKEN: ${{ secrets.SO_API_TOKEN }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 04fe3fe3b..3c43ef4df 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 with: sarif_file: results.sarif diff --git a/backend/application/__init__.py b/backend/application/__init__.py index 30f15b9a8..58ddf1da3 100644 --- a/backend/application/__init__.py +++ b/backend/application/__init__.py @@ -1,4 +1,4 @@ -__version__ = "1.22.3" +__version__ = "1.22.4" import pymysql diff --git a/backend/application/import_observations/parsers/cyclone_dx/parser.py b/backend/application/import_observations/parsers/cyclone_dx/parser.py index 77ee5a2ed..ede4feff1 100644 --- a/backend/application/import_observations/parsers/cyclone_dx/parser.py +++ b/backend/application/import_observations/parsers/cyclone_dx/parser.py @@ -141,11 +141,11 @@ def _get_component(self, component_data: dict[str, Any]) -> Optional[Component]: else: for my_license in licenses: component_license = my_license.get("license", {}).get("id") - if component_license: + if component_license and component_license not in unknown_licenses: unknown_licenses.append(component_license) component_license = my_license.get("license", {}).get("name") - if component_license: + if component_license and component_license not in unknown_licenses: unknown_licenses.append(component_license) return Component( diff --git a/backend/application/licenses/api/filters.py b/backend/application/licenses/api/filters.py index ab64e2e31..912021b2a 100644 --- a/backend/application/licenses/api/filters.py +++ b/backend/application/licenses/api/filters.py @@ -202,6 +202,22 @@ class Meta: class LicensePolicyFilter(FilterSet): name = CharFilter(field_name="name", lookup_expr="icontains") + license = NumberFilter( + field_name="license", method="get_license_policies_with_license" + ) + license_group = NumberFilter( + field_name="license_group", method="get_license_policies_with_license_group" + ) + + def get_license_policies_with_license( + self, queryset, field_name, value # pylint: disable=unused-argument + ) -> bool: + return queryset.filter(license_policy_items__license=value) + + def get_license_policies_with_license_group( + self, queryset, field_name, value # pylint: disable=unused-argument + ) -> bool: + return queryset.filter(license_policy_items__license_group=value) ordering = OrderingFilter( # tuple-mapping retains order diff --git a/backend/application/licenses/api/views.py b/backend/application/licenses/api/views.py index d4b0945f6..9c7b69fd0 100644 --- a/backend/application/licenses/api/views.py +++ b/backend/application/licenses/api/views.py @@ -86,7 +86,10 @@ get_license_policy_member, get_license_policy_members, ) -from application.licenses.services.license_group import copy_license_group +from application.licenses.services.license_group import ( + copy_license_group, + import_scancode_licensedb, +) from application.licenses.services.license_policy import ( apply_license_policy, copy_license_policy, @@ -259,6 +262,23 @@ def remove_license(self, request, pk): return Response(status=HTTP_204_NO_CONTENT) + @extend_schema( + methods=["POST"], + request=None, + responses={HTTP_204_NO_CONTENT: None}, + ) + @action(detail=False, methods=["post"]) + def import_scancode_licensedb(self, request): + user = request.user + if not user.is_superuser: + raise PermissionDenied( + "User is not allowed to import license groups from ScanCode LicenseDB" + ) + + import_scancode_licensedb() + + return Response(status=HTTP_204_NO_CONTENT) + class LicenseGroupMemberViewSet(ModelViewSet): serializer_class = LicenseGroupMemberSerializer diff --git a/backend/application/licenses/migrations/0008_alter_license_policy_item_license_group.py b/backend/application/licenses/migrations/0008_alter_license_policy_item_license_group.py new file mode 100644 index 000000000..8913e2822 --- /dev/null +++ b/backend/application/licenses/migrations/0008_alter_license_policy_item_license_group.py @@ -0,0 +1,25 @@ +# Generated by Django 5.1.3 on 2024-11-21 21:00 + +import django.db.models.deletion +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ("licenses", "0007_license_component_evidence_and_more"), + ] + + operations = [ + migrations.AlterField( + model_name="license_policy_item", + name="license_group", + field=models.ForeignKey( + blank=True, + null=True, + on_delete=django.db.models.deletion.PROTECT, + related_name="license_policy_items", + to="licenses.license_group", + ), + ), + ] diff --git a/backend/application/licenses/models.py b/backend/application/licenses/models.py index a79ccb112..ea1cb152f 100644 --- a/backend/application/licenses/models.py +++ b/backend/application/licenses/models.py @@ -195,7 +195,7 @@ class License_Policy_Item(Model): license_group = ForeignKey( License_Group, related_name="license_policy_items", - on_delete=CASCADE, + on_delete=PROTECT, blank=True, null=True, ) diff --git a/backend/application/licenses/services/license_group.py b/backend/application/licenses/services/license_group.py index 870ff2ee2..b29c2378b 100644 --- a/backend/application/licenses/services/license_group.py +++ b/backend/application/licenses/services/license_group.py @@ -1,4 +1,8 @@ -from application.licenses.models import License_Group, License_Group_Member +from json import loads + +import requests + +from application.licenses.models import License, License_Group, License_Group_Member def copy_license_group(source_license_group: License_Group, name: str) -> License_Group: @@ -20,3 +24,44 @@ def copy_license_group(source_license_group: License_Group, name: str) -> Licens ) return new_license_group + + +def import_scancode_licensedb() -> None: + license_groups: dict[str, License_Group] = {} + + response = requests.get( + "https://scancode-licensedb.aboutcode.org/index.json", + timeout=60, + stream=True, + ) + response.raise_for_status() + data = loads(response.content) + + for db_license in data: + category = db_license.get("category") + spdx_license_key = db_license.get("spdx_license_key") + other_spdx_license_keys = db_license.get("other_spdx_license_keys", []) + + if category and spdx_license_key: + _add_license_to_group(license_groups, category, spdx_license_key) + for other_spdx_license_key in other_spdx_license_keys: + _add_license_to_group(license_groups, category, other_spdx_license_key) + + +def _add_license_to_group(license_groups, category, spdx_license_key): + try: + spdx_license = License.objects.get(spdx_id=spdx_license_key) + license_group = license_groups.get(category) + if not license_group: + license_group, _ = License_Group.objects.get_or_create( + name=f"{category} (ScanCode LicenseDB)", + description="Do not edit! " + + "Imported from [ScanCode LicenseDB](https://scancode-licensedb.aboutcode.org/) " + + "under the CC-BY-4.0 license.", + is_public=True, + ) + license_groups[category] = license_group + license_group.licenses.clear() + license_group.licenses.add(spdx_license) + except License.DoesNotExist: + pass diff --git a/backend/pyproject.toml b/backend/pyproject.toml index 45682d7c1..2dab3daca 100644 --- a/backend/pyproject.toml +++ b/backend/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "SecObserve" -version = "1.22.3" +version = "1.22.4" description = "SecObserve is an open source vulnerability management system for software development and cloud environments." license = "BSD-3-Clause" authors = [ diff --git a/backend/unittests/access_control/api/test_authentication.py b/backend/unittests/access_control/api/test_authentication.py index 842bada4c..5d1f5d443 100644 --- a/backend/unittests/access_control/api/test_authentication.py +++ b/backend/unittests/access_control/api/test_authentication.py @@ -328,6 +328,9 @@ def test_authentication(self, mock_user): self._check_authentication(["post"], "/api/license_groups/1/copy/") self._check_authentication(["post"], "/api/license_groups/1/add_license/") self._check_authentication(["post"], "/api/license_groups/1/remove_license/") + self._check_authentication( + ["post"], "/api/license_groups/import_scancode_licensedb/" + ) self._check_authentication(["get", "post"], "/api/license_group_members/") self._check_authentication( diff --git a/backend/unittests/access_control/api/test_authorization_license_group_authorization_group_members.py b/backend/unittests/access_control/api/test_authorization_license_group_authorization_group_members.py index 4e5a2c070..a63309c0c 100644 --- a/backend/unittests/access_control/api/test_authorization_license_group_authorization_group_members.py +++ b/backend/unittests/access_control/api/test_authorization_license_group_authorization_group_members.py @@ -1,4 +1,4 @@ -from application.licenses.models import License_Group +from application.licenses.models import License_Group, License_Policy from unittests.access_control.api.test_authorization import ( APITest, TestAuthorizationBase, @@ -7,6 +7,7 @@ class TestAuthorizationLicenseGroupAuthorizationGroupMembers(TestAuthorizationBase): def test_authorization_license_group_authorization_group_members(self): + License_Policy.objects.all().delete() License_Group.objects.filter(pk__lt=1000).delete() expected_data = "{'count': 3, 'next': None, 'previous': None, 'results': [{'id': 1000, 'license_group_data': {'id': 1003, 'is_manager': False, 'is_in_license_policy': False, 'has_licenses': False, 'has_users': False, 'has_authorization_groups': True, 'name': 'authorization_group_not_manager', 'description': '', 'is_public': False}, 'authorization_group_data': {'id': 2, 'name': 'oidc_group_2', 'oidc_group': 'oidc_2'}, 'is_manager': False, 'license_group': 1003, 'authorization_group': 2}, {'id': 1001, 'license_group_data': {'id': 1004, 'is_manager': False, 'is_in_license_policy': False, 'has_licenses': False, 'has_users': False, 'has_authorization_groups': True, 'name': 'authorization_group_manager', 'description': '', 'is_public': False}, 'authorization_group_data': {'id': 2, 'name': 'oidc_group_2', 'oidc_group': 'oidc_2'}, 'is_manager': True, 'license_group': 1004, 'authorization_group': 2}, {'id': 1002, 'license_group_data': {'id': 1003, 'is_manager': False, 'is_in_license_policy': False, 'has_licenses': False, 'has_users': False, 'has_authorization_groups': True, 'name': 'authorization_group_not_manager', 'description': '', 'is_public': False}, 'authorization_group_data': {'id': 3, 'name': 'non_oidc_group', 'oidc_group': ''}, 'is_manager': True, 'license_group': 1003, 'authorization_group': 3}]}" diff --git a/backend/unittests/access_control/api/test_authorization_license_group_members.py b/backend/unittests/access_control/api/test_authorization_license_group_members.py index a62a8df9b..6445c151b 100644 --- a/backend/unittests/access_control/api/test_authorization_license_group_members.py +++ b/backend/unittests/access_control/api/test_authorization_license_group_members.py @@ -1,4 +1,4 @@ -from application.licenses.models import License_Group +from application.licenses.models import License_Group, License_Policy from unittests.access_control.api.test_authorization import ( APITest, TestAuthorizationBase, @@ -7,6 +7,7 @@ class TestAuthorizationLicenseGroupMembers(TestAuthorizationBase): def test_authorization_license_group_members(self): + License_Policy.objects.all().delete() License_Group.objects.filter(pk__lt=1000).delete() expected_data = "{'count': 3, 'next': None, 'previous': None, 'results': [{'id': 1001, 'license_group_data': {'id': 1001, 'is_manager': False, 'is_in_license_policy': False, 'has_licenses': True, 'has_users': True, 'has_authorization_groups': False, 'name': 'internal_read_not_manager', 'description': '', 'is_public': False}, 'user_data': {'id': 3, 'username': 'db_internal_read', 'first_name': '', 'last_name': '', 'full_name': 'db_internal_read', 'email': '', 'is_active': True, 'is_superuser': False, 'is_external': False, 'setting_theme': 'light', 'setting_list_size': 'medium', 'permissions': [, ], 'setting_list_properties': '', 'oidc_groups_hash': '', 'is_oidc_user': False, 'date_joined': '2022-12-07T20:25:06+01:00', 'has_password': False}, 'is_manager': False, 'license_group': 1001, 'user': 3}, {'id': 1002, 'license_group_data': {'id': 1002, 'is_manager': False, 'is_in_license_policy': False, 'has_licenses': True, 'has_users': True, 'has_authorization_groups': False, 'name': 'internal_write_manager', 'description': '', 'is_public': False}, 'user_data': {'id': 2, 'username': 'db_internal_write', 'first_name': '', 'last_name': '', 'full_name': 'db_internal_write', 'email': '', 'is_active': True, 'is_superuser': False, 'is_external': False, 'setting_theme': 'light', 'setting_list_size': 'medium', 'permissions': [, ], 'setting_list_properties': '', 'oidc_groups_hash': '', 'is_oidc_user': False, 'date_joined': '2022-12-07T20:24:53+01:00', 'has_password': False}, 'is_manager': True, 'license_group': 1002, 'user': 2}, {'id': 1003, 'license_group_data': {'id': 1001, 'is_manager': False, 'is_in_license_policy': False, 'has_licenses': True, 'has_users': True, 'has_authorization_groups': False, 'name': 'internal_read_not_manager', 'description': '', 'is_public': False}, 'user_data': {'id': 4, 'username': 'db_external', 'first_name': '', 'last_name': '', 'full_name': 'db_external', 'email': '', 'is_active': True, 'is_superuser': False, 'is_external': True, 'setting_theme': 'light', 'setting_list_size': 'medium', 'permissions': [], 'setting_list_properties': '', 'oidc_groups_hash': '', 'is_oidc_user': False, 'date_joined': '2022-12-12T19:48:08.514000+01:00', 'has_password': False}, 'is_manager': False, 'license_group': 1001, 'user': 4}]}" diff --git a/backend/unittests/access_control/api/test_authorization_license_groups.py b/backend/unittests/access_control/api/test_authorization_license_groups.py index e9745733f..26c4622c5 100644 --- a/backend/unittests/access_control/api/test_authorization_license_groups.py +++ b/backend/unittests/access_control/api/test_authorization_license_groups.py @@ -1,4 +1,4 @@ -from application.licenses.models import License_Group +from application.licenses.models import License_Group, License_Policy from unittests.access_control.api.test_authorization import ( APITest, TestAuthorizationBase, @@ -7,6 +7,7 @@ class TestAuthorizationLicenseGroups(TestAuthorizationBase): def test_authorization_license_groups(self): + License_Policy.objects.all().delete() License_Group.objects.filter(pk__lt=1000).delete() expected_data = "{'count': 5, 'next': None, 'previous': None, 'results': [{'id': 1000, 'is_manager': False, 'is_in_license_policy': False, 'has_licenses': True, 'has_users': False, 'has_authorization_groups': False, 'name': 'public', 'description': '', 'is_public': True}, {'id': 1001, 'is_manager': False, 'is_in_license_policy': False, 'has_licenses': True, 'has_users': True, 'has_authorization_groups': False, 'name': 'internal_read_not_manager', 'description': '', 'is_public': False}, {'id': 1002, 'is_manager': False, 'is_in_license_policy': False, 'has_licenses': True, 'has_users': True, 'has_authorization_groups': False, 'name': 'internal_write_manager', 'description': '', 'is_public': False}, {'id': 1003, 'is_manager': False, 'is_in_license_policy': False, 'has_licenses': False, 'has_users': False, 'has_authorization_groups': True, 'name': 'authorization_group_not_manager', 'description': '', 'is_public': False}, {'id': 1004, 'is_manager': False, 'is_in_license_policy': False, 'has_licenses': False, 'has_users': False, 'has_authorization_groups': True, 'name': 'authorization_group_manager', 'description': '', 'is_public': False}]}" @@ -353,3 +354,28 @@ def test_authorization_license_groups(self): no_second_user=True, ) ) + + expected_data = "{'message': 'User is not allowed to import license groups from ScanCode LicenseDB'}" + self._test_api( + APITest( + "db_internal_write", + "post", + "/api/license_groups/import_scancode_licensedb/", + post_data, + 403, + expected_data, + no_second_user=True, + ) + ) + + self._test_api( + APITest( + "db_admin", + "post", + "/api/license_groups/import_scancode_licensedb/", + post_data, + 204, + None, + no_second_user=True, + ) + ) diff --git a/backend/unittests/import_observations/parsers/cyclone_dx/files/changed/licenses_1.json b/backend/unittests/import_observations/parsers/cyclone_dx/files/changed/licenses_1.json index 568e5040e..0ce6caf37 100644 --- a/backend/unittests/import_observations/parsers/cyclone_dx/files/changed/licenses_1.json +++ b/backend/unittests/import_observations/parsers/cyclone_dx/files/changed/licenses_1.json @@ -31,11 +31,11 @@ ], "component": { "name": "SecObserve", - "version": "1.22.3", + "version": "1.22.4", "description": "SecObserve is an open source vulnerability management system for software development and cloud environments.", "type": "application", - "bom-ref": "pkg:pypi/secobserve@1.22.3", - "purl": "pkg:pypi/secobserve@1.22.3" + "bom-ref": "pkg:pypi/secobserve@1.22.4", + "purl": "pkg:pypi/secobserve@1.22.4" }, "properties": [ { @@ -2792,7 +2792,7 @@ ], "dependencies": [ { - "ref": "pkg:pypi/secobserve@1.22.3", + "ref": "pkg:pypi/secobserve@1.22.4", "dependsOn": [ "pkg:pypi/argon2-cffi@23.1.0", "pkg:pypi/cvss@3.2", diff --git a/backend/unittests/import_observations/parsers/cyclone_dx/files/licenses_1.json b/backend/unittests/import_observations/parsers/cyclone_dx/files/licenses_1.json index 66afa38da..5b6931071 100644 --- a/backend/unittests/import_observations/parsers/cyclone_dx/files/licenses_1.json +++ b/backend/unittests/import_observations/parsers/cyclone_dx/files/licenses_1.json @@ -1 +1 @@ -{"bomFormat":"CycloneDX","specVersion":"1.5","serialNumber":"urn:uuid:12f6dd75-f31f-48a8-8b59-c7c9f87d68c9","version":1,"metadata":{"timestamp":"2024-10-22T12:15:48Z","tools":{"components":[{"group":"@cyclonedx","name":"cdxgen","version":"10.10.6","purl":"pkg:npm/%40cyclonedx/cdxgen@10.10.6","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@10.10.6","author":"OWASP Foundation","publisher":"OWASP Foundation"}]},"authors":[{"name":"OWASP Foundation"}],"lifecycles":[{"phase":"build"}],"component":{"name":"SecObserve","version":"1.22.3","description":"SecObserve is an open source vulnerability management system for software development and cloud environments.","type":"application","bom-ref":"pkg:pypi/secobserve@1.22.3","purl":"pkg:pypi/secobserve@1.22.3"},"properties":[{"name":"cdx:bom:componentTypes","value":"pypi"}]},"components":[{"author":"Hynek Schlawack ","group":"","name":"argon2-cffi-bindings","version":"21.2.0","description":"Low-level CFFI bindings for Argon2","hashes":[{"alg":"SHA-256","content":"ccb949252cb2ab3a08c02024acb77cfb179492d5701c7cbdbfd776124d4d2367"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/argon2-cffi-bindings@21.2.0","externalReferences":[{"type":"vcs","url":"https://github.com/hynek/argon2-cffi-bindings"}],"type":"library","bom-ref":"pkg:pypi/argon2-cffi-bindings@21.2.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Hynek Schlawack ","group":"","name":"argon2-cffi","version":"23.1.0","description":"Argon2 for Python","hashes":[{"alg":"SHA-256","content":"c670642b78ba29641818ab2e68bd4e6a78ba53b7eff7b4c3815ae16abf91c7ea"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/argon2-cffi@23.1.0","type":"library","bom-ref":"pkg:pypi/argon2-cffi@23.1.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Django Software Foundation ","group":"","name":"asgiref","version":"3.8.1","description":"ASGI specs, helper code, and adapters","hashes":[{"alg":"SHA-256","content":"3e1e3ecc849832fe52ccf2cb6686b7a55f82bb1d6aee72a58826471390335e47"}],"licenses":[{"license":{"id":"0BSD","url":"https://opensource.org/licenses/0BSD"}},{"license":{"id":"BSD-3-Clause","url":"https://opensource.org/licenses/BSD-3-Clause"}}],"purl":"pkg:pypi/asgiref@3.8.1","externalReferences":[{"type":"vcs","url":"https://github.com/django/asgiref/"}],"type":"library","bom-ref":"pkg:pypi/asgiref@3.8.1","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Hynek Schlawack ","group":"","name":"attrs","version":"24.2.0","description":"Classes Without Boilerplate","hashes":[{"alg":"SHA-256","content":"81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/attrs@24.2.0","type":"library","bom-ref":"pkg:pypi/attrs@24.2.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Eric Larson , Frost Ming , William Woodruff ","group":"","name":"CacheControl","version":"0.14.0","description":"httplib2 caching for requests","hashes":[{"alg":"SHA-256","content":"f5bf3f0620c38db2e5122c0726bdebb0d16869de966ea6a2befe92470b740ea0"}],"licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:pypi/cachecontrol@0.14.0","type":"library","bom-ref":"pkg:pypi/cachecontrol@0.14.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"instrumentation","confidence":1,"value":"/tmp/cdxgen-venv-43yYKx"}]}},"properties":[{"name":"SrcFile","value":"/home/runner/work/SecObserve/SecObserve/backend/poetry_requirements.txt"}]},{"author":"Kenneth Reitz ","group":"","name":"certifi","version":"2024.8.30","description":"Python package for providing Mozilla's CA Bundle.","hashes":[{"alg":"SHA-256","content":"922820b53db7a7257ffbda3f597266d435245903d80737e34f8a45ff3e3230d8"}],"licenses":[{"license":{"id":"MPL-2.0","url":"https://opensource.org/licenses/MPL-2.0"}}],"purl":"pkg:pypi/certifi@2024.8.30","externalReferences":[{"type":"vcs","url":"https://github.com/certifi/python-certifi"}],"type":"library","bom-ref":"pkg:pypi/certifi@2024.8.30","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Armin Rigo, Maciej Fijalkowski ","group":"","name":"cffi","version":"1.17.1","description":"Foreign Function Interface for Python calling C code.","hashes":[{"alg":"SHA-256","content":"df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/cffi@1.17.1","externalReferences":[{"type":"website","url":"http://cffi.readthedocs.org"}],"type":"library","bom-ref":"pkg:pypi/cffi@1.17.1","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Ahmed TAHRI ","group":"","name":"charset-normalizer","version":"3.4.0","description":"The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.","hashes":[{"alg":"SHA-256","content":"4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/charset-normalizer@3.4.0","externalReferences":[{"type":"vcs","url":"https://github.com/Ousret/charset_normalizer"}],"type":"library","bom-ref":"pkg:pypi/charset-normalizer@3.4.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"The cryptography developers >","group":"","name":"cryptography","version":"43.0.1","description":"cryptography is a package which provides cryptographic recipes and primitives to Python developers.","hashes":[{"alg":"SHA-256","content":"8385d98f6a3bf8bb2d65a73e17ed87a3ba84f6991c155691c51112075f9ffc5d"}],"licenses":[{"expression":"Apache-2.0 OR BSD-3-Clause"}],"purl":"pkg:pypi/cryptography@43.0.1","type":"library","bom-ref":"pkg:pypi/cryptography@43.0.1","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}},"properties":[{"name":"cdx:pypi:latest_version","value":"43.0.3"},{"name":"cdx:pypi:resolved_from","value":"cryptography"}]},{"author":"Stanislav Kontar, Red Hat Product Security ","group":"","name":"cvss","version":"3.2","description":"CVSS2/3/4 library with interactive calculator for Python 2 and Python 3","hashes":[{"alg":"SHA-256","content":"e2c2fbc8943c6df83d23c7ad74bb9c5e584c666a9455b013b598e292e5018469"}],"licenses":[{"license":{"id":"LGPL-3.0-or-later","url":"https://opensource.org/licenses/LGPL-3.0-or-later"}}],"purl":"pkg:pypi/cvss@3.2","externalReferences":[{"type":"vcs","url":"https://github.com/RedHatProductSecurity/cvss"}],"type":"library","bom-ref":"pkg:pypi/cvss@3.2","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Raphael Michel ","group":"","name":"defusedcsv","version":"2.0.0","description":"Drop-in replacement for Python's CSV library that tries to mitigate CSV injection attacks","hashes":[{"alg":"SHA-256","content":"a7bc3b1ac1ce4f8c6c1e8740466b1b5789b51ca18d918b0099313dc0cdf2cef4"}],"licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:pypi/defusedcsv@2.0.0","externalReferences":[{"type":"vcs","url":"https://github.com/raphaelm/defusedcsv"}],"type":"library","bom-ref":"pkg:pypi/defusedcsv@2.0.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Christian Heimes ","group":"","name":"defusedxml","version":"0.7.1","description":"XML bomb protection for Python stdlib modules","hashes":[{"alg":"SHA-256","content":"a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61"}],"licenses":[{"license":{"id":"PSF-2.0","url":"https://opensource.org/licenses/PSF-2.0"}}],"purl":"pkg:pypi/defusedxml@0.7.1","externalReferences":[{"type":"vcs","url":"https://github.com/tiran/defusedxml"}],"type":"library","bom-ref":"pkg:pypi/defusedxml@0.7.1","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Otto Yiu ","group":"","name":"django-cors-headers","version":"4.5.0","description":"django-cors-headers is a Django application for handling the server headers required for Cross-Origin Resource Sharing (CORS).","hashes":[{"alg":"SHA-256","content":"28c1ded847aa70208798de3e42422a782f427b8b720e8d7319d34b654b5978e6"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/django-cors-headers@4.5.0","type":"framework","bom-ref":"pkg:pypi/django-cors-headers@4.5.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"James Socol ","group":"","name":"django-csp","version":"3.8","description":"Django Content Security Policy support.","hashes":[{"alg":"SHA-256","content":"19b2978b03fcd73517d7d67acbc04fbbcaec0facc3e83baa502965892d1e0719"}],"licenses":[{"license":{"id":"0BSD","url":"https://opensource.org/licenses/0BSD"}}],"purl":"pkg:pypi/django-csp@3.8","type":"framework","bom-ref":"pkg:pypi/django-csp@3.8","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Scott Sharkey ","group":"","name":"django-encrypted-model-fields","version":"0.6.5","description":"A set of fields that wrap standard Django fields with encryption provided by the python cryptography library.","hashes":[{"alg":"SHA-256","content":"b21bbdd8ae2e1a0ea37a5049b3ba46e6e63bf287ad241219a058fac1070796cc"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/django-encrypted-model-fields@0.6.5","externalReferences":[{"type":"vcs","url":"https://gitlab.com/lansharkconsulting/django/django-encrypted-model-fields"}],"type":"framework","bom-ref":"pkg:pypi/django-encrypted-model-fields@0.6.5","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Daniele Faraglia ","group":"","name":"django-environ","version":"0.11.2","description":"A package that allows you to utilize 12factor inspired environment variables to configure your Django application.","hashes":[{"alg":"SHA-256","content":"0ff95ab4344bfeff693836aa978e6840abef2e2f1145adff7735892711590c05"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/django-environ@0.11.2","externalReferences":[{"type":"website","url":"https://django-environ.readthedocs.org"}],"type":"framework","bom-ref":"pkg:pypi/django-environ@0.11.2","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Alex Gaynor ","group":"","name":"django-filter","version":"24.3","description":"Django-filter is a reusable Django application for allowing users to filter querysets dynamically.","hashes":[{"alg":"SHA-256","content":"c4852822928ce17fb699bcfccd644b3574f1a2d80aeb2b4ff4f16b02dd49dc64"}],"licenses":[{"license":{"id":"0BSD","url":"https://opensource.org/licenses/0BSD"}}],"purl":"pkg:pypi/django-filter@24.3","type":"framework","bom-ref":"pkg:pypi/django-filter@24.3","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Simon Charette ","group":"","name":"django-picklefield","version":"3.2","description":"Pickled object field for Django","hashes":[{"alg":"SHA-256","content":"e9a73539d110f69825d9320db18bcb82e5189ff48dbed41821c026a20497764c"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/django-picklefield@3.2","externalReferences":[{"type":"vcs","url":"http://github.com/gintas/django-picklefield"}],"type":"framework","bom-ref":"pkg:pypi/django-picklefield@3.2","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Django Software Foundation ","group":"","name":"Django","version":"5.1.2","description":"A high-level Python web framework that encourages rapid development and clean, pragmatic design.","hashes":[{"alg":"SHA-256","content":"f11aa87ad8d5617171e3f77e1d5d16f004b79a2cf5d2e1d2b97a6a1f8e9ba5ed"}],"licenses":[{"license":{"id":"0BSD","url":"https://opensource.org/licenses/0BSD"}},{"license":{"id":"BSD-3-Clause","url":"https://opensource.org/licenses/BSD-3-Clause"}}],"purl":"pkg:pypi/django@5.1.2","type":"framework","bom-ref":"pkg:pypi/django@5.1.2","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Tom Christie ","group":"","name":"djangorestframework","version":"3.15.2","description":"Web APIs for Django, made easy.","hashes":[{"alg":"SHA-256","content":"2b8871b062ba1aefc2de01f773875441a961fefbf79f5eed1e32b2f096944b20"}],"licenses":[{"license":{"id":"0BSD","url":"https://opensource.org/licenses/0BSD"}}],"purl":"pkg:pypi/djangorestframework@3.15.2","externalReferences":[{"type":"website","url":"https://www.django-rest-framework.org/"}],"type":"framework","bom-ref":"pkg:pypi/djangorestframework@3.15.2","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Bob Halley ","group":"","name":"dnspython","version":"2.7.0","description":"DNS toolkit","hashes":[{"alg":"SHA-256","content":"b4c34b7d10b51bcc3a5071e7b8dee77939f1e878477eeecc965e9835f63c6c86"}],"licenses":[{"license":{"id":"ISC","url":"https://opensource.org/licenses/ISC"}}],"purl":"pkg:pypi/dnspython@2.7.0","type":"library","bom-ref":"pkg:pypi/dnspython@2.7.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"T. Franzel ","group":"","name":"drf-spectacular-sidecar","version":"2024.7.1","description":"Serve self-contained distribution builds of Swagger UI and Redoc with Django","hashes":[{"alg":"SHA-256","content":"5dc8b38ad153e90b328152674c7959bf114bf86360a617a5a4516e135cb832bc"}],"licenses":[{"license":{"id":"0BSD","url":"https://opensource.org/licenses/0BSD"}}],"purl":"pkg:pypi/drf-spectacular-sidecar@2024.7.1","externalReferences":[{"type":"vcs","url":"https://github.com/tfranzel/drf-spectacular-sidecar"}],"type":"library","bom-ref":"pkg:pypi/drf-spectacular-sidecar@2024.7.1","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"T. Franzel ","group":"","name":"drf-spectacular","version":"0.27.2","description":"Sane and flexible OpenAPI 3 schema generation for Django REST framework","hashes":[{"alg":"SHA-256","content":"b1c04bf8b2fbbeaf6f59414b4ea448c8787aba4d32f76055c3b13335cf7ec37b"}],"licenses":[{"license":{"id":"0BSD","url":"https://opensource.org/licenses/0BSD"}}],"purl":"pkg:pypi/drf-spectacular@0.27.2","externalReferences":[{"type":"vcs","url":"https://github.com/tfranzel/drf-spectacular"}],"type":"framework","bom-ref":"pkg:pypi/drf-spectacular@0.27.2","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Joshua Tauberer ","group":"","name":"email-validator","version":"2.1.1","description":"A robust email address syntax and deliverability validation library.","hashes":[{"alg":"SHA-256","content":"97d882d174e2a65732fb43bfce81a3a834cbc1bde8bf419e30ef5ea976370a05"}],"licenses":[{"expression":"The Unlicense (Unlicense)"}],"purl":"pkg:pypi/email-validator@2.1.1","externalReferences":[{"type":"vcs","url":"https://github.com/JoshData/python-email-validator"}],"type":"library","bom-ref":"pkg:pypi/email-validator@2.1.1","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}},"properties":[{"name":"cdx:pypi:latest_version","value":"2.2.0"},{"name":"cdx:pypi:resolved_from","value":"email-validator"}]},{"author":"See ATUHORS.txt ","group":"","name":"et-xmlfile","version":"1.1.0","description":"An implementation of lxml.xmlfile for the standard library","hashes":[{"alg":"SHA-256","content":"a2ba85d1d6a74ef63837eed693bcb89c3f752169b0e3e7ae5b16ca5e1b3deada"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/et-xmlfile@1.1.0","externalReferences":[{"type":"website","url":"https://foss.heptapod.net/openpyxl/et_xmlfile"}],"type":"library","bom-ref":"pkg:pypi/et-xmlfile@1.1.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Benoit Chesneau ","group":"","name":"gunicorn","version":"23.0.0","description":"WSGI HTTP Server for UNIX","hashes":[{"alg":"SHA-256","content":"ec400d38950de4dfd418cff8328b2c8faed0edb0d517d3394e457c317908ca4d"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/gunicorn@23.0.0","type":"library","bom-ref":"pkg:pypi/gunicorn@23.0.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Charles Leifer ","group":"","name":"huey","version":"2.5.2","description":"huey, a little task queue","hashes":[{"alg":"SHA-256","content":"df33db474c05414ed40ee2110e9df692369871734da22d74ffb035a4bd74047f"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/huey@2.5.2","externalReferences":[{"type":"vcs","url":"http://github.com/coleifer/huey/"}],"type":"library","bom-ref":"pkg:pypi/huey@2.5.2","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Kim Davies ","group":"","name":"idna","version":"3.10","description":"Internationalized Domain Names in Applications (IDNA)","hashes":[{"alg":"SHA-256","content":"946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3"}],"licenses":[{"license":{"id":"0BSD","url":"https://opensource.org/licenses/0BSD"}}],"purl":"pkg:pypi/idna@3.10","type":"library","bom-ref":"pkg:pypi/idna@3.10","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"\"Jason R. Coombs\" ","group":"","name":"importlib-metadata","version":"8.5.0","description":"Read metadata from Python packages","hashes":[{"alg":"SHA-256","content":"45e54197d28b7a7f1559e60b95e7c567032b602131fbd588f1497f47880aa68b"}],"licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:pypi/importlib-metadata@8.5.0","type":"library","bom-ref":"pkg:pypi/importlib-metadata@8.5.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"instrumentation","confidence":1,"value":"/tmp/cdxgen-venv-43yYKx"}]}},"properties":[{"name":"SrcFile","value":"/home/runner/work/SecObserve/SecObserve/backend/poetry_requirements.txt"}]},{"author":"Paul Dyson ","group":"","name":"inflect","version":"7.4.0","description":"Correctly generate plurals, singular nouns, ordinals, indefinite articles","hashes":[{"alg":"SHA-256","content":"85af0997ee2bda942b1c1eed8c8a827abda91aa3e22d1efaa0eea817f9350ce7"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/inflect@7.4.0","type":"library","bom-ref":"pkg:pypi/inflect@7.4.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Janne Vanhala ","group":"","name":"inflection","version":"0.5.1","description":"A port of Ruby on Rails inflector to Python","hashes":[{"alg":"SHA-256","content":"f38b2b640938a4f35ade69ac3d053042959b62a0f1076a5bbaa1b9526605a8a2"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/inflection@0.5.1","externalReferences":[{"type":"vcs","url":"https://github.com/jpvanhal/inflection"}],"type":"library","bom-ref":"pkg:pypi/inflection@0.5.1","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Ben Speakmon ","group":"","name":"jira","version":"3.8.0","description":"Python library for interacting with JIRA via REST APIs.","hashes":[{"alg":"SHA-256","content":"12190dc84dad00b8a6c0341f7e8a254b0f38785afdec022bd5941e1184a5a3fb"}],"licenses":[{"license":{"id":"0BSD","url":"https://opensource.org/licenses/0BSD"}},{"license":{"id":"BSD-2-Clause","url":"https://opensource.org/licenses/BSD-2-Clause"}}],"purl":"pkg:pypi/jira@3.8.0","externalReferences":[{"type":"vcs","url":"https://github.com/pycontribs/jira"}],"type":"library","bom-ref":"pkg:pypi/jira@3.8.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"David Aguilar ","group":"","name":"jsonpickle","version":"3.3.0","description":"Python library for serializing arbitrary object graphs into JSON","hashes":[{"alg":"SHA-256","content":"287c12143f35571ab00e224fa323aa4b090d5a7f086f5f494d7ee9c7eb1a380a"}],"licenses":[{"license":{"id":"0BSD","url":"https://opensource.org/licenses/0BSD"}}],"purl":"pkg:pypi/jsonpickle@3.3.0","externalReferences":[{"type":"vcs","url":"https://github.com/jsonpickle/jsonpickle"}],"type":"library","bom-ref":"pkg:pypi/jsonpickle@3.3.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Julian Berman ","group":"","name":"jsonschema-specifications","version":"2024.10.1","description":"The JSON Schema meta-schemas and vocabularies, exposed as a Registry","hashes":[{"alg":"SHA-256","content":"a09a0680616357d9a0ecf05c12ad234479f549239d0f5b55f3deea67475da9bf"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/jsonschema-specifications@2024.10.1","type":"library","bom-ref":"pkg:pypi/jsonschema-specifications@2024.10.1","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Julian Berman ","group":"","name":"jsonschema","version":"4.23.0","description":"An implementation of JSON Schema validation for Python","hashes":[{"alg":"SHA-256","content":"fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/jsonschema@4.23.0","type":"library","bom-ref":"pkg:pypi/jsonschema@4.23.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Erik Rose ","group":"","name":"more-itertools","version":"10.5.0","description":"More routines for operating on iterables, beyond itertools","hashes":[{"alg":"SHA-256","content":"037b0d3203ce90cca8ab1defbbdac29d5f993fc20131f3664dc8d6acfa872aef"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/more-itertools@10.5.0","type":"library","bom-ref":"pkg:pypi/more-itertools@10.5.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Inada Naoki ","group":"","name":"msgpack","version":"1.1.0","description":"MessagePack serializer","hashes":[{"alg":"SHA-256","content":"7ad442d527a7e358a469faf43fda45aaf4ac3249c8310a82f0ccff9164e5dccd"}],"licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:pypi/msgpack@1.1.0","type":"library","bom-ref":"pkg:pypi/msgpack@1.1.0","evidence":{"identity":{"field":"purl","confidence":0.8,"methods":[{"technique":"manifest-analysis","confidence":0.8,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry_requirements.txt"}]}},"properties":[{"name":"SrcFile","value":"/home/runner/work/SecObserve/SecObserve/backend/poetry_requirements.txt"}]},{"author":"The OAuthlib Community ","group":"","name":"oauthlib","version":"3.2.2","description":"A generic, spec-compliant, thorough implementation of the OAuth request-signing logic","hashes":[{"alg":"SHA-256","content":"8139f29aac13e25d502680e9e19963e83f16838d48a0d71c287fe40e7067fbca"}],"licenses":[{"expression":"OSI Approved"}],"purl":"pkg:pypi/oauthlib@3.2.2","externalReferences":[{"type":"vcs","url":"https://github.com/oauthlib/oauthlib"}],"type":"library","bom-ref":"pkg:pypi/oauthlib@3.2.2","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"See AUTHORS ","group":"","name":"openpyxl","version":"3.1.5","description":"A Python library to read/write Excel 2010 xlsx/xlsm files","hashes":[{"alg":"SHA-256","content":"5282c12b107bffeef825f4617dc029afaf41d0ea60823bbb665ef3079dc79de2"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/openpyxl@3.1.5","externalReferences":[{"type":"website","url":"https://openpyxl.readthedocs.io"}],"type":"library","bom-ref":"pkg:pypi/openpyxl@3.1.5","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"the purl authors","group":"","name":"packageurl-python","version":"0.16.0","description":"A purl aka. Package URL parser and builder","hashes":[{"alg":"SHA-256","content":"5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/packageurl-python@0.16.0","externalReferences":[{"type":"vcs","url":"https://github.com/package-url/packageurl-python"}],"type":"library","bom-ref":"pkg:pypi/packageurl-python@0.16.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Donald Stufft ","group":"","name":"packaging","version":"24.1","description":"Core utilities for Python packages","hashes":[{"alg":"SHA-256","content":"5b8f2217dbdbd2f7f384c41c628544e6d52f2d0f53c6d0c3ea61aa5d1d7ff124"}],"licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}},{"license":{"id":"0BSD","url":"https://opensource.org/licenses/0BSD"}}],"purl":"pkg:pypi/packaging@24.1","type":"library","bom-ref":"pkg:pypi/packaging@24.1","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"\"Jeffrey A. Clark\" ","group":"","name":"pillow","version":"10.4.0","description":"Python Imaging Library (Fork)","hashes":[{"alg":"SHA-256","content":"4d9667937cfa347525b319ae34375c37b9ee6b525440f3ef48542fcf66f2731e"}],"licenses":[{"expression":"CMU License (MIT-CMU)"}],"purl":"pkg:pypi/pillow@10.4.0","type":"library","bom-ref":"pkg:pypi/pillow@10.4.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}},"properties":[{"name":"cdx:pypi:latest_version","value":"11.0.0"},{"name":"cdx:pypi:resolved_from","value":"pillow"}]},{"author":"Daniele Varrazzo ","group":"","name":"psycopg-binary","version":"3.2.3","description":"PostgreSQL database adapter for Python -- C optimisation distribution","hashes":[{"alg":"SHA-256","content":"965455eac8547f32b3181d5ec9ad8b9be500c10fe06193543efaaebe3e4ce70c"}],"licenses":[{"license":{"id":"LGPL-3.0-only","url":"https://opensource.org/licenses/LGPL-3.0-only"}}],"purl":"pkg:pypi/psycopg-binary@3.2.3","externalReferences":[{"type":"website","url":"https://psycopg.org/psycopg3/"}],"type":"library","bom-ref":"pkg:pypi/psycopg-binary@3.2.3","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Daniele Varrazzo ","group":"","name":"psycopg","version":"3.2.3","description":"PostgreSQL database adapter for Python","hashes":[{"alg":"SHA-256","content":"644d3973fe26908c73d4be746074f6e5224b03c1101d302d9a53bf565ad64907"}],"licenses":[{"license":{"id":"LGPL-3.0-only","url":"https://opensource.org/licenses/LGPL-3.0-only"}}],"purl":"pkg:pypi/psycopg@3.2.3","externalReferences":[{"type":"website","url":"https://psycopg.org/psycopg3/"}],"type":"library","bom-ref":"pkg:pypi/psycopg@3.2.3","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Prowler Team ","group":"","name":"py-ocsf-models","version":"0.1.1","description":"This is a Python implementation of the OCSF models. The models are used to represent the data of the OCSF Schema defined in https://schema.ocsf.io/.","hashes":[{"alg":"SHA-256","content":"c6ea465fda85470b938a48da65b1f19664f6d83820ebe849ef5551094e6768de"}],"licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:pypi/py-ocsf-models@0.1.1","type":"library","bom-ref":"pkg:pypi/py-ocsf-models@0.1.1","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}},"properties":[{"name":"cdx:pypi:latest_version","value":"0.2.0"},{"name":"cdx:pypi:resolved_from","value":"py-ocsf-models"}]},{"author":"Eli Bendersky ","group":"","name":"pycparser","version":"2.22","description":"C parser in Python","hashes":[{"alg":"SHA-256","content":"c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc"}],"licenses":[{"license":{"id":"0BSD","url":"https://opensource.org/licenses/0BSD"}},{"license":{"id":"BSD-3-Clause","url":"https://opensource.org/licenses/BSD-3-Clause"}}],"purl":"pkg:pypi/pycparser@2.22","externalReferences":[{"type":"vcs","url":"https://github.com/eliben/pycparser"}],"type":"library","bom-ref":"pkg:pypi/pycparser@2.22","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Samuel Colvin , Eric Jolibois , Hasan Ramezani , Adrian Garcia Badaracco <1755071+adriangb@users.noreply.github.com>, Terrence Dorsey , David Montague , Serge Matveenko , Marcelo Trylesinski , Sydney Runkle , David Hewitt , Alex Hall ","group":"","name":"pydantic","version":"1.10.15","description":"Data validation using Python type hints","hashes":[{"alg":"SHA-256","content":"22ed12ee588b1df028a2aa5d66f07bf8f8b4c8579c2e96d5a9c1f96b77f3bb55"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/pydantic@1.10.15","type":"library","bom-ref":"pkg:pypi/pydantic@1.10.15","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}},"properties":[{"name":"cdx:pypi:latest_version","value":"2.9.2"},{"name":"cdx:pypi:resolved_from","value":"pydantic"}]},{"author":"Jose Padilla ","group":"","name":"PyJWT","version":"2.9.0","description":"JSON Web Token implementation in Python","hashes":[{"alg":"SHA-256","content":"3b02fb0f44517787776cf48f2ae25d8e14f300e6d7545a4315cee571a415e850"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/pyjwt@2.9.0","externalReferences":[{"type":"vcs","url":"https://github.com/jpadilla/pyjwt"}],"type":"library","bom-ref":"pkg:pypi/pyjwt@2.9.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Inada Naoki , Yutaka Matsubara ","group":"","name":"PyMySQL","version":"1.1.1","description":"Pure Python MySQL Driver","hashes":[{"alg":"SHA-256","content":"4de15da4c61dc132f4fb9ab763063e693d521a80fd0e87943b9a453dd4c19d6c"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/pymysql@1.1.1","type":"library","bom-ref":"pkg:pypi/pymysql@1.1.1","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Thomas Kluyver ","group":"","name":"pyproject-hooks","version":"1.2.0","description":"Wrappers to call pyproject.toml-based build backend hooks.","hashes":[{"alg":"SHA-256","content":"9e5c6bfa8dcc30091c74b0cf803c81fdd29d94f01992a7707bc97babb1141913"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/pyproject-hooks@1.2.0","type":"library","bom-ref":"pkg:pypi/pyproject-hooks@1.2.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"instrumentation","confidence":1,"value":"/tmp/cdxgen-venv-43yYKx"}]}},"properties":[{"name":"SrcFile","value":"/home/runner/work/SecObserve/SecObserve/backend/poetry_requirements.txt"}]},{"author":"Kirill Simonov ","group":"","name":"PyYAML","version":"6.0.2","description":"YAML parser and emitter for Python","hashes":[{"alg":"SHA-256","content":"0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/pyyaml@6.0.2","externalReferences":[{"type":"website","url":"https://pyyaml.org/"}],"type":"library","bom-ref":"pkg:pypi/pyyaml@6.0.2","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Max Bachmann ","group":"","name":"RapidFuzz","version":"3.10.0","description":"rapid fuzzy string matching","hashes":[{"alg":"SHA-256","content":"884453860de029380dded8f3c1918af2d8eb5adf8010261645c7e5c88c2b5428"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/rapidfuzz@3.10.0","type":"library","bom-ref":"pkg:pypi/rapidfuzz@3.10.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"instrumentation","confidence":1,"value":"/tmp/cdxgen-venv-43yYKx"}]}},"properties":[{"name":"SrcFile","value":"/home/runner/work/SecObserve/SecObserve/backend/poetry_requirements.txt"}]},{"author":"Julian Berman ","group":"","name":"referencing","version":"0.35.1","description":"JSON Referencing + Python","hashes":[{"alg":"SHA-256","content":"eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/referencing@0.35.1","type":"library","bom-ref":"pkg:pypi/referencing@0.35.1","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Kenneth Reitz ","group":"","name":"requests-oauthlib","version":"2.0.0","description":"OAuthlib authentication support for Requests.","hashes":[{"alg":"SHA-256","content":"7dd8a5c40426b779b0868c404bdef9768deccf22749cde15852df527e6269b36"}],"licenses":[{"license":{"id":"0BSD","url":"https://opensource.org/licenses/0BSD"}},{"license":{"id":"ISC","url":"https://opensource.org/licenses/ISC"}}],"purl":"pkg:pypi/requests-oauthlib@2.0.0","externalReferences":[{"type":"vcs","url":"https://github.com/requests/requests-oauthlib"}],"type":"library","bom-ref":"pkg:pypi/requests-oauthlib@2.0.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Ian Cordasco, Cory Benfield ","group":"","name":"requests-toolbelt","version":"1.0.0","description":"A utility belt for advanced users of python-requests","hashes":[{"alg":"SHA-256","content":"cccfdd665f0a24fcf4726e690f65639d272bb0637b9b92dfd91a5568ccf6bd06"}],"licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:pypi/requests-toolbelt@1.0.0","externalReferences":[{"type":"website","url":"https://toolbelt.readthedocs.io/"}],"type":"library","bom-ref":"pkg:pypi/requests-toolbelt@1.0.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Kenneth Reitz ","group":"","name":"requests","version":"2.32.3","description":"Python HTTP for Humans.","hashes":[{"alg":"SHA-256","content":"70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6"}],"licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:pypi/requests@2.32.3","externalReferences":[{"type":"website","url":"https://requests.readthedocs.io"}],"type":"library","bom-ref":"pkg:pypi/requests@2.32.3","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Julian Berman ","group":"","name":"rpds-py","version":"0.20.0","description":"Python bindings to Rust's persistent data structures (rpds)","hashes":[{"alg":"SHA-256","content":"3ad0fda1635f8439cde85c700f964b23ed5fc2d28016b32b9ee5fe30da5c84e2"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/rpds-py@0.20.0","type":"library","bom-ref":"pkg:pypi/rpds-py@0.20.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Andi Albrecht ","group":"","name":"sqlparse","version":"0.5.1","description":"A non-validating SQL parser.","hashes":[{"alg":"SHA-256","content":"773dcbf9a5ab44a090f3441e2180efe2560220203dc2f8c0b0fa141e18b505e4"}],"licenses":[{"license":{"id":"0BSD","url":"https://opensource.org/licenses/0BSD"}}],"purl":"pkg:pypi/sqlparse@0.5.1","type":"library","bom-ref":"pkg:pypi/sqlparse@0.5.1","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Alex Grönholm ","group":"","name":"typeguard","version":"4.3.0","description":"Run-time type checker for Python","hashes":[{"alg":"SHA-256","content":"4d24c5b39a117f8a895b9da7a9b3114f04eb63bade45a4492de49b175b6f7dfa"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/typeguard@4.3.0","type":"library","bom-ref":"pkg:pypi/typeguard@4.3.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"\"Guido van Rossum, Jukka Lehtosalo, Łukasz Langa, Michael Lee\" ","group":"","name":"typing-extensions","version":"4.12.2","description":"Backported and Experimental Type Hints for Python 3.8+","hashes":[{"alg":"SHA-256","content":"04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d"}],"licenses":[{"license":{"id":"PSF-2.0","url":"https://opensource.org/licenses/PSF-2.0"}}],"purl":"pkg:pypi/typing-extensions@4.12.2","type":"library","bom-ref":"pkg:pypi/typing-extensions@4.12.2","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Python Software Foundation ","group":"","name":"tzdata","version":"2024.2","description":"Provider of IANA time zone data","hashes":[{"alg":"SHA-256","content":"a48093786cdcde33cad18c2555e8532f34422074448fbc874186f0abd79565cd"}],"licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:pypi/tzdata@2024.2","externalReferences":[{"type":"vcs","url":"https://github.com/python/tzdata"}],"type":"library","bom-ref":"pkg:pypi/tzdata@2024.2","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Ian Stapleton Cordasco ","group":"","name":"uritemplate","version":"4.1.1","description":"Implementation of RFC 6570 URI Templates","hashes":[{"alg":"SHA-256","content":"830c08b8d99bdd312ea4ead05994a38e8936266f84b9a7878232db50b044e02e"}],"licenses":[{"expression":"OSI Approved OR BSD 3-Clause License or Apache License, Version 2.0"}],"purl":"pkg:pypi/uritemplate@4.1.1","externalReferences":[{"type":"website","url":"https://uritemplate.readthedocs.org"}],"type":"library","bom-ref":"pkg:pypi/uritemplate@4.1.1","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Andrey Petrov ","group":"","name":"urllib3","version":"2.2.3","description":"HTTP library with thread-safe connection pooling, file post, and more.","hashes":[{"alg":"SHA-256","content":"ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/urllib3@2.2.3","type":"library","bom-ref":"pkg:pypi/urllib3@2.2.3","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Konsta Vesterinen ","group":"","name":"validators","version":"0.34.0","description":"Python Data Validation for Humans™","hashes":[{"alg":"SHA-256","content":"c804b476e3e6d3786fa07a30073a4ef694e617805eb1946ceee3fe5a9b8b1321"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/validators@0.34.0","type":"library","bom-ref":"pkg:pypi/validators@0.34.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"David Evans","group":"","name":"whitenoise","version":"6.7.0","description":"Radically simplified static file serving for WSGI applications","hashes":[{"alg":"SHA-256","content":"a1ae85e01fdc9815d12fa33f17765bc132ed2c54fa76daf9e39e879dd93566f6"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/whitenoise@6.7.0","type":"library","bom-ref":"pkg:pypi/whitenoise@6.7.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"\"Jason R. Coombs\" ","group":"","name":"zipp","version":"3.20.2","description":"Backport of pathlib-compatible object wrapper for zip files","hashes":[{"alg":"SHA-256","content":"a817ac80d6cf4b23bf7f2828b7cabf326f15a001bea8b1f9b49631780ba28350"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/zipp@3.20.2","type":"library","bom-ref":"pkg:pypi/zipp@3.20.2","evidence":{"identity":{"field":"purl","confidence":0.8,"methods":[{"technique":"manifest-analysis","confidence":0.8,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry_requirements.txt"}]}},"properties":[{"name":"SrcFile","value":"/home/runner/work/SecObserve/SecObserve/backend/poetry_requirements.txt"}]}],"dependencies":[{"ref":"pkg:pypi/secobserve@1.22.3","dependsOn":["pkg:pypi/argon2-cffi@23.1.0","pkg:pypi/cvss@3.2","pkg:pypi/defusedcsv@2.0.0","pkg:pypi/django-cors-headers@4.5.0","pkg:pypi/django-csp@3.8","pkg:pypi/django-encrypted-model-fields@0.6.5","pkg:pypi/django-environ@0.11.2","pkg:pypi/django-filter@24.3","pkg:pypi/django-picklefield@3.2","pkg:pypi/django@5.1.2","pkg:pypi/djangorestframework@3.15.2","pkg:pypi/drf-spectacular-sidecar@2024.7.1","pkg:pypi/drf-spectacular@0.27.2","pkg:pypi/gunicorn@23.0.0","pkg:pypi/huey@2.5.2","pkg:pypi/inflect@7.4.0","pkg:pypi/jira@3.8.0","pkg:pypi/jsonpickle@3.3.0","pkg:pypi/openpyxl@3.1.5","pkg:pypi/packageurl-python@0.16.0","pkg:pypi/psycopg@3.2.3","pkg:pypi/py-ocsf-models@0.1.1","pkg:pypi/pymysql@1.1.1","pkg:pypi/requests@2.32.3","pkg:pypi/validators@0.34.0","pkg:pypi/whitenoise@6.7.0"]},{"ref":"pkg:pypi/argon2-cffi@23.1.0","dependsOn":["pkg:pypi/argon2-cffi-bindings@21.2.0"]},{"ref":"pkg:pypi/argon2-cffi-bindings@21.2.0","dependsOn":["pkg:pypi/cffi@1.17.1"]},{"ref":"pkg:pypi/asgiref@3.8.1","dependsOn":["pkg:pypi/typing-extensions@4.12.2"]},{"ref":"pkg:pypi/attrs@24.2.0","dependsOn":[]},{"ref":"pkg:pypi/certifi@2024.8.30","dependsOn":[]},{"ref":"pkg:pypi/cffi@1.17.1","dependsOn":["pkg:pypi/pycparser@2.22"]},{"ref":"pkg:pypi/charset-normalizer@3.4.0","dependsOn":[]},{"ref":"pkg:pypi/cryptography@43.0.1","dependsOn":["pkg:pypi/cffi@1.17.1"]},{"ref":"pkg:pypi/cvss@3.2","dependsOn":[]},{"ref":"pkg:pypi/defusedcsv@2.0.0","dependsOn":[]},{"ref":"pkg:pypi/defusedxml@0.7.1","dependsOn":[]},{"ref":"pkg:pypi/django@5.1.2","dependsOn":["pkg:pypi/asgiref@3.8.1","pkg:pypi/sqlparse@0.5.1","pkg:pypi/tzdata@2024.2"]},{"ref":"pkg:pypi/django-cors-headers@4.5.0","dependsOn":["pkg:pypi/asgiref@3.8.1","pkg:pypi/django@5.1.2"]},{"ref":"pkg:pypi/django-csp@3.8","dependsOn":["pkg:pypi/django@5.1.2"]},{"ref":"pkg:pypi/django-encrypted-model-fields@0.6.5","dependsOn":["pkg:pypi/cryptography@43.0.1","pkg:pypi/django@5.1.2"]},{"ref":"pkg:pypi/django-environ@0.11.2","dependsOn":[]},{"ref":"pkg:pypi/django-filter@24.3","dependsOn":["pkg:pypi/django@5.1.2"]},{"ref":"pkg:pypi/django-picklefield@3.2","dependsOn":["pkg:pypi/django@5.1.2"]},{"ref":"pkg:pypi/djangorestframework@3.15.2","dependsOn":["pkg:pypi/django@5.1.2"]},{"ref":"pkg:pypi/dnspython@2.7.0","dependsOn":[]},{"ref":"pkg:pypi/drf-spectacular@0.27.2","dependsOn":["pkg:pypi/django@5.1.2","pkg:pypi/djangorestframework@3.15.2","pkg:pypi/inflection@0.5.1","pkg:pypi/jsonschema@4.23.0","pkg:pypi/pyyaml@6.0.2","pkg:pypi/uritemplate@4.1.1"]},{"ref":"pkg:pypi/drf-spectacular-sidecar@2024.7.1","dependsOn":["pkg:pypi/django@5.1.2"]},{"ref":"pkg:pypi/email-validator@2.1.1","dependsOn":["pkg:pypi/dnspython@2.7.0","pkg:pypi/idna@3.10"]},{"ref":"pkg:pypi/et-xmlfile@1.1.0","dependsOn":[]},{"ref":"pkg:pypi/gunicorn@23.0.0","dependsOn":["pkg:pypi/packaging@24.1"]},{"ref":"pkg:pypi/huey@2.5.2","dependsOn":[]},{"ref":"pkg:pypi/idna@3.10","dependsOn":[]},{"ref":"pkg:pypi/inflect@7.4.0","dependsOn":["pkg:pypi/more-itertools@10.5.0","pkg:pypi/typeguard@4.3.0"]},{"ref":"pkg:pypi/inflection@0.5.1","dependsOn":[]},{"ref":"pkg:pypi/jira@3.8.0","dependsOn":["pkg:pypi/defusedxml@0.7.1","pkg:pypi/packaging@24.1","pkg:pypi/pillow@10.4.0","pkg:pypi/requests-oauthlib@2.0.0","pkg:pypi/requests-toolbelt@1.0.0","pkg:pypi/requests@2.32.3","pkg:pypi/typing-extensions@4.12.2"]},{"ref":"pkg:pypi/jsonpickle@3.3.0","dependsOn":[]},{"ref":"pkg:pypi/jsonschema@4.23.0","dependsOn":["pkg:pypi/attrs@24.2.0","pkg:pypi/jsonschema-specifications@2024.10.1","pkg:pypi/referencing@0.35.1","pkg:pypi/rpds-py@0.20.0"]},{"ref":"pkg:pypi/jsonschema-specifications@2024.10.1","dependsOn":["pkg:pypi/referencing@0.35.1"]},{"ref":"pkg:pypi/more-itertools@10.5.0","dependsOn":[]},{"ref":"pkg:pypi/oauthlib@3.2.2","dependsOn":[]},{"ref":"pkg:pypi/openpyxl@3.1.5","dependsOn":["pkg:pypi/et-xmlfile@1.1.0"]},{"ref":"pkg:pypi/packageurl-python@0.16.0","dependsOn":[]},{"ref":"pkg:pypi/packaging@24.1","dependsOn":[]},{"ref":"pkg:pypi/pillow@10.4.0","dependsOn":[]},{"ref":"pkg:pypi/psycopg@3.2.3","dependsOn":["pkg:pypi/psycopg-binary@3.2.3","pkg:pypi/typing-extensions@4.12.2","pkg:pypi/tzdata@2024.2"]},{"ref":"pkg:pypi/psycopg-binary@3.2.3","dependsOn":[]},{"ref":"pkg:pypi/py-ocsf-models@0.1.1","dependsOn":["pkg:pypi/email-validator@2.1.1","pkg:pypi/pydantic@1.10.15"]},{"ref":"pkg:pypi/pycparser@2.22","dependsOn":[]},{"ref":"pkg:pypi/pydantic@1.10.15","dependsOn":["pkg:pypi/typing-extensions@4.12.2"]},{"ref":"pkg:pypi/pyjwt@2.9.0","dependsOn":[]},{"ref":"pkg:pypi/pymysql@1.1.1","dependsOn":[]},{"ref":"pkg:pypi/pyyaml@6.0.2","dependsOn":[]},{"ref":"pkg:pypi/referencing@0.35.1","dependsOn":["pkg:pypi/attrs@24.2.0","pkg:pypi/rpds-py@0.20.0"]},{"ref":"pkg:pypi/requests@2.32.3","dependsOn":["pkg:pypi/certifi@2024.8.30","pkg:pypi/charset-normalizer@3.4.0","pkg:pypi/idna@3.10","pkg:pypi/urllib3@2.2.3"]},{"ref":"pkg:pypi/requests-oauthlib@2.0.0","dependsOn":["pkg:pypi/oauthlib@3.2.2","pkg:pypi/requests@2.32.3"]},{"ref":"pkg:pypi/requests-toolbelt@1.0.0","dependsOn":["pkg:pypi/requests@2.32.3"]},{"ref":"pkg:pypi/rpds-py@0.20.0","dependsOn":[]},{"ref":"pkg:pypi/sqlparse@0.5.1","dependsOn":[]},{"ref":"pkg:pypi/typeguard@4.3.0","dependsOn":["pkg:pypi/typing-extensions@4.12.2"]},{"ref":"pkg:pypi/typing-extensions@4.12.2","dependsOn":[]},{"ref":"pkg:pypi/tzdata@2024.2","dependsOn":[]},{"ref":"pkg:pypi/uritemplate@4.1.1","dependsOn":[]},{"ref":"pkg:pypi/urllib3@2.2.3","dependsOn":[]},{"ref":"pkg:pypi/validators@0.34.0","dependsOn":[]},{"ref":"pkg:pypi/whitenoise@6.7.0","dependsOn":[]},{"ref":"pkg:pypi/rapidfuzz@3.10.0","dependsOn":[]},{"ref":"pkg:pypi/pyproject-hooks@1.2.0","dependsOn":[]},{"ref":"pkg:pypi/zipp@3.20.2","dependsOn":[]},{"ref":"pkg:pypi/importlib-metadata@8.5.0","dependsOn":["pkg:pypi/zipp@3.20.2"]},{"ref":"pkg:pypi/msgpack@1.1.0","dependsOn":[]},{"ref":"pkg:pypi/cachecontrol@0.14.0","dependsOn":["pkg:pypi/msgpack@1.1.0","pkg:pypi/requests@2.32.3"]}]} \ No newline at end of file +{"bomFormat":"CycloneDX","specVersion":"1.5","serialNumber":"urn:uuid:12f6dd75-f31f-48a8-8b59-c7c9f87d68c9","version":1,"metadata":{"timestamp":"2024-10-22T12:15:48Z","tools":{"components":[{"group":"@cyclonedx","name":"cdxgen","version":"10.10.6","purl":"pkg:npm/%40cyclonedx/cdxgen@10.10.6","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@10.10.6","author":"OWASP Foundation","publisher":"OWASP Foundation"}]},"authors":[{"name":"OWASP Foundation"}],"lifecycles":[{"phase":"build"}],"component":{"name":"SecObserve","version":"1.22.4","description":"SecObserve is an open source vulnerability management system for software development and cloud environments.","type":"application","bom-ref":"pkg:pypi/secobserve@1.22.4","purl":"pkg:pypi/secobserve@1.22.4"},"properties":[{"name":"cdx:bom:componentTypes","value":"pypi"}]},"components":[{"author":"Hynek Schlawack ","group":"","name":"argon2-cffi-bindings","version":"21.2.0","description":"Low-level CFFI bindings for Argon2","hashes":[{"alg":"SHA-256","content":"ccb949252cb2ab3a08c02024acb77cfb179492d5701c7cbdbfd776124d4d2367"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/argon2-cffi-bindings@21.2.0","externalReferences":[{"type":"vcs","url":"https://github.com/hynek/argon2-cffi-bindings"}],"type":"library","bom-ref":"pkg:pypi/argon2-cffi-bindings@21.2.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Hynek Schlawack ","group":"","name":"argon2-cffi","version":"23.1.0","description":"Argon2 for Python","hashes":[{"alg":"SHA-256","content":"c670642b78ba29641818ab2e68bd4e6a78ba53b7eff7b4c3815ae16abf91c7ea"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/argon2-cffi@23.1.0","type":"library","bom-ref":"pkg:pypi/argon2-cffi@23.1.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Django Software Foundation ","group":"","name":"asgiref","version":"3.8.1","description":"ASGI specs, helper code, and adapters","hashes":[{"alg":"SHA-256","content":"3e1e3ecc849832fe52ccf2cb6686b7a55f82bb1d6aee72a58826471390335e47"}],"licenses":[{"license":{"id":"0BSD","url":"https://opensource.org/licenses/0BSD"}},{"license":{"id":"BSD-3-Clause","url":"https://opensource.org/licenses/BSD-3-Clause"}}],"purl":"pkg:pypi/asgiref@3.8.1","externalReferences":[{"type":"vcs","url":"https://github.com/django/asgiref/"}],"type":"library","bom-ref":"pkg:pypi/asgiref@3.8.1","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Hynek Schlawack ","group":"","name":"attrs","version":"24.2.0","description":"Classes Without Boilerplate","hashes":[{"alg":"SHA-256","content":"81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/attrs@24.2.0","type":"library","bom-ref":"pkg:pypi/attrs@24.2.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Eric Larson , Frost Ming , William Woodruff ","group":"","name":"CacheControl","version":"0.14.0","description":"httplib2 caching for requests","hashes":[{"alg":"SHA-256","content":"f5bf3f0620c38db2e5122c0726bdebb0d16869de966ea6a2befe92470b740ea0"}],"licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:pypi/cachecontrol@0.14.0","type":"library","bom-ref":"pkg:pypi/cachecontrol@0.14.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"instrumentation","confidence":1,"value":"/tmp/cdxgen-venv-43yYKx"}]}},"properties":[{"name":"SrcFile","value":"/home/runner/work/SecObserve/SecObserve/backend/poetry_requirements.txt"}]},{"author":"Kenneth Reitz ","group":"","name":"certifi","version":"2024.8.30","description":"Python package for providing Mozilla's CA Bundle.","hashes":[{"alg":"SHA-256","content":"922820b53db7a7257ffbda3f597266d435245903d80737e34f8a45ff3e3230d8"}],"licenses":[{"license":{"id":"MPL-2.0","url":"https://opensource.org/licenses/MPL-2.0"}}],"purl":"pkg:pypi/certifi@2024.8.30","externalReferences":[{"type":"vcs","url":"https://github.com/certifi/python-certifi"}],"type":"library","bom-ref":"pkg:pypi/certifi@2024.8.30","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Armin Rigo, Maciej Fijalkowski ","group":"","name":"cffi","version":"1.17.1","description":"Foreign Function Interface for Python calling C code.","hashes":[{"alg":"SHA-256","content":"df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/cffi@1.17.1","externalReferences":[{"type":"website","url":"http://cffi.readthedocs.org"}],"type":"library","bom-ref":"pkg:pypi/cffi@1.17.1","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Ahmed TAHRI ","group":"","name":"charset-normalizer","version":"3.4.0","description":"The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.","hashes":[{"alg":"SHA-256","content":"4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/charset-normalizer@3.4.0","externalReferences":[{"type":"vcs","url":"https://github.com/Ousret/charset_normalizer"}],"type":"library","bom-ref":"pkg:pypi/charset-normalizer@3.4.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"The cryptography developers >","group":"","name":"cryptography","version":"43.0.1","description":"cryptography is a package which provides cryptographic recipes and primitives to Python developers.","hashes":[{"alg":"SHA-256","content":"8385d98f6a3bf8bb2d65a73e17ed87a3ba84f6991c155691c51112075f9ffc5d"}],"licenses":[{"expression":"Apache-2.0 OR BSD-3-Clause"}],"purl":"pkg:pypi/cryptography@43.0.1","type":"library","bom-ref":"pkg:pypi/cryptography@43.0.1","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}},"properties":[{"name":"cdx:pypi:latest_version","value":"43.0.3"},{"name":"cdx:pypi:resolved_from","value":"cryptography"}]},{"author":"Stanislav Kontar, Red Hat Product Security ","group":"","name":"cvss","version":"3.2","description":"CVSS2/3/4 library with interactive calculator for Python 2 and Python 3","hashes":[{"alg":"SHA-256","content":"e2c2fbc8943c6df83d23c7ad74bb9c5e584c666a9455b013b598e292e5018469"}],"licenses":[{"license":{"id":"LGPL-3.0-or-later","url":"https://opensource.org/licenses/LGPL-3.0-or-later"}}],"purl":"pkg:pypi/cvss@3.2","externalReferences":[{"type":"vcs","url":"https://github.com/RedHatProductSecurity/cvss"}],"type":"library","bom-ref":"pkg:pypi/cvss@3.2","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Raphael Michel ","group":"","name":"defusedcsv","version":"2.0.0","description":"Drop-in replacement for Python's CSV library that tries to mitigate CSV injection attacks","hashes":[{"alg":"SHA-256","content":"a7bc3b1ac1ce4f8c6c1e8740466b1b5789b51ca18d918b0099313dc0cdf2cef4"}],"licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:pypi/defusedcsv@2.0.0","externalReferences":[{"type":"vcs","url":"https://github.com/raphaelm/defusedcsv"}],"type":"library","bom-ref":"pkg:pypi/defusedcsv@2.0.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Christian Heimes ","group":"","name":"defusedxml","version":"0.7.1","description":"XML bomb protection for Python stdlib modules","hashes":[{"alg":"SHA-256","content":"a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61"}],"licenses":[{"license":{"id":"PSF-2.0","url":"https://opensource.org/licenses/PSF-2.0"}}],"purl":"pkg:pypi/defusedxml@0.7.1","externalReferences":[{"type":"vcs","url":"https://github.com/tiran/defusedxml"}],"type":"library","bom-ref":"pkg:pypi/defusedxml@0.7.1","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Otto Yiu ","group":"","name":"django-cors-headers","version":"4.5.0","description":"django-cors-headers is a Django application for handling the server headers required for Cross-Origin Resource Sharing (CORS).","hashes":[{"alg":"SHA-256","content":"28c1ded847aa70208798de3e42422a782f427b8b720e8d7319d34b654b5978e6"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/django-cors-headers@4.5.0","type":"framework","bom-ref":"pkg:pypi/django-cors-headers@4.5.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"James Socol ","group":"","name":"django-csp","version":"3.8","description":"Django Content Security Policy support.","hashes":[{"alg":"SHA-256","content":"19b2978b03fcd73517d7d67acbc04fbbcaec0facc3e83baa502965892d1e0719"}],"licenses":[{"license":{"id":"0BSD","url":"https://opensource.org/licenses/0BSD"}}],"purl":"pkg:pypi/django-csp@3.8","type":"framework","bom-ref":"pkg:pypi/django-csp@3.8","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Scott Sharkey ","group":"","name":"django-encrypted-model-fields","version":"0.6.5","description":"A set of fields that wrap standard Django fields with encryption provided by the python cryptography library.","hashes":[{"alg":"SHA-256","content":"b21bbdd8ae2e1a0ea37a5049b3ba46e6e63bf287ad241219a058fac1070796cc"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/django-encrypted-model-fields@0.6.5","externalReferences":[{"type":"vcs","url":"https://gitlab.com/lansharkconsulting/django/django-encrypted-model-fields"}],"type":"framework","bom-ref":"pkg:pypi/django-encrypted-model-fields@0.6.5","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Daniele Faraglia ","group":"","name":"django-environ","version":"0.11.2","description":"A package that allows you to utilize 12factor inspired environment variables to configure your Django application.","hashes":[{"alg":"SHA-256","content":"0ff95ab4344bfeff693836aa978e6840abef2e2f1145adff7735892711590c05"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/django-environ@0.11.2","externalReferences":[{"type":"website","url":"https://django-environ.readthedocs.org"}],"type":"framework","bom-ref":"pkg:pypi/django-environ@0.11.2","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Alex Gaynor ","group":"","name":"django-filter","version":"24.3","description":"Django-filter is a reusable Django application for allowing users to filter querysets dynamically.","hashes":[{"alg":"SHA-256","content":"c4852822928ce17fb699bcfccd644b3574f1a2d80aeb2b4ff4f16b02dd49dc64"}],"licenses":[{"license":{"id":"0BSD","url":"https://opensource.org/licenses/0BSD"}}],"purl":"pkg:pypi/django-filter@24.3","type":"framework","bom-ref":"pkg:pypi/django-filter@24.3","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Simon Charette ","group":"","name":"django-picklefield","version":"3.2","description":"Pickled object field for Django","hashes":[{"alg":"SHA-256","content":"e9a73539d110f69825d9320db18bcb82e5189ff48dbed41821c026a20497764c"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/django-picklefield@3.2","externalReferences":[{"type":"vcs","url":"http://github.com/gintas/django-picklefield"}],"type":"framework","bom-ref":"pkg:pypi/django-picklefield@3.2","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Django Software Foundation ","group":"","name":"Django","version":"5.1.2","description":"A high-level Python web framework that encourages rapid development and clean, pragmatic design.","hashes":[{"alg":"SHA-256","content":"f11aa87ad8d5617171e3f77e1d5d16f004b79a2cf5d2e1d2b97a6a1f8e9ba5ed"}],"licenses":[{"license":{"id":"0BSD","url":"https://opensource.org/licenses/0BSD"}},{"license":{"id":"BSD-3-Clause","url":"https://opensource.org/licenses/BSD-3-Clause"}}],"purl":"pkg:pypi/django@5.1.2","type":"framework","bom-ref":"pkg:pypi/django@5.1.2","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Tom Christie ","group":"","name":"djangorestframework","version":"3.15.2","description":"Web APIs for Django, made easy.","hashes":[{"alg":"SHA-256","content":"2b8871b062ba1aefc2de01f773875441a961fefbf79f5eed1e32b2f096944b20"}],"licenses":[{"license":{"id":"0BSD","url":"https://opensource.org/licenses/0BSD"}}],"purl":"pkg:pypi/djangorestframework@3.15.2","externalReferences":[{"type":"website","url":"https://www.django-rest-framework.org/"}],"type":"framework","bom-ref":"pkg:pypi/djangorestframework@3.15.2","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Bob Halley ","group":"","name":"dnspython","version":"2.7.0","description":"DNS toolkit","hashes":[{"alg":"SHA-256","content":"b4c34b7d10b51bcc3a5071e7b8dee77939f1e878477eeecc965e9835f63c6c86"}],"licenses":[{"license":{"id":"ISC","url":"https://opensource.org/licenses/ISC"}}],"purl":"pkg:pypi/dnspython@2.7.0","type":"library","bom-ref":"pkg:pypi/dnspython@2.7.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"T. Franzel ","group":"","name":"drf-spectacular-sidecar","version":"2024.7.1","description":"Serve self-contained distribution builds of Swagger UI and Redoc with Django","hashes":[{"alg":"SHA-256","content":"5dc8b38ad153e90b328152674c7959bf114bf86360a617a5a4516e135cb832bc"}],"licenses":[{"license":{"id":"0BSD","url":"https://opensource.org/licenses/0BSD"}}],"purl":"pkg:pypi/drf-spectacular-sidecar@2024.7.1","externalReferences":[{"type":"vcs","url":"https://github.com/tfranzel/drf-spectacular-sidecar"}],"type":"library","bom-ref":"pkg:pypi/drf-spectacular-sidecar@2024.7.1","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"T. Franzel ","group":"","name":"drf-spectacular","version":"0.27.2","description":"Sane and flexible OpenAPI 3 schema generation for Django REST framework","hashes":[{"alg":"SHA-256","content":"b1c04bf8b2fbbeaf6f59414b4ea448c8787aba4d32f76055c3b13335cf7ec37b"}],"licenses":[{"license":{"id":"0BSD","url":"https://opensource.org/licenses/0BSD"}}],"purl":"pkg:pypi/drf-spectacular@0.27.2","externalReferences":[{"type":"vcs","url":"https://github.com/tfranzel/drf-spectacular"}],"type":"framework","bom-ref":"pkg:pypi/drf-spectacular@0.27.2","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Joshua Tauberer ","group":"","name":"email-validator","version":"2.1.1","description":"A robust email address syntax and deliverability validation library.","hashes":[{"alg":"SHA-256","content":"97d882d174e2a65732fb43bfce81a3a834cbc1bde8bf419e30ef5ea976370a05"}],"licenses":[{"expression":"The Unlicense (Unlicense)"}],"purl":"pkg:pypi/email-validator@2.1.1","externalReferences":[{"type":"vcs","url":"https://github.com/JoshData/python-email-validator"}],"type":"library","bom-ref":"pkg:pypi/email-validator@2.1.1","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}},"properties":[{"name":"cdx:pypi:latest_version","value":"2.2.0"},{"name":"cdx:pypi:resolved_from","value":"email-validator"}]},{"author":"See ATUHORS.txt ","group":"","name":"et-xmlfile","version":"1.1.0","description":"An implementation of lxml.xmlfile for the standard library","hashes":[{"alg":"SHA-256","content":"a2ba85d1d6a74ef63837eed693bcb89c3f752169b0e3e7ae5b16ca5e1b3deada"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/et-xmlfile@1.1.0","externalReferences":[{"type":"website","url":"https://foss.heptapod.net/openpyxl/et_xmlfile"}],"type":"library","bom-ref":"pkg:pypi/et-xmlfile@1.1.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Benoit Chesneau ","group":"","name":"gunicorn","version":"23.0.0","description":"WSGI HTTP Server for UNIX","hashes":[{"alg":"SHA-256","content":"ec400d38950de4dfd418cff8328b2c8faed0edb0d517d3394e457c317908ca4d"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/gunicorn@23.0.0","type":"library","bom-ref":"pkg:pypi/gunicorn@23.0.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Charles Leifer ","group":"","name":"huey","version":"2.5.2","description":"huey, a little task queue","hashes":[{"alg":"SHA-256","content":"df33db474c05414ed40ee2110e9df692369871734da22d74ffb035a4bd74047f"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/huey@2.5.2","externalReferences":[{"type":"vcs","url":"http://github.com/coleifer/huey/"}],"type":"library","bom-ref":"pkg:pypi/huey@2.5.2","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Kim Davies ","group":"","name":"idna","version":"3.10","description":"Internationalized Domain Names in Applications (IDNA)","hashes":[{"alg":"SHA-256","content":"946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3"}],"licenses":[{"license":{"id":"0BSD","url":"https://opensource.org/licenses/0BSD"}}],"purl":"pkg:pypi/idna@3.10","type":"library","bom-ref":"pkg:pypi/idna@3.10","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"\"Jason R. Coombs\" ","group":"","name":"importlib-metadata","version":"8.5.0","description":"Read metadata from Python packages","hashes":[{"alg":"SHA-256","content":"45e54197d28b7a7f1559e60b95e7c567032b602131fbd588f1497f47880aa68b"}],"licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:pypi/importlib-metadata@8.5.0","type":"library","bom-ref":"pkg:pypi/importlib-metadata@8.5.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"instrumentation","confidence":1,"value":"/tmp/cdxgen-venv-43yYKx"}]}},"properties":[{"name":"SrcFile","value":"/home/runner/work/SecObserve/SecObserve/backend/poetry_requirements.txt"}]},{"author":"Paul Dyson ","group":"","name":"inflect","version":"7.4.0","description":"Correctly generate plurals, singular nouns, ordinals, indefinite articles","hashes":[{"alg":"SHA-256","content":"85af0997ee2bda942b1c1eed8c8a827abda91aa3e22d1efaa0eea817f9350ce7"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/inflect@7.4.0","type":"library","bom-ref":"pkg:pypi/inflect@7.4.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Janne Vanhala ","group":"","name":"inflection","version":"0.5.1","description":"A port of Ruby on Rails inflector to Python","hashes":[{"alg":"SHA-256","content":"f38b2b640938a4f35ade69ac3d053042959b62a0f1076a5bbaa1b9526605a8a2"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/inflection@0.5.1","externalReferences":[{"type":"vcs","url":"https://github.com/jpvanhal/inflection"}],"type":"library","bom-ref":"pkg:pypi/inflection@0.5.1","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Ben Speakmon ","group":"","name":"jira","version":"3.8.0","description":"Python library for interacting with JIRA via REST APIs.","hashes":[{"alg":"SHA-256","content":"12190dc84dad00b8a6c0341f7e8a254b0f38785afdec022bd5941e1184a5a3fb"}],"licenses":[{"license":{"id":"0BSD","url":"https://opensource.org/licenses/0BSD"}},{"license":{"id":"BSD-2-Clause","url":"https://opensource.org/licenses/BSD-2-Clause"}}],"purl":"pkg:pypi/jira@3.8.0","externalReferences":[{"type":"vcs","url":"https://github.com/pycontribs/jira"}],"type":"library","bom-ref":"pkg:pypi/jira@3.8.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"David Aguilar ","group":"","name":"jsonpickle","version":"3.3.0","description":"Python library for serializing arbitrary object graphs into JSON","hashes":[{"alg":"SHA-256","content":"287c12143f35571ab00e224fa323aa4b090d5a7f086f5f494d7ee9c7eb1a380a"}],"licenses":[{"license":{"id":"0BSD","url":"https://opensource.org/licenses/0BSD"}}],"purl":"pkg:pypi/jsonpickle@3.3.0","externalReferences":[{"type":"vcs","url":"https://github.com/jsonpickle/jsonpickle"}],"type":"library","bom-ref":"pkg:pypi/jsonpickle@3.3.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Julian Berman ","group":"","name":"jsonschema-specifications","version":"2024.10.1","description":"The JSON Schema meta-schemas and vocabularies, exposed as a Registry","hashes":[{"alg":"SHA-256","content":"a09a0680616357d9a0ecf05c12ad234479f549239d0f5b55f3deea67475da9bf"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/jsonschema-specifications@2024.10.1","type":"library","bom-ref":"pkg:pypi/jsonschema-specifications@2024.10.1","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Julian Berman ","group":"","name":"jsonschema","version":"4.23.0","description":"An implementation of JSON Schema validation for Python","hashes":[{"alg":"SHA-256","content":"fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/jsonschema@4.23.0","type":"library","bom-ref":"pkg:pypi/jsonschema@4.23.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Erik Rose ","group":"","name":"more-itertools","version":"10.5.0","description":"More routines for operating on iterables, beyond itertools","hashes":[{"alg":"SHA-256","content":"037b0d3203ce90cca8ab1defbbdac29d5f993fc20131f3664dc8d6acfa872aef"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/more-itertools@10.5.0","type":"library","bom-ref":"pkg:pypi/more-itertools@10.5.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Inada Naoki ","group":"","name":"msgpack","version":"1.1.0","description":"MessagePack serializer","hashes":[{"alg":"SHA-256","content":"7ad442d527a7e358a469faf43fda45aaf4ac3249c8310a82f0ccff9164e5dccd"}],"licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:pypi/msgpack@1.1.0","type":"library","bom-ref":"pkg:pypi/msgpack@1.1.0","evidence":{"identity":{"field":"purl","confidence":0.8,"methods":[{"technique":"manifest-analysis","confidence":0.8,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry_requirements.txt"}]}},"properties":[{"name":"SrcFile","value":"/home/runner/work/SecObserve/SecObserve/backend/poetry_requirements.txt"}]},{"author":"The OAuthlib Community ","group":"","name":"oauthlib","version":"3.2.2","description":"A generic, spec-compliant, thorough implementation of the OAuth request-signing logic","hashes":[{"alg":"SHA-256","content":"8139f29aac13e25d502680e9e19963e83f16838d48a0d71c287fe40e7067fbca"}],"licenses":[{"expression":"OSI Approved"}],"purl":"pkg:pypi/oauthlib@3.2.2","externalReferences":[{"type":"vcs","url":"https://github.com/oauthlib/oauthlib"}],"type":"library","bom-ref":"pkg:pypi/oauthlib@3.2.2","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"See AUTHORS ","group":"","name":"openpyxl","version":"3.1.5","description":"A Python library to read/write Excel 2010 xlsx/xlsm files","hashes":[{"alg":"SHA-256","content":"5282c12b107bffeef825f4617dc029afaf41d0ea60823bbb665ef3079dc79de2"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/openpyxl@3.1.5","externalReferences":[{"type":"website","url":"https://openpyxl.readthedocs.io"}],"type":"library","bom-ref":"pkg:pypi/openpyxl@3.1.5","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"the purl authors","group":"","name":"packageurl-python","version":"0.16.0","description":"A purl aka. Package URL parser and builder","hashes":[{"alg":"SHA-256","content":"5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/packageurl-python@0.16.0","externalReferences":[{"type":"vcs","url":"https://github.com/package-url/packageurl-python"}],"type":"library","bom-ref":"pkg:pypi/packageurl-python@0.16.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Donald Stufft ","group":"","name":"packaging","version":"24.1","description":"Core utilities for Python packages","hashes":[{"alg":"SHA-256","content":"5b8f2217dbdbd2f7f384c41c628544e6d52f2d0f53c6d0c3ea61aa5d1d7ff124"}],"licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}},{"license":{"id":"0BSD","url":"https://opensource.org/licenses/0BSD"}}],"purl":"pkg:pypi/packaging@24.1","type":"library","bom-ref":"pkg:pypi/packaging@24.1","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"\"Jeffrey A. Clark\" ","group":"","name":"pillow","version":"10.4.0","description":"Python Imaging Library (Fork)","hashes":[{"alg":"SHA-256","content":"4d9667937cfa347525b319ae34375c37b9ee6b525440f3ef48542fcf66f2731e"}],"licenses":[{"expression":"CMU License (MIT-CMU)"}],"purl":"pkg:pypi/pillow@10.4.0","type":"library","bom-ref":"pkg:pypi/pillow@10.4.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}},"properties":[{"name":"cdx:pypi:latest_version","value":"11.0.0"},{"name":"cdx:pypi:resolved_from","value":"pillow"}]},{"author":"Daniele Varrazzo ","group":"","name":"psycopg-binary","version":"3.2.3","description":"PostgreSQL database adapter for Python -- C optimisation distribution","hashes":[{"alg":"SHA-256","content":"965455eac8547f32b3181d5ec9ad8b9be500c10fe06193543efaaebe3e4ce70c"}],"licenses":[{"license":{"id":"LGPL-3.0-only","url":"https://opensource.org/licenses/LGPL-3.0-only"}}],"purl":"pkg:pypi/psycopg-binary@3.2.3","externalReferences":[{"type":"website","url":"https://psycopg.org/psycopg3/"}],"type":"library","bom-ref":"pkg:pypi/psycopg-binary@3.2.3","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Daniele Varrazzo ","group":"","name":"psycopg","version":"3.2.3","description":"PostgreSQL database adapter for Python","hashes":[{"alg":"SHA-256","content":"644d3973fe26908c73d4be746074f6e5224b03c1101d302d9a53bf565ad64907"}],"licenses":[{"license":{"id":"LGPL-3.0-only","url":"https://opensource.org/licenses/LGPL-3.0-only"}}],"purl":"pkg:pypi/psycopg@3.2.3","externalReferences":[{"type":"website","url":"https://psycopg.org/psycopg3/"}],"type":"library","bom-ref":"pkg:pypi/psycopg@3.2.3","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Prowler Team ","group":"","name":"py-ocsf-models","version":"0.1.1","description":"This is a Python implementation of the OCSF models. The models are used to represent the data of the OCSF Schema defined in https://schema.ocsf.io/.","hashes":[{"alg":"SHA-256","content":"c6ea465fda85470b938a48da65b1f19664f6d83820ebe849ef5551094e6768de"}],"licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:pypi/py-ocsf-models@0.1.1","type":"library","bom-ref":"pkg:pypi/py-ocsf-models@0.1.1","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}},"properties":[{"name":"cdx:pypi:latest_version","value":"0.2.0"},{"name":"cdx:pypi:resolved_from","value":"py-ocsf-models"}]},{"author":"Eli Bendersky ","group":"","name":"pycparser","version":"2.22","description":"C parser in Python","hashes":[{"alg":"SHA-256","content":"c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc"}],"licenses":[{"license":{"id":"0BSD","url":"https://opensource.org/licenses/0BSD"}},{"license":{"id":"BSD-3-Clause","url":"https://opensource.org/licenses/BSD-3-Clause"}}],"purl":"pkg:pypi/pycparser@2.22","externalReferences":[{"type":"vcs","url":"https://github.com/eliben/pycparser"}],"type":"library","bom-ref":"pkg:pypi/pycparser@2.22","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Samuel Colvin , Eric Jolibois , Hasan Ramezani , Adrian Garcia Badaracco <1755071+adriangb@users.noreply.github.com>, Terrence Dorsey , David Montague , Serge Matveenko , Marcelo Trylesinski , Sydney Runkle , David Hewitt , Alex Hall ","group":"","name":"pydantic","version":"1.10.15","description":"Data validation using Python type hints","hashes":[{"alg":"SHA-256","content":"22ed12ee588b1df028a2aa5d66f07bf8f8b4c8579c2e96d5a9c1f96b77f3bb55"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/pydantic@1.10.15","type":"library","bom-ref":"pkg:pypi/pydantic@1.10.15","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}},"properties":[{"name":"cdx:pypi:latest_version","value":"2.9.2"},{"name":"cdx:pypi:resolved_from","value":"pydantic"}]},{"author":"Jose Padilla ","group":"","name":"PyJWT","version":"2.9.0","description":"JSON Web Token implementation in Python","hashes":[{"alg":"SHA-256","content":"3b02fb0f44517787776cf48f2ae25d8e14f300e6d7545a4315cee571a415e850"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/pyjwt@2.9.0","externalReferences":[{"type":"vcs","url":"https://github.com/jpadilla/pyjwt"}],"type":"library","bom-ref":"pkg:pypi/pyjwt@2.9.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Inada Naoki , Yutaka Matsubara ","group":"","name":"PyMySQL","version":"1.1.1","description":"Pure Python MySQL Driver","hashes":[{"alg":"SHA-256","content":"4de15da4c61dc132f4fb9ab763063e693d521a80fd0e87943b9a453dd4c19d6c"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/pymysql@1.1.1","type":"library","bom-ref":"pkg:pypi/pymysql@1.1.1","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Thomas Kluyver ","group":"","name":"pyproject-hooks","version":"1.2.0","description":"Wrappers to call pyproject.toml-based build backend hooks.","hashes":[{"alg":"SHA-256","content":"9e5c6bfa8dcc30091c74b0cf803c81fdd29d94f01992a7707bc97babb1141913"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/pyproject-hooks@1.2.0","type":"library","bom-ref":"pkg:pypi/pyproject-hooks@1.2.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"instrumentation","confidence":1,"value":"/tmp/cdxgen-venv-43yYKx"}]}},"properties":[{"name":"SrcFile","value":"/home/runner/work/SecObserve/SecObserve/backend/poetry_requirements.txt"}]},{"author":"Kirill Simonov ","group":"","name":"PyYAML","version":"6.0.2","description":"YAML parser and emitter for Python","hashes":[{"alg":"SHA-256","content":"0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/pyyaml@6.0.2","externalReferences":[{"type":"website","url":"https://pyyaml.org/"}],"type":"library","bom-ref":"pkg:pypi/pyyaml@6.0.2","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Max Bachmann ","group":"","name":"RapidFuzz","version":"3.10.0","description":"rapid fuzzy string matching","hashes":[{"alg":"SHA-256","content":"884453860de029380dded8f3c1918af2d8eb5adf8010261645c7e5c88c2b5428"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/rapidfuzz@3.10.0","type":"library","bom-ref":"pkg:pypi/rapidfuzz@3.10.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"instrumentation","confidence":1,"value":"/tmp/cdxgen-venv-43yYKx"}]}},"properties":[{"name":"SrcFile","value":"/home/runner/work/SecObserve/SecObserve/backend/poetry_requirements.txt"}]},{"author":"Julian Berman ","group":"","name":"referencing","version":"0.35.1","description":"JSON Referencing + Python","hashes":[{"alg":"SHA-256","content":"eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/referencing@0.35.1","type":"library","bom-ref":"pkg:pypi/referencing@0.35.1","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Kenneth Reitz ","group":"","name":"requests-oauthlib","version":"2.0.0","description":"OAuthlib authentication support for Requests.","hashes":[{"alg":"SHA-256","content":"7dd8a5c40426b779b0868c404bdef9768deccf22749cde15852df527e6269b36"}],"licenses":[{"license":{"id":"0BSD","url":"https://opensource.org/licenses/0BSD"}},{"license":{"id":"ISC","url":"https://opensource.org/licenses/ISC"}}],"purl":"pkg:pypi/requests-oauthlib@2.0.0","externalReferences":[{"type":"vcs","url":"https://github.com/requests/requests-oauthlib"}],"type":"library","bom-ref":"pkg:pypi/requests-oauthlib@2.0.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Ian Cordasco, Cory Benfield ","group":"","name":"requests-toolbelt","version":"1.0.0","description":"A utility belt for advanced users of python-requests","hashes":[{"alg":"SHA-256","content":"cccfdd665f0a24fcf4726e690f65639d272bb0637b9b92dfd91a5568ccf6bd06"}],"licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:pypi/requests-toolbelt@1.0.0","externalReferences":[{"type":"website","url":"https://toolbelt.readthedocs.io/"}],"type":"library","bom-ref":"pkg:pypi/requests-toolbelt@1.0.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Kenneth Reitz ","group":"","name":"requests","version":"2.32.3","description":"Python HTTP for Humans.","hashes":[{"alg":"SHA-256","content":"70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6"}],"licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:pypi/requests@2.32.3","externalReferences":[{"type":"website","url":"https://requests.readthedocs.io"}],"type":"library","bom-ref":"pkg:pypi/requests@2.32.3","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Julian Berman ","group":"","name":"rpds-py","version":"0.20.0","description":"Python bindings to Rust's persistent data structures (rpds)","hashes":[{"alg":"SHA-256","content":"3ad0fda1635f8439cde85c700f964b23ed5fc2d28016b32b9ee5fe30da5c84e2"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/rpds-py@0.20.0","type":"library","bom-ref":"pkg:pypi/rpds-py@0.20.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Andi Albrecht ","group":"","name":"sqlparse","version":"0.5.1","description":"A non-validating SQL parser.","hashes":[{"alg":"SHA-256","content":"773dcbf9a5ab44a090f3441e2180efe2560220203dc2f8c0b0fa141e18b505e4"}],"licenses":[{"license":{"id":"0BSD","url":"https://opensource.org/licenses/0BSD"}}],"purl":"pkg:pypi/sqlparse@0.5.1","type":"library","bom-ref":"pkg:pypi/sqlparse@0.5.1","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Alex Grönholm ","group":"","name":"typeguard","version":"4.3.0","description":"Run-time type checker for Python","hashes":[{"alg":"SHA-256","content":"4d24c5b39a117f8a895b9da7a9b3114f04eb63bade45a4492de49b175b6f7dfa"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/typeguard@4.3.0","type":"library","bom-ref":"pkg:pypi/typeguard@4.3.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"\"Guido van Rossum, Jukka Lehtosalo, Łukasz Langa, Michael Lee\" ","group":"","name":"typing-extensions","version":"4.12.2","description":"Backported and Experimental Type Hints for Python 3.8+","hashes":[{"alg":"SHA-256","content":"04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d"}],"licenses":[{"license":{"id":"PSF-2.0","url":"https://opensource.org/licenses/PSF-2.0"}}],"purl":"pkg:pypi/typing-extensions@4.12.2","type":"library","bom-ref":"pkg:pypi/typing-extensions@4.12.2","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Python Software Foundation ","group":"","name":"tzdata","version":"2024.2","description":"Provider of IANA time zone data","hashes":[{"alg":"SHA-256","content":"a48093786cdcde33cad18c2555e8532f34422074448fbc874186f0abd79565cd"}],"licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:pypi/tzdata@2024.2","externalReferences":[{"type":"vcs","url":"https://github.com/python/tzdata"}],"type":"library","bom-ref":"pkg:pypi/tzdata@2024.2","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Ian Stapleton Cordasco ","group":"","name":"uritemplate","version":"4.1.1","description":"Implementation of RFC 6570 URI Templates","hashes":[{"alg":"SHA-256","content":"830c08b8d99bdd312ea4ead05994a38e8936266f84b9a7878232db50b044e02e"}],"licenses":[{"expression":"OSI Approved OR BSD 3-Clause License or Apache License, Version 2.0"}],"purl":"pkg:pypi/uritemplate@4.1.1","externalReferences":[{"type":"website","url":"https://uritemplate.readthedocs.org"}],"type":"library","bom-ref":"pkg:pypi/uritemplate@4.1.1","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Andrey Petrov ","group":"","name":"urllib3","version":"2.2.3","description":"HTTP library with thread-safe connection pooling, file post, and more.","hashes":[{"alg":"SHA-256","content":"ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/urllib3@2.2.3","type":"library","bom-ref":"pkg:pypi/urllib3@2.2.3","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"Konsta Vesterinen ","group":"","name":"validators","version":"0.34.0","description":"Python Data Validation for Humans™","hashes":[{"alg":"SHA-256","content":"c804b476e3e6d3786fa07a30073a4ef694e617805eb1946ceee3fe5a9b8b1321"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/validators@0.34.0","type":"library","bom-ref":"pkg:pypi/validators@0.34.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"David Evans","group":"","name":"whitenoise","version":"6.7.0","description":"Radically simplified static file serving for WSGI applications","hashes":[{"alg":"SHA-256","content":"a1ae85e01fdc9815d12fa33f17765bc132ed2c54fa76daf9e39e879dd93566f6"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/whitenoise@6.7.0","type":"library","bom-ref":"pkg:pypi/whitenoise@6.7.0","evidence":{"identity":{"field":"purl","confidence":1,"methods":[{"technique":"manifest-analysis","confidence":1,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry.lock"}]}}},{"author":"\"Jason R. Coombs\" ","group":"","name":"zipp","version":"3.20.2","description":"Backport of pathlib-compatible object wrapper for zip files","hashes":[{"alg":"SHA-256","content":"a817ac80d6cf4b23bf7f2828b7cabf326f15a001bea8b1f9b49631780ba28350"}],"licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:pypi/zipp@3.20.2","type":"library","bom-ref":"pkg:pypi/zipp@3.20.2","evidence":{"identity":{"field":"purl","confidence":0.8,"methods":[{"technique":"manifest-analysis","confidence":0.8,"value":"/home/runner/work/SecObserve/SecObserve/backend/poetry_requirements.txt"}]}},"properties":[{"name":"SrcFile","value":"/home/runner/work/SecObserve/SecObserve/backend/poetry_requirements.txt"}]}],"dependencies":[{"ref":"pkg:pypi/secobserve@1.22.4","dependsOn":["pkg:pypi/argon2-cffi@23.1.0","pkg:pypi/cvss@3.2","pkg:pypi/defusedcsv@2.0.0","pkg:pypi/django-cors-headers@4.5.0","pkg:pypi/django-csp@3.8","pkg:pypi/django-encrypted-model-fields@0.6.5","pkg:pypi/django-environ@0.11.2","pkg:pypi/django-filter@24.3","pkg:pypi/django-picklefield@3.2","pkg:pypi/django@5.1.2","pkg:pypi/djangorestframework@3.15.2","pkg:pypi/drf-spectacular-sidecar@2024.7.1","pkg:pypi/drf-spectacular@0.27.2","pkg:pypi/gunicorn@23.0.0","pkg:pypi/huey@2.5.2","pkg:pypi/inflect@7.4.0","pkg:pypi/jira@3.8.0","pkg:pypi/jsonpickle@3.3.0","pkg:pypi/openpyxl@3.1.5","pkg:pypi/packageurl-python@0.16.0","pkg:pypi/psycopg@3.2.3","pkg:pypi/py-ocsf-models@0.1.1","pkg:pypi/pymysql@1.1.1","pkg:pypi/requests@2.32.3","pkg:pypi/validators@0.34.0","pkg:pypi/whitenoise@6.7.0"]},{"ref":"pkg:pypi/argon2-cffi@23.1.0","dependsOn":["pkg:pypi/argon2-cffi-bindings@21.2.0"]},{"ref":"pkg:pypi/argon2-cffi-bindings@21.2.0","dependsOn":["pkg:pypi/cffi@1.17.1"]},{"ref":"pkg:pypi/asgiref@3.8.1","dependsOn":["pkg:pypi/typing-extensions@4.12.2"]},{"ref":"pkg:pypi/attrs@24.2.0","dependsOn":[]},{"ref":"pkg:pypi/certifi@2024.8.30","dependsOn":[]},{"ref":"pkg:pypi/cffi@1.17.1","dependsOn":["pkg:pypi/pycparser@2.22"]},{"ref":"pkg:pypi/charset-normalizer@3.4.0","dependsOn":[]},{"ref":"pkg:pypi/cryptography@43.0.1","dependsOn":["pkg:pypi/cffi@1.17.1"]},{"ref":"pkg:pypi/cvss@3.2","dependsOn":[]},{"ref":"pkg:pypi/defusedcsv@2.0.0","dependsOn":[]},{"ref":"pkg:pypi/defusedxml@0.7.1","dependsOn":[]},{"ref":"pkg:pypi/django@5.1.2","dependsOn":["pkg:pypi/asgiref@3.8.1","pkg:pypi/sqlparse@0.5.1","pkg:pypi/tzdata@2024.2"]},{"ref":"pkg:pypi/django-cors-headers@4.5.0","dependsOn":["pkg:pypi/asgiref@3.8.1","pkg:pypi/django@5.1.2"]},{"ref":"pkg:pypi/django-csp@3.8","dependsOn":["pkg:pypi/django@5.1.2"]},{"ref":"pkg:pypi/django-encrypted-model-fields@0.6.5","dependsOn":["pkg:pypi/cryptography@43.0.1","pkg:pypi/django@5.1.2"]},{"ref":"pkg:pypi/django-environ@0.11.2","dependsOn":[]},{"ref":"pkg:pypi/django-filter@24.3","dependsOn":["pkg:pypi/django@5.1.2"]},{"ref":"pkg:pypi/django-picklefield@3.2","dependsOn":["pkg:pypi/django@5.1.2"]},{"ref":"pkg:pypi/djangorestframework@3.15.2","dependsOn":["pkg:pypi/django@5.1.2"]},{"ref":"pkg:pypi/dnspython@2.7.0","dependsOn":[]},{"ref":"pkg:pypi/drf-spectacular@0.27.2","dependsOn":["pkg:pypi/django@5.1.2","pkg:pypi/djangorestframework@3.15.2","pkg:pypi/inflection@0.5.1","pkg:pypi/jsonschema@4.23.0","pkg:pypi/pyyaml@6.0.2","pkg:pypi/uritemplate@4.1.1"]},{"ref":"pkg:pypi/drf-spectacular-sidecar@2024.7.1","dependsOn":["pkg:pypi/django@5.1.2"]},{"ref":"pkg:pypi/email-validator@2.1.1","dependsOn":["pkg:pypi/dnspython@2.7.0","pkg:pypi/idna@3.10"]},{"ref":"pkg:pypi/et-xmlfile@1.1.0","dependsOn":[]},{"ref":"pkg:pypi/gunicorn@23.0.0","dependsOn":["pkg:pypi/packaging@24.1"]},{"ref":"pkg:pypi/huey@2.5.2","dependsOn":[]},{"ref":"pkg:pypi/idna@3.10","dependsOn":[]},{"ref":"pkg:pypi/inflect@7.4.0","dependsOn":["pkg:pypi/more-itertools@10.5.0","pkg:pypi/typeguard@4.3.0"]},{"ref":"pkg:pypi/inflection@0.5.1","dependsOn":[]},{"ref":"pkg:pypi/jira@3.8.0","dependsOn":["pkg:pypi/defusedxml@0.7.1","pkg:pypi/packaging@24.1","pkg:pypi/pillow@10.4.0","pkg:pypi/requests-oauthlib@2.0.0","pkg:pypi/requests-toolbelt@1.0.0","pkg:pypi/requests@2.32.3","pkg:pypi/typing-extensions@4.12.2"]},{"ref":"pkg:pypi/jsonpickle@3.3.0","dependsOn":[]},{"ref":"pkg:pypi/jsonschema@4.23.0","dependsOn":["pkg:pypi/attrs@24.2.0","pkg:pypi/jsonschema-specifications@2024.10.1","pkg:pypi/referencing@0.35.1","pkg:pypi/rpds-py@0.20.0"]},{"ref":"pkg:pypi/jsonschema-specifications@2024.10.1","dependsOn":["pkg:pypi/referencing@0.35.1"]},{"ref":"pkg:pypi/more-itertools@10.5.0","dependsOn":[]},{"ref":"pkg:pypi/oauthlib@3.2.2","dependsOn":[]},{"ref":"pkg:pypi/openpyxl@3.1.5","dependsOn":["pkg:pypi/et-xmlfile@1.1.0"]},{"ref":"pkg:pypi/packageurl-python@0.16.0","dependsOn":[]},{"ref":"pkg:pypi/packaging@24.1","dependsOn":[]},{"ref":"pkg:pypi/pillow@10.4.0","dependsOn":[]},{"ref":"pkg:pypi/psycopg@3.2.3","dependsOn":["pkg:pypi/psycopg-binary@3.2.3","pkg:pypi/typing-extensions@4.12.2","pkg:pypi/tzdata@2024.2"]},{"ref":"pkg:pypi/psycopg-binary@3.2.3","dependsOn":[]},{"ref":"pkg:pypi/py-ocsf-models@0.1.1","dependsOn":["pkg:pypi/email-validator@2.1.1","pkg:pypi/pydantic@1.10.15"]},{"ref":"pkg:pypi/pycparser@2.22","dependsOn":[]},{"ref":"pkg:pypi/pydantic@1.10.15","dependsOn":["pkg:pypi/typing-extensions@4.12.2"]},{"ref":"pkg:pypi/pyjwt@2.9.0","dependsOn":[]},{"ref":"pkg:pypi/pymysql@1.1.1","dependsOn":[]},{"ref":"pkg:pypi/pyyaml@6.0.2","dependsOn":[]},{"ref":"pkg:pypi/referencing@0.35.1","dependsOn":["pkg:pypi/attrs@24.2.0","pkg:pypi/rpds-py@0.20.0"]},{"ref":"pkg:pypi/requests@2.32.3","dependsOn":["pkg:pypi/certifi@2024.8.30","pkg:pypi/charset-normalizer@3.4.0","pkg:pypi/idna@3.10","pkg:pypi/urllib3@2.2.3"]},{"ref":"pkg:pypi/requests-oauthlib@2.0.0","dependsOn":["pkg:pypi/oauthlib@3.2.2","pkg:pypi/requests@2.32.3"]},{"ref":"pkg:pypi/requests-toolbelt@1.0.0","dependsOn":["pkg:pypi/requests@2.32.3"]},{"ref":"pkg:pypi/rpds-py@0.20.0","dependsOn":[]},{"ref":"pkg:pypi/sqlparse@0.5.1","dependsOn":[]},{"ref":"pkg:pypi/typeguard@4.3.0","dependsOn":["pkg:pypi/typing-extensions@4.12.2"]},{"ref":"pkg:pypi/typing-extensions@4.12.2","dependsOn":[]},{"ref":"pkg:pypi/tzdata@2024.2","dependsOn":[]},{"ref":"pkg:pypi/uritemplate@4.1.1","dependsOn":[]},{"ref":"pkg:pypi/urllib3@2.2.3","dependsOn":[]},{"ref":"pkg:pypi/validators@0.34.0","dependsOn":[]},{"ref":"pkg:pypi/whitenoise@6.7.0","dependsOn":[]},{"ref":"pkg:pypi/rapidfuzz@3.10.0","dependsOn":[]},{"ref":"pkg:pypi/pyproject-hooks@1.2.0","dependsOn":[]},{"ref":"pkg:pypi/zipp@3.20.2","dependsOn":[]},{"ref":"pkg:pypi/importlib-metadata@8.5.0","dependsOn":["pkg:pypi/zipp@3.20.2"]},{"ref":"pkg:pypi/msgpack@1.1.0","dependsOn":[]},{"ref":"pkg:pypi/cachecontrol@0.14.0","dependsOn":["pkg:pypi/msgpack@1.1.0","pkg:pypi/requests@2.32.3"]}]} \ No newline at end of file diff --git a/backend/unittests/import_observations/services/test_import_observations.py b/backend/unittests/import_observations/services/test_import_observations.py index 68e121e7d..055e079a3 100644 --- a/backend/unittests/import_observations/services/test_import_observations.py +++ b/backend/unittests/import_observations/services/test_import_observations.py @@ -542,7 +542,7 @@ def _file_upload_licenses( ) self.assertEqual(license_components[1].purl_type, "pypi") self.assertEqual(license_components[1].cpe, "") - dependencies = """SecObserve:1.22.3 --> argon2-cffi:23.1.0 + dependencies = """SecObserve:1.22.4 --> argon2-cffi:23.1.0 argon2-cffi:23.1.0 --> argon2-cffi-bindings:21.2.0""" self.assertEqual(license_components[1].dependencies, dependencies) self.assertEqual( diff --git a/backend/unittests/vex/api/files/csaf_given_vulnerability.json b/backend/unittests/vex/api/files/csaf_given_vulnerability.json index 430cc2b62..e3dbe3f05 100644 --- a/backend/unittests/vex/api/files/csaf_given_vulnerability.json +++ b/backend/unittests/vex/api/files/csaf_given_vulnerability.json @@ -18,7 +18,7 @@ "generator": { "engine": { "name": "SecObserve", - "version": "1.22.3" + "version": "1.22.4" } }, "id": "CSAF_2024_0001_0001", diff --git a/backend/unittests/vex/api/files/csaf_given_vulnerability_update.json b/backend/unittests/vex/api/files/csaf_given_vulnerability_update.json index 2b8372798..f56f785a6 100644 --- a/backend/unittests/vex/api/files/csaf_given_vulnerability_update.json +++ b/backend/unittests/vex/api/files/csaf_given_vulnerability_update.json @@ -18,7 +18,7 @@ "generator": { "engine": { "name": "SecObserve", - "version": "1.22.3" + "version": "1.22.4" } }, "id": "CSAF_2024_0001_0002", diff --git a/backend/unittests/vex/api/files/csaf_product_branches.json b/backend/unittests/vex/api/files/csaf_product_branches.json index 2c4de6d75..1f8cee76c 100644 --- a/backend/unittests/vex/api/files/csaf_product_branches.json +++ b/backend/unittests/vex/api/files/csaf_product_branches.json @@ -18,7 +18,7 @@ "generator": { "engine": { "name": "SecObserve", - "version": "1.22.3" + "version": "1.22.4" } }, "id": "CSAF_2024_0001_0001", diff --git a/backend/unittests/vex/api/files/csaf_product_given_branch.json b/backend/unittests/vex/api/files/csaf_product_given_branch.json index 4b7ad0655..85d6abab9 100644 --- a/backend/unittests/vex/api/files/csaf_product_given_branch.json +++ b/backend/unittests/vex/api/files/csaf_product_given_branch.json @@ -18,7 +18,7 @@ "generator": { "engine": { "name": "SecObserve", - "version": "1.22.3" + "version": "1.22.4" } }, "id": "CSAF_2024_0001_0001", diff --git a/backend/unittests/vex/api/files/csaf_product_no_branch.json b/backend/unittests/vex/api/files/csaf_product_no_branch.json index 2d3b69ac5..ce6dc2092 100644 --- a/backend/unittests/vex/api/files/csaf_product_no_branch.json +++ b/backend/unittests/vex/api/files/csaf_product_no_branch.json @@ -18,7 +18,7 @@ "generator": { "engine": { "name": "SecObserve", - "version": "1.22.3" + "version": "1.22.4" } }, "id": "CSAF_2024_0001_0001", diff --git a/backend/unittests/vex/api/files/csaf_product_no_branch_update.json b/backend/unittests/vex/api/files/csaf_product_no_branch_update.json index 0e2d600eb..18ea78b8e 100644 --- a/backend/unittests/vex/api/files/csaf_product_no_branch_update.json +++ b/backend/unittests/vex/api/files/csaf_product_no_branch_update.json @@ -18,7 +18,7 @@ "generator": { "engine": { "name": "SecObserve", - "version": "1.22.3" + "version": "1.22.4" } }, "id": "CSAF_2024_0001_0002", diff --git a/backend/unittests/vex/api/files/openvex_given_vulnerability.json b/backend/unittests/vex/api/files/openvex_given_vulnerability.json index cb020a71b..211a84047 100644 --- a/backend/unittests/vex/api/files/openvex_given_vulnerability.json +++ b/backend/unittests/vex/api/files/openvex_given_vulnerability.json @@ -47,6 +47,6 @@ } ], "timestamp": "2020-01-01T04:30:00+00:00", - "tooling": "SecObserve / 1.22.3", + "tooling": "SecObserve / 1.22.4", "version": 1 } \ No newline at end of file diff --git a/backend/unittests/vex/api/files/openvex_given_vulnerability_update.json b/backend/unittests/vex/api/files/openvex_given_vulnerability_update.json index c607d1aac..b6c192997 100644 --- a/backend/unittests/vex/api/files/openvex_given_vulnerability_update.json +++ b/backend/unittests/vex/api/files/openvex_given_vulnerability_update.json @@ -37,6 +37,6 @@ } ], "timestamp": "2020-01-01T04:30:00+00:00", - "tooling": "SecObserve / 1.22.3", + "tooling": "SecObserve / 1.22.4", "version": 2 } \ No newline at end of file diff --git a/backend/unittests/vex/api/files/openvex_product_branches.json b/backend/unittests/vex/api/files/openvex_product_branches.json index ebb302dcb..ca32cc289 100644 --- a/backend/unittests/vex/api/files/openvex_product_branches.json +++ b/backend/unittests/vex/api/files/openvex_product_branches.json @@ -70,6 +70,6 @@ } ], "timestamp": "2020-01-01T04:30:00+00:00", - "tooling": "SecObserve / 1.22.3", + "tooling": "SecObserve / 1.22.4", "version": 1 } \ No newline at end of file diff --git a/backend/unittests/vex/api/files/openvex_product_given_branch.json b/backend/unittests/vex/api/files/openvex_product_given_branch.json index 24d74c0f4..51e2cad6a 100644 --- a/backend/unittests/vex/api/files/openvex_product_given_branch.json +++ b/backend/unittests/vex/api/files/openvex_product_given_branch.json @@ -28,6 +28,6 @@ } ], "timestamp": "2020-01-01T04:30:00+00:00", - "tooling": "SecObserve / 1.22.3", + "tooling": "SecObserve / 1.22.4", "version": 1 } \ No newline at end of file diff --git a/backend/unittests/vex/api/files/openvex_product_no_branch.json b/backend/unittests/vex/api/files/openvex_product_no_branch.json index 469fec5a7..007777ae9 100644 --- a/backend/unittests/vex/api/files/openvex_product_no_branch.json +++ b/backend/unittests/vex/api/files/openvex_product_no_branch.json @@ -63,6 +63,6 @@ } ], "timestamp": "2020-01-01T04:30:00+00:00", - "tooling": "SecObserve / 1.22.3", + "tooling": "SecObserve / 1.22.4", "version": 1 } \ No newline at end of file diff --git a/backend/unittests/vex/api/files/openvex_product_no_branch_update.json b/backend/unittests/vex/api/files/openvex_product_no_branch_update.json index b52400485..039856466 100644 --- a/backend/unittests/vex/api/files/openvex_product_no_branch_update.json +++ b/backend/unittests/vex/api/files/openvex_product_no_branch_update.json @@ -64,6 +64,6 @@ } ], "timestamp": "2020-01-01T04:30:00+00:00", - "tooling": "SecObserve / 1.22.3", + "tooling": "SecObserve / 1.22.4", "version": 2 } \ No newline at end of file diff --git a/backend/unittests/vex/services/files/so_csaf_2024_0001_0001.json b/backend/unittests/vex/services/files/so_csaf_2024_0001_0001.json index 65fd1bb87..57d0d4f5f 100644 --- a/backend/unittests/vex/services/files/so_csaf_2024_0001_0001.json +++ b/backend/unittests/vex/services/files/so_csaf_2024_0001_0001.json @@ -18,7 +18,7 @@ "generator": { "engine": { "name": "SecObserve", - "version": "1.22.3" + "version": "1.22.4" } }, "id": "so_2024_0001_0001", diff --git a/backend/unittests/vex/services/files/so_csaf_2024_0001_0001_short.json b/backend/unittests/vex/services/files/so_csaf_2024_0001_0001_short.json index 13f153d90..0ded5dda0 100644 --- a/backend/unittests/vex/services/files/so_csaf_2024_0001_0001_short.json +++ b/backend/unittests/vex/services/files/so_csaf_2024_0001_0001_short.json @@ -18,7 +18,7 @@ "generator": { "engine": { "name": "SecObserve", - "version": "1.22.3" + "version": "1.22.4" } }, "id": "so_2024_0001_0001", diff --git a/backend/unittests/vex/services/files/so_openvex_2024_0001_0001.json b/backend/unittests/vex/services/files/so_openvex_2024_0001_0001.json index 386a3f323..49c14ebd4 100644 --- a/backend/unittests/vex/services/files/so_openvex_2024_0001_0001.json +++ b/backend/unittests/vex/services/files/so_openvex_2024_0001_0001.json @@ -294,6 +294,6 @@ } ], "timestamp": "2024-07-14T11:17:57.668593+00:00", - "tooling": "SecObserve / 1.22.3", + "tooling": "SecObserve / 1.22.4", "version": 1 } \ No newline at end of file diff --git a/docker-compose-dev-keycloak.yml b/docker-compose-dev-keycloak.yml index 8589b8a27..f33de6bcf 100644 --- a/docker-compose-dev-keycloak.yml +++ b/docker-compose-dev-keycloak.yml @@ -84,7 +84,7 @@ services: - "8025:8025" keycloak: - image: keycloak/keycloak:26.0.5 + image: keycloak/keycloak:26.0.6 environment: - KEYCLOAK_ADMIN=admin - KEYCLOAK_ADMIN_PASSWORD=admin diff --git a/docker-compose-prod-mysql.yml b/docker-compose-prod-mysql.yml index f70d9138b..3685b7664 100644 --- a/docker-compose-prod-mysql.yml +++ b/docker-compose-prod-mysql.yml @@ -10,7 +10,7 @@ networks: services: traefik: - image: "traefik:v3.2.0" + image: "traefik:v3.2.1" container_name: "prod_traefik" command: - "--log.level=INFO" @@ -35,7 +35,7 @@ services: - traefik frontend: - image: maibornwolff/secobserve-frontend:1.22.3 + image: maibornwolff/secobserve-frontend:1.22.4 container_name: "prod_secobserve_frontend" labels: - "traefik.enable=true" @@ -54,7 +54,7 @@ services: - traefik backend: - image: maibornwolff/secobserve-backend:1.22.3 + image: maibornwolff/secobserve-backend:1.22.4 container_name: "prod_secobserve_backend" labels: - "traefik.enable=true" diff --git a/docker-compose-prod-postgres.yml b/docker-compose-prod-postgres.yml index c6ae0c3c0..406a66f7b 100644 --- a/docker-compose-prod-postgres.yml +++ b/docker-compose-prod-postgres.yml @@ -10,7 +10,7 @@ networks: services: traefik: - image: "traefik:v3.2.0" + image: "traefik:v3.2.1" container_name: "prod_traefik" command: - "--log.level=INFO" @@ -35,7 +35,7 @@ services: - traefik frontend: - image: maibornwolff/secobserve-frontend:1.22.3 + image: maibornwolff/secobserve-frontend:1.22.4 container_name: "prod_secobserve_frontend" labels: - "traefik.enable=true" @@ -54,7 +54,7 @@ services: - traefik backend: - image: maibornwolff/secobserve-backend:1.22.3 + image: maibornwolff/secobserve-backend:1.22.4 container_name: "prod_secobserve_backend" labels: - "traefik.enable=true" diff --git a/docs/assets/images/secobserve_integrations.drawio b/docs/assets/images/secobserve_integrations.drawio index c858cbf62..1bf73e796 100644 --- a/docs/assets/images/secobserve_integrations.drawio +++ b/docs/assets/images/secobserve_integrations.drawio @@ -123,7 +123,7 @@ - + @@ -138,7 +138,7 @@ - + @@ -160,16 +160,30 @@ - + - + - + + + + + + + + + + + + + + + diff --git a/docs/assets/images/secobserve_integrations.svg b/docs/assets/images/secobserve_integrations.svg index 01a9b5269..fb3ebd2d7 100644 --- a/docs/assets/images/secobserve_integrations.svg +++ b/docs/assets/images/secobserve_integrations.svg @@ -1,3 +1,3 @@ -
Export
Issues
Code link
Notifications
Microsoft Teams
Email
GitLab
CodeCharta
Microsoft Excel
CSV
Jira (Cloud)
Azure DevOps
Slack
NVD
Information
link
GitHub
GitHub
Advisories
open/source/
insights
CSAF  (VEX)
OpenVEX
Import/
Export
SecObserve
OpenID Connect
SPDX
Licenses
Open Source
Vulnerability
Scanners
Licenses
Vulnerabilities
Authentication
EPSS
Scores
 \ No newline at end of file +
Export
Issues
Code link
Notifications
Microsoft Teams
Email
GitLab
CodeCharta
Microsoft Excel
CSV
Jira (Cloud)
Azure DevOps
Slack
NVD
Information
link
GitHub
GitHub
Advisories
open/source/
insights
CSAF  (VEX)
OpenVEX
Import/
Export
SecObserve
OpenID Connect
ScanCode
LicenseDB
Open Source
Vulnerability
Scanners
License
Groups
Vulnerabilities
Authentication
SPDX
Licenses
Scores
EPSS
Licenses
 \ No newline at end of file diff --git a/docs/getting_started/about.md b/docs/getting_started/about.md index b5c92626b..541a60528 100644 --- a/docs/getting_started/about.md +++ b/docs/getting_started/about.md @@ -36,10 +36,16 @@ sequenceDiagram activate Pipeline Pipeline ->> Pipeline: Run scanners Pipeline ->> SecObserve: Upload results - deactivate Pipeline activate SecObserve SecObserve ->> SecObserve: Apply rules deactivate SecObserve + Pipeline ->> SecObserve: Check security gate + activate SecObserve + SecObserve -->> Pipeline: exit code 0/1 + deactivate SecObserve + Pipeline ->> Pipeline: Stop or continue + Pipeline -->> Developer: Feedback + deactivate Pipeline Developer ->> SecObserve: View observations Developer ->> SecObserve: Assess observations Developer ->> Developer: Implement fixes @@ -51,7 +57,13 @@ sequenceDiagram 3. The pipeline runs several of the supported vulnerability scanners. To make integration easy, SecObserve provides predefined templates for the most relevant scanners, see [GitHub actions and GitLab CI templates](../integrations/github_actions_and_templates.md). 4. The scanners store their results in files, which are [uploaded into SecObserve](../usage/import_observations.md). 5. SecObserve applies [rules](../usage/rule_engine.md) to adjust severity and status of observations during the upload process. -6. The developer can now look at the observations in SecObserve, to see what has changed ... -7. ... and if necessary [assess observations](../usage/assess_observations.md) to change their status (eg. false positive or risk accepted) or severity. -8. If fixes are needed to close vulnerabilities, the developer will implement the fixes ... -9. ... and check them in to the repository. Now the cycle starts again. +6. The pipeline can call SecObserve to check the status of the [security gate](../usage/security_gates.md). +7. SecObserve returns an exit code to the pipeline: + * `1` if the security gate has **failed** + * `0` if the security gate has **passed** or is **disabled** +8. The pipeline can stop or continue based on the exit code, depending on the configuration of the check step. Default is to stop the pipeline if the security gate has failed. +9. The developer can see the result of the pipeline. +10. The developer can now look at the observations in SecObserve, to see what has changed ... +11. ... and if necessary [assess observations](../usage/assess_observations.md) to change their status (eg. false positive or risk accepted) or severity. +12. If fixes are needed to close vulnerabilities, the developer will implement the fixes ... +13. ... and check them in to the repository. Now the cycle starts again. diff --git a/docs/getting_started/features.md b/docs/getting_started/features.md index f230921a9..3ed7baa52 100644 --- a/docs/getting_started/features.md +++ b/docs/getting_started/features.md @@ -30,7 +30,8 @@ | [Import from many SAST, SCA, DAST, infrastructure and secrets scanners](../integrations/supported_scanners.md) | :material-plus-circle-outline: | | [GitLab CI integration of scanners with predefined templates](../integrations/github_actions_and_templates.md#examplary-pipeline-for-gitlab-ci-templates)
[GitHub integration of scanners with predefined actions](../integrations/github_actions_and_templates.md#examplary-workflow-for-github-actions) | :material-plus-circle-outline: | | [Data enrichment from Exploit Prediction Scoring System (EPSS)](../integrations/epss.md) | :material-plus-circle-outline: | -| [Always up-to-date SPDX licenses](../integrations/spdx_licenses.md) | :material-plus-circle-outline: | +| [Always up-to-date SPDX licenses](../integrations/license_data.md#spdx-licenses) | :material-plus-circle-outline: | +| [License groups generated from ScanCode LicenseDB data](../integrations/license_data.md#scancode-licensedb) | :material-plus-circle-outline: | | [Direct link to source code](../integrations/source_code_repositories.md) | :material-plus-circle-outline: | | [Export vulnerabilities to issue trackers (Jira, GitLab, GitHub)](../integrations/issue_trackers.md) | :material-plus-circle-outline: | | [Import/export vulnerabilities from/to VEX documents (CSAF, OpenVEX)](../integrations/vex.md) | :material-plus-circle-outline: | diff --git a/docs/getting_started/installation.md b/docs/getting_started/installation.md index f014aae15..89ad47fd5 100644 --- a/docs/getting_started/installation.md +++ b/docs/getting_started/installation.md @@ -45,7 +45,7 @@ services: - default frontend: - image: maibornwolff/secobserve-frontend:1.22.3 + image: maibornwolff/secobserve-frontend:1.22.4 labels: - "traefik.enable=true" - "traefik.http.routers.frontend.rule=Host(`secobserve.localhost`)" @@ -62,7 +62,7 @@ services: - traefik backend: - image: maibornwolff/secobserve-backend:1.22.3 + image: maibornwolff/secobserve-backend:1.22.4 labels: - "traefik.enable=true" - "traefik.http.routers.backend.rule=Host(`secobserve-backend.localhost`)" diff --git a/docs/integrations/github_actions_and_templates.md b/docs/integrations/github_actions_and_templates.md index 27d18e5c7..38d65a7f2 100644 --- a/docs/integrations/github_actions_and_templates.md +++ b/docs/integrations/github_actions_and_templates.md @@ -31,6 +31,10 @@ Most of the actions and templates use the same set of variables: | `SO_ORIGIN_DOCKER_IMAGE_NAME_TAG` | *optional* | Name:Tag of Docker image to be set for all imported observations. | | `SO_ORIGIN_ENDPOINT_URL` | *optional* | URL of endpoint to be set for all imported observations. | | `SO_SUPPRESS_LICENSES` | *optional, only for CycloneDX* | Suppress importing license information if value is `true`. Default is `true` for the *Grype*, *Trivy Filesystem* and *Trivy Image* GitHub action / GitLab templates, default is `false` for the *Importer* action/template | +| **Check security gate** | +| `SO_API_BASE_URL` | *mandatory* | Base URL of the SecObserve backend, e.g. `https://secobserve-backend.example.com`. | +| `SO_API_TOKEN` | *mandatory* | API token of the user to be used for the check. | +| `SO_PRODUCT_NAME` | *mandatory* | Name of the product for which the security gate check is being performed. | ## Available actions and templates @@ -58,6 +62,11 @@ Most of the actions and templates use the same set of variables: | [DrHeader](https://github.com/Santandersecurityresearch/DrHeader) | `actions/DAST/drheader` | `templates/DAST/drheader.yml` | [MIT](https://github.com/Santandersecurityresearch/DrHeader/blob/master/LICENSE) | | [ZAP](https://github.com/zaproxy/zaproxy) | `actions/DAST/zap` | `templates/DAST/zap.yml` | [Apache 2.0](https://github.com/zaproxy/zaproxy/blob/main/LICENSE) | +| Task | GitHub Action | GitLab CI Template | +|---------------------------------------|---------------------------|---------------------------------| +| Import existing file into SecObserve | `actions/importer` | `templates/importer.yml` | +| Check security gate of a product (`exit code 1` if security gate **Failed**, `exit code 0` if security gate **Passed** or **Disabled**) | `actions/check_security_gate` | `templates/check_security_gate.yml` | + All GitHub actions and GitLab CI templates use a pre-built Docker image that contains all scanners and the SecObserve importer. ## Examplary workflow for GitHub actions diff --git a/docs/integrations/spdx_licenses.md b/docs/integrations/license_data.md similarity index 61% rename from docs/integrations/spdx_licenses.md rename to docs/integrations/license_data.md index 4d7a1716e..1ddab5de9 100644 --- a/docs/integrations/spdx_licenses.md +++ b/docs/integrations/license_data.md @@ -1,11 +1,17 @@ -# SPDX licenses +# License data import + +## SPDX licenses The [Linux Foundation](https://www.linuxfoundation.org/) gathers a list of commonly found licenses and exceptions used for open source and other collaborative software. The list is called [SPDX License List](https://spdx.org/licenses/) and is imported daily into SecObserve from a JSON file hosted on GitHub. -## Configuration +### Configuration Per default the task to import the SPDX licenses is scheduled to run every night at 01:30 UTC time. This default can be changed by administrators via the [Settings](../getting_started/configuration.md#admininistration-in-secobserve). ![SPDX license import configuration](../assets/images/screenshot_spdx_license_import.png){ width="80%" style="display: block; margin: 0 auto" } Hour is always in UTC time. + +## ScanCode LicenseDB + +The [ScanCode LicenseDB](https://scancode-licensedb.aboutcode.org) is a free and open database of mostly all the software licenses, including a category per license. Administrators can import the data from the ScanCode LicenseDB with a button in the list of License Groups. License groups will be created or updated for each category, containing the respective SPDX licenses. diff --git a/docs/usage/license_management.md b/docs/usage/license_management.md index 00177a280..41454a622 100644 --- a/docs/usage/license_management.md +++ b/docs/usage/license_management.md @@ -9,7 +9,7 @@ License management is activated by default. If it is not used in an organization If license management is deactivated: * The `Licenses` menu is not visible in the navigation. -* The automatic import of SPDX licenses is deactivated. +* The [automatic import of SPDX licenses](../integrations/license_data.md#spdx-licenses) is deactivated. * Licenses for components are not imported from CycloneDX files and the `License` tab is not visible in the Product view. diff --git a/end_to_end_tests/package-lock.json b/end_to_end_tests/package-lock.json index 76dfeac81..95741b5e8 100644 --- a/end_to_end_tests/package-lock.json +++ b/end_to_end_tests/package-lock.json @@ -1,12 +1,12 @@ { "name": "end_to_end_tests", - "version": "1.22.3", + "version": "1.22.4", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "end_to_end_tests", - "version": "1.22.3", + "version": "1.22.4", "devDependencies": { "@playwright/test": "1.49.0", "@types/node": "22.9.1" diff --git a/end_to_end_tests/package.json b/end_to_end_tests/package.json index f76cbd399..61032471a 100644 --- a/end_to_end_tests/package.json +++ b/end_to_end_tests/package.json @@ -1,6 +1,6 @@ { "name": "end_to_end_tests", - "version": "1.22.3", + "version": "1.22.4", "private": true, "description": "", "main": "index.js", diff --git a/frontend/package-lock.json b/frontend/package-lock.json index 8d1916878..50360388d 100644 --- a/frontend/package-lock.json +++ b/frontend/package-lock.json @@ -1,31 +1,31 @@ { "name": "secobserve", - "version": "1.22.3", + "version": "1.22.4", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "secobserve", - "version": "1.22.3", + "version": "1.22.4", "license": "BSD-3-Clause", "dependencies": { - "@emotion/react": "11.13.3", - "@emotion/styled": "11.13.0", - "@fortawesome/fontawesome-svg-core": "6.7.0", - "@fortawesome/free-brands-svg-icons": "6.7.0", - "@fortawesome/free-solid-svg-icons": "6.7.0", + "@emotion/react": "11.13.5", + "@emotion/styled": "11.13.5", + "@fortawesome/fontawesome-svg-core": "6.7.1", + "@fortawesome/free-brands-svg-icons": "6.7.1", + "@fortawesome/free-solid-svg-icons": "6.7.1", "@fortawesome/react-fontawesome": "0.2.2", "@textea/json-viewer": "3.5.0", "axios": "1.7.7", "chart.js": "4.4.6", - "markdown-to-jsx": "7.6.2", + "markdown-to-jsx": "7.7.0", "mermaid": "11.4.0", "oidc-client-ts": "3.1.0", "prop-types": "15.8.1", "query-string": "9.1.1", - "ra-input-rich-text": "5.3.4", + "ra-input-rich-text": "5.4.0", "react": "18.3.1", - "react-admin": "5.3.4", + "react-admin": "5.4.0", "react-chartjs-2": "5.2.0", "react-dom": "18.3.1", "react-oidc-context": "3.2.0", @@ -514,16 +514,16 @@ "license": "Apache-2.0" }, "node_modules/@emotion/babel-plugin": { - "version": "11.12.0", - "resolved": "https://registry.npmjs.org/@emotion/babel-plugin/-/babel-plugin-11.12.0.tgz", - "integrity": "sha512-y2WQb+oP8Jqvvclh8Q55gLUyb7UFvgv7eJfsj7td5TToBrIUtPay2kMrZi4xjq9qw2vD0ZR5fSho0yqoFgX7Rw==", + "version": "11.13.5", + "resolved": "https://registry.npmjs.org/@emotion/babel-plugin/-/babel-plugin-11.13.5.tgz", + "integrity": "sha512-pxHCpT2ex+0q+HH91/zsdHkw/lXd468DIN2zvfvLtPKLLMo6gQj7oLObq8PhkrxOZb/gGCq03S3Z7PDhS8pduQ==", "license": "MIT", "dependencies": { "@babel/helper-module-imports": "^7.16.7", "@babel/runtime": "^7.18.3", "@emotion/hash": "^0.9.2", "@emotion/memoize": "^0.9.0", - "@emotion/serialize": "^1.2.0", + "@emotion/serialize": "^1.3.3", "babel-plugin-macros": "^3.1.0", "convert-source-map": "^1.5.0", "escape-string-regexp": "^4.0.0", @@ -533,14 +533,14 @@ } }, "node_modules/@emotion/cache": { - "version": "11.13.1", - "resolved": "https://registry.npmjs.org/@emotion/cache/-/cache-11.13.1.tgz", - "integrity": "sha512-iqouYkuEblRcXmylXIwwOodiEK5Ifl7JcX7o6V4jI3iW4mLXX3dmt5xwBtIkJiQEXFAI+pC8X0i67yiPkH9Ucw==", + "version": "11.13.5", + "resolved": "https://registry.npmjs.org/@emotion/cache/-/cache-11.13.5.tgz", + "integrity": "sha512-Z3xbtJ+UcK76eWkagZ1onvn/wAVb1GOMuR15s30Fm2wrMgC7jzpnO2JZXr4eujTTqoQFUrZIw/rT0c6Zzjca1g==", "license": "MIT", "dependencies": { "@emotion/memoize": "^0.9.0", "@emotion/sheet": "^1.4.0", - "@emotion/utils": "^1.4.0", + "@emotion/utils": "^1.4.2", "@emotion/weak-memoize": "^0.4.0", "stylis": "4.2.0" } @@ -567,17 +567,17 @@ "license": "MIT" }, "node_modules/@emotion/react": { - "version": "11.13.3", - "resolved": "https://registry.npmjs.org/@emotion/react/-/react-11.13.3.tgz", - "integrity": "sha512-lIsdU6JNrmYfJ5EbUCf4xW1ovy5wKQ2CkPRM4xogziOxH1nXxBSjpC9YqbFAP7circxMfYp+6x676BqWcEiixg==", + "version": "11.13.5", + "resolved": "https://registry.npmjs.org/@emotion/react/-/react-11.13.5.tgz", + "integrity": "sha512-6zeCUxUH+EPF1s+YF/2hPVODeV/7V07YU5x+2tfuRL8MdW6rv5vb2+CBEGTGwBdux0OIERcOS+RzxeK80k2DsQ==", "license": "MIT", "dependencies": { "@babel/runtime": "^7.18.3", - "@emotion/babel-plugin": "^11.12.0", - "@emotion/cache": "^11.13.0", - "@emotion/serialize": "^1.3.1", + "@emotion/babel-plugin": "^11.13.5", + "@emotion/cache": "^11.13.5", + "@emotion/serialize": "^1.3.3", "@emotion/use-insertion-effect-with-fallbacks": "^1.1.0", - "@emotion/utils": "^1.4.0", + "@emotion/utils": "^1.4.2", "@emotion/weak-memoize": "^0.4.0", "hoist-non-react-statics": "^3.3.1" }, @@ -591,15 +591,15 @@ } }, "node_modules/@emotion/serialize": { - "version": "1.3.2", - "resolved": "https://registry.npmjs.org/@emotion/serialize/-/serialize-1.3.2.tgz", - "integrity": "sha512-grVnMvVPK9yUVE6rkKfAJlYZgo0cu3l9iMC77V7DW6E1DUIrU68pSEXRmFZFOFB1QFo57TncmOcvcbMDWsL4yA==", + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/@emotion/serialize/-/serialize-1.3.3.tgz", + "integrity": "sha512-EISGqt7sSNWHGI76hC7x1CksiXPahbxEOrC5RjmFRJTqLyEK9/9hZvBbiYn70dw4wuwMKiEMCUlR6ZXTSWQqxA==", "license": "MIT", "dependencies": { "@emotion/hash": "^0.9.2", "@emotion/memoize": "^0.9.0", "@emotion/unitless": "^0.10.0", - "@emotion/utils": "^1.4.1", + "@emotion/utils": "^1.4.2", "csstype": "^3.0.2" } }, @@ -610,17 +610,17 @@ "license": "MIT" }, "node_modules/@emotion/styled": { - "version": "11.13.0", - "resolved": "https://registry.npmjs.org/@emotion/styled/-/styled-11.13.0.tgz", - "integrity": "sha512-tkzkY7nQhW/zC4hztlwucpT8QEZ6eUzpXDRhww/Eej4tFfO0FxQYWRyg/c5CCXa4d/f174kqeXYjuQRnhzf6dA==", + "version": "11.13.5", + "resolved": "https://registry.npmjs.org/@emotion/styled/-/styled-11.13.5.tgz", + "integrity": "sha512-gnOQ+nGLPvDXgIx119JqGalys64lhMdnNQA9TMxhDA4K0Hq5+++OE20Zs5GxiCV9r814xQ2K5WmtofSpHVW6BQ==", "license": "MIT", "dependencies": { "@babel/runtime": "^7.18.3", - "@emotion/babel-plugin": "^11.12.0", + "@emotion/babel-plugin": "^11.13.5", "@emotion/is-prop-valid": "^1.3.0", - "@emotion/serialize": "^1.3.0", + "@emotion/serialize": "^1.3.3", "@emotion/use-insertion-effect-with-fallbacks": "^1.1.0", - "@emotion/utils": "^1.4.0" + "@emotion/utils": "^1.4.2" }, "peerDependencies": { "@emotion/react": "^11.0.0-rc.0", @@ -648,9 +648,9 @@ } }, "node_modules/@emotion/utils": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/@emotion/utils/-/utils-1.4.1.tgz", - "integrity": "sha512-BymCXzCG3r72VKJxaYVwOXATqXIZ85cuvg0YOUDxMGNrKc1DJRZk8MgV5wyXRyEayIMd4FuXJIUgTBXvDNW5cA==", + "version": "1.4.2", + "resolved": "https://registry.npmjs.org/@emotion/utils/-/utils-1.4.2.tgz", + "integrity": "sha512-3vLclRofFziIa3J2wDh9jjbkUz9qk5Vi3IZ/FSTKViB0k+ef0fPV7dYrUIugbgupYDx7v9ud/SjrtEP8Y4xLoA==", "license": "MIT" }, "node_modules/@emotion/weak-memoize": { @@ -1193,45 +1193,45 @@ } }, "node_modules/@fortawesome/fontawesome-common-types": { - "version": "6.7.0", - "resolved": "https://registry.npmjs.org/@fortawesome/fontawesome-common-types/-/fontawesome-common-types-6.7.0.tgz", - "integrity": "sha512-AUetZXU6cQdAe21p8j3mg2aD40MMDKfFNUNgq/G7gR3HMDp0BsQskAudLDSgq6d0SbCY0QKP0g4s5Y02S1kkhw==", + "version": "6.7.1", + "resolved": "https://registry.npmjs.org/@fortawesome/fontawesome-common-types/-/fontawesome-common-types-6.7.1.tgz", + "integrity": "sha512-gbDz3TwRrIPT3i0cDfujhshnXO9z03IT1UKRIVi/VEjpNHtSBIP2o5XSm+e816FzzCFEzAxPw09Z13n20PaQJQ==", "license": "MIT", "engines": { "node": ">=6" } }, "node_modules/@fortawesome/fontawesome-svg-core": { - "version": "6.7.0", - "resolved": "https://registry.npmjs.org/@fortawesome/fontawesome-svg-core/-/fontawesome-svg-core-6.7.0.tgz", - "integrity": "sha512-v6YZjSPuxriC7lYxCzKFbgZ1iaf60AVX2CsfZXSc0U9+mqVd8VGVtMEqDqz5GxDpNUQ8bMDfW+gspVMYGlRpUA==", + "version": "6.7.1", + "resolved": "https://registry.npmjs.org/@fortawesome/fontawesome-svg-core/-/fontawesome-svg-core-6.7.1.tgz", + "integrity": "sha512-8dBIHbfsKlCk2jHQ9PoRBg2Z+4TwyE3vZICSnoDlnsHA6SiMlTwfmW6yX0lHsRmWJugkeb92sA0hZdkXJhuz+g==", "license": "MIT", "dependencies": { - "@fortawesome/fontawesome-common-types": "6.7.0" + "@fortawesome/fontawesome-common-types": "6.7.1" }, "engines": { "node": ">=6" } }, "node_modules/@fortawesome/free-brands-svg-icons": { - "version": "6.7.0", - "resolved": "https://registry.npmjs.org/@fortawesome/free-brands-svg-icons/-/free-brands-svg-icons-6.7.0.tgz", - "integrity": "sha512-O/9/yKlN4T0bsYCBcx0NKq7YOr/512Yfpk8wZhOhaxg9/OxWLipDKXlP1hfEFE3I26mfYtsqLkbpz1CNu6KYqw==", + "version": "6.7.1", + "resolved": "https://registry.npmjs.org/@fortawesome/free-brands-svg-icons/-/free-brands-svg-icons-6.7.1.tgz", + "integrity": "sha512-nJR76eqPzCnMyhbiGf6X0aclDirZriTPRcFm1YFvuupyJOGwlNF022w3YBqu+yrHRhnKRpzFX+8wJKqiIjWZkA==", "license": "(CC-BY-4.0 AND MIT)", "dependencies": { - "@fortawesome/fontawesome-common-types": "6.7.0" + "@fortawesome/fontawesome-common-types": "6.7.1" }, "engines": { "node": ">=6" } }, "node_modules/@fortawesome/free-solid-svg-icons": { - "version": "6.7.0", - "resolved": "https://registry.npmjs.org/@fortawesome/free-solid-svg-icons/-/free-solid-svg-icons-6.7.0.tgz", - "integrity": "sha512-9ww5hQ3OzEehUrSXAlPTJ73xDub73fnxr+se5PU0MFQor2nZBO0m7HNm5Q4KD9XMYjwRqh2BnBNR2/9EFbGqmg==", + "version": "6.7.1", + "resolved": "https://registry.npmjs.org/@fortawesome/free-solid-svg-icons/-/free-solid-svg-icons-6.7.1.tgz", + "integrity": "sha512-BTKc0b0mgjWZ2UDKVgmwaE0qt0cZs6ITcDgjrti5f/ki7aF5zs+N91V6hitGo3TItCFtnKg6cUVGdTmBFICFRg==", "license": "(CC-BY-4.0 AND MIT)", "dependencies": { - "@fortawesome/fontawesome-common-types": "6.7.0" + "@fortawesome/fontawesome-common-types": "6.7.1" }, "engines": { "node": ">=6" @@ -6674,9 +6674,9 @@ } }, "node_modules/markdown-to-jsx": { - "version": "7.6.2", - "resolved": "https://registry.npmjs.org/markdown-to-jsx/-/markdown-to-jsx-7.6.2.tgz", - "integrity": "sha512-gEcyiJXzBxmId2Y/kydLbD6KRNccDiUy/Src1cFGn3s2X0LZZ/hUiEc2VisFyA5kUE3SXclTCczjQiAuqKZiFQ==", + "version": "7.7.0", + "resolved": "https://registry.npmjs.org/markdown-to-jsx/-/markdown-to-jsx-7.7.0.tgz", + "integrity": "sha512-130nIMbJY+woOQJ11xTqEtYko60t6EpNkZuqjKMferL3udtob3nRfzXOdsiA26NPemiR7w/hR8M3/B9yiYPGZg==", "license": "MIT", "engines": { "node": ">= 10" @@ -7514,12 +7514,12 @@ "license": "MIT" }, "node_modules/ra-core": { - "version": "5.3.4", - "resolved": "https://registry.npmjs.org/ra-core/-/ra-core-5.3.4.tgz", - "integrity": "sha512-BC6pO8jaUjJESfO0FS6J2CMgeRreJ2kpdPkkySBODM0M5S4ZRC0rOFh1jBXFnjSUcNoPWaVc/WaZPwfAg00Wmw==", + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/ra-core/-/ra-core-5.4.0.tgz", + "integrity": "sha512-Gvp7FiItL0fYq0r9C5jU0Gm56096c2FfOY/UaCDnOvshs3UGTLd5cknRZ30lo9Qr+SoZPP8PH8Ef6LblEXkFBA==", "license": "MIT", "dependencies": { - "@tanstack/react-query": "^5.8.4", + "@tanstack/react-query": "^5.21.7", "clsx": "^2.1.1", "date-fns": "^3.6.0", "eventemitter3": "^5.0.1", @@ -7590,19 +7590,19 @@ } }, "node_modules/ra-i18n-polyglot": { - "version": "5.3.4", - "resolved": "https://registry.npmjs.org/ra-i18n-polyglot/-/ra-i18n-polyglot-5.3.4.tgz", - "integrity": "sha512-9BtWoCHE5LxIN4+VJGOrxL29lDhCTgBjIDkTb/i228vr/CD3+ozjyMiBG8NGeLN5wCqtHpsKDwUNJOcoPtwkiQ==", + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/ra-i18n-polyglot/-/ra-i18n-polyglot-5.4.0.tgz", + "integrity": "sha512-2bRIa/y1PgZFjMir3bLEo1DcLEkWr7L7jrZuTXc0gXL5E8O6tGMaWkURxJyp1iIeZ0pUiPEahr6rePWwHVeZhA==", "license": "MIT", "dependencies": { "node-polyglot": "^2.2.2", - "ra-core": "^5.3.4" + "ra-core": "^5.4.0" } }, "node_modules/ra-input-rich-text": { - "version": "5.3.4", - "resolved": "https://registry.npmjs.org/ra-input-rich-text/-/ra-input-rich-text-5.3.4.tgz", - "integrity": "sha512-Ke6Y9iibjAYTIUWKhd7Ajx+YZzjD4n9vF0fKV6qMUPI5o8GOffTRhY2YTF5UZT2uSo6gaFY1AdDjgV+tRKjtmA==", + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/ra-input-rich-text/-/ra-input-rich-text-5.4.0.tgz", + "integrity": "sha512-kfVPPQcNGC56Qv6cdJoLH+sQjenHUoFud0YWSML6oGB30yr2YsNJwHr2fGkTlijO26C3UqWJ5sBZh0j+HY0rcw==", "license": "MIT", "dependencies": { "@tiptap/core": "^2.0.3", @@ -7629,21 +7629,21 @@ } }, "node_modules/ra-language-english": { - "version": "5.3.4", - "resolved": "https://registry.npmjs.org/ra-language-english/-/ra-language-english-5.3.4.tgz", - "integrity": "sha512-QR0ej0JKQaGmtGSh1W+O4HnoaTv/9SQBtpztAkTitPVjlCGJeNBr/IjriAxsp0ezhhCr+uZrwrCfoWjKPkjpDg==", + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/ra-language-english/-/ra-language-english-5.4.0.tgz", + "integrity": "sha512-RUV6wo8EIFOjC4UA6d+FbfVslnvnX8f+UhElzuxRvDhXZqmEyRKxsFCLTbeI9DF/IN8Gb6pvKxCoe3jzfUcm5Q==", "license": "MIT", "dependencies": { - "ra-core": "^5.3.4" + "ra-core": "^5.4.0" } }, "node_modules/ra-ui-materialui": { - "version": "5.3.4", - "resolved": "https://registry.npmjs.org/ra-ui-materialui/-/ra-ui-materialui-5.3.4.tgz", - "integrity": "sha512-ZcZtafeOzKEv2Epr6FJnWW4+Fch9VVehqPdi8CyTEUtBHD/heChkAwW3suRqJqggpykVpZoA0hrD+L02NqqJeg==", + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/ra-ui-materialui/-/ra-ui-materialui-5.4.0.tgz", + "integrity": "sha512-FwBIboQrUXyB2ztZH150zcq5v6qMiGn2aNc9OoTcft0hoWuVBS1yIE8B67JfyZyH0azgNW20ImPbC5lYDs1l1w==", "license": "MIT", "dependencies": { - "@tanstack/react-query": "^5.8.4", + "@tanstack/react-query": "^5.21.7", "autosuggest-highlight": "^3.1.1", "clsx": "^2.1.1", "css-mediaquery": "^0.1.2", @@ -7733,19 +7733,19 @@ } }, "node_modules/react-admin": { - "version": "5.3.4", - "resolved": "https://registry.npmjs.org/react-admin/-/react-admin-5.3.4.tgz", - "integrity": "sha512-Te2cvt5NIhk5ct0yAaUdXxspyXQKsPb8JwlN4VWzXS14U16PrJ01VYc9N940Avb5Ls/ed76mfbuJNwfoEZUYVg==", + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/react-admin/-/react-admin-5.4.0.tgz", + "integrity": "sha512-tvGyMUSXKzfqkQKf/uRowTpVhNM03Lo9iZq7e3BgO1nTOTFXqK/QcPbECpRH6IsLgH47uSDQoeqViYkB3ut9cA==", "license": "MIT", "dependencies": { "@emotion/react": "^11.4.1", "@emotion/styled": "^11.3.0", "@mui/icons-material": "^5.15.20", "@mui/material": "^5.15.20", - "ra-core": "^5.3.4", - "ra-i18n-polyglot": "^5.3.4", - "ra-language-english": "^5.3.4", - "ra-ui-materialui": "^5.3.4", + "ra-core": "^5.4.0", + "ra-i18n-polyglot": "^5.4.0", + "ra-language-english": "^5.4.0", + "ra-ui-materialui": "^5.4.0", "react-hook-form": "^7.53.0", "react-router": "^6.22.0", "react-router-dom": "^6.22.0" diff --git a/frontend/package.json b/frontend/package.json index a5c653f53..00672fe39 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -1,27 +1,27 @@ { "name": "secobserve", - "version": "1.22.3", + "version": "1.22.4", "license": "BSD-3-Clause", "description": "SecObserve is an open source vulnerability management system for software development and cloud environments.", "private": true, "dependencies": { - "@emotion/react": "11.13.3", - "@emotion/styled": "11.13.0", - "@fortawesome/fontawesome-svg-core": "6.7.0", - "@fortawesome/free-brands-svg-icons": "6.7.0", - "@fortawesome/free-solid-svg-icons": "6.7.0", + "@emotion/react": "11.13.5", + "@emotion/styled": "11.13.5", + "@fortawesome/fontawesome-svg-core": "6.7.1", + "@fortawesome/free-brands-svg-icons": "6.7.1", + "@fortawesome/free-solid-svg-icons": "6.7.1", "@fortawesome/react-fontawesome": "0.2.2", "@textea/json-viewer": "3.5.0", "axios": "1.7.7", "chart.js": "4.4.6", - "markdown-to-jsx": "7.6.2", + "markdown-to-jsx": "7.7.0", "mermaid": "11.4.0", "oidc-client-ts": "3.1.0", "prop-types": "15.8.1", "query-string": "9.1.1", - "ra-input-rich-text": "5.3.4", + "ra-input-rich-text": "5.4.0", "react": "18.3.1", - "react-admin": "5.3.4", + "react-admin": "5.4.0", "react-chartjs-2": "5.2.0", "react-dom": "18.3.1", "react-oidc-context": "3.2.0", diff --git a/frontend/src/App.tsx b/frontend/src/App.tsx index 5e9b376a5..fad286a14 100644 --- a/frontend/src/App.tsx +++ b/frontend/src/App.tsx @@ -1,12 +1,13 @@ -import { Admin, CustomRoutes, Resource } from "react-admin"; +import { Admin, CustomRoutes, Resource, addRefreshAuthToDataProvider } from "react-admin"; import { AuthProvider } from "react-oidc-context"; import { Route } from "react-router"; -import { Login } from "./access_control"; import AccessControlAdministration from "./access_control/access_control_administration/AccessControlAdministration"; -import authProvider from "./access_control/authProvider"; -import { oidcConfig } from "./access_control/authProvider"; +import authProvider from "./access_control/auth_provider/authProvider"; +import { oidcConfig } from "./access_control/auth_provider/authProvider"; +import { updateRefreshToken } from "./access_control/auth_provider/functions"; import authorization_groups from "./access_control/authorization_groups"; +import { Login } from "./access_control/login"; import users from "./access_control/users"; import { Layout } from "./commons/layout"; import { darkTheme, lightTheme } from "./commons/layout/themes"; @@ -45,7 +46,7 @@ const App = () => { > { @@ -56,18 +56,26 @@ const authProvider: AuthProvider = { return Promise.resolve(); }, - checkError: (error) => { - if (error) { - if (error.status === 401) { - if (oidc_signed_in()) { - localStorage.setItem("last_location", location.hash); - const user_manager = new UserManager(oidcConfig); - return user_manager.signinRedirect(); - } - return Promise.reject({ message: error.message }); + checkError: async (error) => { + if (error.status === 401) { + if (oidc_signed_in()) { + const user_manager = new UserManager(oidcConfig); + localStorage.setItem("last_location", location.hash); + await user_manager + .signinSilent() + .then(() => { + error.message = false; + error.logoutUser = false; + error.redirectTo = location.hash; + throw error; + }) + .catch(() => { + localStorage.removeItem(oidcStorageKey); + return user_manager.signinRedirect(); + }); } + throw error; } - return Promise.resolve(); }, checkAuth: () => { if (oidc_signed_in() || jwt_signed_in()) { @@ -124,6 +132,8 @@ export function oidc_signed_in(): boolean { // eslint-disable-next-line @typescript-eslint/no-unused-vars, @typescript-eslint/no-invalid-void-type const onSigninCallback = (_user: User | void): void => { + const user_manager = new UserManager(oidcConfig); + user_manager.clearStaleState(); const last_location = localStorage.getItem("last_location"); if (last_location) { localStorage.removeItem("last_location"); diff --git a/frontend/src/access_control/axios_instance.ts b/frontend/src/access_control/auth_provider/axios_instance.ts similarity index 100% rename from frontend/src/access_control/axios_instance.ts rename to frontend/src/access_control/auth_provider/axios_instance.ts diff --git a/frontend/src/access_control/auth_provider/functions.ts b/frontend/src/access_control/auth_provider/functions.ts new file mode 100644 index 000000000..cb8aa8c01 --- /dev/null +++ b/frontend/src/access_control/auth_provider/functions.ts @@ -0,0 +1,16 @@ +import { UserManager } from "oidc-client-ts"; + +import { oidcConfig, oidcStorageUser } from "./authProvider"; + +export const updateRefreshToken = () => { + const oidcUser = oidcStorageUser(); + if (oidcUser) { + const expires_at = JSON.parse(oidcUser).expires_at * 1000; + if (expires_at < Date.now()) { + localStorage.setItem("user_action", "refreshing token"); + const user_manager = new UserManager(oidcConfig); + user_manager.signinSilent(); + } + } + return Promise.resolve(); +}; diff --git a/frontend/src/access_control/Login.tsx b/frontend/src/access_control/login/Login.tsx similarity index 97% rename from frontend/src/access_control/Login.tsx rename to frontend/src/access_control/login/Login.tsx index 515f1a920..aa5fe38fa 100644 --- a/frontend/src/access_control/Login.tsx +++ b/frontend/src/access_control/login/Login.tsx @@ -8,9 +8,9 @@ import { Form, TextInput, required, useLogin, useNotify, useTheme } from "react- import { useAuth } from "react-oidc-context"; import { Navigate, useLocation } from "react-router-dom"; -import { getTheme } from "../commons/user_settings/functions"; -import { OIDCSignInButton } from "./OIDCSignInButton"; -import { jwt_signed_in } from "./authProvider"; +import { getTheme } from "../../commons/user_settings/functions"; +import { OIDCSignInButton } from "../auth_provider/OIDCSignInButton"; +import { jwt_signed_in } from "../auth_provider/authProvider"; const Login = () => { const [loading, setLoading] = useState(false); diff --git a/frontend/src/access_control/index.ts b/frontend/src/access_control/login/index.ts similarity index 100% rename from frontend/src/access_control/index.ts rename to frontend/src/access_control/login/index.ts diff --git a/frontend/src/commons/ra-data-django-rest-framework/index.ts b/frontend/src/commons/ra-data-django-rest-framework/index.ts index d8b7017a8..1b7493208 100644 --- a/frontend/src/commons/ra-data-django-rest-framework/index.ts +++ b/frontend/src/commons/ra-data-django-rest-framework/index.ts @@ -6,8 +6,7 @@ import queryString from "query-string"; import { DataProvider, Identifier, fetchUtils } from "react-admin"; -import { jwt_signed_in, oidc_signed_in } from "../../access_control/authProvider"; -import { get_oidc_id_token } from "../../access_control/authProvider"; +import { get_oidc_id_token, jwt_signed_in, oidc_signed_in } from "../../access_control/auth_provider/authProvider"; const base_url = window.__RUNTIME_CONFIG__.API_BASE_URL; diff --git a/frontend/src/core/products/ExportMenu.tsx b/frontend/src/core/products/ExportMenu.tsx index 7fc84ae6c..26d254ab2 100644 --- a/frontend/src/core/products/ExportMenu.tsx +++ b/frontend/src/core/products/ExportMenu.tsx @@ -9,7 +9,7 @@ import MenuItem from "@mui/material/MenuItem"; import { Fragment, MouseEvent, useState } from "react"; import { useNotify } from "react-admin"; -import axios_instance from "../../access_control/axios_instance"; +import axios_instance from "../../access_control/auth_provider/axios_instance"; import { feature_license_management, getIconAndFontColor } from "../../commons/functions"; interface ExportMenuProps { diff --git a/frontend/src/licenses/license_groups/ImportScanCodeLicenseDB.tsx b/frontend/src/licenses/license_groups/ImportScanCodeLicenseDB.tsx new file mode 100644 index 000000000..a7fcf997f --- /dev/null +++ b/frontend/src/licenses/license_groups/ImportScanCodeLicenseDB.tsx @@ -0,0 +1,60 @@ +import UploadIcon from "@mui/icons-material/Upload"; +import { Backdrop, CircularProgress } from "@mui/material"; +import { useState } from "react"; +import { Button, Confirm, useNotify, useRefresh } from "react-admin"; + +import { httpClient } from "../../commons/ra-data-django-rest-framework"; + +const ImportScanCodeLicenseDB = () => { + const [open, setOpen] = useState(false); + const [loading, setLoading] = useState(false); + const refresh = useRefresh(); + const notify = useNotify(); + const handleClick = () => setOpen(true); + const handleDialogClose = () => setOpen(false); + + const importScanCodeLicenseDB = async () => { + setLoading(true); + const url = window.__RUNTIME_CONFIG__.API_BASE_URL + "/license_groups/import_scancode_licensedb/"; + httpClient(url, { + method: "POST", + }) + .then(() => { + refresh(); + setLoading(false); + notify("ScanCode LicenseDB imported", { type: "success" }); + }) + .catch((error) => { + setLoading(false); + notify(error.message, { type: "warning" }); + }); + + setOpen(false); + }; + + return ( + <> +