Versions Compared

Old Version 18

changes.mady.by.user Ruslan Dautov

Saved on

compared with

New Version Current

changes.mady.by.user Erik Nordmark

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This is a snapshot of all the components and associated licenses used. It includes what is used to build EVE-OS and what is included in the EVE-OS images. The golang dependencies in deps-eve-xyz.csv are quite volumnious since they include the transitive closure of all of the packages and since different packages in that closure pull in different versions/hashes of other packages there are many instances where several versions/hashes of a package is included.

This snapshot is based on the EVE-OS release: 8.8.0 

Scan code report Image ModifiedImage Modifiedscancode-report.htmlImage Modifiedscancode-report.csv

Snyk report Image Addeddeps-eve-880.csv

Final image / learn more about building process https://github.com/lf-edge/eve/blob/master/docs/BUILD.md 


docker sbom lfedge/evedocker scan lfedge/eve
Syft v0.43.0
✔ Loaded image
✔ Parsed image
✔ Cataloged packages [31 packages]

[0006] WARN golang cataloger: failed to read buildinfo (file="/ipxe.efi"): unrecognized file format
NAME VERSION TYPE
apk-tools 2.12.1-r0 apk
busybox 1.32.1-r3 apk
ca-certificates-bundle 20191127-r5 apk
coreutils 8.32-r2 apk
glib 2.66.7-r1 apk
gmp 6.2.1-r0 apk
gnutls 3.7.1-r0 apk
libacl 2.2.53-r0 apk
libaio 0.3.112-r1 apk
libattr 2.4.48-r0 apk
libblkid 2.36.1-r1 apk
libcrypto1.1 1.1.1j-r0 apk
libffi 3.3-r2 apk
libintl 0.20.2-r2 apk
libmount 2.36.1-r1 apk
libssl1.1 1.1.1j-r0 apk
libtasn1 4.16.0-r1 apk
libtls-standalone 2.9.1-r1 apk
libunistring 0.9.10-r0 apk
musl 1.2.2-r0 apk
nettle 3.7-r0 apk
p11-kit 0.23.22-r0 apk
pcre 8.44-r0 apk
qemu-img 5.2.0-r2 apk
s6-ipcserver 2.10.0.0-r0 apk
skalibs 2.10.0.0-r0 apk
ssl_client 1.32.1-r3 apk
tar 1.33-r1 apk
uboot-tools 2021.01-r0 apk
utmps 0.1.0.0-r0 apk
zlib 1.2.11-r3 apk
Testing lfedge/eve...
Package manager:   apk
Project name:      docker-image|lfedge/eve
Docker image:      lfedge/eve
Platform:          linux/arm64
✔ Tested 32 dependencies for known vulnerabilities, no vulnerable paths found.
Note that we do not currently have vulnerability data for your image.
For more free scans that keep your images secure, sign up to Snyk at https://dockr.ly/3ePqVcp

...