Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

python:latest using mismatched version #2942

Open
andrew-womeldorf opened this issue Dec 2, 2024 · 0 comments
Open

python:latest using mismatched version #2942

andrew-womeldorf opened this issue Dec 2, 2024 · 0 comments
Labels
needs-triage applied to all new customer/user issues. Removed after triage occurs.

Comments

@andrew-womeldorf
Copy link

Which image/versions are related to this issue/feature request?

python

Issue/Feature description

python:latest and python:latest-dev are using version 3.12.7, which does not match the SBOM on the website. The SBOM downloaded with cosign confirms this. As of right now, latest was published 4 days ago.

As of right now, the SBOM displayed on https://images.chainguard.dev/directory/image/python/sbom for the latest tag on x86_64 shows that python-3.13 should be installed.
image

However, pulling the image and running it shows that it's actually running 3.12.7:

$ docker pull cgr.dev/chainguard/python:latest && docker run --rm -it cgr.dev/chainguard/python:latest --version
latest: Pulling from chainguard/python
Digest: sha256:9f93210d15a82eed4a4167817871ee7f1adf901256aba4bfdebc51bda96e0668
Status: Image is up to date for cgr.dev/chainguard/python:latest
cgr.dev/chainguard/python:latest
Python 3.12.7

This is the same when pulling from docker hub. (Side note - it would be great if the website showed digests next to the image).

This is also confirmed by checking the SBOM obtained with cosign:

$ cosign download attestation  --platform linux/amd64  --predicate-type=https://spdx.dev/Document  cgr.dev/chainguard/python:latest |  jq -r .payload | base64 -d | jq
{
  "predicate": {
    "SPDXID": "SPDXRef-DOCUMENT",
    "creationInfo": {
      "created": "2024-11-29T02:13:26Z",
      "creators": [
        "Tool: apko (devel)",
        "Organization: Chainguard, Inc"
      ],
      "licenseListVersion": "3.16"
    },
    "dataLicense": "CC0-1.0",
    "documentDescribes": [
      "SPDXRef-Package-sha256-7731c72bf7bfe26259675ddfbad1ed69cfc817ffc3e8390e769219a423be6953"
    ],
    "documentNamespace": "https://spdx.org/spdxdocs/apko/",
    "name": "sbom-sha256:35896bfd92e146664fc237400a577c41471a1739fcafcf6db8fe427fea642371",
    "packages": [
      ...
      {
        "SPDXID": "SPDXRef-Package-python-3.12-3.12.7-r1",
        "copyrightText": "\n",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:apk/wolfi/[email protected]?arch=x86_64",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "PSF-2.0",
        "name": "python-3.12",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "3.12.7-r1"
      }
    ],
    ...
  }
}
full sbom output 
$ cosign download attestation  --platform linux/amd64  --predicate-type=https://spdx.dev/Document  cgr.dev/chainguard/python:latest |  jq -r .payload | base64 -d | jq
{
  "_type": "https://in-toto.io/Statement/v0.1",
  "predicateType": "https://spdx.dev/Document",
  "subject": [
    {
      "name": "cgr.dev/chainguard/python",
      "digest": {
        "sha256": "7731c72bf7bfe26259675ddfbad1ed69cfc817ffc3e8390e769219a423be6953"
      }
    }
  ],
  "predicate": {
    "SPDXID": "SPDXRef-DOCUMENT",
    "creationInfo": {
      "created": "2024-11-29T02:13:26Z",
      "creators": [
        "Tool: apko (devel)",
        "Organization: Chainguard, Inc"
      ],
      "licenseListVersion": "3.16"
    },
    "dataLicense": "CC0-1.0",
    "documentDescribes": [
      "SPDXRef-Package-sha256-7731c72bf7bfe26259675ddfbad1ed69cfc817ffc3e8390e769219a423be6953"
    ],
    "documentNamespace": "https://spdx.org/spdxdocs/apko/",
    "name": "sbom-sha256:35896bfd92e146664fc237400a577c41471a1739fcafcf6db8fe427fea642371",
    "packages": [
      {
        "SPDXID": "SPDXRef-Package-sha256-7731c72bf7bfe26259675ddfbad1ed69cfc817ffc3e8390e769219a423be6953",
        "checksums": [
          {
            "algorithm": "SHA256",
            "checksumValue": "7731c72bf7bfe26259675ddfbad1ed69cfc817ffc3e8390e769219a423be6953"
          }
        ],
        "description": "apko container image",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:oci/image@sha256%3A7731c72bf7bfe26259675ddfbad1ed69cfc817ffc3e8390e769219a423be6953?arch=amd64&mediaType=application%2Fvnd.oci.image.manifest.v1%2Bjson&os=linux",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "name": "sha256:7731c72bf7bfe26259675ddfbad1ed69cfc817ffc3e8390e769219a423be6953",
        "primaryPackagePurpose": "CONTAINER",
        "supplier": "Organization: Wolfi",
        "versionInfo": "sha256:7731c72bf7bfe26259675ddfbad1ed69cfc817ffc3e8390e769219a423be6953"
      },
      {
        "SPDXID": "SPDXRef-Package-sha256-35896bfd92e146664fc237400a577c41471a1739fcafcf6db8fe427fea642371",
        "description": "apko operating system layer",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:oci/image@sha256%3A35896bfd92e146664fc237400a577c41471a1739fcafcf6db8fe427fea642371?arch=amd64&mediaType=application%2Fvnd.oci.image.layer.v1.tar%2Bgzip&os=linux",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "name": "sha256:35896bfd92e146664fc237400a577c41471a1739fcafcf6db8fe427fea642371",
        "supplier": "Organization: Wolfi",
        "versionInfo": "20230201"
      },
      {
        "SPDXID": "SPDXRef-Package-ca-certificates-bundle-20241010-r2",
        "copyrightText": "\n",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:apk/wolfi/ca-certificates-bundle@20241010-r2?arch=x86_64",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "MPL-2.0 AND MIT",
        "name": "ca-certificates-bundle",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "20241010-r2"
      },
      {
        "SPDXID": "SPDXRef-Package-ca-certificates.yaml-496a8fac9d19342919c60ef12a23504ee414ea0b",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:github/wolfi-dev/os@496a8fac9d19342919c60ef12a23504ee414ea0b#ca-certificates.yaml",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "Apache-2.0",
        "name": "ca-certificates.yaml",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "496a8fac9d19342919c60ef12a23504ee414ea0b"
      },
      {
        "SPDXID": "SPDXRef-Package-gitlab.alpinelinux.org-alpine-ca-certificates-20241010-153107a3beeff73331fd6ac8fa40312f3e92f4f0-0",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:generic/ca-certificates@20241010?vcs_url=git%2Bhttps%3A%2F%2Fgitlab.alpinelinux.org%2Falpine%2Fca-certificates%40153107a3beeff73331fd6ac8fa40312f3e92f4f0",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "MPL-2.0 AND MIT",
        "name": "ca-certificates",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "20241010"
      },
      {
        "SPDXID": "SPDXRef-Package-wolfi-baselayout-20230201-r15",
        "copyrightText": "\n",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE_MANAGER",
            "referenceLocator": "pkg:apk/wolfi/wolfi-baselayout@20230201-r15?arch=x86_64",
            "referenceType": "purl"
          },
          {
            "referenceCategory": "PACKAGE_MANAGER",
            "referenceLocator": "pkg:github/wolfi-dev/os@a210624b093af744aa09b69372345cf3356ae18b#wolfi-baselayout.yaml",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "MIT",
        "name": "wolfi-baselayout",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "20230201-r15"
      },
      {
        "SPDXID": "SPDXRef-Package-ld-linux-2.40-r3",
        "copyrightText": "\n",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:apk/wolfi/[email protected]?arch=x86_64",
            "referenceType": "purl"
          },
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:generic/[email protected]?checksum=sha256%3A19a890175e9263d748f627993de6f4b1af9cd21e03f080e4bfb3a1fac10205a2&download_url=https%3A%2F%2Fftp.gnu.org%2Fgnu%2Flibc%2Fglibc-2.40.tar.xz",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "LGPL-2.1-or-later",
        "name": "ld-linux",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "2.40-r3"
      },
      {
        "SPDXID": "SPDXRef-Package-glibc-locale-posix-2.40-r3",
        "copyrightText": "\n",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:apk/wolfi/[email protected]?arch=x86_64",
            "referenceType": "purl"
          },
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:generic/[email protected]?checksum=sha256%3A19a890175e9263d748f627993de6f4b1af9cd21e03f080e4bfb3a1fac10205a2&download_url=https%3A%2F%2Fftp.gnu.org%2Fgnu%2Flibc%2Fglibc-2.40.tar.xz",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "LGPL-2.1-or-later",
        "name": "glibc-locale-posix",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "2.40-r3"
      },
      {
        "SPDXID": "SPDXRef-Package-glibc-2.40-r3",
        "copyrightText": "\n",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:apk/wolfi/[email protected]?arch=x86_64",
            "referenceType": "purl"
          },
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:generic/[email protected]?checksum=sha256%3A19a890175e9263d748f627993de6f4b1af9cd21e03f080e4bfb3a1fac10205a2&download_url=https%3A%2F%2Fftp.gnu.org%2Fgnu%2Flibc%2Fglibc-2.40.tar.xz",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "LGPL-2.1-or-later",
        "name": "glibc",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "2.40-r3"
      },
      {
        "SPDXID": "SPDXRef-Package-libgcc-14.2.0-r6",
        "copyrightText": "\n",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:apk/wolfi/[email protected]?arch=x86_64",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "GPL-3.0-or-later WITH GCC-exception-3.1",
        "name": "libgcc",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "14.2.0-r6"
      },
      {
        "SPDXID": "SPDXRef-Package-gcc.yaml-c124d6b339496b8bbdd363e87a6ce0a86552ccee",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:github/wolfi-dev/os@c124d6b339496b8bbdd363e87a6ce0a86552ccee#gcc.yaml",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "Apache-2.0",
        "name": "gcc.yaml",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "c124d6b339496b8bbdd363e87a6ce0a86552ccee"
      },
      {
        "SPDXID": "SPDXRef-Package-gcc-14.2.0-0",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:generic/[email protected]?checksum=sha512%3A932bdef0cda94bacedf452ab17f103c0cb511ff2cec55e9112fc0328cbf1d803b42595728ea7b200e0a057c03e85626f937012e49a7515bc5dd256b2bf4bc396&download_url=https%3A%2F%2Fftp.gnu.org%2Fgnu%2Fgcc%2Fgcc-14.2.0%2Fgcc-14.2.0.tar.xz",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "NOASSERTION",
        "name": "gcc",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "14.2.0"
      },
      {
        "SPDXID": "SPDXRef-Package-gdbm-1.24-r1",
        "copyrightText": "\n",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:apk/wolfi/[email protected]?arch=x86_64",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "GPL-3.0-or-later",
        "name": "gdbm",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "1.24-r1"
      },
      {
        "SPDXID": "SPDXRef-Package-gdbm.yaml-b4f8b27ef373d3015347155b79991315266f86ae",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:github/wolfi-dev/os@b4f8b27ef373d3015347155b79991315266f86ae#gdbm.yaml",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "Apache-2.0",
        "name": "gdbm.yaml",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "b4f8b27ef373d3015347155b79991315266f86ae"
      },
      {
        "SPDXID": "SPDXRef-Package-gdbm-1.24-0",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:generic/[email protected]?checksum=sha256%3A695e9827fdf763513f133910bc7e6cfdb9187943a4fec943e57449723d2b8dbf&download_url=https%3A%2F%2Fftp.gnu.org%2Fgnu%2Fgdbm%2Fgdbm-1.24.tar.gz",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "NOASSERTION",
        "name": "gdbm",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "1.24"
      },
      {
        "SPDXID": "SPDXRef-Package-libbz2-1-1.0.8-r9",
        "copyrightText": "\n",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:apk/wolfi/[email protected]?arch=x86_64",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "MPL-2.0 AND MIT",
        "name": "libbz2-1",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "1.0.8-r9"
      },
      {
        "SPDXID": "SPDXRef-Package-bzip2.yaml-1ee80b1a504d79deb74462babc4212c023c10ac1",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:github/wolfi-dev/os@1ee80b1a504d79deb74462babc4212c023c10ac1#bzip2.yaml",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "Apache-2.0",
        "name": "bzip2.yaml",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "1ee80b1a504d79deb74462babc4212c023c10ac1"
      },
      {
        "SPDXID": "SPDXRef-Package-sourceware.org-git-bzip2.git-bzip2-1.0.8-6a8690fc8d26c815e798c588f796eabe9d684cf0-0",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:generic/[email protected]?vcs_url=git%2Bhttps%3A%2F%2Fsourceware.org%2Fgit%2Fbzip2.git%406a8690fc8d26c815e798c588f796eabe9d684cf0",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "MPL-2.0 AND MIT",
        "name": "bzip2",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "bzip2-1.0.8"
      },
      {
        "SPDXID": "SPDXRef-Package-libxcrypt-4.4.36-r8",
        "copyrightText": "\n",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:apk/wolfi/[email protected]?arch=x86_64",
            "referenceType": "purl"
          },
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:github/besser82/[email protected]",
            "referenceType": "purl"
          },
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:github/besser82/libxcrypt@f531a36aa916a22ef2ce7d270ba381e264250cbf",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "GPL-2.0-or-later AND LGPL-2.1-or-later",
        "name": "libxcrypt",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "4.4.36-r8"
      },
      {
        "SPDXID": "SPDXRef-Package-libcrypt1-2.40-r3",
        "copyrightText": "\n",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:apk/wolfi/[email protected]?arch=x86_64",
            "referenceType": "purl"
          },
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:generic/[email protected]?checksum=sha256%3A19a890175e9263d748f627993de6f4b1af9cd21e03f080e4bfb3a1fac10205a2&download_url=https%3A%2F%2Fftp.gnu.org%2Fgnu%2Flibc%2Fglibc-2.40.tar.xz",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "LGPL-2.1-or-later",
        "name": "libcrypt1",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "2.40-r3"
      },
      {
        "SPDXID": "SPDXRef-Package-libcrypto3-3.4.0-r3",
        "copyrightText": "\n",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:apk/wolfi/[email protected]?arch=x86_64",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "Apache-2.0",
        "name": "libcrypto3",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "3.4.0-r3"
      },
      {
        "SPDXID": "SPDXRef-Package-openssl.yaml-e0e1389054552c1d231b228edc1944f9c537f979",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:github/wolfi-dev/os@e0e1389054552c1d231b228edc1944f9c537f979#openssl.yaml",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "Apache-2.0",
        "name": "openssl.yaml",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "e0e1389054552c1d231b228edc1944f9c537f979"
      },
      {
        "SPDXID": "SPDXRef-Package-github.com-openssl-openssl-openssl-3.4.0-98acb6b02839c609ef5b837794e08d906d965335-0",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:github/openssl/[email protected]",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "Apache-2.0",
        "name": "openssl",
        "originator": "Organization: Openssl",
        "supplier": "Organization: Openssl",
        "versionInfo": "openssl-3.4.0"
      },
      {
        "SPDXID": "SPDXRef-Package-libexpat1-2.6.4-r0",
        "copyrightText": "\n",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:apk/wolfi/[email protected]?arch=x86_64",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "MIT",
        "name": "libexpat1",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "2.6.4-r0"
      },
      {
        "SPDXID": "SPDXRef-Package-expat.yaml-b9de67dfd2d7623a41acdd13ab840215a4b45022",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:github/wolfi-dev/os@b9de67dfd2d7623a41acdd13ab840215a4b45022#expat.yaml",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "Apache-2.0",
        "name": "expat.yaml",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "b9de67dfd2d7623a41acdd13ab840215a4b45022"
      },
      {
        "SPDXID": "SPDXRef-Package-expat-2.6.4-0",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:generic/[email protected]?checksum=sha256%3A8dc480b796163d4436e6f1352e71800a774f73dbae213f1860b60607d2a83ada&download_url=https%3A%2F%2Fdownloads.sourceforge.net%2Fproject%2Fexpat%2Fexpat%2F2.6.4%2Fexpat-2.6.4.tar.bz2",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "NOASSERTION",
        "name": "expat",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "2.6.4"
      },
      {
        "SPDXID": "SPDXRef-Package-libffi-3.4.6-r5",
        "copyrightText": "\n",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:apk/wolfi/[email protected]?arch=x86_64",
            "referenceType": "purl"
          },
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:github/libffi/[email protected]",
            "referenceType": "purl"
          },
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:github/libffi/libffi.git@3d0ce1e6fcf19f853894862abcbac0ae78a7be60",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "MIT",
        "name": "libffi",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "3.4.6-r5"
      },
      {
        "SPDXID": "SPDXRef-Package-libssl3-3.4.0-r3",
        "copyrightText": "\n",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:apk/wolfi/[email protected]?arch=x86_64",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "Apache-2.0",
        "name": "libssl3",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "3.4.0-r3"
      },
      {
        "SPDXID": "SPDXRef-Package-libstdcC43C43-14.2.0-r6",
        "copyrightText": "\n",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:apk/wolfi/libstdc%2B%[email protected]?arch=x86_64",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "GPL-3.0-or-later WITH GCC-exception-3.1",
        "name": "libstdc++",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "14.2.0-r6"
      },
      {
        "SPDXID": "SPDXRef-Package-mpdecimal-4.0.0-r3",
        "copyrightText": "\n",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:apk/wolfi/[email protected]?arch=x86_64",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "MIT",
        "name": "mpdecimal",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "4.0.0-r3"
      },
      {
        "SPDXID": "SPDXRef-Package-mpdecimal.yaml-89deebf521a0b2412abd834c22bd037e504c78ef",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:github/wolfi-dev/os@89deebf521a0b2412abd834c22bd037e504c78ef#mpdecimal.yaml",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "Apache-2.0",
        "name": "mpdecimal.yaml",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "89deebf521a0b2412abd834c22bd037e504c78ef"
      },
      {
        "SPDXID": "SPDXRef-Package-mpdecimal-4.0.0-0",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:generic/[email protected]?checksum=sha256%3A942445c3245b22730fd41a67a7c5c231d11cb1b9936b9c0f76334fb7d0b4468c&download_url=https%3A%2F%2Fwww.bytereef.org%2Fsoftware%2Fmpdecimal%2Freleases%2Fmpdecimal-4.0.0.tar.gz",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "NOASSERTION",
        "name": "mpdecimal",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "4.0.0"
      },
      {
        "SPDXID": "SPDXRef-Package-ncurses-terminfo-base-6.5C95p20241006-r4",
        "copyrightText": "\n",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:apk/wolfi/[email protected]_p20241006-r4?arch=x86_64",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "MIT",
        "name": "ncurses-terminfo-base",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "6.5_p20241006-r4"
      },
      {
        "SPDXID": "SPDXRef-Package-ncurses.yaml-93f3a40b29ab6e944a0d484a60fa94349aee43f4",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:github/wolfi-dev/os@93f3a40b29ab6e944a0d484a60fa94349aee43f4#ncurses.yaml",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "Apache-2.0",
        "name": "ncurses.yaml",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "93f3a40b29ab6e944a0d484a60fa94349aee43f4"
      },
      {
        "SPDXID": "SPDXRef-Package-SPDXRef-Package-sha256-35896bfd92e146664fc237400a577c41471a1739fcafcf6db8fe427fea642371-ncurses-6.5C95p20241006-r4",
        "checksums": [
          {
            "algorithm": "SHA1",
            "checksumValue": "30aed180f89e11834f56e8dbcf5778f00d61a29f"
          }
        ],
        "description": "console display library",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:apk/wolfi/[email protected]_p20241006-r4?arch=x86_64",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "MIT",
        "name": "ncurses",
        "originator": "Person: ",
        "sourceInfo": "Package info from apk database",
        "supplier": "Organization: Wolfi",
        "versionInfo": "6.5_p20241006-r4"
      },
      {
        "SPDXID": "SPDXRef-Package-ncurses-6.5C95p20241006-r4",
        "copyrightText": "\n",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:apk/wolfi/[email protected]_p20241006-r4?arch=x86_64",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "MIT",
        "name": "ncurses",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "6.5_p20241006-r4"
      },
      {
        "SPDXID": "SPDXRef-Package-py3-pip-wheel-24.3.1-r0",
        "copyrightText": "\n",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:apk/wolfi/[email protected]?arch=x86_64",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "MIT",
        "name": "py3-pip-wheel",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "24.3.1-r0"
      },
      {
        "SPDXID": "SPDXRef-Package-py3-pip.yaml-6614b8d57b1866cd4887627edf20edac11f39df3",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:github/wolfi-dev/os@6614b8d57b1866cd4887627edf20edac11f39df3#py3-pip.yaml",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "Apache-2.0",
        "name": "py3-pip.yaml",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "6614b8d57b1866cd4887627edf20edac11f39df3"
      },
      {
        "SPDXID": "SPDXRef-Package-github.com-pypa-pip-24.3.1-05293b6b55eca86490b7c2944bcc558a56064f0d-0",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:github/pypa/[email protected]",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "MIT",
        "name": "pip",
        "originator": "Organization: Pypa",
        "supplier": "Organization: Pypa",
        "versionInfo": "24.3.1"
      },
      {
        "SPDXID": "SPDXRef-Package-xz-5.6.3-r2",
        "copyrightText": "\n",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:apk/wolfi/[email protected]?arch=x86_64",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "GPL-3.0-or-later",
        "name": "xz",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "5.6.3-r2"
      },
      {
        "SPDXID": "SPDXRef-Package-xz.yaml-7cbd71889f2e6848c7ab65a51774093b2e29b8d7",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:github/wolfi-dev/os@7cbd71889f2e6848c7ab65a51774093b2e29b8d7#xz.yaml",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "Apache-2.0",
        "name": "xz.yaml",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "7cbd71889f2e6848c7ab65a51774093b2e29b8d7"
      },
      {
        "SPDXID": "SPDXRef-Package-xz-5.6.3-0",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:generic/[email protected]?checksum=sha256%3Ab1d45295d3f71f25a4c9101bd7c8d16cb56348bbef3bbc738da0351e17c73317&download_url=https%3A%2F%2Fgithub.com%2Ftukaani-project%2Fxz%2Freleases%2Fdownload%2Fv5.6.3%2Fxz-5.6.3.tar.gz",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "NOASSERTION",
        "name": "xz",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "5.6.3"
      },
      {
        "SPDXID": "SPDXRef-Package-readline-8.2.13-r1",
        "copyrightText": "\n",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:apk/wolfi/[email protected]?arch=x86_64",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "GPL-3.0-or-later",
        "name": "readline",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "8.2.13-r1"
      },
      {
        "SPDXID": "SPDXRef-Package-readline.yaml-aef12c57312b851e3a8d8be538a166e3a080b84d",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:github/wolfi-dev/os@aef12c57312b851e3a8d8be538a166e3a080b84d#readline.yaml",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "Apache-2.0",
        "name": "readline.yaml",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "aef12c57312b851e3a8d8be538a166e3a080b84d"
      },
      {
        "SPDXID": "SPDXRef-Package-readline-8.2.13-0",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:generic/[email protected]?checksum=sha256%3A0e5be4d2937e8bd9b7cd60d46721ce79f88a33415dd68c2d738fb5924638f656&download_url=https%3A%2F%2Fftp.gnu.org%2Fgnu%2Freadline%2Freadline-8.2.13.tar.gz",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "NOASSERTION",
        "name": "readline",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "8.2.13"
      },
      {
        "SPDXID": "SPDXRef-Package-sqlite-libs-3.47.0-r0",
        "copyrightText": "\n",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:apk/wolfi/[email protected]?arch=x86_64",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "blessing",
        "name": "sqlite-libs",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "3.47.0-r0"
      },
      {
        "SPDXID": "SPDXRef-Package-sqlite.yaml-703a3f657d09ee6e3e273de42e8b82063569a4ed",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:github/wolfi-dev/os@703a3f657d09ee6e3e273de42e8b82063569a4ed#sqlite.yaml",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "Apache-2.0",
        "name": "sqlite.yaml",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "703a3f657d09ee6e3e273de42e8b82063569a4ed"
      },
      {
        "SPDXID": "SPDXRef-Package-sqlite-3.47.0-0",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:generic/[email protected]?checksum=sha256%3A83eb21a6f6a649f506df8bd3aab85a08f7556ceed5dbd8dea743ea003fc3a957&download_url=https%3A%2F%2Fwww.sqlite.org%2F2024%2Fsqlite-autoconf-3470000.tar.gz",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "NOASSERTION",
        "name": "sqlite",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "3.47.0"
      },
      {
        "SPDXID": "SPDXRef-Package-zlib-1.3.1-r4",
        "copyrightText": "\n",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE_MANAGER",
            "referenceLocator": "pkg:apk/wolfi/[email protected]?arch=x86_64",
            "referenceType": "purl"
          },
          {
            "referenceCategory": "PACKAGE_MANAGER",
            "referenceLocator": "pkg:github/madler/[email protected]",
            "referenceType": "purl"
          },
          {
            "referenceCategory": "PACKAGE_MANAGER",
            "referenceLocator": "pkg:github/madler/zlib.git@51b7f2abdade71cd9bb0e7a373ef2610ec6f9daf",
            "referenceType": "purl"
          },
          {
            "referenceCategory": "PACKAGE_MANAGER",
            "referenceLocator": "pkg:github/wolfi-dev/os@71d8c809791db5fb95781c7c1eab528930109f92#zlib.yaml",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "MPL-2.0 AND MIT",
        "name": "zlib",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "1.3.1-r4"
      },
      {
        "SPDXID": "SPDXRef-Package-python-3.12-base-3.12.7-r1",
        "copyrightText": "\n",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:apk/wolfi/[email protected]?arch=x86_64",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "PSF-2.0",
        "name": "python-3.12-base",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "3.12.7-r1"
      },
      {
        "SPDXID": "SPDXRef-Package-python-3.12.yaml-39014449ea139194a9e111ec1516674dbf2947c6",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:github/wolfi-dev/os@39014449ea139194a9e111ec1516674dbf2947c6#python-3.12.yaml",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "Apache-2.0",
        "name": "python-3.12.yaml",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "39014449ea139194a9e111ec1516674dbf2947c6"
      },
      {
        "SPDXID": "SPDXRef-Package-github.com-python-cpython.git-v3.12.7-0b05ead877f909b7efe712db758012d9dbece7ce-0",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:github/python/[email protected]",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "PSF-2.0",
        "name": "cpython.git",
        "originator": "Organization: Python",
        "supplier": "Organization: Python",
        "versionInfo": "v3.12.7"
      },
      {
        "SPDXID": "SPDXRef-Package-python-3.12-3.12.7-r1",
        "copyrightText": "\n",
        "downloadLocation": "NOASSERTION",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:apk/wolfi/[email protected]?arch=x86_64",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "PSF-2.0",
        "name": "python-3.12",
        "originator": "Organization: Wolfi",
        "supplier": "Organization: Wolfi",
        "versionInfo": "3.12.7-r1"
      }
    ],
    "relationships": [
      {
        "relatedSpdxElement": "SPDXRef-Package-sha256-35896bfd92e146664fc237400a577c41471a1739fcafcf6db8fe427fea642371",
        "relationshipType": "CONTAINS",
        "spdxElementId": "SPDXRef-Package-sha256-7731c72bf7bfe26259675ddfbad1ed69cfc817ffc3e8390e769219a423be6953"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-ca-certificates.yaml-496a8fac9d19342919c60ef12a23504ee414ea0b",
        "relationshipType": "DESCRIBED_BY",
        "spdxElementId": "SPDXRef-Package-ca-certificates-bundle-20241010-r2"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-gitlab.alpinelinux.org-alpine-ca-certificates-20241010-153107a3beeff73331fd6ac8fa40312f3e92f4f0-0",
        "relationshipType": "GENERATED_FROM",
        "spdxElementId": "SPDXRef-Package-ca-certificates-bundle-20241010-r2"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-gcc.yaml-c124d6b339496b8bbdd363e87a6ce0a86552ccee",
        "relationshipType": "DESCRIBED_BY",
        "spdxElementId": "SPDXRef-Package-libgcc-14.2.0-r6"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-gcc-14.2.0-0",
        "relationshipType": "GENERATED_FROM",
        "spdxElementId": "SPDXRef-Package-libgcc-14.2.0-r6"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-gdbm.yaml-b4f8b27ef373d3015347155b79991315266f86ae",
        "relationshipType": "DESCRIBED_BY",
        "spdxElementId": "SPDXRef-Package-gdbm-1.24-r1"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-gdbm-1.24-0",
        "relationshipType": "GENERATED_FROM",
        "spdxElementId": "SPDXRef-Package-gdbm-1.24-r1"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-bzip2.yaml-1ee80b1a504d79deb74462babc4212c023c10ac1",
        "relationshipType": "DESCRIBED_BY",
        "spdxElementId": "SPDXRef-Package-libbz2-1-1.0.8-r9"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-sourceware.org-git-bzip2.git-bzip2-1.0.8-6a8690fc8d26c815e798c588f796eabe9d684cf0-0",
        "relationshipType": "GENERATED_FROM",
        "spdxElementId": "SPDXRef-Package-libbz2-1-1.0.8-r9"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-openssl.yaml-e0e1389054552c1d231b228edc1944f9c537f979",
        "relationshipType": "DESCRIBED_BY",
        "spdxElementId": "SPDXRef-Package-libcrypto3-3.4.0-r3"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-github.com-openssl-openssl-openssl-3.4.0-98acb6b02839c609ef5b837794e08d906d965335-0",
        "relationshipType": "GENERATED_FROM",
        "spdxElementId": "SPDXRef-Package-libcrypto3-3.4.0-r3"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-expat.yaml-b9de67dfd2d7623a41acdd13ab840215a4b45022",
        "relationshipType": "DESCRIBED_BY",
        "spdxElementId": "SPDXRef-Package-libexpat1-2.6.4-r0"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-expat-2.6.4-0",
        "relationshipType": "GENERATED_FROM",
        "spdxElementId": "SPDXRef-Package-libexpat1-2.6.4-r0"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-openssl.yaml-e0e1389054552c1d231b228edc1944f9c537f979",
        "relationshipType": "DESCRIBED_BY",
        "spdxElementId": "SPDXRef-Package-libssl3-3.4.0-r3"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-github.com-openssl-openssl-openssl-3.4.0-98acb6b02839c609ef5b837794e08d906d965335-0",
        "relationshipType": "GENERATED_FROM",
        "spdxElementId": "SPDXRef-Package-libssl3-3.4.0-r3"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-gcc.yaml-c124d6b339496b8bbdd363e87a6ce0a86552ccee",
        "relationshipType": "DESCRIBED_BY",
        "spdxElementId": "SPDXRef-Package-libstdcC43C43-14.2.0-r6"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-gcc-14.2.0-0",
        "relationshipType": "GENERATED_FROM",
        "spdxElementId": "SPDXRef-Package-libstdcC43C43-14.2.0-r6"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-mpdecimal.yaml-89deebf521a0b2412abd834c22bd037e504c78ef",
        "relationshipType": "DESCRIBED_BY",
        "spdxElementId": "SPDXRef-Package-mpdecimal-4.0.0-r3"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-mpdecimal-4.0.0-0",
        "relationshipType": "GENERATED_FROM",
        "spdxElementId": "SPDXRef-Package-mpdecimal-4.0.0-r3"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-ncurses.yaml-93f3a40b29ab6e944a0d484a60fa94349aee43f4",
        "relationshipType": "DESCRIBED_BY",
        "spdxElementId": "SPDXRef-Package-ncurses-terminfo-base-6.5C95p20241006-r4"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-ncurses-6.5C95p20241006-r4",
        "relationshipType": "GENERATED_FROM",
        "spdxElementId": "SPDXRef-Package-ncurses-terminfo-base-6.5C95p20241006-r4"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-ncurses.yaml-93f3a40b29ab6e944a0d484a60fa94349aee43f4",
        "relationshipType": "DESCRIBED_BY",
        "spdxElementId": "SPDXRef-Package-ncurses-6.5C95p20241006-r4"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-ncurses-6.5C95p20241006-r4",
        "relationshipType": "GENERATED_FROM",
        "spdxElementId": "SPDXRef-Package-ncurses-6.5C95p20241006-r4"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-py3-pip.yaml-6614b8d57b1866cd4887627edf20edac11f39df3",
        "relationshipType": "DESCRIBED_BY",
        "spdxElementId": "SPDXRef-Package-py3-pip-wheel-24.3.1-r0"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-github.com-pypa-pip-24.3.1-05293b6b55eca86490b7c2944bcc558a56064f0d-0",
        "relationshipType": "GENERATED_FROM",
        "spdxElementId": "SPDXRef-Package-py3-pip-wheel-24.3.1-r0"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-xz.yaml-7cbd71889f2e6848c7ab65a51774093b2e29b8d7",
        "relationshipType": "DESCRIBED_BY",
        "spdxElementId": "SPDXRef-Package-xz-5.6.3-r2"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-xz-5.6.3-0",
        "relationshipType": "GENERATED_FROM",
        "spdxElementId": "SPDXRef-Package-xz-5.6.3-r2"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-readline.yaml-aef12c57312b851e3a8d8be538a166e3a080b84d",
        "relationshipType": "DESCRIBED_BY",
        "spdxElementId": "SPDXRef-Package-readline-8.2.13-r1"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-readline-8.2.13-0",
        "relationshipType": "GENERATED_FROM",
        "spdxElementId": "SPDXRef-Package-readline-8.2.13-r1"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-sqlite.yaml-703a3f657d09ee6e3e273de42e8b82063569a4ed",
        "relationshipType": "DESCRIBED_BY",
        "spdxElementId": "SPDXRef-Package-sqlite-libs-3.47.0-r0"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-sqlite-3.47.0-0",
        "relationshipType": "GENERATED_FROM",
        "spdxElementId": "SPDXRef-Package-sqlite-libs-3.47.0-r0"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-python-3.12.yaml-39014449ea139194a9e111ec1516674dbf2947c6",
        "relationshipType": "DESCRIBED_BY",
        "spdxElementId": "SPDXRef-Package-python-3.12-base-3.12.7-r1"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-github.com-python-cpython.git-v3.12.7-0b05ead877f909b7efe712db758012d9dbece7ce-0",
        "relationshipType": "GENERATED_FROM",
        "spdxElementId": "SPDXRef-Package-python-3.12-base-3.12.7-r1"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-python-3.12.yaml-39014449ea139194a9e111ec1516674dbf2947c6",
        "relationshipType": "DESCRIBED_BY",
        "spdxElementId": "SPDXRef-Package-python-3.12-3.12.7-r1"
      },
      {
        "relatedSpdxElement": "SPDXRef-Package-github.com-python-cpython.git-v3.12.7-0b05ead877f909b7efe712db758012d9dbece7ce-0",
        "relationshipType": "GENERATED_FROM",
        "spdxElementId": "SPDXRef-Package-python-3.12-3.12.7-r1"
      }
    ],
    "spdxVersion": "SPDX-2.3"
  }
}
@andrew-womeldorf andrew-womeldorf added the needs-triage applied to all new customer/user issues. Removed after triage occurs. label Dec 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs-triage applied to all new customer/user issues. Removed after triage occurs.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@andrew-womeldorf