Software Bill of Materials (SBOM)
Build Information
- Generated: 2025-08-15 08:04:52 UTC
- Repository: habhabhabs/inventag-aws
- Branch: main
- Commit:
2ca92ee065a3fde775ff16faa1a0251cc11341f6
📋 Components Overview
Repository Components
Total Components: 1200
| Component | Version | Type | License |
|---|---|---|---|
| @algolia/abtesting | 1.1.0 | npm | MIT |
| @algolia/autocomplete-core | 1.17.9 | npm | MIT |
| @algolia/autocomplete-plugin-algolia-insights | 1.17.9 | npm | MIT |
| @algolia/autocomplete-preset-algolia | 1.17.9 | npm | MIT |
| @algolia/autocomplete-shared | 1.17.9 | npm | MIT |
| @algolia/client-abtesting | 5.35.0 | npm | MIT |
| @algolia/client-analytics | 5.35.0 | npm | MIT |
| @algolia/client-common | 5.35.0 | npm | MIT |
| @algolia/client-insights | 5.35.0 | npm | MIT |
| @algolia/client-personalization | 5.35.0 | npm | MIT |
| @algolia/client-query-suggestions | 5.35.0 | npm | MIT |
| @algolia/client-search | 5.35.0 | npm | MIT |
| @algolia/events | 4.0.1 | npm | MIT |
| @algolia/ingestion | 1.35.0 | npm | MIT |
| @algolia/monitoring | 1.35.0 | npm | MIT |
| @algolia/recommend | 5.35.0 | npm | MIT |
| @algolia/requester-browser-xhr | 5.35.0 | npm | MIT |
| @algolia/requester-fetch | 5.35.0 | npm | MIT |
| @algolia/requester-node-http | 5.35.0 | npm | MIT |
| @ampproject/remapping | 2.3.0 | npm | Apache-2.0 |
| No components found | - | - | - |
note
Showing first 20 components. Download the full SBOM JSON file below for complete details.
Python Dependencies
Python Packages: 59
| Package | Version | License | Scope |
|---|---|---|---|
| PyYAML | 6.0.2 | MIT | required |
| SecretStorage | 3.3.3 | License :: OSI Approved :: BSD License | required |
| arrow | 1.3.0 | License :: OSI Approved :: Apache Software License | required |
| attrs | 25.3.0 | MIT | required |
| boolean.py | 5.0 | BSD-2-Clause | required |
| boto3 | 1.40.10 | License :: OSI Approved :: Apache Software License | required |
| botocore | 1.40.10 | License :: OSI Approved :: Apache Software License | required |
| certifi | 2025.8.3 | MPL-2.0 | required |
| cffi | 1.17.1 | MIT | required |
| chardet | 5.2.0 | License :: OSI Approved :: GNU Lesser General Public License v2 or later (LGPLv2+) | required |
| charset-normalizer | 3.4.3 | MIT | required |
| colorama | 0.4.6 | License :: OSI Approved :: BSD License | required |
| cryptography | 45.0.6 | Unknown | required |
| cyclonedx-bom | 7.0.0 | Apache-2.0 | required |
| cyclonedx-python-lib | 10.5.0 | Apache-2.0 | required |
Node.js Dependencies (Website)
Node.js Packages: 1050
| Package | Version | License | Type |
|---|---|---|---|
| core | 3.8.1 | MIT | required |
| module-type-aliases | 3.8.1 | MIT | required |
| preset-classic | 3.8.1 | MIT | required |
| types | 3.8.1 | MIT | required |
| docusaurus-search-local | 0.52.1 | MIT | required |
| react | 3.1.0 | MIT | required |
| clsx | 2.1.1 | MIT | required |
| prism-react-renderer | 2.4.1 | MIT | required |
| react-dom | 19.1.1 | MIT | required |
| react | 19.1.1 | MIT | required |
| babel | 3.8.1 | MIT | required |
| bundler | 3.8.1 | MIT | required |
| logger | 3.8.1 | MIT | required |
| mdx-loader | 3.8.1 | MIT | required |
| utils-common | 3.8.1 | MIT | required |
| No Node.js packages found | - | - | - |
🔍 Security Analysis
Known Vulnerabilities
| Severity | Count |
|---|---|
| 🔴 Critical | 0 |
| 🟠 High | 1 |
| 🟡 Medium | 2 |
| 🟢 Low | 0 |
Top Vulnerabilities
| CVE ID | Severity | Package | Version | Description |
|---|---|---|---|---|
| GHSA-4v9v-hfq4-rm2v | Medium | webpack-dev-server | 4.15.2 | webpack-dev-server users' source code may be stolen when they access a malicious web site |
| GHSA-9jgg-88mc-972h | Medium | webpack-dev-server | 4.15.2 | webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser |
| GHSA-cxww-7g56-2vh6 | High | actions/download-artifact | v4 | @actions/download-artifact has an Arbitrary File Write via artifact extraction |
📥 Download SBOM Files
Raw SBOM Files
| Format | File | Description |
|---|---|---|
| JSON (Syft) | current-sbom.json | Complete repository component analysis |
| CycloneDX | current-sbom-cyclonedx.json | Industry-standard SBOM format |
| SPDX | current-sbom-spdx.json | Software Package Data Exchange format |
| Python (Environment) | python-sbom.json | Python dependencies from environment |
| Python (Exact Versions) | python-freeze-sbom.json | Python dependencies with exact versions |
| Node.js (CycloneDX) | nodejs-website-sbom.json | Website dependencies |
Formatted Files (Human-Readable)
| Format | File | Description |
|---|---|---|
| JSON (Formatted) | current-sbom-formatted.json | Pretty-printed JSON for manual review |
| Python (Formatted) | python-sbom-formatted.json | Formatted Python dependencies |
| Python Freeze (Formatted) | python-freeze-sbom-formatted.json | Formatted exact version dependencies |
| Node.js (Formatted) | nodejs-website-sbom-formatted.json | Formatted website dependencies |
| Vulnerabilities | vulnerabilities-formatted.json | Security vulnerability report |
🔧 Usage & Integration
Integration Benefits
This SBOM is automatically generated and integrated into the documentation build process, providing:
- Real-time dependency tracking - Updated with every build
- Vulnerability monitoring - Automatic security scanning with Grype
- Compliance documentation - Standard SBOM formats (CycloneDX, SPDX)
- Version-specific tracking - Historical dependency changes
- Supply chain transparency - Complete visibility into dependencies
Use Cases
Download and analyze the SBOM files to:
- Security Teams: Identify vulnerabilities and plan remediation
- Compliance Teams: Generate compliance reports and audits
- Development Teams: Track dependency changes and licenses
- DevOps Teams: Integrate into CI/CD pipelines for automated scanning
- Legal Teams: Analyze licensing compliance and obligations
This SBOM summary is automatically updated with every documentation build.