From cf67bf73ebbd199c691f337562a47e97ca66c226 Mon Sep 17 00:00:00 2001 From: Valerie Date: Tue, 9 Jul 2024 14:21:43 -0400 Subject: [PATCH] added auditing tools --- deny.toml | 4 ++ sbom.xml | 192 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 196 insertions(+) create mode 100644 deny.toml create mode 100644 sbom.xml diff --git a/deny.toml b/deny.toml new file mode 100644 index 0000000..6b1a8fb --- /dev/null +++ b/deny.toml @@ -0,0 +1,4 @@ +[licenses] +allow = [ "MIT" ] + + diff --git a/sbom.xml b/sbom.xml new file mode 100644 index 0000000..e2860e6 --- /dev/null +++ b/sbom.xml @@ -0,0 +1,192 @@ +{ + "SPDXID": "SPDXRef-DOCUMENT", + "creationInfo": { + "created": "2024-07-09T18:21:25.518Z", + "creators": [ + "Tool: cargo-sbom-v0.8.4" + ] + }, + "dataLicense": "CC0-1.0", + "documentNamespace": "https://spdx.org/spdxdocs/qm-0541a043-2174-483b-9558-35c5390ec42e", + "files": [ + { + "SPDXID": "SPDXRef-File-qm", + "checksums": [], + "fileName": "qm", + "fileTypes": [ + "BINARY" + ] + } + ], + "name": "qm", + "packages": [ + { + "SPDXID": "SPDXRef-Package-redox_termios-0.1.3", + "description": "A Rust library to access Redox termios functions", + "downloadLocation": "registry+https://github.com/rust-lang/crates.io-index", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:cargo/redox_termios@0.1.3", + "referenceType": "purl" + } + ], + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "name": "redox_termios", + "versionInfo": "0.1.3" + }, + { + "SPDXID": "SPDXRef-Package-bitflags-1.3.2", + "description": "A macro to generate structures which behave like bitflags.\n", + "downloadLocation": "registry+https://github.com/rust-lang/crates.io-index", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:cargo/bitflags@1.3.2", + "referenceType": "purl" + } + ], + "homepage": "https://github.com/bitflags/bitflags", + "licenseConcluded": "MIT OR Apache-2.0", + "licenseDeclared": "MIT/Apache-2.0", + "name": "bitflags", + "versionInfo": "1.3.2" + }, + { + "SPDXID": "SPDXRef-Package-libc-0.2.155", + "description": "Raw FFI bindings to platform libraries like libc.\n", + "downloadLocation": "registry+https://github.com/rust-lang/crates.io-index", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:cargo/libc@0.2.155", + "referenceType": "purl" + } + ], + "homepage": "https://github.com/rust-lang/libc", + "licenseConcluded": "MIT OR Apache-2.0", + "licenseDeclared": "MIT OR Apache-2.0", + "name": "libc", + "versionInfo": "0.2.155" + }, + { + "SPDXID": "SPDXRef-Package-numtoa-0.1.0", + "description": "Convert numbers into stack-allocated byte arrays", + "downloadLocation": "registry+https://github.com/rust-lang/crates.io-index", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:cargo/numtoa@0.1.0", + "referenceType": "purl" + } + ], + "licenseConcluded": "MIT OR Apache-2.0", + "licenseDeclared": "MIT OR Apache-2.0", + "name": "numtoa", + "versionInfo": "0.1.0" + }, + { + "SPDXID": "SPDXRef-Package-evalexpr-11.3.0", + "description": "A powerful arithmetic and boolean expression evaluator", + "downloadLocation": "registry+https://github.com/rust-lang/crates.io-index", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:cargo/evalexpr@11.3.0", + "referenceType": "purl" + } + ], + "homepage": "https://github.com/ISibboI/evalexpr", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "name": "evalexpr", + "versionInfo": "11.3.0" + }, + { + "SPDXID": "SPDXRef-Package-quickmath-0.2.3", + "description": "A quick command-line math evaluator.", + "downloadLocation": "NONE", + "homepage": "https://git.vwolfe.io/valerie/qm", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "name": "quickmath", + "versionInfo": "0.2.3" + }, + { + "SPDXID": "SPDXRef-Package-redox_syscall-0.2.16", + "description": "A Rust library to access raw Redox system calls", + "downloadLocation": "registry+https://github.com/rust-lang/crates.io-index", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:cargo/redox_syscall@0.2.16", + "referenceType": "purl" + } + ], + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "name": "redox_syscall", + "versionInfo": "0.2.16" + }, + { + "SPDXID": "SPDXRef-Package-termion-1.5.6", + "description": "A bindless library for manipulating terminals.", + "downloadLocation": "registry+https://github.com/rust-lang/crates.io-index", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceLocator": "pkg:cargo/termion@1.5.6", + "referenceType": "purl" + } + ], + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "name": "termion", + "versionInfo": "1.5.6" + } + ], + "relationships": [ + { + "relatedSpdxElement": "SPDXRef-Package-evalexpr-11.3.0", + "relationshipType": "DEPENDS_ON", + "spdxElementId": "SPDXRef-Package-quickmath-0.2.3" + }, + { + "relatedSpdxElement": "SPDXRef-Package-redox_syscall-0.2.16", + "relationshipType": "DEPENDS_ON", + "spdxElementId": "SPDXRef-Package-termion-1.5.6" + }, + { + "relatedSpdxElement": "SPDXRef-Package-numtoa-0.1.0", + "relationshipType": "DEPENDS_ON", + "spdxElementId": "SPDXRef-Package-termion-1.5.6" + }, + { + "relatedSpdxElement": "SPDXRef-Package-redox_termios-0.1.3", + "relationshipType": "DEPENDS_ON", + "spdxElementId": "SPDXRef-Package-termion-1.5.6" + }, + { + "relatedSpdxElement": "SPDXRef-Package-bitflags-1.3.2", + "relationshipType": "DEPENDS_ON", + "spdxElementId": "SPDXRef-Package-redox_syscall-0.2.16" + }, + { + "relatedSpdxElement": "SPDXRef-Package-quickmath-0.2.3", + "relationshipType": "GENERATED_FROM", + "spdxElementId": "SPDXRef-File-qm" + }, + { + "relatedSpdxElement": "SPDXRef-Package-termion-1.5.6", + "relationshipType": "DEPENDS_ON", + "spdxElementId": "SPDXRef-Package-quickmath-0.2.3" + }, + { + "relatedSpdxElement": "SPDXRef-Package-libc-0.2.155", + "relationshipType": "DEPENDS_ON", + "spdxElementId": "SPDXRef-Package-termion-1.5.6" + } + ], + "spdxVersion": "SPDX-2.3" +}