diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json
index e69de29bb2..98b7c82e5b 100644
--- a/sbom/cve-bin-tool-py3.12.json
+++ b/sbom/cve-bin-tool-py3.12.json
@@ -0,0 +1,2871 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.5",
+ "serialNumber": "urn:uuid:feae1d7a-cfd6-4dfd-a24e-1eea5f287e15",
+ "version": 1,
+ "metadata": {
+ "timestamp": "2024-02-19T00:27:33Z",
+ "tools": {
+ "components": [
+ {
+ "name": "sbom4python",
+ "version": "0.10.3",
+ "type": "application"
+ }
+ ]
+ },
+ "component": {
+ "type": "application",
+ "bom-ref": "CDXRef-DOCUMENT",
+ "name": "Python-cve-bin-tool"
+ }
+ },
+ "components": [
+ {
+ "type": "application",
+ "bom-ref": "1-cve-bin-tool",
+ "name": "cve-bin-tool",
+ "version": "3.3rc2",
+ "supplier": {
+ "name": "Terri Oda",
+ "contact": [
+ {
+ "email": "terri.oda@intel.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.3rc2:*:*:*:*:*:*:*",
+ "description": "CVE Binary Checker Tool",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-3.0-or-later",
+ "url": "https://www.gnu.org/licenses/gpl-3.0-standalone.html"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/cve-bin-tool/3.3rc2",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/cve-bin-tool@3.3rc2",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "2-aiohttp",
+ "name": "aiohttp",
+ "version": "3.9.3",
+ "description": "Async http client/server framework (asyncio)",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/aiohttp/3.9.3",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/aiohttp@3.9.3",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ },
+ {
+ "name": "License Comments",
+ "value": "aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "3-aiosignal",
+ "name": "aiosignal",
+ "version": "1.3.1",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/aiosignal/1.3.1",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/aiosignal@1.3.1",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ },
+ {
+ "name": "License Comments",
+ "value": "aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "4-frozenlist",
+ "name": "frozenlist",
+ "version": "1.4.1",
+ "description": "A list-like structure which implements collections.abc.MutableSequence",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/frozenlist/1.4.1",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/frozenlist@1.4.1",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ },
+ {
+ "name": "License Comments",
+ "value": "frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "5-attrs",
+ "name": "attrs",
+ "version": "23.2.0",
+ "supplier": {
+ "name": "Hynek Schlawack",
+ "contact": [
+ {
+ "email": "hs@ox.cx"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:hynek_schlawack:attrs:23.2.0:*:*:*:*:*:*:*",
+ "description": "Classes Without Boilerplate",
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/attrs/23.2.0",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/attrs@23.2.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "6-multidict",
+ "name": "multidict",
+ "version": "6.0.5",
+ "supplier": {
+ "name": "Andrew Svetlov",
+ "contact": [
+ {
+ "email": "andrew.svetlov@gmail.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.0.5:*:*:*:*:*:*:*",
+ "description": "multidict implementation",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/multidict/6.0.5",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/multidict@6.0.5",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ },
+ {
+ "name": "License Comments",
+ "value": "multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "7-yarl",
+ "name": "yarl",
+ "version": "1.9.4",
+ "supplier": {
+ "name": "Andrew Svetlov",
+ "contact": [
+ {
+ "email": "andrew.svetlov@gmail.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*:*",
+ "description": "Yet another URL library",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/yarl/1.9.4",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/yarl@1.9.4",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "8-idna",
+ "name": "idna",
+ "version": "3.6",
+ "supplier": {
+ "name": "Kim Davies",
+ "contact": [
+ {
+ "email": "kim+pypi@gumleaf.org"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:kim_davies:idna:3.6:*:*:*:*:*:*:*",
+ "description": "Internationalized Domain Names in Applications (IDNA)",
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/idna/3.6",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/idna@3.6",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "9-beautifulsoup4",
+ "name": "beautifulsoup4",
+ "version": "4.12.3",
+ "supplier": {
+ "name": "Leonard Richardson",
+ "contact": [
+ {
+ "email": "leonardr@segfault.org"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*",
+ "description": "Screen-scraping library",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/licenses/MIT"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/beautifulsoup4/4.12.3",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/beautifulsoup4@4.12.3",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ },
+ {
+ "name": "License Comments",
+ "value": "beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "10-soupsieve",
+ "name": "soupsieve",
+ "version": "2.5",
+ "supplier": {
+ "name": "Isaac Muse",
+ "contact": [
+ {
+ "email": "use@gmail.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:*",
+ "description": "A modern CSS selector implementation for Beautiful Soup.",
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/soupsieve/2.5",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/soupsieve@2.5",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "11-cvss",
+ "name": "cvss",
+ "version": "3.0",
+ "supplier": {
+ "name": "Stanislav Red Hat Product Security",
+ "contact": [
+ {
+ "email": "skontar@redhat.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.0:*:*:*:*:*:*:*",
+ "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
+ "licenses": [
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later",
+ "url": "https://www.gnu.org/licenses/lgpl-3.0-standalone.html"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/cvss/3.0",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/cvss@3.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ },
+ {
+ "name": "License Comments",
+ "value": "cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "12-defusedxml",
+ "name": "defusedxml",
+ "version": "0.7.1",
+ "supplier": {
+ "name": "Christian Heimes",
+ "contact": [
+ {
+ "email": "christian@python.org"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:*",
+ "description": "XML bomb protection for Python stdlib modules",
+ "licenses": [
+ {
+ "license": {
+ "id": "PSF-2.0",
+ "url": "https://opensource.org/licenses/Python-2.0"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/defusedxml/0.7.1",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/defusedxml@0.7.1",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ },
+ {
+ "name": "License Comments",
+ "value": "defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "13-distro",
+ "name": "distro",
+ "version": "1.9.0",
+ "supplier": {
+ "name": "Nir Cohen",
+ "contact": [
+ {
+ "email": "nir36g@gmail.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:*",
+ "description": "Distro - an OS platform information API",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/distro/1.9.0",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/distro@1.9.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ },
+ {
+ "name": "License Comments",
+ "value": "distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "14-gsutil",
+ "name": "gsutil",
+ "version": "5.27",
+ "supplier": {
+ "name": "Google Inc .",
+ "contact": [
+ {
+ "email": "buganizer-system+187143@google.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:*",
+ "description": "A command line tool for interacting with cloud storage services.",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/gsutil/5.27",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/gsutil@5.27",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ },
+ {
+ "name": "License Comments",
+ "value": "gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "15-argcomplete",
+ "name": "argcomplete",
+ "version": "3.2.2",
+ "supplier": {
+ "name": "Andrey Kislyuk",
+ "contact": [
+ {
+ "email": "kislyuk@gmail.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.2.2:*:*:*:*:*:*:*",
+ "description": "Bash tab completion for argparse",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/argcomplete/3.2.2",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/argcomplete@3.2.2",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ },
+ {
+ "name": "License Comments",
+ "value": "argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "16-crcmod",
+ "name": "crcmod",
+ "version": "1.7",
+ "supplier": {
+ "name": "Ray Buvel",
+ "contact": [
+ {
+ "email": "rlbuvel@gmail.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*",
+ "description": "CRC Generator",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/licenses/MIT"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/crcmod/1.7",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/crcmod@1.7",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "17-fasteners",
+ "name": "fasteners",
+ "version": "0.19",
+ "supplier": {
+ "name": "Joshua Harlow"
+ },
+ "cpe": "cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*",
+ "description": "A python package that provides useful locks",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/fasteners/0.19",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/fasteners@0.19",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "18-gcs-oauth2-boto-plugin",
+ "name": "gcs-oauth2-boto-plugin",
+ "version": "3.0",
+ "supplier": {
+ "name": "Google Inc .",
+ "contact": [
+ {
+ "email": "gs-team@google.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0:*:*:*:*:*:*:*",
+ "description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.0",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ },
+ {
+ "name": "License Comments",
+ "value": "gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "19-boto",
+ "name": "boto",
+ "version": "2.49.0",
+ "supplier": {
+ "name": "Mitch Garnaat",
+ "contact": [
+ {
+ "email": "mitch@garnaat.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*",
+ "description": "Amazon Web Services Library",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/licenses/MIT"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/boto/2.49.0",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/boto@2.49.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "20-google-reauth",
+ "name": "google-reauth",
+ "version": "0.1.1",
+ "supplier": {
+ "name": "Google",
+ "contact": [
+ {
+ "email": "googleapis-publisher@google.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*",
+ "description": "Google Reauth Library",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/google-reauth/0.1.1",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/google-reauth@0.1.1",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ },
+ {
+ "name": "License Comments",
+ "value": "google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "21-pyu2f",
+ "name": "pyu2f",
+ "version": "0.1.5",
+ "supplier": {
+ "name": "Google Inc .",
+ "contact": [
+ {
+ "email": "pyu2f-team@google.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*",
+ "description": "U2F host library for interacting with a U2F device over USB.",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/pyu2f/0.1.5",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/pyu2f@0.1.5",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ },
+ {
+ "name": "License Comments",
+ "value": "pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "22-six",
+ "name": "six",
+ "version": "1.16.0",
+ "supplier": {
+ "name": "Benjamin Peterson",
+ "contact": [
+ {
+ "email": "benjamin@python.org"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*",
+ "description": "Python 2 and 3 compatibility utilities",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/licenses/MIT"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/six/1.16.0",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/six@1.16.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "23-httplib2",
+ "name": "httplib2",
+ "version": "0.20.4",
+ "supplier": {
+ "name": "Joe Gregorio",
+ "contact": [
+ {
+ "email": "joe@bitworking.org"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*",
+ "description": "A comprehensive HTTP client library.",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/licenses/MIT"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/httplib2/0.20.4",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/httplib2@0.20.4",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "24-pyparsing",
+ "name": "pyparsing",
+ "version": "3.1.1",
+ "supplier": {
+ "name": "Paul McGuire",
+ "contact": [
+ {
+ "email": "ptmcg.gm+pyparsing@gmail.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.1:*:*:*:*:*:*:*",
+ "description": "pyparsing module - Classes and methods to define and execute parsing grammars",
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/pyparsing/3.1.1",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/pyparsing@3.1.1",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "25-oauth2client",
+ "name": "oauth2client",
+ "version": "4.1.3",
+ "supplier": {
+ "name": "Google Inc .",
+ "contact": [
+ {
+ "email": "jonwayne+oauth2client@google.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*",
+ "description": "OAuth 2.0 client library",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/oauth2client/4.1.3",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/oauth2client@4.1.3",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ },
+ {
+ "name": "License Comments",
+ "value": "oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "26-pyasn1",
+ "name": "pyasn1",
+ "version": "0.5.1",
+ "supplier": {
+ "name": "Ilya Etingof",
+ "contact": [
+ {
+ "email": "etingof@gmail.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.5.1:*:*:*:*:*:*:*",
+ "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause",
+ "url": "https://opensource.org/licenses/BSD-2-Clause"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/pyasn1/0.5.1",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/pyasn1@0.5.1",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "27-pyasn1-modules",
+ "name": "pyasn1-modules",
+ "version": "0.3.0",
+ "supplier": {
+ "name": "Ilya Etingof",
+ "contact": [
+ {
+ "email": "etingof@gmail.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.3.0:*:*:*:*:*:*:*",
+ "description": "A collection of ASN.1-based protocols modules",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/pyasn1-modules/0.3.0",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/pyasn1-modules@0.3.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ },
+ {
+ "name": "License Comments",
+ "value": "pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "28-rsa",
+ "name": "rsa",
+ "version": "4.7.2",
+ "supplier": {
+ "name": "Sybren A . Stuvel",
+ "contact": [
+ {
+ "email": "sybren@stuvel.eu"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*",
+ "description": "Pure-Python RSA implementation",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/rsa/4.7.2",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/rsa@4.7.2",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ },
+ {
+ "name": "License Comments",
+ "value": "rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "29-pyopenssl",
+ "name": "pyopenssl",
+ "version": "24.0.0",
+ "supplier": {
+ "name": "The pyOpenSSL developers",
+ "contact": [
+ {
+ "email": "cryptography-dev@python.org"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.0.0:*:*:*:*:*:*:*",
+ "description": "Python wrapper module around the OpenSSL library",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/pyOpenSSL/24.0.0",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/pyopenssl@24.0.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ },
+ {
+ "name": "License Comments",
+ "value": "pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "30-cryptography",
+ "name": "cryptography",
+ "version": "42.0.3",
+ "supplier": {
+ "name": "The Python Cryptographic Authority and individual contributors",
+ "contact": [
+ {
+ "email": "cryptography-dev@python.org"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.3:*:*:*:*:*:*:*",
+ "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
+ "licenses": [
+ {
+ "expression": "Apache-2.0 OR BSD-3-Clause"
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/cryptography/42.0.3",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/cryptography@42.0.3",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "31-cffi",
+ "name": "cffi",
+ "version": "1.16.0",
+ "supplier": {
+ "name": "Armin Maciej Fijalkowski",
+ "contact": [
+ {
+ "email": "python-cffi@googlegroups.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:*:*:*:*:*:*:*",
+ "description": "Foreign Function Interface for Python calling C code.",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/licenses/MIT"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/cffi/1.16.0",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/cffi@1.16.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "32-pycparser",
+ "name": "pycparser",
+ "version": "2.21",
+ "supplier": {
+ "name": "Eli Bendersky",
+ "contact": [
+ {
+ "email": "eliben@gmail.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.21:*:*:*:*:*:*:*",
+ "description": "C parser in Python",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/pycparser/2.21",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/pycparser@2.21",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ },
+ {
+ "name": "License Comments",
+ "value": "pycparser declares BSD which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "33-retry-decorator",
+ "name": "retry-decorator",
+ "version": "1.1.1",
+ "supplier": {
+ "name": "Patrick Ng",
+ "contact": [
+ {
+ "email": "pn.appdev@gmail.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*",
+ "description": "Retry Decorator",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/licenses/MIT"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/retry_decorator/1.1.1",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/retry-decorator@1.1.1",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "34-google-apitools",
+ "name": "google-apitools",
+ "version": "0.5.32",
+ "supplier": {
+ "name": "Craig Citro",
+ "contact": [
+ {
+ "email": "craigcitro@google.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*",
+ "description": "client libraries for humans",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/google-apitools/0.5.32",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/google-apitools@0.5.32",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ },
+ {
+ "name": "License Comments",
+ "value": "google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "35-google-auth",
+ "name": "google-auth",
+ "version": "2.28.0",
+ "supplier": {
+ "name": "Google Cloud Platform",
+ "contact": [
+ {
+ "email": "googleapis-packages@google.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.28.0:*:*:*:*:*:*:*",
+ "description": "Google Authentication Library",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/google-auth/2.28.0",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/google-auth@2.28.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ },
+ {
+ "name": "License Comments",
+ "value": "google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "36-cachetools",
+ "name": "cachetools",
+ "version": "5.3.2",
+ "supplier": {
+ "name": "Thomas Kemmer",
+ "contact": [
+ {
+ "email": "tkemmer@computer.org"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.2:*:*:*:*:*:*:*",
+ "description": "Extensible memoizing collections and decorators",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/licenses/MIT"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/cachetools/5.3.2",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/cachetools@5.3.2",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "37-monotonic",
+ "name": "monotonic",
+ "version": "1.6",
+ "supplier": {
+ "name": "Ori Livneh",
+ "contact": [
+ {
+ "email": "ori@wikimedia.org"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*",
+ "description": "An implementation of time.monotonic() for Python 2 & < 3.3",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/monotonic/1.6",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/monotonic@1.6",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ },
+ {
+ "name": "License Comments",
+ "value": "monotonic declares Apache which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "38-jinja2",
+ "name": "jinja2",
+ "version": "3.1.3",
+ "description": "A very fast and expressive template engine.",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/Jinja2/3.1.3",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/jinja2@3.1.3",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "39-markupsafe",
+ "name": "markupsafe",
+ "version": "2.1.5",
+ "description": "Safely add untrusted strings to HTML/XML markup.",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/MarkupSafe/2.1.5",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/markupsafe@2.1.5",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "40-jsonschema",
+ "name": "jsonschema",
+ "version": "4.21.1",
+ "supplier": {
+ "name": "Julian Berman"
+ },
+ "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.21.1:*:*:*:*:*:*:*",
+ "description": "An implementation of JSON Schema validation for Python",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/licenses/MIT"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/jsonschema/4.21.1",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/jsonschema@4.21.1",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "41-jsonschema-specifications",
+ "name": "jsonschema-specifications",
+ "version": "2023.12.1",
+ "supplier": {
+ "name": "Julian Berman"
+ },
+ "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.12.1:*:*:*:*:*:*:*",
+ "description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/licenses/MIT"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/jsonschema-specifications/2023.12.1",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/jsonschema-specifications@2023.12.1",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "42-referencing",
+ "name": "referencing",
+ "version": "0.33.0",
+ "supplier": {
+ "name": "Julian Berman"
+ },
+ "cpe": "cpe:2.3:a:julian_berman:referencing:0.33.0:*:*:*:*:*:*:*",
+ "description": "JSON Referencing + Python",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/licenses/MIT"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/referencing/0.33.0",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/referencing@0.33.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "43-rpds-py",
+ "name": "rpds-py",
+ "version": "0.18.0",
+ "supplier": {
+ "name": "Julian Berman"
+ },
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.18.0:*:*:*:*:*:*:*",
+ "description": "Python bindings to Rust's persistent data structures (rpds)",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/licenses/MIT"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/rpds-py/0.18.0",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/rpds-py@0.18.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "44-lib4sbom",
+ "name": "lib4sbom",
+ "version": "0.6.2",
+ "supplier": {
+ "name": "Anthony Harrison",
+ "contact": [
+ {
+ "email": "anthony.p.harrison@gmail.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.6.2:*:*:*:*:*:*:*",
+ "description": "Software Bill of Material (SBOM) generator and consumer library",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/lib4sbom/0.6.2",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/lib4sbom@0.6.2",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "45-pyyaml",
+ "name": "pyyaml",
+ "version": "6.0.1",
+ "supplier": {
+ "name": "Kirill Simonov",
+ "contact": [
+ {
+ "email": "xi@resolvent.net"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*:*:*",
+ "description": "YAML parser and emitter for Python",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/licenses/MIT"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/PyYAML/6.0.1",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/pyyaml@6.0.1",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "46-semantic-version",
+ "name": "semantic-version",
+ "version": "2.10.0",
+ "supplier": {
+ "name": "Raphael Barrois",
+ "contact": [
+ {
+ "email": "raphael.barrois+semver@polytechnique.org"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:*",
+ "description": "A library implementing the 'SemVer' scheme.",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/semantic-version/2.10.0",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/semantic-version@2.10.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ },
+ {
+ "name": "License Comments",
+ "value": "semantic-version declares BSD which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "47-packageurl-python",
+ "name": "packageurl-python",
+ "version": "0.13.4",
+ "supplier": {
+ "name": "the purl authors"
+ },
+ "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.13.4:*:*:*:*:*:*:*",
+ "description": "A purl aka. Package URL parser and builder",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/licenses/MIT"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/packageurl-python/0.13.4",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/packageurl-python@0.13.4",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "48-packaging",
+ "name": "packaging",
+ "version": "23.2",
+ "supplier": {
+ "name": "Donald Stufft",
+ "contact": [
+ {
+ "email": "donald@stufft.io"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:donald_stufft:packaging:23.2:*:*:*:*:*:*:*",
+ "description": "Core utilities for Python packages",
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/packaging/23.2",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/packaging@23.2",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "49-plotly",
+ "name": "plotly",
+ "version": "5.19.0",
+ "supplier": {
+ "name": "Chris P",
+ "contact": [
+ {
+ "email": "chris@plot.ly"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:chris_p:plotly:5.19.0:*:*:*:*:*:*:*",
+ "description": "An open-source, interactive data visualization library for Python",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/licenses/MIT"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/plotly/5.19.0",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/plotly@5.19.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "50-tenacity",
+ "name": "tenacity",
+ "version": "8.2.3",
+ "supplier": {
+ "name": "Julien Danjou",
+ "contact": [
+ {
+ "email": "julien@danjou.info"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:*",
+ "description": "Retry code until it succeeds",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/tenacity/8.2.3",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/tenacity@8.2.3",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ },
+ {
+ "name": "License Comments",
+ "value": "tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "51-python-gnupg",
+ "name": "python-gnupg",
+ "version": "0.5.2",
+ "supplier": {
+ "name": "Vinay Sajip",
+ "contact": [
+ {
+ "email": "vinay_sajip@yahoo.co.uk"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:*:*:*:*",
+ "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/python-gnupg/0.5.2",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/python-gnupg@0.5.2",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ },
+ {
+ "name": "License Comments",
+ "value": "python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "52-requests",
+ "name": "requests",
+ "version": "2.31.0",
+ "supplier": {
+ "name": "Kenneth Reitz",
+ "contact": [
+ {
+ "email": "me@kennethreitz.org"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*:*:*:*",
+ "description": "Python HTTP for Humans.",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/requests/2.31.0",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/requests@2.31.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ },
+ {
+ "name": "License Comments",
+ "value": "requests declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "53-certifi",
+ "name": "certifi",
+ "version": "2024.2.2",
+ "supplier": {
+ "name": "Kenneth Reitz",
+ "contact": [
+ {
+ "email": "me@kennethreitz.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.2.2:*:*:*:*:*:*:*",
+ "description": "Python package for providing Mozilla's CA Bundle.",
+ "licenses": [
+ {
+ "license": {
+ "id": "MPL-2.0",
+ "url": "https://www.mozilla.org/MPL/2.0/"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/certifi/2024.2.2",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/certifi@2024.2.2",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "54-charset-normalizer",
+ "name": "charset-normalizer",
+ "version": "3.3.2",
+ "supplier": {
+ "name": "Ahmed TAHRI",
+ "contact": [
+ {
+ "email": "ahmed.tahri@cloudnursery.dev"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:*:*:*:*:*:*:*",
+ "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/licenses/MIT"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/charset-normalizer/3.3.2",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/charset-normalizer@3.3.2",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "55-urllib3",
+ "name": "urllib3",
+ "version": "2.2.1",
+ "supplier": {
+ "name": "Andrey Petrov",
+ "contact": [
+ {
+ "email": "andrey.petrov@shazow.net"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.1:*:*:*:*:*:*:*",
+ "description": "HTTP library with thread-safe connection pooling, file post, and more.",
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/urllib3/2.2.1",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/urllib3@2.2.1",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "56-rich",
+ "name": "rich",
+ "version": "13.7.0",
+ "supplier": {
+ "name": "Will McGugan",
+ "contact": [
+ {
+ "email": "willmcgugan@gmail.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:will_mcgugan:rich:13.7.0:*:*:*:*:*:*:*",
+ "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/licenses/MIT"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/rich/13.7.0",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/rich@13.7.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "57-markdown-it-py",
+ "name": "markdown-it-py",
+ "version": "3.0.0",
+ "supplier": {
+ "name": "Chris Sewell",
+ "contact": [
+ {
+ "email": "chrisj_sewell@hotmail.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:*",
+ "description": "Python port of markdown-it. Markdown parsing, done right!",
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/markdown-it-py/3.0.0",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/markdown-it-py@3.0.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "58-mdurl",
+ "name": "mdurl",
+ "version": "0.1.2",
+ "supplier": {
+ "name": "Taneli Hukkinen",
+ "contact": [
+ {
+ "email": "hukkin@users.noreply.github.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*",
+ "description": "Markdown URL utilities",
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/mdurl/0.1.2",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/mdurl@0.1.2",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "59-pygments",
+ "name": "pygments",
+ "version": "2.17.2",
+ "supplier": {
+ "name": "Georg Brandl",
+ "contact": [
+ {
+ "email": "georg@python.org"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:georg_brandl:pygments:2.17.2:*:*:*:*:*:*:*",
+ "description": "Pygments is a syntax highlighting package written in Python.",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause",
+ "url": "https://opensource.org/licenses/BSD-2-Clause"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/Pygments/2.17.2",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/pygments@2.17.2",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "60-rpmfile",
+ "name": "rpmfile",
+ "version": "2.0.0",
+ "supplier": {
+ "name": "Sean Ross",
+ "contact": [
+ {
+ "email": "srossross@gmail.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:*",
+ "description": "Read rpm archive files",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/licenses/MIT"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/rpmfile/2.0.0",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/rpmfile@2.0.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "61-xmlschema",
+ "name": "xmlschema",
+ "version": "3.0.2",
+ "supplier": {
+ "name": "Davide Brunato",
+ "contact": [
+ {
+ "email": "brunato@sissa.it"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.0.2:*:*:*:*:*:*:*",
+ "description": "An XML Schema validator and decoder",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/licenses/MIT"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/xmlschema/3.0.2",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/xmlschema@3.0.2",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "62-elementpath",
+ "name": "elementpath",
+ "version": "4.3.0",
+ "supplier": {
+ "name": "Davide Brunato",
+ "contact": [
+ {
+ "email": "brunato@sissa.it"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.3.0:*:*:*:*:*:*:*",
+ "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/licenses/MIT"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/elementpath/4.3.0",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/elementpath@4.3.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "63-zstandard",
+ "name": "zstandard",
+ "version": "0.22.0",
+ "supplier": {
+ "name": "Gregory Szorc",
+ "contact": [
+ {
+ "email": "gregory.szorc@gmail.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.22.0:*:*:*:*:*:*:*",
+ "description": "Zstandard bindings for Python",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/zstandard/0.22.0",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/zstandard@0.22.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.2"
+ },
+ {
+ "name": "License Comments",
+ "value": "zstandard declares BSD which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "CDXRef-DOCUMENT",
+ "dependsOn": [
+ "1-cve-bin-tool"
+ ]
+ },
+ {
+ "ref": "1-cve-bin-tool",
+ "dependsOn": [
+ "2-aiohttp",
+ "9-beautifulsoup4",
+ "11-cvss",
+ "12-defusedxml",
+ "13-distro",
+ "14-gsutil",
+ "38-jinja2",
+ "40-jsonschema",
+ "44-lib4sbom",
+ "47-packageurl-python",
+ "48-packaging",
+ "49-plotly",
+ "51-python-gnupg",
+ "45-pyyaml",
+ "52-requests",
+ "56-rich",
+ "60-rpmfile",
+ "55-urllib3",
+ "61-xmlschema",
+ "63-zstandard"
+ ]
+ },
+ {
+ "ref": "2-aiohttp",
+ "dependsOn": [
+ "3-aiosignal",
+ "5-attrs",
+ "4-frozenlist",
+ "6-multidict",
+ "7-yarl"
+ ]
+ },
+ {
+ "ref": "3-aiosignal",
+ "dependsOn": [
+ "4-frozenlist"
+ ]
+ },
+ {
+ "ref": "7-yarl",
+ "dependsOn": [
+ "8-idna",
+ "6-multidict"
+ ]
+ },
+ {
+ "ref": "9-beautifulsoup4",
+ "dependsOn": [
+ "10-soupsieve"
+ ]
+ },
+ {
+ "ref": "14-gsutil",
+ "dependsOn": [
+ "15-argcomplete",
+ "16-crcmod",
+ "17-fasteners",
+ "18-gcs-oauth2-boto-plugin",
+ "34-google-apitools",
+ "35-google-auth",
+ "20-google-reauth",
+ "23-httplib2",
+ "37-monotonic",
+ "29-pyopenssl",
+ "33-retry-decorator",
+ "22-six"
+ ]
+ },
+ {
+ "ref": "18-gcs-oauth2-boto-plugin",
+ "dependsOn": [
+ "19-boto",
+ "20-google-reauth",
+ "23-httplib2",
+ "25-oauth2client",
+ "29-pyopenssl",
+ "33-retry-decorator",
+ "28-rsa",
+ "22-six"
+ ]
+ },
+ {
+ "ref": "20-google-reauth",
+ "dependsOn": [
+ "21-pyu2f"
+ ]
+ },
+ {
+ "ref": "21-pyu2f",
+ "dependsOn": [
+ "22-six"
+ ]
+ },
+ {
+ "ref": "23-httplib2",
+ "dependsOn": [
+ "24-pyparsing"
+ ]
+ },
+ {
+ "ref": "25-oauth2client",
+ "dependsOn": [
+ "23-httplib2",
+ "26-pyasn1",
+ "27-pyasn1-modules",
+ "28-rsa",
+ "22-six"
+ ]
+ },
+ {
+ "ref": "27-pyasn1-modules",
+ "dependsOn": [
+ "26-pyasn1"
+ ]
+ },
+ {
+ "ref": "28-rsa",
+ "dependsOn": [
+ "26-pyasn1"
+ ]
+ },
+ {
+ "ref": "29-pyopenssl",
+ "dependsOn": [
+ "30-cryptography"
+ ]
+ },
+ {
+ "ref": "30-cryptography",
+ "dependsOn": [
+ "31-cffi"
+ ]
+ },
+ {
+ "ref": "31-cffi",
+ "dependsOn": [
+ "32-pycparser"
+ ]
+ },
+ {
+ "ref": "34-google-apitools",
+ "dependsOn": [
+ "17-fasteners",
+ "23-httplib2",
+ "25-oauth2client",
+ "22-six"
+ ]
+ },
+ {
+ "ref": "35-google-auth",
+ "dependsOn": [
+ "36-cachetools",
+ "27-pyasn1-modules",
+ "28-rsa"
+ ]
+ },
+ {
+ "ref": "38-jinja2",
+ "dependsOn": [
+ "39-markupsafe"
+ ]
+ },
+ {
+ "ref": "40-jsonschema",
+ "dependsOn": [
+ "5-attrs",
+ "41-jsonschema-specifications",
+ "42-referencing",
+ "43-rpds-py"
+ ]
+ },
+ {
+ "ref": "41-jsonschema-specifications",
+ "dependsOn": [
+ "42-referencing"
+ ]
+ },
+ {
+ "ref": "42-referencing",
+ "dependsOn": [
+ "5-attrs",
+ "43-rpds-py"
+ ]
+ },
+ {
+ "ref": "44-lib4sbom",
+ "dependsOn": [
+ "12-defusedxml",
+ "45-pyyaml",
+ "46-semantic-version"
+ ]
+ },
+ {
+ "ref": "49-plotly",
+ "dependsOn": [
+ "48-packaging",
+ "50-tenacity"
+ ]
+ },
+ {
+ "ref": "52-requests",
+ "dependsOn": [
+ "53-certifi",
+ "54-charset-normalizer",
+ "8-idna",
+ "55-urllib3"
+ ]
+ },
+ {
+ "ref": "56-rich",
+ "dependsOn": [
+ "57-markdown-it-py",
+ "59-pygments"
+ ]
+ },
+ {
+ "ref": "57-markdown-it-py",
+ "dependsOn": [
+ "58-mdurl"
+ ]
+ },
+ {
+ "ref": "61-xmlschema",
+ "dependsOn": [
+ "62-elementpath"
+ ]
+ }
+ ]
+}
diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx
index e69de29bb2..0f67e3a464 100644
--- a/sbom/cve-bin-tool-py3.12.spdx
+++ b/sbom/cve-bin-tool-py3.12.spdx
@@ -0,0 +1,1067 @@
+SPDXVersion: SPDX-2.3
+DataLicense: CC0-1.0
+SPDXID: SPDXRef-DOCUMENT
+DocumentName: Python-cve-bin-tool
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-d8ecdb69-53b4-4aa0-b8a7-40fd87a987a0
+LicenseListVersion: 3.22
+Creator: Tool: sbom4python-0.10.3
+Created: 2024-02-19T00:25:53Z
+CreatorComment: This document has been automatically generated.
+#####
+
+PackageName: cve-bin-tool
+SPDXID: SPDXRef-Package-1-cve-bin-tool
+PackageVersion: 3.3rc2
+PrimaryPackagePurpose: APPLICATION
+PackageSupplier: Person: Terri Oda (terri.oda@intel.com)
+PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.3rc2
+FilesAnalyzed: false
+PackageLicenseDeclared: GPL-3.0-or-later
+PackageLicenseConcluded: GPL-3.0-or-later
+PackageCopyrightText: NOASSERTION
+PackageSummary: CVE Binary Checker Tool
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cve-bin-tool@3.3rc2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3rc2:*:*:*:*:*:*:*
+#####
+
+PackageName: aiohttp
+SPDXID: SPDXRef-Package-2-aiohttp
+PackageVersion: 3.9.3
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: NOASSERTION
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.9.3
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: Async http client/server framework (asyncio)
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.9.3
+#####
+
+PackageName: aiosignal
+SPDXID: SPDXRef-Package-3-aiosignal
+PackageVersion: 1.3.1
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: NOASSERTION
+PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.1
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiosignal@1.3.1
+#####
+
+PackageName: frozenlist
+SPDXID: SPDXRef-Package-4-frozenlist
+PackageVersion: 1.4.1
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: NOASSERTION
+PackageDownloadLocation: https://pypi.org/project/frozenlist/1.4.1
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: A list-like structure which implements collections.abc.MutableSequence
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/frozenlist@1.4.1
+#####
+
+PackageName: attrs
+SPDXID: SPDXRef-Package-5-attrs
+PackageVersion: 23.2.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Hynek Schlawack (hs@ox.cx)
+PackageDownloadLocation: https://pypi.org/project/attrs/23.2.0
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Classes Without Boilerplate
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/attrs@23.2.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.2.0:*:*:*:*:*:*:*
+#####
+
+PackageName: multidict
+SPDXID: SPDXRef-Package-6-multidict
+PackageVersion: 6.0.5
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/multidict/6.0.5
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: multidict implementation
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/multidict@6.0.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.5:*:*:*:*:*:*:*
+#####
+
+PackageName: yarl
+SPDXID: SPDXRef-Package-7-yarl
+PackageVersion: 1.9.4
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/yarl/1.9.4
+FilesAnalyzed: false
+PackageLicenseDeclared: Apache-2.0
+PackageLicenseConcluded: Apache-2.0
+PackageCopyrightText: NOASSERTION
+PackageSummary: Yet another URL library
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.9.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*:*
+#####
+
+PackageName: idna
+SPDXID: SPDXRef-Package-8-idna
+PackageVersion: 3.6
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org)
+PackageDownloadLocation: https://pypi.org/project/idna/3.6
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Internationalized Domain Names in Applications (IDNA)
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/idna@3.6
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.6:*:*:*:*:*:*:*
+#####
+
+PackageName: beautifulsoup4
+SPDXID: SPDXRef-Package-9-beautifulsoup4
+PackageVersion: 4.12.3
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org)
+PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.3
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: MIT
+PackageLicenseComments: beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: Screen-scraping library
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.12.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*
+#####
+
+PackageName: soupsieve
+SPDXID: SPDXRef-Package-10-soupsieve
+PackageVersion: 2.5
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Isaac Muse (use@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/soupsieve/2.5
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: A modern CSS selector implementation for Beautiful Soup.
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/soupsieve@2.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:*
+#####
+
+PackageName: cvss
+SPDXID: SPDXRef-Package-11-cvss
+PackageVersion: 3.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
+PackageDownloadLocation: https://pypi.org/project/cvss/3.0
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: LGPL-3.0-or-later
+PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cvss@3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.0:*:*:*:*:*:*:*
+#####
+
+PackageName: defusedxml
+SPDXID: SPDXRef-Package-12-defusedxml
+PackageVersion: 0.7.1
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Christian Heimes (christian@python.org)
+PackageDownloadLocation: https://pypi.org/project/defusedxml/0.7.1
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: PSF-2.0
+PackageLicenseComments: defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: XML bomb protection for Python stdlib modules
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/defusedxml@0.7.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:*
+#####
+
+PackageName: distro
+SPDXID: SPDXRef-Package-13-distro
+PackageVersion: 1.9.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Nir Cohen (nir36g@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/distro/1.9.0
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: Distro - an OS platform information API
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/distro@1.9.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:*
+#####
+
+PackageName: gsutil
+SPDXID: SPDXRef-Package-14-gsutil
+PackageVersion: 5.27
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com)
+PackageDownloadLocation: https://pypi.org/project/gsutil/5.27
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: A command line tool for interacting with cloud storage services.
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.27
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:*
+#####
+
+PackageName: argcomplete
+SPDXID: SPDXRef-Package-15-argcomplete
+PackageVersion: 3.2.2
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/argcomplete/3.2.2
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: Bash tab completion for argparse
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.2.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.2.2:*:*:*:*:*:*:*
+#####
+
+PackageName: crcmod
+SPDXID: SPDXRef-Package-16-crcmod
+PackageVersion: 1.7
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/crcmod/1.7
+FilesAnalyzed: false
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: CRC Generator
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/crcmod@1.7
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*
+#####
+
+PackageName: fasteners
+SPDXID: SPDXRef-Package-17-fasteners
+PackageVersion: 0.19
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Joshua Harlow
+PackageDownloadLocation: https://pypi.org/project/fasteners/0.19
+FilesAnalyzed: false
+PackageLicenseDeclared: Apache-2.0
+PackageLicenseConcluded: Apache-2.0
+PackageCopyrightText: NOASSERTION
+PackageSummary: A python package that provides useful locks
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/fasteners@0.19
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*
+#####
+
+PackageName: gcs-oauth2-boto-plugin
+SPDXID: SPDXRef-Package-18-gcs-oauth2-boto-plugin
+PackageVersion: 3.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Google Inc. (gs-team@google.com)
+PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.0
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0:*:*:*:*:*:*:*
+#####
+
+PackageName: boto
+SPDXID: SPDXRef-Package-19-boto
+PackageVersion: 2.49.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com)
+PackageDownloadLocation: https://pypi.org/project/boto/2.49.0
+FilesAnalyzed: false
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: Amazon Web Services Library
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/boto@2.49.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*
+#####
+
+PackageName: google-reauth
+SPDXID: SPDXRef-Package-20-google-reauth
+PackageVersion: 0.1.1
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Google (googleapis-publisher@google.com)
+PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: Google Reauth Library
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-reauth@0.1.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*
+#####
+
+PackageName: pyu2f
+SPDXID: SPDXRef-Package-21-pyu2f
+PackageVersion: 0.1.5
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Google Inc. (pyu2f-team@google.com)
+PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: U2F host library for interacting with a U2F device over USB.
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyu2f@0.1.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*
+#####
+
+PackageName: six
+SPDXID: SPDXRef-Package-22-six
+PackageVersion: 1.16.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Benjamin Peterson (benjamin@python.org)
+PackageDownloadLocation: https://pypi.org/project/six/1.16.0
+FilesAnalyzed: false
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: Python 2 and 3 compatibility utilities
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/six@1.16.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*
+#####
+
+PackageName: httplib2
+SPDXID: SPDXRef-Package-23-httplib2
+PackageVersion: 0.20.4
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Joe Gregorio (joe@bitworking.org)
+PackageDownloadLocation: https://pypi.org/project/httplib2/0.20.4
+FilesAnalyzed: false
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: A comprehensive HTTP client library.
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/httplib2@0.20.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*
+#####
+
+PackageName: pyparsing
+SPDXID: SPDXRef-Package-24-pyparsing
+PackageVersion: 3.1.1
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.1
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.1.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.1:*:*:*:*:*:*:*
+#####
+
+PackageName: oauth2client
+SPDXID: SPDXRef-Package-25-oauth2client
+PackageVersion: 4.1.3
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com)
+PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: OAuth 2.0 client library
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/oauth2client@4.1.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*
+#####
+
+PackageName: pyasn1
+SPDXID: SPDXRef-Package-26-pyasn1
+PackageVersion: 0.5.1
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/pyasn1/0.5.1
+FilesAnalyzed: false
+PackageLicenseDeclared: BSD-2-Clause
+PackageLicenseConcluded: BSD-2-Clause
+PackageCopyrightText: NOASSERTION
+PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1@0.5.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.5.1:*:*:*:*:*:*:*
+#####
+
+PackageName: pyasn1-modules
+SPDXID: SPDXRef-Package-27-pyasn1-modules
+PackageVersion: 0.3.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.3.0
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: BSD-3-Clause
+PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: A collection of ASN.1-based protocols modules
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1-modules@0.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.3.0:*:*:*:*:*:*:*
+#####
+
+PackageName: rsa
+SPDXID: SPDXRef-Package-28-rsa
+PackageVersion: 4.7.2
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu)
+PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: Pure-Python RSA implementation
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rsa@4.7.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*
+#####
+
+PackageName: pyopenssl
+SPDXID: SPDXRef-Package-29-pyopenssl
+PackageVersion: 24.0.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org)
+PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/24.0.0
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: Python wrapper module around the OpenSSL library
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyopenssl@24.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.0.0:*:*:*:*:*:*:*
+#####
+
+PackageName: cryptography
+SPDXID: SPDXRef-Package-30-cryptography
+PackageVersion: 42.0.3
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
+PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.3
+FilesAnalyzed: false
+PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
+PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
+PackageCopyrightText: NOASSERTION
+PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@42.0.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.3:*:*:*:*:*:*:*
+#####
+
+PackageName: cffi
+SPDXID: SPDXRef-Package-31-cffi
+PackageVersion: 1.16.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com)
+PackageDownloadLocation: https://pypi.org/project/cffi/1.16.0
+FilesAnalyzed: false
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: Foreign Function Interface for Python calling C code.
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cffi@1.16.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:*:*:*:*:*:*:*
+#####
+
+PackageName: pycparser
+SPDXID: SPDXRef-Package-32-pycparser
+PackageVersion: 2.21
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Eli Bendersky (eliben@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/pycparser/2.21
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: BSD-3-Clause
+PackageLicenseComments: pycparser declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: C parser in Python
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pycparser@2.21
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.21:*:*:*:*:*:*:*
+#####
+
+PackageName: retry-decorator
+SPDXID: SPDXRef-Package-33-retry-decorator
+PackageVersion: 1.1.1
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/retry_decorator/1.1.1
+FilesAnalyzed: false
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: Retry Decorator
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/retry-decorator@1.1.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*
+#####
+
+PackageName: google-apitools
+SPDXID: SPDXRef-Package-34-google-apitools
+PackageVersion: 0.5.32
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Craig Citro (craigcitro@google.com)
+PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: client libraries for humans
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-apitools@0.5.32
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*
+#####
+
+PackageName: google-auth
+SPDXID: SPDXRef-Package-35-google-auth
+PackageVersion: 2.28.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.28.0
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: Google Authentication Library
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.28.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.28.0:*:*:*:*:*:*:*
+#####
+
+PackageName: cachetools
+SPDXID: SPDXRef-Package-36-cachetools
+PackageVersion: 5.3.2
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
+PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.2
+FilesAnalyzed: false
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: Extensible memoizing collections and decorators
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.3.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.2:*:*:*:*:*:*:*
+#####
+
+PackageName: monotonic
+SPDXID: SPDXRef-Package-37-monotonic
+PackageVersion: 1.6
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Ori Livneh (ori@wikimedia.org)
+PackageDownloadLocation: https://pypi.org/project/monotonic/1.6
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: monotonic declares Apache which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: An implementation of time.monotonic() for Python 2 & < 3.3
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/monotonic@1.6
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*
+#####
+
+PackageName: jinja2
+SPDXID: SPDXRef-Package-38-jinja2
+PackageVersion: 3.1.3
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: NOASSERTION
+PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.3
+FilesAnalyzed: false
+PackageLicenseDeclared: BSD-3-Clause
+PackageLicenseConcluded: BSD-3-Clause
+PackageCopyrightText: NOASSERTION
+PackageSummary: A very fast and expressive template engine.
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jinja2@3.1.3
+#####
+
+PackageName: markupsafe
+SPDXID: SPDXRef-Package-39-markupsafe
+PackageVersion: 2.1.5
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: NOASSERTION
+PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.5
+FilesAnalyzed: false
+PackageLicenseDeclared: BSD-3-Clause
+PackageLicenseConcluded: BSD-3-Clause
+PackageCopyrightText: NOASSERTION
+PackageSummary: Safely add untrusted strings to HTML/XML markup.
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.5
+#####
+
+PackageName: jsonschema
+SPDXID: SPDXRef-Package-40-jsonschema
+PackageVersion: 4.21.1
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Julian Berman
+PackageDownloadLocation: https://pypi.org/project/jsonschema/4.21.1
+FilesAnalyzed: false
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: An implementation of JSON Schema validation for Python
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.21.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.21.1:*:*:*:*:*:*:*
+#####
+
+PackageName: jsonschema-specifications
+SPDXID: SPDXRef-Package-41-jsonschema-specifications
+PackageVersion: 2023.12.1
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Julian Berman
+PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.12.1
+FilesAnalyzed: false
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.12.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.12.1:*:*:*:*:*:*:*
+#####
+
+PackageName: referencing
+SPDXID: SPDXRef-Package-42-referencing
+PackageVersion: 0.33.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Julian Berman
+PackageDownloadLocation: https://pypi.org/project/referencing/0.33.0
+FilesAnalyzed: false
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: JSON Referencing + Python
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.33.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.33.0:*:*:*:*:*:*:*
+#####
+
+PackageName: rpds-py
+SPDXID: SPDXRef-Package-43-rpds-py
+PackageVersion: 0.18.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Julian Berman
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.18.0
+FilesAnalyzed: false
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: Python bindings to Rust's persistent data structures (rpds)
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.18.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.18.0:*:*:*:*:*:*:*
+#####
+
+PackageName: lib4sbom
+SPDXID: SPDXRef-Package-44-lib4sbom
+PackageVersion: 0.6.2
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.6.2
+FilesAnalyzed: false
+PackageLicenseDeclared: Apache-2.0
+PackageLicenseConcluded: Apache-2.0
+PackageCopyrightText: NOASSERTION
+PackageSummary: Software Bill of Material (SBOM) generator and consumer library
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.6.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.6.2:*:*:*:*:*:*:*
+#####
+
+PackageName: pyyaml
+SPDXID: SPDXRef-Package-45-pyyaml
+PackageVersion: 6.0.1
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Kirill Simonov (xi@resolvent.net)
+PackageDownloadLocation: https://pypi.org/project/PyYAML/6.0.1
+FilesAnalyzed: false
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: YAML parser and emitter for Python
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyyaml@6.0.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*:*:*
+#####
+
+PackageName: semantic-version
+SPDXID: SPDXRef-Package-46-semantic-version
+PackageVersion: 2.10.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org)
+PackageDownloadLocation: https://pypi.org/project/semantic-version/2.10.0
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: BSD-3-Clause
+PackageLicenseComments: semantic-version declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: A library implementing the 'SemVer' scheme.
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/semantic-version@2.10.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:*
+#####
+
+PackageName: packageurl-python
+SPDXID: SPDXRef-Package-47-packageurl-python
+PackageVersion: 0.13.4
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: the purl authors
+PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.13.4
+FilesAnalyzed: false
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: A purl aka. Package URL parser and builder
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.13.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.13.4:*:*:*:*:*:*:*
+#####
+
+PackageName: packaging
+SPDXID: SPDXRef-Package-48-packaging
+PackageVersion: 23.2
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Donald Stufft (donald@stufft.io)
+PackageDownloadLocation: https://pypi.org/project/packaging/23.2
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Core utilities for Python packages
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packaging@23.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:23.2:*:*:*:*:*:*:*
+#####
+
+PackageName: plotly
+SPDXID: SPDXRef-Package-49-plotly
+PackageVersion: 5.19.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Chris P (chris@plot.ly)
+PackageDownloadLocation: https://pypi.org/project/plotly/5.19.0
+FilesAnalyzed: false
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: An open-source, interactive data visualization library for Python
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.19.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.19.0:*:*:*:*:*:*:*
+#####
+
+PackageName: tenacity
+SPDXID: SPDXRef-Package-50-tenacity
+PackageVersion: 8.2.3
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Julien Danjou (julien@danjou.info)
+PackageDownloadLocation: https://pypi.org/project/tenacity/8.2.3
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: Retry code until it succeeds
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.2.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:*
+#####
+
+PackageName: python-gnupg
+SPDXID: SPDXRef-Package-51-python-gnupg
+PackageVersion: 0.5.2
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
+PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.2
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: BSD-3-Clause
+PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/python-gnupg@0.5.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:*:*:*:*
+#####
+
+PackageName: requests
+SPDXID: SPDXRef-Package-52-requests
+PackageVersion: 2.31.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org)
+PackageDownloadLocation: https://pypi.org/project/requests/2.31.0
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: requests declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: Python HTTP for Humans.
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.31.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*:*:*:*
+#####
+
+PackageName: certifi
+SPDXID: SPDXRef-Package-53-certifi
+PackageVersion: 2024.2.2
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
+PackageDownloadLocation: https://pypi.org/project/certifi/2024.2.2
+FilesAnalyzed: false
+PackageLicenseDeclared: MPL-2.0
+PackageLicenseConcluded: MPL-2.0
+PackageCopyrightText: NOASSERTION
+PackageSummary: Python package for providing Mozilla's CA Bundle.
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2024.2.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.2.2:*:*:*:*:*:*:*
+#####
+
+PackageName: charset-normalizer
+SPDXID: SPDXRef-Package-54-charset-normalizer
+PackageVersion: 3.3.2
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev)
+PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.3.2
+FilesAnalyzed: false
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.3.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:*:*:*:*:*:*:*
+#####
+
+PackageName: urllib3
+SPDXID: SPDXRef-Package-55-urllib3
+PackageVersion: 2.2.1
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net)
+PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.1
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: HTTP library with thread-safe connection pooling, file post, and more.
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@2.2.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.1:*:*:*:*:*:*:*
+#####
+
+PackageName: rich
+SPDXID: SPDXRef-Package-56-rich
+PackageVersion: 13.7.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/rich/13.7.0
+FilesAnalyzed: false
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.7.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.7.0:*:*:*:*:*:*:*
+#####
+
+PackageName: markdown-it-py
+SPDXID: SPDXRef-Package-57-markdown-it-py
+PackageVersion: 3.0.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com)
+PackageDownloadLocation: https://pypi.org/project/markdown-it-py/3.0.0
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Python port of markdown-it. Markdown parsing, done right!
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markdown-it-py@3.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:*
+#####
+
+PackageName: mdurl
+SPDXID: SPDXRef-Package-58-mdurl
+PackageVersion: 0.1.2
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com)
+PackageDownloadLocation: https://pypi.org/project/mdurl/0.1.2
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Markdown URL utilities
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/mdurl@0.1.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*
+#####
+
+PackageName: pygments
+SPDXID: SPDXRef-Package-59-pygments
+PackageVersion: 2.17.2
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Georg Brandl (georg@python.org)
+PackageDownloadLocation: https://pypi.org/project/Pygments/2.17.2
+FilesAnalyzed: false
+PackageLicenseDeclared: BSD-2-Clause
+PackageLicenseConcluded: BSD-2-Clause
+PackageCopyrightText: NOASSERTION
+PackageSummary: Pygments is a syntax highlighting package written in Python.
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.17.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.17.2:*:*:*:*:*:*:*
+#####
+
+PackageName: rpmfile
+SPDXID: SPDXRef-Package-60-rpmfile
+PackageVersion: 2.0.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Sean Ross (srossross@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/rpmfile/2.0.0
+FilesAnalyzed: false
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: Read rpm archive files
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpmfile@2.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:*
+#####
+
+PackageName: xmlschema
+SPDXID: SPDXRef-Package-61-xmlschema
+PackageVersion: 3.0.2
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
+PackageDownloadLocation: https://pypi.org/project/xmlschema/3.0.2
+FilesAnalyzed: false
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: An XML Schema validator and decoder
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@3.0.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.0.2:*:*:*:*:*:*:*
+#####
+
+PackageName: elementpath
+SPDXID: SPDXRef-Package-62-elementpath
+PackageVersion: 4.3.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
+PackageDownloadLocation: https://pypi.org/project/elementpath/4.3.0
+FilesAnalyzed: false
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.3.0:*:*:*:*:*:*:*
+#####
+
+PackageName: zstandard
+SPDXID: SPDXRef-Package-63-zstandard
+PackageVersion: 0.22.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/zstandard/0.22.0
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: BSD-3-Clause
+PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: Zstandard bindings for Python
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.22.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.22.0:*:*:*:*:*:*:*
+#####
+
+Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-1-cve-bin-tool
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-11-cvss
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-12-defusedxml
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-13-distro
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-gsutil
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-2-aiohttp
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-38-jinja2
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-40-jsonschema
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-44-lib4sbom
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-45-pyyaml
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-47-packageurl-python
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-48-packaging
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-49-plotly
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-python-gnupg
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-requests
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-urllib3
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-rich
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-rpmfile
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-61-xmlschema
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-63-zstandard
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-9-beautifulsoup4
+Relationship: SPDXRef-Package-14-gsutil DEPENDS_ON SPDXRef-Package-15-argcomplete
+Relationship: SPDXRef-Package-14-gsutil DEPENDS_ON SPDXRef-Package-16-crcmod
+Relationship: SPDXRef-Package-14-gsutil DEPENDS_ON SPDXRef-Package-17-fasteners
+Relationship: SPDXRef-Package-14-gsutil DEPENDS_ON SPDXRef-Package-18-gcs-oauth2-boto-plugin
+Relationship: SPDXRef-Package-14-gsutil DEPENDS_ON SPDXRef-Package-20-google-reauth
+Relationship: SPDXRef-Package-14-gsutil DEPENDS_ON SPDXRef-Package-22-six
+Relationship: SPDXRef-Package-14-gsutil DEPENDS_ON SPDXRef-Package-23-httplib2
+Relationship: SPDXRef-Package-14-gsutil DEPENDS_ON SPDXRef-Package-29-pyopenssl
+Relationship: SPDXRef-Package-14-gsutil DEPENDS_ON SPDXRef-Package-33-retry-decorator
+Relationship: SPDXRef-Package-14-gsutil DEPENDS_ON SPDXRef-Package-34-google-apitools
+Relationship: SPDXRef-Package-14-gsutil DEPENDS_ON SPDXRef-Package-35-google-auth
+Relationship: SPDXRef-Package-14-gsutil DEPENDS_ON SPDXRef-Package-37-monotonic
+Relationship: SPDXRef-Package-18-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-19-boto
+Relationship: SPDXRef-Package-18-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-20-google-reauth
+Relationship: SPDXRef-Package-18-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-22-six
+Relationship: SPDXRef-Package-18-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-23-httplib2
+Relationship: SPDXRef-Package-18-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-25-oauth2client
+Relationship: SPDXRef-Package-18-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-28-rsa
+Relationship: SPDXRef-Package-18-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-29-pyopenssl
+Relationship: SPDXRef-Package-18-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-33-retry-decorator
+Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiosignal
+Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-frozenlist
+Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-attrs
+Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-6-multidict
+Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-7-yarl
+Relationship: SPDXRef-Package-20-google-reauth DEPENDS_ON SPDXRef-Package-21-pyu2f
+Relationship: SPDXRef-Package-21-pyu2f DEPENDS_ON SPDXRef-Package-22-six
+Relationship: SPDXRef-Package-23-httplib2 DEPENDS_ON SPDXRef-Package-24-pyparsing
+Relationship: SPDXRef-Package-25-oauth2client DEPENDS_ON SPDXRef-Package-22-six
+Relationship: SPDXRef-Package-25-oauth2client DEPENDS_ON SPDXRef-Package-23-httplib2
+Relationship: SPDXRef-Package-25-oauth2client DEPENDS_ON SPDXRef-Package-26-pyasn1
+Relationship: SPDXRef-Package-25-oauth2client DEPENDS_ON SPDXRef-Package-27-pyasn1-modules
+Relationship: SPDXRef-Package-25-oauth2client DEPENDS_ON SPDXRef-Package-28-rsa
+Relationship: SPDXRef-Package-27-pyasn1-modules DEPENDS_ON SPDXRef-Package-26-pyasn1
+Relationship: SPDXRef-Package-28-rsa DEPENDS_ON SPDXRef-Package-26-pyasn1
+Relationship: SPDXRef-Package-29-pyopenssl DEPENDS_ON SPDXRef-Package-30-cryptography
+Relationship: SPDXRef-Package-3-aiosignal DEPENDS_ON SPDXRef-Package-4-frozenlist
+Relationship: SPDXRef-Package-30-cryptography DEPENDS_ON SPDXRef-Package-31-cffi
+Relationship: SPDXRef-Package-31-cffi DEPENDS_ON SPDXRef-Package-32-pycparser
+Relationship: SPDXRef-Package-34-google-apitools DEPENDS_ON SPDXRef-Package-17-fasteners
+Relationship: SPDXRef-Package-34-google-apitools DEPENDS_ON SPDXRef-Package-22-six
+Relationship: SPDXRef-Package-34-google-apitools DEPENDS_ON SPDXRef-Package-23-httplib2
+Relationship: SPDXRef-Package-34-google-apitools DEPENDS_ON SPDXRef-Package-25-oauth2client
+Relationship: SPDXRef-Package-35-google-auth DEPENDS_ON SPDXRef-Package-27-pyasn1-modules
+Relationship: SPDXRef-Package-35-google-auth DEPENDS_ON SPDXRef-Package-28-rsa
+Relationship: SPDXRef-Package-35-google-auth DEPENDS_ON SPDXRef-Package-36-cachetools
+Relationship: SPDXRef-Package-38-jinja2 DEPENDS_ON SPDXRef-Package-39-markupsafe
+Relationship: SPDXRef-Package-40-jsonschema DEPENDS_ON SPDXRef-Package-41-jsonschema-specifications
+Relationship: SPDXRef-Package-40-jsonschema DEPENDS_ON SPDXRef-Package-42-referencing
+Relationship: SPDXRef-Package-40-jsonschema DEPENDS_ON SPDXRef-Package-43-rpds-py
+Relationship: SPDXRef-Package-40-jsonschema DEPENDS_ON SPDXRef-Package-5-attrs
+Relationship: SPDXRef-Package-41-jsonschema-specifications DEPENDS_ON SPDXRef-Package-42-referencing
+Relationship: SPDXRef-Package-42-referencing DEPENDS_ON SPDXRef-Package-43-rpds-py
+Relationship: SPDXRef-Package-42-referencing DEPENDS_ON SPDXRef-Package-5-attrs
+Relationship: SPDXRef-Package-44-lib4sbom DEPENDS_ON SPDXRef-Package-12-defusedxml
+Relationship: SPDXRef-Package-44-lib4sbom DEPENDS_ON SPDXRef-Package-45-pyyaml
+Relationship: SPDXRef-Package-44-lib4sbom DEPENDS_ON SPDXRef-Package-46-semantic-version
+Relationship: SPDXRef-Package-49-plotly DEPENDS_ON SPDXRef-Package-48-packaging
+Relationship: SPDXRef-Package-49-plotly DEPENDS_ON SPDXRef-Package-50-tenacity
+Relationship: SPDXRef-Package-52-requests DEPENDS_ON SPDXRef-Package-53-certifi
+Relationship: SPDXRef-Package-52-requests DEPENDS_ON SPDXRef-Package-54-charset-normalizer
+Relationship: SPDXRef-Package-52-requests DEPENDS_ON SPDXRef-Package-55-urllib3
+Relationship: SPDXRef-Package-52-requests DEPENDS_ON SPDXRef-Package-8-idna
+Relationship: SPDXRef-Package-56-rich DEPENDS_ON SPDXRef-Package-57-markdown-it-py
+Relationship: SPDXRef-Package-56-rich DEPENDS_ON SPDXRef-Package-59-pygments
+Relationship: SPDXRef-Package-57-markdown-it-py DEPENDS_ON SPDXRef-Package-58-mdurl
+Relationship: SPDXRef-Package-61-xmlschema DEPENDS_ON SPDXRef-Package-62-elementpath
+Relationship: SPDXRef-Package-7-yarl DEPENDS_ON SPDXRef-Package-6-multidict
+Relationship: SPDXRef-Package-7-yarl DEPENDS_ON SPDXRef-Package-8-idna
+Relationship: SPDXRef-Package-9-beautifulsoup4 DEPENDS_ON SPDXRef-Package-10-soupsieve