diff --git a/cmd/datadog-sbom-generator/__snapshots__/main_test.snap b/cmd/datadog-sbom-generator/__snapshots__/main_test.snap index 689e7e0d..444896bc 100644 --- a/cmd/datadog-sbom-generator/__snapshots__/main_test.snap +++ b/cmd/datadog-sbom-generator/__snapshots__/main_test.snap @@ -80,7 +80,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":4,/"line_end/":4,/"column_start/":1,/"column_end/":16,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/balanced-match@1.0.2", @@ -93,7 +100,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"subdir/yarn.lock/",/"line_start/":4,/"line_end/":7,/"column_start/":1,/"column_end/":108,/"role/":/"lockfile/"}}" + } + ] + } } ] } @@ -134,7 +148,17 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer.lock/",/"line_start/":9,/"line_end/":39,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"subdir/composer.lock/",/"line_start/":9,/"line_end/":39,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/ast@2.4.2", @@ -151,7 +175,20 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":4,/"line_end/":4,/"column_start/":1,/"column_end/":16,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"ignored/Gemfile.lock/",/"line_start/":4,/"line_end/":4,/"column_start/":1,/"column_end/":16,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"subdir/Gemfile.lock/",/"line_start/":4,/"line_end/":4,/"column_start/":1,/"column_end/":16,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/balanced-match@1.0.2", @@ -171,6 +208,12 @@ No package sources found. Use the 'parsers list' command to view supported lockf ], "evidence": { "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"ignored/yarn.lock/",/"line_start/":4,/"line_end/":7,/"column_start/":1,/"column_end/":108,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"subdir/yarn.lock/",/"line_start/":4,/"line_end/":7,/"column_start/":1,/"column_end/":108,/"role/":/"lockfile/"}}" + }, { "location": "{/"block/":{/"file_name/":/"package.json/",/"line_start/":4,/"line_end/":4,/"column_start/":5,/"column_end/":31,/"role/":/"manifest/"},/"name/":{/"file_name/":/"package.json/",/"line_start/":4,/"line_end/":4,/"column_start/":6,/"column_end/":20,/"role/":/"manifest/"},/"version/":{/"file_name/":/"package.json/",/"line_start/":4,/"line_end/":4,/"column_start/":24,/"column_end/":30,/"role/":/"manifest/"}}" } @@ -435,7 +478,14 @@ Scanned /fixtures/integration-bun/ranges/bun.lock file and found 2 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":30,/"line_end/":43,/"column_start/":1,/"column_end/":2,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:cargo/itoa@1.0.14", @@ -448,7 +498,14 @@ Scanned /fixtures/integration-bun/ranges/bun.lock file and found 2 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":45,/"line_end/":49,/"column_start/":1,/"column_end/":78,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:cargo/memchr@2.7.4", @@ -461,7 +518,14 @@ Scanned /fixtures/integration-bun/ranges/bun.lock file and found 2 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":171,/"line_end/":175,/"column_start/":1,/"column_end/":78,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:cargo/mockall@0.13.1", @@ -502,7 +566,14 @@ Scanned /fixtures/integration-bun/ranges/bun.lock file and found 2 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":60,/"line_end/":64,/"column_start/":1,/"column_end/":78,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:cargo/pkg-config@0.3.31", @@ -539,7 +610,14 @@ Scanned /fixtures/integration-bun/ranges/bun.lock file and found 2 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":72,/"line_end/":76,/"column_start/":1,/"column_end/":77,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:cargo/predicates@3.1.2", @@ -552,7 +630,14 @@ Scanned /fixtures/integration-bun/ranges/bun.lock file and found 2 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":78,/"line_end/":82,/"column_start/":1,/"column_end/":78,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:cargo/proc-macro2@1.0.92", @@ -565,7 +650,14 @@ Scanned /fixtures/integration-bun/ranges/bun.lock file and found 2 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":109,/"line_end/":116,/"column_start/":1,/"column_end/":2,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:cargo/quote@1.0.37", @@ -578,7 +670,14 @@ Scanned /fixtures/integration-bun/ranges/bun.lock file and found 2 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":118,/"line_end/":125,/"column_start/":1,/"column_end/":2,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:cargo/regex-automata@0.4.9", @@ -591,7 +690,14 @@ Scanned /fixtures/integration-bun/ranges/bun.lock file and found 2 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":94,/"line_end/":101,/"column_start/":1,/"column_end/":2,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:cargo/regex-syntax@0.8.5", @@ -604,7 +710,14 @@ Scanned /fixtures/integration-bun/ranges/bun.lock file and found 2 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":103,/"line_end/":107,/"column_start/":1,/"column_end/":78,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:cargo/regex@1.11.1", @@ -617,7 +730,14 @@ Scanned /fixtures/integration-bun/ranges/bun.lock file and found 2 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":84,/"line_end/":92,/"column_start/":1,/"column_end/":2,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:cargo/ryu@1.0.18", @@ -630,7 +750,14 @@ Scanned /fixtures/integration-bun/ranges/bun.lock file and found 2 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":127,/"line_end/":131,/"column_start/":1,/"column_end/":78,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:cargo/serde@0.9.15", @@ -695,7 +822,14 @@ Scanned /fixtures/integration-bun/ranges/bun.lock file and found 2 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":148,/"line_end/":157,/"column_start/":1,/"column_end/":2,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:cargo/serde_json@1.0.132", @@ -732,7 +866,14 @@ Scanned /fixtures/integration-bun/ranges/bun.lock file and found 2 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":177,/"line_end/":181,/"column_start/":1,/"column_end/":78,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:cargo/syn@2.0.90", @@ -745,7 +886,14 @@ Scanned /fixtures/integration-bun/ranges/bun.lock file and found 2 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":183,/"line_end/":192,/"column_start/":1,/"column_end/":2,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:cargo/tokio@1.43.0", @@ -1562,7 +1710,14 @@ Scanned /fixtures/integration-nuget/csproj-sample-app-manage-versions-c "name": "datadog:package-manager", "value": "NuGet" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"packages.lock.json/",/"line_start/":20,/"line_end/":24,/"column_start/":7,/"column_end/":8,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:nuget/Microsoft.NETFramework.ReferenceAssemblies@1.0.3", @@ -1579,7 +1734,14 @@ Scanned /fixtures/integration-nuget/csproj-sample-app-manage-versions-c "name": "datadog:package-manager", "value": "NuGet" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"packages.lock.json/",/"line_start/":5,/"line_end/":13,/"column_start/":7,/"column_end/":8,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:nuget/Newtonsoft.Json@12.0.3", @@ -1682,7 +1844,14 @@ Scanned /fixtures/integration-nuget/multiple-versions-with-lockfile/pac "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer.lock/",/"line_start/":9,/"line_end/":39,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/ast@2.4.2", @@ -1699,7 +1868,14 @@ Scanned /fixtures/integration-nuget/multiple-versions-with-lockfile/pac "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":4,/"line_end/":4,/"column_start/":1,/"column_end/":16,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/ansi-html@0.0.1", @@ -1781,7 +1957,14 @@ Scanned /fixtures/integration-nuget/multiple-versions-with-lockfile/pac "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":4,/"line_end/":4,/"column_start/":1,/"column_end/":16,/"role/":/"lockfile/"}}" + } + ] + } } ] } @@ -1876,7 +2059,17 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "name": "datadog:package-manager", "value": "NPM" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":48,/"line_end/":50,/"column_start/":3,/"column_end/":31,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":8,/"line_end/":17,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40babel%2Fhelper-validator-identifier@7.28.5", @@ -1889,7 +2082,17 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "name": "datadog:package-manager", "value": "NPM" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":52,/"line_end/":54,/"column_start/":3,/"column_end/":31,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":19,/"line_end/":24,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40jridgewell%2Fgen-mapping@0.3.13", @@ -1902,7 +2105,17 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "name": "datadog:package-manager", "value": "NPM" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":56,/"line_end/":57,/"column_start/":3,/"column_end/":125,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":26,/"line_end/":34,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40jridgewell%2Fresolve-uri@3.1.2", @@ -1915,7 +2128,17 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "name": "datadog:package-manager", "value": "NPM" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":59,/"line_end/":61,/"column_start/":3,/"column_end/":31,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":36,/"line_end/":41,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40jridgewell%2Fsource-map@0.3.11", @@ -1928,7 +2151,17 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "name": "datadog:package-manager", "value": "NPM" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":63,/"line_end/":64,/"column_start/":3,/"column_end/":125,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":43,/"line_end/":51,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40jridgewell%2Fsourcemap-codec@1.5.5", @@ -1941,10 +2174,20 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "name": "datadog:package-manager", "value": "NPM" } - ] - }, - { - "bom-ref": "pkg:npm/%40jridgewell%2Ftrace-mapping@0.3.31", + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":66,/"line_end/":67,/"column_start/":3,/"column_end/":125,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":53,/"line_end/":58,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } + }, + { + "bom-ref": "pkg:npm/%40jridgewell%2Ftrace-mapping@0.3.31", "type": "library", "name": "@jridgewell/trace-mapping", "version": "0.3.31", @@ -1954,7 +2197,17 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "name": "datadog:package-manager", "value": "NPM" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":69,/"line_end/":70,/"column_start/":3,/"column_end/":125,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":60,/"line_end/":68,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40types%2Fnode@24.10.1", @@ -1967,7 +2220,17 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "name": "datadog:package-manager", "value": "NPM" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":72,/"line_end/":73,/"column_start/":3,/"column_end/":125,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":70,/"line_end/":77,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/acorn@8.15.0", @@ -1980,7 +2243,17 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "name": "datadog:package-manager", "value": "NPM" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":75,/"line_end/":78,/"column_start/":3,/"column_end/":17,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":79,/"line_end/":86,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/buffer-from@1.1.2", @@ -1993,7 +2266,17 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "name": "datadog:package-manager", "value": "NPM" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":80,/"line_end/":81,/"column_start/":3,/"column_end/":125,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":88,/"line_end/":93,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/colors@1.4.0", @@ -2010,7 +2293,17 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "name": "datadog:package-manager", "value": "NPM" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":83,/"line_end/":85,/"column_start/":3,/"column_end/":32,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":95,/"line_end/":100,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/commander@2.20.3", @@ -2023,7 +2316,17 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "name": "datadog:package-manager", "value": "NPM" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":87,/"line_end/":88,/"column_start/":3,/"column_end/":125,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":102,/"line_end/":107,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/fsevents@2.3.3", @@ -2036,7 +2339,14 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "name": "datadog:package-manager", "value": "NPM" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":90,/"line_end/":93,/"column_start/":3,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/group-dependencies@0.0.11", @@ -2077,7 +2387,17 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "name": "datadog:package-manager", "value": "NPM" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":99,/"line_end/":101,/"column_start/":3,/"column_end/":27,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":120,/"line_end/":125,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/jest-worker@26.6.2", @@ -2090,7 +2410,17 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "name": "datadog:package-manager", "value": "NPM" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":103,/"line_end/":105,/"column_start/":3,/"column_end/":34,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":127,/"line_end/":136,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/js-tokens@4.0.0", @@ -2103,7 +2433,17 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "name": "datadog:package-manager", "value": "NPM" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":107,/"line_end/":108,/"column_start/":3,/"column_end/":125,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":138,/"line_end/":143,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/merge-stream@2.0.0", @@ -2116,7 +2456,17 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "name": "datadog:package-manager", "value": "NPM" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":110,/"line_end/":111,/"column_start/":3,/"column_end/":125,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":145,/"line_end/":150,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/picocolors@0.2.1", @@ -2162,6 +2512,9 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "occurrences": [ { "location": "{/"block/":{/"file_name/":/"workspace-3/package.json/",/"line_start/":5,/"line_end/":5,/"column_start/":5,/"column_end/":27,/"role/":/"manifest/"},/"name/":{/"file_name/":/"workspace-3/package.json/",/"line_start/":5,/"line_end/":5,/"column_start/":6,/"column_end/":16,/"role/":/"manifest/"},/"version/":{/"file_name/":/"workspace-3/package.json/",/"line_start/":5,/"line_end/":5,/"column_start/":20,/"column_end/":26,/"role/":/"manifest/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":116,/"line_end/":117,/"column_start/":3,/"column_end/":125,/"role/":/"lockfile/"}}" } ] } @@ -2177,7 +2530,17 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "name": "datadog:package-manager", "value": "NPM" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":119,/"line_end/":120,/"column_start/":3,/"column_end/":125,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":166,/"line_end/":173,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/rollup-plugin-terser@7.0.2", @@ -2214,7 +2577,14 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "name": "datadog:package-manager", "value": "NPM" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":128,/"line_end/":131,/"column_start/":3,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/safe-buffer@5.2.1", @@ -2227,7 +2597,17 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "name": "datadog:package-manager", "value": "NPM" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":133,/"line_end/":134,/"column_start/":3,/"column_end/":125,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":189,/"line_end/":194,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/semver@4.3.6", @@ -2336,7 +2716,17 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "name": "datadog:package-manager", "value": "NPM" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":153,/"line_end/":154,/"column_start/":3,/"column_end/":125,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":232,/"line_end/":239,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/source-map-support@0.5.21", @@ -2349,7 +2739,17 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "name": "datadog:package-manager", "value": "NPM" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":156,/"line_end/":157,/"column_start/":3,/"column_end/":125,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":241,/"line_end/":249,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/source-map@0.6.1", @@ -2362,7 +2762,17 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "name": "datadog:package-manager", "value": "NPM" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":159,/"line_end/":161,/"column_start/":3,/"column_end/":32,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":251,/"line_end/":256,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/supports-color@7.2.0", @@ -2375,7 +2785,17 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "name": "datadog:package-manager", "value": "NPM" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":163,/"line_end/":165,/"column_start/":3,/"column_end/":27,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":258,/"line_end/":265,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/terser@5.44.1", @@ -2388,7 +2808,17 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "name": "datadog:package-manager", "value": "NPM" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":167,/"line_end/":170,/"column_start/":3,/"column_end/":17,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":267,/"line_end/":279,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/undici-types@7.16.0", @@ -2401,7 +2831,17 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "name": "datadog:package-manager", "value": "NPM" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":172,/"line_end/":173,/"column_start/":3,/"column_end/":125,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":281,/"line_end/":286,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } } ] } @@ -2656,7 +3096,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 4 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":8,/"line_end/":17,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40babel%2Fhelper-validator-identifier@7.28.5", @@ -2669,7 +3116,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 4 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":19,/"line_end/":24,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40jridgewell%2Fgen-mapping@0.3.13", @@ -2682,7 +3136,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 4 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":26,/"line_end/":34,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40jridgewell%2Fresolve-uri@3.1.2", @@ -2695,7 +3156,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 4 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":36,/"line_end/":41,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40jridgewell%2Fsource-map@0.3.11", @@ -2708,7 +3176,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 4 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":43,/"line_end/":51,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40jridgewell%2Fsourcemap-codec@1.5.5", @@ -2721,12 +3196,19 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 4 "name": "datadog:package-manager", "value": "Yarn" } - ] - }, - { - "bom-ref": "pkg:npm/%40jridgewell%2Ftrace-mapping@0.3.31", - "type": "library", - "name": "@jridgewell/trace-mapping", + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":53,/"line_end/":58,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } + }, + { + "bom-ref": "pkg:npm/%40jridgewell%2Ftrace-mapping@0.3.31", + "type": "library", + "name": "@jridgewell/trace-mapping", "version": "0.3.31", "purl": "pkg:npm/%40jridgewell%2Ftrace-mapping@0.3.31", "properties": [ @@ -2734,7 +3216,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 4 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":60,/"line_end/":68,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40types%2Fnode@24.10.1", @@ -2747,7 +3236,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 4 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":70,/"line_end/":77,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/acorn@8.15.0", @@ -2760,7 +3256,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 4 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":79,/"line_end/":86,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/buffer-from@1.1.2", @@ -2773,7 +3276,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 4 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":88,/"line_end/":93,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/colors@1.4.0", @@ -2790,7 +3300,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 4 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":95,/"line_end/":100,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/commander@2.20.3", @@ -2803,7 +3320,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 4 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":102,/"line_end/":107,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/group-dependencies@0.0.11", @@ -2844,7 +3368,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 4 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":120,/"line_end/":125,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/jest-worker@26.6.2", @@ -2857,7 +3388,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 4 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":127,/"line_end/":136,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/js-tokens@4.0.0", @@ -2870,7 +3408,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 4 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":138,/"line_end/":143,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/merge-stream@2.0.0", @@ -2883,7 +3428,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 4 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":145,/"line_end/":150,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/picocolors@0.2.1", @@ -2944,7 +3496,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 4 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":166,/"line_end/":173,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/rollup-plugin-terser@7.0.2", @@ -2981,7 +3540,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 4 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":189,/"line_end/":194,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/semver@4.3.6", @@ -3090,7 +3656,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 4 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":232,/"line_end/":239,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/source-map-support@0.5.21", @@ -3103,7 +3676,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 4 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":241,/"line_end/":249,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/source-map@0.6.1", @@ -3116,7 +3696,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 4 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":251,/"line_end/":256,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/supports-color@7.2.0", @@ -3129,7 +3716,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 4 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":258,/"line_end/":265,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/terser@5.44.1", @@ -3142,7 +3736,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 4 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":267,/"line_end/":279,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/undici-types@7.16.0", @@ -3155,7 +3756,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 4 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":281,/"line_end/":286,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } } ] } @@ -3202,7 +3810,14 @@ Scanned /fixtures/integration-npm/with-workspace/yarn.lock file and fou "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":4,/"line_end/":4,/"column_start/":1,/"column_end/":16,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/balanced-match@1.0.2", @@ -3261,6 +3876,18 @@ invalid verbosity level "unknown" - must be one of: error, warn, info, verbose "ecosystem": "Packagist", "purl": "pkg:composer/sentry/sdk@2.0.4" }, + "locations": [ + { + "block": { + "file_name": "composer.lock", + "line_start": 9, + "line_end": 39, + "column_start": 5, + "column_end": 6, + "role": "lockfile" + } + } + ], "metadata": { "package-manager": "Composer" } @@ -3306,7 +3933,14 @@ invalid verbosity level "unknown" - must be one of: error, warn, info, verbose "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"nested/composer.lock/",/"line_start/":9,/"line_end/":39,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/balanced-match@1.0.2", @@ -3723,7 +4357,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer.lock/",/"line_start/":9,/"line_end/":39,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + } + ] + } } ] } @@ -3857,7 +4498,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer.lock/",/"line_start/":9,/"line_end/":39,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + } + ] + } } ] } @@ -3898,7 +4546,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer.lock/",/"line_start/":9,/"line_end/":39,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + } + ] + } } ] } @@ -11804,7 +12459,14 @@ Warning: `parsers` exists as both a subcommand of datadog-sbom-generator and as "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"nested/composer.lock/",/"line_start/":9,/"line_end/":39,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/balanced-match@1.0.2", @@ -11870,7 +12532,14 @@ Warning: `scan` exists as both a subcommand of datadog-sbom-generator and as a f "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer.lock/",/"line_start/":9,/"line_end/":39,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + } + ] + } } ] } @@ -11911,7 +12580,14 @@ Warning: `scan` exists as both a subcommand of datadog-sbom-generator and as a f "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer.lock/",/"line_start/":9,/"line_end/":39,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + } + ] + } } ] } @@ -12027,7 +12703,14 @@ Warning: `scan` exists as both a subcommand of datadog-sbom-generator and as a f "name": "datadog:package-manager", "value": "NuGet" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"packages.lock.json/",/"line_start/":5,/"line_end/":10,/"column_start/":7,/"column_end/":8,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pom.xml", @@ -12139,10 +12822,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -12151,7 +12830,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":59,/"line_end/":59,/"column_start/":5,/"column_end/":28,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":59,/"line_end/":59,/"column_start/":6,/"column_end/":19,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":59,/"line_end/":59,/"column_start/":23,/"column_end/":27,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5280,/"line_end/":5332,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -12171,7 +12850,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5333,/"line_end/":5386,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/aws/aws-sdk-php@3.317.2", @@ -12184,10 +12870,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -12196,7 +12878,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":60,/"line_end/":60,/"column_start/":5,/"column_end/":34,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":60,/"line_end/":60,/"column_start/":6,/"column_end/":21,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":60,/"line_end/":60,/"column_start/":25,/"column_end/":33,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5387,/"line_end/":5481,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -12236,7 +12918,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":69,/"line_end/":137,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/dflydev/dot-access-data@v3.0.3", @@ -12249,10 +12938,17 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] - }, - { - "bom-ref": "pkg:composer/doctrine/inflector@2.0.10", + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":138,/"line_end/":212,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } + }, + { + "bom-ref": "pkg:composer/doctrine/inflector@2.0.10", "type": "library", "name": "doctrine/inflector", "version": "2.0.10", @@ -12286,7 +12982,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":304,/"line_end/":380,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/dragonmantank/cron-expression@v3.3.3", @@ -12347,10 +13050,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -12359,7 +13058,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":61,/"line_end/":61,/"column_start/":5,/"column_end/":30,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":61,/"line_end/":61,/"column_start/":6,/"column_end/":20,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":61,/"line_end/":61,/"column_start/":24,/"column_end/":29,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5482,/"line_end/":5544,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -12399,7 +13098,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":580,/"line_end/":641,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/guzzlehttp/guzzle@7.9.2", @@ -12436,7 +13142,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":768,/"line_end/":850,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/guzzlehttp/psr7@2.7.0", @@ -12449,7 +13162,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":851,/"line_end/":966,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/guzzlehttp/uri-template@v1.0.3", @@ -12490,7 +13210,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5545,/"line_end/":5595,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/illuminate/collections@v11.19.0", @@ -12503,7 +13230,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1053,/"line_end/":1107,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/illuminate/conditionable@v11.19.0", @@ -12516,7 +13250,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1108,/"line_end/":1153,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/illuminate/contracts@v11.19.0", @@ -12529,7 +13270,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1154,/"line_end/":1201,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/illuminate/macroable@v11.19.0", @@ -12542,7 +13290,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1202,/"line_end/":1247,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/laravel/prompts@v0.1.24", @@ -12627,7 +13382,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1472,/"line_end/":1553,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/league/flysystem-aws-s3-v3@3.28.0", @@ -12640,10 +13402,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -12652,7 +13410,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":62,/"line_end/":62,/"column_start/":5,/"column_end/":41,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":62,/"line_end/":62,/"column_start/":6,/"column_end/":32,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":62,/"line_end/":62,/"column_start/":36,/"column_end/":40,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5679,/"line_end/":5733,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -12672,7 +13430,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5734,/"line_end/":5782,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/league/flysystem-path-prefixing@3.28.0", @@ -12685,10 +13450,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -12697,7 +13458,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":63,/"line_end/":63,/"column_start/":5,/"column_end/":46,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":63,/"line_end/":63,/"column_start/":6,/"column_end/":37,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":63,/"line_end/":63,/"column_start/":41,/"column_end/":45,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5783,/"line_end/":5828,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -12713,10 +13474,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -12725,7 +13482,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":64,/"line_end/":64,/"column_start/":5,/"column_end/":41,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":64,/"line_end/":64,/"column_start/":6,/"column_end/":32,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":64,/"line_end/":64,/"column_start/":36,/"column_end/":40,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5829,/"line_end/":5875,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -12745,7 +13502,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5596,/"line_end/":5678,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/league/mime-type-detection@1.15.0", @@ -12762,7 +13526,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5876,/"line_end/":5931,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/mockery/mockery@1.6.12", @@ -12775,10 +13546,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -12787,7 +13554,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":65,/"line_end/":65,/"column_start/":5,/"column_end/":30,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":65,/"line_end/":65,/"column_start/":6,/"column_end/":21,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":65,/"line_end/":65,/"column_start/":25,/"column_end/":29,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5932,/"line_end/":6014,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -12831,7 +13598,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6015,/"line_end/":6080,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/myclabs/deep-copy@1.12.0", @@ -12848,7 +13622,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6081,/"line_end/":6140,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/nesbot/carbon@3.7.0", @@ -12885,7 +13666,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1761,/"line_end/":1822,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/nette/utils@v4.0.4", @@ -12898,7 +13686,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1823,/"line_end/":1908,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/nikic/php-parser@v5.1.0", @@ -12915,7 +13710,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6141,/"line_end/":6198,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/nunomaduro/termwind@v2.0.1", @@ -12952,10 +13754,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -12964,7 +13762,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":66,/"line_end/":66,/"column_start/":5,/"column_end/":26,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":66,/"line_end/":66,/"column_start/":6,/"column_end/":17,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":66,/"line_end/":66,/"column_start/":21,/"column_end/":25,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6199,/"line_end/":6276,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -12980,10 +13778,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -12992,7 +13786,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":67,/"line_end/":67,/"column_start/":5,/"column_end/":29,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":67,/"line_end/":67,/"column_start/":6,/"column_end/":20,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":67,/"line_end/":67,/"column_start/":24,/"column_end/":28,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6277,/"line_end/":6342,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -13012,7 +13806,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6343,/"line_end/":6409,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/phar-io/version@3.2.1", @@ -13029,7 +13830,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6410,/"line_end/":6460,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpoption/phpoption@1.9.3", @@ -13042,7 +13850,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1997,/"line_end/":2071,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpstan/phpstan@1.11.9", @@ -13055,10 +13870,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -13067,7 +13878,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":68,/"line_end/":68,/"column_start/":5,/"column_end/":33,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":68,/"line_end/":68,/"column_start/":6,/"column_end/":21,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":68,/"line_end/":68,/"column_start/":25,/"column_end/":32,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6461,/"line_end/":6518,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -13087,7 +13898,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6519,/"line_end/":6596,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/php-file-iterator@5.0.1", @@ -13104,7 +13922,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6597,/"line_end/":6657,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/php-invoker@5.0.1", @@ -13121,7 +13946,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6658,/"line_end/":6721,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/php-text-template@4.0.1", @@ -13138,7 +13970,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6722,/"line_end/":6781,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/php-timer@7.0.1", @@ -13155,7 +13994,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6782,/"line_end/":6841,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/phpunit@11.3.0", @@ -13168,10 +14014,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -13180,7 +14022,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":69,/"line_end/":69,/"column_start/":5,/"column_end/":37,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":69,/"line_end/":69,/"column_start/":6,/"column_end/":21,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":69,/"line_end/":69,/"column_start/":25,/"column_end/":36,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6842,/"line_end/":6941,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -13196,10 +14038,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -13208,7 +14046,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":70,/"line_end/":70,/"column_start/":5,/"column_end/":30,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":70,/"line_end/":70,/"column_start/":6,/"column_end/":19,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":70,/"line_end/":70,/"column_start/":23,/"column_end/":29,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6942,/"line_end/":7002,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -13228,7 +14066,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7003,/"line_end/":7051,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/clock@1.0.0", @@ -13241,7 +14086,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2072,/"line_end/":2119,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/container@2.0.2", @@ -13278,7 +14130,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2173,/"line_end/":2222,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/http-client@1.0.3", @@ -13291,7 +14150,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2223,/"line_end/":2274,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/http-factory@1.1.0", @@ -13304,7 +14170,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2275,/"line_end/":2329,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/http-message@2.0", @@ -13317,7 +14190,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2330,/"line_end/":2382,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/log@3.0.0", @@ -13378,7 +14258,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2484,/"line_end/":2527,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/ramsey/collection@2.0.0", @@ -13391,7 +14278,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2528,/"line_end/":2616,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/ramsey/uuid@4.7.6", @@ -13428,10 +14322,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -13440,7 +14330,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":71,/"line_end/":71,/"column_start/":5,/"column_end/":35,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":71,/"line_end/":71,/"column_start/":6,/"column_end/":23,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":71,/"line_end/":71,/"column_start/":27,/"column_end/":34,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7052,/"line_end/":7108,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -13460,7 +14350,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7109,/"line_end/":7170,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/cli-parser@3.0.2", @@ -13477,7 +14374,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7171,/"line_end/":7227,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/code-unit-reverse-lookup@4.0.1", @@ -13494,7 +14398,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7285,/"line_end/":7340,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/code-unit@3.0.1", @@ -13511,7 +14422,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7228,/"line_end/":7284,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/comparator@6.0.1", @@ -13528,7 +14446,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7341,/"line_end/":7417,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/complexity@4.0.1", @@ -13545,7 +14470,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7418,/"line_end/":7475,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/diff@6.0.2", @@ -13562,7 +14494,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7476,/"line_end/":7542,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/environment@7.2.0", @@ -13579,7 +14518,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7543,/"line_end/":7606,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/exporter@6.1.3", @@ -13596,7 +14542,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7607,/"line_end/":7684,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/global-state@7.0.2", @@ -13613,7 +14566,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7685,/"line_end/":7746,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/lines-of-code@3.0.1", @@ -13630,7 +14590,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7747,/"line_end/":7804,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/object-enumerator@6.0.1", @@ -13647,7 +14614,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7805,/"line_end/":7862,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/object-reflector@4.0.1", @@ -13664,7 +14638,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7863,/"line_end/":7918,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/recursion-context@6.0.2", @@ -13681,7 +14662,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7919,/"line_end/":7982,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/type@5.0.1", @@ -13698,7 +14686,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7983,/"line_end/":8039,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/version@5.0.1", @@ -13715,7 +14710,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8040,/"line_end/":8093,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/cache-contracts@v3.5.0", @@ -13732,7 +14734,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8191,/"line_end/":8266,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/cache@v7.1.3", @@ -13745,10 +14754,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -13757,7 +14762,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":72,/"line_end/":72,/"column_start/":5,/"column_end/":28,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":72,/"line_end/":72,/"column_start/":6,/"column_end/":19,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":72,/"line_end/":72,/"column_start/":23,/"column_end/":27,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8094,/"line_end/":8190,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -13773,7 +14778,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2709,/"line_end/":2782,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/console@v7.1.3", @@ -13810,7 +14822,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2876,/"line_end/":2940,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/deprecation-contracts@v3.5.0", @@ -13823,7 +14842,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2941,/"line_end/":3007,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/error-handler@v7.1.3", @@ -13860,7 +14886,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3163,/"line_end/":3238,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/event-dispatcher@v7.1.1", @@ -13873,7 +14906,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3083,/"line_end/":3162,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/finder@v7.1.3", @@ -13914,12 +14954,19 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] - }, - { - "bom-ref": "pkg:composer/symfony/http-client@v7.1.3", - "type": "library", - "name": "symfony/http-client", + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8361,/"line_end/":8438,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } + }, + { + "bom-ref": "pkg:composer/symfony/http-client@v7.1.3", + "type": "library", + "name": "symfony/http-client", "version": "v7.1.3", "purl": "pkg:composer/symfony/http-client@v7.1.3", "properties": [ @@ -13927,10 +14974,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -13939,7 +14982,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":73,/"line_end/":73,/"column_start/":5,/"column_end/":34,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":73,/"line_end/":73,/"column_start/":6,/"column_end/":25,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":73,/"line_end/":73,/"column_start/":29,/"column_end/":33,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8267,/"line_end/":8360,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -14051,7 +15094,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3658,/"line_end/":3736,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-intl-grapheme@v1.30.0", @@ -14064,7 +15114,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3737,/"line_end/":3814,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-intl-idn@v1.30.0", @@ -14077,7 +15134,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3815,/"line_end/":3898,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-intl-normalizer@v1.30.0", @@ -14090,7 +15154,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3899,/"line_end/":3979,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-mbstring@v1.30.0", @@ -14103,7 +15174,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3980,/"line_end/":4059,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-php72@v1.30.0", @@ -14116,7 +15194,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4060,/"line_end/":4132,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-php80@v1.30.0", @@ -14129,7 +15214,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4133,/"line_end/":4212,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-php83@v1.30.0", @@ -14166,7 +15258,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4289,/"line_end/":4367,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/process@v7.1.3", @@ -14203,10 +15302,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -14215,7 +15310,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":74,/"line_end/":74,/"column_start/":5,/"column_end/":46,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":74,/"line_end/":74,/"column_start/":6,/"column_end/":37,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":74,/"line_end/":74,/"column_start/":41,/"column_end/":45,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8439,/"line_end/":8521,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -14255,7 +15350,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4510,/"line_end/":4592,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/string@v7.1.3", @@ -14268,7 +15370,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4593,/"line_end/":4679,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/translation-contracts@v3.5.0", @@ -14281,7 +15390,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4774,/"line_end/":4851,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/translation@v7.1.3", @@ -14294,7 +15410,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4680,/"line_end/":4773,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/uid@v7.1.1", @@ -14359,7 +15482,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8522,/"line_end/":8597,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/theseer/tokenizer@1.2.3", @@ -14376,7 +15506,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8598,/"line_end/":8647,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/tijsverkoyen/css-to-inline-styles@v2.2.7", @@ -14461,7 +15598,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5220,/"line_end/":5277,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:conan/zlib@1.2.11", @@ -14474,7 +15618,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Conan" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"conan.lock/",/"line_start/":13,/"line_end/":19,/"column_start/":7,/"column_end/":8}}" + } + ] + } }, { "bom-ref": "pkg:gem/RedCloth@4.2.9", @@ -14511,7 +15662,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":6,/"line_end/":6,/"column_start/":1,/"column_end/":24,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/actionmailbox@7.1.2", @@ -14524,7 +15682,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":12,/"line_end/":12,/"column_start/":1,/"column_end/":26,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/actionmailer@7.1.2", @@ -14537,7 +15702,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":22,/"line_end/":22,/"column_start/":1,/"column_end/":25,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/actionpack@7.1.2", @@ -14550,7 +15722,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":32,/"line_end/":32,/"column_start/":1,/"column_end/":23,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/actiontext@7.1.2", @@ -14563,7 +15742,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":42,/"line_end/":42,/"column_start/":1,/"column_end/":23,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/actionview@7.1.2", @@ -14576,7 +15762,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":49,/"line_end/":49,/"column_start/":1,/"column_end/":23,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/activejob@7.1.2", @@ -14589,7 +15782,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":55,/"line_end/":55,/"column_start/":1,/"column_end/":22,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/activemodel@7.1.2", @@ -14602,7 +15802,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":58,/"line_end/":58,/"column_start/":1,/"column_end/":24,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/activerecord@7.1.2", @@ -14615,7 +15822,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":60,/"line_end/":60,/"column_start/":1,/"column_end/":25,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/activestorage@7.1.2", @@ -14628,7 +15842,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":64,/"line_end/":64,/"column_start/":1,/"column_end/":26,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/activesupport@7.1.2", @@ -14641,7 +15862,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":70,/"line_end/":70,/"column_start/":1,/"column_end/":26,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/addressable@2.8.7", @@ -14654,7 +15882,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":107,/"line_end/":107,/"column_start/":1,/"column_end/":24,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/base64@0.2.0", @@ -14667,7 +15902,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":109,/"line_end/":109,/"column_start/":1,/"column_end/":19,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/bigdecimal@3.1.8", @@ -14680,10 +15922,17 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] - }, - { - "bom-ref": "pkg:gem/builder@3.3.0", + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":110,/"line_end/":110,/"column_start/":1,/"column_end/":23,/"role/":/"lockfile/"}}" + } + ] + } + }, + { + "bom-ref": "pkg:gem/builder@3.3.0", "type": "library", "name": "builder", "version": "3.3.0", @@ -14693,7 +15942,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":111,/"line_end/":111,/"column_start/":1,/"column_end/":20,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/capybara@3.39.2", @@ -14706,7 +15962,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":112,/"line_end/":112,/"column_start/":1,/"column_end/":22,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/childprocess@5.0.0", @@ -14719,7 +15982,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":121,/"line_end/":121,/"column_start/":1,/"column_end/":25,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/chronic@0.10.2", @@ -14780,7 +16050,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":124,/"line_end/":124,/"column_start/":1,/"column_end/":28,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/connection_pool@2.4.1", @@ -14793,7 +16070,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":125,/"line_end/":125,/"column_start/":1,/"column_end/":28,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/crass@1.0.6", @@ -14806,7 +16090,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":126,/"line_end/":126,/"column_start/":1,/"column_end/":18,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-ci-environment@10.0.1", @@ -14819,7 +16110,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":139,/"line_end/":139,/"column_start/":1,/"column_end/":37,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-core@13.0.3", @@ -14832,7 +16130,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":140,/"line_end/":140,/"column_start/":1,/"column_end/":27,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-cucumber-expressions@17.1.0", @@ -14845,7 +16150,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":144,/"line_end/":144,/"column_start/":1,/"column_end/":43,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-gherkin@27.0.0", @@ -14858,7 +16170,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":146,/"line_end/":146,/"column_start/":1,/"column_end/":30,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-html-formatter@21.4.1", @@ -14871,7 +16190,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":148,/"line_end/":148,/"column_start/":1,/"column_end/":37,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-messages@22.0.0", @@ -14884,7 +16210,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":150,/"line_end/":150,/"column_start/":1,/"column_end/":31,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-rails@1.4.0", @@ -14925,7 +16258,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":156,/"line_end/":156,/"column_start/":1,/"column_end/":37,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-websteps@0.10.0", @@ -14966,7 +16306,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":127,/"line_end/":127,/"column_start/":1,/"column_end/":21,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/database_cleaner-active_record@2.2.0", @@ -14979,7 +16326,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":163,/"line_end/":163,/"column_start/":1,/"column_end/":43,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/database_cleaner-core@2.0.1", @@ -14992,7 +16346,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":166,/"line_end/":166,/"column_start/":1,/"column_end/":34,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/database_cleaner@2.0.2", @@ -15033,7 +16394,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":167,/"line_end/":167,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/diff-lcs@1.5.1", @@ -15046,7 +16414,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":168,/"line_end/":168,/"column_start/":1,/"column_end/":21,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/drb@2.2.1", @@ -15059,7 +16434,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":169,/"line_end/":169,/"column_start/":1,/"column_end/":16,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/erubi@1.13.0", @@ -15072,7 +16454,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":170,/"line_end/":170,/"column_start/":1,/"column_end/":19,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/factory_girl@4.9.0", @@ -15113,7 +16502,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":173,/"line_end/":173,/"column_start/":1,/"column_end/":30,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/globalid@1.2.1", @@ -15126,7 +16522,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":174,/"line_end/":174,/"column_start/":1,/"column_end/":21,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/i18n@1.14.5", @@ -15139,7 +16542,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":176,/"line_end/":176,/"column_start/":1,/"column_end/":18,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/io-console@0.7.2", @@ -15152,7 +16562,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":178,/"line_end/":178,/"column_start/":1,/"column_end/":23,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/irb@1.14.0", @@ -15165,7 +16582,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":179,/"line_end/":179,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/jquery-rails@4.6.0", @@ -15202,7 +16626,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":186,/"line_end/":186,/"column_start/":1,/"column_end/":20,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/loofah@2.22.0", @@ -15215,7 +16646,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":189,/"line_end/":189,/"column_start/":1,/"column_end/":20,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/mail@2.8.1", @@ -15228,7 +16666,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":192,/"line_end/":192,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/marcel@1.0.4", @@ -15241,7 +16686,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":197,/"line_end/":197,/"column_start/":1,/"column_end/":19,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/matrix@0.4.2", @@ -15254,7 +16706,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":198,/"line_end/":198,/"column_start/":1,/"column_end/":19,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/mini_mime@1.1.5", @@ -15267,12 +16726,19 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] - }, - { - "bom-ref": "pkg:gem/mini_portile2@2.8.7", - "type": "library", - "name": "mini_portile2", + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":199,/"line_end/":199,/"column_start/":1,/"column_end/":22,/"role/":/"lockfile/"}}" + } + ] + } + }, + { + "bom-ref": "pkg:gem/mini_portile2@2.8.7", + "type": "library", + "name": "mini_portile2", "version": "2.8.7", "purl": "pkg:gem/mini_portile2@2.8.7", "properties": [ @@ -15280,7 +16746,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":200,/"line_end/":200,/"column_start/":1,/"column_end/":26,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/minitest@5.24.1", @@ -15293,7 +16766,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":201,/"line_end/":201,/"column_start/":1,/"column_end/":22,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/multi_test@1.1.0", @@ -15306,7 +16786,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":202,/"line_end/":202,/"column_start/":1,/"column_end/":23,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/mutex_m@0.2.0", @@ -15319,7 +16806,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":203,/"line_end/":203,/"column_start/":1,/"column_end/":20,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/net-imap@0.4.14", @@ -15332,7 +16826,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":204,/"line_end/":204,/"column_start/":1,/"column_end/":22,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/net-pop@0.1.2", @@ -15345,7 +16846,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":207,/"line_end/":207,/"column_start/":1,/"column_end/":20,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/net-protocol@0.2.2", @@ -15358,7 +16866,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":209,/"line_end/":209,/"column_start/":1,/"column_end/":25,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/net-smtp@0.5.0", @@ -15371,7 +16886,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":211,/"line_end/":211,/"column_start/":1,/"column_end/":21,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/nio4r@2.7.3", @@ -15384,7 +16906,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":213,/"line_end/":213,/"column_start/":1,/"column_end/":18,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/nokogiri@1.15.6", @@ -15397,7 +16926,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":214,/"line_end/":214,/"column_start/":1,/"column_end/":35,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/psych@5.1.2", @@ -15410,7 +16946,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":216,/"line_end/":216,/"column_start/":1,/"column_end/":18,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/public_suffix@5.1.1", @@ -15423,7 +16966,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":218,/"line_end/":218,/"column_start/":1,/"column_end/":26,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/racc@1.8.1", @@ -15436,7 +16986,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":219,/"line_end/":219,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rack-openid@1.4.2", @@ -15473,7 +17030,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":224,/"line_end/":224,/"column_start/":1,/"column_end/":25,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rack-test@2.1.0", @@ -15486,7 +17050,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":226,/"line_end/":226,/"column_start/":1,/"column_end/":22,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rack@3.1.7", @@ -15499,7 +17070,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":220,/"line_end/":220,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rackup@2.1.0", @@ -15512,7 +17090,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":228,/"line_end/":228,/"column_start/":1,/"column_end/":19,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rails-dom-testing@2.2.0", @@ -15525,7 +17110,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":231,/"line_end/":231,/"column_start/":1,/"column_end/":30,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rails-html-sanitizer@1.6.0", @@ -15538,7 +17130,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":235,/"line_end/":235,/"column_start/":1,/"column_end/":33,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rails@7.1.2", @@ -15575,7 +17174,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":94,/"line_end/":94,/"column_start/":1,/"column_end/":21,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rake@13.2.1", @@ -15588,7 +17194,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":238,/"line_end/":238,/"column_start/":1,/"column_end/":18,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rdoc@6.7.0", @@ -15601,7 +17214,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":239,/"line_end/":239,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/regexp_parser@2.9.2", @@ -15614,7 +17234,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":241,/"line_end/":241,/"column_start/":1,/"column_end/":26,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/reline@0.5.9", @@ -15627,7 +17254,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":242,/"line_end/":242,/"column_start/":1,/"column_end/":19,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec-activemodel-mocks@1.2.0", @@ -15696,7 +17330,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":254,/"line_end/":254,/"column_start/":1,/"column_end/":24,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec-expectations@3.13.1", @@ -15709,7 +17350,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":256,/"line_end/":256,/"column_start/":1,/"column_end/":32,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec-mocks@3.13.1", @@ -15722,7 +17370,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":259,/"line_end/":259,/"column_start/":1,/"column_end/":25,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec-support@3.13.1", @@ -15735,7 +17390,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":262,/"line_end/":262,/"column_start/":1,/"column_end/":27,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec@3.13.0", @@ -15824,7 +17486,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":266,/"line_end/":266,/"column_start/":1,/"column_end/":21,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/sys-uname@1.3.0", @@ -15837,7 +17506,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":267,/"line_end/":267,/"column_start/":1,/"column_end/":22,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/thor@1.3.1", @@ -15850,10 +17526,17 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] - }, - { - "bom-ref": "pkg:gem/timeout@0.4.1", + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":269,/"line_end/":269,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } + }, + { + "bom-ref": "pkg:gem/timeout@0.4.1", "type": "library", "name": "timeout", "version": "0.4.1", @@ -15863,7 +17546,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":270,/"line_end/":270,/"column_start/":1,/"column_end/":20,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/tzinfo@2.0.6", @@ -15876,7 +17566,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":271,/"line_end/":271,/"column_start/":1,/"column_end/":19,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/webrick@1.8.1", @@ -15889,7 +17586,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":273,/"line_end/":273,/"column_start/":1,/"column_end/":20,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/websocket-driver@0.7.6", @@ -15902,7 +17606,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":274,/"line_end/":274,/"column_start/":1,/"column_end/":29,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/websocket-extensions@0.1.5", @@ -15915,7 +17626,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":276,/"line_end/":276,/"column_start/":1,/"column_end/":33,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/will_paginate@3.0.12", @@ -15952,7 +17670,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":278,/"line_end/":278,/"column_start/":1,/"column_end/":18,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/zeitwerk@2.6.17", @@ -15965,7 +17690,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":280,/"line_end/":280,/"column_start/":1,/"column_end/":22,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:golang/github.com/BurntSushi/toml@1.0.0", @@ -16073,7 +17805,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Hex" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"mix.lock/",/"line_start/":2,/"line_end/":2,/"column_start/":1,/"column_end/":421}}" + } + ] + } }, { "bom-ref": "pkg:maven/com.google.code.findbugs/jsr305@3.0.2", @@ -16174,7 +17913,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Gradle" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"gradle-groovy/gradle.lockfile/",/"line_start/":5,/"line_end/":5,/"column_start/":1,/"column_end/":73,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:maven/org.hamcrest/hamcrest-core@1.3", @@ -16191,7 +17937,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Gradle" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"gradle-kotlin/gradle.lockfile/",/"line_start/":5,/"line_end/":5,/"column_start/":1,/"column_end/":73,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-test", @@ -16358,7 +18111,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pnpm" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm/pnpm-lock.yaml/",/"line_start/":21,/"line_end/":25,/"column_start/":3,/"column_end/":14,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/debug@2.6.9", @@ -16407,7 +18167,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pnpm" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-9/pnpm-lock.yaml/",/"line_start/":35,/"line_end/":42,/"column_start/":3,/"column_end/":23,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/lodash@4.17.20", @@ -16424,7 +18191,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pnpm" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-9/pnpm-lock.yaml/",/"line_start/":44,/"line_end/":45,/"column_start/":3,/"column_end/":125,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/ms@2.0.0", @@ -16441,7 +18215,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pnpm" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-9/pnpm-lock.yaml/",/"line_start/":47,/"line_end/":48,/"column_start/":3,/"column_end/":125,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/ms@2.1.2", @@ -16458,7 +18239,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pnpm" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-9/pnpm-lock.yaml/",/"line_start/":50,/"line_end/":51,/"column_start/":3,/"column_end/":125,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/ms@2.1.3", @@ -16663,7 +18451,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pub" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pubspec.lock/",/"line_start/":4,/"line_end/":10,/"column_start/":3,/"column_end/":21}}" + } + ] + } }, { "bom-ref": "pkg:pypi/beautifulsoup4@4.9.3", @@ -17031,10 +18826,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -17043,7 +18834,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":55,/"line_end/":55,/"column_start/":5,/"column_end/":28,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":55,/"line_end/":55,/"column_start/":6,/"column_end/":19,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":55,/"line_end/":55,/"column_start/":23,/"column_end/":27,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5280,/"line_end/":5332,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -17063,7 +18854,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5333,/"line_end/":5386,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/aws/aws-sdk-php@3.317.2", @@ -17076,10 +18874,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -17088,7 +18882,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":56,/"line_end/":56,/"column_start/":5,/"column_end/":34,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":56,/"line_end/":56,/"column_start/":6,/"column_end/":21,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":56,/"line_end/":56,/"column_start/":25,/"column_end/":33,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5387,/"line_end/":5481,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -17128,7 +18922,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":69,/"line_end/":137,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/dflydev/dot-access-data@v3.0.3", @@ -17141,7 +18942,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":138,/"line_end/":212,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/doctrine/inflector@2.0.10", @@ -17178,7 +18986,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":304,/"line_end/":380,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/dragonmantank/cron-expression@v3.3.3", @@ -17239,10 +19054,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -17251,7 +19062,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":57,/"line_end/":57,/"column_start/":5,/"column_end/":30,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":57,/"line_end/":57,/"column_start/":6,/"column_end/":20,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":57,/"line_end/":57,/"column_start/":24,/"column_end/":29,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5482,/"line_end/":5544,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -17291,7 +19102,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":580,/"line_end/":641,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/guzzlehttp/guzzle@7.9.2", @@ -17328,7 +19146,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":768,/"line_end/":850,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/guzzlehttp/psr7@2.7.0", @@ -17341,7 +19166,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":851,/"line_end/":966,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/guzzlehttp/uri-template@v1.0.3", @@ -17382,7 +19214,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5545,/"line_end/":5595,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/illuminate/collections@v11.19.0", @@ -17395,7 +19234,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1053,/"line_end/":1107,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/illuminate/conditionable@v11.19.0", @@ -17408,7 +19254,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1108,/"line_end/":1153,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/illuminate/contracts@v11.19.0", @@ -17421,7 +19274,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1154,/"line_end/":1201,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/illuminate/macroable@v11.19.0", @@ -17434,7 +19294,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1202,/"line_end/":1247,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/laravel/prompts@v0.1.24", @@ -17519,7 +19386,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1472,/"line_end/":1553,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/league/flysystem-aws-s3-v3@3.28.0", @@ -17532,10 +19406,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -17544,7 +19414,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":58,/"line_end/":58,/"column_start/":5,/"column_end/":41,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":58,/"line_end/":58,/"column_start/":6,/"column_end/":32,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":58,/"line_end/":58,/"column_start/":36,/"column_end/":40,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5679,/"line_end/":5733,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -17564,7 +19434,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5734,/"line_end/":5782,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/league/flysystem-path-prefixing@3.28.0", @@ -17577,10 +19454,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -17589,7 +19462,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":59,/"line_end/":59,/"column_start/":5,/"column_end/":46,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":59,/"line_end/":59,/"column_start/":6,/"column_end/":37,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":59,/"line_end/":59,/"column_start/":41,/"column_end/":45,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5783,/"line_end/":5828,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -17605,10 +19478,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -17617,7 +19486,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":60,/"line_end/":60,/"column_start/":5,/"column_end/":41,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":60,/"line_end/":60,/"column_start/":6,/"column_end/":32,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":60,/"line_end/":60,/"column_start/":36,/"column_end/":40,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5829,/"line_end/":5875,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -17637,7 +19506,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5596,/"line_end/":5678,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/league/mime-type-detection@1.15.0", @@ -17654,7 +19530,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5876,/"line_end/":5931,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/mockery/mockery@1.6.12", @@ -17667,10 +19550,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -17679,7 +19558,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":61,/"line_end/":61,/"column_start/":5,/"column_end/":30,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":61,/"line_end/":61,/"column_start/":6,/"column_end/":21,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":61,/"line_end/":61,/"column_start/":25,/"column_end/":29,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5932,/"line_end/":6014,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -17723,7 +19602,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6015,/"line_end/":6080,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/myclabs/deep-copy@1.12.0", @@ -17740,7 +19626,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6081,/"line_end/":6140,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/nesbot/carbon@3.7.0", @@ -17777,7 +19670,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1761,/"line_end/":1822,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/nette/utils@v4.0.4", @@ -17790,7 +19690,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1823,/"line_end/":1908,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/nikic/php-parser@v5.1.0", @@ -17807,7 +19714,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6141,/"line_end/":6198,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/nunomaduro/termwind@v2.0.1", @@ -17844,10 +19758,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -17856,7 +19766,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":62,/"line_end/":62,/"column_start/":5,/"column_end/":26,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":62,/"line_end/":62,/"column_start/":6,/"column_end/":17,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":62,/"line_end/":62,/"column_start/":21,/"column_end/":25,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6199,/"line_end/":6276,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -17872,10 +19782,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -17884,7 +19790,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":63,/"line_end/":63,/"column_start/":5,/"column_end/":29,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":63,/"line_end/":63,/"column_start/":6,/"column_end/":20,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":63,/"line_end/":63,/"column_start/":24,/"column_end/":28,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6277,/"line_end/":6342,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -17904,7 +19810,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6343,/"line_end/":6409,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/phar-io/version@3.2.1", @@ -17921,7 +19834,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6410,/"line_end/":6460,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpoption/phpoption@1.9.3", @@ -17934,7 +19854,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1997,/"line_end/":2071,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpstan/phpstan@1.11.9", @@ -17947,10 +19874,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -17959,7 +19882,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":64,/"line_end/":64,/"column_start/":5,/"column_end/":33,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":64,/"line_end/":64,/"column_start/":6,/"column_end/":21,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":64,/"line_end/":64,/"column_start/":25,/"column_end/":32,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6461,/"line_end/":6518,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -17979,7 +19902,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6519,/"line_end/":6596,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/php-file-iterator@5.0.1", @@ -17996,7 +19926,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6597,/"line_end/":6657,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/php-invoker@5.0.1", @@ -18013,7 +19950,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6658,/"line_end/":6721,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/php-text-template@4.0.1", @@ -18030,7 +19974,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6722,/"line_end/":6781,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/php-timer@7.0.1", @@ -18047,7 +19998,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6782,/"line_end/":6841,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/phpunit@11.3.0", @@ -18060,10 +20018,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -18072,7 +20026,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":65,/"line_end/":65,/"column_start/":5,/"column_end/":37,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":65,/"line_end/":65,/"column_start/":6,/"column_end/":21,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":65,/"line_end/":65,/"column_start/":25,/"column_end/":36,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6842,/"line_end/":6941,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -18088,10 +20042,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -18100,7 +20050,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":66,/"line_end/":66,/"column_start/":5,/"column_end/":30,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":66,/"line_end/":66,/"column_start/":6,/"column_end/":19,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":66,/"line_end/":66,/"column_start/":23,/"column_end/":29,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6942,/"line_end/":7002,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -18120,7 +20070,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7003,/"line_end/":7051,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/clock@1.0.0", @@ -18133,7 +20090,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2072,/"line_end/":2119,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/container@2.0.2", @@ -18170,7 +20134,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2173,/"line_end/":2222,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/http-client@1.0.3", @@ -18183,7 +20154,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2223,/"line_end/":2274,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/http-factory@1.1.0", @@ -18196,7 +20174,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2275,/"line_end/":2329,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/http-message@2.0", @@ -18209,7 +20194,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2330,/"line_end/":2382,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/log@3.0.0", @@ -18270,7 +20262,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2484,/"line_end/":2527,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/ramsey/collection@2.0.0", @@ -18283,7 +20282,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2528,/"line_end/":2616,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/ramsey/uuid@4.7.6", @@ -18320,10 +20326,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -18332,7 +20334,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":67,/"line_end/":67,/"column_start/":5,/"column_end/":35,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":67,/"line_end/":67,/"column_start/":6,/"column_end/":23,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":67,/"line_end/":67,/"column_start/":27,/"column_end/":34,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7052,/"line_end/":7108,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -18352,7 +20354,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7109,/"line_end/":7170,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/cli-parser@3.0.2", @@ -18369,7 +20378,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7171,/"line_end/":7227,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/code-unit-reverse-lookup@4.0.1", @@ -18386,7 +20402,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7285,/"line_end/":7340,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/code-unit@3.0.1", @@ -18403,8 +20426,15 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] - }, + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7228,/"line_end/":7284,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } + }, { "bom-ref": "pkg:composer/sebastian/comparator@6.0.1", "type": "library", @@ -18420,7 +20450,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7341,/"line_end/":7417,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/complexity@4.0.1", @@ -18437,7 +20474,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7418,/"line_end/":7475,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/diff@6.0.2", @@ -18454,7 +20498,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7476,/"line_end/":7542,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/environment@7.2.0", @@ -18471,7 +20522,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7543,/"line_end/":7606,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/exporter@6.1.3", @@ -18488,7 +20546,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7607,/"line_end/":7684,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/global-state@7.0.2", @@ -18505,7 +20570,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7685,/"line_end/":7746,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/lines-of-code@3.0.1", @@ -18522,7 +20594,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7747,/"line_end/":7804,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/object-enumerator@6.0.1", @@ -18539,7 +20618,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7805,/"line_end/":7862,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/object-reflector@4.0.1", @@ -18556,7 +20642,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7863,/"line_end/":7918,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/recursion-context@6.0.2", @@ -18573,7 +20666,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7919,/"line_end/":7982,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/type@5.0.1", @@ -18590,7 +20690,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7983,/"line_end/":8039,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/version@5.0.1", @@ -18607,7 +20714,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8040,/"line_end/":8093,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/cache-contracts@v3.5.0", @@ -18624,7 +20738,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8191,/"line_end/":8266,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/cache@v7.1.3", @@ -18637,10 +20758,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -18649,7 +20766,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":68,/"line_end/":68,/"column_start/":5,/"column_end/":28,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":68,/"line_end/":68,/"column_start/":6,/"column_end/":19,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":68,/"line_end/":68,/"column_start/":23,/"column_end/":27,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8094,/"line_end/":8190,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -18665,7 +20782,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2709,/"line_end/":2782,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/console@v7.1.3", @@ -18702,7 +20826,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2876,/"line_end/":2940,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/deprecation-contracts@v3.5.0", @@ -18715,7 +20846,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2941,/"line_end/":3007,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/error-handler@v7.1.3", @@ -18752,7 +20890,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3163,/"line_end/":3238,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/event-dispatcher@v7.1.1", @@ -18765,7 +20910,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3083,/"line_end/":3162,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/finder@v7.1.3", @@ -18806,7 +20958,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8361,/"line_end/":8438,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/http-client@v7.1.3", @@ -18819,10 +20978,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -18831,7 +20986,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":69,/"line_end/":69,/"column_start/":5,/"column_end/":34,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":69,/"line_end/":69,/"column_start/":6,/"column_end/":25,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":69,/"line_end/":69,/"column_start/":29,/"column_end/":33,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8267,/"line_end/":8360,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -18943,7 +21098,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3658,/"line_end/":3736,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-intl-grapheme@v1.30.0", @@ -18956,7 +21118,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3737,/"line_end/":3814,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-intl-idn@v1.30.0", @@ -18969,7 +21138,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3815,/"line_end/":3898,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-intl-normalizer@v1.30.0", @@ -18982,7 +21158,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3899,/"line_end/":3979,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-mbstring@v1.30.0", @@ -18995,7 +21178,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3980,/"line_end/":4059,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-php72@v1.30.0", @@ -19008,7 +21198,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4060,/"line_end/":4132,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-php80@v1.30.0", @@ -19021,7 +21218,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4133,/"line_end/":4212,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-php83@v1.30.0", @@ -19058,7 +21262,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4289,/"line_end/":4367,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/process@v7.1.3", @@ -19095,10 +21306,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -19107,7 +21314,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":70,/"line_end/":70,/"column_start/":5,/"column_end/":46,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":70,/"line_end/":70,/"column_start/":6,/"column_end/":37,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":70,/"line_end/":70,/"column_start/":41,/"column_end/":45,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8439,/"line_end/":8521,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -19147,7 +21354,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4510,/"line_end/":4592,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/string@v7.1.3", @@ -19160,7 +21374,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4593,/"line_end/":4679,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/translation-contracts@v3.5.0", @@ -19173,10 +21394,17 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] - }, - { - "bom-ref": "pkg:composer/symfony/translation@v7.1.3", + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4774,/"line_end/":4851,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } + }, + { + "bom-ref": "pkg:composer/symfony/translation@v7.1.3", "type": "library", "name": "symfony/translation", "version": "v7.1.3", @@ -19186,7 +21414,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4680,/"line_end/":4773,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/uid@v7.1.1", @@ -19251,7 +21486,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8522,/"line_end/":8597,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/theseer/tokenizer@1.2.3", @@ -19268,7 +21510,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8598,/"line_end/":8647,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/tijsverkoyen/css-to-inline-styles@v2.2.7", @@ -19353,7 +21602,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5220,/"line_end/":5277,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:conan/zlib@1.2.11", @@ -19366,7 +21622,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Conan" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"conan.lock/",/"line_start/":13,/"line_end/":19,/"column_start/":7,/"column_end/":8}}" + } + ] + } }, { "bom-ref": "pkg:gem/RedCloth@4.2.9", @@ -19403,7 +21666,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":6,/"line_end/":6,/"column_start/":1,/"column_end/":24,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/actionmailbox@7.1.2", @@ -19416,7 +21686,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":12,/"line_end/":12,/"column_start/":1,/"column_end/":26,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/actionmailer@7.1.2", @@ -19429,7 +21706,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":22,/"line_end/":22,/"column_start/":1,/"column_end/":25,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/actionpack@7.1.2", @@ -19442,7 +21726,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":32,/"line_end/":32,/"column_start/":1,/"column_end/":23,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/actiontext@7.1.2", @@ -19455,7 +21746,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":42,/"line_end/":42,/"column_start/":1,/"column_end/":23,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/actionview@7.1.2", @@ -19468,7 +21766,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":49,/"line_end/":49,/"column_start/":1,/"column_end/":23,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/activejob@7.1.2", @@ -19481,7 +21786,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":55,/"line_end/":55,/"column_start/":1,/"column_end/":22,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/activemodel@7.1.2", @@ -19494,7 +21806,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":58,/"line_end/":58,/"column_start/":1,/"column_end/":24,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/activerecord@7.1.2", @@ -19507,7 +21826,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":60,/"line_end/":60,/"column_start/":1,/"column_end/":25,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/activestorage@7.1.2", @@ -19520,7 +21846,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":64,/"line_end/":64,/"column_start/":1,/"column_end/":26,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/activesupport@7.1.2", @@ -19533,7 +21866,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":70,/"line_end/":70,/"column_start/":1,/"column_end/":26,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/addressable@2.8.7", @@ -19546,7 +21886,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":107,/"line_end/":107,/"column_start/":1,/"column_end/":24,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/base64@0.2.0", @@ -19559,7 +21906,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":109,/"line_end/":109,/"column_start/":1,/"column_end/":19,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/bigdecimal@3.1.8", @@ -19572,7 +21926,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":110,/"line_end/":110,/"column_start/":1,/"column_end/":23,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/builder@3.3.0", @@ -19585,7 +21946,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":111,/"line_end/":111,/"column_start/":1,/"column_end/":20,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/capybara@3.39.2", @@ -19598,7 +21966,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":112,/"line_end/":112,/"column_start/":1,/"column_end/":22,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/childprocess@5.0.0", @@ -19611,7 +21986,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":121,/"line_end/":121,/"column_start/":1,/"column_end/":25,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/chronic@0.10.2", @@ -19672,7 +22054,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":124,/"line_end/":124,/"column_start/":1,/"column_end/":28,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/connection_pool@2.4.1", @@ -19685,7 +22074,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":125,/"line_end/":125,/"column_start/":1,/"column_end/":28,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/crass@1.0.6", @@ -19698,7 +22094,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":126,/"line_end/":126,/"column_start/":1,/"column_end/":18,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-ci-environment@10.0.1", @@ -19711,7 +22114,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":139,/"line_end/":139,/"column_start/":1,/"column_end/":37,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-core@13.0.3", @@ -19724,7 +22134,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":140,/"line_end/":140,/"column_start/":1,/"column_end/":27,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-cucumber-expressions@17.1.0", @@ -19737,7 +22154,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":144,/"line_end/":144,/"column_start/":1,/"column_end/":43,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-gherkin@27.0.0", @@ -19750,7 +22174,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":146,/"line_end/":146,/"column_start/":1,/"column_end/":30,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-html-formatter@21.4.1", @@ -19763,7 +22194,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":148,/"line_end/":148,/"column_start/":1,/"column_end/":37,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-messages@22.0.0", @@ -19776,12 +22214,19 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] - }, - { - "bom-ref": "pkg:gem/cucumber-rails@1.4.0", - "type": "library", - "name": "cucumber-rails", + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":150,/"line_end/":150,/"column_start/":1,/"column_end/":31,/"role/":/"lockfile/"}}" + } + ] + } + }, + { + "bom-ref": "pkg:gem/cucumber-rails@1.4.0", + "type": "library", + "name": "cucumber-rails", "version": "1.4.0", "purl": "pkg:gem/cucumber-rails@1.4.0", "properties": [ @@ -19817,7 +22262,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":156,/"line_end/":156,/"column_start/":1,/"column_end/":37,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-websteps@0.10.0", @@ -19858,7 +22310,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":127,/"line_end/":127,/"column_start/":1,/"column_end/":21,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/database_cleaner-active_record@2.2.0", @@ -19871,7 +22330,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":163,/"line_end/":163,/"column_start/":1,/"column_end/":43,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/database_cleaner-core@2.0.1", @@ -19884,7 +22350,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":166,/"line_end/":166,/"column_start/":1,/"column_end/":34,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/database_cleaner@2.0.2", @@ -19925,7 +22398,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":167,/"line_end/":167,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/diff-lcs@1.5.1", @@ -19938,7 +22418,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":168,/"line_end/":168,/"column_start/":1,/"column_end/":21,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/drb@2.2.1", @@ -19951,7 +22438,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":169,/"line_end/":169,/"column_start/":1,/"column_end/":16,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/erubi@1.13.0", @@ -19964,7 +22458,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":170,/"line_end/":170,/"column_start/":1,/"column_end/":19,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/factory_girl@4.9.0", @@ -20005,7 +22506,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":173,/"line_end/":173,/"column_start/":1,/"column_end/":30,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/globalid@1.2.1", @@ -20018,7 +22526,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":174,/"line_end/":174,/"column_start/":1,/"column_end/":21,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/i18n@1.14.5", @@ -20031,7 +22546,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":176,/"line_end/":176,/"column_start/":1,/"column_end/":18,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/io-console@0.7.2", @@ -20044,7 +22566,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":178,/"line_end/":178,/"column_start/":1,/"column_end/":23,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/irb@1.14.0", @@ -20057,7 +22586,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":179,/"line_end/":179,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/jquery-rails@4.6.0", @@ -20094,7 +22630,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":186,/"line_end/":186,/"column_start/":1,/"column_end/":20,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/loofah@2.22.0", @@ -20107,7 +22650,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":189,/"line_end/":189,/"column_start/":1,/"column_end/":20,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/mail@2.8.1", @@ -20120,7 +22670,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":192,/"line_end/":192,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/marcel@1.0.4", @@ -20133,7 +22690,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":197,/"line_end/":197,/"column_start/":1,/"column_end/":19,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/matrix@0.4.2", @@ -20146,7 +22710,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":198,/"line_end/":198,/"column_start/":1,/"column_end/":19,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/mini_mime@1.1.5", @@ -20159,7 +22730,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":199,/"line_end/":199,/"column_start/":1,/"column_end/":22,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/mini_portile2@2.8.7", @@ -20172,7 +22750,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":200,/"line_end/":200,/"column_start/":1,/"column_end/":26,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/minitest@5.24.1", @@ -20185,7 +22770,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":201,/"line_end/":201,/"column_start/":1,/"column_end/":22,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/multi_test@1.1.0", @@ -20198,7 +22790,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":202,/"line_end/":202,/"column_start/":1,/"column_end/":23,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/mutex_m@0.2.0", @@ -20211,7 +22810,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":203,/"line_end/":203,/"column_start/":1,/"column_end/":20,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/net-imap@0.4.14", @@ -20224,7 +22830,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":204,/"line_end/":204,/"column_start/":1,/"column_end/":22,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/net-pop@0.1.2", @@ -20237,7 +22850,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":207,/"line_end/":207,/"column_start/":1,/"column_end/":20,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/net-protocol@0.2.2", @@ -20250,7 +22870,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":209,/"line_end/":209,/"column_start/":1,/"column_end/":25,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/net-smtp@0.5.0", @@ -20263,7 +22890,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":211,/"line_end/":211,/"column_start/":1,/"column_end/":21,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/nio4r@2.7.3", @@ -20276,7 +22910,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":213,/"line_end/":213,/"column_start/":1,/"column_end/":18,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/nokogiri@1.15.6", @@ -20289,7 +22930,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":214,/"line_end/":214,/"column_start/":1,/"column_end/":35,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/psych@5.1.2", @@ -20302,7 +22950,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":216,/"line_end/":216,/"column_start/":1,/"column_end/":18,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/public_suffix@5.1.1", @@ -20315,10 +22970,17 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] - }, - { - "bom-ref": "pkg:gem/racc@1.8.1", + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":218,/"line_end/":218,/"column_start/":1,/"column_end/":26,/"role/":/"lockfile/"}}" + } + ] + } + }, + { + "bom-ref": "pkg:gem/racc@1.8.1", "type": "library", "name": "racc", "version": "1.8.1", @@ -20328,7 +22990,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":219,/"line_end/":219,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rack-openid@1.4.2", @@ -20365,7 +23034,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":224,/"line_end/":224,/"column_start/":1,/"column_end/":25,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rack-test@2.1.0", @@ -20378,7 +23054,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":226,/"line_end/":226,/"column_start/":1,/"column_end/":22,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rack@3.1.7", @@ -20391,7 +23074,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":220,/"line_end/":220,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rackup@2.1.0", @@ -20404,7 +23094,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":228,/"line_end/":228,/"column_start/":1,/"column_end/":19,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rails-dom-testing@2.2.0", @@ -20417,7 +23114,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":231,/"line_end/":231,/"column_start/":1,/"column_end/":30,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rails-html-sanitizer@1.6.0", @@ -20430,7 +23134,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":235,/"line_end/":235,/"column_start/":1,/"column_end/":33,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rails@7.1.2", @@ -20467,7 +23178,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":94,/"line_end/":94,/"column_start/":1,/"column_end/":21,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rake@13.2.1", @@ -20480,7 +23198,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":238,/"line_end/":238,/"column_start/":1,/"column_end/":18,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rdoc@6.7.0", @@ -20493,7 +23218,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":239,/"line_end/":239,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/regexp_parser@2.9.2", @@ -20506,7 +23238,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":241,/"line_end/":241,/"column_start/":1,/"column_end/":26,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/reline@0.5.9", @@ -20519,7 +23258,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":242,/"line_end/":242,/"column_start/":1,/"column_end/":19,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec-activemodel-mocks@1.2.0", @@ -20588,7 +23334,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":254,/"line_end/":254,/"column_start/":1,/"column_end/":24,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec-expectations@3.13.1", @@ -20601,7 +23354,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":256,/"line_end/":256,/"column_start/":1,/"column_end/":32,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec-mocks@3.13.1", @@ -20614,7 +23374,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":259,/"line_end/":259,/"column_start/":1,/"column_end/":25,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec-support@3.13.1", @@ -20627,7 +23394,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":262,/"line_end/":262,/"column_start/":1,/"column_end/":27,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec@3.13.0", @@ -20716,7 +23490,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":266,/"line_end/":266,/"column_start/":1,/"column_end/":21,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/sys-uname@1.3.0", @@ -20729,7 +23510,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":267,/"line_end/":267,/"column_start/":1,/"column_end/":22,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/thor@1.3.1", @@ -20742,7 +23530,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":269,/"line_end/":269,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/timeout@0.4.1", @@ -20755,7 +23550,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":270,/"line_end/":270,/"column_start/":1,/"column_end/":20,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/tzinfo@2.0.6", @@ -20768,7 +23570,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":271,/"line_end/":271,/"column_start/":1,/"column_end/":19,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/webrick@1.8.1", @@ -20781,7 +23590,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":273,/"line_end/":273,/"column_start/":1,/"column_end/":20,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/websocket-driver@0.7.6", @@ -20794,7 +23610,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":274,/"line_end/":274,/"column_start/":1,/"column_end/":29,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/websocket-extensions@0.1.5", @@ -20807,7 +23630,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":276,/"line_end/":276,/"column_start/":1,/"column_end/":33,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/will_paginate@3.0.12", @@ -20844,7 +23674,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":278,/"line_end/":278,/"column_start/":1,/"column_end/":18,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/zeitwerk@2.6.17", @@ -20857,7 +23694,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":280,/"line_end/":280,/"column_start/":1,/"column_end/":22,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:golang/github.com/BurntSushi/toml@1.0.0", @@ -20918,7 +23762,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Hex" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"mix.lock/",/"line_start/":2,/"line_end/":2,/"column_start/":1,/"column_end/":421}}" + } + ] + } }, { "bom-ref": "pkg:maven/com.google.code.findbugs/jsr305@3.0.2", @@ -21019,7 +23870,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Gradle" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"gradle-groovy/gradle.lockfile/",/"line_start/":5,/"line_end/":5,/"column_start/":1,/"column_end/":73,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:maven/org.hamcrest/hamcrest-core@1.3", @@ -21036,7 +23894,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Gradle" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"gradle-kotlin/gradle.lockfile/",/"line_start/":5,/"line_end/":5,/"column_start/":1,/"column_end/":73,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-test", @@ -21231,7 +24096,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pnpm" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-9/pnpm-lock.yaml/",/"line_start/":35,/"line_end/":42,/"column_start/":3,/"column_end/":23,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/lodash@4.17.20", @@ -21248,12 +24120,19 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pnpm" } - ] - }, - { - "bom-ref": "pkg:npm/ms@2.0.0", - "type": "library", - "name": "ms", + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-9/pnpm-lock.yaml/",/"line_start/":44,/"line_end/":45,/"column_start/":3,/"column_end/":125,/"role/":/"lockfile/"}}" + } + ] + } + }, + { + "bom-ref": "pkg:npm/ms@2.0.0", + "type": "library", + "name": "ms", "version": "2.0.0", "purl": "pkg:npm/ms@2.0.0", "properties": [ @@ -21265,7 +24144,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pnpm" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-9/pnpm-lock.yaml/",/"line_start/":47,/"line_end/":48,/"column_start/":3,/"column_end/":125,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/ms@2.1.2", @@ -21282,7 +24168,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pnpm" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-9/pnpm-lock.yaml/",/"line_start/":50,/"line_end/":51,/"column_start/":3,/"column_end/":125,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/ms@2.1.3", @@ -21487,7 +24380,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pub" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pubspec.lock/",/"line_start/":4,/"line_end/":10,/"column_start/":3,/"column_end/":21}}" + } + ] + } }, { "bom-ref": "pkg:pypi/beautifulsoup4@4.9.3", @@ -21855,10 +24755,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -21867,7 +24763,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":55,/"line_end/":55,/"column_start/":5,/"column_end/":28,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":55,/"line_end/":55,/"column_start/":6,/"column_end/":19,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":55,/"line_end/":55,/"column_start/":23,/"column_end/":27,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5280,/"line_end/":5332,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -21887,7 +24783,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5333,/"line_end/":5386,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/aws/aws-sdk-php@3.317.2", @@ -21900,10 +24803,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -21912,7 +24811,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":56,/"line_end/":56,/"column_start/":5,/"column_end/":34,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":56,/"line_end/":56,/"column_start/":6,/"column_end/":21,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":56,/"line_end/":56,/"column_start/":25,/"column_end/":33,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5387,/"line_end/":5481,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -21952,7 +24851,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":69,/"line_end/":137,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/dflydev/dot-access-data@v3.0.3", @@ -21965,7 +24871,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":138,/"line_end/":212,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/doctrine/inflector@2.0.10", @@ -22002,7 +24915,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":304,/"line_end/":380,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/dragonmantank/cron-expression@v3.3.3", @@ -22063,10 +24983,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -22075,7 +24991,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":57,/"line_end/":57,/"column_start/":5,/"column_end/":30,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":57,/"line_end/":57,/"column_start/":6,/"column_end/":20,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":57,/"line_end/":57,/"column_start/":24,/"column_end/":29,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5482,/"line_end/":5544,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -22115,7 +25031,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":580,/"line_end/":641,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/guzzlehttp/guzzle@7.9.2", @@ -22152,7 +25075,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":768,/"line_end/":850,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/guzzlehttp/psr7@2.7.0", @@ -22165,7 +25095,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":851,/"line_end/":966,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/guzzlehttp/uri-template@v1.0.3", @@ -22206,7 +25143,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5545,/"line_end/":5595,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/illuminate/collections@v11.19.0", @@ -22219,7 +25163,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1053,/"line_end/":1107,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/illuminate/conditionable@v11.19.0", @@ -22232,7 +25183,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1108,/"line_end/":1153,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/illuminate/contracts@v11.19.0", @@ -22245,7 +25203,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1154,/"line_end/":1201,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/illuminate/macroable@v11.19.0", @@ -22258,7 +25223,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1202,/"line_end/":1247,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/laravel/prompts@v0.1.24", @@ -22343,7 +25315,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1472,/"line_end/":1553,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/league/flysystem-aws-s3-v3@3.28.0", @@ -22356,10 +25335,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -22368,7 +25343,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":58,/"line_end/":58,/"column_start/":5,/"column_end/":41,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":58,/"line_end/":58,/"column_start/":6,/"column_end/":32,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":58,/"line_end/":58,/"column_start/":36,/"column_end/":40,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5679,/"line_end/":5733,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -22388,7 +25363,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5734,/"line_end/":5782,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/league/flysystem-path-prefixing@3.28.0", @@ -22401,10 +25383,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -22413,7 +25391,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":59,/"line_end/":59,/"column_start/":5,/"column_end/":46,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":59,/"line_end/":59,/"column_start/":6,/"column_end/":37,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":59,/"line_end/":59,/"column_start/":41,/"column_end/":45,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5783,/"line_end/":5828,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -22429,10 +25407,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -22441,7 +25415,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":60,/"line_end/":60,/"column_start/":5,/"column_end/":41,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":60,/"line_end/":60,/"column_start/":6,/"column_end/":32,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":60,/"line_end/":60,/"column_start/":36,/"column_end/":40,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5829,/"line_end/":5875,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -22461,7 +25435,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5596,/"line_end/":5678,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/league/mime-type-detection@1.15.0", @@ -22478,7 +25459,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5876,/"line_end/":5931,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/mockery/mockery@1.6.12", @@ -22491,10 +25479,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -22503,7 +25487,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":61,/"line_end/":61,/"column_start/":5,/"column_end/":30,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":61,/"line_end/":61,/"column_start/":6,/"column_end/":21,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":61,/"line_end/":61,/"column_start/":25,/"column_end/":29,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5932,/"line_end/":6014,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -22547,7 +25531,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6015,/"line_end/":6080,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/myclabs/deep-copy@1.12.0", @@ -22564,7 +25555,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6081,/"line_end/":6140,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/nesbot/carbon@3.7.0", @@ -22601,7 +25599,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1761,/"line_end/":1822,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/nette/utils@v4.0.4", @@ -22614,7 +25619,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1823,/"line_end/":1908,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/nikic/php-parser@v5.1.0", @@ -22631,7 +25643,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6141,/"line_end/":6198,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/nunomaduro/termwind@v2.0.1", @@ -22668,10 +25687,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -22680,7 +25695,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":62,/"line_end/":62,/"column_start/":5,/"column_end/":26,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":62,/"line_end/":62,/"column_start/":6,/"column_end/":17,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":62,/"line_end/":62,/"column_start/":21,/"column_end/":25,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6199,/"line_end/":6276,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -22696,10 +25711,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -22708,7 +25719,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":63,/"line_end/":63,/"column_start/":5,/"column_end/":29,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":63,/"line_end/":63,/"column_start/":6,/"column_end/":20,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":63,/"line_end/":63,/"column_start/":24,/"column_end/":28,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6277,/"line_end/":6342,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -22728,7 +25739,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6343,/"line_end/":6409,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/phar-io/version@3.2.1", @@ -22745,7 +25763,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6410,/"line_end/":6460,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpoption/phpoption@1.9.3", @@ -22758,7 +25783,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1997,/"line_end/":2071,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpstan/phpstan@1.11.9", @@ -22771,10 +25803,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -22783,7 +25811,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":64,/"line_end/":64,/"column_start/":5,/"column_end/":33,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":64,/"line_end/":64,/"column_start/":6,/"column_end/":21,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":64,/"line_end/":64,/"column_start/":25,/"column_end/":32,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6461,/"line_end/":6518,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -22803,7 +25831,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6519,/"line_end/":6596,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/php-file-iterator@5.0.1", @@ -22820,7 +25855,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6597,/"line_end/":6657,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/php-invoker@5.0.1", @@ -22837,7 +25879,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6658,/"line_end/":6721,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/php-text-template@4.0.1", @@ -22854,7 +25903,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6722,/"line_end/":6781,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/php-timer@7.0.1", @@ -22871,7 +25927,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6782,/"line_end/":6841,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/phpunit@11.3.0", @@ -22884,10 +25947,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -22896,7 +25955,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":65,/"line_end/":65,/"column_start/":5,/"column_end/":37,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":65,/"line_end/":65,/"column_start/":6,/"column_end/":21,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":65,/"line_end/":65,/"column_start/":25,/"column_end/":36,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6842,/"line_end/":6941,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -22912,10 +25971,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -22924,7 +25979,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":66,/"line_end/":66,/"column_start/":5,/"column_end/":30,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":66,/"line_end/":66,/"column_start/":6,/"column_end/":19,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":66,/"line_end/":66,/"column_start/":23,/"column_end/":29,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6942,/"line_end/":7002,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -22944,7 +25999,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7003,/"line_end/":7051,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/clock@1.0.0", @@ -22957,7 +26019,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2072,/"line_end/":2119,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/container@2.0.2", @@ -22994,7 +26063,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2173,/"line_end/":2222,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/http-client@1.0.3", @@ -23007,7 +26083,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2223,/"line_end/":2274,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/http-factory@1.1.0", @@ -23020,7 +26103,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2275,/"line_end/":2329,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/http-message@2.0", @@ -23033,7 +26123,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2330,/"line_end/":2382,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/log@3.0.0", @@ -23094,7 +26191,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2484,/"line_end/":2527,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/ramsey/collection@2.0.0", @@ -23107,7 +26211,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2528,/"line_end/":2616,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/ramsey/uuid@4.7.6", @@ -23144,10 +26255,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -23156,7 +26263,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":67,/"line_end/":67,/"column_start/":5,/"column_end/":35,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":67,/"line_end/":67,/"column_start/":6,/"column_end/":23,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":67,/"line_end/":67,/"column_start/":27,/"column_end/":34,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7052,/"line_end/":7108,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -23176,7 +26283,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7109,/"line_end/":7170,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/cli-parser@3.0.2", @@ -23193,7 +26307,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7171,/"line_end/":7227,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/code-unit-reverse-lookup@4.0.1", @@ -23210,7 +26331,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7285,/"line_end/":7340,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/code-unit@3.0.1", @@ -23227,7 +26355,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7228,/"line_end/":7284,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/comparator@6.0.1", @@ -23244,7 +26379,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7341,/"line_end/":7417,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/complexity@4.0.1", @@ -23261,7 +26403,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7418,/"line_end/":7475,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/diff@6.0.2", @@ -23278,7 +26427,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7476,/"line_end/":7542,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/environment@7.2.0", @@ -23295,7 +26451,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7543,/"line_end/":7606,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/exporter@6.1.3", @@ -23312,7 +26475,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7607,/"line_end/":7684,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/global-state@7.0.2", @@ -23329,7 +26499,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7685,/"line_end/":7746,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/lines-of-code@3.0.1", @@ -23346,7 +26523,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7747,/"line_end/":7804,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/object-enumerator@6.0.1", @@ -23363,7 +26547,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7805,/"line_end/":7862,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/object-reflector@4.0.1", @@ -23380,7 +26571,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7863,/"line_end/":7918,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/recursion-context@6.0.2", @@ -23397,7 +26595,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7919,/"line_end/":7982,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/type@5.0.1", @@ -23414,7 +26619,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7983,/"line_end/":8039,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/version@5.0.1", @@ -23431,7 +26643,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8040,/"line_end/":8093,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/cache-contracts@v3.5.0", @@ -23448,7 +26667,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8191,/"line_end/":8266,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/cache@v7.1.3", @@ -23461,10 +26687,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -23473,7 +26695,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":68,/"line_end/":68,/"column_start/":5,/"column_end/":28,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":68,/"line_end/":68,/"column_start/":6,/"column_end/":19,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":68,/"line_end/":68,/"column_start/":23,/"column_end/":27,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8094,/"line_end/":8190,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -23489,7 +26711,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2709,/"line_end/":2782,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/console@v7.1.3", @@ -23526,7 +26755,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2876,/"line_end/":2940,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/deprecation-contracts@v3.5.0", @@ -23539,7 +26775,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2941,/"line_end/":3007,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/error-handler@v7.1.3", @@ -23576,7 +26819,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3163,/"line_end/":3238,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/event-dispatcher@v7.1.1", @@ -23589,7 +26839,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3083,/"line_end/":3162,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/finder@v7.1.3", @@ -23630,7 +26887,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8361,/"line_end/":8438,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/http-client@v7.1.3", @@ -23643,10 +26907,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -23655,7 +26915,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":69,/"line_end/":69,/"column_start/":5,/"column_end/":34,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":69,/"line_end/":69,/"column_start/":6,/"column_end/":25,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":69,/"line_end/":69,/"column_start/":29,/"column_end/":33,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8267,/"line_end/":8360,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -23767,7 +27027,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3658,/"line_end/":3736,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-intl-grapheme@v1.30.0", @@ -23780,7 +27047,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3737,/"line_end/":3814,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-intl-idn@v1.30.0", @@ -23793,7 +27067,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3815,/"line_end/":3898,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-intl-normalizer@v1.30.0", @@ -23806,7 +27087,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3899,/"line_end/":3979,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-mbstring@v1.30.0", @@ -23819,7 +27107,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3980,/"line_end/":4059,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-php72@v1.30.0", @@ -23832,7 +27127,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4060,/"line_end/":4132,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-php80@v1.30.0", @@ -23845,7 +27147,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4133,/"line_end/":4212,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-php83@v1.30.0", @@ -23882,7 +27191,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4289,/"line_end/":4367,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/process@v7.1.3", @@ -23919,10 +27235,6 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:is-dev", "value": "true" }, - { - "name": "datadog:is-direct", - "value": "true" - }, { "name": "datadog:package-manager", "value": "Composer" @@ -23931,7 +27243,7 @@ No package sources found. Use the 'parsers list' command to view supported lockf "evidence": { "occurrences": [ { - "location": "{/"block/":{/"file_name/":/"composer/composer.json/",/"line_start/":70,/"line_end/":70,/"column_start/":5,/"column_end/":46,/"role/":/"manifest/"},/"name/":{/"file_name/":/"composer/composer.json/",/"line_start/":70,/"line_end/":70,/"column_start/":6,/"column_end/":37,/"role/":/"manifest/"},/"version/":{/"file_name/":/"composer/composer.json/",/"line_start/":70,/"line_end/":70,/"column_start/":41,/"column_end/":45,/"role/":/"manifest/"}}" + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8439,/"line_end/":8521,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" } ] } @@ -23971,7 +27283,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4510,/"line_end/":4592,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/string@v7.1.3", @@ -23984,7 +27303,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4593,/"line_end/":4679,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/translation-contracts@v3.5.0", @@ -23997,7 +27323,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4774,/"line_end/":4851,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/translation@v7.1.3", @@ -24010,7 +27343,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4680,/"line_end/":4773,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/uid@v7.1.1", @@ -24075,7 +27415,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8522,/"line_end/":8597,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/theseer/tokenizer@1.2.3", @@ -24092,7 +27439,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8598,/"line_end/":8647,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:composer/tijsverkoyen/css-to-inline-styles@v2.2.7", @@ -24177,7 +27531,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5220,/"line_end/":5277,/"column_start/":9,/"column_end/":10,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:conan/zlib@1.2.11", @@ -24190,7 +27551,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Conan" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"conan.lock/",/"line_start/":13,/"line_end/":19,/"column_start/":7,/"column_end/":8}}" + } + ] + } }, { "bom-ref": "pkg:gem/RedCloth@4.2.9", @@ -24227,7 +27595,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":6,/"line_end/":6,/"column_start/":1,/"column_end/":24,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/actionmailbox@7.1.2", @@ -24240,7 +27615,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":12,/"line_end/":12,/"column_start/":1,/"column_end/":26,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/actionmailer@7.1.2", @@ -24253,7 +27635,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":22,/"line_end/":22,/"column_start/":1,/"column_end/":25,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/actionpack@7.1.2", @@ -24266,7 +27655,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":32,/"line_end/":32,/"column_start/":1,/"column_end/":23,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/actiontext@7.1.2", @@ -24279,7 +27675,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":42,/"line_end/":42,/"column_start/":1,/"column_end/":23,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/actionview@7.1.2", @@ -24292,7 +27695,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":49,/"line_end/":49,/"column_start/":1,/"column_end/":23,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/activejob@7.1.2", @@ -24305,7 +27715,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":55,/"line_end/":55,/"column_start/":1,/"column_end/":22,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/activemodel@7.1.2", @@ -24318,10 +27735,17 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] - }, - { - "bom-ref": "pkg:gem/activerecord@7.1.2", + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":58,/"line_end/":58,/"column_start/":1,/"column_end/":24,/"role/":/"lockfile/"}}" + } + ] + } + }, + { + "bom-ref": "pkg:gem/activerecord@7.1.2", "type": "library", "name": "activerecord", "version": "7.1.2", @@ -24331,7 +27755,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":60,/"line_end/":60,/"column_start/":1,/"column_end/":25,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/activestorage@7.1.2", @@ -24344,7 +27775,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":64,/"line_end/":64,/"column_start/":1,/"column_end/":26,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/activesupport@7.1.2", @@ -24357,7 +27795,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":70,/"line_end/":70,/"column_start/":1,/"column_end/":26,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/addressable@2.8.7", @@ -24370,7 +27815,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":107,/"line_end/":107,/"column_start/":1,/"column_end/":24,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/base64@0.2.0", @@ -24383,7 +27835,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":109,/"line_end/":109,/"column_start/":1,/"column_end/":19,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/bigdecimal@3.1.8", @@ -24396,7 +27855,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":110,/"line_end/":110,/"column_start/":1,/"column_end/":23,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/builder@3.3.0", @@ -24409,7 +27875,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":111,/"line_end/":111,/"column_start/":1,/"column_end/":20,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/capybara@3.39.2", @@ -24422,7 +27895,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":112,/"line_end/":112,/"column_start/":1,/"column_end/":22,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/childprocess@5.0.0", @@ -24435,7 +27915,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":121,/"line_end/":121,/"column_start/":1,/"column_end/":25,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/chronic@0.10.2", @@ -24496,7 +27983,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":124,/"line_end/":124,/"column_start/":1,/"column_end/":28,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/connection_pool@2.4.1", @@ -24509,7 +28003,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":125,/"line_end/":125,/"column_start/":1,/"column_end/":28,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/crass@1.0.6", @@ -24522,7 +28023,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":126,/"line_end/":126,/"column_start/":1,/"column_end/":18,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-ci-environment@10.0.1", @@ -24535,7 +28043,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":139,/"line_end/":139,/"column_start/":1,/"column_end/":37,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-core@13.0.3", @@ -24548,7 +28063,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":140,/"line_end/":140,/"column_start/":1,/"column_end/":27,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-cucumber-expressions@17.1.0", @@ -24561,7 +28083,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":144,/"line_end/":144,/"column_start/":1,/"column_end/":43,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-gherkin@27.0.0", @@ -24574,7 +28103,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":146,/"line_end/":146,/"column_start/":1,/"column_end/":30,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-html-formatter@21.4.1", @@ -24587,7 +28123,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":148,/"line_end/":148,/"column_start/":1,/"column_end/":37,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-messages@22.0.0", @@ -24600,7 +28143,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":150,/"line_end/":150,/"column_start/":1,/"column_end/":31,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-rails@1.4.0", @@ -24641,7 +28191,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":156,/"line_end/":156,/"column_start/":1,/"column_end/":37,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-websteps@0.10.0", @@ -24682,7 +28239,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":127,/"line_end/":127,/"column_start/":1,/"column_end/":21,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/database_cleaner-active_record@2.2.0", @@ -24695,7 +28259,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":163,/"line_end/":163,/"column_start/":1,/"column_end/":43,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/database_cleaner-core@2.0.1", @@ -24708,7 +28279,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":166,/"line_end/":166,/"column_start/":1,/"column_end/":34,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/database_cleaner@2.0.2", @@ -24749,7 +28327,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":167,/"line_end/":167,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/diff-lcs@1.5.1", @@ -24762,7 +28347,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":168,/"line_end/":168,/"column_start/":1,/"column_end/":21,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/drb@2.2.1", @@ -24775,7 +28367,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":169,/"line_end/":169,/"column_start/":1,/"column_end/":16,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/erubi@1.13.0", @@ -24788,7 +28387,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":170,/"line_end/":170,/"column_start/":1,/"column_end/":19,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/factory_girl@4.9.0", @@ -24829,7 +28435,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":173,/"line_end/":173,/"column_start/":1,/"column_end/":30,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/globalid@1.2.1", @@ -24842,7 +28455,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":174,/"line_end/":174,/"column_start/":1,/"column_end/":21,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/i18n@1.14.5", @@ -24855,7 +28475,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":176,/"line_end/":176,/"column_start/":1,/"column_end/":18,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/io-console@0.7.2", @@ -24868,7 +28495,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":178,/"line_end/":178,/"column_start/":1,/"column_end/":23,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/irb@1.14.0", @@ -24881,12 +28515,19 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] - }, - { - "bom-ref": "pkg:gem/jquery-rails@4.6.0", - "type": "library", - "name": "jquery-rails", + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":179,/"line_end/":179,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } + }, + { + "bom-ref": "pkg:gem/jquery-rails@4.6.0", + "type": "library", + "name": "jquery-rails", "version": "4.6.0", "purl": "pkg:gem/jquery-rails@4.6.0", "properties": [ @@ -24918,7 +28559,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":186,/"line_end/":186,/"column_start/":1,/"column_end/":20,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/loofah@2.22.0", @@ -24931,7 +28579,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":189,/"line_end/":189,/"column_start/":1,/"column_end/":20,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/mail@2.8.1", @@ -24944,7 +28599,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":192,/"line_end/":192,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/marcel@1.0.4", @@ -24957,7 +28619,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":197,/"line_end/":197,/"column_start/":1,/"column_end/":19,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/matrix@0.4.2", @@ -24970,7 +28639,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":198,/"line_end/":198,/"column_start/":1,/"column_end/":19,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/mini_mime@1.1.5", @@ -24983,7 +28659,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":199,/"line_end/":199,/"column_start/":1,/"column_end/":22,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/mini_portile2@2.8.7", @@ -24996,7 +28679,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":200,/"line_end/":200,/"column_start/":1,/"column_end/":26,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/minitest@5.24.1", @@ -25009,7 +28699,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":201,/"line_end/":201,/"column_start/":1,/"column_end/":22,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/multi_test@1.1.0", @@ -25022,7 +28719,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":202,/"line_end/":202,/"column_start/":1,/"column_end/":23,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/mutex_m@0.2.0", @@ -25035,7 +28739,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":203,/"line_end/":203,/"column_start/":1,/"column_end/":20,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/net-imap@0.4.14", @@ -25048,7 +28759,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":204,/"line_end/":204,/"column_start/":1,/"column_end/":22,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/net-pop@0.1.2", @@ -25061,7 +28779,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":207,/"line_end/":207,/"column_start/":1,/"column_end/":20,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/net-protocol@0.2.2", @@ -25074,7 +28799,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":209,/"line_end/":209,/"column_start/":1,/"column_end/":25,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/net-smtp@0.5.0", @@ -25087,7 +28819,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":211,/"line_end/":211,/"column_start/":1,/"column_end/":21,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/nio4r@2.7.3", @@ -25100,7 +28839,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":213,/"line_end/":213,/"column_start/":1,/"column_end/":18,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/nokogiri@1.15.6", @@ -25113,7 +28859,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":214,/"line_end/":214,/"column_start/":1,/"column_end/":35,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/psych@5.1.2", @@ -25126,7 +28879,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":216,/"line_end/":216,/"column_start/":1,/"column_end/":18,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/public_suffix@5.1.1", @@ -25139,7 +28899,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":218,/"line_end/":218,/"column_start/":1,/"column_end/":26,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/racc@1.8.1", @@ -25152,7 +28919,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":219,/"line_end/":219,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rack-openid@1.4.2", @@ -25189,7 +28963,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":224,/"line_end/":224,/"column_start/":1,/"column_end/":25,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rack-test@2.1.0", @@ -25202,7 +28983,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":226,/"line_end/":226,/"column_start/":1,/"column_end/":22,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rack@3.1.7", @@ -25215,7 +29003,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":220,/"line_end/":220,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rackup@2.1.0", @@ -25228,7 +29023,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":228,/"line_end/":228,/"column_start/":1,/"column_end/":19,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rails-dom-testing@2.2.0", @@ -25241,7 +29043,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":231,/"line_end/":231,/"column_start/":1,/"column_end/":30,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rails-html-sanitizer@1.6.0", @@ -25254,7 +29063,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":235,/"line_end/":235,/"column_start/":1,/"column_end/":33,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rails@7.1.2", @@ -25291,7 +29107,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":94,/"line_end/":94,/"column_start/":1,/"column_end/":21,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rake@13.2.1", @@ -25304,7 +29127,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":238,/"line_end/":238,/"column_start/":1,/"column_end/":18,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rdoc@6.7.0", @@ -25317,7 +29147,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":239,/"line_end/":239,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/regexp_parser@2.9.2", @@ -25330,7 +29167,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":241,/"line_end/":241,/"column_start/":1,/"column_end/":26,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/reline@0.5.9", @@ -25343,7 +29187,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":242,/"line_end/":242,/"column_start/":1,/"column_end/":19,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec-activemodel-mocks@1.2.0", @@ -25412,10 +29263,17 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] - }, - { - "bom-ref": "pkg:gem/rspec-expectations@3.13.1", + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":254,/"line_end/":254,/"column_start/":1,/"column_end/":24,/"role/":/"lockfile/"}}" + } + ] + } + }, + { + "bom-ref": "pkg:gem/rspec-expectations@3.13.1", "type": "library", "name": "rspec-expectations", "version": "3.13.1", @@ -25425,7 +29283,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":256,/"line_end/":256,/"column_start/":1,/"column_end/":32,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec-mocks@3.13.1", @@ -25438,7 +29303,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":259,/"line_end/":259,/"column_start/":1,/"column_end/":25,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec-support@3.13.1", @@ -25451,7 +29323,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":262,/"line_end/":262,/"column_start/":1,/"column_end/":27,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec@3.13.0", @@ -25540,7 +29419,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":266,/"line_end/":266,/"column_start/":1,/"column_end/":21,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/sys-uname@1.3.0", @@ -25553,7 +29439,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":267,/"line_end/":267,/"column_start/":1,/"column_end/":22,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/thor@1.3.1", @@ -25566,7 +29459,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":269,/"line_end/":269,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/timeout@0.4.1", @@ -25579,7 +29479,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":270,/"line_end/":270,/"column_start/":1,/"column_end/":20,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/tzinfo@2.0.6", @@ -25592,7 +29499,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":271,/"line_end/":271,/"column_start/":1,/"column_end/":19,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/webrick@1.8.1", @@ -25605,7 +29519,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":273,/"line_end/":273,/"column_start/":1,/"column_end/":20,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/websocket-driver@0.7.6", @@ -25618,7 +29539,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":274,/"line_end/":274,/"column_start/":1,/"column_end/":29,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/websocket-extensions@0.1.5", @@ -25631,7 +29559,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":276,/"line_end/":276,/"column_start/":1,/"column_end/":33,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/will_paginate@3.0.12", @@ -25668,7 +29603,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":278,/"line_end/":278,/"column_start/":1,/"column_end/":18,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/zeitwerk@2.6.17", @@ -25681,7 +29623,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":280,/"line_end/":280,/"column_start/":1,/"column_end/":22,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:golang/github.com/BurntSushi/toml@1.0.0", @@ -25742,7 +29691,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Hex" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"mix.lock/",/"line_start/":2,/"line_end/":2,/"column_start/":1,/"column_end/":421}}" + } + ] + } }, { "bom-ref": "pkg:maven/com.google.code.findbugs/jsr305@3.0.2", @@ -25843,7 +29799,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Gradle" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"gradle-groovy/gradle.lockfile/",/"line_start/":5,/"line_end/":5,/"column_start/":1,/"column_end/":73,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:maven/org.hamcrest/hamcrest-core@1.3", @@ -25860,7 +29823,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Gradle" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"gradle-kotlin/gradle.lockfile/",/"line_start/":5,/"line_end/":5,/"column_start/":1,/"column_end/":73,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-test", @@ -26055,7 +30025,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pnpm" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-9/pnpm-lock.yaml/",/"line_start/":35,/"line_end/":42,/"column_start/":3,/"column_end/":23,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/lodash@4.17.20", @@ -26072,7 +30049,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pnpm" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-9/pnpm-lock.yaml/",/"line_start/":44,/"line_end/":45,/"column_start/":3,/"column_end/":125,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/ms@2.0.0", @@ -26089,7 +30073,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pnpm" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-9/pnpm-lock.yaml/",/"line_start/":47,/"line_end/":48,/"column_start/":3,/"column_end/":125,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/ms@2.1.2", @@ -26106,7 +30097,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pnpm" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-9/pnpm-lock.yaml/",/"line_start/":50,/"line_end/":51,/"column_start/":3,/"column_end/":125,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/ms@2.1.3", @@ -26311,7 +30309,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pub" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pubspec.lock/",/"line_start/":4,/"line_end/":10,/"column_start/":3,/"column_end/":21}}" + } + ] + } }, { "bom-ref": "pkg:pypi/beautifulsoup4@4.9.3", @@ -26773,7 +30778,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer.lock/",/"line_start/":9,/"line_end/":39,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:gem/ast@2.4.2", @@ -26790,7 +30802,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":4,/"line_end/":4,/"column_start/":1,/"column_end/":16,/"role/":/"lockfile/"}}" + } + ] + } } ] } @@ -26831,7 +30850,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":5,/"line_end/":10,/"column_start/":1,/"column_end/":33,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40eslint-community%2Fregexpp@4.12.1", @@ -26844,7 +30870,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":12,/"line_end/":15,/"column_start/":1,/"column_end/":108,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40nodelib%2Ffs.scandir@2.1.5", @@ -26857,7 +30890,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":17,/"line_end/":23,/"column_start/":1,/"column_end/":26,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40nodelib%2Ffs.stat@2.0.5", @@ -26870,7 +30910,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":25,/"line_end/":28,/"column_start/":1,/"column_end/":108,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40nodelib%2Ffs.walk@1.2.8", @@ -26883,7 +30930,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":30,/"line_end/":36,/"column_start/":1,/"column_end/":19,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40types%2Fjson-schema@7.0.15", @@ -26896,7 +30950,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":38,/"line_end/":41,/"column_start/":1,/"column_end/":108,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40types%2Fsemver@7.5.8", @@ -26909,7 +30970,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":43,/"line_end/":46,/"column_start/":1,/"column_end/":108,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Feslint-plugin@5.62.0", @@ -26946,12 +31014,19 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] - }, - { - "bom-ref": "pkg:npm/%40typescript-eslint%2Ftype-utils@5.62.0", - "type": "library", - "name": "@typescript-eslint/type-utils", + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":64,/"line_end/":70,/"column_start/":1,/"column_end/":47,/"role/":/"lockfile/"}}" + } + ] + } + }, + { + "bom-ref": "pkg:npm/%40typescript-eslint%2Ftype-utils@5.62.0", + "type": "library", + "name": "@typescript-eslint/type-utils", "version": "5.62.0", "purl": "pkg:npm/%40typescript-eslint%2Ftype-utils@5.62.0", "properties": [ @@ -26959,7 +31034,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":72,/"line_end/":80,/"column_start/":1,/"column_end/":22,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Ftypes@5.62.0", @@ -26972,7 +31054,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":82,/"line_end/":85,/"column_start/":1,/"column_end/":108,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Ftypescript-estree@5.62.0", @@ -26985,7 +31074,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":87,/"line_end/":98,/"column_start/":1,/"column_end/":22,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Futils@5.62.0", @@ -26998,7 +31094,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":100,/"line_end/":112,/"column_start/":1,/"column_end/":20,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Fvisitor-keys@5.62.0", @@ -27011,7 +31114,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":114,/"line_end/":120,/"column_start/":1,/"column_end/":33,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/array-union@2.1.0", @@ -27024,7 +31134,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":122,/"line_end/":125,/"column_start/":1,/"column_end/":108,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/braces@3.0.3", @@ -27037,7 +31154,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":127,/"line_end/":132,/"column_start/":1,/"column_end/":24,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/debug@4.4.0", @@ -27059,6 +31183,9 @@ No package sources found. Use the 'parsers list' command to view supported lockf "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package.json/",/"line_start/":11,/"line_end/":11,/"column_start/":9,/"column_end/":25,/"role/":/"manifest/"},/"name/":{/"file_name/":/"package.json/",/"line_start/":11,/"line_end/":11,/"column_start/":10,/"column_end/":15,/"role/":/"manifest/"},/"version/":{/"file_name/":/"package.json/",/"line_start/":11,/"line_end/":11,/"column_start/":19,/"column_end/":24,/"role/":/"manifest/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":134,/"line_end/":139,/"column_start/":1,/"column_end/":16,/"role/":/"lockfile/"}}" } ] } @@ -27074,7 +31201,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":141,/"line_end/":146,/"column_start/":1,/"column_end/":23,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/eslint-scope@5.1.1", @@ -27087,7 +31221,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":148,/"line_end/":154,/"column_start/":1,/"column_end/":24,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/eslint-visitor-keys@3.4.3", @@ -27100,7 +31241,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":156,/"line_end/":159,/"column_start/":1,/"column_end/":108,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/esrecurse@4.3.0", @@ -27113,7 +31261,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":161,/"line_end/":166,/"column_start/":1,/"column_end/":24,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/estraverse@4.3.0", @@ -27126,7 +31281,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":168,/"line_end/":171,/"column_start/":1,/"column_end/":108,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/estraverse@5.3.0", @@ -27139,7 +31301,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":173,/"line_end/":176,/"column_start/":1,/"column_end/":108,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/fast-glob@3.3.2", @@ -27152,7 +31321,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":178,/"line_end/":187,/"column_start/":1,/"column_end/":24,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/fastq@1.18.0", @@ -27165,7 +31341,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":189,/"line_end/":194,/"column_start/":1,/"column_end/":21,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/fill-range@7.1.1", @@ -27178,7 +31361,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":196,/"line_end/":201,/"column_start/":1,/"column_end/":28,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/glob-parent@5.1.2", @@ -27191,7 +31381,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":203,/"line_end/":208,/"column_start/":1,/"column_end/":21,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/globby@11.1.0", @@ -27204,7 +31401,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":210,/"line_end/":220,/"column_start/":1,/"column_end/":19,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/graphemer@1.4.0", @@ -27217,7 +31421,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":222,/"line_end/":225,/"column_start/":1,/"column_end/":108,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/ignore@5.3.2", @@ -27230,7 +31441,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":227,/"line_end/":230,/"column_start/":1,/"column_end/":108,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/is-extglob@2.1.1", @@ -27243,7 +31461,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":232,/"line_end/":235,/"column_start/":1,/"column_end/":108,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/is-glob@4.0.3", @@ -27256,7 +31481,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":237,/"line_end/":242,/"column_start/":1,/"column_end/":24,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/is-number@7.0.0", @@ -27269,7 +31501,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":244,/"line_end/":247,/"column_start/":1,/"column_end/":108,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/merge2@1.4.1", @@ -27282,7 +31521,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":249,/"line_end/":252,/"column_start/":1,/"column_end/":108,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/micromatch@4.0.8", @@ -27295,7 +31541,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":254,/"line_end/":260,/"column_start/":1,/"column_end/":23,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/ms@2.1.3", @@ -27308,7 +31561,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":262,/"line_end/":265,/"column_start/":1,/"column_end/":108,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/natural-compare-lite@1.4.0", @@ -27321,7 +31581,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":267,/"line_end/":270,/"column_start/":1,/"column_end/":108,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/path-type@4.0.0", @@ -27334,7 +31601,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":272,/"line_end/":275,/"column_start/":1,/"column_end/":108,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/picomatch@2.3.1", @@ -27347,7 +31621,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":277,/"line_end/":280,/"column_start/":1,/"column_end/":108,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/queue-microtask@1.2.3", @@ -27360,7 +31641,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":282,/"line_end/":285,/"column_start/":1,/"column_end/":108,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/reusify@1.0.4", @@ -27373,7 +31661,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":287,/"line_end/":290,/"column_start/":1,/"column_end/":108,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/run-parallel@1.2.0", @@ -27386,7 +31681,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":292,/"line_end/":297,/"column_start/":1,/"column_end/":29,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/semver@7.6.3", @@ -27399,7 +31701,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":299,/"line_end/":302,/"column_start/":1,/"column_end/":108,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/slash@3.0.0", @@ -27412,7 +31721,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":304,/"line_end/":307,/"column_start/":1,/"column_end/":108,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/to-regex-range@5.0.1", @@ -27425,7 +31741,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":309,/"line_end/":314,/"column_start/":1,/"column_end/":23,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/tslib@1.14.1", @@ -27438,7 +31761,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":316,/"line_end/":319,/"column_start/":1,/"column_end/":108,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/tsutils@3.21.0", @@ -27451,7 +31781,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":321,/"line_end/":326,/"column_start/":1,/"column_end/":19,/"role/":/"lockfile/"}}" + } + ] + } } ] } @@ -27492,7 +31829,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":8,/"line_end/":17,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40eslint-community%2Fregexpp@4.12.1", @@ -27505,7 +31849,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":19,/"line_end/":24,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40nodelib%2Ffs.scandir@2.1.5", @@ -27518,7 +31869,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":26,/"line_end/":34,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40nodelib%2Ffs.stat@2.0.5", @@ -27531,7 +31889,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":36,/"line_end/":41,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40nodelib%2Ffs.walk@1.2.8", @@ -27544,7 +31909,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":43,/"line_end/":51,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40types%2Fjson-schema@7.0.15", @@ -27557,7 +31929,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":53,/"line_end/":58,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40types%2Fsemver@7.5.8", @@ -27570,7 +31949,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":60,/"line_end/":65,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Feslint-plugin@5.62.0", @@ -27607,7 +31993,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":91,/"line_end/":99,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Ftype-utils@5.62.0", @@ -27620,7 +32013,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":101,/"line_end/":116,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Ftypes@5.62.0", @@ -27633,7 +32033,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":118,/"line_end/":123,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Ftypescript-estree@5.62.0", @@ -27646,7 +32053,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":125,/"line_end/":141,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Futils@5.62.0", @@ -27659,7 +32073,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":143,/"line_end/":159,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Fvisitor-keys@5.62.0", @@ -27672,7 +32093,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":161,/"line_end/":169,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/array-union@2.1.0", @@ -27685,7 +32113,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":171,/"line_end/":176,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/braces@3.0.3", @@ -27698,7 +32133,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":178,/"line_end/":185,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/debug@4.4.0", @@ -27720,6 +32162,9 @@ No package sources found. Use the 'parsers list' command to view supported lockf "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package.json/",/"line_start/":11,/"line_end/":11,/"column_start/":9,/"column_end/":25,/"role/":/"manifest/"},/"name/":{/"file_name/":/"package.json/",/"line_start/":11,/"line_end/":11,/"column_start/":10,/"column_end/":15,/"role/":/"manifest/"},/"version/":{/"file_name/":/"package.json/",/"line_start/":11,/"line_end/":11,/"column_start/":19,/"column_end/":24,/"role/":/"manifest/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":187,/"line_end/":197,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" } ] } @@ -27735,7 +32180,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":199,/"line_end/":206,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/eslint-scope@5.1.1", @@ -27748,7 +32200,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":208,/"line_end/":216,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/eslint-visitor-keys@3.4.3", @@ -27761,7 +32220,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":218,/"line_end/":223,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/esrecurse@4.3.0", @@ -27774,7 +32240,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":225,/"line_end/":232,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/estraverse@4.3.0", @@ -27787,7 +32260,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":234,/"line_end/":239,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/estraverse@5.3.0", @@ -27800,7 +32280,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":241,/"line_end/":246,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/fast-glob@3.3.2", @@ -27813,7 +32300,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":248,/"line_end/":259,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/fastq@1.18.0", @@ -27826,7 +32320,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":261,/"line_end/":268,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/fill-range@7.1.1", @@ -27839,7 +32340,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":270,/"line_end/":277,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/glob-parent@5.1.2", @@ -27852,7 +32360,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":279,/"line_end/":286,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/globby@11.1.0", @@ -27865,7 +32380,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":288,/"line_end/":300,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/graphemer@1.4.0", @@ -27878,7 +32400,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":302,/"line_end/":307,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/ignore@5.3.2", @@ -27891,7 +32420,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":309,/"line_end/":314,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/is-extglob@2.1.1", @@ -27904,7 +32440,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":316,/"line_end/":321,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/is-glob@4.0.3", @@ -27917,7 +32460,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":323,/"line_end/":330,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/is-number@7.0.0", @@ -27930,7 +32480,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":332,/"line_end/":337,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/merge2@1.4.1", @@ -27943,7 +32500,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":339,/"line_end/":344,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/micromatch@4.0.8", @@ -27956,7 +32520,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":346,/"line_end/":354,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/ms@2.1.3", @@ -27969,7 +32540,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":356,/"line_end/":361,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/natural-compare-lite@1.4.0", @@ -27982,7 +32560,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":363,/"line_end/":368,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/path-type@4.0.0", @@ -27995,7 +32580,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":370,/"line_end/":375,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/picomatch@2.3.1", @@ -28008,7 +32600,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":377,/"line_end/":382,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/queue-microtask@1.2.3", @@ -28021,7 +32620,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":384,/"line_end/":389,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/reusify@1.0.4", @@ -28034,7 +32640,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":391,/"line_end/":396,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/run-parallel@1.2.0", @@ -28047,7 +32660,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":398,/"line_end/":405,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/semver@7.6.3", @@ -28060,7 +32680,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":407,/"line_end/":414,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/slash@3.0.0", @@ -28073,7 +32700,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":416,/"line_end/":421,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/to-regex-range@5.0.1", @@ -28086,7 +32720,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":432,/"line_end/":439,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/tslib@1.14.1", @@ -28099,7 +32740,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":441,/"line_end/":446,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/tsutils@3.21.0", @@ -28112,7 +32760,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":448,/"line_end/":457,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } } ] } @@ -28153,7 +32808,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":8,/"line_end/":17,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40eslint-community%2Fregexpp@4.12.1", @@ -28166,7 +32828,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":19,/"line_end/":24,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40nodelib%2Ffs.scandir@2.1.5", @@ -28179,7 +32848,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":26,/"line_end/":34,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40nodelib%2Ffs.stat@2.0.5", @@ -28192,7 +32868,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":36,/"line_end/":41,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40nodelib%2Ffs.walk@1.2.8", @@ -28205,7 +32888,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":43,/"line_end/":51,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40types%2Fjson-schema@7.0.15", @@ -28218,7 +32908,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":53,/"line_end/":58,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40types%2Fsemver@7.5.8", @@ -28231,7 +32928,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":60,/"line_end/":65,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Feslint-plugin@5.62.0", @@ -28268,7 +32972,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":91,/"line_end/":99,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Ftype-utils@5.62.0", @@ -28281,7 +32992,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":101,/"line_end/":116,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Ftypes@5.62.0", @@ -28294,7 +33012,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":118,/"line_end/":123,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Ftypescript-estree@5.62.0", @@ -28307,7 +33032,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":125,/"line_end/":141,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Futils@5.62.0", @@ -28320,7 +33052,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":143,/"line_end/":159,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Fvisitor-keys@5.62.0", @@ -28333,7 +33072,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":161,/"line_end/":169,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/array-union@2.1.0", @@ -28346,7 +33092,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":171,/"line_end/":176,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/braces@3.0.3", @@ -28359,7 +33112,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":178,/"line_end/":185,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/debug@4.4.0", @@ -28381,6 +33141,9 @@ No package sources found. Use the 'parsers list' command to view supported lockf "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package.json/",/"line_start/":11,/"line_end/":11,/"column_start/":9,/"column_end/":25,/"role/":/"manifest/"},/"name/":{/"file_name/":/"package.json/",/"line_start/":11,/"line_end/":11,/"column_start/":10,/"column_end/":15,/"role/":/"manifest/"},/"version/":{/"file_name/":/"package.json/",/"line_start/":11,/"line_end/":11,/"column_start/":19,/"column_end/":24,/"role/":/"manifest/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":187,/"line_end/":197,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" } ] } @@ -28396,7 +33159,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":199,/"line_end/":206,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/eslint-scope@5.1.1", @@ -28409,7 +33179,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":208,/"line_end/":216,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/eslint-visitor-keys@3.4.3", @@ -28422,7 +33199,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":218,/"line_end/":223,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/esrecurse@4.3.0", @@ -28435,7 +33219,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":225,/"line_end/":232,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/estraverse@4.3.0", @@ -28448,7 +33239,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":234,/"line_end/":239,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/estraverse@5.3.0", @@ -28461,7 +33259,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":241,/"line_end/":246,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/fast-glob@3.3.2", @@ -28474,7 +33279,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":248,/"line_end/":259,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/fastq@1.18.0", @@ -28487,7 +33299,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":261,/"line_end/":268,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/fill-range@7.1.1", @@ -28500,7 +33319,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":270,/"line_end/":277,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/glob-parent@5.1.2", @@ -28513,7 +33339,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":279,/"line_end/":286,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/globby@11.1.0", @@ -28526,7 +33359,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":288,/"line_end/":300,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/graphemer@1.4.0", @@ -28539,7 +33379,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":302,/"line_end/":307,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/ignore@5.3.2", @@ -28552,7 +33399,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":309,/"line_end/":314,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/is-extglob@2.1.1", @@ -28565,7 +33419,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":316,/"line_end/":321,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/is-glob@4.0.3", @@ -28578,7 +33439,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":323,/"line_end/":330,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/is-number@7.0.0", @@ -28591,7 +33459,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":332,/"line_end/":337,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/merge2@1.4.1", @@ -28604,7 +33479,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":339,/"line_end/":344,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/micromatch@4.0.8", @@ -28617,7 +33499,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":346,/"line_end/":354,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/ms@2.1.3", @@ -28630,7 +33519,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":356,/"line_end/":361,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/natural-compare-lite@1.4.0", @@ -28643,7 +33539,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":363,/"line_end/":368,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/path-type@4.0.0", @@ -28656,7 +33559,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":370,/"line_end/":375,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/picomatch@2.3.1", @@ -28669,7 +33579,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":377,/"line_end/":382,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/queue-microtask@1.2.3", @@ -28682,7 +33599,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":384,/"line_end/":389,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/reusify@1.0.4", @@ -28695,7 +33619,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":391,/"line_end/":396,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/run-parallel@1.2.0", @@ -28708,7 +33639,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":398,/"line_end/":405,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/semver@7.6.3", @@ -28721,7 +33659,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":407,/"line_end/":414,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/slash@3.0.0", @@ -28734,7 +33679,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":416,/"line_end/":421,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/to-regex-range@5.0.1", @@ -28747,7 +33699,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":432,/"line_end/":439,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/tslib@1.14.1", @@ -28760,7 +33719,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":441,/"line_end/":446,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } }, { "bom-ref": "pkg:npm/tsutils@3.21.0", @@ -28773,7 +33739,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":448,/"line_end/":457,/"column_start/":1,/"column_end/":17,/"role/":/"lockfile/"}}" + } + ] + } } ] } diff --git a/pkg/lockfile/cpp/parse-conan-lock-v1-revisions_test.go b/pkg/lockfile/cpp/parse-conan-lock-v1-revisions_test.go index ff47241a..f8b1862a 100644 --- a/pkg/lockfile/cpp/parse-conan-lock-v1-revisions_test.go +++ b/pkg/lockfile/cpp/parse-conan-lock-v1-revisions_test.go @@ -2,8 +2,11 @@ package cpp_test import ( "io/fs" + "path/filepath" "testing" + "github.com/stretchr/testify/assert" + "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/cpp" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/internal/testutil" @@ -49,7 +52,7 @@ func TestParseConanLock_v1_revisions_OnePackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.11", @@ -68,7 +71,7 @@ func TestParseConanLock_v1_revisions_NoName(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.11", @@ -87,7 +90,7 @@ func TestParseConanLock_v1_revisions_TwoPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.11", @@ -112,7 +115,7 @@ func TestParseConanLock_v1_revisions_NestedDependencies(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.13", @@ -155,7 +158,7 @@ func TestParseConanLock_v1_revisions_OnePackageDev(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "ninja", Version: "1.11.1", @@ -164,3 +167,39 @@ func TestParseConanLock_v1_revisions_OnePackageDev(t *testing.T) { }, }) } + +func TestParseConanLock_v1_revisions_TwoPackages_BlockLocation(t *testing.T) { + t.Parallel() + + packages, err := cpp.ParseConanLock("../fixtures/conan/two-packages.v1.revisions.json") + + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + packagesByName := make(map[string]lockfile.PackageDetails) + for _, pkg := range packages { + packagesByName[pkg.Name] = pkg + } + + absoluteLockfilePath, err := filepath.Abs("../fixtures/conan/two-packages.v1.revisions.json") + if err != nil { + t.Fatalf("Could not get absolute path: %v", err) + } + + // Node "1": zlib, lines 14-20, column 7-8 + zlibPkg := packagesByName["zlib"] + assert.Equal(t, absoluteLockfilePath, zlibPkg.BlockLocation.Filename) + assert.Equal(t, 14, zlibPkg.BlockLocation.Line.Start) + assert.Equal(t, 20, zlibPkg.BlockLocation.Line.End) + assert.Equal(t, 7, zlibPkg.BlockLocation.Column.Start) + assert.Equal(t, 8, zlibPkg.BlockLocation.Column.End) + + // Node "2": bzip2, lines 21-27, column 7-8 + bzip2Pkg := packagesByName["bzip2"] + assert.Equal(t, absoluteLockfilePath, bzip2Pkg.BlockLocation.Filename) + assert.Equal(t, 21, bzip2Pkg.BlockLocation.Line.Start) + assert.Equal(t, 27, bzip2Pkg.BlockLocation.Line.End) + assert.Equal(t, 7, bzip2Pkg.BlockLocation.Column.Start) + assert.Equal(t, 8, bzip2Pkg.BlockLocation.Column.End) +} diff --git a/pkg/lockfile/cpp/parse-conan-lock-v1_test.go b/pkg/lockfile/cpp/parse-conan-lock-v1_test.go index b825deff..c39660ca 100644 --- a/pkg/lockfile/cpp/parse-conan-lock-v1_test.go +++ b/pkg/lockfile/cpp/parse-conan-lock-v1_test.go @@ -2,8 +2,11 @@ package cpp_test import ( "io/fs" + "path/filepath" "testing" + "github.com/stretchr/testify/assert" + "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/cpp" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/internal/testutil" @@ -49,7 +52,7 @@ func TestParseConanLock_v1_OnePackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.11", @@ -68,7 +71,7 @@ func TestParseConanLock_v1_NoName(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.11", @@ -87,7 +90,7 @@ func TestParseConanLock_v1_TwoPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.11", @@ -112,7 +115,7 @@ func TestParseConanLock_v1_NestedDependencies(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.13", @@ -155,7 +158,7 @@ func TestParseConanLock_v1_OnePackageDev(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "ninja", Version: "1.11.1", @@ -174,7 +177,7 @@ func TestParseConanLock_v1_OldFormat00(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.11", @@ -193,7 +196,7 @@ func TestParseConanLock_v1_OldFormat01(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.11", @@ -212,7 +215,7 @@ func TestParseConanLock_v1_OldFormat02(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.11", @@ -231,7 +234,7 @@ func TestParseConanLock_v1_OldFormat03(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.11", @@ -240,3 +243,39 @@ func TestParseConanLock_v1_OldFormat03(t *testing.T) { }, }) } + +func TestParseConanLock_v1_TwoPackages_BlockLocation(t *testing.T) { + t.Parallel() + + packages, err := cpp.ParseConanLock("../fixtures/conan/two-packages.v1.json") + + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + packagesByName := make(map[string]lockfile.PackageDetails) + for _, pkg := range packages { + packagesByName[pkg.Name] = pkg + } + + absoluteLockfilePath, err := filepath.Abs("../fixtures/conan/two-packages.v1.json") + if err != nil { + t.Fatalf("Could not get absolute path: %v", err) + } + + // Node "1": zlib, lines 14-20, column 7-8 + zlibPkg := packagesByName["zlib"] + assert.Equal(t, absoluteLockfilePath, zlibPkg.BlockLocation.Filename) + assert.Equal(t, 14, zlibPkg.BlockLocation.Line.Start) + assert.Equal(t, 20, zlibPkg.BlockLocation.Line.End) + assert.Equal(t, 7, zlibPkg.BlockLocation.Column.Start) + assert.Equal(t, 8, zlibPkg.BlockLocation.Column.End) + + // Node "2": bzip2, lines 21-27, column 7-8 + bzip2Pkg := packagesByName["bzip2"] + assert.Equal(t, absoluteLockfilePath, bzip2Pkg.BlockLocation.Filename) + assert.Equal(t, 21, bzip2Pkg.BlockLocation.Line.Start) + assert.Equal(t, 27, bzip2Pkg.BlockLocation.Line.End) + assert.Equal(t, 7, bzip2Pkg.BlockLocation.Column.Start) + assert.Equal(t, 8, bzip2Pkg.BlockLocation.Column.End) +} diff --git a/pkg/lockfile/cpp/parse-conan-lock-v2_test.go b/pkg/lockfile/cpp/parse-conan-lock-v2_test.go index 49b950bc..13db01f3 100644 --- a/pkg/lockfile/cpp/parse-conan-lock-v2_test.go +++ b/pkg/lockfile/cpp/parse-conan-lock-v2_test.go @@ -2,8 +2,11 @@ package cpp_test import ( "io/fs" + "path/filepath" "testing" + "github.com/stretchr/testify/assert" + "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/cpp" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/internal/testutil" @@ -49,7 +52,7 @@ func TestParseConanLock_v2_OnePackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.11", @@ -69,7 +72,7 @@ func TestParseConanLock_v2_NoName(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.11", @@ -89,7 +92,7 @@ func TestParseConanLock_v2_TwoPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.11", @@ -116,7 +119,7 @@ func TestParseConanLock_v2_NestedDependencies(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.13", @@ -164,7 +167,7 @@ func TestParseConanLock_v2_OnePackageDev(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "ninja", Version: "1.11.1", @@ -174,3 +177,35 @@ func TestParseConanLock_v2_OnePackageDev(t *testing.T) { }, }) } + +func TestParseConanLock_v2_TwoPackages_BlockLocation(t *testing.T) { + t.Parallel() + + packages, err := cpp.ParseConanLock("../fixtures/conan/two-packages.v2.json") + + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + packagesByName := make(map[string]lockfile.PackageDetails) + for _, pkg := range packages { + packagesByName[pkg.Name] = pkg + } + + absoluteLockfilePath, err := filepath.Abs("../fixtures/conan/two-packages.v2.json") + if err != nil { + t.Fatalf("Could not get absolute path: %v", err) + } + + // zlib on line 4: "zlib/1.2.11#ffa77daf83a57094149707928bdce823%1667396813.184" + zlibPkg := packagesByName["zlib"] + assert.Equal(t, absoluteLockfilePath, zlibPkg.BlockLocation.Filename) + assert.Equal(t, 4, zlibPkg.BlockLocation.Line.Start) + assert.Equal(t, 4, zlibPkg.BlockLocation.Line.End) + + // bzip2 on line 5: "bzip2/1.0.8#464be69744fa6d48ed01928cfe470008%1666580345.213" + bzip2Pkg := packagesByName["bzip2"] + assert.Equal(t, absoluteLockfilePath, bzip2Pkg.BlockLocation.Filename) + assert.Equal(t, 5, bzip2Pkg.BlockLocation.Line.Start) + assert.Equal(t, 5, bzip2Pkg.BlockLocation.Line.End) +} diff --git a/pkg/lockfile/cpp/parse-conan-lock.go b/pkg/lockfile/cpp/parse-conan-lock.go index 541b769a..0c9a21d0 100644 --- a/pkg/lockfile/cpp/parse-conan-lock.go +++ b/pkg/lockfile/cpp/parse-conan-lock.go @@ -1,11 +1,14 @@ package cpp import ( + "bytes" "encoding/json" "fmt" + "io" "path/filepath" "strings" + "github.com/DataDog/datadog-sbom-generator/internal/utility/fileposition" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" ) @@ -103,11 +106,11 @@ func parseConanRenference(ref string) ConanReference { return reference } -func parseConanV1Lock(sourceFile ConanLockFile) []lockfile.PackageDetails { +func parseConanV1Lock(sourceFile ConanLockFile, positions map[string]*models.FilePosition, filePath string) []lockfile.PackageDetails { var reference ConanReference packages := make([]lockfile.PackageDetails, 0, len(sourceFile.GraphLock.Nodes)) - for _, node := range sourceFile.GraphLock.Nodes { + for nodeID, node := range sourceFile.GraphLock.Nodes { if node.Path != "" { // a local "conanfile.txt", skip continue @@ -126,18 +129,27 @@ func parseConanV1Lock(sourceFile ConanLockFile) []lockfile.PackageDetails { if reference.Name == "" { continue } - packages = append(packages, lockfile.PackageDetails{ + + pkg := lockfile.PackageDetails{ Name: reference.Name, Version: reference.Version, PackageManager: conanPackageManager, Ecosystem: models.EcosystemConanCenter, - }) + } + + if pos, ok := positions[nodeID]; ok { + blockLocation := *pos + blockLocation.Filename = filePath + pkg.BlockLocation = blockLocation + } + + packages = append(packages, pkg) } return packages } -func parseConanRequires(packages *[]lockfile.PackageDetails, requires []string, group string) { +func parseConanRequires(packages *[]lockfile.PackageDetails, requires []string, group string, lines []string, filePath string) { for _, ref := range requires { reference := parseConanRenference(ref) // skip entries with no name, they are most likely consumer's conanfiles @@ -146,36 +158,52 @@ func parseConanRequires(packages *[]lockfile.PackageDetails, requires []string, continue } - *packages = append(*packages, lockfile.PackageDetails{ + pkg := lockfile.PackageDetails{ Name: reference.Name, Version: reference.Version, PackageManager: conanPackageManager, Ecosystem: models.EcosystemConanCenter, DepGroups: []string{group}, - }) + } + + // Find the line containing this exact reference string + pos := fileposition.ExtractDelimitedStringPositionInBlock(lines, ref, 1, "\"", "\"") + if pos != nil { + pos.Filename = filePath + pkg.BlockLocation = *pos + } + + *packages = append(*packages, pkg) } } -func parseConanV2Lock(sourceFile ConanLockFile) []lockfile.PackageDetails { +func parseConanV2Lock(sourceFile ConanLockFile, lines []string, filePath string) []lockfile.PackageDetails { packages := make( []lockfile.PackageDetails, 0, uint64(len(sourceFile.Requires))+uint64(len(sourceFile.BuildRequires))+uint64(len(sourceFile.PythonRequires)), ) - parseConanRequires(&packages, sourceFile.Requires, "requires") - parseConanRequires(&packages, sourceFile.BuildRequires, "build-requires") - parseConanRequires(&packages, sourceFile.PythonRequires, "python-requires") + parseConanRequires(&packages, sourceFile.Requires, "requires", lines, filePath) + parseConanRequires(&packages, sourceFile.BuildRequires, "build-requires", lines, filePath) + parseConanRequires(&packages, sourceFile.PythonRequires, "python-requires", lines, filePath) return packages } -func parseConanLock(lockfile ConanLockFile) []lockfile.PackageDetails { +func parseConanLock(lockfile ConanLockFile, lines []string, filePath string) []lockfile.PackageDetails { if lockfile.GraphLock.Nodes != nil { - return parseConanV1Lock(lockfile) + positions := make(map[string]*models.FilePosition, len(lockfile.GraphLock.Nodes)) + for nodeID := range lockfile.GraphLock.Nodes { + positions[nodeID] = &models.FilePosition{} + } + + fileposition.InJSON("nodes", positions, lines, 0) + + return parseConanV1Lock(lockfile, positions, filePath) } - return parseConanV2Lock(lockfile) + return parseConanV2Lock(lockfile, lines, filePath) } type ConanLockExtractor struct{} @@ -195,12 +223,19 @@ func (e ConanLockExtractor) PackageManager() models.PackageManager { func (e ConanLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { var parsedLockfile *ConanLockFile - err := json.NewDecoder(f).Decode(&parsedLockfile) + content, err := io.ReadAll(f) + if err != nil { + return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) + } + + err = json.NewDecoder(bytes.NewReader(content)).Decode(&parsedLockfile) if err != nil { return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) } - return parseConanLock(*parsedLockfile), nil + lines := strings.Split(strings.ReplaceAll(string(content), "\r\n", "\n"), "\n") + + return parseConanLock(*parsedLockfile, lines, f.Path()), nil } var _ lockfile.Extractor = ConanLockExtractor{} diff --git a/pkg/lockfile/dart/parse-pubspec-lock.go b/pkg/lockfile/dart/parse-pubspec-lock.go index 67739d0c..4f5736e8 100644 --- a/pkg/lockfile/dart/parse-pubspec-lock.go +++ b/pkg/lockfile/dart/parse-pubspec-lock.go @@ -1,12 +1,14 @@ package dart import ( + "bytes" "errors" "fmt" "io" "path/filepath" "strings" + "github.com/DataDog/datadog-sbom-generator/internal/utility/fileposition" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" @@ -86,10 +88,108 @@ func (e PubspecLockExtractor) PackageManager() models.PackageManager { return pubsecPackageManager } +// extractPubspecPackagePositions scans YAML lines for package entries under "packages:". +// Package names appear at 2-space indent (e.g. " shelf:"), and their blocks extend +// until the next entry at the same or lesser indent level. +func extractPubspecPackagePositions(lines []string) map[string]models.FilePosition { + positions := make(map[string]models.FilePosition) + + inPackages := false + var currentName string + var startLine int + + for i, line := range lines { + lineNum := i + 1 + + // Detect the "packages:" top-level key + if strings.TrimSpace(line) == "packages:" { + inPackages = true + + continue + } + + if !inPackages { + continue + } + + // Check if we've left the packages section (non-indented, non-empty line) + trimmed := strings.TrimSpace(line) + if trimmed == "" { + continue + } + + // A line with no leading spaces means we've exited the packages block + if len(line) > 0 && line[0] != ' ' { + // Close current package if any + if currentName != "" { + pos := positions[currentName] + pos.Line.End = i // previous line (1-indexed) + pos.Column.End = fileposition.GetLastNonEmptyCharacterIndexInLine(lines[i-1]) + positions[currentName] = pos + currentName = "" + } + + inPackages = false + + continue + } + + // 2-space indent: package name (e.g. " shelf:") + if len(line) >= 3 && line[0] == ' ' && line[1] == ' ' && line[2] != ' ' && strings.HasSuffix(trimmed, ":") { + // Close previous package + if currentName != "" { + pos := positions[currentName] + pos.Line.End = i // previous line (1-indexed) + pos.Column.End = fileposition.GetLastNonEmptyCharacterIndexInLine(lines[i-1]) + positions[currentName] = pos + } + + pkgName := strings.TrimSuffix(trimmed, ":") + currentName = pkgName + startLine = lineNum + + colStart := fileposition.GetFirstNonEmptyCharacterIndexInLine(line) + + positions[currentName] = models.FilePosition{ + Line: models.Position{Start: startLine, End: 0}, // End will be set when block closes + Column: models.Position{Start: colStart, End: 0}, + } + + continue + } + } + + // Close last package if file ended within packages section + if currentName != "" { + pos := positions[currentName] + lastIdx := len(lines) - 1 + // Find last non-empty line + for lastIdx >= 0 && strings.TrimSpace(lines[lastIdx]) == "" { + lastIdx-- + } + + if lastIdx >= 0 { + pos.Line.End = lastIdx + 1 + pos.Column.End = fileposition.GetLastNonEmptyCharacterIndexInLine(lines[lastIdx]) + } else { + pos.Line.End = pos.Line.Start + } + + positions[currentName] = pos + } + + return positions +} + func (e PubspecLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { var parsedLockfile *PubspecLockfile - err := yaml.NewDecoder(f).Decode(&parsedLockfile) + content, err := io.ReadAll(f) + if err != nil { + return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) + } + + err = yaml.NewDecoder(bytes.NewReader(content)).Decode(&parsedLockfile) if err != nil && !errors.Is(err, io.EOF) { return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) @@ -98,6 +198,9 @@ func (e PubspecLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanC return []lockfile.PackageDetails{}, nil } + lines := fileposition.BytesToLines(content) + positions := extractPubspecPackagePositions(lines) + packages := make([]lockfile.PackageDetails, 0, len(parsedLockfile.Packages)) for name, pkg := range parsedLockfile.Packages { @@ -114,6 +217,12 @@ func (e PubspecLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanC break } } + + if pos, ok := positions[name]; ok { + pos.Filename = f.Path() + pkgDetails.BlockLocation = pos + } + packages = append(packages, pkgDetails) } diff --git a/pkg/lockfile/dart/parse-pubspec-lock_test.go b/pkg/lockfile/dart/parse-pubspec-lock_test.go index 1d550b40..3042a1b2 100644 --- a/pkg/lockfile/dart/parse-pubspec-lock_test.go +++ b/pkg/lockfile/dart/parse-pubspec-lock_test.go @@ -2,8 +2,11 @@ package dart_test import ( "io/fs" + "path/filepath" "testing" + "github.com/stretchr/testify/assert" + "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/dart" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/internal/testutil" @@ -112,7 +115,7 @@ func TestParsePubspecLock_OnePackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "back_button_interceptor", Version: "6.0.1", @@ -131,7 +134,7 @@ func TestParsePubspecLock_OnePackageDev(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "build_runner", Version: "2.2.1", @@ -151,7 +154,7 @@ func TestParsePubspecLock_TwoPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "shelf", Version: "1.3.2", @@ -176,7 +179,7 @@ func TestParsePubspecLock_MixedPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "back_button_interceptor", Version: "6.0.1", @@ -214,7 +217,7 @@ func TestParsePubspecLock_PackageWithGitSource(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "flutter_rust_bridge", Version: "1.32.0", @@ -262,7 +265,7 @@ func TestParsePubspecLock_PackageWithSdkSource(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "flutter_web_plugins", Version: "0.0.0", @@ -282,7 +285,7 @@ func TestParsePubspecLock_PackageWithPathSource(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "maa_core", Version: "0.0.1", @@ -292,3 +295,35 @@ func TestParsePubspecLock_PackageWithPathSource(t *testing.T) { }, }) } + +func TestParsePubspecLock_TwoPackages_BlockLocation(t *testing.T) { + t.Parallel() + + packages, err := dart.ParsePubspecLock("../fixtures/pub/two-packages.lock") + + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + packagesByName := make(map[string]lockfile.PackageDetails) + for _, pkg := range packages { + packagesByName[pkg.Name] = pkg + } + + absoluteLockfilePath, err := filepath.Abs("../fixtures/pub/two-packages.lock") + if err != nil { + t.Fatalf("Could not get absolute path: %v", err) + } + + // shelf: lines 4-10 + shelfPkg := packagesByName["shelf"] + assert.Equal(t, absoluteLockfilePath, shelfPkg.BlockLocation.Filename) + assert.Equal(t, 4, shelfPkg.BlockLocation.Line.Start) + assert.Equal(t, 10, shelfPkg.BlockLocation.Line.End) + + // shelf_web_socket: lines 11-17 + swsPkg := packagesByName["shelf_web_socket"] + assert.Equal(t, absoluteLockfilePath, swsPkg.BlockLocation.Filename) + assert.Equal(t, 11, swsPkg.BlockLocation.Line.Start) + assert.Equal(t, 17, swsPkg.BlockLocation.Line.End) +} diff --git a/pkg/lockfile/dotnet/parse-nuget-lock-v1_test.go b/pkg/lockfile/dotnet/parse-nuget-lock-v1_test.go index 1bd11ede..7e45ebce 100644 --- a/pkg/lockfile/dotnet/parse-nuget-lock-v1_test.go +++ b/pkg/lockfile/dotnet/parse-nuget-lock-v1_test.go @@ -55,7 +55,7 @@ func TestParseNuGetLock_v1_OneFramework_OnePackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "Test.Core", Version: "6.0.5", @@ -74,7 +74,7 @@ func TestParseNuGetLock_v1_OneFramework_TwoPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "Test.Core", Version: "6.0.5", @@ -92,6 +92,36 @@ func TestParseNuGetLock_v1_OneFramework_TwoPackages(t *testing.T) { }) } +func TestParseNuGetLock_v1_OneFramework_TwoPackages_BlockLocation(t *testing.T) { + t.Parallel() + + packages, err := dotnet.ParseNuGetLock("../fixtures/nuget/one-framework-two-packages/packages.lock.json") + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + packagesByName := make(map[string]lockfile.PackageDetails) + for _, pkg := range packages { + packagesByName[pkg.Name] = pkg + } + + // Test.Core block: lines 5-10 within "net6.0" framework + testCore := packagesByName["Test.Core"] + assert.Equal(t, 5, testCore.BlockLocation.Line.Start) + assert.Equal(t, 10, testCore.BlockLocation.Line.End) + assert.Equal(t, 7, testCore.BlockLocation.Column.Start) + assert.Equal(t, 8, testCore.BlockLocation.Column.End) + assert.Contains(t, testCore.BlockLocation.Filename, "one-framework-two-packages") + + // Test.System block: lines 11-19 within "net6.0" framework + testSystem := packagesByName["Test.System"] + assert.Equal(t, 11, testSystem.BlockLocation.Line.Start) + assert.Equal(t, 19, testSystem.BlockLocation.Line.End) + assert.Equal(t, 7, testSystem.BlockLocation.Column.Start) + assert.Equal(t, 8, testSystem.BlockLocation.Column.End) + assert.Contains(t, testSystem.BlockLocation.Filename, "one-framework-two-packages") +} + func TestParseNuGetLock_v1_TwoFrameworks_MixedPackages(t *testing.T) { t.Parallel() @@ -100,7 +130,7 @@ func TestParseNuGetLock_v1_TwoFrameworks_MixedPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "Test.Core", Version: "6.0.5", @@ -133,7 +163,7 @@ func TestParseNuGetLock_v1_TwoFrameworks_DifferentPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "Test.Core", Version: "6.0.5", @@ -159,7 +189,7 @@ func TestParseNuGetLock_v1_TwoFrameworks_DuplicatePackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "Test.Core", Version: "6.0.5", @@ -202,7 +232,7 @@ func TestParseNuGetLock_v1_OneFramework_OnePackage_MatchedFailed(t *testing.T) { _ = r.Close() assert.Contains(t, buffer.String(), matcherError.Error()) - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "Test.Core", Version: "6.0.5", @@ -318,6 +348,11 @@ func TestMultipleVersionsNonDeterministicOrder(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } + absoluteLockfilePath, err := filepath.Abs("../fixtures/nuget/multiple-versions-with-lockfile/packages.lock.json") + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ { Name: "Newtonsoft.Json", @@ -350,7 +385,12 @@ func TestMultipleVersionsNonDeterministicOrder(t *testing.T) { PackageManager: models.NuGet, Ecosystem: models.EcosystemNuGet, IsDirect: true, - BlockLocation: models.FilePosition{}, + BlockLocation: models.FilePosition{ + Line: models.Position{Start: 5, End: 13}, + Column: models.Position{Start: 7, End: 8}, + Filename: absoluteLockfilePath, + }, + LocationRole: models.LocationRoleLockfile, }, { Name: "Newtonsoft.Json", @@ -383,7 +423,12 @@ func TestMultipleVersionsNonDeterministicOrder(t *testing.T) { PackageManager: models.NuGet, Ecosystem: models.EcosystemNuGet, IsDirect: false, - BlockLocation: models.FilePosition{}, + BlockLocation: models.FilePosition{ + Line: models.Position{Start: 20, End: 24}, + Column: models.Position{Start: 7, End: 8}, + Filename: absoluteLockfilePath, + }, + LocationRole: models.LocationRoleLockfile, }, }) } diff --git a/pkg/lockfile/dotnet/parse-nuget-lock.go b/pkg/lockfile/dotnet/parse-nuget-lock.go index 1ee32a42..eea2b0b8 100644 --- a/pkg/lockfile/dotnet/parse-nuget-lock.go +++ b/pkg/lockfile/dotnet/parse-nuget-lock.go @@ -1,45 +1,75 @@ package dotnet import ( + "bytes" "encoding/json" "fmt" + "io" "path/filepath" "slices" "strings" + "github.com/DataDog/datadog-sbom-generator/internal/utility/fileposition" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" "maps" ) -func parseNuGetLockDependencies(dependencies map[string]NuGetLockPackage) map[string]lockfile.PackageDetails { +func parseNuGetLockDependencies( + dependencies map[string]NuGetLockPackage, + positions map[string]*models.FilePosition, + filePath string, +) map[string]lockfile.PackageDetails { details := map[string]lockfile.PackageDetails{} for name, dependency := range dependencies { if strings.EqualFold(dependency.Type, projectDependencyType) { continue } - details[name+"@"+dependency.Resolved] = lockfile.PackageDetails{ + pkgDetails := lockfile.PackageDetails{ Name: name, Version: dependency.Resolved, PackageManager: nugetPackageManager, Ecosystem: models.EcosystemNuGet, IsDirect: dependency.Type == "Direct", } + if pos, ok := positions[name]; ok { + blockLocation := *pos + blockLocation.Filename = filePath + pkgDetails.BlockLocation = blockLocation + pkgDetails.LocationRole = models.LocationRoleLockfile + } + details[name+"@"+dependency.Resolved] = pkgDetails } return details } -func parseNuGetLock(file NuGetLockfile) ([]lockfile.PackageDetails, error) { +func parseNuGetLock( + file NuGetLockfile, + lines []string, + filePath string, +) ([]lockfile.PackageDetails, error) { details := map[string]lockfile.PackageDetails{} // go through the dependencies for each framework, e.g. `net6.0` and parse // its dependencies, there might be different or duplicate dependencies - // between frameworks - for _, dependencies := range file.Dependencies { - maps.Copy(details, parseNuGetLockDependencies(dependencies)) + // between frameworks. + // Sort framework names so that when the same package appears in multiple + // frameworks, the first framework alphabetically wins (deterministic output). + frameworkNames := slices.Sorted(maps.Keys(file.Dependencies)) + for _, frameworkName := range frameworkNames { + dependencies := file.Dependencies[frameworkName] + // Build position map for this framework's packages + positions := make(map[string]*models.FilePosition, len(dependencies)) + for name := range dependencies { + positions[name] = &models.FilePosition{} + } + + fileposition.InJSON(frameworkName, positions, lines, 0) + + maps.Copy(details, parseNuGetLockDependencies(dependencies, positions, filePath)) } return slices.Collect(maps.Values(details)), nil @@ -60,7 +90,12 @@ func (e NuGetLockExtractor) PackageManager() models.PackageManager { func (e NuGetLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { var parsedLockfile *NuGetLockfile - err := json.NewDecoder(f).Decode(&parsedLockfile) + content, err := io.ReadAll(f) + if err != nil { + return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) + } + + err = json.NewDecoder(bytes.NewReader(content)).Decode(&parsedLockfile) if err != nil { return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) } @@ -69,7 +104,9 @@ func (e NuGetLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanCon return []lockfile.PackageDetails{}, fmt.Errorf("could not extract: unsupported lock file version %d", parsedLockfile.Version) } - return parseNuGetLock(*parsedLockfile) + lines := strings.Split(strings.ReplaceAll(string(content), "\r\n", "\n"), "\n") + + return parseNuGetLock(*parsedLockfile, lines, f.Path()) } var NuGetExtractor = NuGetLockExtractor{ diff --git a/pkg/lockfile/elixir/parse-mix-lock.go b/pkg/lockfile/elixir/parse-mix-lock.go index 75dbb274..20bcebd6 100644 --- a/pkg/lockfile/elixir/parse-mix-lock.go +++ b/pkg/lockfile/elixir/parse-mix-lock.go @@ -34,10 +34,12 @@ func (e MixLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanConte re := cachedregexp.MustCompile(`^ +"(\w+)": \{.+,$`) scanner := bufio.NewScanner(f) + lineNumber := 0 var packages []lockfile.PackageDetails for scanner.Scan() { + lineNumber++ line := scanner.Text() match := re.FindStringSubmatch(line) @@ -79,6 +81,11 @@ func (e MixLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanConte PackageManager: mixPackageManager, Ecosystem: models.EcosystemHex, Commit: commit, + BlockLocation: models.FilePosition{ + Line: models.Position{Start: lineNumber, End: lineNumber}, + Column: models.Position{Start: 1, End: len(line) + 1}, + Filename: f.Path(), + }, }) } diff --git a/pkg/lockfile/elixir/parse-mix-lock_test.go b/pkg/lockfile/elixir/parse-mix-lock_test.go index 2324d59a..abe35194 100644 --- a/pkg/lockfile/elixir/parse-mix-lock_test.go +++ b/pkg/lockfile/elixir/parse-mix-lock_test.go @@ -2,6 +2,8 @@ package elixir_test import ( "io/fs" + "os" + "path/filepath" "testing" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/elixir" @@ -10,6 +12,8 @@ import ( "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/internal/testutil" + + "github.com/stretchr/testify/assert" ) func TestMixLockExtractor_ShouldExtract(t *testing.T) { @@ -93,7 +97,7 @@ func TestParseMixLock_OnePackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "plug", Version: "1.11.1", @@ -104,6 +108,33 @@ func TestParseMixLock_OnePackage(t *testing.T) { }) } +func TestParseMixLock_OnePackage_BlockLocation(t *testing.T) { + t.Parallel() + dir, err := os.Getwd() + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + path := filepath.FromSlash(filepath.Join(dir, "../fixtures/mix/one-package.lock")) + packages, err := elixir.ParseMixLock(path) + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + for _, pkg := range packages { + assert.Positive(t, pkg.BlockLocation.Line.Start, + "package %s@%s should have BlockLocation.Line.Start > 0", pkg.Name, pkg.Version) + assert.Positive(t, pkg.BlockLocation.Line.End, + "package %s@%s should have BlockLocation.Line.End > 0", pkg.Name, pkg.Version) + assert.Positive(t, pkg.BlockLocation.Column.Start, + "package %s@%s should have BlockLocation.Column.Start > 0", pkg.Name, pkg.Version) + assert.Positive(t, pkg.BlockLocation.Column.End, + "package %s@%s should have BlockLocation.Column.End > 0", pkg.Name, pkg.Version) + assert.NotEmpty(t, pkg.BlockLocation.Filename, + "package %s@%s should have BlockLocation.Filename set", pkg.Name, pkg.Version) + } +} + func TestParseMixLock_TwoPackages(t *testing.T) { t.Parallel() @@ -113,7 +144,7 @@ func TestParseMixLock_TwoPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "plug", Version: "1.11.1", @@ -140,7 +171,7 @@ func TestParseMixLock_Many(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "backoff", Version: "1.1.6", @@ -300,7 +331,7 @@ func TestParseMixLock_GitPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "foe", Version: "", diff --git a/pkg/lockfile/java/parse-gradle-lock.go b/pkg/lockfile/java/parse-gradle-lock.go index 9647b914..b96faf82 100644 --- a/pkg/lockfile/java/parse-gradle-lock.go +++ b/pkg/lockfile/java/parse-gradle-lock.go @@ -63,8 +63,10 @@ func (e GradleLockExtractor) PackageManager() models.PackageManager { func (e GradleLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { pkgs := make([]lockfile.PackageDetails, 0) scanner := bufio.NewScanner(f) + lineNumber := 0 for scanner.Scan() { + lineNumber++ lockLine := strings.TrimSpace(scanner.Text()) if !isGradleLockFileDepLine(lockLine) { continue @@ -75,6 +77,13 @@ func (e GradleLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanCo continue } + pkg.BlockLocation = models.FilePosition{ + Line: models.Position{Start: lineNumber, End: lineNumber}, + Column: models.Position{Start: 1, End: len(scanner.Text()) + 1}, + Filename: f.Path(), + } + pkg.LocationRole = models.LocationRoleLockfile + pkgs = append(pkgs, pkg) } diff --git a/pkg/lockfile/java/parse-gradle-lock_test.go b/pkg/lockfile/java/parse-gradle-lock_test.go index a226ef85..2dab6c42 100644 --- a/pkg/lockfile/java/parse-gradle-lock_test.go +++ b/pkg/lockfile/java/parse-gradle-lock_test.go @@ -151,6 +151,33 @@ func TestParseGradleLock_OnePackage(t *testing.T) { }) } +func TestParseGradleLock_OnePackage_BlockLocation(t *testing.T) { + t.Parallel() + dir, err := os.Getwd() + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + path := filepath.FromSlash(filepath.Join(dir, "../fixtures/gradle-lockfile/one-pkg")) + packages, err := java.ParseGradleLock(path) + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + for _, pkg := range packages { + assert.Positive(t, pkg.BlockLocation.Line.Start, + "package %s@%s should have BlockLocation.Line.Start > 0", pkg.Name, pkg.Version) + assert.Positive(t, pkg.BlockLocation.Line.End, + "package %s@%s should have BlockLocation.Line.End > 0", pkg.Name, pkg.Version) + assert.Positive(t, pkg.BlockLocation.Column.Start, + "package %s@%s should have BlockLocation.Column.Start > 0", pkg.Name, pkg.Version) + assert.Positive(t, pkg.BlockLocation.Column.End, + "package %s@%s should have BlockLocation.Column.End > 0", pkg.Name, pkg.Version) + assert.NotEmpty(t, pkg.BlockLocation.Filename, + "package %s@%s should have BlockLocation.Filename set", pkg.Name, pkg.Version) + } +} + //nolint:paralleltest func TestParseGradleLock_OnePackage_MatcherFailed(t *testing.T) { dir, err := os.Getwd() diff --git a/pkg/lockfile/java/parse-gradle-verification-metadata.go b/pkg/lockfile/java/parse-gradle-verification-metadata.go index ac5f57cb..28923aa4 100644 --- a/pkg/lockfile/java/parse-gradle-verification-metadata.go +++ b/pkg/lockfile/java/parse-gradle-verification-metadata.go @@ -1,10 +1,15 @@ package java import ( + "bytes" "encoding/xml" "fmt" + "io" "path/filepath" + "strings" + "github.com/DataDog/datadog-sbom-generator/internal/cachedregexp" + "github.com/DataDog/datadog-sbom-generator/internal/utility/fileposition" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" ) @@ -21,24 +26,97 @@ func (e GradleVerificationMetadataExtractor) PackageManager() models.PackageMana return gradleVerificationPackageManager } +// componentKey builds a unique key from a component's attributes for position lookup. +func componentKey(group, name, version string) string { + return group + ":" + name + ":" + version +} + +var componentStartRe = cachedregexp.MustCompile(` blocks and returns positions keyed by group:name:version. +// When the same group:name:version appears multiple times (multiple versions scenario), +// we store positions in order and consume them sequentially. +func extractComponentPositions(lines []string) map[string][]models.FilePosition { + positions := make(map[string][]models.FilePosition) + + for i, line := range lines { + matches := componentStartRe.FindStringSubmatch(line) + if matches == nil { + continue + } + + group, name, version := matches[1], matches[2], matches[3] + key := componentKey(group, name, version) + lineNum := i + 1 // 1-indexed + + colStart := fileposition.GetFirstNonEmptyCharacterIndexInLine(line) + colEnd := fileposition.GetLastNonEmptyCharacterIndexInLine(line) + + // Find the end of this component block ( or self-closing />) + endLine := lineNum + if !strings.Contains(line, "/>") { + for j := i + 1; j < len(lines); j++ { + if strings.Contains(lines[j], "") { + endLine = j + 1 + colEnd = fileposition.GetLastNonEmptyCharacterIndexInLine(lines[j]) + + break + } + } + } + + positions[key] = append(positions[key], models.FilePosition{ + Line: models.Position{Start: lineNum, End: endLine}, + Column: models.Position{Start: colStart, End: colEnd}, + }) + } + + return positions +} + func (e GradleVerificationMetadataExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { var parsedLockfile *GradleVerificationMetadataFile - err := xml.NewDecoder(f).Decode(&parsedLockfile) + content, err := io.ReadAll(f) + if err != nil { + return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) + } + err = xml.NewDecoder(bytes.NewReader(content)).Decode(&parsedLockfile) if err != nil { return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) } + lines := fileposition.BytesToLines(content) + positions := extractComponentPositions(lines) + + // Track consumption index per key for duplicate group:name:version entries + consumed := make(map[string]int) + pkgs := make([]lockfile.PackageDetails, 0, len(parsedLockfile.Components)) for _, component := range parsedLockfile.Components { - pkgs = append(pkgs, lockfile.PackageDetails{ + key := componentKey(component.Group, component.Name, component.Version) + + pkg := lockfile.PackageDetails{ Name: component.Group + ":" + component.Name, Version: component.Version, PackageManager: gradleVerificationPackageManager, Ecosystem: models.EcosystemMaven, - }) + } + + if posList, ok := positions[key]; ok { + idx := consumed[key] + if idx < len(posList) { + pos := posList[idx] + pos.Filename = f.Path() + pkg.BlockLocation = pos + pkg.LocationRole = models.LocationRoleLockfile + consumed[key] = idx + 1 + } + } + + pkgs = append(pkgs, pkg) } return pkgs, nil diff --git a/pkg/lockfile/java/parse-gradle-verification-metadata_test.go b/pkg/lockfile/java/parse-gradle-verification-metadata_test.go index 416bd01e..8c9ab99f 100644 --- a/pkg/lockfile/java/parse-gradle-verification-metadata_test.go +++ b/pkg/lockfile/java/parse-gradle-verification-metadata_test.go @@ -133,7 +133,7 @@ func TestParseGradleVerificationMetadata_OnePackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "org.apache.pdfbox:pdfbox", Version: "2.0.17", @@ -200,7 +200,7 @@ func TestParseGradleVerificationMetadata_TwoPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "org.apache.pdfbox:pdfbox", Version: "2.0.17", @@ -225,7 +225,7 @@ func TestParseGradleVerificationMetadata_MultipleVersions(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "androidx.activity:activity", Version: "1.2.1", @@ -346,7 +346,7 @@ func TestParseGradleVerificationMetadata_Complex(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "com.google:google", Version: "1", @@ -745,3 +745,35 @@ func TestParseGradleVerificationMetadata_Complex(t *testing.T) { }, }) } + +func TestParseGradleVerificationMetadata_TwoPackages_BlockLocation(t *testing.T) { + t.Parallel() + + packages, err := java.ParseGradleVerificationMetadata("../fixtures/gradle-verification-metadata/two-packages.xml") + + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + packagesByName := make(map[string]lockfile.PackageDetails) + for _, pkg := range packages { + packagesByName[pkg.Name] = pkg + } + + absoluteLockfilePath, err := filepath.Abs("../fixtures/gradle-verification-metadata/two-packages.xml") + if err != nil { + t.Fatalf("Could not get absolute path: %v", err) + } + + // pdfbox: on line 10, on line 17 + pdfboxPkg := packagesByName["org.apache.pdfbox:pdfbox"] + assert.Equal(t, absoluteLockfilePath, pdfboxPkg.BlockLocation.Filename) + assert.Equal(t, 10, pdfboxPkg.BlockLocation.Line.Start) + assert.Equal(t, 17, pdfboxPkg.BlockLocation.Line.End) + + // javaparser-core: on line 18, on line 22 + javaparserPkg := packagesByName["com.github.javaparser:javaparser-core"] + assert.Equal(t, absoluteLockfilePath, javaparserPkg.BlockLocation.Filename) + assert.Equal(t, 18, javaparserPkg.BlockLocation.Line.Start) + assert.Equal(t, 22, javaparserPkg.BlockLocation.Line.End) +} diff --git a/pkg/lockfile/java/parse-maven-install.go b/pkg/lockfile/java/parse-maven-install.go index 019ad29a..2f3cd179 100644 --- a/pkg/lockfile/java/parse-maven-install.go +++ b/pkg/lockfile/java/parse-maven-install.go @@ -65,7 +65,7 @@ func extractMavenInstallArtifacts(installFile mavenInstallLockfile, contentBytes return []lockfile.PackageDetails{}, err } - lines := strings.Split(string(contentBytes), "\n") + lines := strings.Split(strings.ReplaceAll(string(contentBytes), "\r\n", "\n"), "\n") fileposition.InJSON("artifacts", installFile.Artifacts, lines, 0) artifactNames := make([]string, 0, len(installFile.Artifacts)) diff --git a/pkg/lockfile/javascript/match-package-json.go b/pkg/lockfile/javascript/match-package-json.go index 5a180e05..8b2966cb 100644 --- a/pkg/lockfile/javascript/match-package-json.go +++ b/pkg/lockfile/javascript/match-package-json.go @@ -11,6 +11,7 @@ import ( jsonUtils "github.com/DataDog/datadog-sbom-generator/internal/json" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" + "github.com/DataDog/datadog-sbom-generator/pkg/models" "github.com/bmatcuk/doublestar/v4" ) @@ -63,8 +64,8 @@ func (depMap *packageJSONDependencyMap) UnmarshalJSON(data []byte) error { depGroup = "optional" } - if (depMap.RootType == typeDevDependencies || depMap.RootType == typeOptionalDependencies) && pkg.BlockLocation.Line.Start != 0 { - // If it is a dev or optional dependency definition and we already found a package location, + if (depMap.RootType == typeDevDependencies || depMap.RootType == typeOptionalDependencies) && pkg.LocationRole == models.LocationRoleManifest { + // If it is a dev or optional dependency definition and we already found a manifest location, // we skip it to prioritize non-dev dependencies pkgIndexes = []int{} } diff --git a/pkg/lockfile/javascript/parse-pnpm-lock-v9_test.go b/pkg/lockfile/javascript/parse-pnpm-lock-v9_test.go index fedadc9a..93de82fb 100644 --- a/pkg/lockfile/javascript/parse-pnpm-lock-v9_test.go +++ b/pkg/lockfile/javascript/parse-pnpm-lock-v9_test.go @@ -9,6 +9,8 @@ import ( "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/internal/testutil" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/javascript" "github.com/DataDog/datadog-sbom-generator/pkg/models" + + "github.com/stretchr/testify/assert" ) func TestParsePnpmLock_v9_NoPackages(t *testing.T) { @@ -43,6 +45,46 @@ func TestParsePnpmLock_v9_OnePackage(t *testing.T) { }) } +func TestParsePnpmLock_v9_OnePackage_BlockLocation(t *testing.T) { + t.Parallel() + + dir, err := os.Getwd() + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + path := filepath.FromSlash(filepath.Join(dir, "../fixtures/pnpm/one-package.v9.yaml")) + packages, err := javascript.ParsePnpmLock(path) + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + if len(packages) != 1 { + t.Fatalf("Expected 1 package, got %d", len(packages)) + } + + pkg := packages[0] + if pkg.BlockLocation.Line.Start == 0 { + t.Errorf("Expected BlockLocation.Line.Start > 0 for %s, got 0", pkg.Name) + } + if pkg.BlockLocation.Line.End == 0 { + t.Errorf("Expected BlockLocation.Line.End > 0 for %s, got 0", pkg.Name) + } + if pkg.BlockLocation.Column.Start == 0 { + t.Errorf("Expected BlockLocation.Column.Start > 0 for %s, got 0", pkg.Name) + } + if pkg.BlockLocation.Column.End == 0 { + t.Errorf("Expected BlockLocation.Column.End > 0 for %s, got 0", pkg.Name) + } + if pkg.BlockLocation.Filename != path { + t.Errorf("Expected BlockLocation.Filename = %s, got %s", path, pkg.BlockLocation.Filename) + } + + // acorn@8.11.3 is at lines 17-20 in one-package.v9.yaml (last non-empty line before "snapshots:") + assert.Equal(t, 17, pkg.BlockLocation.Line.Start) + assert.Equal(t, 20, pkg.BlockLocation.Line.End) +} + func TestParsePnpmLock_v9_OnePackageDev(t *testing.T) { t.Parallel() @@ -313,6 +355,90 @@ func TestParsePnpmLock_v9_Commits(t *testing.T) { }) } +// TestParsePnpmLock_v9_Commits_BlockLocation verifies that git/tarball dependencies +// (whose packages: key uses a full URL like "ansi-regex@https://codeload.github.com/...") +// correctly resolve their BlockLocation even though lookupPnpmPosition receives a cleaned +// semver version, not the raw URL. +func TestParsePnpmLock_v9_Commits_BlockLocation(t *testing.T) { + t.Parallel() + + dir, err := os.Getwd() + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + path := filepath.FromSlash(filepath.Join(dir, "../fixtures/pnpm/commits.v9.yaml")) + packages, err := javascript.ParsePnpmLock(path) + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + for _, pkg := range packages { + assert.Positive(t, pkg.BlockLocation.Line.Start, "BlockLocation.Line.Start should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Line.End, "BlockLocation.Line.End should be > 0 for %s", pkg.Name) + assert.Equal(t, path, pkg.BlockLocation.Filename, "BlockLocation.Filename should match for %s", pkg.Name) + } +} + +func TestParsePnpmLock_v9_MixedGroups_BlockLocation(t *testing.T) { + t.Parallel() + + dir, err := os.Getwd() + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + path := filepath.FromSlash(filepath.Join(dir, "../fixtures/pnpm/mixed-groups.v9.yaml")) + packages, err := javascript.ParsePnpmLock(path) + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + // All packages should have BlockLocation set + for _, pkg := range packages { + assert.Positive(t, pkg.BlockLocation.Line.Start, "BlockLocation.Line.Start should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Line.End, "BlockLocation.Line.End should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Column.Start, "BlockLocation.Column.Start should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Column.End, "BlockLocation.Column.End should be > 0 for %s", pkg.Name) + assert.Equal(t, path, pkg.BlockLocation.Filename, "BlockLocation.Filename should match for %s", pkg.Name) + } +} + +// TestParsePnpmLock_v9_PeerDependenciesAdvanced_BlockLocation verifies that scoped packages +// (whose YAML keys are surrounded by single quotes, e.g. '@scope/pkg@1.0.0':) get their +// BlockLocation correctly populated. This is a regression test for the bug where the single +// quotes were stored as part of the position map key, causing lookups to miss. +func TestParsePnpmLock_v9_PeerDependenciesAdvanced_BlockLocation(t *testing.T) { + t.Parallel() + + dir, err := os.Getwd() + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + path := filepath.FromSlash(filepath.Join(dir, "../fixtures/pnpm/peer-dependencies-advanced.v9.yaml")) + packages, err := javascript.ParsePnpmLock(path) + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + // Packages that appear in the packages: section should all have BlockLocation set. + // chalk@4.1.2 only appears in snapshots: (not packages:) so it is the only exception. + packagesWithoutPosition := map[string]bool{ + "chalk@4.1.2": true, + } + + for _, pkg := range packages { + key := pkg.Name + "@" + pkg.Version + if packagesWithoutPosition[key] { + continue + } + assert.Positive(t, pkg.BlockLocation.Line.Start, "BlockLocation.Line.Start should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Line.End, "BlockLocation.Line.End should be > 0 for %s", pkg.Name) + assert.Equal(t, path, pkg.BlockLocation.Filename, "BlockLocation.Filename should match for %s", pkg.Name) + } +} + func TestParsePnpmLock_v9_MixedGroups(t *testing.T) { t.Parallel() @@ -573,6 +699,7 @@ func TestParsePnpmLock_v9_WorkspacesComplex(t *testing.T) { } rootPath := filepath.FromSlash(filepath.Join(dir, "../fixtures/package-json/workspace-complex/package.json")) + lockfilePath := filepath.FromSlash(filepath.Join(dir, "../fixtures/package-json/workspace-complex/pnpm-lock.yaml")) workspace1Path := filepath.FromSlash(filepath.Join(dir, "../fixtures/package-json/workspace-complex/workspace-1/package.json")) workspace2Path := filepath.FromSlash(filepath.Join(dir, "../fixtures/package-json/workspace-complex/nested/workspace-2/package.json")) workspace3Path := filepath.FromSlash(filepath.Join(dir, "../fixtures/package-json/workspace-complex/workspace-3/package.json")) @@ -608,9 +735,14 @@ func TestParsePnpmLock_v9_WorkspacesComplex(t *testing.T) { Version: "1.4.0", PackageManager: models.Pnpm, Ecosystem: models.EcosystemNPM, - BlockLocation: models.FilePosition{}, - IsDirect: false, // is a dependency of group-dependencies@0.0.11 - DepGroups: []string{"dev"}, + BlockLocation: models.FilePosition{ + Line: models.Position{Start: 45, End: 47}, + Column: models.Position{Start: 3, End: 32}, + Filename: lockfilePath, + }, + LocationRole: models.LocationRoleLockfile, + IsDirect: false, // is a dependency of group-dependencies@0.0.11 + DepGroups: []string{"dev"}, }, { Name: "semver", @@ -764,3 +896,57 @@ func TestParsePnpmLock_v9_WorkspacesComplex(t *testing.T) { }, }) } + +func TestParsePnpmLock_Legacy_OnePackage_BlockLocation(t *testing.T) { + t.Parallel() + + dir, err := os.Getwd() + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + path := filepath.FromSlash(filepath.Join(dir, "../fixtures/pnpm/one-package.yaml")) + packages, err := javascript.ParsePnpmLock(path) + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + if len(packages) != 1 { + t.Fatalf("Expected 1 package, got %d", len(packages)) + } + + pkg := packages[0] + assert.Positive(t, pkg.BlockLocation.Line.Start, "BlockLocation.Line.Start should be > 0") + assert.Positive(t, pkg.BlockLocation.Line.End, "BlockLocation.Line.End should be > 0") + assert.Positive(t, pkg.BlockLocation.Column.Start, "BlockLocation.Column.Start should be > 0") + assert.Positive(t, pkg.BlockLocation.Column.End, "BlockLocation.Column.End should be > 0") + assert.Equal(t, path, pkg.BlockLocation.Filename) + + // /acorn/8.7.0 is at lines 11-15 in one-package.yaml + assert.Equal(t, 11, pkg.BlockLocation.Line.Start) + assert.Equal(t, 15, pkg.BlockLocation.Line.End) +} + +func TestParsePnpmLock_Legacy_MultiplePackages_BlockLocation(t *testing.T) { + t.Parallel() + + dir, err := os.Getwd() + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + path := filepath.FromSlash(filepath.Join(dir, "../fixtures/pnpm/multiple-packages.yaml")) + packages, err := javascript.ParsePnpmLock(path) + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + // All packages should have BlockLocation set + for _, pkg := range packages { + assert.Positive(t, pkg.BlockLocation.Line.Start, "BlockLocation.Line.Start should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Line.End, "BlockLocation.Line.End should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Column.Start, "BlockLocation.Column.Start should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Column.End, "BlockLocation.Column.End should be > 0 for %s", pkg.Name) + assert.Equal(t, path, pkg.BlockLocation.Filename, "BlockLocation.Filename should match for %s", pkg.Name) + } +} diff --git a/pkg/lockfile/javascript/parse-pnpm-v9-lock.go b/pkg/lockfile/javascript/parse-pnpm-v9-lock.go index 794147f9..9bf0be2b 100644 --- a/pkg/lockfile/javascript/parse-pnpm-v9-lock.go +++ b/pkg/lockfile/javascript/parse-pnpm-v9-lock.go @@ -1,6 +1,7 @@ package javascript import ( + "bytes" "errors" "fmt" "io" @@ -11,6 +12,7 @@ import ( "maps" "github.com/DataDog/datadog-sbom-generator/internal/cachedregexp" + "github.com/DataDog/datadog-sbom-generator/internal/utility/fileposition" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" @@ -74,7 +76,7 @@ func addDependencyToPackageDetails(dependency lockfile.PackageDetails, packageId return deps } -func extractTransitiveDeps(sourceFile PnpmLockfile, root PnpmDirectDependency, targetedKey string, deps map[string]lockfile.PackageDetails) map[string]lockfile.PackageDetails { +func extractTransitiveDeps(sourceFile PnpmLockfile, root PnpmDirectDependency, targetedKey string, deps map[string]lockfile.PackageDetails, positions map[string]models.FilePosition, filePath string) map[string]lockfile.PackageDetails { // Need to look at dependencies visitedSnapshots := make(map[string]bool) snapshotQueue := make([]string, 0) @@ -96,14 +98,17 @@ func extractTransitiveDeps(sourceFile PnpmLockfile, root PnpmDirectDependency, t } for depName, depVersion := range snapshot.Dependencies { + version := getCleanedVersion(sourceFile, depName, depVersion) transitiveDep := lockfile.PackageDetails{ Name: depName, - Version: getCleanedVersion(sourceFile, depName, depVersion), + Version: version, Commit: getCommitFromVersion(depVersion), Ecosystem: models.EcosystemNPM, DepGroups: root.Pkg.DepGroups, PackageManager: models.Pnpm, IsDirect: false, + BlockLocation: lookupPnpmPosition(depName, version, depVersion, filePath, positions), + LocationRole: models.LocationRoleLockfile, } addDependencyToPackageDetails(transitiveDep, getPnpmDependencyKey(transitiveDep), deps) childKey := depName + "@" + depVersion @@ -111,14 +116,17 @@ func extractTransitiveDeps(sourceFile PnpmLockfile, root PnpmDirectDependency, t } for depName, depVersion := range snapshot.OptionalDependencies { + version := getCleanedVersion(sourceFile, depName, depVersion) transitiveDep := lockfile.PackageDetails{ Name: depName, - Version: getCleanedVersion(sourceFile, depName, depVersion), + Version: version, Commit: getCommitFromVersion(depVersion), Ecosystem: models.EcosystemNPM, DepGroups: root.Pkg.DepGroups, PackageManager: models.Pnpm, IsDirect: false, + BlockLocation: lookupPnpmPosition(depName, version, depVersion, filePath, positions), + LocationRole: models.LocationRoleLockfile, } addDependencyToPackageDetails(transitiveDep, getPnpmDependencyKey(transitiveDep), deps) childKey := depName + "@" + depVersion @@ -129,17 +137,19 @@ func extractTransitiveDeps(sourceFile PnpmLockfile, root PnpmDirectDependency, t return deps } -func extractDirectDependencies(sourceFile PnpmLockfile, roots []PnpmDirectDependency, dependencies PnpmDependencies, depGroup string, workspacePath string) []PnpmDirectDependency { +func extractDirectDependencies(sourceFile PnpmLockfile, roots []PnpmDirectDependency, dependencies PnpmDependencies, depGroup string, workspacePath string, positions map[string]models.FilePosition, filePath string) []PnpmDirectDependency { for dependencyName, dependency := range dependencies { var nameLocation *models.FilePosition if workspacePath != "" && workspacePath != "." { nameLocation = &models.FilePosition{Filename: workspacePath} } + version := getCleanedVersion(sourceFile, dependencyName, dependency.Version) + roots = append(roots, PnpmDirectDependency{ Pkg: lockfile.PackageDetails{ Name: dependencyName, - Version: getCleanedVersion(sourceFile, dependencyName, dependency.Version), + Version: version, Commit: getCommitFromVersion(dependency.Version), TargetVersions: []string{dependency.Specifier}, Ecosystem: models.EcosystemNPM, @@ -147,6 +157,8 @@ func extractDirectDependencies(sourceFile PnpmLockfile, roots []PnpmDirectDepend PackageManager: models.Pnpm, IsDirect: true, NameLocation: nameLocation, + BlockLocation: lookupPnpmPosition(dependencyName, version, dependency.Version, filePath, positions), + LocationRole: models.LocationRoleLockfile, }, Dep: dependency, WorkspacePath: workspacePath, @@ -156,7 +168,51 @@ func extractDirectDependencies(sourceFile PnpmLockfile, roots []PnpmDirectDepend return roots } -func parsePnpmLock(sourceFile PnpmLockfile) []lockfile.PackageDetails { +// lookupPnpmPosition resolves the FilePosition for a package in the positions map. +// It tries, in order: +// 1. Exact key "name@version" (common case). +// 2. Raw version key "name@rawVersion" for git/tarball deps where the packages: section +// stores the full URL (e.g. "ansi-regex@https://codeload.github.com/...") but the +// caller has already cleaned the version to a semver. +// 3. Prefix match "name@version(" for peer-suffixed keys (e.g. "tsutils@3.21.0(typescript@4.9.5)"). +// When multiple peer variants exist for the same base version, picks the earliest by line number. +func lookupPnpmPosition(name, version, rawVersion, filePath string, positions map[string]models.FilePosition) models.FilePosition { + key := name + "@" + version + if pos, ok := positions[key]; ok { + pos.Filename = filePath + return pos + } + + // Fallback for git/tarball deps: try the raw (pre-cleaning) version. + if rawVersion != version { + rawKey := name + "@" + rawVersion + if pos, ok := positions[rawKey]; ok { + pos.Filename = filePath + return pos + } + } + + // Fallback for peer-suffixed keys (e.g. "tsutils@3.21.0(typescript@4.9.5)"). + // When multiple peer variants exist for the same base version, pick the earliest by line number. + prefix := key + "(" + var best *models.FilePosition + for k, pos := range positions { + if strings.HasPrefix(k, prefix) { + p := pos + if best == nil || p.Line.Start < best.Line.Start { + best = &p + } + } + } + if best != nil { + best.Filename = filePath + return *best + } + + return models.FilePosition{} +} + +func parsePnpmLock(sourceFile PnpmLockfile, positions map[string]models.FilePosition, filePath string) []lockfile.PackageDetails { // First create the deps tree // To do so, first look at the packages list, for each package, look into the importers // If present in the importers => its direct and we know its scope @@ -165,15 +221,15 @@ func parsePnpmLock(sourceFile PnpmLockfile) []lockfile.PackageDetails { // Going through the importers to get a direct (prod or dev), then finding the transitives in the snapshot directDependencies := make([]PnpmDirectDependency, 0) for workspacePath, importer := range sourceFile.Importers { - directDependencies = extractDirectDependencies(sourceFile, directDependencies, importer.Dependencies, "prod", workspacePath) - directDependencies = extractDirectDependencies(sourceFile, directDependencies, importer.OptionalDependencies, "optional", workspacePath) - directDependencies = extractDirectDependencies(sourceFile, directDependencies, importer.DevDependencies, "dev", workspacePath) + directDependencies = extractDirectDependencies(sourceFile, directDependencies, importer.Dependencies, "prod", workspacePath, positions, filePath) + directDependencies = extractDirectDependencies(sourceFile, directDependencies, importer.OptionalDependencies, "optional", workspacePath, positions, filePath) + directDependencies = extractDirectDependencies(sourceFile, directDependencies, importer.DevDependencies, "dev", workspacePath, positions, filePath) } packages := make(map[string]lockfile.PackageDetails) for _, direct := range directDependencies { packages = addDependencyToPackageDetails(direct.Pkg, getPnpmWorkspaceDependencyKey(direct), packages) - packages = extractTransitiveDeps(sourceFile, direct, direct.Pkg.Name+"@"+direct.Dep.Version, packages) + packages = extractTransitiveDeps(sourceFile, direct, direct.Pkg.Name+"@"+direct.Dep.Version, packages, positions, filePath) } return slices.Collect(maps.Values(packages)) @@ -187,10 +243,120 @@ func getPnpmDependencyKey(pkg lockfile.PackageDetails) string { return getWorkspaceDependencyKey(pkg.Name, pkg.Version, "") // this has no workspace path } +// closePnpmBlock closes a package block by finding the last non-empty line before index i. +func closePnpmBlock(positions map[string]models.FilePosition, key string, beforeIndex int, lines []string) { + pos := positions[key] + // Find last non-empty line before beforeIndex + lastNonEmpty := beforeIndex - 1 + for lastNonEmpty >= 0 && strings.TrimSpace(lines[lastNonEmpty]) == "" { + lastNonEmpty-- + } + + if lastNonEmpty >= 0 { + pos.Line.End = lastNonEmpty + 1 // 1-indexed + pos.Column.End = fileposition.GetLastNonEmptyCharacterIndexInLine(lines[lastNonEmpty]) + } else { + pos.Line.End = pos.Line.Start + } + + positions[key] = pos +} + +// extractPnpmV9PackagePositions scans YAML lines for package entries under "packages:". +// Package keys appear at 2-space indent (e.g. " acorn@8.11.3:"), and their blocks extend +// until the next entry at the same indent or end of the packages section. +func extractPnpmV9PackagePositions(lines []string) map[string]models.FilePosition { + positions := make(map[string]models.FilePosition) + + inPackages := false + var currentKey string + var startLine int + + for i, line := range lines { + lineNum := i + 1 + + trimmed := strings.TrimSpace(line) + if trimmed == "" { + continue + } + + // Detect the "packages:" top-level key + if trimmed == "packages:" { + inPackages = true + + continue + } + + if !inPackages { + continue + } + + // A line with no leading spaces means we've exited the packages block + if len(line) > 0 && line[0] != ' ' { + if currentKey != "" { + closePnpmBlock(positions, currentKey, i, lines) + currentKey = "" + } + + inPackages = false + + continue + } + + // 2-space indent: package entry (e.g. " acorn@8.11.3:") + if len(line) >= 3 && line[0] == ' ' && line[1] == ' ' && line[2] != ' ' && strings.HasSuffix(trimmed, ":") { + // Close previous package + if currentKey != "" { + closePnpmBlock(positions, currentKey, i, lines) + } + + // Strip trailing ":" and surrounding single quotes (YAML quotes scoped package + // names starting with "@", e.g. "'@scope/pkg@1.0.0':" → "@scope/pkg@1.0.0"). + pkgKey := strings.Trim(strings.TrimSuffix(trimmed, ":"), "'") + currentKey = pkgKey + startLine = lineNum + + colStart := fileposition.GetFirstNonEmptyCharacterIndexInLine(line) + + positions[currentKey] = models.FilePosition{ + Line: models.Position{Start: startLine, End: 0}, + Column: models.Position{Start: colStart, End: 0}, + } + + continue + } + } + + // Close last package if file ended within packages section + if currentKey != "" { + pos := positions[currentKey] + lastIdx := len(lines) - 1 + for lastIdx >= 0 && strings.TrimSpace(lines[lastIdx]) == "" { + lastIdx-- + } + + if lastIdx >= 0 { + pos.Line.End = lastIdx + 1 + pos.Column.End = fileposition.GetLastNonEmptyCharacterIndexInLine(lines[lastIdx]) + } else { + pos.Line.End = pos.Line.Start + } + + positions[currentKey] = pos + } + + return positions +} + func (e PnpmLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { var parsedLockfile *PnpmLockfile - err := yaml.NewDecoder(f).Decode(&parsedLockfile) + content, err := io.ReadAll(f) + if err != nil { + return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) + } + + err = yaml.NewDecoder(bytes.NewReader(content)).Decode(&parsedLockfile) if err != nil && !errors.Is(err, io.EOF) { return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) @@ -213,7 +379,10 @@ func (e PnpmLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanCont return e.extractLegacyPnpm(file) } - return parsePnpmLock(*parsedLockfile), nil + lines := fileposition.BytesToLines(content) + positions := extractPnpmV9PackagePositions(lines) + + return parsePnpmLock(*parsedLockfile, positions, f.Path()), nil } var PnpmExtractor = PnpmLockExtractor{ diff --git a/pkg/lockfile/javascript/parse-yarn-lock-v1_test.go b/pkg/lockfile/javascript/parse-yarn-lock-v1_test.go index 46fecb90..f833ed45 100644 --- a/pkg/lockfile/javascript/parse-yarn-lock-v1_test.go +++ b/pkg/lockfile/javascript/parse-yarn-lock-v1_test.go @@ -62,6 +62,57 @@ func TestParseYarnLock_v1_OnePackage(t *testing.T) { }) } +func TestParseYarnLock_v1_OnePackage_BlockLocation(t *testing.T) { + t.Parallel() + dir, err := os.Getwd() + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + path := filepath.FromSlash(filepath.Join(dir, "../fixtures/yarn/one-package.v1.lock")) + packages, err := javascript.ParseYarnLock(path) + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + if len(packages) != 1 { + t.Fatalf("Expected 1 package, got %d", len(packages)) + } + + pkg := packages[0] + assert.Positive(t, pkg.BlockLocation.Line.Start, "BlockLocation.Line.Start should be > 0") + assert.Positive(t, pkg.BlockLocation.Line.End, "BlockLocation.Line.End should be > 0") + assert.Positive(t, pkg.BlockLocation.Column.Start, "BlockLocation.Column.Start should be > 0") + assert.Positive(t, pkg.BlockLocation.Column.End, "BlockLocation.Column.End should be > 0") + assert.Equal(t, path, pkg.BlockLocation.Filename) + + // balanced-match@^1.0.0 block is at lines 5-8 in one-package.v1.lock + assert.Equal(t, 5, pkg.BlockLocation.Line.Start) + assert.Equal(t, 8, pkg.BlockLocation.Line.End) +} + +func TestParseYarnLock_v1_TwoPackages_BlockLocation(t *testing.T) { + t.Parallel() + dir, err := os.Getwd() + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + path := filepath.FromSlash(filepath.Join(dir, "../fixtures/yarn/two-packages.v1.lock")) + packages, err := javascript.ParseYarnLock(path) + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + for _, pkg := range packages { + assert.Positive(t, pkg.BlockLocation.Line.Start, "BlockLocation.Line.Start should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Line.End, "BlockLocation.Line.End should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Column.Start, "BlockLocation.Column.Start should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Column.End, "BlockLocation.Column.End should be > 0 for %s", pkg.Name) + assert.Equal(t, path, pkg.BlockLocation.Filename, "BlockLocation.Filename should match for %s", pkg.Name) + } +} + //nolint:paralleltest func TestParseYarnLock_v1_OnePackage_MatcherFailed(t *testing.T) { dir, err := os.Getwd() @@ -1076,6 +1127,7 @@ func TestParseYarnLock_v1_WorkspacesComplex(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } + lockfilePath := filepath.FromSlash(filepath.Join(dir, "../fixtures/package-json/workspace-complex/yarn-v1.lock")) rootPath := filepath.FromSlash(filepath.Join(dir, "../fixtures/package-json/workspace-complex/package.json")) workspace1Path := filepath.FromSlash(filepath.Join(dir, "../fixtures/package-json/workspace-complex/workspace-1/package.json")) workspace2Path := filepath.FromSlash(filepath.Join(dir, "../fixtures/package-json/workspace-complex/nested/workspace-2/package.json")) @@ -1114,7 +1166,13 @@ func TestParseYarnLock_v1_WorkspacesComplex(t *testing.T) { PackageManager: models.Yarn, Ecosystem: models.EcosystemNPM, DepGroups: []string{"dev"}, - Dependencies: make([]*lockfile.PackageDetails, 0), + BlockLocation: models.FilePosition{ + Line: models.Position{Start: 5, End: 8}, + Column: models.Position{Start: 1, End: 108}, + Filename: lockfilePath, + }, + LocationRole: models.LocationRoleLockfile, + Dependencies: make([]*lockfile.PackageDetails, 0), }, }, }, @@ -1124,10 +1182,15 @@ func TestParseYarnLock_v1_WorkspacesComplex(t *testing.T) { TargetVersions: []string{"^1.4.0"}, PackageManager: models.Yarn, Ecosystem: models.EcosystemNPM, - BlockLocation: models.FilePosition{}, - IsDirect: false, // is a dependency of group-dependencies@0.0.11 - DepGroups: []string{"dev"}, - Dependencies: make([]*lockfile.PackageDetails, 0), + BlockLocation: models.FilePosition{ + Line: models.Position{Start: 5, End: 8}, + Column: models.Position{Start: 1, End: 108}, + Filename: lockfilePath, + }, + LocationRole: models.LocationRoleLockfile, + IsDirect: false, // is a dependency of group-dependencies@0.0.11 + DepGroups: []string{"dev"}, + Dependencies: make([]*lockfile.PackageDetails, 0), }, { Name: "semver", diff --git a/pkg/lockfile/javascript/parse-yarn-lock-v2_test.go b/pkg/lockfile/javascript/parse-yarn-lock-v2_test.go index 7075985e..526c6a8d 100644 --- a/pkg/lockfile/javascript/parse-yarn-lock-v2_test.go +++ b/pkg/lockfile/javascript/parse-yarn-lock-v2_test.go @@ -62,6 +62,57 @@ func TestParseYarnLock_v2_OnePackage(t *testing.T) { }) } +func TestParseYarnLock_v2_OnePackage_BlockLocation(t *testing.T) { + t.Parallel() + dir, err := os.Getwd() + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + path := filepath.FromSlash(filepath.Join(dir, "../fixtures/yarn/one-package.v2.lock")) + packages, err := javascript.ParseYarnLock(path) + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + if len(packages) != 1 { + t.Fatalf("Expected 1 package, got %d", len(packages)) + } + + pkg := packages[0] + assert.Positive(t, pkg.BlockLocation.Line.Start, "BlockLocation.Line.Start should be > 0") + assert.Positive(t, pkg.BlockLocation.Line.End, "BlockLocation.Line.End should be > 0") + assert.Positive(t, pkg.BlockLocation.Column.Start, "BlockLocation.Column.Start should be > 0") + assert.Positive(t, pkg.BlockLocation.Column.End, "BlockLocation.Column.End should be > 0") + assert.Equal(t, path, pkg.BlockLocation.Filename) + + // "balanced-match@npm:^1.0.0" block is at lines 8-13 in one-package.v2.lock + assert.Equal(t, 8, pkg.BlockLocation.Line.Start) + assert.Equal(t, 13, pkg.BlockLocation.Line.End) +} + +func TestParseYarnLock_v2_TwoPackages_BlockLocation(t *testing.T) { + t.Parallel() + dir, err := os.Getwd() + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + path := filepath.FromSlash(filepath.Join(dir, "../fixtures/yarn/two-packages.v2.lock")) + packages, err := javascript.ParseYarnLock(path) + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + for _, pkg := range packages { + assert.Positive(t, pkg.BlockLocation.Line.Start, "BlockLocation.Line.Start should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Line.End, "BlockLocation.Line.End should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Column.Start, "BlockLocation.Column.Start should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Column.End, "BlockLocation.Column.End should be > 0 for %s", pkg.Name) + assert.Equal(t, path, pkg.BlockLocation.Filename, "BlockLocation.Filename should match for %s", pkg.Name) + } +} + //nolint:paralleltest func TestParseYarnLock_v2_OnePackage_MatcherFailed(t *testing.T) { dir, err := os.Getwd() @@ -820,6 +871,7 @@ func TestParseYarnLock_v2_WorkspacesComplex(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } + lockfilePath := filepath.FromSlash(filepath.Join(dir, "../fixtures/package-json/workspace-complex/yarn.lock")) rootPath := filepath.FromSlash(filepath.Join(dir, "../fixtures/package-json/workspace-complex/package.json")) workspace1Path := filepath.FromSlash(filepath.Join(dir, "../fixtures/package-json/workspace-complex/workspace-1/package.json")) workspace2Path := filepath.FromSlash(filepath.Join(dir, "../fixtures/package-json/workspace-complex/nested/workspace-2/package.json")) @@ -858,7 +910,13 @@ func TestParseYarnLock_v2_WorkspacesComplex(t *testing.T) { PackageManager: models.Yarn, Ecosystem: models.EcosystemNPM, DepGroups: []string{"dev"}, - Dependencies: make([]*lockfile.PackageDetails, 0), + BlockLocation: models.FilePosition{ + Line: models.Position{Start: 8, End: 13}, + Column: models.Position{Start: 1, End: 17}, + Filename: lockfilePath, + }, + LocationRole: models.LocationRoleLockfile, + Dependencies: make([]*lockfile.PackageDetails, 0), }, }, }, @@ -868,10 +926,15 @@ func TestParseYarnLock_v2_WorkspacesComplex(t *testing.T) { TargetVersions: []string{"^1.4.0"}, PackageManager: models.Yarn, Ecosystem: models.EcosystemNPM, - BlockLocation: models.FilePosition{}, - IsDirect: false, // is a dependency of group-dependencies@0.0.11 - DepGroups: []string{"dev"}, - Dependencies: make([]*lockfile.PackageDetails, 0), + BlockLocation: models.FilePosition{ + Line: models.Position{Start: 8, End: 13}, + Column: models.Position{Start: 1, End: 17}, + Filename: lockfilePath, + }, + LocationRole: models.LocationRoleLockfile, + IsDirect: false, // is a dependency of group-dependencies@0.0.11 + DepGroups: []string{"dev"}, + Dependencies: make([]*lockfile.PackageDetails, 0), }, { Name: "semver", diff --git a/pkg/lockfile/javascript/parse-yarn-lock.go b/pkg/lockfile/javascript/parse-yarn-lock.go index 7829a2f4..8405fe03 100644 --- a/pkg/lockfile/javascript/parse-yarn-lock.go +++ b/pkg/lockfile/javascript/parse-yarn-lock.go @@ -3,7 +3,6 @@ package javascript import ( "bufio" "encoding/json" - "errors" "fmt" "io" "net/url" @@ -12,6 +11,7 @@ import ( "strings" "github.com/DataDog/datadog-sbom-generator/internal/cachedregexp" + "github.com/DataDog/datadog-sbom-generator/internal/utility/fileposition" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" ) @@ -53,12 +53,42 @@ func parseYarnPackageBlock(block []string) []YarnPackage { return packages } -func groupYarnPackageLines(scanner *bufio.Scanner) []YarnPackage { +// findLastNonEmptyLineInRange finds the 1-indexed line number of the last non-empty line +// within the 0-indexed range [startIdx, endIdx]. +func findLastNonEmptyLineInRange(lines []string, startIdx, endIdx int) int { + if endIdx >= len(lines) { + endIdx = len(lines) - 1 + } + + for i := endIdx; i >= startIdx; i-- { + if strings.TrimSpace(lines[i]) != "" { + return i + 1 // 1-indexed + } + } + + return startIdx + 1 +} + +// buildYarnBlockPosition creates a FilePosition from 1-indexed start and end line numbers. +func buildYarnBlockPosition(lines []string, startLine, endLine int) models.FilePosition { + colStart := fileposition.GetFirstNonEmptyCharacterIndexInLine(lines[startLine-1]) + colEnd := fileposition.GetLastNonEmptyCharacterIndexInLine(lines[endLine-1]) + + return models.FilePosition{ + Line: models.Position{Start: startLine, End: endLine}, + Column: models.Position{Start: colStart, End: colEnd}, + } +} + +func groupYarnPackageLines(scanner *bufio.Scanner, lines []string) []YarnPackage { var groups []YarnPackage var group []string + var blockStartLine int // 1-indexed line number of block start + lineNum := 0 var line string for scanner.Scan() { + lineNum++ line = scanner.Text() if shouldSkipYarnLine(line) { @@ -69,9 +99,15 @@ func groupYarnPackageLines(scanner *bufio.Scanner) []YarnPackage { if !strings.HasPrefix(line, " ") { if len(group) > 0 { packages := parseYarnPackageBlock(group) + // Set BlockLocation on each package + blockEndLine := findLastNonEmptyLineInRange(lines, blockStartLine-1, lineNum-2) + for i := range packages { + packages[i].BlockLocation = buildYarnBlockPosition(lines, blockStartLine, blockEndLine) + } groups = append(groups, packages...) } group = make([]string, 0) + blockStartLine = lineNum } group = append(group, line) @@ -79,6 +115,10 @@ func groupYarnPackageLines(scanner *bufio.Scanner) []YarnPackage { if len(group) > 0 { packages := parseYarnPackageBlock(group) + blockEndLine := findLastNonEmptyLineInRange(lines, blockStartLine-1, len(lines)-1) + for i := range packages { + packages[i].BlockLocation = buildYarnBlockPosition(lines, blockStartLine, blockEndLine) + } groups = append(groups, packages...) } @@ -336,7 +376,7 @@ func buildDependencyTree(rootPkgName, rootPkgTargetVersion, rootPkgRegistry stri return results } -func parseYarnPackage(dependency YarnPackage) lockfile.PackageDetails { +func parseYarnPackage(dependency YarnPackage, filePath string) lockfile.PackageDetails { if dependency.Version == "" { _, _ = fmt.Fprintf( os.Stderr, @@ -350,6 +390,9 @@ func parseYarnPackage(dependency YarnPackage) lockfile.PackageDetails { nameLocation = &models.FilePosition{Filename: dependency.WorkspacePath} } + blockLocation := dependency.BlockLocation + blockLocation.Filename = filePath + return lockfile.PackageDetails{ Name: dependency.Name, Version: dependency.Version, @@ -358,6 +401,8 @@ func parseYarnPackage(dependency YarnPackage) lockfile.PackageDetails { Ecosystem: models.EcosystemNPM, Commit: tryExtractCommit(dependency.Resolution), NameLocation: nameLocation, + BlockLocation: blockLocation, + LocationRole: models.LocationRoleLockfile, } } @@ -450,12 +495,110 @@ func isJSONFormat(content []byte) bool { // // Returns a slice of YarnPackage structs compatible with the existing YAML parser output, // allowing the rest of the extraction logic to work identically for both formats. -func parseYarnBerryJSON(content []byte) ([]YarnPackage, error) { +// extractYarnBerryJSONPositions scans JSON lines for entry keys within the "entries" object. +// Entry keys appear as " \"package@npm:^1.0.0\": {" at 4-space indent inside "entries". +func extractYarnBerryJSONPositions(lines []string) map[string]models.FilePosition { + positions := make(map[string]models.FilePosition) + + inEntries := false + var currentKey string + braceDepth := 0 + + for i, line := range lines { + lineNum := i + 1 + trimmed := strings.TrimSpace(line) + + // Detect "entries": { + if !inEntries && strings.Contains(trimmed, `"entries"`) && strings.HasSuffix(trimmed, "{") { + inEntries = true + braceDepth = 1 + + continue + } + + if !inEntries { + continue + } + + // Track brace depth + for _, ch := range trimmed { + if ch == '{' { + braceDepth++ + } else if ch == '}' { + braceDepth-- + } + } + + if braceDepth <= 0 { + // Close last entry + if currentKey != "" { + closeBerryEntry(positions, currentKey, i, lines) + currentKey = "" + } + + inEntries = false + + continue + } + + // Entry key at depth 1 (exactly 4-space indent, opens an object): " \"package@npm:^1.0.0\": {" + // Require HasSuffix("{") to avoid false positives on internal fields like "checksum": "..." + // which also sit at depth 2 but do not open a new brace. + if braceDepth == 2 && strings.HasSuffix(trimmed, "{") && strings.HasPrefix(line, " ") { + // This is a new entry key + if currentKey != "" { + closeBerryEntry(positions, currentKey, i, lines) + } + + // Extract the key between quotes + firstQuote := strings.Index(trimmed, `"`) + lastQuote := strings.Index(trimmed[firstQuote+1:], `"`) + + if firstQuote >= 0 && lastQuote >= 0 { + key := trimmed[firstQuote+1 : firstQuote+1+lastQuote] + currentKey = key + + colStart := fileposition.GetFirstNonEmptyCharacterIndexInLine(line) + + positions[currentKey] = models.FilePosition{ + Line: models.Position{Start: lineNum, End: 0}, + Column: models.Position{Start: colStart, End: 0}, + } + } + } + } + + if currentKey != "" { + closeBerryEntry(positions, currentKey, len(lines), lines) + } + + return positions +} + +func closeBerryEntry(positions map[string]models.FilePosition, key string, beforeIndex int, lines []string) { + pos := positions[key] + lastNonEmpty := beforeIndex - 1 + for lastNonEmpty >= 0 && strings.TrimSpace(lines[lastNonEmpty]) == "" { + lastNonEmpty-- + } + + if lastNonEmpty >= 0 { + pos.Line.End = lastNonEmpty + 1 + pos.Column.End = fileposition.GetLastNonEmptyCharacterIndexInLine(lines[lastNonEmpty]) + } else { + pos.Line.End = pos.Line.Start + } + + positions[key] = pos +} + +func parseYarnBerryJSON(content []byte, lines []string) ([]YarnPackage, error) { var berryJSON YarnBerryJSON if err := json.Unmarshal(content, &berryJSON); err != nil { return nil, fmt.Errorf("failed to parse yarn.lock JSON: %w", err) } + positions := extractYarnBerryJSONPositions(lines) packages := make([]YarnPackage, 0, len(berryJSON.Entries)) for entryKey, entry := range berryJSON.Entries { @@ -484,6 +627,12 @@ func parseYarnBerryJSON(content []byte) ([]YarnPackage, error) { }) } + // Look up position by entry key + var blockPos models.FilePosition + if pos, ok := positions[entryKey]; ok { + blockPos = pos + } + // Create one YarnPackage per target version for _, targetVersion := range targetVersions { packages = append(packages, YarnPackage{ @@ -493,6 +642,7 @@ func parseYarnBerryJSON(content []byte) ([]YarnPackage, error) { Resolution: resolution, Dependencies: dependencies, WorkspacePath: workspacePath, + BlockLocation: blockPos, }) } } @@ -501,41 +651,24 @@ func parseYarnBerryJSON(content []byte) ([]YarnPackage, error) { } func (e YarnLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { - // Peek first bytes to detect format without loading entire file into memory - buf := make([]byte, 200) - n, err := f.Read(buf) - if err != nil && !errors.Is(err, io.EOF) { + content, err := io.ReadAll(f) + if err != nil { return []lockfile.PackageDetails{}, fmt.Errorf("error reading yarn.lock: %w", err) } - // Try to reset file position for streaming - var reader io.Reader = f - if seeker, ok := f.(io.Seeker); ok { - if _, err := seeker.Seek(0, 0); err != nil { - return []lockfile.PackageDetails{}, fmt.Errorf("error seeking yarn.lock: %w", err) - } - } else { - // If we can't seek, prepend the peeked bytes back to the reader - reader = io.MultiReader(strings.NewReader(string(buf[:n])), f) - } + lines := fileposition.BytesToLines(content) var yarnPackages []YarnPackage - if isJSONFormat(buf[:n]) { + if isJSONFormat(content) { // Parse JSON format (Yarn v4+) - // JSON requires loading entire file into memory for parsing - content, err := io.ReadAll(reader) - if err != nil { - return []lockfile.PackageDetails{}, fmt.Errorf("error reading yarn.lock JSON: %w", err) - } - yarnPackages, err = parseYarnBerryJSON(content) + yarnPackages, err = parseYarnBerryJSON(content, lines) if err != nil { return []lockfile.PackageDetails{}, err } } else { - // Parse YAML format (Yarn v1-3) using streaming scanner - // This avoids loading the entire file into memory - scanner := bufio.NewScanner(reader) - yarnPackages = groupYarnPackageLines(scanner) + // Parse YAML-like format (Yarn v1-3) + scanner := bufio.NewScanner(strings.NewReader(string(content))) + yarnPackages = groupYarnPackageLines(scanner, lines) if err := scanner.Err(); err != nil { return []lockfile.PackageDetails{}, fmt.Errorf("error while scanning %s: %w", f.Path(), err) @@ -561,7 +694,7 @@ func (e YarnLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanCont } dependencyWorkspaces := createDependencyWorkspaceMap(workspaces, allResolvedPackages) - packages := createPackageDetails(allResolvedPackages, dependencyWorkspaces) + packages := createPackageDetails(allResolvedPackages, dependencyWorkspaces, f.Path()) pkgIndex := indexByNameAndVersions(packages) for index, pkg := range packages { @@ -608,12 +741,12 @@ func createDependencyWorkspaceMap(workspaces []YarnPackage, allResolvedPackages return dependencyWorkspaces } -func createPackageDetails(allResolvedPackages []YarnPackage, dependencyWorkspaces map[string][]string) []lockfile.PackageDetails { +func createPackageDetails(allResolvedPackages []YarnPackage, dependencyWorkspaces map[string][]string, filePath string) []lockfile.PackageDetails { packages := make([]lockfile.PackageDetails, 0, len(allResolvedPackages)) // Create lockfile.PackageDetails for regular packages, with workspace information where applicable for _, yarnPackage := range allResolvedPackages { - basePackage := parseYarnPackage(yarnPackage) + basePackage := parseYarnPackage(yarnPackage, filePath) depKey := getWorkspaceDependencyKey(yarnPackage.Name, yarnPackage.Version, yarnPackage.TargetVersion) if workspacePaths, exists := dependencyWorkspaces[depKey]; exists { diff --git a/pkg/lockfile/javascript/pnpm-legacy-lock.go b/pkg/lockfile/javascript/pnpm-legacy-lock.go index b6e27e9f..c28f9d02 100644 --- a/pkg/lockfile/javascript/pnpm-legacy-lock.go +++ b/pkg/lockfile/javascript/pnpm-legacy-lock.go @@ -1,6 +1,7 @@ package javascript import ( + "bytes" "errors" "fmt" "io" @@ -9,6 +10,7 @@ import ( "strings" "github.com/DataDog/datadog-sbom-generator/internal/cachedregexp" + "github.com/DataDog/datadog-sbom-generator/internal/utility/fileposition" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" @@ -104,7 +106,92 @@ func getVersionInfo(name string, maps ...map[string]PnpmLegacyLockDependency) (s return "", "", false } -func parsePnpmLegacyLock(sourceFile PnpmLegacyLockfile) []lockfile.PackageDetails { +// extractPnpmLegacyPackagePositions scans YAML lines for package entries under "packages:". +// Legacy pnpm package keys appear at 2-space indent (e.g. " /acorn/8.7.0:"). +func extractPnpmLegacyPackagePositions(lines []string) map[string]models.FilePosition { + positions := make(map[string]models.FilePosition) + + inPackages := false + var currentKey string + + for i, line := range lines { + lineNum := i + 1 + + trimmed := strings.TrimSpace(line) + if trimmed == "" { + continue + } + + // Detect the "packages:" top-level key + if trimmed == "packages:" { + inPackages = true + + continue + } + + if !inPackages { + continue + } + + // A line with no leading spaces means we've exited the packages block + if len(line) > 0 && line[0] != ' ' { + if currentKey != "" { + closePnpmBlock(positions, currentKey, i, lines) + currentKey = "" + } + + inPackages = false + + continue + } + + // 2-space indent: package entry (e.g. " /acorn/8.7.0:") + if len(line) >= 3 && line[0] == ' ' && line[1] == ' ' && line[2] != ' ' && strings.HasSuffix(trimmed, ":") { + // Close previous package + if currentKey != "" { + closePnpmBlock(positions, currentKey, i, lines) + } + + // Strip trailing ":" and normalize YAML quoting: single-quoted keys like + // 'https://...' are stored with quotes in the raw text but decoded without + // quotes by the YAML parser. Stripping surrounding quotes makes the positions + // map key match what sourceFile.Packages uses for lookup. + pkgKey := strings.Trim(strings.TrimSuffix(trimmed, ":"), "'\"") + currentKey = pkgKey + + colStart := fileposition.GetFirstNonEmptyCharacterIndexInLine(line) + + positions[currentKey] = models.FilePosition{ + Line: models.Position{Start: lineNum, End: 0}, + Column: models.Position{Start: colStart, End: 0}, + } + + continue + } + } + + // Close last package if file ended within packages section + if currentKey != "" { + pos := positions[currentKey] + lastIdx := len(lines) - 1 + for lastIdx >= 0 && strings.TrimSpace(lines[lastIdx]) == "" { + lastIdx-- + } + + if lastIdx >= 0 { + pos.Line.End = lastIdx + 1 + pos.Column.End = fileposition.GetLastNonEmptyCharacterIndexInLine(lines[lastIdx]) + } else { + pos.Line.End = pos.Line.Start + } + + positions[currentKey] = pos + } + + return positions +} + +func parsePnpmLegacyLock(sourceFile PnpmLegacyLockfile, positions map[string]models.FilePosition, filePath string) []lockfile.PackageDetails { packages := make([]lockfile.PackageDetails, 0, len(sourceFile.Packages)) for s, pkg := range sourceFile.Packages { @@ -186,6 +273,12 @@ func parsePnpmLegacyLock(sourceFile PnpmLegacyLockfile) []lockfile.PackageDetail targetVersions = []string{targetVersion} } + blockLocation := models.FilePosition{} + if pos, ok := positions[s]; ok { + pos.Filename = filePath + blockLocation = pos + } + packages = append(packages, lockfile.PackageDetails{ Name: name, Version: version, @@ -195,6 +288,8 @@ func parsePnpmLegacyLock(sourceFile PnpmLegacyLockfile) []lockfile.PackageDetail Commit: commit, DepGroups: depGroups, IsDirect: isDirect, + BlockLocation: blockLocation, + LocationRole: models.LocationRoleLockfile, }) } @@ -216,7 +311,12 @@ func (e PnpmLockExtractor) PackageManager() models.PackageManager { func (e PnpmLockExtractor) extractLegacyPnpm(f lockfile.DepFile) ([]lockfile.PackageDetails, error) { var parsedLockfile *PnpmLegacyLockfile - err := yaml.NewDecoder(f).Decode(&parsedLockfile) + content, err := io.ReadAll(f) + if err != nil { + return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) + } + + err = yaml.NewDecoder(bytes.NewReader(content)).Decode(&parsedLockfile) if err != nil && !errors.Is(err, io.EOF) { return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) @@ -227,5 +327,8 @@ func (e PnpmLockExtractor) extractLegacyPnpm(f lockfile.DepFile) ([]lockfile.Pac parsedLockfile = &PnpmLegacyLockfile{} } - return parsePnpmLegacyLock(*parsedLockfile), nil + lines := fileposition.BytesToLines(content) + positions := extractPnpmLegacyPackagePositions(lines) + + return parsePnpmLegacyLock(*parsedLockfile, positions, f.Path()), nil } diff --git a/pkg/lockfile/javascript/types.go b/pkg/lockfile/javascript/types.go index 3a426c07..9a355e87 100644 --- a/pkg/lockfile/javascript/types.go +++ b/pkg/lockfile/javascript/types.go @@ -248,6 +248,7 @@ type YarnPackage struct { Resolution string Dependencies []YarnDependency WorkspacePath string + BlockLocation models.FilePosition } type YarnLockExtractor struct { diff --git a/pkg/lockfile/php/parse-composer-lock.go b/pkg/lockfile/php/parse-composer-lock.go index 238c2357..cf5004ff 100644 --- a/pkg/lockfile/php/parse-composer-lock.go +++ b/pkg/lockfile/php/parse-composer-lock.go @@ -1,10 +1,14 @@ package php import ( + "bytes" "encoding/json" "fmt" + "io" "path/filepath" + "strings" + "github.com/DataDog/datadog-sbom-generator/internal/cachedregexp" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" ) @@ -43,14 +47,74 @@ func (e ComposerLockExtractor) PackageManager() models.PackageManager { return composerPackageManager } +// computeComposerBlockPositions scans JSON lines to find the start/end +// positions of each object in the "packages" and "packages-dev" arrays. +// Returns positions in order: packages first, then packages-dev. +func computeComposerBlockPositions(lines []string) []models.FilePosition { + var positions []models.FilePosition + + packagesKeyRe := cachedregexp.MustCompile(`^\s*"packages(-dev)?"\s*:\s*\[`) + inArray := false + braceDepth := 0 + var currentStart int + + for i, line := range lines { + lineNum := i + 1 // 1-indexed + + if !inArray { + if packagesKeyRe.MatchString(line) { + inArray = true + braceDepth = 0 + } + + continue + } + + // Count braces on this line + for _, ch := range line { + switch ch { + case '{': + braceDepth++ + if braceDepth == 1 { + currentStart = lineNum + } + case '}': + if braceDepth == 1 { + positions = append(positions, models.FilePosition{ + Line: models.Position{Start: currentStart, End: lineNum}, + Column: models.Position{Start: strings.IndexByte(lines[currentStart-1], '{') + 1, End: strings.IndexByte(line, '}') + 2}, + }) + } + braceDepth-- + } + } + + // Check if array is closed (line has ']' at depth 0) + if braceDepth == 0 && strings.Contains(line, "]") { + inArray = false + } + } + + return positions +} + func (e ComposerLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { var parsedLockfile *ComposerLock - err := json.NewDecoder(f).Decode(&parsedLockfile) + content, err := io.ReadAll(f) + if err != nil { + return []lockfile.PackageDetails{}, fmt.Errorf("could not read %s: %w", f.Path(), err) + } + + err = json.NewDecoder(bytes.NewReader(content)).Decode(&parsedLockfile) if err != nil { return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) } + // Compute block positions for all packages in both arrays + lines := strings.Split(strings.ReplaceAll(string(content), "\r\n", "\n"), "\n") + blockPositions := computeComposerBlockPositions(lines) + packages := make( []lockfile.PackageDetails, 0, @@ -58,25 +122,40 @@ func (e ComposerLockExtractor) Extract(f lockfile.DepFile, context lockfile.Scan uint64(len(parsedLockfile.Packages))+uint64(len(parsedLockfile.PackagesDev)), ) + posIdx := 0 for _, composerPackage := range parsedLockfile.Packages { - packages = append(packages, lockfile.PackageDetails{ + pkg := lockfile.PackageDetails{ Name: composerPackage.Name, Version: composerPackage.Version, Commit: composerPackage.Dist.Reference, PackageManager: composerPackageManager, Ecosystem: models.EcosystemPackagist, - }) + } + if posIdx < len(blockPositions) { + pkg.BlockLocation = blockPositions[posIdx] + pkg.BlockLocation.Filename = f.Path() + pkg.LocationRole = models.LocationRoleLockfile + posIdx++ + } + packages = append(packages, pkg) } for _, composerPackage := range parsedLockfile.PackagesDev { - packages = append(packages, lockfile.PackageDetails{ + pkg := lockfile.PackageDetails{ Name: composerPackage.Name, Version: composerPackage.Version, Commit: composerPackage.Dist.Reference, PackageManager: composerPackageManager, Ecosystem: models.EcosystemPackagist, DepGroups: []string{"dev"}, - }) + } + if posIdx < len(blockPositions) { + pkg.BlockLocation = blockPositions[posIdx] + pkg.BlockLocation.Filename = f.Path() + pkg.LocationRole = models.LocationRoleLockfile + posIdx++ + } + packages = append(packages, pkg) } return packages, nil diff --git a/pkg/lockfile/php/parse-composer-lock_test.go b/pkg/lockfile/php/parse-composer-lock_test.go index 717b761d..51216d7a 100644 --- a/pkg/lockfile/php/parse-composer-lock_test.go +++ b/pkg/lockfile/php/parse-composer-lock_test.go @@ -2,8 +2,11 @@ package php_test import ( "io/fs" + "path/filepath" "testing" + "github.com/stretchr/testify/assert" + "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/php" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" @@ -99,7 +102,7 @@ func TestParseComposerLock_OnePackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "sentry/sdk", Version: "2.0.4", @@ -118,7 +121,7 @@ func TestParseComposerLock_OnePackageDev(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "sentry/sdk", Version: "2.0.4", @@ -138,7 +141,7 @@ func TestParseComposerLock_TwoPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "sentry/sdk", Version: "2.0.4", @@ -165,7 +168,7 @@ func TestParseComposerLock_TwoPackagesAlt(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "sentry/sdk", Version: "2.0.4", @@ -182,3 +185,48 @@ func TestParseComposerLock_TwoPackagesAlt(t *testing.T) { }, }) } + +func TestParseComposerLock_TwoPackages_BlockLocation(t *testing.T) { + t.Parallel() + + path, err := filepath.Abs("../fixtures/composer/two-packages.json") + if err != nil { + t.Fatalf("could not get absolute path: %v", err) + } + + packages, err := php.ParseComposerLock(path) + if err != nil { + t.Fatalf("Got unexpected error: %v", err) + } + + // two-packages.json has: + // "packages" array with sentry/sdk at lines 9-39 + // "packages-dev" array with theseer/tokenizer at lines 42-77 + assert.Len(t, packages, 2, "expected 2 packages") + + for _, pkg := range packages { + assert.NotEqual(t, 0, pkg.BlockLocation.Line.Start, + "expected BlockLocation.Line.Start to be set for package %s", pkg.Name) + assert.NotEmpty(t, pkg.BlockLocation.Filename, + "expected BlockLocation.Filename to be set for package %s", pkg.Name) + assert.Equal(t, path, pkg.BlockLocation.Filename, + "expected BlockLocation.Filename to match the lockfile path for package %s", pkg.Name) + } + + // Verify specific positions + pkgMap := make(map[string]lockfile.PackageDetails) + for _, pkg := range packages { + pkgMap[pkg.Name] = pkg + } + + // sentry/sdk starts at line 9 (opening {) and ends at line 39 (closing }) + assert.Equal(t, 9, pkgMap["sentry/sdk"].BlockLocation.Line.Start) + assert.Equal(t, 39, pkgMap["sentry/sdk"].BlockLocation.Line.End) + + // theseer/tokenizer starts at line 42 and ends at line 77 + assert.Equal(t, 42, pkgMap["theseer/tokenizer"].BlockLocation.Line.Start) + assert.Equal(t, 77, pkgMap["theseer/tokenizer"].BlockLocation.Line.End) + + // Verify path is absolute + assert.True(t, filepath.IsAbs(path), "path should be absolute") +} diff --git a/pkg/lockfile/python/parse-pdm-lock.go b/pkg/lockfile/python/parse-pdm-lock.go index 1d0b1402..a82d800c 100644 --- a/pkg/lockfile/python/parse-pdm-lock.go +++ b/pkg/lockfile/python/parse-pdm-lock.go @@ -1,9 +1,13 @@ package python import ( + "bytes" "fmt" + "io" "path/filepath" + "strings" + "github.com/DataDog/datadog-sbom-generator/internal/utility/fileposition" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" @@ -25,7 +29,12 @@ func (p PdmLockExtractor) PackageManager() models.PackageManager { func (p PdmLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { var parsedLockFile *PdmLockFile - _, err := toml.NewDecoder(f).Decode(&parsedLockFile) + content, err := io.ReadAll(f) + if err != nil { + return []lockfile.PackageDetails{}, fmt.Errorf("could not read %s: %w", f.Path(), err) + } + + _, err = toml.NewDecoder(bytes.NewReader(content)).Decode(&parsedLockFile) if err != nil { return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) } @@ -59,6 +68,19 @@ func (p PdmLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanConte packages = append(packages, details) } + // Set BlockLocation for each package using the InTOML utility + lines := strings.Split(strings.ReplaceAll(string(content), "\r\n", "\n"), "\n") + positions := make([]*models.FilePosition, len(packages)) + for i := range packages { + positions[i] = &packages[i].BlockLocation + } + + fileposition.InTOML("[[package]]", "", positions, lines) + + for i := range packages { + packages[i].BlockLocation.Filename = f.Path() + } + return packages, nil } diff --git a/pkg/lockfile/python/parse-pdm-lock_test.go b/pkg/lockfile/python/parse-pdm-lock_test.go index 9be5075f..b173ca5f 100644 --- a/pkg/lockfile/python/parse-pdm-lock_test.go +++ b/pkg/lockfile/python/parse-pdm-lock_test.go @@ -2,8 +2,11 @@ package python_test import ( "io/fs" + "path/filepath" "testing" + "github.com/stretchr/testify/assert" + "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/python" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" @@ -109,7 +112,7 @@ func TestParsePdmLock_SinglePackage(t *testing.T) { packages, err := python.ParsePdmLock("../fixtures/pdm/single-package.toml") expectNilErr(t, err) - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "toml", Version: "0.10.2", @@ -125,7 +128,7 @@ func TestParsePdmLock_TwoPackages(t *testing.T) { packages, err := python.ParsePdmLock("../fixtures/pdm/two-packages.toml") expectNilErr(t, err) - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "toml", Version: "0.10.2", @@ -147,7 +150,7 @@ func TestParsePdmLock_PackageWithDevDependencies(t *testing.T) { packages, err := python.ParsePdmLock("../fixtures/pdm/dev-dependency.toml") expectNilErr(t, err) - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "toml", Version: "0.10.2", @@ -177,7 +180,7 @@ func TestParsePdmLock_PackageWithOptionalDependency(t *testing.T) { packages, err := python.ParsePdmLock("../fixtures/pdm/optional-dependency.toml") expectNilErr(t, err) - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "toml", Version: "0.10.2", @@ -207,7 +210,7 @@ func TestParsePdmLock_PackageWithGitDependency(t *testing.T) { packages, err := python.ParsePdmLock("../fixtures/pdm/git-dependency.toml") expectNilErr(t, err) - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "toml", Version: "0.10.2", @@ -217,3 +220,47 @@ func TestParsePdmLock_PackageWithGitDependency(t *testing.T) { }, }) } + +func TestParsePdmLock_TwoPackages_BlockLocation(t *testing.T) { + t.Parallel() + + path, err := filepath.Abs("../fixtures/pdm/two-packages.toml") + if err != nil { + t.Fatalf("could not get absolute path: %v", err) + } + + packages, err := python.ParsePdmLock(path) + if err != nil { + t.Fatalf("Got unexpected error: %v", err) + } + + // two-packages.toml has: + // line 4: [metadata] + // line 10: [[package]] (six, lines 10-19) + // line 21: [[package]] (toml, lines 21-30) + assert.Len(t, packages, 2, "expected 2 packages") + + for _, pkg := range packages { + assert.NotEqual(t, 0, pkg.BlockLocation.Line.Start, + "expected BlockLocation.Line.Start to be set for package %s", pkg.Name) + assert.NotEmpty(t, pkg.BlockLocation.Filename, + "expected BlockLocation.Filename to be set for package %s", pkg.Name) + assert.Equal(t, path, pkg.BlockLocation.Filename, + "expected BlockLocation.Filename to match the lockfile path for package %s", pkg.Name) + } + + // Verify specific positions + pkgMap := make(map[string]lockfile.PackageDetails) + for _, pkg := range packages { + pkgMap[pkg.Name] = pkg + } + + // six starts at line 10 ("[[package]]") + assert.Equal(t, 10, pkgMap["six"].BlockLocation.Line.Start) + + // toml starts at line 21 ("[[package]]") + assert.Equal(t, 21, pkgMap["toml"].BlockLocation.Line.Start) + + // Verify path is absolute + assert.True(t, filepath.IsAbs(path), "path should be absolute") +} diff --git a/pkg/lockfile/python/parse-pipenv-lock.go b/pkg/lockfile/python/parse-pipenv-lock.go index d0faa604..77760c8b 100644 --- a/pkg/lockfile/python/parse-pipenv-lock.go +++ b/pkg/lockfile/python/parse-pipenv-lock.go @@ -1,11 +1,15 @@ package python import ( + "bytes" "encoding/json" "fmt" + "io" "path/filepath" "slices" + "strings" + "github.com/DataDog/datadog-sbom-generator/internal/utility/fileposition" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" @@ -27,21 +31,48 @@ func (e PipenvLockExtractor) PackageManager() models.PackageManager { func (e PipenvLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { var parsedLockfile *PipenvLock - err := json.NewDecoder(f).Decode(&parsedLockfile) + content, err := io.ReadAll(f) + if err != nil { + return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) + } + + err = json.NewDecoder(bytes.NewReader(content)).Decode(&parsedLockfile) if err != nil { return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) } + lines := strings.Split(strings.ReplaceAll(string(content), "\r\n", "\n"), "\n") + + // Build position maps for InJSON + defaultPositions := make(map[string]*models.FilePosition, len(parsedLockfile.Packages)) + for name := range parsedLockfile.Packages { + defaultPositions[name] = &models.FilePosition{} + } + + developPositions := make(map[string]*models.FilePosition, len(parsedLockfile.PackagesDev)) + for name := range parsedLockfile.PackagesDev { + developPositions[name] = &models.FilePosition{} + } + + fileposition.InJSON("default", defaultPositions, lines, 0) + fileposition.InJSON("develop", developPositions, lines, 0) + details := make(map[string]lockfile.PackageDetails) - addPkgDetails(details, parsedLockfile.Packages, "") - addPkgDetails(details, parsedLockfile.PackagesDev, "dev") + addPkgDetails(details, parsedLockfile.Packages, "", defaultPositions, f.Path()) + addPkgDetails(details, parsedLockfile.PackagesDev, "dev", developPositions, f.Path()) return slices.Collect(maps.Values(details)), nil } -func addPkgDetails(details map[string]lockfile.PackageDetails, packages map[string]PipenvPackage, group string) { +func addPkgDetails( + details map[string]lockfile.PackageDetails, + packages map[string]PipenvPackage, + group string, + positions map[string]*models.FilePosition, + filePath string, +) { for name, pipenvPackage := range packages { if pipenvPackage.Version == "" { continue @@ -59,6 +90,12 @@ func addPkgDetails(details map[string]lockfile.PackageDetails, packages map[stri if group != "" { pkgDetails.DepGroups = append(pkgDetails.DepGroups, group) } + if pos, ok := positions[name]; ok { + blockLocation := *pos + blockLocation.Filename = filePath + pkgDetails.BlockLocation = blockLocation + pkgDetails.LocationRole = models.LocationRoleLockfile + } details[name+"@"+version] = pkgDetails } } diff --git a/pkg/lockfile/python/parse-pipenv-lock_test.go b/pkg/lockfile/python/parse-pipenv-lock_test.go index aae00097..0f946172 100644 --- a/pkg/lockfile/python/parse-pipenv-lock_test.go +++ b/pkg/lockfile/python/parse-pipenv-lock_test.go @@ -112,7 +112,7 @@ func TestParsePipenvLock_OnePackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "markupsafe", Version: "2.1.1", @@ -157,7 +157,7 @@ func TestParsePipenvLock_OnePackage_MatcherFailed(t *testing.T) { _ = r.Close() assert.Contains(t, buffer.String(), matcherError.Error()) - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "markupsafe", Version: "2.1.1", @@ -183,7 +183,7 @@ func TestParsePipenvLock_OnePackageDev(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "markupsafe", Version: "2.1.1", @@ -207,7 +207,7 @@ func TestParsePipenvLock_TwoPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "itsdangerous", Version: "2.1.2", @@ -237,7 +237,7 @@ func TestParsePipenvLock_TwoPackagesAlt(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "itsdangerous", Version: "2.1.2", @@ -266,7 +266,7 @@ func TestParsePipenvLock_MultiplePackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "itsdangerous", Version: "2.1.2", @@ -295,6 +295,41 @@ func TestParsePipenvLock_MultiplePackages(t *testing.T) { }) } +func TestParsePipenvLock_TwoPackages_BlockLocation(t *testing.T) { + t.Parallel() + dir, err := os.Getwd() + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + path := filepath.FromSlash(filepath.Join(dir, "../fixtures/pipenv/two-packages.json")) + packages, err := python.ParsePipenvLock(path) + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + packagesByName := make(map[string]lockfile.PackageDetails) + for _, pkg := range packages { + packagesByName[pkg.Name] = pkg + } + + // itsdangerous is in "default" section, lines 19-26 + itsdangerous := packagesByName["itsdangerous"] + assert.Equal(t, 19, itsdangerous.BlockLocation.Line.Start) + assert.Equal(t, 26, itsdangerous.BlockLocation.Line.End) + assert.Equal(t, 7, itsdangerous.BlockLocation.Column.Start) + assert.Equal(t, 8, itsdangerous.BlockLocation.Column.End) + assert.Equal(t, path, itsdangerous.BlockLocation.Filename) + + // markupsafe is in "develop" section, lines 29-74 + markupsafe := packagesByName["markupsafe"] + assert.Equal(t, 29, markupsafe.BlockLocation.Line.Start) + assert.Equal(t, 74, markupsafe.BlockLocation.Line.End) + assert.Equal(t, 7, markupsafe.BlockLocation.Column.Start) + assert.Equal(t, 8, markupsafe.BlockLocation.Column.End) + assert.Equal(t, path, markupsafe.BlockLocation.Filename) +} + func TestParsePipenvLock_PackageWithoutVersion(t *testing.T) { t.Parallel() diff --git a/pkg/lockfile/python/parse-poetry-lock.go b/pkg/lockfile/python/parse-poetry-lock.go index 57ffd96f..f1c45a74 100644 --- a/pkg/lockfile/python/parse-poetry-lock.go +++ b/pkg/lockfile/python/parse-poetry-lock.go @@ -1,9 +1,13 @@ package python import ( + "bytes" "fmt" + "io" "path/filepath" + "strings" + "github.com/DataDog/datadog-sbom-generator/internal/utility/fileposition" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" @@ -25,7 +29,12 @@ func (e PoetryLockExtractor) PackageManager() models.PackageManager { func (e PoetryLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { var parsedLockfile *PoetryLockFile - _, err := toml.NewDecoder(f).Decode(&parsedLockfile) + content, err := io.ReadAll(f) + if err != nil { + return []lockfile.PackageDetails{}, fmt.Errorf("could not read %s: %w", f.Path(), err) + } + + _, err = toml.NewDecoder(bytes.NewReader(content)).Decode(&parsedLockfile) if err != nil { return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) @@ -47,6 +56,20 @@ func (e PoetryLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanCo packages = append(packages, pkgDetails) } + // Set BlockLocation for each package using the InTOML utility + lines := strings.Split(strings.ReplaceAll(string(content), "\r\n", "\n"), "\n") + positions := make([]*models.FilePosition, len(packages)) + for i := range packages { + positions[i] = &packages[i].BlockLocation + } + + fileposition.InTOML("[[package]]", "[metadata]", positions, lines) + + for i := range packages { + packages[i].BlockLocation.Filename = f.Path() + packages[i].LocationRole = models.LocationRoleLockfile + } + return packages, nil } diff --git a/pkg/lockfile/python/parse-poetry-lock_test.go b/pkg/lockfile/python/parse-poetry-lock_test.go index 62b3b899..4879920e 100644 --- a/pkg/lockfile/python/parse-poetry-lock_test.go +++ b/pkg/lockfile/python/parse-poetry-lock_test.go @@ -112,7 +112,7 @@ func TestParsePoetryLock_OnePackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "numpy", Version: "1.23.3", @@ -157,7 +157,7 @@ func TestParsePoetryLock_OnePackage_MatcherFailed(t *testing.T) { _ = r.Close() assert.Contains(t, buffer.String(), matcherError.Error()) - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "numpy", Version: "1.23.3", @@ -183,7 +183,7 @@ func TestParsePoetryLock_TwoPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "proto-plus", Version: "1.22.0", @@ -212,7 +212,7 @@ func TestParsePoetryLock_PackageWithMetadata(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "emoji", Version: "2.0.0", @@ -235,7 +235,7 @@ func TestParsePoetryLock_PackageWithGitSource(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "ike", Version: "0.2.0", @@ -259,7 +259,7 @@ func TestParsePoetryLock_PackageWithLegacySource(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "appdirs", Version: "1.4.4", @@ -283,7 +283,7 @@ func TestParsePoetryLock_OptionalPackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "numpy", Version: "1.23.3", @@ -293,3 +293,47 @@ func TestParsePoetryLock_OptionalPackage(t *testing.T) { }, }) } + +func TestParsePoetryLock_TwoPackages_BlockLocation(t *testing.T) { + t.Parallel() + + path, err := filepath.Abs("../fixtures/poetry/two-packages.lock") + if err != nil { + t.Fatalf("could not get absolute path: %v", err) + } + + packages, err := python.ParsePoetryLock(path) + if err != nil { + t.Fatalf("Got unexpected error: %v", err) + } + + // two-packages.lock has: + // line 1: "[[package]]" (proto-plus block, lines 1-13) + // line 15: "[[package]]" (protobuf block, lines 15-21) + // line 23: "[metadata]" (not a package) + assert.Len(t, packages, 2, "expected 2 packages") + + for _, pkg := range packages { + assert.NotEqual(t, 0, pkg.BlockLocation.Line.Start, + "expected BlockLocation.Line.Start to be set for package %s", pkg.Name) + assert.NotEmpty(t, pkg.BlockLocation.Filename, + "expected BlockLocation.Filename to be set for package %s", pkg.Name) + assert.Equal(t, path, pkg.BlockLocation.Filename, + "expected BlockLocation.Filename to match the lockfile path for package %s", pkg.Name) + } + + // Verify specific positions + pkgMap := make(map[string]lockfile.PackageDetails) + for _, pkg := range packages { + pkgMap[pkg.Name] = pkg + } + + // proto-plus starts at line 1 + assert.Equal(t, 1, pkgMap["proto-plus"].BlockLocation.Line.Start) + + // protobuf starts at line 15 + assert.Equal(t, 15, pkgMap["protobuf"].BlockLocation.Line.Start) + + // Verify path is absolute + assert.True(t, filepath.IsAbs(path), "path should be absolute") +} diff --git a/pkg/lockfile/python/parse-uv-lock.go b/pkg/lockfile/python/parse-uv-lock.go index df91e611..16a469fc 100644 --- a/pkg/lockfile/python/parse-uv-lock.go +++ b/pkg/lockfile/python/parse-uv-lock.go @@ -1,11 +1,14 @@ package python import ( + "bytes" "errors" "fmt" + "io" "path/filepath" "strings" + "github.com/DataDog/datadog-sbom-generator/internal/utility/fileposition" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" @@ -62,7 +65,12 @@ func findRootPackage(allPackages []*UvLockPackage) (*UvLockPackage, error) { func (e UvLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { var parsedLockfile *UvLockFile - _, err := toml.NewDecoder(f).Decode(&parsedLockfile) + content, err := io.ReadAll(f) + if err != nil { + return []lockfile.PackageDetails{}, fmt.Errorf("could not read %s: %w", f.Path(), err) + } + + _, err = toml.NewDecoder(bytes.NewReader(content)).Decode(&parsedLockfile) if err != nil { return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) } @@ -72,6 +80,16 @@ func (e UvLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContex return []lockfile.PackageDetails{}, errors.New("error getting root package") } + // Compute BlockLocation for ALL toml packages (including root) using InTOML + lines := strings.Split(strings.ReplaceAll(string(content), "\r\n", "\n"), "\n") + allPositions := make([]models.FilePosition, len(parsedLockfile.Packages)) + positionPtrs := make([]*models.FilePosition, len(parsedLockfile.Packages)) + for i := range allPositions { + positionPtrs[i] = &allPositions[i] + } + + fileposition.InTOML("[[package]]", "", positionPtrs, lines) + // This will hold packages we will return packages := make([]lockfile.PackageDetails, 0, len(parsedLockfile.Packages)) if rootPackage != nil { @@ -84,7 +102,7 @@ func (e UvLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContex } } - for _, lockPackage := range parsedLockfile.Packages { + for i, lockPackage := range parsedLockfile.Packages { // Skip root package because root files describe what it depends on, but isn't itself a dependency // https://docs.astral.sh/uv/concepts/projects/layout/ if isRoot(lockPackage) { @@ -100,6 +118,9 @@ func (e UvLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContex depGroups = append(depGroups, "dev") } + blockLocation := allPositions[i] + blockLocation.Filename = f.Path() + pkgDetails := lockfile.PackageDetails{ Name: lockPackage.Name, Version: lockPackage.Version, @@ -107,6 +128,7 @@ func (e UvLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContex PackageManager: uvPackageManager, Ecosystem: models.EcosystemPyPI, IsDirect: isDirect || isDevDependency, + BlockLocation: blockLocation, } if len(depGroups) > 0 { diff --git a/pkg/lockfile/python/parse-uv-lock_test.go b/pkg/lockfile/python/parse-uv-lock_test.go index 0c423301..a6b5c702 100644 --- a/pkg/lockfile/python/parse-uv-lock_test.go +++ b/pkg/lockfile/python/parse-uv-lock_test.go @@ -5,6 +5,8 @@ import ( "path/filepath" "testing" + "github.com/stretchr/testify/assert" + "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/internal/testutil" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/python" @@ -24,7 +26,7 @@ func TestParseUvLock_SinglePackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "requests", Version: "2.32.3", @@ -72,7 +74,7 @@ func TestParseUvLock_NoPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{}) + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{}) } func TestParseUvLock_MultiplePackage(t *testing.T) { @@ -88,7 +90,7 @@ func TestParseUvLock_MultiplePackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "bottle", Version: "0.13.3", @@ -147,7 +149,7 @@ func TestParseUvLock_DevPackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "requests", Version: "2.32.3", @@ -228,3 +230,50 @@ func TestParseUvLock_DevPackage(t *testing.T) { }, }) } + +func TestParseUvLock_SinglePackage_BlockLocation(t *testing.T) { + t.Parallel() + + path, err := filepath.Abs("../fixtures/uv/single-package.lock") + if err != nil { + t.Fatalf("could not get absolute path: %v", err) + } + + packages, err := python.ParseUvLock(path) + if err != nil { + t.Fatalf("Got unexpected error: %v", err) + } + + // single-package.lock has 6 [[package]] sections: + // line 5: certifi, line 14: charset-normalizer, line 36: idna, + // line 45: requests, line 60: urllib3, line 69: uv (root, skipped) + // Root package "uv" is skipped, so 5 packages returned. + assert.Len(t, packages, 5, "expected 5 packages (root skipped)") + + for _, pkg := range packages { + assert.NotEqual(t, 0, pkg.BlockLocation.Line.Start, + "expected BlockLocation.Line.Start to be set for package %s", pkg.Name) + assert.NotEmpty(t, pkg.BlockLocation.Filename, + "expected BlockLocation.Filename to be set for package %s", pkg.Name) + assert.Equal(t, path, pkg.BlockLocation.Filename, + "expected BlockLocation.Filename to match the lockfile path for package %s", pkg.Name) + } + + // Verify specific positions + pkgMap := make(map[string]lockfile.PackageDetails) + for _, pkg := range packages { + pkgMap[pkg.Name] = pkg + } + + // certifi starts at line 5 + assert.Equal(t, 5, pkgMap["certifi"].BlockLocation.Line.Start) + + // idna starts at line 36 + assert.Equal(t, 36, pkgMap["idna"].BlockLocation.Line.Start) + + // requests starts at line 45 + assert.Equal(t, 45, pkgMap["requests"].BlockLocation.Line.Start) + + // Verify path is absolute + assert.True(t, filepath.IsAbs(path), "path should be absolute") +} diff --git a/pkg/lockfile/renv/parse-renv-lock.go b/pkg/lockfile/renv/parse-renv-lock.go index 834e242e..49857d35 100644 --- a/pkg/lockfile/renv/parse-renv-lock.go +++ b/pkg/lockfile/renv/parse-renv-lock.go @@ -1,10 +1,14 @@ package renv import ( + "bytes" "encoding/json" "fmt" + "io" "path/filepath" + "strings" + "github.com/DataDog/datadog-sbom-generator/internal/utility/fileposition" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" ) @@ -41,26 +45,47 @@ func (e RenvLockExtractor) PackageManager() models.PackageManager { func (e RenvLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { var parsedLockfile *RenvLockfile - err := json.NewDecoder(f).Decode(&parsedLockfile) + content, err := io.ReadAll(f) + if err != nil { + return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) + } + + err = json.NewDecoder(bytes.NewReader(content)).Decode(&parsedLockfile) if err != nil { return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) } + lines := strings.Split(strings.ReplaceAll(string(content), "\r\n", "\n"), "\n") + + // Build position map for InJSON keyed by package name + positions := make(map[string]*models.FilePosition, len(parsedLockfile.Packages)) + for name := range parsedLockfile.Packages { + positions[name] = &models.FilePosition{} + } + + fileposition.InJSON("Packages", positions, lines, 0) + packages := make([]lockfile.PackageDetails, 0, len(parsedLockfile.Packages)) - for _, pkg := range parsedLockfile.Packages { + for name, pkg := range parsedLockfile.Packages { // currently we only support CRAN if pkg.Repository != string(models.EcosystemCRAN) { continue } - packages = append(packages, lockfile.PackageDetails{ + pkgDetails := lockfile.PackageDetails{ Name: pkg.Package, Version: pkg.Version, PackageManager: renvPackageManager, Ecosystem: models.EcosystemCRAN, - }) + } + if pos, ok := positions[name]; ok { + blockLocation := *pos + blockLocation.Filename = f.Path() + pkgDetails.BlockLocation = blockLocation + } + packages = append(packages, pkgDetails) } return packages, nil diff --git a/pkg/lockfile/renv/parse-renv-lock_test.go b/pkg/lockfile/renv/parse-renv-lock_test.go index f73bc92c..23e4cd71 100644 --- a/pkg/lockfile/renv/parse-renv-lock_test.go +++ b/pkg/lockfile/renv/parse-renv-lock_test.go @@ -9,6 +9,8 @@ import ( "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/internal/testutil" "github.com/DataDog/datadog-sbom-generator/pkg/models" + + "github.com/stretchr/testify/assert" ) func TestParseRenvLock_FileDoesNotExist(t *testing.T) { @@ -50,7 +52,7 @@ func TestParseRenvLock_OnePackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "morning", Version: "0.1.0", @@ -69,7 +71,7 @@ func TestParseRenvLock_TwoPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "markdown", Version: "1.0", @@ -94,7 +96,7 @@ func TestParseRenvLock_WithMixedSources(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "markdown", Version: "1.0", @@ -114,7 +116,7 @@ func TestParseRenvLock_WithBioconductor(t *testing.T) { } // currently Bioconductor is not supported - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "BH", Version: "1.75.0-0", @@ -124,6 +126,37 @@ func TestParseRenvLock_WithBioconductor(t *testing.T) { }) } +func TestParseRenvLock_TwoPackages_BlockLocation(t *testing.T) { + t.Parallel() + + packages, err := renv.ParseRenvLock("../fixtures/renv/two-packages.lock") + + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + packagesByName := make(map[string]lockfile.PackageDetails) + for _, pkg := range packages { + packagesByName[pkg.Name] = pkg + } + + // markdown block: lines 12-18 in "Packages" section + markdown := packagesByName["markdown"] + assert.Equal(t, 12, markdown.BlockLocation.Line.Start) + assert.Equal(t, 18, markdown.BlockLocation.Line.End) + assert.Equal(t, 5, markdown.BlockLocation.Column.Start) + assert.Equal(t, 6, markdown.BlockLocation.Column.End) + assert.Contains(t, markdown.BlockLocation.Filename, "two-packages.lock") + + // mime block: lines 19-25 in "Packages" section + mime := packagesByName["mime"] + assert.Equal(t, 19, mime.BlockLocation.Line.Start) + assert.Equal(t, 25, mime.BlockLocation.Line.End) + assert.Equal(t, 5, mime.BlockLocation.Column.Start) + assert.Equal(t, 6, mime.BlockLocation.Column.End) + assert.Contains(t, mime.BlockLocation.Filename, "two-packages.lock") +} + func TestParseRenvLock_WithoutRepository(t *testing.T) { t.Parallel() diff --git a/pkg/lockfile/ruby/parse-gemfile-lock.go b/pkg/lockfile/ruby/parse-gemfile-lock.go index 81828b94..73b550ed 100644 --- a/pkg/lockfile/ruby/parse-gemfile-lock.go +++ b/pkg/lockfile/ruby/parse-gemfile-lock.go @@ -31,6 +31,12 @@ func (parser *gemfileLockfileParser) isSourceSection(line string) bool { } func (parser *gemfileLockfileParser) addDependency(name string, version string) { + blockLocation := models.FilePosition{ + Line: models.Position{Start: parser.lineNumber, End: parser.lineNumber}, + Column: models.Position{Start: 1, End: len(parser.currentLine) + 1}, + Filename: parser.sourceFile, + } + if !parser.isInDepSection { parser.dependencies = append(parser.dependencies, lockfile.PackageDetails{ Name: name, @@ -38,6 +44,8 @@ func (parser *gemfileLockfileParser) addDependency(name string, version string) PackageManager: gemfilePackageManager, Ecosystem: models.EcosystemRubyGems, Commit: parser.currentGemCommit, + BlockLocation: blockLocation, + LocationRole: models.LocationRoleLockfile, }) return @@ -63,6 +71,8 @@ func (parser *gemfileLockfileParser) addDependency(name string, version string) Ecosystem: models.EcosystemRubyGems, Commit: parser.currentGemCommit, IsDirect: true, + BlockLocation: blockLocation, + LocationRole: models.LocationRoleLockfile, }) } } @@ -184,11 +194,15 @@ func (e GemfileLockExtractor) PackageManager() models.PackageManager { func (e GemfileLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { var parser gemfileLockfileParser + parser.sourceFile = f.Path() scanner := bufio.NewScanner(f) for scanner.Scan() { - parser.parse(scanner.Text()) + parser.lineNumber++ + line := scanner.Text() + parser.currentLine = line + parser.parse(line) } if err := scanner.Err(); err != nil { diff --git a/pkg/lockfile/ruby/parse-gemfile-lock_test.go b/pkg/lockfile/ruby/parse-gemfile-lock_test.go index 715b7a74..afa12488 100644 --- a/pkg/lockfile/ruby/parse-gemfile-lock_test.go +++ b/pkg/lockfile/ruby/parse-gemfile-lock_test.go @@ -2,8 +2,12 @@ package ruby_test import ( "io/fs" + "os" + "path/filepath" "testing" + "github.com/stretchr/testify/assert" + "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/ruby" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" @@ -112,7 +116,7 @@ func TestParseGemfileLock_OneGem(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "ast", Version: "2.4.2", @@ -131,7 +135,7 @@ func TestParseGemfileLock_SomeGems(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "coderay", Version: "1.1.3", @@ -162,7 +166,7 @@ func TestParseGemfileLock_MultipleGems(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "bundler-audit", Version: "0.9.0.1", @@ -213,7 +217,7 @@ func TestParseGemfileLock_Rails(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "actioncable", Version: "7.0.2.2", @@ -502,7 +506,7 @@ func TestParseGemfileLock_Rubocop(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "ast", Version: "2.4.2", @@ -575,7 +579,7 @@ func TestParseGemfileLock_HasLocalGem(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "backbone-on-rails", Version: "1.2.0.0", @@ -768,7 +772,7 @@ func TestParseGemfileLock_HasGitGem(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "hanami-controller", Version: "2.0.0.alpha1", @@ -833,3 +837,55 @@ func TestParseGemfileLock_PlatformSpecificDependencyIsParsed(t *testing.T) { }, }) } + +func TestParseGemfileLock_SomeGems_BlockLocation(t *testing.T) { + t.Parallel() + + path, err := filepath.Abs("../fixtures/bundler/some-gems.lock") + if err != nil { + t.Fatalf("could not get absolute path: %v", err) + } + + packages, err := ruby.ParseGemfileLock(path) + if err != nil { + t.Fatalf("Got unexpected error: %v", err) + } + + // some-gems.lock has: + // line 4: " coderay (1.1.3)" + // line 5: " method_source (1.0.0)" + // line 6: " pry (0.14.1)" + assert.Len(t, packages, 3, "expected 3 packages") + + for _, pkg := range packages { + assert.NotEqual(t, 0, pkg.BlockLocation.Line.Start, + "expected BlockLocation.Line.Start to be set for package %s", pkg.Name) + assert.NotEmpty(t, pkg.BlockLocation.Filename, + "expected BlockLocation.Filename to be set for package %s", pkg.Name) + assert.Equal(t, path, pkg.BlockLocation.Filename, + "expected BlockLocation.Filename to match the lockfile path for package %s", pkg.Name) + } + + // Verify specific line numbers + pkgMap := make(map[string]lockfile.PackageDetails) + for _, pkg := range packages { + pkgMap[pkg.Name] = pkg + } + + // coderay is at line 4: " coderay (1.1.3)" + assert.Equal(t, 4, pkgMap["coderay"].BlockLocation.Line.Start) + assert.Equal(t, 4, pkgMap["coderay"].BlockLocation.Line.End) + assert.Equal(t, 1, pkgMap["coderay"].BlockLocation.Column.Start) + + // method_source is at line 5: " method_source (1.0.0)" + assert.Equal(t, 5, pkgMap["method_source"].BlockLocation.Line.Start) + assert.Equal(t, 5, pkgMap["method_source"].BlockLocation.Line.End) + + // pry is at line 6: " pry (0.14.1)" + assert.Equal(t, 6, pkgMap["pry"].BlockLocation.Line.Start) + assert.Equal(t, 6, pkgMap["pry"].BlockLocation.Line.End) + + // Verify path is absolute (from lockfile, not relative) + assert.True(t, os.IsPathSeparator(path[0]) || filepath.IsAbs(path), + "path should be absolute") +} diff --git a/pkg/lockfile/ruby/types.go b/pkg/lockfile/ruby/types.go index afec1951..34c4b435 100644 --- a/pkg/lockfile/ruby/types.go +++ b/pkg/lockfile/ruby/types.go @@ -67,6 +67,13 @@ type gemfileLockfileParser struct { // whether or not the parser is in the `DEPENDENCIES` section isInDepSection bool + + // current line number being parsed (1-indexed) + lineNumber int + // current line text being parsed + currentLine string + // absolute path of the lockfile being parsed + sourceFile string } type GemfileLockExtractor struct { diff --git a/pkg/lockfile/rust/parse-cargo-lock.go b/pkg/lockfile/rust/parse-cargo-lock.go index bc00ec78..2b56c0c3 100644 --- a/pkg/lockfile/rust/parse-cargo-lock.go +++ b/pkg/lockfile/rust/parse-cargo-lock.go @@ -1,9 +1,13 @@ package rust import ( + "bytes" "fmt" + "io" "path/filepath" + "strings" + "github.com/DataDog/datadog-sbom-generator/internal/utility/fileposition" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" @@ -25,7 +29,12 @@ func (e CargoLockExtractor) PackageManager() models.PackageManager { func (e CargoLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { var parsedLockfile *CargoLockFile - _, err := toml.NewDecoder(f).Decode(&parsedLockfile) + content, err := io.ReadAll(f) + if err != nil { + return []lockfile.PackageDetails{}, fmt.Errorf("could not read %s: %w", f.Path(), err) + } + + _, err = toml.NewDecoder(bytes.NewReader(content)).Decode(&parsedLockfile) if err != nil { return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) @@ -42,6 +51,20 @@ func (e CargoLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanCon }) } + // Set BlockLocation for each package using the InTOML utility + lines := strings.Split(strings.ReplaceAll(string(content), "\r\n", "\n"), "\n") + positions := make([]*models.FilePosition, len(packages)) + for i := range packages { + positions[i] = &packages[i].BlockLocation + } + + fileposition.InTOML("[[package]]", "", positions, lines) + + for i := range packages { + packages[i].BlockLocation.Filename = f.Path() + packages[i].LocationRole = models.LocationRoleLockfile + } + return packages, nil } diff --git a/pkg/lockfile/rust/parse-cargo-lock_test.go b/pkg/lockfile/rust/parse-cargo-lock_test.go index 5e7e15a9..43dff906 100644 --- a/pkg/lockfile/rust/parse-cargo-lock_test.go +++ b/pkg/lockfile/rust/parse-cargo-lock_test.go @@ -2,8 +2,12 @@ package rust_test import ( "io/fs" + "os" + "path/filepath" "testing" + "github.com/stretchr/testify/assert" + "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/internal/testutil" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/rust" @@ -100,7 +104,7 @@ func TestParseCargoLock_OnePackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "addr2line", Version: "0.15.2", @@ -119,7 +123,7 @@ func TestParseCargoLock_TwoPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "addr2line", Version: "0.15.2", @@ -144,7 +148,7 @@ func TestParseCargoLock_TwoPackagesWithLocal(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "addr2line", Version: "0.15.2", @@ -169,7 +173,7 @@ func TestParseCargoLock_PackageWithBuildString(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "wasi", Version: "0.10.2+wasi-snapshot-preview1", @@ -178,3 +182,49 @@ func TestParseCargoLock_PackageWithBuildString(t *testing.T) { }, }) } + +func TestParseCargoLock_TwoPackages_BlockLocation(t *testing.T) { + t.Parallel() + + path, err := filepath.Abs("../fixtures/cargo/two-packages.lock") + if err != nil { + t.Fatalf("could not get absolute path: %v", err) + } + + packages, err := rust.ParseCargoLock(path) + if err != nil { + t.Fatalf("Got unexpected error: %v", err) + } + + // two-packages.lock has: + // line 5: "[[package]]" (addr2line block, lines 5-12) + // line 14: "[[package]]" (syn block, lines 14-23) + assert.Len(t, packages, 2, "expected 2 packages") + + for _, pkg := range packages { + assert.NotEqual(t, 0, pkg.BlockLocation.Line.Start, + "expected BlockLocation.Line.Start to be set for package %s", pkg.Name) + assert.NotEmpty(t, pkg.BlockLocation.Filename, + "expected BlockLocation.Filename to be set for package %s", pkg.Name) + assert.Equal(t, path, pkg.BlockLocation.Filename, + "expected BlockLocation.Filename to match the lockfile path for package %s", pkg.Name) + } + + // Verify specific positions + pkgMap := make(map[string]lockfile.PackageDetails) + for _, pkg := range packages { + pkgMap[pkg.Name] = pkg + } + + // addr2line starts at line 5 ("[[package]]"), ends before the blank line at line 13 + assert.Equal(t, 5, pkgMap["addr2line"].BlockLocation.Line.Start) + assert.Equal(t, 12, pkgMap["addr2line"].BlockLocation.Line.End) + + // syn starts at line 14 ("[[package]]"), ends at line 24 (last package includes trailing content) + assert.Equal(t, 14, pkgMap["syn"].BlockLocation.Line.Start) + assert.Equal(t, 24, pkgMap["syn"].BlockLocation.Line.End) + + // Verify path is absolute + assert.True(t, os.IsPathSeparator(path[0]) || filepath.IsAbs(path), + "path should be absolute") +} diff --git a/pkg/lockfile/swift/parse-package-resolved.go b/pkg/lockfile/swift/parse-package-resolved.go index e001bc23..26d24215 100644 --- a/pkg/lockfile/swift/parse-package-resolved.go +++ b/pkg/lockfile/swift/parse-package-resolved.go @@ -1,13 +1,16 @@ package swift import ( + "bytes" "encoding/json" "fmt" + "io" "net/url" "path/filepath" "strings" "github.com/DataDog/datadog-sbom-generator/internal/cachedregexp" + "github.com/DataDog/datadog-sbom-generator/internal/utility/fileposition" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" ) @@ -35,10 +38,18 @@ func (e PackageResolvedExtractor) PackageManager() models.PackageManager { func (e PackageResolvedExtractor) Extract(f lockfile.DepFile, _ lockfile.ScanContext) ([]lockfile.PackageDetails, error) { var resolved packageResolvedFile - if err := json.NewDecoder(f).Decode(&resolved); err != nil { + content, err := io.ReadAll(f) + if err != nil { return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) } + if err := json.NewDecoder(bytes.NewReader(content)).Decode(&resolved); err != nil { + return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) + } + + lines := strings.Split(strings.ReplaceAll(string(content), "\r\n", "\n"), "\n") + positions := pinPositionsByIdentity(lines) + // Normalize pins from v1 or v2/v3 into a common representation. type normalizedPin struct { identity string @@ -114,7 +125,7 @@ func (e PackageResolvedExtractor) Extract(f lockfile.DepFile, _ lockfile.ScanCon version = pin.branch } - packages = append(packages, lockfile.PackageDetails{ + pkgDetails := lockfile.PackageDetails{ Name: name, Version: version, Commit: pin.revision, @@ -122,12 +133,83 @@ func (e PackageResolvedExtractor) Extract(f lockfile.DepFile, _ lockfile.ScanCon Ecosystem: models.EcosystemSwiftURL, IsDirect: false, LocationRole: models.LocationRoleLockfile, - }) + } + + if pos, ok := positions[pin.identity]; ok { + blockLocation := *pos + blockLocation.Filename = f.Path() + pkgDetails.BlockLocation = blockLocation + } + + packages = append(packages, pkgDetails) } return packages, nil } +// identityRegexp matches the "identity" key inside a pin object. +var identityRegexp = cachedregexp.MustCompile(`"identity"\s*:\s*"([^"]+)"`) + +// pinPositionsByIdentity scans the raw JSON lines and returns a FilePosition for each +// pin block, keyed by the pin's identity value. Each block starts at the "{" line +// that precedes the "identity" field and ends at the matching "}". +func pinPositionsByIdentity(lines []string) map[string]*models.FilePosition { + positions := make(map[string]*models.FilePosition) + + for i, line := range lines { + m := identityRegexp.FindStringSubmatch(line) + if m == nil { + continue + } + + identity := m[1] + + // Walk backwards to find the opening "{" of this pin block. + blockStart := i + for blockStart > 0 && !strings.Contains(lines[blockStart], "{") { + blockStart-- + } + + // Walk forward to find the matching closing "}". + depth := 0 + blockEnd := blockStart + + for blockEnd < len(lines) { + for _, ch := range lines[blockEnd] { + if ch == '{' { + depth++ + } else if ch == '}' { + depth-- + } + } + + if depth <= 0 { + break + } + + blockEnd++ + } + + colStart := fileposition.GetFirstNonEmptyCharacterIndexInLine(lines[blockStart]) + colEnd := fileposition.GetLastNonEmptyCharacterIndexInLine(lines[blockEnd]) + + if colStart < 1 { + colStart = 1 + } + + if colEnd < 1 { + colEnd = 1 + } + + positions[identity] = &models.FilePosition{ + Line: models.Position{Start: blockStart + 1, End: blockEnd + 1}, + Column: models.Position{Start: colStart, End: colEnd}, + } + } + + return positions +} + // nameFromRepoURL extracts a purl-compatible name from a repository URL. // For "https://github.com/Alamofire/Alamofire.git" it returns "github.com/Alamofire/Alamofire". // For scp-style SSH URLs like "git@github.com:org/repo.git" it returns "github.com/org/repo". diff --git a/pkg/lockfile/swift/parse-package-resolved_test.go b/pkg/lockfile/swift/parse-package-resolved_test.go index 0bda6ff7..b0e4f359 100644 --- a/pkg/lockfile/swift/parse-package-resolved_test.go +++ b/pkg/lockfile/swift/parse-package-resolved_test.go @@ -4,6 +4,8 @@ import ( "io/fs" "testing" + "github.com/stretchr/testify/assert" + "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/internal/testutil" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/swift" @@ -112,7 +114,8 @@ func TestParsePackageResolved_OnePackageV1(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + // v1 pins have no "identity" field — BlockLocation is not set. + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "github.com/Alamofire/Alamofire", Version: "5.4.3", @@ -134,7 +137,7 @@ func TestParsePackageResolved_OnePackageV2(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "github.com/Alamofire/Alamofire", Version: "5.6.1", @@ -156,7 +159,7 @@ func TestParsePackageResolved_OnePackageV3(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "github.com/Alamofire/Alamofire", Version: "5.9.0", @@ -178,7 +181,7 @@ func TestParsePackageResolved_TwoPackagesV2(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "github.com/Alamofire/Alamofire", Version: "5.6.1", @@ -200,6 +203,29 @@ func TestParsePackageResolved_TwoPackagesV2(t *testing.T) { }) } +func TestParsePackageResolved_TwoPackagesV2_BlockLocation(t *testing.T) { + t.Parallel() + + packages, err := swift.ParsePackageResolved("../fixtures/swift/two-packages-v2.json") + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + alamofire := packages[0] + assert.Equal(t, 3, alamofire.BlockLocation.Line.Start) + assert.Equal(t, 11, alamofire.BlockLocation.Line.End) + assert.Equal(t, 5, alamofire.BlockLocation.Column.Start) + assert.Equal(t, 7, alamofire.BlockLocation.Column.End) + assert.Contains(t, alamofire.BlockLocation.Filename, "two-packages-v2.json") + + parser := packages[1] + assert.Equal(t, 12, parser.BlockLocation.Line.Start) + assert.Equal(t, 20, parser.BlockLocation.Line.End) + assert.Equal(t, 5, parser.BlockLocation.Column.Start) + assert.Equal(t, 6, parser.BlockLocation.Column.End) + assert.Contains(t, parser.BlockLocation.Filename, "two-packages-v2.json") +} + func TestParsePackageResolved_MixedStatesV2(t *testing.T) { t.Parallel() @@ -209,7 +235,7 @@ func TestParsePackageResolved_MixedStatesV2(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "github.com/Alamofire/Alamofire", Version: "5.6.1", @@ -240,7 +266,7 @@ func TestParsePackageResolved_SSHUrlV2(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "github.com/Alamofire/Alamofire", Version: "5.6.1", @@ -262,7 +288,7 @@ func TestParsePackageResolved_RegistryPinV2(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "apple.swift-argument-parser", Version: "1.2.0", @@ -284,7 +310,7 @@ func TestParsePackageResolved_LocalPackageSkipped(t *testing.T) { } // localSourceControl pins should be skipped - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "github.com/Alamofire/Alamofire", Version: "5.6.1",