SPDX-json output differs between cli and golang implementation

ckotzbauer commented 2 years ago

What happened: Hi all, I'm the maintainer of the https://github.com/ckotzbauer/sbom-operator project. Syft is integrated there via its golang api. This is unit-tested to ensure, that my code and the cli of the same version produce the same SBOM for images. Since 0.56.0 the spdxjson-output differs. (with 0.55.0 the syftjson format also differed, but that was fixed with 0.56.0).

What you expected to happen: My code and the cli produce the same SBOM for images.

How to reproduce it (as minimally and precisely as possible): Used image: alpine@sha256:21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300 Used format: spdxjson

SPDX-json from go-integration

```json { "SPDXID": "SPDXRef-DOCUMENT", "name": "/tmp/sha256_21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300.tar.gz", "spdxVersion": "SPDX-2.2", "creationInfo": { "created": "2022-09-18T08:20:02.269681097Z", "creators": [ "Organization: Anchore, Inc", "Tool: syft-v9.9.9" ], "licenseListVersion": "3.18" }, "dataLicense": "CC0-1.0", "documentNamespace": "https://anchore.com/syft/image/tmp/sha256_21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300.tar.gz-480350d2-9f14-4665-b9b6-737b6333a21a", "packages": [ { "SPDXID": "SPDXRef-9f527213f4d2a873", "name": "alpine-baselayout", "licenseConcluded": "GPL-2.0-only", "description": "Alpine base dir structure and init scripts", "downloadLocation": "https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout", "externalRefs": [ { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:alpine-baselayout:alpine-baselayout:3.2.0-r18:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:alpine-baselayout:alpine_baselayout:3.2.0-r18:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:alpine_baselayout:alpine-baselayout:3.2.0-r18:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:alpine_baselayout:alpine_baselayout:3.2.0-r18:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:alpine:alpine-baselayout:3.2.0-r18:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:alpine:alpine_baselayout:3.2.0-r18:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:alpine/alpine-baselayout@3.2.0-r18?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.15.0", "referenceType": "purl" } ], "filesAnalyzed": false, "hasFiles": [ "SPDXRef-2eaa15c5fc625ebe", "SPDXRef-a53373020dfa8bb4", "SPDXRef-38605c90f707fb90", "SPDXRef-60fa740c32339374", "SPDXRef-24d0f8d913cd9906", "SPDXRef-d41a5f82a774a6a1", "SPDXRef-13d6d27618d264f7", "SPDXRef-b499705c36475f74", "SPDXRef-2e3613b244458b5a", "SPDXRef-84fd54b3f2a2e825", "SPDXRef-32701f6d1e056c29", "SPDXRef-93b858998f2c7034", "SPDXRef-fb021b79aa9cd553", "SPDXRef-82fda88ae28dd50", "SPDXRef-9ab25fdcabefa4ac", "SPDXRef-2c0eaf2a7d7dbad", "SPDXRef-f3ee626693308800", "SPDXRef-420fa6f3289d6ee6", "SPDXRef-ae2cba512a3f4065", "SPDXRef-b3a5f05adcd1cf82", "SPDXRef-64b20ab568341372", "SPDXRef-5e12c5188eeb9cb3", "SPDXRef-18d9a7fcef583aeb", "SPDXRef-dc65dbf355556024" ], "licenseDeclared": "GPL-2.0-only", "originator": "Person: Natanael Copa ", "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed", "versionInfo": "3.2.0-r18" }, { "SPDXID": "SPDXRef-1a72ca3b88e1b67e", "name": "alpine-keys", "licenseConcluded": "MIT", "description": "Public keys for Alpine Linux packages", "downloadLocation": "https://alpinelinux.org", "externalRefs": [ { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:alpine-keys:alpine-keys:2.4-r1:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:alpine-keys:alpine_keys:2.4-r1:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:alpine_keys:alpine-keys:2.4-r1:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:alpine_keys:alpine_keys:2.4-r1:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:alpine:alpine-keys:2.4-r1:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:alpine:alpine_keys:2.4-r1:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:alpine/alpine-keys@2.4-r1?arch=x86_64&upstream=alpine-keys&distro=alpine-3.15.0", "referenceType": "purl" } ], "filesAnalyzed": false, "hasFiles": [ "SPDXRef-ccc2b3e76affde68", "SPDXRef-3562d93285c5a3c5", "SPDXRef-27d8de5355fdb7ba", "SPDXRef-ff0560ee36b984a7", "SPDXRef-79cc1d44454e11b9", "SPDXRef-56080e31fd12fe67", "SPDXRef-7803dc5a1a496765", "SPDXRef-57149f915867bf12", "SPDXRef-2363acec0a71a382", "SPDXRef-8ec9dcf9b3d1d7ce", "SPDXRef-39dcc03ca17480ca", "SPDXRef-496698ff67ca49fc", "SPDXRef-66756a275982c586", "SPDXRef-4d646d694b6380fc", "SPDXRef-add734ec170033bd", "SPDXRef-abfd85d1b45289dc", "SPDXRef-2dac0f0b0463195c", "SPDXRef-f059a81847acaad9", "SPDXRef-395f72182f48f77c", "SPDXRef-187efc434122356a", "SPDXRef-59d943ecba7b9db1", "SPDXRef-2c8a8c151837aa6e" ], "licenseDeclared": "MIT", "originator": "Person: Natanael Copa ", "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed", "versionInfo": "2.4-r1" }, { "SPDXID": "SPDXRef-1c6e057c6965bdd6", "name": "apk-tools", "licenseConcluded": "GPL-2.0-only", "description": "Alpine Package Keeper - package manager for alpine", "downloadLocation": "https://gitlab.alpinelinux.org/alpine/apk-tools", "externalRefs": [ { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:apk-tools:apk-tools:2.12.7-r3:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:apk-tools:apk_tools:2.12.7-r3:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:apk_tools:apk-tools:2.12.7-r3:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:apk_tools:apk_tools:2.12.7-r3:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:apk:apk-tools:2.12.7-r3:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:apk:apk_tools:2.12.7-r3:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:alpine/apk-tools@2.12.7-r3?arch=x86_64&upstream=apk-tools&distro=alpine-3.15.0", "referenceType": "purl" } ], "filesAnalyzed": false, "hasFiles": [ "SPDXRef-5f14b5421fba85af", "SPDXRef-d72447617fa2b70c" ], "licenseDeclared": "GPL-2.0-only", "originator": "Person: Natanael Copa ", "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed", "versionInfo": "2.12.7-r3" }, { "SPDXID": "SPDXRef-2e32896982ce9587", "name": "busybox", "licenseConcluded": "GPL-2.0-only", "description": "Size optimized toolbox of many common UNIX utilities", "downloadLocation": "https://busybox.net/", "externalRefs": [ { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:busybox:busybox:1.34.1-r3:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:alpine/busybox@1.34.1-r3?arch=x86_64&upstream=busybox&distro=alpine-3.15.0", "referenceType": "purl" } ], "filesAnalyzed": false, "hasFiles": [ "SPDXRef-be5355441673f6dc", "SPDXRef-e7d6b30bf31f933a", "SPDXRef-e6d162458c0b30b0", "SPDXRef-d5ee1ce0839cb21a", "SPDXRef-988a54d89f5c4c09", "SPDXRef-cd1c702a19149d7d" ], "licenseDeclared": "GPL-2.0-only", "originator": "Person: Natanael Copa ", "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed", "versionInfo": "1.34.1-r3" }, { "SPDXID": "SPDXRef-9bb0a989e24e7661", "name": "ca-certificates-bundle", "licenseConcluded": "MPL-2.0 AND MIT", "description": "Pre generated bundle of Mozilla certificates", "downloadLocation": "https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/", "externalRefs": [ { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:ca-certificates-bundle:ca-certificates-bundle:20191127-r7:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:ca-certificates-bundle:ca_certificates_bundle:20191127-r7:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:ca_certificates_bundle:ca-certificates-bundle:20191127-r7:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:ca_certificates_bundle:ca_certificates_bundle:20191127-r7:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:ca-certificates:ca-certificates-bundle:20191127-r7:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:ca-certificates:ca_certificates_bundle:20191127-r7:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:ca_certificates:ca-certificates-bundle:20191127-r7:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:ca_certificates:ca_certificates_bundle:20191127-r7:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:ca:ca-certificates-bundle:20191127-r7:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:ca:ca_certificates_bundle:20191127-r7:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:alpine/ca-certificates-bundle@20191127-r7?arch=x86_64&upstream=ca-certificates&distro=alpine-3.15.0", "referenceType": "purl" } ], "filesAnalyzed": false, "hasFiles": [ "SPDXRef-b7cfa7f53a05225f" ], "licenseDeclared": "MPL-2.0 AND MIT", "originator": "Person: Natanael Copa ", "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed", "versionInfo": "20191127-r7" }, { "SPDXID": "SPDXRef-e87a79fdaecaabd2", "name": "libc-utils", "licenseConcluded": "BSD-2-Clause AND BSD-3-Clause", "description": "Meta package to pull in correct libc", "downloadLocation": "https://alpinelinux.org", "externalRefs": [ { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:libc-utils:libc-utils:0.7.2-r3:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:libc-utils:libc_utils:0.7.2-r3:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:libc_utils:libc-utils:0.7.2-r3:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:libc_utils:libc_utils:0.7.2-r3:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:libc:libc-utils:0.7.2-r3:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:libc:libc_utils:0.7.2-r3:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:alpine/libc-utils@0.7.2-r3?arch=x86_64&upstream=libc-dev&distro=alpine-3.15.0", "referenceType": "purl" } ], "filesAnalyzed": false, "licenseDeclared": "BSD-2-Clause AND BSD-3-Clause", "originator": "Person: Natanael Copa ", "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed", "versionInfo": "0.7.2-r3" }, { "SPDXID": "SPDXRef-873ddd0587a8ac17", "name": "libcrypto1.1", "licenseConcluded": "OpenSSL", "description": "Crypto library from openssl", "downloadLocation": "https://www.openssl.org/", "externalRefs": [ { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:libcrypto1.1:libcrypto1.1:1.1.1l-r7:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:alpine/libcrypto1.1@1.1.1l-r7?arch=x86_64&upstream=openssl&distro=alpine-3.15.0", "referenceType": "purl" } ], "filesAnalyzed": false, "hasFiles": [ "SPDXRef-4862e08252039e5", "SPDXRef-f57c06db35618298", "SPDXRef-ba1b2107c3063563", "SPDXRef-b7cfa7f53a05225f", "SPDXRef-d1029b42eed49dbe", "SPDXRef-5f7354d1f6e1cdce", "SPDXRef-1a7b85af7f458360", "SPDXRef-a00e69b6cf4b0ef0" ], "licenseDeclared": "OpenSSL", "originator": "Person: Timo Teras ", "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed", "versionInfo": "1.1.1l-r7" }, { "SPDXID": "SPDXRef-484b9eacc3ccdd48", "name": "libretls", "licenseConcluded": "ISC", "description": "port of libtls from libressl to openssl", "downloadLocation": "https://git.causal.agency/libretls/", "externalRefs": [ { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:libretls:libretls:3.3.4-r2:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:alpine/libretls@3.3.4-r2?arch=x86_64&upstream=libretls&distro=alpine-3.15.0", "referenceType": "purl" } ], "filesAnalyzed": false, "hasFiles": [ "SPDXRef-81250f1630c1a804" ], "licenseDeclared": "ISC", "originator": "Person: Ariadne Conill ", "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed", "versionInfo": "3.3.4-r2" }, { "SPDXID": "SPDXRef-7d62dc5b1a20803f", "name": "libssl1.1", "licenseConcluded": "OpenSSL", "description": "SSL shared libraries", "downloadLocation": "https://www.openssl.org/", "externalRefs": [ { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:libssl1.1:libssl1.1:1.1.1l-r7:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:alpine/libssl1.1@1.1.1l-r7?arch=x86_64&upstream=openssl&distro=alpine-3.15.0", "referenceType": "purl" } ], "filesAnalyzed": false, "hasFiles": [ "SPDXRef-a64a40d78e73f3bd" ], "licenseDeclared": "OpenSSL", "originator": "Person: Timo Teras ", "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed", "versionInfo": "1.1.1l-r7" }, { "SPDXID": "SPDXRef-20dc20cbb6dbea6", "name": "musl", "licenseConcluded": "MIT", "description": "the musl c library (libc) implementation", "downloadLocation": "https://musl.libc.org/", "externalRefs": [ { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:musl:musl:1.2.2-r7:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:alpine/musl@1.2.2-r7?arch=x86_64&upstream=musl&distro=alpine-3.15.0", "referenceType": "purl" } ], "filesAnalyzed": false, "hasFiles": [ "SPDXRef-e322847d6485c76d" ], "licenseDeclared": "MIT", "originator": "Person: Timo Teräs ", "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed", "versionInfo": "1.2.2-r7" }, { "SPDXID": "SPDXRef-35c3680577fae0df", "name": "musl-utils", "licenseConcluded": "MIT", "description": "the musl c library (libc) implementation", "downloadLocation": "https://musl.libc.org/", "externalRefs": [ { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:musl-utils:musl-utils:1.2.2-r7:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:musl-utils:musl_utils:1.2.2-r7:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:musl_utils:musl-utils:1.2.2-r7:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:musl_utils:musl_utils:1.2.2-r7:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:musl:musl-utils:1.2.2-r7:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:musl:musl_utils:1.2.2-r7:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:alpine/musl-utils@1.2.2-r7?arch=x86_64&upstream=musl&distro=alpine-3.15.0", "referenceType": "purl" } ], "filesAnalyzed": false, "hasFiles": [ "SPDXRef-780fcf6f56cca2e0", "SPDXRef-ab2d028a906db5df", "SPDXRef-8e69e89855b5ae0f", "SPDXRef-d59e19c68624688f", "SPDXRef-757b30be1d3baa0b" ], "licenseDeclared": "MIT", "originator": "Person: Timo Teräs ", "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed", "versionInfo": "1.2.2-r7" }, { "SPDXID": "SPDXRef-f2d426372356602d", "name": "scanelf", "licenseConcluded": "GPL-2.0-only", "description": "Scan ELF binaries for stuff", "downloadLocation": "https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities", "externalRefs": [ { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:scanelf:scanelf:1.3.3-r0:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:alpine/scanelf@1.3.3-r0?arch=x86_64&upstream=pax-utils&distro=alpine-3.15.0", "referenceType": "purl" } ], "filesAnalyzed": false, "hasFiles": [ "SPDXRef-7516f5d905deb6db" ], "licenseDeclared": "GPL-2.0-only", "originator": "Person: Natanael Copa ", "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed", "versionInfo": "1.3.3-r0" }, { "SPDXID": "SPDXRef-38bc092600723894", "name": "ssl_client", "licenseConcluded": "GPL-2.0-only", "description": "EXternal ssl_client for busybox wget", "downloadLocation": "https://busybox.net/", "externalRefs": [ { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:ssl-client:ssl-client:1.34.1-r3:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:ssl-client:ssl_client:1.34.1-r3:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:ssl_client:ssl-client:1.34.1-r3:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:ssl_client:ssl_client:1.34.1-r3:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:ssl:ssl-client:1.34.1-r3:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:ssl:ssl_client:1.34.1-r3:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:alpine/ssl_client@1.34.1-r3?arch=x86_64&upstream=busybox&distro=alpine-3.15.0", "referenceType": "purl" } ], "filesAnalyzed": false, "hasFiles": [ "SPDXRef-711694a1725d661e" ], "licenseDeclared": "GPL-2.0-only", "originator": "Person: Natanael Copa ", "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed", "versionInfo": "1.34.1-r3" }, { "SPDXID": "SPDXRef-50d3560550c47774", "name": "zlib", "licenseConcluded": "Zlib", "description": "A compression/decompression Library", "downloadLocation": "https://zlib.net/", "externalRefs": [ { "referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:a:zlib:zlib:1.2.11-r3:*:*:*:*:*:*:*", "referenceType": "cpe23Type" }, { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:alpine/zlib@1.2.11-r3?arch=x86_64&upstream=zlib&distro=alpine-3.15.0", "referenceType": "purl" } ], "filesAnalyzed": false, "hasFiles": [ "SPDXRef-bfd3d0235da50adb" ], "licenseDeclared": "Zlib", "originator": "Person: Natanael Copa ", "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed", "versionInfo": "1.2.11-r3" } ], "files": [ { "SPDXID": "SPDXRef-988a54d89f5c4c09", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/bin/busybox" }, { "SPDXID": "SPDXRef-8ec9dcf9b3d1d7ce", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub" }, { "SPDXID": "SPDXRef-39dcc03ca17480ca", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub" }, { "SPDXID": "SPDXRef-4d646d694b6380fc", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub" }, { "SPDXID": "SPDXRef-395f72182f48f77c", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" }, { "SPDXID": "SPDXRef-496698ff67ca49fc", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub" }, { "SPDXID": "SPDXRef-2eaa15c5fc625ebe", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/crontabs/root" }, { "SPDXID": "SPDXRef-a53373020dfa8bb4", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/fstab" }, { "SPDXID": "SPDXRef-2c0eaf2a7d7dbad", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/group" }, { "SPDXID": "SPDXRef-f3ee626693308800", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/hostname" }, { "SPDXID": "SPDXRef-38605c90f707fb90", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/hosts" }, { "SPDXID": "SPDXRef-60fa740c32339374", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/inittab" }, { "SPDXID": "SPDXRef-cd1c702a19149d7d", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/logrotate.d/acpid" }, { "SPDXID": "SPDXRef-420fa6f3289d6ee6", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/modprobe.d/aliases.conf" }, { "SPDXID": "SPDXRef-ae2cba512a3f4065", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/modprobe.d/blacklist.conf" }, { "SPDXID": "SPDXRef-24d0f8d913cd9906", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/modprobe.d/i386.conf" }, { "SPDXID": "SPDXRef-d41a5f82a774a6a1", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/modprobe.d/kms.conf" }, { "SPDXID": "SPDXRef-dc65dbf355556024", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/modules" }, { "SPDXID": "SPDXRef-b3a5f05adcd1cf82", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/motd" }, { "SPDXID": "SPDXRef-be5355441673f6dc", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/network/if-up.d/dad" }, { "SPDXID": "SPDXRef-b499705c36475f74", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/passwd" }, { "SPDXID": "SPDXRef-2e3613b244458b5a", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/profile" }, { "SPDXID": "SPDXRef-64b20ab568341372", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/profile.d/README" }, { "SPDXID": "SPDXRef-84fd54b3f2a2e825", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/profile.d/color_prompt.sh.disabled" }, { "SPDXID": "SPDXRef-32701f6d1e056c29", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/profile.d/locale.sh" }, { "SPDXID": "SPDXRef-5e12c5188eeb9cb3", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/protocols" }, { "SPDXID": "SPDXRef-e7d6b30bf31f933a", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/securetty" }, { "SPDXID": "SPDXRef-9ab25fdcabefa4ac", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/services" }, { "SPDXID": "SPDXRef-18d9a7fcef583aeb", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/shadow" }, { "SPDXID": "SPDXRef-93b858998f2c7034", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/shells" }, { "SPDXID": "SPDXRef-b7cfa7f53a05225f", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/ssl/certs/ca-certificates.crt" }, { "SPDXID": "SPDXRef-d1029b42eed49dbe", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/ssl1.1/ct_log_list.cnf.dist" }, { "SPDXID": "SPDXRef-5f7354d1f6e1cdce", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/ssl1.1/openssl.cnf" }, { "SPDXID": "SPDXRef-1a7b85af7f458360", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/ssl1.1/openssl.cnf.dist" }, { "SPDXID": "SPDXRef-fb021b79aa9cd553", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/sysctl.conf" }, { "SPDXID": "SPDXRef-e6d162458c0b30b0", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/etc/udhcpd.conf" }, { "SPDXID": "SPDXRef-e322847d6485c76d", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/lib/ld-musl-x86_64.so.1" }, { "SPDXID": "SPDXRef-5f14b5421fba85af", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/lib/libapk.so.3.12.0" }, { "SPDXID": "SPDXRef-a00e69b6cf4b0ef0", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/lib/libcrypto.so.1.1" }, { "SPDXID": "SPDXRef-a64a40d78e73f3bd", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/lib/libssl.so.1.1" }, { "SPDXID": "SPDXRef-bfd3d0235da50adb", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/lib/libz.so.1.2.11" }, { "SPDXID": "SPDXRef-82fda88ae28dd50", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/lib/sysctl.d/00-alpine.conf" }, { "SPDXID": "SPDXRef-d72447617fa2b70c", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/sbin/apk" }, { "SPDXID": "SPDXRef-d59e19c68624688f", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/sbin/ldconfig" }, { "SPDXID": "SPDXRef-13d6d27618d264f7", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/sbin/mkmntdirs" }, { "SPDXID": "SPDXRef-757b30be1d3baa0b", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/usr/bin/getconf" }, { "SPDXID": "SPDXRef-780fcf6f56cca2e0", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/usr/bin/getent" }, { "SPDXID": "SPDXRef-ab2d028a906db5df", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/usr/bin/iconv" }, { "SPDXID": "SPDXRef-8e69e89855b5ae0f", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/usr/bin/ldd" }, { "SPDXID": "SPDXRef-7516f5d905deb6db", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/usr/bin/scanelf" }, { "SPDXID": "SPDXRef-711694a1725d661e", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/usr/bin/ssl_client" }, { "SPDXID": "SPDXRef-4862e08252039e5", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/usr/lib/engines-1.1/afalg.so" }, { "SPDXID": "SPDXRef-f57c06db35618298", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/usr/lib/engines-1.1/capi.so" }, { "SPDXID": "SPDXRef-ba1b2107c3063563", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/usr/lib/engines-1.1/padlock.so" }, { "SPDXID": "SPDXRef-81250f1630c1a804", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/usr/lib/libtls.so.2.0.3" }, { "SPDXID": "SPDXRef-add734ec170033bd", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub" }, { "SPDXID": "SPDXRef-59d943ecba7b9db1", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub" }, { "SPDXID": "SPDXRef-27d8de5355fdb7ba", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub" }, { "SPDXID": "SPDXRef-ff0560ee36b984a7", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub" }, { "SPDXID": "SPDXRef-66756a275982c586", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub" }, { "SPDXID": "SPDXRef-2c8a8c151837aa6e", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub" }, { "SPDXID": "SPDXRef-79cc1d44454e11b9", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub" }, { "SPDXID": "SPDXRef-abfd85d1b45289dc", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub" }, { "SPDXID": "SPDXRef-56080e31fd12fe67", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub" }, { "SPDXID": "SPDXRef-7803dc5a1a496765", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" }, { "SPDXID": "SPDXRef-ccc2b3e76affde68", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub" }, { "SPDXID": "SPDXRef-3562d93285c5a3c5", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub" }, { "SPDXID": "SPDXRef-57149f915867bf12", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub" }, { "SPDXID": "SPDXRef-2363acec0a71a382", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub" }, { "SPDXID": "SPDXRef-2dac0f0b0463195c", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub" }, { "SPDXID": "SPDXRef-187efc434122356a", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub" }, { "SPDXID": "SPDXRef-f059a81847acaad9", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub" }, { "SPDXID": "SPDXRef-d5ee1ce0839cb21a", "comment": "layerID: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759", "licenseConcluded": "NOASSERTION", "fileName": "/usr/share/udhcpc/default.script" } ], "relationships": [ { "spdxElementId": "SPDXRef-20dc20cbb6dbea6", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-e322847d6485c76d" }, { "spdxElementId": "SPDXRef-2e32896982ce9587", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-be5355441673f6dc" }, { "spdxElementId": "SPDXRef-2e32896982ce9587", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-e7d6b30bf31f933a" }, { "spdxElementId": "SPDXRef-2e32896982ce9587", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-e6d162458c0b30b0" }, { "spdxElementId": "SPDXRef-2e32896982ce9587", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-d5ee1ce0839cb21a" }, { "spdxElementId": "SPDXRef-2e32896982ce9587", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-988a54d89f5c4c09" }, { "spdxElementId": "SPDXRef-2e32896982ce9587", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-cd1c702a19149d7d" }, { "spdxElementId": "SPDXRef-9f527213f4d2a873", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-2eaa15c5fc625ebe" }, { "spdxElementId": "SPDXRef-9f527213f4d2a873", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-a53373020dfa8bb4" }, { "spdxElementId": "SPDXRef-9f527213f4d2a873", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-38605c90f707fb90" }, { "spdxElementId": "SPDXRef-9f527213f4d2a873", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-60fa740c32339374" }, { "spdxElementId": "SPDXRef-9f527213f4d2a873", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-24d0f8d913cd9906" }, { "spdxElementId": "SPDXRef-9f527213f4d2a873", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-d41a5f82a774a6a1" }, { "spdxElementId": "SPDXRef-9f527213f4d2a873", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-13d6d27618d264f7" }, { "spdxElementId": "SPDXRef-9f527213f4d2a873", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-b499705c36475f74" }, { "spdxElementId": "SPDXRef-9f527213f4d2a873", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-2e3613b244458b5a" }, { "spdxElementId": "SPDXRef-9f527213f4d2a873", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-84fd54b3f2a2e825" }, { "spdxElementId": "SPDXRef-9f527213f4d2a873", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-32701f6d1e056c29" }, { "spdxElementId": "SPDXRef-9f527213f4d2a873", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-93b858998f2c7034" }, { "spdxElementId": "SPDXRef-9f527213f4d2a873", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-fb021b79aa9cd553" }, { "spdxElementId": "SPDXRef-9f527213f4d2a873", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-82fda88ae28dd50" }, { "spdxElementId": "SPDXRef-9f527213f4d2a873", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-9ab25fdcabefa4ac" }, { "spdxElementId": "SPDXRef-9f527213f4d2a873", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-2c0eaf2a7d7dbad" }, { "spdxElementId": "SPDXRef-9f527213f4d2a873", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-f3ee626693308800" }, { "spdxElementId": "SPDXRef-9f527213f4d2a873", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-420fa6f3289d6ee6" }, { "spdxElementId": "SPDXRef-9f527213f4d2a873", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-ae2cba512a3f4065" }, { "spdxElementId": "SPDXRef-9f527213f4d2a873", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-b3a5f05adcd1cf82" }, { "spdxElementId": "SPDXRef-9f527213f4d2a873", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-64b20ab568341372" }, { "spdxElementId": "SPDXRef-9f527213f4d2a873", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-5e12c5188eeb9cb3" }, { "spdxElementId": "SPDXRef-9f527213f4d2a873", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-18d9a7fcef583aeb" }, { "spdxElementId": "SPDXRef-9f527213f4d2a873", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-dc65dbf355556024" }, { "spdxElementId": "SPDXRef-1a72ca3b88e1b67e", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-ccc2b3e76affde68" }, { "spdxElementId": "SPDXRef-1a72ca3b88e1b67e", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-3562d93285c5a3c5" }, { "spdxElementId": "SPDXRef-1a72ca3b88e1b67e", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-27d8de5355fdb7ba" }, { "spdxElementId": "SPDXRef-1a72ca3b88e1b67e", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-ff0560ee36b984a7" }, { "spdxElementId": "SPDXRef-1a72ca3b88e1b67e", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-79cc1d44454e11b9" }, { "spdxElementId": "SPDXRef-1a72ca3b88e1b67e", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-56080e31fd12fe67" }, { "spdxElementId": "SPDXRef-1a72ca3b88e1b67e", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-7803dc5a1a496765" }, { "spdxElementId": "SPDXRef-1a72ca3b88e1b67e", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-57149f915867bf12" }, { "spdxElementId": "SPDXRef-1a72ca3b88e1b67e", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-2363acec0a71a382" }, { "spdxElementId": "SPDXRef-1a72ca3b88e1b67e", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-8ec9dcf9b3d1d7ce" }, { "spdxElementId": "SPDXRef-1a72ca3b88e1b67e", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-39dcc03ca17480ca" }, { "spdxElementId": "SPDXRef-1a72ca3b88e1b67e", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-496698ff67ca49fc" }, { "spdxElementId": "SPDXRef-1a72ca3b88e1b67e", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-66756a275982c586" }, { "spdxElementId": "SPDXRef-1a72ca3b88e1b67e", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-4d646d694b6380fc" }, { "spdxElementId": "SPDXRef-1a72ca3b88e1b67e", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-add734ec170033bd" }, { "spdxElementId": "SPDXRef-1a72ca3b88e1b67e", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-abfd85d1b45289dc" }, { "spdxElementId": "SPDXRef-1a72ca3b88e1b67e", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-2dac0f0b0463195c" }, { "spdxElementId": "SPDXRef-1a72ca3b88e1b67e", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-f059a81847acaad9" }, { "spdxElementId": "SPDXRef-1a72ca3b88e1b67e", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-395f72182f48f77c" }, { "spdxElementId": "SPDXRef-1a72ca3b88e1b67e", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-187efc434122356a" }, { "spdxElementId": "SPDXRef-1a72ca3b88e1b67e", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-59d943ecba7b9db1" }, { "spdxElementId": "SPDXRef-1a72ca3b88e1b67e", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-2c8a8c151837aa6e" }, { "spdxElementId": "SPDXRef-9bb0a989e24e7661", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-b7cfa7f53a05225f" }, { "spdxElementId": "SPDXRef-873ddd0587a8ac17", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-4862e08252039e5" }, { "spdxElementId": "SPDXRef-873ddd0587a8ac17", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-f57c06db35618298" }, { "spdxElementId": "SPDXRef-873ddd0587a8ac17", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-ba1b2107c3063563" }, { "spdxElementId": "SPDXRef-873ddd0587a8ac17", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-b7cfa7f53a05225f" }, { "spdxElementId": "SPDXRef-873ddd0587a8ac17", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-d1029b42eed49dbe" }, { "spdxElementId": "SPDXRef-873ddd0587a8ac17", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-5f7354d1f6e1cdce" }, { "spdxElementId": "SPDXRef-873ddd0587a8ac17", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-1a7b85af7f458360" }, { "spdxElementId": "SPDXRef-873ddd0587a8ac17", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-a00e69b6cf4b0ef0" }, { "spdxElementId": "SPDXRef-7d62dc5b1a20803f", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-a64a40d78e73f3bd" }, { "spdxElementId": "SPDXRef-484b9eacc3ccdd48", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-81250f1630c1a804" }, { "spdxElementId": "SPDXRef-38bc092600723894", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-711694a1725d661e" }, { "spdxElementId": "SPDXRef-50d3560550c47774", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-bfd3d0235da50adb" }, { "spdxElementId": "SPDXRef-1c6e057c6965bdd6", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-5f14b5421fba85af" }, { "spdxElementId": "SPDXRef-1c6e057c6965bdd6", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-d72447617fa2b70c" }, { "spdxElementId": "SPDXRef-f2d426372356602d", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-7516f5d905deb6db" }, { "spdxElementId": "SPDXRef-35c3680577fae0df", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-780fcf6f56cca2e0" }, { "spdxElementId": "SPDXRef-35c3680577fae0df", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-ab2d028a906db5df" }, { "spdxElementId": "SPDXRef-35c3680577fae0df", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-8e69e89855b5ae0f" }, { "spdxElementId": "SPDXRef-35c3680577fae0df", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-d59e19c68624688f" }, { "spdxElementId": "SPDXRef-35c3680577fae0df", "relationshipType": "CONTAINS", "relatedSpdxElement": "SPDXRef-757b30be1d3baa0b" } ] } ```

Differences to CLI-Output

```diff 61c61,62 < "SPDXRef-2eaa15c5fc625ebe", --- > "SPDXRef-84fd54b3f2a2e825", > "SPDXRef-18d9a7fcef583aeb", 63,64c64 < "SPDXRef-38605c90f707fb90", < "SPDXRef-60fa740c32339374", --- > "SPDXRef-2c0eaf2a7d7dbad", 66,67c66,67 < "SPDXRef-d41a5f82a774a6a1", < "SPDXRef-13d6d27618d264f7", --- > "SPDXRef-64b20ab568341372", > "SPDXRef-dc65dbf355556024", 69,71c69,75 < "SPDXRef-2e3613b244458b5a", < "SPDXRef-84fd54b3f2a2e825", < "SPDXRef-32701f6d1e056c29", --- > "SPDXRef-9ab25fdcabefa4ac", > "SPDXRef-13d6d27618d264f7", > "SPDXRef-2eaa15c5fc625ebe", > "SPDXRef-38605c90f707fb90", > "SPDXRef-60fa740c32339374", > "SPDXRef-420fa6f3289d6ee6", > "SPDXRef-5e12c5188eeb9cb3", 73d76 < "SPDXRef-fb021b79aa9cd553", 75,76d77 < "SPDXRef-9ab25fdcabefa4ac", < "SPDXRef-2c0eaf2a7d7dbad", 78d78 < "SPDXRef-420fa6f3289d6ee6", 81,84c81,84 < "SPDXRef-64b20ab568341372", < "SPDXRef-5e12c5188eeb9cb3", < "SPDXRef-18d9a7fcef583aeb", < "SPDXRef-dc65dbf355556024" --- > "SPDXRef-2e3613b244458b5a", > "SPDXRef-d41a5f82a774a6a1", > "SPDXRef-32701f6d1e056c29", > "SPDXRef-fb021b79aa9cd553" 136,137d135 < "SPDXRef-ccc2b3e76affde68", < "SPDXRef-3562d93285c5a3c5", 139,141d136 < "SPDXRef-ff0560ee36b984a7", < "SPDXRef-79cc1d44454e11b9", < "SPDXRef-56080e31fd12fe67", 143d137 < "SPDXRef-57149f915867bf12", 144a139,146 > "SPDXRef-395f72182f48f77c", > "SPDXRef-66756a275982c586", > "SPDXRef-56080e31fd12fe67", > "SPDXRef-187efc434122356a", > "SPDXRef-59d943ecba7b9db1", > "SPDXRef-79cc1d44454e11b9", > "SPDXRef-abfd85d1b45289dc", > "SPDXRef-ccc2b3e76affde68", 148,151c150 < "SPDXRef-66756a275982c586", < "SPDXRef-4d646d694b6380fc", < "SPDXRef-add734ec170033bd", < "SPDXRef-abfd85d1b45289dc", --- > "SPDXRef-3562d93285c5a3c5", 154,157c153,157 < "SPDXRef-395f72182f48f77c", < "SPDXRef-187efc434122356a", < "SPDXRef-59d943ecba7b9db1", < "SPDXRef-2c8a8c151837aa6e" --- > "SPDXRef-2c8a8c151837aa6e", > "SPDXRef-57149f915867bf12", > "SPDXRef-4d646d694b6380fc", > "SPDXRef-add734ec170033bd", > "SPDXRef-ff0560ee36b984a7" 236a237,238 > "SPDXRef-988a54d89f5c4c09", > "SPDXRef-cd1c702a19149d7d", 240,242c242 < "SPDXRef-d5ee1ce0839cb21a", < "SPDXRef-988a54d89f5c4c09", < "SPDXRef-cd1c702a19149d7d" --- > "SPDXRef-d5ee1ce0839cb21a" 1097c1097 < "relatedSpdxElement": "SPDXRef-be5355441673f6dc" --- > "relatedSpdxElement": "SPDXRef-988a54d89f5c4c09" 1102c1102 < "relatedSpdxElement": "SPDXRef-e7d6b30bf31f933a" --- > "relatedSpdxElement": "SPDXRef-cd1c702a19149d7d" 1107c1107 < "relatedSpdxElement": "SPDXRef-e6d162458c0b30b0" --- > "relatedSpdxElement": "SPDXRef-be5355441673f6dc" 1112c1112 < "relatedSpdxElement": "SPDXRef-d5ee1ce0839cb21a" --- > "relatedSpdxElement": "SPDXRef-e7d6b30bf31f933a" 1117c1117 < "relatedSpdxElement": "SPDXRef-988a54d89f5c4c09" --- > "relatedSpdxElement": "SPDXRef-e6d162458c0b30b0" 1122c1122 < "relatedSpdxElement": "SPDXRef-cd1c702a19149d7d" --- > "relatedSpdxElement": "SPDXRef-d5ee1ce0839cb21a" 1127c1127 < "relatedSpdxElement": "SPDXRef-2eaa15c5fc625ebe" --- > "relatedSpdxElement": "SPDXRef-84fd54b3f2a2e825" 1132c1132 < "relatedSpdxElement": "SPDXRef-a53373020dfa8bb4" --- > "relatedSpdxElement": "SPDXRef-18d9a7fcef583aeb" 1137c1137 < "relatedSpdxElement": "SPDXRef-38605c90f707fb90" --- > "relatedSpdxElement": "SPDXRef-a53373020dfa8bb4" 1142c1142 < "relatedSpdxElement": "SPDXRef-60fa740c32339374" --- > "relatedSpdxElement": "SPDXRef-2c0eaf2a7d7dbad" 1152c1152 < "relatedSpdxElement": "SPDXRef-d41a5f82a774a6a1" --- > "relatedSpdxElement": "SPDXRef-64b20ab568341372" 1157c1157 < "relatedSpdxElement": "SPDXRef-13d6d27618d264f7" --- > "relatedSpdxElement": "SPDXRef-dc65dbf355556024" 1167c1167 < "relatedSpdxElement": "SPDXRef-2e3613b244458b5a" --- > "relatedSpdxElement": "SPDXRef-9ab25fdcabefa4ac" 1172c1172 < "relatedSpdxElement": "SPDXRef-84fd54b3f2a2e825" --- > "relatedSpdxElement": "SPDXRef-13d6d27618d264f7" 1177c1177 < "relatedSpdxElement": "SPDXRef-32701f6d1e056c29" --- > "relatedSpdxElement": "SPDXRef-2eaa15c5fc625ebe" 1182c1182 < "relatedSpdxElement": "SPDXRef-93b858998f2c7034" --- > "relatedSpdxElement": "SPDXRef-38605c90f707fb90" 1187c1187 < "relatedSpdxElement": "SPDXRef-fb021b79aa9cd553" --- > "relatedSpdxElement": "SPDXRef-60fa740c32339374" 1192c1192 < "relatedSpdxElement": "SPDXRef-82fda88ae28dd50" --- > "relatedSpdxElement": "SPDXRef-420fa6f3289d6ee6" 1197c1197 < "relatedSpdxElement": "SPDXRef-9ab25fdcabefa4ac" --- > "relatedSpdxElement": "SPDXRef-5e12c5188eeb9cb3" 1202c1202 < "relatedSpdxElement": "SPDXRef-2c0eaf2a7d7dbad" --- > "relatedSpdxElement": "SPDXRef-93b858998f2c7034" 1207c1207 < "relatedSpdxElement": "SPDXRef-f3ee626693308800" --- > "relatedSpdxElement": "SPDXRef-82fda88ae28dd50" 1212c1212 < "relatedSpdxElement": "SPDXRef-420fa6f3289d6ee6" --- > "relatedSpdxElement": "SPDXRef-f3ee626693308800" 1227c1227 < "relatedSpdxElement": "SPDXRef-64b20ab568341372" --- > "relatedSpdxElement": "SPDXRef-2e3613b244458b5a" 1232c1232 < "relatedSpdxElement": "SPDXRef-5e12c5188eeb9cb3" --- > "relatedSpdxElement": "SPDXRef-d41a5f82a774a6a1" 1237c1237 < "relatedSpdxElement": "SPDXRef-18d9a7fcef583aeb" --- > "relatedSpdxElement": "SPDXRef-32701f6d1e056c29" 1242c1242 < "relatedSpdxElement": "SPDXRef-dc65dbf355556024" --- > "relatedSpdxElement": "SPDXRef-fb021b79aa9cd553" 1247c1247 < "relatedSpdxElement": "SPDXRef-ccc2b3e76affde68" --- > "relatedSpdxElement": "SPDXRef-27d8de5355fdb7ba" 1252c1252 < "relatedSpdxElement": "SPDXRef-3562d93285c5a3c5" --- > "relatedSpdxElement": "SPDXRef-7803dc5a1a496765" 1257c1257 < "relatedSpdxElement": "SPDXRef-27d8de5355fdb7ba" --- > "relatedSpdxElement": "SPDXRef-2363acec0a71a382" 1262c1262 < "relatedSpdxElement": "SPDXRef-ff0560ee36b984a7" --- > "relatedSpdxElement": "SPDXRef-395f72182f48f77c" 1267c1267 < "relatedSpdxElement": "SPDXRef-79cc1d44454e11b9" --- > "relatedSpdxElement": "SPDXRef-66756a275982c586" 1277c1277 < "relatedSpdxElement": "SPDXRef-7803dc5a1a496765" --- > "relatedSpdxElement": "SPDXRef-187efc434122356a" 1282c1282 < "relatedSpdxElement": "SPDXRef-57149f915867bf12" --- > "relatedSpdxElement": "SPDXRef-59d943ecba7b9db1" 1287c1287 < "relatedSpdxElement": "SPDXRef-2363acec0a71a382" --- > "relatedSpdxElement": "SPDXRef-79cc1d44454e11b9" 1292c1292 < "relatedSpdxElement": "SPDXRef-8ec9dcf9b3d1d7ce" --- > "relatedSpdxElement": "SPDXRef-abfd85d1b45289dc" 1297c1297 < "relatedSpdxElement": "SPDXRef-39dcc03ca17480ca" --- > "relatedSpdxElement": "SPDXRef-ccc2b3e76affde68" 1302c1302 < "relatedSpdxElement": "SPDXRef-496698ff67ca49fc" --- > "relatedSpdxElement": "SPDXRef-8ec9dcf9b3d1d7ce" 1307c1307 < "relatedSpdxElement": "SPDXRef-66756a275982c586" --- > "relatedSpdxElement": "SPDXRef-39dcc03ca17480ca" 1312c1312 < "relatedSpdxElement": "SPDXRef-4d646d694b6380fc" --- > "relatedSpdxElement": "SPDXRef-496698ff67ca49fc" 1317c1317 < "relatedSpdxElement": "SPDXRef-add734ec170033bd" --- > "relatedSpdxElement": "SPDXRef-3562d93285c5a3c5" 1322c1322 < "relatedSpdxElement": "SPDXRef-abfd85d1b45289dc" --- > "relatedSpdxElement": "SPDXRef-2dac0f0b0463195c" 1327c1327 < "relatedSpdxElement": "SPDXRef-2dac0f0b0463195c" --- > "relatedSpdxElement": "SPDXRef-f059a81847acaad9" 1332c1332 < "relatedSpdxElement": "SPDXRef-f059a81847acaad9" --- > "relatedSpdxElement": "SPDXRef-2c8a8c151837aa6e" 1337c1337 < "relatedSpdxElement": "SPDXRef-395f72182f48f77c" --- > "relatedSpdxElement": "SPDXRef-57149f915867bf12" 1342c1342 < "relatedSpdxElement": "SPDXRef-187efc434122356a" --- > "relatedSpdxElement": "SPDXRef-4d646d694b6380fc" 1347c1347 < "relatedSpdxElement": "SPDXRef-59d943ecba7b9db1" --- > "relatedSpdxElement": "SPDXRef-add734ec170033bd" 1352c1352 < "relatedSpdxElement": "SPDXRef-2c8a8c151837aa6e" --- > "relatedSpdxElement": "SPDXRef-ff0560ee36b984a7" ```

Note: Differences like name, creationInfo or documentNamespace are ok and not part of my diff. The differences appear in hasFiles and relatedSpdxElement properties.

Anything else we need to know?: Maybe I have to change something from my code which fixes the differences, then please let me know :wink:.

Environment:

Output of syft version:

Application:        syft
Version:            0.56.0
JsonSchemaVersion:  3.3.2
BuildDate:          2022-09-12T16:36:53Z
GitCommit:          c5dca001e267d2a91ff82e53ca72535ceef6af02
GitDescription:     v0.56.0
Platform:           linux/amd64
GoVersion:          go1.18.5
Compiler:           gc

OS (e.g: cat /etc/os-release or similar):

PRETTY_NAME="Ubuntu 22.04.1 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.1 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

kzantow commented 2 years ago

Hi @ckotzbauer -- it looks like the only differences are the element IDs likely from the related files section, is that right? Is this a diff from 0.55.0 to 0.56.0? There was a change to sort the files in order to make the output more consistent, I suspect the updated version is what you might want to use for your test fixtures moving forward. Or am I missing something?

ckotzbauer commented 2 years ago

it looks like the only differences are the element IDs likely from the related files section, is that right?

Yes, this should be right.

Is this a diff from 0.55.0 to 0.56.0?

No this is a diff between my go-implementation (linked above) which uses 0.56.0 in a PR and the 0.56.0 cli.

I suspect the updated version is what you might want to use for your test fixtures moving forward. Or am I missing something?

The fixtures were updated on my machine locally, not pushed yet. But the diff was created from up-to-date fixtures (generated by 0.56.0 syft cli)

kzantow commented 2 years ago

Ok, so you generate SBOMs using the command line syft at version 0.56.0 and then update syft as a library in your sbom-operator project to the same version and then generate SBOMs with the code you linked to and then compare those outputs. And currently syft-json format results in the same files but spdx-json has the diff you provided. Am I understanding this correctly?

If this gets run multiple times does it always result in the exact same diff? I suspect there may be a sorting issue specific to SPDX, probably nothing you need to change.

ckotzbauer commented 2 years ago

Ok, so you generate SBOMs using the command line syft at version 0.56.0 and then update syft as a library in your sbom-operator project to the same version and then generate SBOMs with the code you linked to and then compare those outputs. And currently syft-json format results in the same files but spdx-json has the diff you provided. Am I understanding this correctly?

Exactly.

If this gets run multiple times does it always result in the exact same diff? I suspect there may be a sorting issue specific to SPDX, probably nothing you need to change.

I have to check this, will reply.

ckotzbauer commented 2 years ago

@kzantow When running my go-code and the cli multiple times, the ordering always differs.

kzantow commented 2 years ago

@ckotzbauer thanks for getting back to me -- that is what I suspected, I think I have a fix for this. Are you able to test changes from a Syft PR somehow?

ckotzbauer commented 2 years ago

yes, that should be possible :+1:

kzantow commented 2 years ago

@ckotzbauer I've created a PR here: https://github.com/anchore/syft/pull/1216 ... to be frank, I'm not quite sure yet how to add a meaningful test for this yet so it might take just a bit to get it merged, but it would be nice to know if it seems to solve your problem

ckotzbauer commented 2 years ago

great, I will test it with my code.

ckotzbauer commented 2 years ago

The PR fixed the issue :heavy_check_mark:. My tests are green again. Tested the snapshotted cli against my go-code which also used the PR-code.

ckotzbauer commented 2 years ago

I'm not quite sure yet how to add a meaningful test for this yet

You can also try to test the code against a static fixture. When the issue occurrs again, this will fail.

kzantow commented 2 years ago

Right, my concern is that we have some static fixtures that have been routinely passing... I'm not sure if they had sufficient data to exhibit the problem. Thanks for following up 👍

ckotzbauer commented 2 years ago

Thanks for the fast PR!

kzantow commented 2 years ago

I went ahead and published a new release with the fix here, please let me know if it doesn't work! https://github.com/anchore/syft/releases/tag/v0.57.0

ckotzbauer commented 1 year ago

Hi @kzantow, I discovered this issue again. The artifact-relationships are not stable between two runs for the same image. So running syft registry:alpine@sha256:21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300 -o spdx-json twice will produce different IDs in the relationship section. It worked with 0.58.0 and failed for the first time with 0.59.0, but it is still present in 0.62.0

Is this still an issue or "intented" behaviour?

kzantow commented 1 year ago

@ckotzbauer -- the SPDX IDs should be stable, I've reopened this to investigate. We did just recently (v0.61.0) rework the SPDX output to exclusively use the spdx/tools-golang library, so it's interesting to hear that this was unstable before this, in v0.59.0 and continues to be. Thanks for the info!

kzantow commented 1 year ago

@ckotzbauer -- there was a pretty obvious omission in the aforementioned refactor, so this will be fixed with PR #1350 and I've adjusted the tests to hopefully surface this more obviously in the future.

ckotzbauer commented 1 year ago

Thanks @kzantow for your very quick reply!!

kzantow commented 1 year ago

@ckotzbauer -- a new Syft release v0.62.1 has been published which includes this fix -- please let me know if you continue to have issue! Again, sorry for the inconvenience -- the updates to the tests should help catch this regression in the future.

ckotzbauer commented 1 year ago

Great. I can confirm, that the issue is now gone. Thanks for your work! :partying_face:

anchore / syft

SPDX-json output differs between cli and golang implementation #1213