SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: .
DocumentNamespace: https://anchore.com/syft/dir/7c8a894d-8a3b-451e-8a55-755900ca3941
LicenseListVersion: 3.28
Creator: Organization: Anchore, Inc
Creator: Tool: syft-1.46.0
Created: 2026-07-12T01:29:05Z

##### Unpackaged files

FileName: .github/workflows/generator-generic-ossf-slsa3-publish.yml
SPDXID: SPDXRef-File-...generator-generic-ossf-slsa3-publish.yml-4ee1db3149884070
FileType: TEXT
FileChecksum: SHA1: 1557a9681ad7121df2db7ed5a0bc52062d42000e
FileChecksum: SHA256: aec9bb26efbdbe401705f9df9c50c04c8f4528cd3219a1590fe22376bb99a3a6
LicenseConcluded: NOASSERTION
LicenseInfoInFile: NOASSERTION
FileCopyrightText: NOASSERTION

FileName: .github/workflows/trivy-vulnerability-scans.yml
SPDXID: SPDXRef-File-...trivy-vulnerability-scans.yml-2edd8745af40f05e
FileType: TEXT
FileChecksum: SHA1: ba65027a1a0e040384e51f3ea337bc588cd4c1bd
FileChecksum: SHA256: 607f5cdb4d05d46aebc4e952d4f81b94b81d0dc00758eab25833a2533edc4952
LicenseConcluded: NOASSERTION
LicenseInfoInFile: NOASSERTION
FileCopyrightText: NOASSERTION

FileName: .github/workflows/count_lines_of_code.yml
SPDXID: SPDXRef-File-...workflows-count-lines-of-code.yml-ca4bba1469643f65
FileType: TEXT
FileChecksum: SHA1: e065a1c4778e5cec0d1c59a35f79fabeeebc7e82
FileChecksum: SHA256: 55caa13a2436f0274bc7de276d2bf57968f3a27a39a57a6041cbea732a4d8d88
LicenseConcluded: NOASSERTION
LicenseInfoInFile: NOASSERTION
FileCopyrightText: NOASSERTION

FileName: .github/workflows/dependency-review.yml
SPDXID: SPDXRef-File-...workflows-dependency-review.yml-11769e63aa84e323
FileType: TEXT
FileChecksum: SHA1: 150aac864354f5ab438dbc955028e23887cf1f50
FileChecksum: SHA256: 8c18644f5d8757fb44eb63d873b94775e8c37ca292868c2f12c9d5749fec1678
LicenseConcluded: NOASSERTION
LicenseInfoInFile: NOASSERTION
FileCopyrightText: NOASSERTION

FileName: .github/workflows/docker-multiarch-build.yml
SPDXID: SPDXRef-File-...workflows-docker-multiarch-build.yml-4687f6b3a8798af9
FileType: TEXT
FileChecksum: SHA1: 2cb24cd2563e090936c405ab582e79bb4a2fa7b7
FileChecksum: SHA256: 86148452ee4d56a33f541592a04f6b2615c5204bdb031fa7b5b3f43449d34356
LicenseConcluded: NOASSERTION
LicenseInfoInFile: NOASSERTION
FileCopyrightText: NOASSERTION

FileName: .github/workflows/phan-php-code-analysis.yml
SPDXID: SPDXRef-File-...workflows-phan-php-code-analysis.yml-f491971c6a8f2d00
FileType: TEXT
FileChecksum: SHA1: 10d0e50d08b7af8a33d892b7c46543744eb156e0
FileChecksum: SHA256: e657c0808213e523b7f38f22dcbaec991e1c6cc7a4598ac35e49987b70a4e744
LicenseConcluded: NOASSERTION
LicenseInfoInFile: NOASSERTION
FileCopyrightText: NOASSERTION

FileName: .github/workflows/codeql.yml
SPDXID: SPDXRef-File-.github-workflows-codeql.yml-f4fe0eee66e1ba99
FileType: TEXT
FileChecksum: SHA1: 81be4eb666d9c11e363e2713ebb55bc1c7b4131f
FileChecksum: SHA256: 995d87c4bf2009c56a2ff3548b776df1cd972a3c34d5f9f1477c01b74c199e49
LicenseConcluded: NOASSERTION
LicenseInfoInFile: NOASSERTION
FileCopyrightText: NOASSERTION

FileName: .github/workflows/eslint.yml
SPDXID: SPDXRef-File-.github-workflows-eslint.yml-f9fe3691a8816215
FileType: TEXT
FileChecksum: SHA1: 9a7ad4d83c8dfe9363782dd9dadc6063050c4b22
FileChecksum: SHA256: d310075b3be83ab89d04346b9d5544a72a5f8bc588ca98c552ed23d6454837d3
LicenseConcluded: NOASSERTION
LicenseInfoInFile: NOASSERTION
FileCopyrightText: NOASSERTION

FileName: .github/workflows/sbom-generation.yml
SPDXID: SPDXRef-File-.github-workflows-sbom-generation.yml-eb17d210499e9f61
FileType: TEXT
FileChecksum: SHA1: 5845369d09d6430bfbe174de6a9c3f2180327eb1
FileChecksum: SHA256: 005eb013a10ac886d5a6a0aa22e319c2c476b2874f723eea948b376e4d5ae59d
LicenseConcluded: NOASSERTION
LicenseInfoInFile: NOASSERTION
FileCopyrightText: NOASSERTION

FileName: .github/workflows/scorecard.yml
SPDXID: SPDXRef-File-.github-workflows-scorecard.yml-f175f3b2ff568407
FileType: TEXT
FileChecksum: SHA1: dbe0e378c26c5761e0d1a73349316298f8a3dcf0
FileChecksum: SHA256: 63f735c263d80551fce4e32de3321a3e7876425f6680e721811d9f4d4e52a65e
LicenseConcluded: NOASSERTION
LicenseInfoInFile: NOASSERTION
FileCopyrightText: NOASSERTION

##### Package: .

PackageName: .
SPDXID: SPDXRef-DocumentRoot-Directory-.
PackageSupplier: NOASSERTION
PackageDownloadLocation: NOASSERTION
PrimaryPackagePurpose: FILE
FilesAnalyzed: false
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION

##### Package: actions/checkout

PackageName: actions/checkout
SPDXID: SPDXRef-Package-github-action-actions-checkout-1e76c638c42e671c
PackageVersion: de0fac2e4500dabe0009e67214ff5f5447ce83dd
PackageSupplier: Organization: GitHub
PackageOriginator: Organization: GitHub
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/phan-php-code-analysis.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/checkout:actions\/checkout:de0fac2e4500dabe0009e67214ff5f5447ce83dd:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd

##### Package: actions/checkout

PackageName: actions/checkout
SPDXID: SPDXRef-Package-github-action-actions-checkout-2d333b1298a44f88
PackageVersion: v6.0.2
PackageSupplier: Organization: GitHub
PackageOriginator: Organization: GitHub
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/eslint.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/checkout:actions\/checkout:v6.0.2:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/actions/checkout@v6.0.2

##### Package: actions/checkout

PackageName: actions/checkout
SPDXID: SPDXRef-Package-github-action-actions-checkout-36d5f3eea8347bd4
PackageVersion: v6.0.2
PackageSupplier: Organization: GitHub
PackageOriginator: Organization: GitHub
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/count_lines_of_code.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/checkout:actions\/checkout:v6.0.2:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/actions/checkout@v6.0.2

##### Package: actions/checkout

PackageName: actions/checkout
SPDXID: SPDXRef-Package-github-action-actions-checkout-74f73e01d4beeab7
PackageVersion: v6.0.2
PackageSupplier: Organization: GitHub
PackageOriginator: Organization: GitHub
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/trivy-vulnerability-scans.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/checkout:actions\/checkout:v6.0.2:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/actions/checkout@v6.0.2

##### Package: actions/checkout

PackageName: actions/checkout
SPDXID: SPDXRef-Package-github-action-actions-checkout-85281977c9cc65c0
PackageVersion: v6.0.2
PackageSupplier: Organization: GitHub
PackageOriginator: Organization: GitHub
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/dependency-review.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/checkout:actions\/checkout:v6.0.2:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/actions/checkout@v6.0.2

##### Package: actions/checkout

PackageName: actions/checkout
SPDXID: SPDXRef-Package-github-action-actions-checkout-bf3797e407aa74c9
PackageVersion: de0fac2e4500dabe0009e67214ff5f5447ce83dd
PackageSupplier: Organization: GitHub
PackageOriginator: Organization: GitHub
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/docker-multiarch-build.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/checkout:actions\/checkout:de0fac2e4500dabe0009e67214ff5f5447ce83dd:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd

##### Package: actions/checkout

PackageName: actions/checkout
SPDXID: SPDXRef-Package-github-action-actions-checkout-c54900e5dbc0ecae
PackageVersion: v6.0.2
PackageSupplier: Organization: GitHub
PackageOriginator: Organization: GitHub
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/sbom-generation.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/checkout:actions\/checkout:v6.0.2:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/actions/checkout@v6.0.2

##### Package: actions/checkout

PackageName: actions/checkout
SPDXID: SPDXRef-Package-github-action-actions-checkout-db145f0c74b08b12
PackageVersion: v6.0.2
PackageSupplier: Organization: GitHub
PackageOriginator: Organization: GitHub
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/codeql.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/checkout:actions\/checkout:v6.0.2:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/actions/checkout@v6.0.2

##### Package: actions/checkout

PackageName: actions/checkout
SPDXID: SPDXRef-Package-github-action-actions-checkout-e5c5af7ba135b231
PackageVersion: v6.0.2
PackageSupplier: Organization: GitHub
PackageOriginator: Organization: GitHub
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/generator-generic-ossf-slsa3-publish.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/checkout:actions\/checkout:v6.0.2:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/actions/checkout@v6.0.2

##### Package: actions/checkout

PackageName: actions/checkout
SPDXID: SPDXRef-Package-github-action-actions-checkout-ec77cd62600ce9c1
PackageVersion: v6.0.2
PackageSupplier: Organization: GitHub
PackageOriginator: Organization: GitHub
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/scorecard.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/checkout:actions\/checkout:v6.0.2:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/actions/checkout@v6.0.2

##### Package: actions/configure-pages

PackageName: actions/configure-pages
SPDXID: SPDXRef-Package-github-action-actions-configure-pages-a07043ff73347682
PackageVersion: 983d7736d9b0ae728b81ab479565c72886d7745b
PackageSupplier: Organization: GitHub
PackageOriginator: Organization: GitHub
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/sbom-generation.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/configure-pages:actions\/configure-pages:983d7736d9b0ae728b81ab479565c72886d7745b:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/configure-pages:actions\/configure_pages:983d7736d9b0ae728b81ab479565c72886d7745b:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/configure_pages:actions\/configure-pages:983d7736d9b0ae728b81ab479565c72886d7745b:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/configure_pages:actions\/configure_pages:983d7736d9b0ae728b81ab479565c72886d7745b:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/configure:actions\/configure-pages:983d7736d9b0ae728b81ab479565c72886d7745b:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/configure:actions\/configure_pages:983d7736d9b0ae728b81ab479565c72886d7745b:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b

##### Package: actions/dependency-review-action

PackageName: actions/dependency-review-action
SPDXID: SPDXRef-Package-github-action-actions-dependency-review-action-3f2ba4e27b5bfb0a
PackageVersion: v5.0.0
PackageSupplier: Organization: GitHub
PackageOriginator: Organization: GitHub
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/dependency-review.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/dependency-review-action:actions\/dependency-review-action:v5.0.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/dependency-review-action:actions\/dependency_review_action:v5.0.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/dependency_review_action:actions\/dependency-review-action:v5.0.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/dependency_review_action:actions\/dependency_review_action:v5.0.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/dependency-review:actions\/dependency-review-action:v5.0.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/dependency-review:actions\/dependency_review_action:v5.0.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/dependency_review:actions\/dependency-review-action:v5.0.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/dependency_review:actions\/dependency_review_action:v5.0.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/dependency:actions\/dependency-review-action:v5.0.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/dependency:actions\/dependency_review_action:v5.0.0:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/actions/dependency-review-action@v5.0.0

##### Package: actions/deploy-pages

PackageName: actions/deploy-pages
SPDXID: SPDXRef-Package-github-action-actions-deploy-pages-6c98088196e3270a
PackageVersion: d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e
PackageSupplier: Organization: GitHub
PackageOriginator: Organization: GitHub
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/sbom-generation.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/deploy-pages:actions\/deploy-pages:d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/deploy-pages:actions\/deploy_pages:d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/deploy_pages:actions\/deploy-pages:d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/deploy_pages:actions\/deploy_pages:d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/deploy:actions\/deploy-pages:d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/deploy:actions\/deploy_pages:d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e

##### Package: actions/setup-node

PackageName: actions/setup-node
SPDXID: SPDXRef-Package-github-action-actions-setup-node-72d20634c018c750
PackageVersion: v6.4.0
PackageSupplier: Organization: GitHub
PackageOriginator: Organization: GitHub
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/count_lines_of_code.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/setup-node:actions\/setup-node:v6.4.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/setup-node:actions\/setup_node:v6.4.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/setup_node:actions\/setup-node:v6.4.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/setup_node:actions\/setup_node:v6.4.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/setup:actions\/setup-node:v6.4.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/setup:actions\/setup_node:v6.4.0:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/actions/setup-node@v6.4.0

##### Package: actions/upload-artifact

PackageName: actions/upload-artifact
SPDXID: SPDXRef-Package-github-action-actions-upload-artifact-1d6a560f3b077fc2
PackageVersion: 043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
PackageSupplier: Organization: GitHub
PackageOriginator: Organization: GitHub
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/phan-php-code-analysis.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload-artifact:actions\/upload-artifact:043fb46d1a93c77aae656e7c1c64a875d1fc6a0a:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload-artifact:actions\/upload_artifact:043fb46d1a93c77aae656e7c1c64a875d1fc6a0a:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload_artifact:actions\/upload-artifact:043fb46d1a93c77aae656e7c1c64a875d1fc6a0a:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload_artifact:actions\/upload_artifact:043fb46d1a93c77aae656e7c1c64a875d1fc6a0a:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload:actions\/upload-artifact:043fb46d1a93c77aae656e7c1c64a875d1fc6a0a:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload:actions\/upload_artifact:043fb46d1a93c77aae656e7c1c64a875d1fc6a0a:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a

##### Package: actions/upload-artifact

PackageName: actions/upload-artifact
SPDXID: SPDXRef-Package-github-action-actions-upload-artifact-394670b0b04bea6f
PackageVersion: 043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
PackageSupplier: Organization: GitHub
PackageOriginator: Organization: GitHub
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/trivy-vulnerability-scans.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload-artifact:actions\/upload-artifact:043fb46d1a93c77aae656e7c1c64a875d1fc6a0a:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload-artifact:actions\/upload_artifact:043fb46d1a93c77aae656e7c1c64a875d1fc6a0a:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload_artifact:actions\/upload-artifact:043fb46d1a93c77aae656e7c1c64a875d1fc6a0a:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload_artifact:actions\/upload_artifact:043fb46d1a93c77aae656e7c1c64a875d1fc6a0a:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload:actions\/upload-artifact:043fb46d1a93c77aae656e7c1c64a875d1fc6a0a:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload:actions\/upload_artifact:043fb46d1a93c77aae656e7c1c64a875d1fc6a0a:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a

##### Package: actions/upload-artifact

PackageName: actions/upload-artifact
SPDXID: SPDXRef-Package-github-action-actions-upload-artifact-68c862711aa2ee2b
PackageVersion: 043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
PackageSupplier: Organization: GitHub
PackageOriginator: Organization: GitHub
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/count_lines_of_code.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload-artifact:actions\/upload-artifact:043fb46d1a93c77aae656e7c1c64a875d1fc6a0a:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload-artifact:actions\/upload_artifact:043fb46d1a93c77aae656e7c1c64a875d1fc6a0a:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload_artifact:actions\/upload-artifact:043fb46d1a93c77aae656e7c1c64a875d1fc6a0a:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload_artifact:actions\/upload_artifact:043fb46d1a93c77aae656e7c1c64a875d1fc6a0a:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload:actions\/upload-artifact:043fb46d1a93c77aae656e7c1c64a875d1fc6a0a:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload:actions\/upload_artifact:043fb46d1a93c77aae656e7c1c64a875d1fc6a0a:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a

##### Package: actions/upload-artifact

PackageName: actions/upload-artifact
SPDXID: SPDXRef-Package-github-action-actions-upload-artifact-9a7f6c34be2cf71c
PackageVersion: v7.0.1
PackageSupplier: Organization: GitHub
PackageOriginator: Organization: GitHub
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/scorecard.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload-artifact:actions\/upload-artifact:v7.0.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload-artifact:actions\/upload_artifact:v7.0.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload_artifact:actions\/upload-artifact:v7.0.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload_artifact:actions\/upload_artifact:v7.0.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload:actions\/upload-artifact:v7.0.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload:actions\/upload_artifact:v7.0.1:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/actions/upload-artifact@v7.0.1

##### Package: actions/upload-pages-artifact

PackageName: actions/upload-pages-artifact
SPDXID: SPDXRef-Package-github-action-actions-upload-pages-artifact-9e6b749f1f2ebf18
PackageVersion: 56afc609e74202658d3ffba0e8f6dda462b719fa
PackageSupplier: Organization: GitHub
PackageOriginator: Organization: GitHub
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/sbom-generation.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload-pages-artifact:actions\/upload-pages-artifact:56afc609e74202658d3ffba0e8f6dda462b719fa:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload-pages-artifact:actions\/upload_pages_artifact:56afc609e74202658d3ffba0e8f6dda462b719fa:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload_pages_artifact:actions\/upload-pages-artifact:56afc609e74202658d3ffba0e8f6dda462b719fa:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload_pages_artifact:actions\/upload_pages_artifact:56afc609e74202658d3ffba0e8f6dda462b719fa:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload-pages:actions\/upload-pages-artifact:56afc609e74202658d3ffba0e8f6dda462b719fa:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload-pages:actions\/upload_pages_artifact:56afc609e74202658d3ffba0e8f6dda462b719fa:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload_pages:actions\/upload-pages-artifact:56afc609e74202658d3ffba0e8f6dda462b719fa:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload_pages:actions\/upload_pages_artifact:56afc609e74202658d3ffba0e8f6dda462b719fa:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload:actions\/upload-pages-artifact:56afc609e74202658d3ffba0e8f6dda462b719fa:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:actions\/upload:actions\/upload_pages_artifact:56afc609e74202658d3ffba0e8f6dda462b719fa:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa

##### Package: aquasecurity/trivy-action

PackageName: aquasecurity/trivy-action
SPDXID: SPDXRef-Package-github-action-aquasecurity-trivy-action-60fdf0d4129e0929
PackageVersion: v0.36.0
PackageSupplier: Organization: aquasecurity
PackageOriginator: Organization: aquasecurity
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/trivy-vulnerability-scans.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:aquasecurity\/trivy-action:aquasecurity\/trivy-action:v0.36.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:aquasecurity\/trivy-action:aquasecurity\/trivy_action:v0.36.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:aquasecurity\/trivy_action:aquasecurity\/trivy-action:v0.36.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:aquasecurity\/trivy_action:aquasecurity\/trivy_action:v0.36.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:aquasecurity\/trivy:aquasecurity\/trivy-action:v0.36.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:aquasecurity\/trivy:aquasecurity\/trivy_action:v0.36.0:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/aquasecurity/trivy-action@v0.36.0

##### Package: docker/build-push-action

PackageName: docker/build-push-action
SPDXID: SPDXRef-Package-github-action-docker-build-push-action-a3007dc6c19ae9bd
PackageVersion: ca052bb54ab0790a636c9b5f226502c73d547a25
PackageSupplier: Organization: docker
PackageOriginator: Organization: docker
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/docker-multiarch-build.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/build-push-action:docker\/build-push-action:ca052bb54ab0790a636c9b5f226502c73d547a25:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/build-push-action:docker\/build_push_action:ca052bb54ab0790a636c9b5f226502c73d547a25:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/build_push_action:docker\/build-push-action:ca052bb54ab0790a636c9b5f226502c73d547a25:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/build_push_action:docker\/build_push_action:ca052bb54ab0790a636c9b5f226502c73d547a25:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/build-push:docker\/build-push-action:ca052bb54ab0790a636c9b5f226502c73d547a25:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/build-push:docker\/build_push_action:ca052bb54ab0790a636c9b5f226502c73d547a25:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/build_push:docker\/build-push-action:ca052bb54ab0790a636c9b5f226502c73d547a25:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/build_push:docker\/build_push_action:ca052bb54ab0790a636c9b5f226502c73d547a25:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/build:docker\/build-push-action:ca052bb54ab0790a636c9b5f226502c73d547a25:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/build:docker\/build_push_action:ca052bb54ab0790a636c9b5f226502c73d547a25:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25

##### Package: docker/login-action

PackageName: docker/login-action
SPDXID: SPDXRef-Package-github-action-docker-login-action-81a0cd414d9ff13a
PackageVersion: 4907a6ddec9925e35a0a9e82d7399ccc52663121
PackageSupplier: Organization: docker
PackageOriginator: Organization: docker
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/docker-multiarch-build.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/login-action:docker\/login-action:4907a6ddec9925e35a0a9e82d7399ccc52663121:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/login-action:docker\/login_action:4907a6ddec9925e35a0a9e82d7399ccc52663121:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/login_action:docker\/login-action:4907a6ddec9925e35a0a9e82d7399ccc52663121:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/login_action:docker\/login_action:4907a6ddec9925e35a0a9e82d7399ccc52663121:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/login:docker\/login-action:4907a6ddec9925e35a0a9e82d7399ccc52663121:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/login:docker\/login_action:4907a6ddec9925e35a0a9e82d7399ccc52663121:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121

##### Package: docker/setup-buildx-action

PackageName: docker/setup-buildx-action
SPDXID: SPDXRef-Package-github-action-docker-setup-buildx-action-cd6616c842eaf2da
PackageVersion: 4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd
PackageSupplier: Organization: docker
PackageOriginator: Organization: docker
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/docker-multiarch-build.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/setup-buildx-action:docker\/setup-buildx-action:4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/setup-buildx-action:docker\/setup_buildx_action:4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/setup_buildx_action:docker\/setup-buildx-action:4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/setup_buildx_action:docker\/setup_buildx_action:4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/setup-buildx:docker\/setup-buildx-action:4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/setup-buildx:docker\/setup_buildx_action:4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/setup_buildx:docker\/setup-buildx-action:4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/setup_buildx:docker\/setup_buildx_action:4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/setup:docker\/setup-buildx-action:4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/setup:docker\/setup_buildx_action:4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd

##### Package: docker/setup-qemu-action

PackageName: docker/setup-qemu-action
SPDXID: SPDXRef-Package-github-action-docker-setup-qemu-action-4b039c32531aa404
PackageVersion: c7c53464625b32c7a7e944ae62b3e17d2b600130
PackageSupplier: Organization: docker
PackageOriginator: Organization: docker
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/docker-multiarch-build.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/setup-qemu-action:docker\/setup-qemu-action:c7c53464625b32c7a7e944ae62b3e17d2b600130:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/setup-qemu-action:docker\/setup_qemu_action:c7c53464625b32c7a7e944ae62b3e17d2b600130:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/setup_qemu_action:docker\/setup-qemu-action:c7c53464625b32c7a7e944ae62b3e17d2b600130:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/setup_qemu_action:docker\/setup_qemu_action:c7c53464625b32c7a7e944ae62b3e17d2b600130:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/setup-qemu:docker\/setup-qemu-action:c7c53464625b32c7a7e944ae62b3e17d2b600130:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/setup-qemu:docker\/setup_qemu_action:c7c53464625b32c7a7e944ae62b3e17d2b600130:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/setup_qemu:docker\/setup-qemu-action:c7c53464625b32c7a7e944ae62b3e17d2b600130:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/setup_qemu:docker\/setup_qemu_action:c7c53464625b32c7a7e944ae62b3e17d2b600130:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/setup:docker\/setup-qemu-action:c7c53464625b32c7a7e944ae62b3e17d2b600130:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:docker\/setup:docker\/setup_qemu_action:c7c53464625b32c7a7e944ae62b3e17d2b600130:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130

##### Package: github/codeql-action/analyze

PackageName: github/codeql-action/analyze
SPDXID: SPDXRef-Package-github-action-github-codeql-action-analyze-3956f5961bfcf596
PackageVersion: v3.26.2
PackageSupplier: Organization: github
PackageOriginator: Organization: github
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/codeql.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql-action\/analyze:github\/codeql-action\/analyze:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql-action\/analyze:github\/codeql_action\/analyze:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql_action\/analyze:github\/codeql-action\/analyze:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql_action\/analyze:github\/codeql_action\/analyze:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql:github\/codeql-action\/analyze:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql:github\/codeql_action\/analyze:v3.26.2:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/github/codeql-action@v3.26.2#analyze

##### Package: github/codeql-action/autobuild

PackageName: github/codeql-action/autobuild
SPDXID: SPDXRef-Package-github-action-github-codeql-action-autobuild-78e33e01051e9dd9
PackageVersion: v3.26.2
PackageSupplier: Organization: github
PackageOriginator: Organization: github
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/codeql.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql-action\/autobuild:github\/codeql-action\/autobuild:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql-action\/autobuild:github\/codeql_action\/autobuild:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql_action\/autobuild:github\/codeql-action\/autobuild:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql_action\/autobuild:github\/codeql_action\/autobuild:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql:github\/codeql-action\/autobuild:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql:github\/codeql_action\/autobuild:v3.26.2:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/github/codeql-action@v3.26.2#autobuild

##### Package: github/codeql-action/init

PackageName: github/codeql-action/init
SPDXID: SPDXRef-Package-github-action-github-codeql-action-init-7417d2a3fc5800c4
PackageVersion: v3.26.2
PackageSupplier: Organization: github
PackageOriginator: Organization: github
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/codeql.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql-action\/init:github\/codeql-action\/init:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql-action\/init:github\/codeql_action\/init:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql_action\/init:github\/codeql-action\/init:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql_action\/init:github\/codeql_action\/init:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql:github\/codeql-action\/init:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql:github\/codeql_action\/init:v3.26.2:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/github/codeql-action@v3.26.2#init

##### Package: github/codeql-action/upload-sarif

PackageName: github/codeql-action/upload-sarif
SPDXID: SPDXRef-Package-github-action-github-codeql-action-upload-sarif-3a9474dca9217bbb
PackageVersion: v3.26.2
PackageSupplier: Organization: github
PackageOriginator: Organization: github
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/scorecard.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql-action\/upload-sarif:github\/codeql-action\/upload-sarif:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql-action\/upload-sarif:github\/codeql_action\/upload_sarif:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql_action\/upload_sarif:github\/codeql-action\/upload-sarif:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql_action\/upload_sarif:github\/codeql_action\/upload_sarif:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql-action\/upload:github\/codeql-action\/upload-sarif:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql-action\/upload:github\/codeql_action\/upload_sarif:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql_action\/upload:github\/codeql-action\/upload-sarif:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql_action\/upload:github\/codeql_action\/upload_sarif:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql:github\/codeql-action\/upload-sarif:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql:github\/codeql_action\/upload_sarif:v3.26.2:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/github/codeql-action@v3.26.2#upload-sarif

##### Package: github/codeql-action/upload-sarif

PackageName: github/codeql-action/upload-sarif
SPDXID: SPDXRef-Package-github-action-github-codeql-action-upload-sarif-75f73da96f71ee7c
PackageVersion: v3.26.2
PackageSupplier: Organization: github
PackageOriginator: Organization: github
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/eslint.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql-action\/upload-sarif:github\/codeql-action\/upload-sarif:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql-action\/upload-sarif:github\/codeql_action\/upload_sarif:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql_action\/upload_sarif:github\/codeql-action\/upload-sarif:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql_action\/upload_sarif:github\/codeql_action\/upload_sarif:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql-action\/upload:github\/codeql-action\/upload-sarif:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql-action\/upload:github\/codeql_action\/upload_sarif:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql_action\/upload:github\/codeql-action\/upload-sarif:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql_action\/upload:github\/codeql_action\/upload_sarif:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql:github\/codeql-action\/upload-sarif:v3.26.2:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:github\/codeql:github\/codeql_action\/upload_sarif:v3.26.2:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/github/codeql-action@v3.26.2#upload-sarif

##### Package: ossf/scorecard-action

PackageName: ossf/scorecard-action
SPDXID: SPDXRef-Package-github-action-ossf-scorecard-action-142bdff2ea5952fc
PackageVersion: v2.4.3
PackageSupplier: Organization: ossf
PackageOriginator: Organization: ossf
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/scorecard.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ossf\/scorecard-action:ossf\/scorecard-action:v2.4.3:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ossf\/scorecard-action:ossf\/scorecard_action:v2.4.3:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ossf\/scorecard_action:ossf\/scorecard-action:v2.4.3:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ossf\/scorecard_action:ossf\/scorecard_action:v2.4.3:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ossf\/scorecard:ossf\/scorecard-action:v2.4.3:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ossf\/scorecard:ossf\/scorecard_action:v2.4.3:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/ossf/scorecard-action@v2.4.3

##### Package: shivammathur/setup-php

PackageName: shivammathur/setup-php
SPDXID: SPDXRef-Package-github-action-shivammathur-setup-php-34efc6acafb66bb3
PackageVersion: accd6127cb78bee3e8082180cb391013d204ef9f
PackageSupplier: Organization: shivammathur
PackageOriginator: Organization: shivammathur
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/phan-php-code-analysis.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:shivammathur\/setup-php:shivammathur\/setup-php:accd6127cb78bee3e8082180cb391013d204ef9f:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:shivammathur\/setup-php:shivammathur\/setup_php:accd6127cb78bee3e8082180cb391013d204ef9f:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:shivammathur\/setup_php:shivammathur\/setup-php:accd6127cb78bee3e8082180cb391013d204ef9f:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:shivammathur\/setup_php:shivammathur\/setup_php:accd6127cb78bee3e8082180cb391013d204ef9f:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:shivammathur\/setup:shivammathur\/setup-php:accd6127cb78bee3e8082180cb391013d204ef9f:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:shivammathur\/setup:shivammathur\/setup_php:accd6127cb78bee3e8082180cb391013d204ef9f:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f

##### Package: step-security/harden-runner

PackageName: step-security/harden-runner
SPDXID: SPDXRef-Package-github-action-step-security-harden-runner-23bb26552be8b004
PackageVersion: v2.19.1
PackageSupplier: Organization: step-security
PackageOriginator: Organization: step-security
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/generator-generic-ossf-slsa3-publish.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden-runner:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden-runner:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden_runner:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden_runner:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/step-security/harden-runner@v2.19.1

##### Package: step-security/harden-runner

PackageName: step-security/harden-runner
SPDXID: SPDXRef-Package-github-action-step-security-harden-runner-2c0e1d59fa51ae62
PackageVersion: v2.19.1
PackageSupplier: Organization: step-security
PackageOriginator: Organization: step-security
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/count_lines_of_code.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden-runner:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden-runner:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden_runner:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden_runner:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/step-security/harden-runner@v2.19.1

##### Package: step-security/harden-runner

PackageName: step-security/harden-runner
SPDXID: SPDXRef-Package-github-action-step-security-harden-runner-5bb383629006377e
PackageVersion: v2.19.1
PackageSupplier: Organization: step-security
PackageOriginator: Organization: step-security
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/scorecard.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden-runner:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden-runner:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden_runner:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden_runner:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/step-security/harden-runner@v2.19.1

##### Package: step-security/harden-runner

PackageName: step-security/harden-runner
SPDXID: SPDXRef-Package-github-action-step-security-harden-runner-757560a1901d4a9a
PackageVersion: v2.19.1
PackageSupplier: Organization: step-security
PackageOriginator: Organization: step-security
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/dependency-review.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden-runner:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden-runner:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden_runner:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden_runner:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/step-security/harden-runner@v2.19.1

##### Package: step-security/harden-runner

PackageName: step-security/harden-runner
SPDXID: SPDXRef-Package-github-action-step-security-harden-runner-962c7e163bc111d9
PackageVersion: v2.19.1
PackageSupplier: Organization: step-security
PackageOriginator: Organization: step-security
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/trivy-vulnerability-scans.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden-runner:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden-runner:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden_runner:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden_runner:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/step-security/harden-runner@v2.19.1

##### Package: step-security/harden-runner

PackageName: step-security/harden-runner
SPDXID: SPDXRef-Package-github-action-step-security-harden-runner-b3e7cb73635f70ea
PackageVersion: v2.19.1
PackageSupplier: Organization: step-security
PackageOriginator: Organization: step-security
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/eslint.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden-runner:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden-runner:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden_runner:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden_runner:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/step-security/harden-runner@v2.19.1

##### Package: step-security/harden-runner

PackageName: step-security/harden-runner
SPDXID: SPDXRef-Package-github-action-step-security-harden-runner-b65a87195ea088ae
PackageVersion: v2.19.1
PackageSupplier: Organization: step-security
PackageOriginator: Organization: step-security
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/sbom-generation.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden-runner:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden-runner:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden_runner:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden_runner:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/step-security/harden-runner@v2.19.1

##### Package: step-security/harden-runner

PackageName: step-security/harden-runner
SPDXID: SPDXRef-Package-github-action-step-security-harden-runner-e3db744a067d29e4
PackageVersion: v2.19.1
PackageSupplier: Organization: step-security
PackageOriginator: Organization: step-security
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/codeql.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden-runner:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden-runner:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden_runner:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden_runner:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step-security\/harden:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step_security\/harden:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step:step-security\/harden-runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:step:step_security\/harden_runner:v2.19.1:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/step-security/harden-runner@v2.19.1

##### Package: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml

PackageName: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml
SPDXID: SPDXRef-Package-github-action-workflow-slsa-framework-slsa-github-generator-.github-workflows-generator-generic-slsa3.yml-a10c50abc71928da
PackageVersion: v2.1.0
PackageSupplier: Organization: slsa-framework
PackageOriginator: Organization: slsa-framework
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageSourceInfo: acquired package info from GitHub Actions workflow file or composite action file: /.github/workflows/generator-generic-ossf-slsa3-publish.yml
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator-generic-slsa3.yml:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator-generic-slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator-generic-slsa3.yml:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator_generic_slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator-generic-slsa3.yml:slsa_framework\/slsa_github_generator\/.github\/workflows\/generator_generic_slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator_generic_slsa3.yml:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator-generic-slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator_generic_slsa3.yml:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator_generic_slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator_generic_slsa3.yml:slsa_framework\/slsa_github_generator\/.github\/workflows\/generator_generic_slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa_framework\/slsa_github_generator\/.github\/workflows\/generator_generic_slsa3.yml:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator-generic-slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa_framework\/slsa_github_generator\/.github\/workflows\/generator_generic_slsa3.yml:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator_generic_slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa_framework\/slsa_github_generator\/.github\/workflows\/generator_generic_slsa3.yml:slsa_framework\/slsa_github_generator\/.github\/workflows\/generator_generic_slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator-generic:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator-generic-slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator-generic:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator_generic_slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator-generic:slsa_framework\/slsa_github_generator\/.github\/workflows\/generator_generic_slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator_generic:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator-generic-slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator_generic:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator_generic_slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator_generic:slsa_framework\/slsa_github_generator\/.github\/workflows\/generator_generic_slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa_framework\/slsa_github_generator\/.github\/workflows\/generator_generic:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator-generic-slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa_framework\/slsa_github_generator\/.github\/workflows\/generator_generic:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator_generic_slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa_framework\/slsa_github_generator\/.github\/workflows\/generator_generic:slsa_framework\/slsa_github_generator\/.github\/workflows\/generator_generic_slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator-generic-slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator_generic_slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator:slsa_framework\/slsa_github_generator\/.github\/workflows\/generator_generic_slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa_framework\/slsa_github_generator\/.github\/workflows\/generator:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator-generic-slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa_framework\/slsa_github_generator\/.github\/workflows\/generator:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator_generic_slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa_framework\/slsa_github_generator\/.github\/workflows\/generator:slsa_framework\/slsa_github_generator\/.github\/workflows\/generator_generic_slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa-framework\/slsa-github:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator-generic-slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa-framework\/slsa-github:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator_generic_slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa-framework\/slsa-github:slsa_framework\/slsa_github_generator\/.github\/workflows\/generator_generic_slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa_framework\/slsa_github:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator-generic-slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa_framework\/slsa_github:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator_generic_slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa_framework\/slsa_github:slsa_framework\/slsa_github_generator\/.github\/workflows\/generator_generic_slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa-framework\/slsa:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator-generic-slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa-framework\/slsa:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator_generic_slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa-framework\/slsa:slsa_framework\/slsa_github_generator\/.github\/workflows\/generator_generic_slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa_framework\/slsa:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator-generic-slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa_framework\/slsa:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator_generic_slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa_framework\/slsa:slsa_framework\/slsa_github_generator\/.github\/workflows\/generator_generic_slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator-generic-slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa:slsa-framework\/slsa-github-generator\/.github\/workflows\/generator_generic_slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: SECURITY cpe23Type cpe:2.3:a:slsa:slsa_framework\/slsa_github_generator\/.github\/workflows\/generator_generic_slsa3.yml:v2.1.0:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:github/slsa-framework/slsa-github-generator@v2.1.0#.github/workflows/generator_generic_slsa3.yml

##### Relationships

Relationship: SPDXRef-Package-github-action-ossf-scorecard-action-142bdff2ea5952fc OTHER SPDXRef-File-.github-workflows-scorecard.yml-f175f3b2ff568407
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-actions-upload-artifact-1d6a560f3b077fc2 OTHER SPDXRef-File-...workflows-phan-php-code-analysis.yml-f491971c6a8f2d00
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-actions-checkout-1e76c638c42e671c OTHER SPDXRef-File-...workflows-phan-php-code-analysis.yml-f491971c6a8f2d00
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-step-security-harden-runner-23bb26552be8b004 OTHER SPDXRef-File-...generator-generic-ossf-slsa3-publish.yml-4ee1db3149884070
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-step-security-harden-runner-2c0e1d59fa51ae62 OTHER SPDXRef-File-...workflows-count-lines-of-code.yml-ca4bba1469643f65
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-actions-checkout-2d333b1298a44f88 OTHER SPDXRef-File-.github-workflows-eslint.yml-f9fe3691a8816215
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-shivammathur-setup-php-34efc6acafb66bb3 OTHER SPDXRef-File-...workflows-phan-php-code-analysis.yml-f491971c6a8f2d00
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-actions-checkout-36d5f3eea8347bd4 OTHER SPDXRef-File-...workflows-count-lines-of-code.yml-ca4bba1469643f65
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-actions-upload-artifact-394670b0b04bea6f OTHER SPDXRef-File-...trivy-vulnerability-scans.yml-2edd8745af40f05e
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-github-codeql-action-analyze-3956f5961bfcf596 OTHER SPDXRef-File-.github-workflows-codeql.yml-f4fe0eee66e1ba99
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-github-codeql-action-upload-sarif-3a9474dca9217bbb OTHER SPDXRef-File-.github-workflows-scorecard.yml-f175f3b2ff568407
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-actions-dependency-review-action-3f2ba4e27b5bfb0a OTHER SPDXRef-File-...workflows-dependency-review.yml-11769e63aa84e323
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-docker-setup-qemu-action-4b039c32531aa404 OTHER SPDXRef-File-...workflows-docker-multiarch-build.yml-4687f6b3a8798af9
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-step-security-harden-runner-5bb383629006377e OTHER SPDXRef-File-.github-workflows-scorecard.yml-f175f3b2ff568407
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-aquasecurity-trivy-action-60fdf0d4129e0929 OTHER SPDXRef-File-...trivy-vulnerability-scans.yml-2edd8745af40f05e
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-actions-upload-artifact-68c862711aa2ee2b OTHER SPDXRef-File-...workflows-count-lines-of-code.yml-ca4bba1469643f65
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-actions-deploy-pages-6c98088196e3270a OTHER SPDXRef-File-.github-workflows-sbom-generation.yml-eb17d210499e9f61
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-actions-setup-node-72d20634c018c750 OTHER SPDXRef-File-...workflows-count-lines-of-code.yml-ca4bba1469643f65
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-github-codeql-action-init-7417d2a3fc5800c4 OTHER SPDXRef-File-.github-workflows-codeql.yml-f4fe0eee66e1ba99
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-actions-checkout-74f73e01d4beeab7 OTHER SPDXRef-File-...trivy-vulnerability-scans.yml-2edd8745af40f05e
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-step-security-harden-runner-757560a1901d4a9a OTHER SPDXRef-File-...workflows-dependency-review.yml-11769e63aa84e323
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-github-codeql-action-upload-sarif-75f73da96f71ee7c OTHER SPDXRef-File-.github-workflows-eslint.yml-f9fe3691a8816215
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-github-codeql-action-autobuild-78e33e01051e9dd9 OTHER SPDXRef-File-.github-workflows-codeql.yml-f4fe0eee66e1ba99
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-docker-login-action-81a0cd414d9ff13a OTHER SPDXRef-File-...workflows-docker-multiarch-build.yml-4687f6b3a8798af9
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-actions-checkout-85281977c9cc65c0 OTHER SPDXRef-File-...workflows-dependency-review.yml-11769e63aa84e323
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-step-security-harden-runner-962c7e163bc111d9 OTHER SPDXRef-File-...trivy-vulnerability-scans.yml-2edd8745af40f05e
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-actions-upload-artifact-9a7f6c34be2cf71c OTHER SPDXRef-File-.github-workflows-scorecard.yml-f175f3b2ff568407
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-actions-upload-pages-artifact-9e6b749f1f2ebf18 OTHER SPDXRef-File-.github-workflows-sbom-generation.yml-eb17d210499e9f61
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-actions-configure-pages-a07043ff73347682 OTHER SPDXRef-File-.github-workflows-sbom-generation.yml-eb17d210499e9f61
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-workflow-slsa-framework-slsa-github-generator-.github-workflows-generator-generic-slsa3.yml-a10c50abc71928da OTHER SPDXRef-File-...generator-generic-ossf-slsa3-publish.yml-4ee1db3149884070
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-docker-build-push-action-a3007dc6c19ae9bd OTHER SPDXRef-File-...workflows-docker-multiarch-build.yml-4687f6b3a8798af9
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-step-security-harden-runner-b3e7cb73635f70ea OTHER SPDXRef-File-.github-workflows-eslint.yml-f9fe3691a8816215
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-step-security-harden-runner-b65a87195ea088ae OTHER SPDXRef-File-.github-workflows-sbom-generation.yml-eb17d210499e9f61
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-actions-checkout-bf3797e407aa74c9 OTHER SPDXRef-File-...workflows-docker-multiarch-build.yml-4687f6b3a8798af9
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-actions-checkout-c54900e5dbc0ecae OTHER SPDXRef-File-.github-workflows-sbom-generation.yml-eb17d210499e9f61
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-docker-setup-buildx-action-cd6616c842eaf2da OTHER SPDXRef-File-...workflows-docker-multiarch-build.yml-4687f6b3a8798af9
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-actions-checkout-db145f0c74b08b12 OTHER SPDXRef-File-.github-workflows-codeql.yml-f4fe0eee66e1ba99
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-step-security-harden-runner-e3db744a067d29e4 OTHER SPDXRef-File-.github-workflows-codeql.yml-f4fe0eee66e1ba99
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-actions-checkout-e5c5af7ba135b231 OTHER SPDXRef-File-...generator-generic-ossf-slsa3-publish.yml-4ee1db3149884070
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-Package-github-action-actions-checkout-ec77cd62600ce9c1 OTHER SPDXRef-File-.github-workflows-scorecard.yml-f175f3b2ff568407
RelationshipComment: evident-by: indicates the package's existence is evident by the given file
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-actions-checkout-bf3797e407aa74c9
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-actions-checkout-1e76c638c42e671c
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-actions-checkout-db145f0c74b08b12
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-actions-checkout-36d5f3eea8347bd4
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-actions-checkout-85281977c9cc65c0
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-actions-checkout-2d333b1298a44f88
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-actions-checkout-e5c5af7ba135b231
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-actions-checkout-c54900e5dbc0ecae
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-actions-checkout-ec77cd62600ce9c1
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-actions-checkout-74f73e01d4beeab7
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-actions-configure-pages-a07043ff73347682
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-actions-dependency-review-action-3f2ba4e27b5bfb0a
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-actions-deploy-pages-6c98088196e3270a
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-actions-setup-node-72d20634c018c750
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-actions-upload-artifact-68c862711aa2ee2b
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-actions-upload-artifact-1d6a560f3b077fc2
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-actions-upload-artifact-394670b0b04bea6f
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-actions-upload-artifact-9a7f6c34be2cf71c
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-actions-upload-pages-artifact-9e6b749f1f2ebf18
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-aquasecurity-trivy-action-60fdf0d4129e0929
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-docker-build-push-action-a3007dc6c19ae9bd
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-docker-login-action-81a0cd414d9ff13a
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-docker-setup-buildx-action-cd6616c842eaf2da
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-docker-setup-qemu-action-4b039c32531aa404
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-github-codeql-action-analyze-3956f5961bfcf596
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-github-codeql-action-autobuild-78e33e01051e9dd9
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-github-codeql-action-init-7417d2a3fc5800c4
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-github-codeql-action-upload-sarif-75f73da96f71ee7c
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-github-codeql-action-upload-sarif-3a9474dca9217bbb
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-ossf-scorecard-action-142bdff2ea5952fc
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-shivammathur-setup-php-34efc6acafb66bb3
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-workflow-slsa-framework-slsa-github-generator-.github-workflows-generator-generic-slsa3.yml-a10c50abc71928da
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-step-security-harden-runner-e3db744a067d29e4
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-step-security-harden-runner-2c0e1d59fa51ae62
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-step-security-harden-runner-757560a1901d4a9a
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-step-security-harden-runner-b3e7cb73635f70ea
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-step-security-harden-runner-23bb26552be8b004
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-step-security-harden-runner-b65a87195ea088ae
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-step-security-harden-runner-5bb383629006377e
Relationship: SPDXRef-DocumentRoot-Directory-. CONTAINS SPDXRef-Package-github-action-step-security-harden-runner-962c7e163bc111d9
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-DocumentRoot-Directory-.

