chore(sbom): add system-level tool dependency manifest
Captures k3s, helm, kubectl, goss, sops, and age as direct tool dependencies for railiance-cluster. Versions are unresolved (confidence: low) — no version pins exist in the repo yet. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
2acc06f466
commit
6431bfab79
1 changed files with 52 additions and 0 deletions
52
sbom-tools.yaml
Normal file
52
sbom-tools.yaml
Normal file
|
|
@ -0,0 +1,52 @@
|
|||
# sbom-tools.yaml — system-level tool dependencies for railiance-cluster
|
||||
# Generated by sbom-capture-agent on 2026-03-12
|
||||
# Review each entry before committing. Entries with confidence: low need human verification.
|
||||
#
|
||||
# NOT included here (covered by other parsers):
|
||||
# - ansible / ansible-core Python packages → uv.lock
|
||||
#
|
||||
# Note: ansible is installed via uv (see uv.lock) — versions 12.3.0 / 13.4.0 depending
|
||||
# on Python version. Listed here as a system-level runtime tool for completeness; the
|
||||
# uv.lock entry is the authoritative version source.
|
||||
tools:
|
||||
- name: k3s
|
||||
version: null # confidence: low (referenced in Makefile and CLAUDE.md; no version pin found)
|
||||
ecosystem: tool
|
||||
license_spdx: Apache-2.0
|
||||
is_direct: true
|
||||
is_dev: false
|
||||
|
||||
- name: helm
|
||||
version: null # confidence: low (referenced in bin/railiance and Makefile; no version pin)
|
||||
ecosystem: tool
|
||||
license_spdx: Apache-2.0
|
||||
is_direct: true
|
||||
is_dev: false
|
||||
|
||||
- name: kubectl
|
||||
version: null # confidence: low (referenced in bin/railiance dispatcher; no version pin)
|
||||
ecosystem: tool
|
||||
license_spdx: Apache-2.0
|
||||
is_direct: true
|
||||
is_dev: false
|
||||
|
||||
- name: goss
|
||||
version: null # confidence: low (referenced in Makefile verify targets; no version pin)
|
||||
ecosystem: tool
|
||||
license_spdx: Apache-2.0
|
||||
is_direct: true
|
||||
is_dev: true
|
||||
|
||||
- name: sops
|
||||
version: null # confidence: low (referenced via railiance-doctor check; no version pin)
|
||||
ecosystem: tool
|
||||
license_spdx: MPL-2.0
|
||||
is_direct: true
|
||||
is_dev: false
|
||||
|
||||
- name: age
|
||||
version: null # confidence: low (referenced via railiance-doctor check; no version pin)
|
||||
ecosystem: tool
|
||||
license_spdx: BSD-3-Clause
|
||||
is_direct: true
|
||||
is_dev: false
|
||||
Loading…
Add table
Add a link
Reference in a new issue