GithubHelp home page GithubHelp logo

interlynk-io / sbomgr Goto Github PK

View Code? Open in Web Editor NEW
19.0 4.0 1.0 215 KB

SBOM Grep - search through SBOMs

License: Apache License 2.0

Makefile 3.52% Go 95.03% Dockerfile 1.46%
cyclonedx devsecops devsecops-pipeline go golang gomodule sbom-tool spdx supplychain

sbomgr's Introduction

sbomgr: SBOM Grep ๐Ÿ” - Search through SBOMs

Go Reference Go Report Card OpenSSF Scorecard GitHub all releases

sbomgr is a grep like command line utility to help search the SBOM repository based on criteria like the name, checksum, CPE, and PURL.

go install github.com/interlynk-io/sbomgr@latest

other installations options

SBOM Card

SBOMCard

Basic usage

Search for packages with exact name matching "abbrev".

sbomgr packages -N 'abbrev' <sbom file or dir>

Search for packages with regexp name matching "log4"

sbomgr packages -EN 'log4' <sbom file or dir>

Search for packages in air gapped environment for name matching "log4"

export INTERLYNK_DISABLE_VERSION_CHECK=true sbomgr packages -EN 'log4' <sbom file or dir>

Features

  • SBOM format agnostic and currently supports searching through SPDX and CycloneDX.
  • Blazing Fast ๐Ÿš€
  • Output search results as jsonl.
  • Supports RE2 regular expressions

Use cases

sbomgr can answer some of the most common SBOM use cases by searching an SBOM file or SBOM repository.

How many SBOM and packages exist in the repository?

โžœ sbomgr packages -c ~/data/sbom-repo/docker-images
sbom_files_matched: 86
packages_matched: 33556

Are there packages with zlib in the name?

โžœ sbomgr packages -cEN 'zlib' ~/data/sbom-repo/docker-images
sbom_files_matched: 71
packages_matched: 145

Are there packages with a given checksum?

โžœ sbomgr packages -c -H '5c260231de4f62ee26888776190b4c3fda6cbe14' ~/data/sbom-repo/docker-images
sbom_files_matched: 2
packages_matched: 2

Create a json report of packages with .zip files

โžœ sbomgr packages -jrE -N '\.zip$' ~/data/ | jq .
{
  "path": "/home/riteshno/data/spdx-trivy-circleci_clojure-sha256:d8944a6b1bec524314cf4889c104b302036690070a5353b64bb9d11b330e8c76.json",
  "format": "json",
  "spec": "spdx",
  "product_name": "circleci/clojure@sha256:d8944a6b1bec524314cf4889c104b302036690070a5353b64bb9d11b330e8c76",
  "packages": [
    {
      "name": "org.clojure:data.zip",
      "version": "0.1.3",
      "purl": "pkg:maven/org.clojure/[email protected]"
    }
  ],
  "matched": true
}

Create a json report of all licenses included in an sbom

โžœ sbomgr packages -jl ~/data/some-sboms/julia.spdx | jq .
{
  "path": "/home/riteshno/data/some-sboms/julia.spdx",
  "format": "tag-value",
  "spec": "spdx",
  "product_name": "julia-spdx",
  "packages": [
    {
      "name": "Julia",
      "version": "1.8.0-DEV",
      "license": [
        {
          "name": "MIT License",
          "short": "MIT"
        }
      ]
    },

During CI check if a malicious package is present??

โžœ  sbomgr packages -qN 'abbrev' ~/tmp/app.spdx.json
โžœ  echo $?
0
โžœ  sbomgr packages -qN 'abbrev-random' ~/tmp/app.spdx.json
โžœ  echo $?
1

extract data using user-defined output

sbomgr packages -O 'toolv,tooln,pkgn,pkgv' ~/tmp/app.spdx.json 
2.0.88	Microsoft.SBOMTool	Coordinated Packages                 	229170
2.0.88	Microsoft.SBOMTool	chalk                                	2.4.2
2.0.88	Microsoft.SBOMTool	async-settle                         	1.0.0

Using containerized sbomgr

$docker run [volume-maps] ghcr.io/interlynk-io/sbomgr [command] [options]

Example

$docker run -v ~/interlynk/sbomlc/:/app/sbomlc ghcr.io/interlynk-io/sbomgr packages -c /app/sbomlc
Unable to find image 'ghcr.io/interlynk-io/sbomgr:latest' locally
latest: Pulling from interlynk-io/sbomgr
479c7812d0ff: Already exists
5b3064dc8fe2: Already exists
Digest: sha256:d359b7e6e2b870542500dc00967ca2c5a4e78c8f1658b5c6dbdc8330effe38f8
Status: Downloaded newer image for ghcr.io/interlynk-io/sbomgr:latest

A new version of sbomgr is available v0.0.6.

Matching file count: 3153
Matching package count: 716953

Search flags

Packages

This section explains the flags relevant to the packages search feature. The packages search takes only a single argument, either a file or a directory. There are man flags which can be specified to control its behaviour.

Match Criteria

  • -N or --name used for package/component name search.
  • -C or --cpe used for package/component cpe search.
  • -P or --purl used for pacakge/component purl search.
  • -H or --checksum used for package/component checksum value search.

all of these match criteria are exclusive to each other.

Patter Matching

Matching Control

  • -i or --ignore-case case insensitive matching.

Output Control

  • -l or --license this includes the license of the package/component in the output.
  • -q or --quiet this suppresses all output of the tool, the return value of the tool is 0 indicating success, if it finds the search criteria.
  • --no-filename removes the filename from the output.
  • -j or --jsonl outputs the search results in jsonl.
  • -p or --print-errors includes errors encoundered during searching. Default is to ignore them.
  • -O or --output-format user-defined output format. Options are listed below
    • filen - filepath
    • tooln - tool with which sbom was generated, only prints the first one
    • toolv - tool version
    • docn - sbom document name
    • docv - sbom document version
    • cpe - package cpe, only prints the first one, indicates how many cpe's exists.
    • purl - package purl
    • pkgn - package name
    • pkgv - package version
    • pkgl - package licenses
    • specn - spec of the sbom document, spdx or cdx.
    • chkn - checksum name
    • chkv - checksum value

Stats Control

  • -c or --count suppresses the normal output and print matching counts of sbom filenames and packages.

Directory Control

  • -r or --recurse when set, recursively scans all sub directories.

Spec Control

  • --spdx searches only files which are SPDX.
  • --cdx searches only files which are CycloneDX.

Future work

  • Search using files.
  • Search using tool metadata.
  • Search using CVE-ID.
  • Search only direct dependencies.
  • Search until a specified depth.
  • Provide a list of malicious packages

SBOM Samples

  • A sample set of SBOM is present in the samples directory above.
  • SBOM Benchmark is a repository of SBOM and quality score for most popular containers and repositories
  • SBOM Explorer is a command line utility to search and pull SBOMs

Installation

Using Prebuilt binaries

https://github.com/interlynk-io/sbomgr/releases

Using Homebrew

brew tap interlynk-io/interlynk
brew install sbomgr

Using Go install

go install github.com/interlynk-io/sbomgr@latest

Using repo

This approach involves cloning the repo and building it.

  1. Clone the repo git clone [email protected]:interlynk-io/sbomgr.git
  2. cd into sbomgr folder
  3. make build
  4. To test if the build was successful run the following command ./build/sbomgr version

Contributions

We look forward to your contributions, below are a few guidelines on how to submit them

  • Fork the repo
  • Create your feature/bug branch (git checkout -b feature/new-feature)
  • Commit your changes (git commit -am "awesome new feature")
  • Push your changes (git push origin feature/new-feature)
  • Create a new pull-request

Other SBOM Open Source tools

  • SBOM Assembler - A tool to compose a single SBOM by combining other (part) SBOMs
  • SBOM Quality Score - A tool for evaluating the quality and completeness of SBOMs
  • SBOM Search Tool - A tool to grep style semantic search in SBOMs
  • SBOM Explorer - A tool for discovering and downloading SBOM from a public repository

Contact

We appreciate all feedback. The best ways to get in touch with us:

Stargazers

If you like this project, please support us by starring it.

Stargazers

sbomgr's People

Contributors

dependabot[bot] avatar riteshnoronha avatar surendrapathak avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

surendrapathak

sbomgr's Issues

Indicator to primary component with depth indicator

When searching packages, if the package is the primary component, we should indicate it as such.

โžœ  sbomqs git:(refactor/scoring) โœ— sbomgr packages -O 'depth,pkgn,pkgv' samples/sbomqs.syft-cyclone.json
../sbomqs
1 github.com/CycloneDX/cyclonedx-go       v0.7.0
1 github.com/CycloneDX/cyclonedx-go       v0.7.0
2 github.com/inconshreveable/mousetrap    v1.0.1
0 github.com/interlynk-io/sbomqs          (devel)

[Enhancement] Add checksum to the output format

Output format has the following options:
filen - filepath
tooln - tool with which sbom was generated, only prints the first one
toolv - tool version
docn - sbom document name
docv - sbom document version
cpe - package cpe, only prints the first one, indicates how many cpe's exists.
purl - package purl
pkgn - package name
pkgv - package version
pkgl - package licenses
specn - spec of the sbom document, spdx or cdx.

We should added checksum (each with a new line) to the output format to create tabular checksum reports.

grepping with CPE can result in confusion

Actual Behavior
Example of grepping through 'aerospike' image for purl 'aerospike'

Screenshot 2023-03-22 at 2 52 06 PM

Note that the last column is a PURL and it can be understood why grep matched them.

Example of grepping through 'aerospike' image for CPE 'aerospike'
Screenshot 2023-03-22 at 2 53 21 PM
Note that the last column is still PURL, and it is unclear why these were matched and not others.

Expected Behavior
Both CPE and PURL searches should display information in a way it is consistent with the user's expectations. So, showing the match or letting the user customize the output will be a better experience.

[Bug] Column listing is not correct

sbomgr packages -O 'toolv,tooln,pkgn,pkgv,pkgl,cpe,purl' ../sbomlc/trivy-0.36.1_aerospike-ce-6.1.0.3.cdx.json

0.36.1	trivy	aerospike:ce-6.1.0.3      	                            		[1 more]	pkg:oci/aerospike@sha256:cec23518f8e318c58689377ac06214acc8e42e5c75fd9218f2ec91990ff43a8c?repository_url=index.docker.io%2Flibrary%2Faerospike&arch=amd64	
0.36.1	trivy	adduser                   	3.118                       		[1 more]	pkg:deb/debian/[email protected]?distro=debian-11.6                                                                                                          	
0.36.1	trivy	aerospike-server-community	6.1.0.3-1                   		[1 more]	pkg:deb/debian/[email protected]?distro=debian-11.6                                                                                   	
0.36.1	trivy	apt                       	2.2.4                       		[1 more]	pkg:deb/debian/[email protected]?distro=debian-11.6                                                                                                              	
0.36.1	trivy	base-files                	11.1+deb11u6                		[1 more]	pkg:deb/debian/[email protected]+deb11u6?distro=debian-11.6                                                                                                	
0.36.1	trivy	base-passwd               	3.5.51                      		[1 more]	pkg:deb/debian/[email protected]?distro=debian-11.6                                                                                                     	
0.36.1	trivy	bash                      	5.1-2+deb11u1               		[1 more]	pkg:deb/debian/[email protected]+deb11u1?distro=debian-11.6

Problems

  • pkgl is only listing [1 more] without listing the first license
  • CPE listing missing. In the absence of CPE, the tool must report something along the line of No-CVE

Table output format

While JSON output is useful for interoperability, we need a tabular format for human consumption.

For that, the existing table report

/Users/spathak/interlynk/sbomlc/sboms/syft-0.73.0_kaazing-gateway-5.1.1.spdx.tv kaazing-gateway:5.1.1  log4j         1.2.17 pkg:maven/log4j/[email protected]
/Users/spathak/interlynk/sbomlc/sboms/syft-0.73.0_kaazing-gateway-5.1.1.spdx.tv kaazing-gateway:5.1.1  slf4j-log4j12 1.7.21 pkg:maven/org.slf4j/[email protected]
/Users/spathak/interlynk/sbomlc/sboms/syft-0.73.0_kaazing-gateway-5.5.0.spdx.tv kaazing-gateway:5.5.0  log4j         1.2.17 pkg:maven/log4j/[email protected]
/Users/spathak/interlynk/sbomlc/sboms/syft-0.73.0_kaazing-gateway-5.5.0.spdx.tv kaazing-gateway:5.5.0  slf4j-log4j12 1.7.21 pkg:maven/org.slf4j/[email protected]
/Users/spathak/interlynk/sbomlc/sboms/syft-0.73.0_jenkins-2.46.2.spdx.tv jenkins:2.46.2  log4j-over-slf4j 1.7.7 pkg:maven/org.slf4j/[email protected]
/Users/spathak/interlynk/sbomlc/sboms/syft-0.73.0_jenkins-2.46.2.cdx.xml jenkins:2.46.2 sha256:d06d250caaaa4fab1fd7ecffd7b01f09d59f04cf8829290a9c79aaafb9a519d2 log4j-over-slf4j 1.7.7 pkg:maven/org.slf4j/[email protected]
/Users/spathak/interlynk/sbomlc/sboms/syft-0.73.0_kaazing-gateway-5.1.1.spdx.json kaazing-gateway:5.1.1  log4j         1.2.17 pkg:maven/log4j/[email protected]
/Users/spathak/interlynk/sbomlc/sboms/syft-0.73.0_kaazing-gateway-5.1.1.spdx.json kaazing-gateway:5.1.1  slf4j-log4j12 1.7.21 pkg:maven/org.slf4j/[email protected]
/Users/spathak/interlynk/sbomlc/sboms/trivy-0.36.1_kaazing-gateway-5.1.1.spdx.tv kaazing-gateway:5.1.1  org.slf4j:slf4j-log4j12 1.7.21 pkg:maven/org.slf4j/[email protected]
/Users/spathak/interlynk/sbomlc/sboms/trivy-0.36.1_kaazing-gateway-5.1.1.spdx.tv kaazing-gateway:5.1.1  log4j:log4j             1.2.17 pkg:maven/log4j/[email protected]

can be grouped by product or some other ideas around it.. TBD.

document version is missing despite useful details in the SBOM

For the SBOM here -
https://sbomlc.s3.amazonaws.com/sbom4python-0.8.0_paramiko-3.1.0.spdx.tv?AWSAccessKeyId=AKIA2ZBFUJ4NNQGYD5OF&Signature=eyV1wX%2F%2Beg2TaXQTS5UQxE%2FpRd4%3D&Expires=1711592216

sbomgr packages -EP 'pypi/cryptography' -O 'filen,docn,docv,pkgn,pkgv' ../sbomlc/sbom4python-0.8.0_paramiko-3.1.0.spdx.tv
../sbomlc/sbom4python-0.8.0_paramiko-3.1.0.spdx.tv	Python-paramiko	http://spdx.org/spdxdocs/Python-paramiko-f7ea4f38-99df-4880-87d8-ab4d19b9f707	cryptography	40.0.1

docv results in blank.

However, we have two signals that should lead us to the document version

Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-1-paramiko

PackageName: paramiko
SPDXID: SPDXRef-Package-1-paramiko
PackageVersion: 3.1.0

I recommend rechecking the logic for dov to ensure the above case can be handled.

License listing is incomplete for specific packages

SBOM Report: https://sbombenchmark.dev/score?name=syft-0.73.0_centos-centos7.cdx.xml

Querying for component name does not list any license:

sbomgr packages -jl -N 'centos-release' syft-0.73.0_centos-centos7.cdx.xml | jq .
{
  "path": "syft-0.73.0_centos-centos7.cdx.xml",
  "format": "xml",
  "spec": "cyclonedx",
  "product_name": "centos:centos7",
  "product_version": "sha256:5ed7e95ae79fe3fe6c4b8660f6f9e31154e64eca76ae42963a679fbb198c3951",
  "packages": [
    {
      "name": "centos-release",
      "version": "7-9.2009.0.el7.centos",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=centos-release-7-9.2009.0.el7.centos.src.rpm&distro=centos-7"
    }
  ],
  "matched": true
}

However, the component has a valid license:

<component bom-ref="pkg:rpm/centos/[email protected]?arch=x86_64&amp;upstream=centos-release-7-9.2009.0.el7.centos.src.rpm&amp;distro=centos-7&amp;package-id=719ed6da745520b6" type="library">
      <publisher>CentOS</publisher>
      <name>centos-release</name>
      <version>7-9.2009.0.el7.centos</version>
      <licenses>
        <license>
          <name>GPLv2</name>
        </license>
      </licenses>
      <cpe>cpe:2.3:a:centos-release:centos-release:7-9.2009.0.el7.centos:*:*:*:*:*:*:*</cpe>
      <purl>pkg:rpm/centos/[email protected]?arch=x86_64&amp;upstream=centos-release-7-9.2009.0.el7.centos.src.rpm&amp;distro=centos-7</purl>
      <properties>
        <property name="syft:package:foundBy">rpm-db-cataloger</property>
        <property name="syft:package:metadataType">RpmMetadata</property>
        <property name="syft:package:type">rpm</property>
        <property name="syft:cpe23">cpe:2.3:a:centos-release:centos_release:7-9.2009.0.el7.centos:*:*:*:*:*:*:*</property>
        <property name="syft:cpe23">cpe:2.3:a:centos_release:centos-release:7-9.2009.0.el7.centos:*:*:*:*:*:*:*</property>
        <property name="syft:cpe23">cpe:2.3:a:centos_release:centos_release:7-9.2009.0.el7.centos:*:*:*:*:*:*:*</property>
        <property name="syft:cpe23">cpe:2.3:a:centos:centos-release:7-9.2009.0.el7.centos:*:*:*:*:*:*:*</property>
        <property name="syft:cpe23">cpe:2.3:a:centos:centos_release:7-9.2009.0.el7.centos:*:*:*:*:*:*:*</property>
        <property name="syft:location:0:layerID">sha256:174f5685490326fc0a1c0f5570b8663732189b327007e47ff13d2ca59673db02</property>
        <property name="syft:location:0:path">/var/lib/rpm/Packages</property>
        <property name="syft:metadata:release">9.2009.0.el7.centos</property>
        <property name="syft:metadata:size">44787</property>
        <property name="syft:metadata:sourceRpm">centos-release-7-9.2009.0.el7.centos.src.rpm</property>
      </properties>
    </component>

This appears specific to some components only. The following query shows some licenses as expected:

   sbomgr packages -jl syft-0.73.0_centos-centos7.cdx.xml | jq .
sbomgr packages -jl syft-0.73.0_centos-centos7.cdx.xml | jq .
{
  "path": "syft-0.73.0_centos-centos7.cdx.xml",
  "format": "xml",
  "spec": "cyclonedx",
  "product_name": "centos:centos7",
  "product_version": "sha256:5ed7e95ae79fe3fe6c4b8660f6f9e31154e64eca76ae42963a679fbb198c3951",
  "packages": [
    {
      "name": "centos:centos7",
      "version": "sha256:5ed7e95ae79fe3fe6c4b8660f6f9e31154e64eca76ae42963a679fbb198c3951"
    },
    {
      "name": "PyGObject",
      "version": "3.22.0",
      "purl": "pkg:pypi/[email protected]"
    },
    {
      "name": "acl",
      "version": "2.2.51-15.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=acl-2.2.51-15.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "audit-libs",
      "version": "2.8.5-4.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=audit-2.8.5-4.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "basesystem",
      "version": "10.0-7.el7.centos",
      "purl": "pkg:rpm/centos/[email protected]?arch=noarch&upstream=basesystem-10.0-7.el7.centos.src.rpm&distro=centos-7"
    },
    {
      "name": "bash",
      "version": "4.2.46-34.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=bash-4.2.46-34.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "bc",
      "version": "1.06.95-13.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=bc-1.06.95-13.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "bind-license",
      "version": "32:9.11.4-26.P2.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=noarch&epoch=32&upstream=bind-9.11.4-26.P2.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "binutils",
      "version": "2.27-44.base.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=binutils-2.27-44.base.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "bzip2-libs",
      "version": "1.0.6-13.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=bzip2-1.0.6-13.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "ca-certificates",
      "version": "2020.2.41-70.0.el7_8",
      "purl": "pkg:rpm/centos/[email protected]_8?arch=noarch&upstream=ca-certificates-2020.2.41-70.0.el7_8.src.rpm&distro=centos-7"
    },
    {
      "name": "centos-release",
      "version": "7-9.2009.0.el7.centos",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=centos-release-7-9.2009.0.el7.centos.src.rpm&distro=centos-7"
    },
    {
      "name": "chardet",
      "version": "2.2.1",
      "purl": "pkg:pypi/[email protected]"
    },
    {
      "name": "chkconfig",
      "version": "1.7.6-1.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=chkconfig-1.7.6-1.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "coreutils",
      "version": "8.22-24.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=coreutils-8.22-24.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "cpio",
      "version": "2.11-28.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=cpio-2.11-28.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "cracklib",
      "version": "2.9.0-11.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=cracklib-2.9.0-11.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "cracklib-dicts",
      "version": "2.9.0-11.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=cracklib-2.9.0-11.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "cryptsetup-libs",
      "version": "2.0.3-6.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=cryptsetup-2.0.3-6.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "curl",
      "version": "7.29.0-59.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=curl-7.29.0-59.el7.src.rpm&distro=centos-7",
      "license": [
        {
          "name": "MIT License",
          "short": "MIT"
        }
      ]
    },
    {
      "name": "cyrus-sasl-lib",
      "version": "2.1.26-23.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=cyrus-sasl-2.1.26-23.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "dbus",
      "version": "1:1.10.24-15.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=1&upstream=dbus-1.10.24-15.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "dbus-glib",
      "version": "0.100-7.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=dbus-glib-0.100-7.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "dbus-libs",
      "version": "1:1.10.24-15.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=1&upstream=dbus-1.10.24-15.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "dbus-python",
      "version": "1.1.1-9.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=dbus-python-1.1.1-9.el7.src.rpm&distro=centos-7",
      "license": [
        {
          "name": "MIT License",
          "short": "MIT"
        }
      ]
    },
    {
      "name": "device-mapper",
      "version": "7:1.02.170-6.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=7&upstream=lvm2-2.02.187-6.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "device-mapper-libs",
      "version": "7:1.02.170-6.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=7&upstream=lvm2-2.02.187-6.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "diffutils",
      "version": "3.3-5.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=diffutils-3.3-5.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "dracut",
      "version": "033-572.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=dracut-033-572.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "elfutils-default-yama-scope",
      "version": "0.176-5.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=noarch&upstream=elfutils-0.176-5.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "elfutils-libelf",
      "version": "0.176-5.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=elfutils-0.176-5.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "elfutils-libs",
      "version": "0.176-5.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=elfutils-0.176-5.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "expat",
      "version": "2.1.0-12.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=expat-2.1.0-12.el7.src.rpm&distro=centos-7",
      "license": [
        {
          "name": "MIT License",
          "short": "MIT"
        }
      ]
    },
    {
      "name": "file-libs",
      "version": "5.11-37.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=file-5.11-37.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "filesystem",
      "version": "3.2-25.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=filesystem-3.2-25.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "findutils",
      "version": "1:4.5.11-6.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=1&upstream=findutils-4.5.11-6.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "gawk",
      "version": "4.0.2-4.el7_3.1",
      "purl": "pkg:rpm/centos/[email protected]_3.1?arch=x86_64&upstream=gawk-4.0.2-4.el7_3.1.src.rpm&distro=centos-7"
    },
    {
      "name": "gdbm",
      "version": "1.10-8.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=gdbm-1.10-8.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "geoipupdate",
      "version": "2.5.0-1.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=geoipupdate-2.5.0-1.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "glib2",
      "version": "2.56.1-7.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=glib2-2.56.1-7.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "glibc",
      "version": "2.17-317.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=glibc-2.17-317.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "glibc-common",
      "version": "2.17-317.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=glibc-2.17-317.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "gmp",
      "version": "1:6.0.0-15.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=1&upstream=gmp-6.0.0-15.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "gnupg2",
      "version": "2.0.22-5.el7_5",
      "purl": "pkg:rpm/centos/[email protected]_5?arch=x86_64&upstream=gnupg2-2.0.22-5.el7_5.src.rpm&distro=centos-7"
    },
    {
      "name": "gobject-introspection",
      "version": "1.56.1-1.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=gobject-introspection-1.56.1-1.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "gpgme",
      "version": "1.3.2-5.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=gpgme-1.3.2-5.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "grep",
      "version": "2.20-3.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=grep-2.20-3.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "gzip",
      "version": "1.5-10.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=gzip-1.5-10.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "hardlink",
      "version": "1:1.0-19.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=1&upstream=hardlink-1.0-19.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "hostname",
      "version": "3.13-3.el7_7.1",
      "purl": "pkg:rpm/centos/[email protected]_7.1?arch=x86_64&upstream=hostname-3.13-3.el7_7.1.src.rpm&distro=centos-7"
    },
    {
      "name": "info",
      "version": "5.1-5.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=texinfo-5.1-5.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "iniparse",
      "version": "0.4",
      "purl": "pkg:pypi/[email protected]",
      "license": [
        {
          "name": "MIT License",
          "short": "MIT"
        }
      ]
    },
    {
      "name": "iputils",
      "version": "20160308-10.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=iputils-20160308-10.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "json-c",
      "version": "0.11-4.el7_0",
      "purl": "pkg:rpm/centos/[email protected]_0?arch=x86_64&upstream=json-c-0.11-4.el7_0.src.rpm&distro=centos-7",
      "license": [
        {
          "name": "MIT License",
          "short": "MIT"
        }
      ]
    },
    {
      "name": "keyutils-libs",
      "version": "1.5.8-3.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=keyutils-1.5.8-3.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "kitchen",
      "version": "1.1.1",
      "purl": "pkg:pypi/[email protected]"
    },
    {
      "name": "kmod",
      "version": "20-28.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=kmod-20-28.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "kmod-libs",
      "version": "20-28.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=kmod-20-28.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "kpartx",
      "version": "0.4.9-133.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=device-mapper-multipath-0.4.9-133.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "krb5-libs",
      "version": "1.15.1-50.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=krb5-1.15.1-50.el7.src.rpm&distro=centos-7",
      "license": [
        {
          "name": "MIT License",
          "short": "MIT"
        }
      ]
    },
    {
      "name": "libacl",
      "version": "2.2.51-15.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=acl-2.2.51-15.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "libassuan",
      "version": "2.1.0-3.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=libassuan-2.1.0-3.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "libattr",
      "version": "2.4.46-13.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=attr-2.4.46-13.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "libblkid",
      "version": "2.23.2-65.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=util-linux-2.23.2-65.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "libcap",
      "version": "2.22-11.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=libcap-2.22-11.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "libcap-ng",
      "version": "0.7.5-4.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=libcap-ng-0.7.5-4.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "libcom_err",
      "version": "1.42.9-19.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=e2fsprogs-1.42.9-19.el7.src.rpm&distro=centos-7",
      "license": [
        {
          "name": "MIT License",
          "short": "MIT"
        }
      ]
    },
    {
      "name": "libcurl",
      "version": "7.29.0-59.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=curl-7.29.0-59.el7.src.rpm&distro=centos-7",
      "license": [
        {
          "name": "MIT License",
          "short": "MIT"
        }
      ]
    },
    {
      "name": "libdb",
      "version": "5.3.21-25.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=libdb-5.3.21-25.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "libdb-utils",
      "version": "5.3.21-25.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=libdb-5.3.21-25.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "libffi",
      "version": "3.0.13-19.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=libffi-3.0.13-19.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "libgcc",
      "version": "4.8.5-44.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=gcc-4.8.5-44.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "libgcrypt",
      "version": "1.5.3-14.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=libgcrypt-1.5.3-14.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "libgpg-error",
      "version": "1.12-3.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=libgpg-error-1.12-3.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "libidn",
      "version": "1.28-4.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=libidn-1.28-4.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "libmount",
      "version": "2.23.2-65.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=util-linux-2.23.2-65.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "libpwquality",
      "version": "1.2.3-5.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=libpwquality-1.2.3-5.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "libselinux",
      "version": "2.5-15.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=libselinux-2.5-15.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "libsemanage",
      "version": "2.5-14.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=libsemanage-2.5-14.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "libsepol",
      "version": "2.5-10.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=libsepol-2.5-10.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "libsmartcols",
      "version": "2.23.2-65.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=util-linux-2.23.2-65.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "libssh2",
      "version": "1.8.0-4.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=libssh2-1.8.0-4.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "libstdc++",
      "version": "4.8.5-44.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=gcc-4.8.5-44.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "libtasn1",
      "version": "4.10-1.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=libtasn1-4.10-1.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "libuser",
      "version": "0.60-9.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=libuser-0.60-9.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "libutempter",
      "version": "1.1.6-4.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=libutempter-1.1.6-4.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "libuuid",
      "version": "2.23.2-65.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=util-linux-2.23.2-65.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "libverto",
      "version": "0.2.5-4.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=libverto-0.2.5-4.el7.src.rpm&distro=centos-7",
      "license": [
        {
          "name": "MIT License",
          "short": "MIT"
        }
      ]
    },
    {
      "name": "libxml2",
      "version": "2.9.1-6.el7.5",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=libxml2-2.9.1-6.el7.5.src.rpm&distro=centos-7",
      "license": [
        {
          "name": "MIT License",
          "short": "MIT"
        }
      ]
    },
    {
      "name": "libxml2-python",
      "version": "2.9.1-6.el7.5",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=libxml2-2.9.1-6.el7.5.src.rpm&distro=centos-7",
      "license": [
        {
          "name": "MIT License",
          "short": "MIT"
        }
      ]
    },
    {
      "name": "lua",
      "version": "5.1.4-15.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=lua-5.1.4-15.el7.src.rpm&distro=centos-7",
      "license": [
        {
          "name": "MIT License",
          "short": "MIT"
        }
      ]
    },
    {
      "name": "lz4",
      "version": "1.8.3-1.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=lz4-1.8.3-1.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "ncurses",
      "version": "5.9-14.20130511.el7_4",
      "purl": "pkg:rpm/centos/[email protected]_4?arch=x86_64&upstream=ncurses-5.9-14.20130511.el7_4.src.rpm&distro=centos-7",
      "license": [
        {
          "name": "MIT License",
          "short": "MIT"
        }
      ]
    },
    {
      "name": "ncurses-base",
      "version": "5.9-14.20130511.el7_4",
      "purl": "pkg:rpm/centos/[email protected]_4?arch=noarch&upstream=ncurses-5.9-14.20130511.el7_4.src.rpm&distro=centos-7",
      "license": [
        {
          "name": "MIT License",
          "short": "MIT"
        }
      ]
    },
    {
      "name": "ncurses-libs",
      "version": "5.9-14.20130511.el7_4",
      "purl": "pkg:rpm/centos/[email protected]_4?arch=x86_64&upstream=ncurses-5.9-14.20130511.el7_4.src.rpm&distro=centos-7",
      "license": [
        {
          "name": "MIT License",
          "short": "MIT"
        }
      ]
    },
    {
      "name": "nspr",
      "version": "4.25.0-2.el7_9",
      "purl": "pkg:rpm/centos/[email protected]_9?arch=x86_64&upstream=nspr-4.25.0-2.el7_9.src.rpm&distro=centos-7"
    },
    {
      "name": "nss",
      "version": "3.53.1-3.el7_9",
      "purl": "pkg:rpm/centos/[email protected]_9?arch=x86_64&upstream=nss-3.53.1-3.el7_9.src.rpm&distro=centos-7"
    },
    {
      "name": "nss-pem",
      "version": "1.0.3-7.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=nss-pem-1.0.3-7.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "nss-softokn",
      "version": "3.53.1-6.el7_9",
      "purl": "pkg:rpm/centos/[email protected]_9?arch=x86_64&upstream=nss-softokn-3.53.1-6.el7_9.src.rpm&distro=centos-7"
    },
    {
      "name": "nss-softokn-freebl",
      "version": "3.53.1-6.el7_9",
      "purl": "pkg:rpm/centos/[email protected]_9?arch=x86_64&upstream=nss-softokn-3.53.1-6.el7_9.src.rpm&distro=centos-7"
    },
    {
      "name": "nss-sysinit",
      "version": "3.53.1-3.el7_9",
      "purl": "pkg:rpm/centos/[email protected]_9?arch=x86_64&upstream=nss-3.53.1-3.el7_9.src.rpm&distro=centos-7"
    },
    {
      "name": "nss-tools",
      "version": "3.53.1-3.el7_9",
      "purl": "pkg:rpm/centos/[email protected]_9?arch=x86_64&upstream=nss-3.53.1-3.el7_9.src.rpm&distro=centos-7"
    },
    {
      "name": "nss-util",
      "version": "3.53.1-1.el7_9",
      "purl": "pkg:rpm/centos/[email protected]_9?arch=x86_64&upstream=nss-util-3.53.1-1.el7_9.src.rpm&distro=centos-7"
    },
    {
      "name": "openldap",
      "version": "2.4.44-22.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=openldap-2.4.44-22.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "openssl-libs",
      "version": "1:1.0.2k-19.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=1&upstream=openssl-1.0.2k-19.el7.src.rpm&distro=centos-7",
      "license": [
        {
          "name": "OpenSSL License",
          "short": "OpenSSL"
        }
      ]
    },
    {
      "name": "p11-kit",
      "version": "0.23.5-3.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=p11-kit-0.23.5-3.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "p11-kit-trust",
      "version": "0.23.5-3.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=p11-kit-0.23.5-3.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "pam",
      "version": "1.1.8-23.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=pam-1.1.8-23.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "passwd",
      "version": "0.79-6.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=passwd-0.79-6.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "pcre",
      "version": "8.32-17.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=pcre-8.32-17.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "pinentry",
      "version": "0.8.1-17.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=pinentry-0.8.1-17.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "pkgconfig",
      "version": "1:0.27.1-4.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=1&upstream=pkgconfig-0.27.1-4.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "popt",
      "version": "1.13-16.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=popt-1.13-16.el7.src.rpm&distro=centos-7",
      "license": [
        {
          "name": "MIT License",
          "short": "MIT"
        }
      ]
    },
    {
      "name": "procps-ng",
      "version": "3.3.10-28.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=procps-ng-3.3.10-28.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "pth",
      "version": "2.0.7-23.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=pth-2.0.7-23.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "pycurl",
      "version": "7.19.0",
      "purl": "pkg:pypi/[email protected]"
    },
    {
      "name": "pygpgme",
      "version": "0.3",
      "purl": "pkg:pypi/[email protected]"
    },
    {
      "name": "pygpgme",
      "version": "0.3-9.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=pygpgme-0.3-9.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "pyliblzma",
      "version": "0.5.3",
      "purl": "pkg:pypi/[email protected]"
    },
    {
      "name": "pyliblzma",
      "version": "0.5.3-11.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=pyliblzma-0.5.3-11.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "python",
      "version": "2.7.5",
      "purl": "pkg:generic/[email protected]"
    },
    {
      "name": "python",
      "version": "2.7.5-89.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=python-2.7.5-89.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "python-chardet",
      "version": "2.2.1-3.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=noarch&upstream=python-chardet-2.2.1-3.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "python-gobject-base",
      "version": "3.22.0-1.el7_4.1",
      "purl": "pkg:rpm/centos/[email protected]_4.1?arch=x86_64&upstream=pygobject3-3.22.0-1.el7_4.1.src.rpm&distro=centos-7"
    },
    {
      "name": "python-iniparse",
      "version": "0.4-9.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=noarch&upstream=python-iniparse-0.4-9.el7.src.rpm&distro=centos-7",
      "license": [
        {
          "name": "MIT License",
          "short": "MIT"
        }
      ]
    },
    {
      "name": "python-kitchen",
      "version": "1.1.1-5.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=noarch&upstream=python-kitchen-1.1.1-5.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "python-libs",
      "version": "2.7.5-89.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=python-2.7.5-89.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "python-pycurl",
      "version": "7.19.0-19.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=python-pycurl-7.19.0-19.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "python-urlgrabber",
      "version": "3.10-10.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=noarch&upstream=python-urlgrabber-3.10-10.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "pyxattr",
      "version": "0.5.1",
      "purl": "pkg:pypi/[email protected]"
    },
    {
      "name": "pyxattr",
      "version": "0.5.1-5.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=pyxattr-0.5.1-5.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "qrencode-libs",
      "version": "3.4.1-3.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=qrencode-3.4.1-3.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "readline",
      "version": "6.2-11.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=readline-6.2-11.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "rootfiles",
      "version": "8.1-11.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=noarch&upstream=rootfiles-8.1-11.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "rpm",
      "version": "4.11.3-45.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=rpm-4.11.3-45.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "rpm-build-libs",
      "version": "4.11.3-45.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=rpm-4.11.3-45.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "rpm-libs",
      "version": "4.11.3-45.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=rpm-4.11.3-45.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "rpm-python",
      "version": "4.11.3-45.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=rpm-4.11.3-45.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "sed",
      "version": "4.2.2-7.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=sed-4.2.2-7.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "setup",
      "version": "2.8.71-11.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=noarch&upstream=setup-2.8.71-11.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "shadow-utils",
      "version": "2:4.6-5.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=2&upstream=shadow-utils-4.6-5.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "shared-mime-info",
      "version": "1.8-5.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=shared-mime-info-1.8-5.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "sqlite",
      "version": "3.7.17-8.el7_7.1",
      "purl": "pkg:rpm/centos/[email protected]_7.1?arch=x86_64&upstream=sqlite-3.7.17-8.el7_7.1.src.rpm&distro=centos-7"
    },
    {
      "name": "systemd",
      "version": "219-78.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=systemd-219-78.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "systemd-libs",
      "version": "219-78.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=systemd-219-78.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "tar",
      "version": "2:1.26-35.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=2&upstream=tar-1.26-35.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "tzdata",
      "version": "2020d-2.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=noarch&upstream=tzdata-2020d-2.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "urlgrabber",
      "version": "3.10",
      "purl": "pkg:pypi/[email protected]"
    },
    {
      "name": "ustr",
      "version": "1.0.4-16.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=ustr-1.0.4-16.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "util-linux",
      "version": "2.23.2-65.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=util-linux-2.23.2-65.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "vim-minimal",
      "version": "2:7.4.629-7.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=2&upstream=vim-7.4.629-7.el7.src.rpm&distro=centos-7",
      "license": [
        {
          "name": "Vim License",
          "short": "Vim"
        }
      ]
    },
    {
      "name": "wsgiref",
      "version": "0.1.2",
      "purl": "pkg:pypi/[email protected]"
    },
    {
      "name": "xz",
      "version": "5.2.2-1.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=xz-5.2.2-1.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "xz-libs",
      "version": "5.2.2-1.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=xz-5.2.2-1.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "yum",
      "version": "3.4.3-168.el7.centos",
      "purl": "pkg:rpm/centos/[email protected]?arch=noarch&upstream=yum-3.4.3-168.el7.centos.src.rpm&distro=centos-7"
    },
    {
      "name": "yum-metadata-parser",
      "version": "1.1.4",
      "purl": "pkg:pypi/[email protected]"
    },
    {
      "name": "yum-metadata-parser",
      "version": "1.1.4-10.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=yum-metadata-parser-1.1.4-10.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "yum-plugin-fastestmirror",
      "version": "1.1.31-54.el7_8",
      "purl": "pkg:rpm/centos/[email protected]_8?arch=noarch&upstream=yum-utils-1.1.31-54.el7_8.src.rpm&distro=centos-7"
    },
    {
      "name": "yum-plugin-ovl",
      "version": "1.1.31-54.el7_8",
      "purl": "pkg:rpm/centos/[email protected]_8?arch=noarch&upstream=yum-utils-1.1.31-54.el7_8.src.rpm&distro=centos-7"
    },
    {
      "name": "yum-utils",
      "version": "1.1.31-54.el7_8",
      "purl": "pkg:rpm/centos/[email protected]_8?arch=noarch&upstream=yum-utils-1.1.31-54.el7_8.src.rpm&distro=centos-7"
    },
    {
      "name": "zlib",
      "version": "1.2.7-18.el7",
      "purl": "pkg:rpm/centos/[email protected]?arch=x86_64&upstream=zlib-1.2.7-18.el7.src.rpm&distro=centos-7"
    },
    {
      "name": "centos",
      "version": "7"
    }
  ],
  "matched": true
}

panic while searching for package with specific name

SBOM Report: https://sbombenchmark.dev/score?name=syft-0.73.0_centos-centos7.cdx.xml

Querying for the component name results in panic

sbomgr packages -jl -N 'vim-minimal' syft-0.73.0_centos-centos7.cdx.xml | jq .
panic: runtime error: index out of range [150] with length 1

goroutine 24 [running]:
github.com/interlynk-io/sbomgr/pkg/search/cdx.(*cdxDoc).pkgResults(0xc000474d00, {0xc0004412f8, 0x1, 0xb?})
	github.com/interlynk-io/[email protected]/pkg/search/cdx/results.go:63 +0x456
github.com/interlynk-io/sbomgr/pkg/search/cdx.(*cdxDoc).constructResults(0xc000474d00, {0xc0004412f8, 0x1, 0x1})
	github.com/interlynk-io/[email protected]/pkg/search/cdx/results.go:43 +0xbb
github.com/interlynk-io/sbomgr/pkg/search/cdx.(*CdxModule).Search(0x13c5620?, 0xc0000a3b60?, {0x14d01a0?, 0xc0000f8a80?})
	github.com/interlynk-io/[email protected]/pkg/search/cdx/cdx.go:30 +0x5a
github.com/interlynk-io/sbomgr/pkg/search.searchFunc({0x7ff7bfeff67b, 0x22}, {0x14d01a0, 0xc0000f8a80})
	github.com/interlynk-io/[email protected]/pkg/search/search.go:66 +0x4a7
github.com/interlynk-io/sbomgr/pkg/search.stepSearch.func1.1({0x7ff7bfeff67b, 0x22}, 0xc000045788?)
	github.com/interlynk-io/[email protected]/pkg/search/pipeline.go:163 +0xd6
created by github.com/interlynk-io/sbomgr/pkg/search.stepSearch.func1
	github.com/interlynk-io/[email protected]/pkg/search/pipeline.go:158 +0xcd

User friendly string support 

sbom_files_matched: 6243
packages_matched: 2200213

Output such as above is printing internal names sbom_files_matched rather than more user-friendly strings Matching File Count. We should review the output and convert them into user-friendly strings.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.