Software Bill of Materials
tags: - sbom - dependencies
Generating the SBOM
This document is maintained manually and kept in sync with go.mod. To verify or regenerate the dependency list, use the built-in Go tooling — no extra tools required.
List all modules (JSON, machine-readable):
make sbom
# equivalent: go list -m -json all
Quick human-readable list:
go list -m all
Check for dependency updates:
go list -u -m all
Verify module checksums match go.sum:
go mod verify
After adding or removing dependencies (go get, go mod tidy), update the tables in this file to reflect the new state.
knife
| Component | Version | License | Type | URL |
|---|---|---|---|---|
gitlab.com/cozybadgerde/applications/knife | — | BSD-3-Clause | application | https://gitlab.com/cozybadgerde/applications/knife |
Direct Dependencies
| Component | Version | License | Type | URL |
|---|---|---|---|---|
github.com/oapi-codegen/runtime | v1.4.0 | Apache-2.0 | library | https://github.com/oapi-codegen/runtime |
github.com/spf13/cobra | v1.10.2 | Apache-2.0 | library | https://github.com/spf13/cobra |
github.com/spf13/viper | v1.21.0 | MIT | library | https://github.com/spf13/viper |
Indirect Dependencies
| Component | Version | License | Type | URL |
|---|---|---|---|---|
github.com/apapsch/go-jsonmerge/v2 | v2.0.0 | MIT | library | https://github.com/apapsch/go-jsonmerge |
github.com/cpuguy83/go-md2man/v2 | v2.0.6 | MIT | library | https://github.com/cpuguy83/go-md2man |
github.com/fsnotify/fsnotify | v1.9.0 | BSD-3-Clause | library | https://github.com/fsnotify/fsnotify |
github.com/go-viper/mapstructure/v2 | v2.4.0 | MIT | library | https://github.com/go-viper/mapstructure |
github.com/google/uuid | v1.6.0 | BSD-3-Clause | library | https://github.com/google/uuid |
github.com/inconshreveable/mousetrap | v1.1.0 | Apache-2.0 | library | https://github.com/inconshreveable/mousetrap |
github.com/pelletier/go-toml/v2 | v2.2.4 | MIT | library | https://github.com/pelletier/go-toml |
github.com/rogpeppe/go-internal | v1.12.0 | BSD-3-Clause | library | https://github.com/rogpeppe/go-internal |
github.com/russross/blackfriday/v2 | v2.1.0 | BSD-2-Clause | library | https://github.com/russross/blackfriday |
github.com/sagikazarmark/locafero | v0.11.0 | MIT | library | https://github.com/sagikazarmark/locafero |
github.com/sourcegraph/conc | v0.3.1-0.20240121214520-5f936abd7ae8 | MIT | library | https://github.com/sourcegraph/conc |
github.com/spf13/afero | v1.15.0 | Apache-2.0 | library | https://github.com/spf13/afero |
github.com/spf13/cast | v1.10.0 | MIT | library | https://github.com/spf13/cast |
github.com/spf13/pflag | v1.0.10 | BSD-3-Clause | library | https://github.com/spf13/pflag |
github.com/subosito/gotenv | v1.6.0 | MIT | library | https://github.com/subosito/gotenv |
go.yaml.in/yaml/v3 | v3.0.4 | MIT | library | https://pkg.go.dev/go.yaml.in/yaml/v3 |
golang.org/x/sys | v0.43.0 | BSD-3-Clause | library | https://pkg.go.dev/golang.org/x/sys |
golang.org/x/term | v0.42.0 | BSD-3-Clause | library | https://pkg.go.dev/golang.org/x/term |
golang.org/x/text | v0.32.0 | BSD-3-Clause | library | https://pkg.go.dev/golang.org/x/text |
gopkg.in/check.v1 | v1.0.0-20201130134442-10cb98267c6c | BSD-2-Clause | library | https://gopkg.in/check.v1 |
Build Toolchain
| Component | Version | License | Type | URL |
|---|---|---|---|---|
| Go | 1.26.2 | BSD-3-Clause | toolchain | https://go.dev |
| oapi-codegen | — | Apache-2.0 | code generator | https://github.com/oapi-codegen/oapi-codegen |