added auditing tools

This commit is contained in:
Valerie Wolfe 2024-07-09 14:21:43 -04:00
parent ce65fefcba
commit cf67bf73eb
2 changed files with 196 additions and 0 deletions

4
deny.toml Normal file
View file

@ -0,0 +1,4 @@
[licenses]
allow = [ "MIT" ]

192
sbom.xml Normal file
View file

@ -0,0 +1,192 @@
{
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2024-07-09T18:21:25.518Z",
"creators": [
"Tool: cargo-sbom-v0.8.4"
]
},
"dataLicense": "CC0-1.0",
"documentNamespace": "https://spdx.org/spdxdocs/qm-0541a043-2174-483b-9558-35c5390ec42e",
"files": [
{
"SPDXID": "SPDXRef-File-qm",
"checksums": [],
"fileName": "qm",
"fileTypes": [
"BINARY"
]
}
],
"name": "qm",
"packages": [
{
"SPDXID": "SPDXRef-Package-redox_termios-0.1.3",
"description": "A Rust library to access Redox termios functions",
"downloadLocation": "registry+https://github.com/rust-lang/crates.io-index",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceLocator": "pkg:cargo/redox_termios@0.1.3",
"referenceType": "purl"
}
],
"licenseConcluded": "MIT",
"licenseDeclared": "MIT",
"name": "redox_termios",
"versionInfo": "0.1.3"
},
{
"SPDXID": "SPDXRef-Package-bitflags-1.3.2",
"description": "A macro to generate structures which behave like bitflags.\n",
"downloadLocation": "registry+https://github.com/rust-lang/crates.io-index",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceLocator": "pkg:cargo/bitflags@1.3.2",
"referenceType": "purl"
}
],
"homepage": "https://github.com/bitflags/bitflags",
"licenseConcluded": "MIT OR Apache-2.0",
"licenseDeclared": "MIT/Apache-2.0",
"name": "bitflags",
"versionInfo": "1.3.2"
},
{
"SPDXID": "SPDXRef-Package-libc-0.2.155",
"description": "Raw FFI bindings to platform libraries like libc.\n",
"downloadLocation": "registry+https://github.com/rust-lang/crates.io-index",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceLocator": "pkg:cargo/libc@0.2.155",
"referenceType": "purl"
}
],
"homepage": "https://github.com/rust-lang/libc",
"licenseConcluded": "MIT OR Apache-2.0",
"licenseDeclared": "MIT OR Apache-2.0",
"name": "libc",
"versionInfo": "0.2.155"
},
{
"SPDXID": "SPDXRef-Package-numtoa-0.1.0",
"description": "Convert numbers into stack-allocated byte arrays",
"downloadLocation": "registry+https://github.com/rust-lang/crates.io-index",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceLocator": "pkg:cargo/numtoa@0.1.0",
"referenceType": "purl"
}
],
"licenseConcluded": "MIT OR Apache-2.0",
"licenseDeclared": "MIT OR Apache-2.0",
"name": "numtoa",
"versionInfo": "0.1.0"
},
{
"SPDXID": "SPDXRef-Package-evalexpr-11.3.0",
"description": "A powerful arithmetic and boolean expression evaluator",
"downloadLocation": "registry+https://github.com/rust-lang/crates.io-index",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceLocator": "pkg:cargo/evalexpr@11.3.0",
"referenceType": "purl"
}
],
"homepage": "https://github.com/ISibboI/evalexpr",
"licenseConcluded": "MIT",
"licenseDeclared": "MIT",
"name": "evalexpr",
"versionInfo": "11.3.0"
},
{
"SPDXID": "SPDXRef-Package-quickmath-0.2.3",
"description": "A quick command-line math evaluator.",
"downloadLocation": "NONE",
"homepage": "https://git.vwolfe.io/valerie/qm",
"licenseConcluded": "MIT",
"licenseDeclared": "MIT",
"name": "quickmath",
"versionInfo": "0.2.3"
},
{
"SPDXID": "SPDXRef-Package-redox_syscall-0.2.16",
"description": "A Rust library to access raw Redox system calls",
"downloadLocation": "registry+https://github.com/rust-lang/crates.io-index",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceLocator": "pkg:cargo/redox_syscall@0.2.16",
"referenceType": "purl"
}
],
"licenseConcluded": "MIT",
"licenseDeclared": "MIT",
"name": "redox_syscall",
"versionInfo": "0.2.16"
},
{
"SPDXID": "SPDXRef-Package-termion-1.5.6",
"description": "A bindless library for manipulating terminals.",
"downloadLocation": "registry+https://github.com/rust-lang/crates.io-index",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceLocator": "pkg:cargo/termion@1.5.6",
"referenceType": "purl"
}
],
"licenseConcluded": "MIT",
"licenseDeclared": "MIT",
"name": "termion",
"versionInfo": "1.5.6"
}
],
"relationships": [
{
"relatedSpdxElement": "SPDXRef-Package-evalexpr-11.3.0",
"relationshipType": "DEPENDS_ON",
"spdxElementId": "SPDXRef-Package-quickmath-0.2.3"
},
{
"relatedSpdxElement": "SPDXRef-Package-redox_syscall-0.2.16",
"relationshipType": "DEPENDS_ON",
"spdxElementId": "SPDXRef-Package-termion-1.5.6"
},
{
"relatedSpdxElement": "SPDXRef-Package-numtoa-0.1.0",
"relationshipType": "DEPENDS_ON",
"spdxElementId": "SPDXRef-Package-termion-1.5.6"
},
{
"relatedSpdxElement": "SPDXRef-Package-redox_termios-0.1.3",
"relationshipType": "DEPENDS_ON",
"spdxElementId": "SPDXRef-Package-termion-1.5.6"
},
{
"relatedSpdxElement": "SPDXRef-Package-bitflags-1.3.2",
"relationshipType": "DEPENDS_ON",
"spdxElementId": "SPDXRef-Package-redox_syscall-0.2.16"
},
{
"relatedSpdxElement": "SPDXRef-Package-quickmath-0.2.3",
"relationshipType": "GENERATED_FROM",
"spdxElementId": "SPDXRef-File-qm"
},
{
"relatedSpdxElement": "SPDXRef-Package-termion-1.5.6",
"relationshipType": "DEPENDS_ON",
"spdxElementId": "SPDXRef-Package-quickmath-0.2.3"
},
{
"relatedSpdxElement": "SPDXRef-Package-libc-0.2.155",
"relationshipType": "DEPENDS_ON",
"spdxElementId": "SPDXRef-Package-termion-1.5.6"
}
],
"spdxVersion": "SPDX-2.3"
}