ButterB0wl
commented
3 years ago Testing on this repo: https://github.com/sonatype-nexus-community/cyclonedx-sbom-examples
$ go list -m all | nancy sbom > nancy-bom.xml
<?xml version="1.0" encoding="UTF-8"?>
<bom xmlns="http://cyclonedx.org/schema/bom/1.1" xmlns:v="http://cyclonedx.org/schema/ext/vulnerability/1.0" version="1">
<components>
<component type="library" bom-ref="pkg:golang/cloud.google.com/go@0.46.3">
<name>go</name>
<version>0.46.3</version>
<purl>pkg:golang/cloud.google.com/go@0.46.3</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/cloud.google.com/go/bigquery@1.0.1">
<name>bigquery</name>
<version>1.0.1</version>
<purl>pkg:golang/cloud.google.com/go/bigquery@1.0.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/cloud.google.com/go/datastore@1.0.0">
<name>datastore</name>
<version>1.0.0</version>
<purl>pkg:golang/cloud.google.com/go/datastore@1.0.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/cloud.google.com/go/firestore@1.1.0">
<name>firestore</name>
<version>1.1.0</version>
<purl>pkg:golang/cloud.google.com/go/firestore@1.1.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/cloud.google.com/go/pubsub@1.0.1">
<name>pubsub</name>
<version>1.0.1</version>
<purl>pkg:golang/cloud.google.com/go/pubsub@1.0.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/cloud.google.com/go/storage@1.0.0">
<name>storage</name>
<version>1.0.0</version>
<purl>pkg:golang/cloud.google.com/go/storage@1.0.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/dmitri.shuralyov.com/gpu/mtl@0.0.0-20190408044501-666a987793e9">
<name>mtl</name>
<version>0.0.0-20190408044501-666a987793e9</version>
<purl>pkg:golang/dmitri.shuralyov.com/gpu/mtl@0.0.0-20190408044501-666a987793e9</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/burntsushi/toml@0.3.1">
<name>toml</name>
<version>0.3.1</version>
<purl>pkg:golang/github.com/burntsushi/toml@0.3.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/burntsushi/xgb@0.0.0-20160522181843-27f122750802">
<name>xgb</name>
<version>0.0.0-20160522181843-27f122750802</version>
<purl>pkg:golang/github.com/burntsushi/xgb@0.0.0-20160522181843-27f122750802</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/flaque/filet@0.0.0-20190209224823-fc4d33cfcf93">
<name>filet</name>
<version>0.0.0-20190209224823-fc4d33cfcf93</version>
<purl>pkg:golang/github.com/flaque/filet@0.0.0-20190209224823-fc4d33cfcf93</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/masterminds/semver@0.0.0-20190925130524-317e8cce5480">
<name>semver</name>
<version>0.0.0-20190925130524-317e8cce5480</version>
<purl>pkg:golang/github.com/masterminds/semver@0.0.0-20190925130524-317e8cce5480</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/masterminds/vcs@1.13.1">
<name>vcs</name>
<version>1.13.1</version>
<purl>pkg:golang/github.com/masterminds/vcs@1.13.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/oneofone/xxhash@1.2.2">
<name>xxhash</name>
<version>1.2.2</version>
<purl>pkg:golang/github.com/oneofone/xxhash@1.2.2</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/alecthomas/template@0.0.0-20160405071501-a0175ee3bccc">
<name>template</name>
<version>0.0.0-20160405071501-a0175ee3bccc</version>
<purl>pkg:golang/github.com/alecthomas/template@0.0.0-20160405071501-a0175ee3bccc</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/alecthomas/units@0.0.0-20151022065526-2efee857e7cf">
<name>units</name>
<version>0.0.0-20151022065526-2efee857e7cf</version>
<purl>pkg:golang/github.com/alecthomas/units@0.0.0-20151022065526-2efee857e7cf</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/armon/circbuf@0.0.0-20150827004946-bbbad097214e">
<name>circbuf</name>
<version>0.0.0-20150827004946-bbbad097214e</version>
<purl>pkg:golang/github.com/armon/circbuf@0.0.0-20150827004946-bbbad097214e</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/armon/consul-api@0.0.0-20180202201655-eb2c6b5be1b6">
<name>consul-api</name>
<version>0.0.0-20180202201655-eb2c6b5be1b6</version>
<purl>pkg:golang/github.com/armon/consul-api@0.0.0-20180202201655-eb2c6b5be1b6</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/armon/go-metrics@0.0.0-20180917152333-f0300d1749da">
<name>go-metrics</name>
<version>0.0.0-20180917152333-f0300d1749da</version>
<purl>pkg:golang/github.com/armon/go-metrics@0.0.0-20180917152333-f0300d1749da</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/armon/go-radix@1.0.0">
<name>go-radix</name>
<version>1.0.0</version>
<purl>pkg:golang/github.com/armon/go-radix@1.0.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/beevik/etree@1.1.0">
<name>etree</name>
<version>1.1.0</version>
<purl>pkg:golang/github.com/beevik/etree@1.1.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/beorn7/perks@1.0.0">
<name>perks</name>
<version>1.0.0</version>
<purl>pkg:golang/github.com/beorn7/perks@1.0.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/bgentry/speakeasy@0.1.0">
<name>speakeasy</name>
<version>0.1.0</version>
<purl>pkg:golang/github.com/bgentry/speakeasy@0.1.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/bketelsen/crypt@0.0.3-0.20200106085610-5cbc8cc4026c">
<name>crypt</name>
<version>0.0.3-0.20200106085610-5cbc8cc4026c</version>
<purl>pkg:golang/github.com/bketelsen/crypt@0.0.3-0.20200106085610-5cbc8cc4026c</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/boltdb/bolt@1.3.1">
<name>bolt</name>
<version>1.3.1</version>
<purl>pkg:golang/github.com/boltdb/bolt@1.3.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/census-instrumentation/opencensus-proto@0.2.1">
<name>opencensus-proto</name>
<version>0.2.1</version>
<purl>pkg:golang/github.com/census-instrumentation/opencensus-proto@0.2.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/cespare/xxhash@1.1.0">
<name>xxhash</name>
<version>1.1.0</version>
<purl>pkg:golang/github.com/cespare/xxhash@1.1.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/client9/misspell@0.3.4">
<name>misspell</name>
<version>0.3.4</version>
<purl>pkg:golang/github.com/client9/misspell@0.3.4</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/common-nighthawk/go-figure@0.0.0-20200609044655-c4b36f998cf2">
<name>go-figure</name>
<version>0.0.0-20200609044655-c4b36f998cf2</version>
<purl>pkg:golang/github.com/common-nighthawk/go-figure@0.0.0-20200609044655-c4b36f998cf2</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/coreos/bbolt@1.3.2">
<name>bbolt</name>
<version>1.3.2</version>
<purl>pkg:golang/github.com/coreos/bbolt@1.3.2</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/coreos/etcd@3.3.24">
<name>etcd</name>
<version>3.3.24</version>
<purl>pkg:golang/github.com/coreos/etcd@3.3.24</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/coreos/go-semver@0.3.0">
<name>go-semver</name>
<version>0.3.0</version>
<purl>pkg:golang/github.com/coreos/go-semver@0.3.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/coreos/go-systemd@0.0.0-20190321100706-95778dfbb74e">
<name>go-systemd</name>
<version>0.0.0-20190321100706-95778dfbb74e</version>
<purl>pkg:golang/github.com/coreos/go-systemd@0.0.0-20190321100706-95778dfbb74e</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/coreos/pkg@0.0.0-20180928190104-399ea9e2e55f">
<name>pkg</name>
<version>0.0.0-20180928190104-399ea9e2e55f</version>
<purl>pkg:golang/github.com/coreos/pkg@0.0.0-20180928190104-399ea9e2e55f</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/cpuguy83/go-md2man/v2@2.0.0">
<name>v2</name>
<version>2.0.0</version>
<purl>pkg:golang/github.com/cpuguy83/go-md2man/v2@2.0.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/creack/pty@1.1.9">
<name>pty</name>
<version>1.1.9</version>
<purl>pkg:golang/github.com/creack/pty@1.1.9</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/davecgh/go-spew@1.1.1">
<name>go-spew</name>
<version>1.1.1</version>
<purl>pkg:golang/github.com/davecgh/go-spew@1.1.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/dgrijalva/jwt-go@3.2.0">
<name>jwt-go</name>
<version>3.2.0</version>
<purl>pkg:golang/github.com/dgrijalva/jwt-go@3.2.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/dgryski/go-sip13@0.0.0-20181026042036-e10d5fee7954">
<name>go-sip13</name>
<version>0.0.0-20181026042036-e10d5fee7954</version>
<purl>pkg:golang/github.com/dgryski/go-sip13@0.0.0-20181026042036-e10d5fee7954</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/envoyproxy/go-control-plane@0.9.1-0.20191026205805-5f8ba28d4473">
<name>go-control-plane</name>
<version>0.9.1-0.20191026205805-5f8ba28d4473</version>
<purl>pkg:golang/github.com/envoyproxy/go-control-plane@0.9.1-0.20191026205805-5f8ba28d4473</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/envoyproxy/protoc-gen-validate@0.1.0">
<name>protoc-gen-validate</name>
<version>0.1.0</version>
<purl>pkg:golang/github.com/envoyproxy/protoc-gen-validate@0.1.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/fatih/color@1.7.0">
<name>color</name>
<version>1.7.0</version>
<purl>pkg:golang/github.com/fatih/color@1.7.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/fsnotify/fsnotify@1.4.9">
<name>fsnotify</name>
<version>1.4.9</version>
<purl>pkg:golang/github.com/fsnotify/fsnotify@1.4.9</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/ghodss/yaml@1.0.0">
<name>yaml</name>
<version>1.0.0</version>
<purl>pkg:golang/github.com/ghodss/yaml@1.0.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/go-gl/glfw@0.0.0-20190409004039-e6da0acd62b1">
<name>glfw</name>
<version>0.0.0-20190409004039-e6da0acd62b1</version>
<purl>pkg:golang/github.com/go-gl/glfw@0.0.0-20190409004039-e6da0acd62b1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/go-kit/kit@0.8.0">
<name>kit</name>
<version>0.8.0</version>
<purl>pkg:golang/github.com/go-kit/kit@0.8.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/go-logfmt/logfmt@0.4.0">
<name>logfmt</name>
<version>0.4.0</version>
<purl>pkg:golang/github.com/go-logfmt/logfmt@0.4.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/go-stack/stack@1.8.0">
<name>stack</name>
<version>1.8.0</version>
<purl>pkg:golang/github.com/go-stack/stack@1.8.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/gogo/protobuf@1.2.1">
<name>protobuf</name>
<version>1.2.1</version>
<purl>pkg:golang/github.com/gogo/protobuf@1.2.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/golang/dep@0.5.4">
<name>dep</name>
<version>0.5.4</version>
<purl>pkg:golang/github.com/golang/dep@0.5.4</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/golang/glog@0.0.0-20160126235308-23def4e6c14b">
<name>glog</name>
<version>0.0.0-20160126235308-23def4e6c14b</version>
<purl>pkg:golang/github.com/golang/glog@0.0.0-20160126235308-23def4e6c14b</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/golang/groupcache@0.0.0-20190129154638-5b532d6fd5ef">
<name>groupcache</name>
<version>0.0.0-20190129154638-5b532d6fd5ef</version>
<purl>pkg:golang/github.com/golang/groupcache@0.0.0-20190129154638-5b532d6fd5ef</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/golang/mock@1.3.1">
<name>mock</name>
<version>1.3.1</version>
<purl>pkg:golang/github.com/golang/mock@1.3.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/golang/protobuf@1.4.2">
<name>protobuf</name>
<version>1.4.2</version>
<purl>pkg:golang/github.com/golang/protobuf@1.4.2</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/google/btree@1.0.0">
<name>btree</name>
<version>1.0.0</version>
<purl>pkg:golang/github.com/google/btree@1.0.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/google/go-cmp@0.5.0">
<name>go-cmp</name>
<version>0.5.0</version>
<purl>pkg:golang/github.com/google/go-cmp@0.5.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/google/martian@2.1.0">
<name>martian</name>
<version>2.1.0</version>
<purl>pkg:golang/github.com/google/martian@2.1.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/google/pprof@0.0.0-20190515194954-54271f7e092f">
<name>pprof</name>
<version>0.0.0-20190515194954-54271f7e092f</version>
<purl>pkg:golang/github.com/google/pprof@0.0.0-20190515194954-54271f7e092f</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/google/renameio@0.1.0">
<name>renameio</name>
<version>0.1.0</version>
<purl>pkg:golang/github.com/google/renameio@0.1.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/googleapis/gax-go/v2@2.0.5">
<name>v2</name>
<version>2.0.5</version>
<purl>pkg:golang/github.com/googleapis/gax-go/v2@2.0.5</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/gopherjs/gopherjs@0.0.0-20181017120253-0766667cb4d1">
<name>gopherjs</name>
<version>0.0.0-20181017120253-0766667cb4d1</version>
<purl>pkg:golang/github.com/gopherjs/gopherjs@0.0.0-20181017120253-0766667cb4d1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/gorilla/websocket@1.4.2">
<name>websocket</name>
<version>1.4.2</version>
<purl>pkg:golang/github.com/gorilla/websocket@1.4.2</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/grpc-ecosystem/go-grpc-middleware@1.0.0">
<name>go-grpc-middleware</name>
<version>1.0.0</version>
<purl>pkg:golang/github.com/grpc-ecosystem/go-grpc-middleware@1.0.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0">
<name>go-grpc-prometheus</name>
<version>1.2.0</version>
<purl>pkg:golang/github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/grpc-ecosystem/grpc-gateway@1.9.0">
<name>grpc-gateway</name>
<version>1.9.0</version>
<purl>pkg:golang/github.com/grpc-ecosystem/grpc-gateway@1.9.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/hashicorp/consul/api@1.1.0">
<name>api</name>
<version>1.1.0</version>
<purl>pkg:golang/github.com/hashicorp/consul/api@1.1.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/hashicorp/consul/sdk@0.1.1">
<name>sdk</name>
<version>0.1.1</version>
<purl>pkg:golang/github.com/hashicorp/consul/sdk@0.1.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/hashicorp/errwrap@1.0.0">
<name>errwrap</name>
<version>1.0.0</version>
<purl>pkg:golang/github.com/hashicorp/errwrap@1.0.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/hashicorp/go-cleanhttp@0.5.1">
<name>go-cleanhttp</name>
<version>0.5.1</version>
<purl>pkg:golang/github.com/hashicorp/go-cleanhttp@0.5.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/hashicorp/go-immutable-radix@1.0.0">
<name>go-immutable-radix</name>
<version>1.0.0</version>
<purl>pkg:golang/github.com/hashicorp/go-immutable-radix@1.0.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/hashicorp/go-msgpack@0.5.3">
<name>go-msgpack</name>
<version>0.5.3</version>
<purl>pkg:golang/github.com/hashicorp/go-msgpack@0.5.3</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/hashicorp/go-multierror@1.0.0">
<name>go-multierror</name>
<version>1.0.0</version>
<purl>pkg:golang/github.com/hashicorp/go-multierror@1.0.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/hashicorp/go-rootcerts@1.0.0">
<name>go-rootcerts</name>
<version>1.0.0</version>
<purl>pkg:golang/github.com/hashicorp/go-rootcerts@1.0.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/hashicorp/go-sockaddr@1.0.0">
<name>go-sockaddr</name>
<version>1.0.0</version>
<purl>pkg:golang/github.com/hashicorp/go-sockaddr@1.0.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/hashicorp/go-syslog@1.0.0">
<name>go-syslog</name>
<version>1.0.0</version>
<purl>pkg:golang/github.com/hashicorp/go-syslog@1.0.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/hashicorp/go-uuid@1.0.1">
<name>go-uuid</name>
<version>1.0.1</version>
<purl>pkg:golang/github.com/hashicorp/go-uuid@1.0.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/hashicorp/go.net@0.0.1">
<name>go.net</name>
<version>0.0.1</version>
<purl>pkg:golang/github.com/hashicorp/go.net@0.0.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/hashicorp/golang-lru@0.5.1">
<name>golang-lru</name>
<version>0.5.1</version>
<purl>pkg:golang/github.com/hashicorp/golang-lru@0.5.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/hashicorp/hcl@1.0.0">
<name>hcl</name>
<version>1.0.0</version>
<purl>pkg:golang/github.com/hashicorp/hcl@1.0.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/hashicorp/logutils@1.0.0">
<name>logutils</name>
<version>1.0.0</version>
<purl>pkg:golang/github.com/hashicorp/logutils@1.0.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/hashicorp/mdns@1.0.0">
<name>mdns</name>
<version>1.0.0</version>
<purl>pkg:golang/github.com/hashicorp/mdns@1.0.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/hashicorp/memberlist@0.1.3">
<name>memberlist</name>
<version>0.1.3</version>
<purl>pkg:golang/github.com/hashicorp/memberlist@0.1.3</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/hashicorp/serf@0.8.2">
<name>serf</name>
<version>0.8.2</version>
<purl>pkg:golang/github.com/hashicorp/serf@0.8.2</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/inconshreveable/mousetrap@1.0.0">
<name>mousetrap</name>
<version>1.0.0</version>
<purl>pkg:golang/github.com/inconshreveable/mousetrap@1.0.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/jarcoal/httpmock@1.0.5">
<name>httpmock</name>
<version>1.0.5</version>
<purl>pkg:golang/github.com/jarcoal/httpmock@1.0.5</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/jedib0t/go-pretty/v6@6.0.4">
<name>v6</name>
<version>6.0.4</version>
<purl>pkg:golang/github.com/jedib0t/go-pretty/v6@6.0.4</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/jmank88/nuts@0.4.0">
<name>nuts</name>
<version>0.4.0</version>
<purl>pkg:golang/github.com/jmank88/nuts@0.4.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/jonboulle/clockwork@0.1.0">
<name>clockwork</name>
<version>0.1.0</version>
<purl>pkg:golang/github.com/jonboulle/clockwork@0.1.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/json-iterator/go@1.1.6">
<name>go</name>
<version>1.1.6</version>
<purl>pkg:golang/github.com/json-iterator/go@1.1.6</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/jstemmer/go-junit-report@0.0.0-20190106144839-af01ea7f8024">
<name>go-junit-report</name>
<version>0.0.0-20190106144839-af01ea7f8024</version>
<purl>pkg:golang/github.com/jstemmer/go-junit-report@0.0.0-20190106144839-af01ea7f8024</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/jtolds/gls@4.20.0">
<name>gls</name>
<version>4.20.0</version>
<purl>pkg:golang/github.com/jtolds/gls@4.20.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/julienschmidt/httprouter@1.2.0">
<name>httprouter</name>
<version>1.2.0</version>
<purl>pkg:golang/github.com/julienschmidt/httprouter@1.2.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/kisielk/errcheck@1.1.0">
<name>errcheck</name>
<version>1.1.0</version>
<purl>pkg:golang/github.com/kisielk/errcheck@1.1.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/kisielk/gotool@1.0.0">
<name>gotool</name>
<version>1.0.0</version>
<purl>pkg:golang/github.com/kisielk/gotool@1.0.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/konsorten/go-windows-terminal-sequences@1.0.3">
<name>go-windows-terminal-sequences</name>
<version>1.0.3</version>
<purl>pkg:golang/github.com/konsorten/go-windows-terminal-sequences@1.0.3</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/kr/fs@0.1.0">
<name>fs</name>
<version>0.1.0</version>
<purl>pkg:golang/github.com/kr/fs@0.1.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/kr/logfmt@0.0.0-20140226030751-b84e30acd515">
<name>logfmt</name>
<version>0.0.0-20140226030751-b84e30acd515</version>
<purl>pkg:golang/github.com/kr/logfmt@0.0.0-20140226030751-b84e30acd515</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/kr/pretty@0.1.0">
<name>pretty</name>
<version>0.1.0</version>
<purl>pkg:golang/github.com/kr/pretty@0.1.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/kr/pty@1.1.1">
<name>pty</name>
<version>1.1.1</version>
<purl>pkg:golang/github.com/kr/pty@1.1.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/kr/text@0.2.0">
<name>text</name>
<version>0.2.0</version>
<purl>pkg:golang/github.com/kr/text@0.2.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/logrusorgru/aurora@2.0.3">
<name>aurora</name>
<version>2.0.3</version>
<purl>pkg:golang/github.com/logrusorgru/aurora@2.0.3</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/magiconair/properties@1.8.1">
<name>properties</name>
<version>1.8.1</version>
<purl>pkg:golang/github.com/magiconair/properties@1.8.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/mattn/go-colorable@0.0.9">
<name>go-colorable</name>
<version>0.0.9</version>
<purl>pkg:golang/github.com/mattn/go-colorable@0.0.9</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/mattn/go-isatty@0.0.3">
<name>go-isatty</name>
<version>0.0.3</version>
<purl>pkg:golang/github.com/mattn/go-isatty@0.0.3</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/mattn/go-runewidth@0.0.9">
<name>go-runewidth</name>
<version>0.0.9</version>
<purl>pkg:golang/github.com/mattn/go-runewidth@0.0.9</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/matttproud/golang_protobuf_extensions@1.0.1">
<name>golang_protobuf_extensions</name>
<version>1.0.1</version>
<purl>pkg:golang/github.com/matttproud/golang_protobuf_extensions@1.0.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/miekg/dns@1.0.14">
<name>dns</name>
<version>1.0.14</version>
<purl>pkg:golang/github.com/miekg/dns@1.0.14</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/mitchellh/cli@1.0.0">
<name>cli</name>
<version>1.0.0</version>
<purl>pkg:golang/github.com/mitchellh/cli@1.0.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/mitchellh/go-homedir@1.1.0">
<name>go-homedir</name>
<version>1.1.0</version>
<purl>pkg:golang/github.com/mitchellh/go-homedir@1.1.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/mitchellh/go-testing-interface@1.0.0">
<name>go-testing-interface</name>
<version>1.0.0</version>
<purl>pkg:golang/github.com/mitchellh/go-testing-interface@1.0.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/mitchellh/gox@0.4.0">
<name>gox</name>
<version>0.4.0</version>
<purl>pkg:golang/github.com/mitchellh/gox@0.4.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/mitchellh/iochan@1.0.0">
<name>iochan</name>
<version>1.0.0</version>
<purl>pkg:golang/github.com/mitchellh/iochan@1.0.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/mitchellh/mapstructure@1.3.3">
<name>mapstructure</name>
<version>1.3.3</version>
<purl>pkg:golang/github.com/mitchellh/mapstructure@1.3.3</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/modern-go/concurrent@0.0.0-20180306012644-bacd9c7ef1dd">
<name>concurrent</name>
<version>0.0.0-20180306012644-bacd9c7ef1dd</version>
<purl>pkg:golang/github.com/modern-go/concurrent@0.0.0-20180306012644-bacd9c7ef1dd</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/modern-go/reflect2@1.0.1">
<name>reflect2</name>
<version>1.0.1</version>
<purl>pkg:golang/github.com/modern-go/reflect2@1.0.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/mwitkow/go-conntrack@0.0.0-20161129095857-cc309e4a2223">
<name>go-conntrack</name>
<version>0.0.0-20161129095857-cc309e4a2223</version>
<purl>pkg:golang/github.com/mwitkow/go-conntrack@0.0.0-20161129095857-cc309e4a2223</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/niemeyer/pretty@0.0.0-20200227124842-a10e7caefd8e">
<name>pretty</name>
<version>0.0.0-20200227124842-a10e7caefd8e</version>
<purl>pkg:golang/github.com/niemeyer/pretty@0.0.0-20200227124842-a10e7caefd8e</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/nightlyone/lockfile@1.0.0">
<name>lockfile</name>
<version>1.0.0</version>
<purl>pkg:golang/github.com/nightlyone/lockfile@1.0.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/oklog/ulid@1.3.1">
<name>ulid</name>
<version>1.3.1</version>
<purl>pkg:golang/github.com/oklog/ulid@1.3.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/package-url/packageurl-go@0.1.0">
<name>packageurl-go</name>
<version>0.1.0</version>
<purl>pkg:golang/github.com/package-url/packageurl-go@0.1.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/pascaldekloe/goe@0.0.0-20180627143212-57f6aae5913c">
<name>goe</name>
<version>0.0.0-20180627143212-57f6aae5913c</version>
<purl>pkg:golang/github.com/pascaldekloe/goe@0.0.0-20180627143212-57f6aae5913c</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/pelletier/go-toml@1.8.0">
<name>go-toml</name>
<version>1.8.0</version>
<purl>pkg:golang/github.com/pelletier/go-toml@1.8.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/pkg/errors@0.9.1">
<name>errors</name>
<version>0.9.1</version>
<purl>pkg:golang/github.com/pkg/errors@0.9.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/pkg/profile@1.2.1">
<name>profile</name>
<version>1.2.1</version>
<purl>pkg:golang/github.com/pkg/profile@1.2.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/pkg/sftp@1.10.1">
<name>sftp</name>
<version>1.10.1</version>
<purl>pkg:golang/github.com/pkg/sftp@1.10.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/pmezard/go-difflib@1.0.0">
<name>go-difflib</name>
<version>1.0.0</version>
<purl>pkg:golang/github.com/pmezard/go-difflib@1.0.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/posener/complete@1.1.1">
<name>complete</name>
<version>1.1.1</version>
<purl>pkg:golang/github.com/posener/complete@1.1.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/prometheus/client_golang@0.9.3">
<name>client_golang</name>
<version>0.9.3</version>
<purl>pkg:golang/github.com/prometheus/client_golang@0.9.3</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/prometheus/client_model@0.0.0-20190812154241-14fe0d1b01d4">
<name>client_model</name>
<version>0.0.0-20190812154241-14fe0d1b01d4</version>
<purl>pkg:golang/github.com/prometheus/client_model@0.0.0-20190812154241-14fe0d1b01d4</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/prometheus/common@0.4.0">
<name>common</name>
<version>0.4.0</version>
<purl>pkg:golang/github.com/prometheus/common@0.4.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/prometheus/procfs@0.0.0-20190507164030-5867b95ac084">
<name>procfs</name>
<version>0.0.0-20190507164030-5867b95ac084</version>
<purl>pkg:golang/github.com/prometheus/procfs@0.0.0-20190507164030-5867b95ac084</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/prometheus/tsdb@0.7.1">
<name>tsdb</name>
<version>0.7.1</version>
<purl>pkg:golang/github.com/prometheus/tsdb@0.7.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/recoilme/pudge@1.0.3">
<name>pudge</name>
<version>1.0.3</version>
<purl>pkg:golang/github.com/recoilme/pudge@1.0.3</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/rogpeppe/fastuuid@0.0.0-20150106093220-6724a57986af">
<name>fastuuid</name>
<version>0.0.0-20150106093220-6724a57986af</version>
<purl>pkg:golang/github.com/rogpeppe/fastuuid@0.0.0-20150106093220-6724a57986af</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/rogpeppe/go-internal@1.3.0">
<name>go-internal</name>
<version>1.3.0</version>
<purl>pkg:golang/github.com/rogpeppe/go-internal@1.3.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/russross/blackfriday/v2@2.0.1">
<name>v2</name>
<version>2.0.1</version>
<purl>pkg:golang/github.com/russross/blackfriday/v2@2.0.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/ryanuber/columnize@0.0.0-20160712163229-9b3edd62028f">
<name>columnize</name>
<version>0.0.0-20160712163229-9b3edd62028f</version>
<purl>pkg:golang/github.com/ryanuber/columnize@0.0.0-20160712163229-9b3edd62028f</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/sdboyer/constext@0.0.0-20170321163424-836a14457353">
<name>constext</name>
<version>0.0.0-20170321163424-836a14457353</version>
<purl>pkg:golang/github.com/sdboyer/constext@0.0.0-20170321163424-836a14457353</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/sean-/seed@0.0.0-20170313163322-e2103e2c3529">
<name>seed</name>
<version>0.0.0-20170313163322-e2103e2c3529</version>
<purl>pkg:golang/github.com/sean-/seed@0.0.0-20170313163322-e2103e2c3529</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/shopspring/decimal@1.2.0">
<name>decimal</name>
<version>1.2.0</version>
<purl>pkg:golang/github.com/shopspring/decimal@1.2.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/shurcool/sanitized_anchor_name@1.0.0">
<name>sanitized_anchor_name</name>
<version>1.0.0</version>
<purl>pkg:golang/github.com/shurcool/sanitized_anchor_name@1.0.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/sirupsen/logrus@1.6.0">
<name>logrus</name>
<version>1.6.0</version>
<purl>pkg:golang/github.com/sirupsen/logrus@1.6.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/smartystreets/assertions@0.0.0-20180927180507-b2de0cb4f26d">
<name>assertions</name>
<version>0.0.0-20180927180507-b2de0cb4f26d</version>
<purl>pkg:golang/github.com/smartystreets/assertions@0.0.0-20180927180507-b2de0cb4f26d</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/smartystreets/goconvey@1.6.4">
<name>goconvey</name>
<version>1.6.4</version>
<purl>pkg:golang/github.com/smartystreets/goconvey@1.6.4</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/soheilhy/cmux@0.1.4">
<name>cmux</name>
<version>0.1.4</version>
<purl>pkg:golang/github.com/soheilhy/cmux@0.1.4</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/sonatype-nexus-community/go-sona-types@0.0.7">
<name>go-sona-types</name>
<version>0.0.7</version>
<purl>pkg:golang/github.com/sonatype-nexus-community/go-sona-types@0.0.7</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/spaolacci/murmur3@0.0.0-20180118202830-f09979ecbc72">
<name>murmur3</name>
<version>0.0.0-20180118202830-f09979ecbc72</version>
<purl>pkg:golang/github.com/spaolacci/murmur3@0.0.0-20180118202830-f09979ecbc72</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/spf13/afero@1.3.4">
<name>afero</name>
<version>1.3.4</version>
<purl>pkg:golang/github.com/spf13/afero@1.3.4</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/spf13/cast@1.3.1">
<name>cast</name>
<version>1.3.1</version>
<purl>pkg:golang/github.com/spf13/cast@1.3.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/spf13/cobra@1.0.0">
<name>cobra</name>
<version>1.0.0</version>
<purl>pkg:golang/github.com/spf13/cobra@1.0.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/spf13/jwalterweatherman@1.1.0">
<name>jwalterweatherman</name>
<version>1.1.0</version>
<purl>pkg:golang/github.com/spf13/jwalterweatherman@1.1.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/spf13/pflag@1.0.5">
<name>pflag</name>
<version>1.0.5</version>
<purl>pkg:golang/github.com/spf13/pflag@1.0.5</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/spf13/viper@1.7.1">
<name>viper</name>
<version>1.7.1</version>
<purl>pkg:golang/github.com/spf13/viper@1.7.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/stretchr/objx@0.1.1">
<name>objx</name>
<version>0.1.1</version>
<purl>pkg:golang/github.com/stretchr/objx@0.1.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/stretchr/testify@1.6.1">
<name>testify</name>
<version>1.6.1</version>
<purl>pkg:golang/github.com/stretchr/testify@1.6.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/subosito/gotenv@1.2.0">
<name>gotenv</name>
<version>1.2.0</version>
<purl>pkg:golang/github.com/subosito/gotenv@1.2.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/tmc/grpc-websocket-proxy@0.0.0-20190109142713-0ad062ec5ee5">
<name>grpc-websocket-proxy</name>
<version>0.0.0-20190109142713-0ad062ec5ee5</version>
<purl>pkg:golang/github.com/tmc/grpc-websocket-proxy@0.0.0-20190109142713-0ad062ec5ee5</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/ugorji/go@1.1.4">
<name>go</name>
<version>1.1.4</version>
<purl>pkg:golang/github.com/ugorji/go@1.1.4</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/xiang90/probing@0.0.0-20190116061207-43a291ad63a2">
<name>probing</name>
<version>0.0.0-20190116061207-43a291ad63a2</version>
<purl>pkg:golang/github.com/xiang90/probing@0.0.0-20190116061207-43a291ad63a2</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/xordataexchange/crypt@0.0.3-0.20170626215501-b2862e3d0a77">
<name>crypt</name>
<version>0.0.3-0.20170626215501-b2862e3d0a77</version>
<purl>pkg:golang/github.com/xordataexchange/crypt@0.0.3-0.20170626215501-b2862e3d0a77</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/go.etcd.io/bbolt@1.3.2">
<name>bbolt</name>
<version>1.3.2</version>
<purl>pkg:golang/go.etcd.io/bbolt@1.3.2</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/go.opencensus.io@0.22.0">
<name>go.opencensus.io</name>
<version>0.22.0</version>
<purl>pkg:golang/go.opencensus.io@0.22.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/go.uber.org/atomic@1.4.0">
<name>atomic</name>
<version>1.4.0</version>
<purl>pkg:golang/go.uber.org/atomic@1.4.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/go.uber.org/multierr@1.1.0">
<name>multierr</name>
<version>1.1.0</version>
<purl>pkg:golang/go.uber.org/multierr@1.1.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/go.uber.org/zap@1.10.0">
<name>zap</name>
<version>1.10.0</version>
<purl>pkg:golang/go.uber.org/zap@1.10.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/golang.org/x/crypto@0.0.0-20190820162420-60c769a6c586">
<name>crypto</name>
<version>0.0.0-20190820162420-60c769a6c586</version>
<purl>pkg:golang/golang.org/x/crypto@0.0.0-20190820162420-60c769a6c586</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/golang.org/x/exp@0.0.0-20191030013958-a1ab85dbe136">
<name>exp</name>
<version>0.0.0-20191030013958-a1ab85dbe136</version>
<purl>pkg:golang/golang.org/x/exp@0.0.0-20191030013958-a1ab85dbe136</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/golang.org/x/image@0.0.0-20190802002840-cff245a6509b">
<name>image</name>
<version>0.0.0-20190802002840-cff245a6509b</version>
<purl>pkg:golang/golang.org/x/image@0.0.0-20190802002840-cff245a6509b</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/golang.org/x/lint@0.0.0-20190930215403-16217165b5de">
<name>lint</name>
<version>0.0.0-20190930215403-16217165b5de</version>
<purl>pkg:golang/golang.org/x/lint@0.0.0-20190930215403-16217165b5de</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/golang.org/x/mobile@0.0.0-20190719004257-d2bd2a29d028">
<name>mobile</name>
<version>0.0.0-20190719004257-d2bd2a29d028</version>
<purl>pkg:golang/golang.org/x/mobile@0.0.0-20190719004257-d2bd2a29d028</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/golang.org/x/mod@0.1.0">
<name>mod</name>
<version>0.1.0</version>
<purl>pkg:golang/golang.org/x/mod@0.1.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/golang.org/x/net@0.0.0-20190620200207-3b0461eec859">
<name>net</name>
<version>0.0.0-20190620200207-3b0461eec859</version>
<purl>pkg:golang/golang.org/x/net@0.0.0-20190620200207-3b0461eec859</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/golang.org/x/oauth2@0.0.0-20190604053449-0f29369cfe45">
<name>oauth2</name>
<version>0.0.0-20190604053449-0f29369cfe45</version>
<purl>pkg:golang/golang.org/x/oauth2@0.0.0-20190604053449-0f29369cfe45</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/golang.org/x/sync@0.0.0-20200625203802-6e8e738ad208">
<name>sync</name>
<version>0.0.0-20200625203802-6e8e738ad208</version>
<purl>pkg:golang/golang.org/x/sync@0.0.0-20200625203802-6e8e738ad208</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/golang.org/x/sys@0.0.0-20200824131525-c12d262b63d8">
<name>sys</name>
<version>0.0.0-20200824131525-c12d262b63d8</version>
<purl>pkg:golang/golang.org/x/sys@0.0.0-20200824131525-c12d262b63d8</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/golang.org/x/text@0.3.3">
<name>text</name>
<version>0.3.3</version>
<purl>pkg:golang/golang.org/x/text@0.3.3</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/golang.org/x/time@0.0.0-20190308202827-9d24e82272b4">
<name>time</name>
<version>0.0.0-20190308202827-9d24e82272b4</version>
<purl>pkg:golang/golang.org/x/time@0.0.0-20190308202827-9d24e82272b4</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/golang.org/x/tools@0.0.0-20191112195655-aa38f8e97acc">
<name>tools</name>
<version>0.0.0-20191112195655-aa38f8e97acc</version>
<purl>pkg:golang/golang.org/x/tools@0.0.0-20191112195655-aa38f8e97acc</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/golang.org/x/xerrors@0.0.0-20191204190536-9bdfabe68543">
<name>xerrors</name>
<version>0.0.0-20191204190536-9bdfabe68543</version>
<purl>pkg:golang/golang.org/x/xerrors@0.0.0-20191204190536-9bdfabe68543</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/google.golang.org/api@0.13.0">
<name>api</name>
<version>0.13.0</version>
<purl>pkg:golang/google.golang.org/api@0.13.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/google.golang.org/appengine@1.6.1">
<name>appengine</name>
<version>1.6.1</version>
<purl>pkg:golang/google.golang.org/appengine@1.6.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/google.golang.org/genproto@0.0.0-20200526211855-cb27e3aa2013">
<name>genproto</name>
<version>0.0.0-20200526211855-cb27e3aa2013</version>
<purl>pkg:golang/google.golang.org/genproto@0.0.0-20200526211855-cb27e3aa2013</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/google.golang.org/grpc@1.27.0">
<name>grpc</name>
<version>1.27.0</version>
<purl>pkg:golang/google.golang.org/grpc@1.27.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/google.golang.org/protobuf@1.25.0">
<name>protobuf</name>
<version>1.25.0</version>
<purl>pkg:golang/google.golang.org/protobuf@1.25.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/alecthomas/kingpin@2.2.6">
<name>kingpin</name>
<version>2.2.6</version>
<purl>pkg:golang/github.com/alecthomas/kingpin@2.2.6</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/go-check/check@1.0.0-20200227125254-8fa46927fb4f">
<name>check</name>
<version>1.0.0-20200227125254-8fa46927fb4f</version>
<purl>pkg:golang/github.com/go-check/check@1.0.0-20200227125254-8fa46927fb4f</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/go-errgo/errgo@2.1.0">
<name>errgo</name>
<version>2.1.0</version>
<purl>pkg:golang/github.com/go-errgo/errgo@2.1.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/go-playground/assert@1.2.1">
<name>assert</name>
<version>1.2.1</version>
<purl>pkg:golang/github.com/go-playground/assert@1.2.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/go-ini/ini@1.60.1">
<name>ini</name>
<version>1.60.1</version>
<purl>pkg:golang/github.com/go-ini/ini@1.60.1</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/go-resty/resty@1.12.0">
<name>resty</name>
<version>1.12.0</version>
<purl>pkg:golang/github.com/go-resty/resty@1.12.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/go-yaml/yaml@2.3.0">
<name>yaml</name>
<version>2.3.0</version>
<purl>pkg:golang/github.com/go-yaml/yaml@2.3.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/github.com/go-yaml/yaml@3.0.0-20200313102051-9f266ea9e77c">
<name>yaml</name>
<version>3.0.0-20200313102051-9f266ea9e77c</version>
<purl>pkg:golang/github.com/go-yaml/yaml@3.0.0-20200313102051-9f266ea9e77c</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/honnef.co/go/tools@0.0.1-2019.2.3">
<name>tools</name>
<version>0.0.1-2019.2.3</version>
<purl>pkg:golang/honnef.co/go/tools@0.0.1-2019.2.3</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
<component type="library" bom-ref="pkg:golang/rsc.io/binaryregexp@0.2.0">
<name>binaryregexp</name>
<version>0.2.0</version>
<purl>pkg:golang/rsc.io/binaryregexp@0.2.0</purl>
<v:vulnerabilities></v:vulnerabilities>
</component>
</components>
</bom>That's the resulting cyclonedx. When scanned w/ the CLI there are no vulns reported in IQ:
$ iq-scan -i nancy-bom -t stage-release nancy-bom.xml
[INFO] Validating IQ Server version https://iq.sonatype-se.com/...
[INFO] Validating application ID nancy-bom with the IQ Server https://iq.sonatype-se.com/...
[INFO] Discovered commit hash '7e8d8b939a209f3ed1c2ad987f189e0bdf9f8cc1' via jGit
[INFO] Starting scan...
[INFO] Fingerprinting completed in 0 seconds for 0 archives, 1 total files
[INFO] Discovered repository url 'https://github.com/sonatype-nexus-community/cyclonedx-sbom-examples' via jGit
[INFO] Waiting for policy evaluation to complete...
[INFO] Assigned scan ID efe0e58b375a471f8543399ecc82084a
[INFO] Policy evaluation completed in 12 seconds.
[INFO]
[INFO]
[INFO]
[INFO]
[INFO] *********************************************************************************************
[INFO] Policy Action: None
[INFO] Stage: stage-release
[INFO] Number of components affected: 0 critical, 0 severe, 0 moderate
[INFO] Number of open policy violations: 0 critical, 0 severe, 0 moderate
[INFO] Number of grandfathered policy violations: 0
[INFO] Number of components: 52
[INFO] The detailed report can be viewed online at https://iq.sonatype-se.com/ui/links/application/nancy-bom/report/efe0e58b375a471f8543399ecc82084a
[INFO] *********************************************************************************************
Compared to the same report submitted to IQ with Nancy directly:
Looks like report from the cyclonedx ingestion doesn't have the 'v' in front of any of the versions while the direct Nancy submission does
sonarcloud[bot]
Did this real quick, but this outputs an sbom to the command line
This pull request makes the following changes:
sbomcommandIt relates to the following issue #s:
cc @bhamail / @DarthHater / @ButterB0wl