CycloneDX Part 2

bom.xml

<?xml version="1.0"?><bom serialNumber="b306a76c-4f96-4849-ae45-53e19e65d09c" xmlns="http://cyclonedx.org/schema/bom/1.2"><metadata><timestamp>2023-08-16T20:54:12.425645Z</timestamp><tools><tool><name>SBoM Mix task for Elixir</name></tool></tools><component><bom-ref>685d54d5e8f71d2f</bom-ref><type>container</type><name>docker.io/library/alpine:latest</name><version>sha256:cbaa390ec61abd889dfa5146a411c11717c19ef9e5e18458dbdc06439076ffe7</version></component></metadata><components><component type="library"><name>decimal</name><version>2.1.1</version><description>Arbitrary precision decimal arithmetic.</description><licenses><license><id>Apache-2.0</id></license></licenses><purl>pkg:hex/decimal@2.1.1</purl><hashes><hash alg="SHA-256">5611dca5d4b2c3dd497dec8f68751f1f1a54755e8ed2a966c2633cf885973ad6</hash></hashes></component><component type="library"><name>combine</name><version>0.10.0</version><description>A parser combinator library for Elixir projects.</description><licenses><license><id>MIT</id></license></licenses><purl>pkg:hex/combine@0.10.0</purl><hashes><hash alg="SHA-256">eff8224eeb56498a2af13011d142c5e7997a80c8f5b97c499f84c841032e429f</hash></hashes></component><component type="library"><name>mime</name><version>2.0.5</version><description>A MIME type module for Elixir</description><licenses><license><id>Apache-2.0</id></license></licenses><purl>pkg:hex/mime@2.0.5</purl><hashes><hash alg="SHA-256">dc34c8efd439abe6ae0343edbb8556f4d63f178594894720607772a041b04b02</hash></hashes></component><component type="library"><name>nimble_options</name><version>1.0.2</version><description>A tiny library for validating and documenting high-level options</description><licenses><license><id>Apache-2.0</id></license></licenses><purl>pkg:hex/nimble_options@1.0.2</purl><hashes><hash alg="SHA-256">92098a74df0072ff37d0c12ace58574d26880e522c22801437151a159392270e</hash></hashes></component><component type="library"><name>unicode_util_compat</name><version>0.7.0</version><description>unicode_util compatibility library for Erlang &lt; 20</description><licenses><license><id>Apache-2.0</id></license></licenses><purl>pkg:hex/unicode_util_compat@0.7.0</purl><hashes><hash alg="SHA-256">bc84380c9ab48177092f43ac89e4dfa2c6d62b40b8bd132b1059ecc7232f9a78</hash></hashes></component><component type="library"><name>idna</name><version>6.1.1</version><description>A pure Erlang IDNA implementation</description><licenses><license><id>MIT</id></license></licenses><purl>pkg:hex/idna@6.1.1</purl><hashes><hash alg="SHA-256">8a63070e9f7d0c62eb9d9fcb360a7de382448200fbbd1b106cc96d3d8099df8d</hash></hashes></component><component type="library"><name>telemetry</name><version>1.2.1</version><description>Dynamic dispatching library for metrics and instrumentations</description><licenses><license><id>Apache-2.0</id></license></licenses><purl>pkg:hex/telemetry@1.2.1</purl><hashes><hash alg="SHA-256">68fdfe8d8f05a8428483a97d7aab2f268aaff24b49e0f599faa091f1d4e7f61c</hash></hashes></component><component type="library"><name>telemetry_metrics</name><version>0.6.1</version><description>Provides a common interface for defining metrics based on Telemetry events.</description><licenses><license><id>Apache-2.0</id></license></licenses><purl>pkg:hex/telemetry_metrics@0.6.1</purl><hashes><hash alg="SHA-256">315d9163a1d4660aedc3fee73f33f1d355dcc76c5c3ab3d59e76e3edf80eef1f</hash></hashes></component><component type="library"><name>telemetry_poller</name><version>1.0.0</version><description>Periodically collect measurements and dispatch them as Telemetry events.</description><licenses><license><id>Apache-2.0</id></license></licenses><purl>pkg:hex/telemetry_poller@1.0.0</purl><hashes><hash alg="SHA-256">db91bb424e07f2bb6e73926fcafbfcbcb295f0193e0a00e825e589a0a47e8453</hash></hashes></component><component type="library"><name>jason</name><version>1.4.1</version><description>A blazing fast JSON parser and generator in pure Elixir.</description><licenses><license><id>Apache-2.0</id></license></licenses><purl>pkg:hex/jason@1.4.1</purl><hashes><hash alg="SHA-256">af1504e35f629ddcdd6addb3513c3853991f694921b1b9368b0bd32beb9f1b63</hash></hashes></component><component type="library"><name>comeonin</name><version>5.3.3</version><description>A specification for password hashing libraries</description><licenses><license><id>BSD-3-Clause</id></license></licenses><purl>pkg:hex/comeonin@5.3.3</purl><hashes><hash alg="SHA-256">2c564dac95a35650e9b6acfe6d2952083d8a08e4a89b93a481acb552b325892e</hash></hashes></component><component type="library"><name>db_connection</name><version>2.5.0</version><description>Database connection behaviour for database transactions and connection pooling</description><licenses><license><id>Apache-2.0</id></license></licenses><purl>pkg:hex/db_connection@2.5.0</purl><hashes><hash alg="SHA-256">bb6d4f30d35ded97b29fe80d8bd6f928a1912ca1ff110831edcd238a1973652c</hash></hashes></component><component type="library"><name>expo</name><version>0.1.0</version><description>Low-level Gettext file handling (.po/.pot/.mo file writer and parser).</description><licenses><license><id>Apache-2.0</id></license></licenses><purl>pkg:hex/expo@0.1.0</purl><hashes><hash alg="SHA-256">d4e932bdad052c374118e312e35280f1919ac13881cb3ac07a209a54d0c81dd8</hash></hashes></component><component type="library"><name>phoenix_pubsub</name><version>2.1.3</version><description>Distributed PubSub and Presence platform</description><licenses><license><id>MIT</id></license></licenses><purl>pkg:hex/phoenix_pubsub@2.1.3</purl><hashes><hash alg="SHA-256">3168d78ba41835aecad272d5e8cd51aa87a7ac9eb836eabc42f6e57538e3731d</hash></hashes></component><component type="library"><name>plug_crypto</name><version>1.2.5</version><description>Crypto-related functionality for the web</description><licenses><license><id>Apache-2.0</id></license></licenses><purl>pkg:hex/plug_crypto@1.2.5</purl><hashes><hash alg="SHA-256">918772575e48e81e455818229bf719d4ab4181fcbf7f85b68a35620f78d89ced</hash></hashes></component><component type="library"><name>hpax</name><version>0.1.2</version><description>Implementation of the HPACK protocol (RFC 7541) for Elixir</description><licenses><license><id>Apache-2.0</id></license></licenses><purl>pkg:hex/hpax@0.1.2</purl><hashes><hash alg="SHA-256">09a75600d9d8bbd064cdd741f21fc06fc1f4cf3d0fcc335e5aa19be1a7235c84</hash></hashes></component><component type="library"><name>mimerl</name><version>1.2.0</version><description>Library to handle mimetypes</description><licenses><license><id>MIT</id></license></licenses><purl>pkg:hex/mimerl@1.2.0</purl><hashes><hash alg="SHA-256">67e2d3f571088d5cfd3e550c383094b47159f3eee8ffa08e64106cdf5e981be3</hash></hashes></component><component type="library"><name>gettext</name><version>0.21.0</version><description>Internationalization and localization through gettext</description><licenses><license><id>Apache-2.0</id></license></licenses><purl>pkg:hex/gettext@0.21.0</purl><hashes><hash alg="SHA-256">15bbceb20b317b706a8041061a08e858b5a189654128618b53746bf36c84352b</hash></hashes></component><component type="library"><name>ranch</name><version>1.8.0</version><description>Socket acceptor pool for TCP protocols.</description><licenses><license><id>ISC</id></license></licenses><purl>pkg:hex/ranch@1.8.0</purl><hashes><hash alg="SHA-256">8c7a100a139fd57f17327b6413e4167ac559fbc04ca7448e9be9057311597a1d</hash></hashes></component><component type="library"><name>ssl_verify_fun</name><version>1.1.7</version><description>SSL verification library</description><licenses><license><id>MIT</id></license></licenses><purl>pkg:hex/ssl_verify_fun@1.1.7</purl><hashes><hash alg="SHA-256">354c321cf377240c7b8716899e182ce4890c5938111a1296add3ec74cf1715df</hash></hashes></component><component type="library"><name>certifi</name><version>2.9.0</version><description>CA bundle adapted from Mozilla by https://certifi.io</description><licenses><license><name>BSD</name></license></licenses><purl>pkg:hex/certifi@2.9.0</purl><hashes><hash alg="SHA-256">6f2a475689dd47f19fb74334859d460a2dc4e3252a3324bd2111b8f0429e7e21</hash></hashes></component><component type="library"><name>ecto</name><version>3.10.3</version><description>A toolkit for data mapping and language integrated query for Elixir</description><licenses><license><id>Apache-2.0</id></license></licenses><purl>pkg:hex/ecto@3.10.3</purl><hashes><hash alg="SHA-256">eb2ae2eecd210b4eb8bece1217b297ad4ff824b4384c0e3fdd28aaf96edd6135</hash></hashes></component><component type="library"><name>plug</name><version>1.14.2</version><description>Compose web applications with functions</description><licenses><license><id>Apache-2.0</id></license></licenses><purl>pkg:hex/plug@1.14.2</purl><cpe>cpe:2.3:a:elixir-plug:plug:1.14.2:*:*:*:*:*:*:*</cpe><hashes><hash alg="SHA-256">cff7d4ec45b4ae176a227acd94a7ab536d9b37b942c8e8fa6dfc0fff98ff4d80</hash></hashes></component><component type="library"><name>phoenix_html</name><version>3.3.1</version><description>Phoenix view functions for working with HTML templates</description><licenses><license><id>MIT</id></license></licenses><purl>pkg:hex/phoenix_html@3.3.1</purl><hashes><hash alg="SHA-256">4788757e804a30baac6b3fc9695bf5562465dd3f1da8eb8460ad5b404d9a2178</hash></hashes></component><component type="library"><name>phoenix_template</name><version>1.0.2</version><description>Template rendering for Phoenix</description><licenses><license><id>MIT</id></license></licenses><purl>pkg:hex/phoenix_template@1.0.2</purl><hashes><hash alg="SHA-256">a3dd349493d7c0b8f58da8175f805963a5b809ffc7d8c1b8dd46ba5b199ef58f</hash></hashes></component><component type="library"><name>postgrex</name><version>0.17.1</version><description>PostgreSQL driver for Elixir</description><licenses><license><id>Apache-2.0</id></license></licenses><purl>pkg:hex/postgrex@0.17.1</purl><hashes><hash alg="SHA-256">01c29fd1205940ee55f7addb8f1dc25618ca63a8817e56fac4f6846fc2cddcbe</hash></hashes></component><component type="library"><name>faker</name><version>0.17.0</version><description>Faker is a pure Elixir library for generating fake data.</description><licenses><license><id>MIT</id></license></licenses><purl>pkg:hex/faker@0.17.0</purl><hashes><hash alg="SHA-256">671019d0652f63aefd8723b72167ecdb284baf7d47ad3a82a15e9b8a6df5d1fa</hash></hashes></component><component type="library"><name>number</name><version>1.0.4</version><description>Convert numbers to various string formats, such as currency</description><licenses><license><id>MIT</id></license></licenses><purl>pkg:hex/number@1.0.4</purl><hashes><hash alg="SHA-256">3e6e6032a3c1d4c3760e77a42c580a57a15545dd993af380809da30fe51a032c</hash></hashes></component><component type="library"><name>parse_trans</name><version>3.3.1</version><description>Parse transform library</description><licenses><license><id>Apache-2.0</id></license></licenses><purl>pkg:hex/parse_trans@3.3.1</purl><hashes><hash alg="SHA-256">16328ab840cc09919bd10dab29e431da3af9e9e7e7e6f0089dd5a2d2820011d8</hash></hashes></component><component type="library"><name>ecto_sql</name><version>3.10.1</version><description>SQL-based adapters for Ecto and database migrations</description><licenses><license><id>Apache-2.0</id></license></licenses><purl>pkg:hex/ecto_sql@3.10.1</purl><hashes><hash alg="SHA-256">6ea6b3036a0b0ca94c2a02613fd9f742614b5cfe494c41af2e6571bb034dd94c</hash></hashes></component><component type="library"><name>nimble_pool</name><version>1.0.0</version><description>A tiny resource-pool implementation</description><licenses><license><id>Apache-2.0</id></license></licenses><purl>pkg:hex/nimble_pool@1.0.0</purl><hashes><hash alg="SHA-256">5eb82705d138f4dd4423f69ceb19ac667b3b492ae570c9f5c900bb3d2f50a847</hash></hashes></component><component type="library"><name>metrics</name><version>1.0.1</version><description>A generic interface to different metrics systems in Erlang.</description><licenses><license><name>BSD</name></license></licenses><purl>pkg:hex/metrics@1.0.1</purl><hashes><hash alg="SHA-256">25f094dea2cda98213cecc3aeff09e940299d950904393b2a29d191c346a8486</hash></hashes></component><component type="library"><name>hackney</name><version>1.18.1</version><description>simple HTTP client</description><licenses><license><id>Apache-2.0</id></license></licenses><purl>pkg:hex/hackney@1.18.1</purl><hashes><hash alg="SHA-256">f48bf88f521f2a229fc7bae88cf4f85adc9cd9bcf23b5dc8eb6a1788c662c4f6</hash></hashes></component><component type="library"><name>tzdata</name><version>1.1.1</version><description>Tzdata is a parser and library for the tz database.</description><licenses><license><id>MIT</id></license></licenses><purl>pkg:hex/tzdata@1.1.1</purl><hashes><hash alg="SHA-256">20c8043476dfda8504952d00adac41c6eda23912278add38edc140ae0c5bcc46</hash></hashes></component><component type="library"><name>timex</name><version>3.7.11</version><description>Timex is a rich, comprehensive Date/Time library for Elixir projects, with full timezone support via the :tzdata package.
If you need to manipulate dates, times, datetimes, timestamps, etc., then Timex is for you!</description><licenses><license><id>MIT</id></license></licenses><purl>pkg:hex/timex@3.7.11</purl><hashes><hash alg="SHA-256">bb95cb4eb1d06e27346325de506bcc6c30f9c6dea40d1ebe390b262fad1862d1</hash></hashes></component><component type="library"><name>castore</name><version>1.0.3</version><description>Up-to-date CA certificate store.</description><licenses><license><id>Apache-2.0</id></license></licenses><purl>pkg:hex/castore@1.0.3</purl><hashes><hash alg="SHA-256">7130ba6d24c8424014194676d608cb989f62ef8039efd50ff4b3f33286d06db8</hash></hashes></component><component type="library"><name>esbuild</name><version>0.7.1</version><description>Mix tasks for installing and invoking esbuild</description><licenses><license><id>MIT</id></license></licenses><purl>pkg:hex/esbuild@0.7.1</purl><hashes><hash alg="SHA-256">fa0947e8c3c3c2f86c9bf7e791a0a385007ccd42b86885e8e893bdb6631f5169</hash></hashes></component><component type="library"><name>tailwind</name><version>0.2.1</version><description>Mix tasks for installing and invoking tailwind</description><licenses><license><id>MIT</id></license></licenses><purl>pkg:hex/tailwind@0.2.1</purl><hashes><hash alg="SHA-256">83d8eadbe71a8e8f67861fe7f8d51658ecfb258387123afe4d9dc194eddc36b0</hash></hashes></component><component type="library"><name>elixir_make</name><version>0.7.7</version><description>A Make compiler for Mix</description><licenses><license><id>Apache-2.0</id></license></licenses><purl>pkg:hex/elixir_make@0.7.7</purl><hashes><hash alg="SHA-256">7128c60c2476019ed978210c245badf08b03dbec4f24d05790ef791da11aa17c</hash></hashes></component><component type="library"><name>bcrypt_elixir</name><version>3.0.1</version><description>Bcrypt password hashing algorithm for Elixir</description><licenses><license><id>BSD-3-Clause</id></license><license><id>ISC</id></license><license><id>BSD-4-Clause</id></license></licenses><purl>pkg:hex/bcrypt_elixir@3.0.1</purl><hashes><hash alg="SHA-256">9be815469e6bfefec40fa74658ecbbe6897acfb57614df1416eeccd4903f602c</hash></hashes></component><component type="library"><name>mint</name><version>1.5.1</version><description>Small and composable HTTP client.</description><licenses><license><id>Apache-2.0</id></license></licenses><purl>pkg:hex/mint@1.5.1</purl><hashes><hash alg="SHA-256">8db5239e56738552d85af398798c80648db0e90f343c8469f6c6d8898944fb6f</hash></hashes></component><component type="library"><name>finch</name><version>0.16.0</version><description>An HTTP client focused on performance.</description><licenses><license><id>MIT</id></license></licenses><purl>pkg:hex/finch@0.16.0</purl><hashes><hash alg="SHA-256">40733f02c89f94a112518071c0a91fe86069560f5dbdb39f9150042f44dcfb1a</hash></hashes></component><component type="library"><name>websock</name><version>0.5.2</version><description>A specification for WebSocket connections</description><licenses><license><id>MIT</id></license></licenses><purl>pkg:hex/websock@0.5.2</purl><hashes><hash alg="SHA-256">b3c08511d8d79ed2c2f589ff430bd1fe799bb389686dafce86d28801783d8351</hash></hashes></component><component type="library"><name>cowlib</name><version>2.12.1</version><description>Support library for manipulating Web protocols.</description><licenses><license><id>ISC</id></license></licenses><purl>pkg:hex/cowlib@2.12.1</purl><hashes><hash alg="SHA-256">a9fa9a625f1d2025fe6b462cb865881329b5caff8f1854d1cbc9f9533f00e1e1</hash></hashes></component><component type="library"><name>cowboy</name><version>2.10.0</version><description>Small, fast, modern HTTP server.</description><licenses><license><id>ISC</id></license></licenses><purl>pkg:hex/cowboy@2.10.0</purl><hashes><hash alg="SHA-256">ff9ffeff91dae4ae270dd975642997afe2a1179d94b1887863e43f681a203e26</hash></hashes></component><component type="library"><name>cowboy_telemetry</name><version>0.4.0</version><description>Telemetry instrumentation for Cowboy</description><licenses><license><id>Apache-2.0</id></license></licenses><purl>pkg:hex/cowboy_telemetry@0.4.0</purl><hashes><hash alg="SHA-256">f239f68b588efa7707abce16a84d0d2acf3a0f50571f8bb7f56a15865aae820c</hash></hashes></component><component type="library"><name>plug_cowboy</name><version>2.6.1</version><description>A Plug adapter for Cowboy</description><licenses><license><id>Apache-2.0</id></license></licenses><purl>pkg:hex/plug_cowboy@2.6.1</purl><hashes><hash alg="SHA-256">9a3bbfceeb65eff5f39dab529e5cd79137ac36e913c02067dba3963a26efe9b2</hash></hashes></component><component type="library"><name>swoosh</name><version>1.11.3</version><description>Compose, deliver and test your emails easily in Elixir. Supports SMTP,
Sendgrid, Mandrill, Postmark, Mailgun and many more out of the box.
Preview your emails in the browser. Test your email sending code.</description><licenses><license><id>MIT</id></license></licenses><purl>pkg:hex/swoosh@1.11.3</purl><hashes><hash alg="SHA-256">49caa2653205bfa0a567b5404afb5c39e932a9678d2e43cc78271670721397c8</hash></hashes></component><component type="library"><name>websock_adapter</name><version>0.5.3</version><description>A set of WebSock adapters for common web servers</description><licenses><license><id>MIT</id></license></licenses><purl>pkg:hex/websock_adapter@0.5.3</purl><hashes><hash alg="SHA-256">4908718e42e4a548fc20e00e70848620a92f11f7a6add8cf0886c4232267498d</hash></hashes></component><component type="library"><name>phoenix</name><version>1.7.7</version><description>Peace of mind from prototype to production</description><licenses><license><id>MIT</id></license></licenses><purl>pkg:hex/phoenix@1.7.7</purl><cpe>cpe:2.3:a:phoenixframework:phoenix:1.7.7:*:*:*:*:*:*:*</cpe><hashes><hash alg="SHA-256">4cc501d4d823015007ba3cdd9c41ecaaf2ffb619d6fb283199fa8ddba89191e0</hash></hashes></component><component type="library"><name>phoenix_live_view</name><version>0.19.4</version><description>Rich, real-time user experiences with server-rendered HTML</description><licenses><license><id>MIT</id></license></licenses><purl>pkg:hex/phoenix_live_view@0.19.4</purl><hashes><hash alg="SHA-256">dd9ffe3ca0683bdef4f340bcdd2c35a6ee0d581a2696033fc25f52e742618bdc</hash></hashes></component><component type="library"><name>heroicons</name><version>0.5.3</version><description>Phoenix components for Heroicons!</description><licenses><license><id>MIT</id></license></licenses><purl>pkg:hex/heroicons@0.5.3</purl><hashes><hash alg="SHA-256">ee8ae8335303df3b18f2cc07f46e1cb6e761ba4cf2c901623fbe9a28c0bc51dd</hash></hashes></component><component type="library"><name>phoenix_live_dashboard</name><version>0.8.0</version><description>Real-time performance dashboard for Phoenix</description><licenses><license><id>MIT</id></license></licenses><purl>pkg:hex/phoenix_live_dashboard@0.8.0</purl><hashes><hash alg="SHA-256">0b3158b5b198aa444473c91d23d79f52fb077e807ffad80dacf88ce078fa8df2</hash></hashes></component><component type="library"><name>phoenix_ecto</name><version>4.4.2</version><description>Integration between Phoenix &amp; Ecto</description><licenses><license><id>MIT</id></license></licenses><purl>pkg:hex/phoenix_ecto@4.4.2</purl><hashes><hash alg="SHA-256">b21bd01fdeffcfe2fab49e4942aa938b6d3e89e93a480d4aee58085560a0bc0d</hash></hashes></component></components></bom>