Software Bill of Materials

What is it?

The Software Bill of Materials (SBOM) is an inventory of components used in building Synadia Platform. The SBOM provides transparency into software dependencies, including versions and licensing, and allows for easier compliance and vulnerability identification.

Each platform component publishes its SBOM in the SPDX format as a release asset in the linked repository. For a simpler view, each component below includes a table of all the dependencies for a build of the current release.

NATS

nats-io/nats-server

License	Dependencies
Apache-2.0	6 dependencies github.com/klauspost/compress github.com/minio/highwayhash github.com/nats-io/jwt/v2 github.com/nats-io/nats-server/v2 github.com/nats-io/nkeys github.com/nats-io/nuid
BSD-3-Clause	5 dependencies github.com/klauspost/compress github.com/nats-io/nats-server/v2 golang.org/x/crypto golang.org/x/sys golang.org/x/time
MIT	3 dependencies github.com/antithesishq/antithesis-sdk-go github.com/klauspost/compress go.uber.org/automaxprocs

Control Plane

synadia-io/control-plane

License	Dependencies
Apache-2.0	149 dependencies cloud.google.com/go/auth cloud.google.com/go/auth/oauth2adapt cloud.google.com/go/compute/metadata cloud.google.com/go/iam cloud.google.com/go/kms cloud.google.com/go/longrunning cuelang.org/go github.com/Masterminds/goutils github.com/aws/aws-sdk-go github.com/aws/aws-sdk-go-v2 github.com/aws/aws-sdk-go-v2/config github.com/aws/aws-sdk-go-v2/credentials github.com/aws/aws-sdk-go-v2/feature/ec2/imds github.com/aws/aws-sdk-go-v2/internal/configsources github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 github.com/aws/aws-sdk-go-v2/internal/ini github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding github.com/aws/aws-sdk-go-v2/service/internal/presigned-url github.com/aws/aws-sdk-go-v2/service/kms github.com/aws/aws-sdk-go-v2/service/sso github.com/aws/aws-sdk-go-v2/service/ssooidc github.com/aws/aws-sdk-go-v2/service/sts github.com/aws/smithy-go github.com/cockroachdb/apd/v3 github.com/cockroachdb/cockroach-go/v2 github.com/containerd/containerd github.com/containerd/continuity github.com/containerd/errdefs github.com/containerd/log github.com/containerd/platforms github.com/coreos/go-oidc/v3 github.com/dgraph-io/ristretto github.com/docker/cli github.com/docker/docker github.com/docker/go-connections github.com/docker/go-units github.com/go-ini/ini github.com/go-jose/go-jose/v3 github.com/go-jose/go-jose/v4 github.com/go-logr/logr github.com/go-logr/stdr github.com/go-openapi/errors github.com/go-openapi/jsonpointer github.com/go-openapi/jsonreference github.com/go-openapi/strfmt github.com/go-openapi/swag github.com/golang/glog github.com/google/btree github.com/google/gnostic-models github.com/google/go-jsonnet github.com/google/go-tpm github.com/google/s2a-go github.com/google/shlex github.com/google/wire github.com/googleapis/enterprise-certificate-proxy github.com/grpc-ecosystem/go-grpc-prometheus github.com/jmespath/go-jmespath github.com/jonboulle/clockwork github.com/klauspost/compress github.com/kylelemons/godebug github.com/minio/highwayhash github.com/moby/docker-image-spec github.com/moby/spdystream github.com/moby/sys/user github.com/moby/term github.com/modern-go/concurrent github.com/modern-go/reflect2 github.com/nats-io/jsm.go github.com/nats-io/jwt/v2 github.com/nats-io/nats-server/v2 github.com/nats-io/nats-surveyor github.com/nats-io/nats.go github.com/nats-io/nkeys github.com/nats-io/nuid github.com/oklog/ulid github.com/open-policy-agent/opa github.com/opencontainers/go-digest github.com/opencontainers/image-spec github.com/opencontainers/runc github.com/openzipkin/zipkin-go github.com/ory/dockertest/v3 github.com/ory/herodot github.com/ory/hydra-client-go/v2 github.com/ory/kratos github.com/ory/kratos-client-go github.com/ory/x github.com/pelletier/go-toml github.com/petermattis/goid github.com/pquerna/otp github.com/prometheus/client_golang github.com/prometheus/client_model github.com/prometheus/common github.com/prometheus/procfs github.com/santhosh-tekuri/jsonschema/v6 github.com/sasha-s/go-deadlock github.com/sethvargo/go-retry github.com/spf13/cobra github.com/synadia-io/orbit.go/natsext github.com/xeipuuv/gojsonpointer github.com/xeipuuv/gojsonreference github.com/xeipuuv/gojsonschema github.com/yashtewari/glob-intersection github.com/zmb3/spotify/v2 go.mongodb.org/mongo-driver go.opentelemetry.io/auto/sdk go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp go.opentelemetry.io/contrib/propagators/b3 go.opentelemetry.io/contrib/propagators/jaeger go.opentelemetry.io/contrib/samplers/jaegerremote go.opentelemetry.io/otel go.opentelemetry.io/otel/exporters/jaeger go.opentelemetry.io/otel/exporters/otlp/otlptrace go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp go.opentelemetry.io/otel/exporters/zipkin go.opentelemetry.io/otel/metric go.opentelemetry.io/otel/sdk go.opentelemetry.io/otel/sdk/metric go.opentelemetry.io/otel/trace go.opentelemetry.io/proto/otlp go.yaml.in/yaml/v2 go.yaml.in/yaml/v3 gocloud.dev google.golang.org/genproto google.golang.org/genproto/googleapis/api google.golang.org/genproto/googleapis/rpc google.golang.org/grpc gopkg.in/yaml.v2 gopkg.in/yaml.v3 helm.sh/helm/v3 k8s.io/api k8s.io/apiextensions-apiserver k8s.io/apimachinery k8s.io/apiserver k8s.io/cli-runtime k8s.io/client-go k8s.io/component-base k8s.io/klog/v2 k8s.io/kube-openapi k8s.io/kubectl k8s.io/utils oras.land/oras-go/v2 sigs.k8s.io/json sigs.k8s.io/kustomize/api sigs.k8s.io/kustomize/kyaml sigs.k8s.io/randfill sigs.k8s.io/structured-merge-diff/v6 sigs.k8s.io/yaml
BSD-2-Clause	10 dependencies github.com/go-webauthn/x github.com/gobuffalo/github_flavored_markdown github.com/gorilla/websocket github.com/ory/dockertest/v3 github.com/pkg/browser github.com/pkg/errors github.com/russross/blackfriday/v2 github.com/slack-go/slack github.com/volatiletech/null/v8 github.com/zeebo/xxh3
BSD-2-Clause-Views	2 dependencies github.com/Nvveen/Gotty github.com/rcrowley/go-metrics
BSD-3-Clause	82 dependencies cuelang.org/go dario.cat/mergo filippo.io/edwards25519 github.com/arbovm/levenshtein github.com/aws/aws-sdk-go github.com/aws/aws-sdk-go-v2 github.com/aws/smithy-go github.com/bwmarrin/discordgo github.com/chai2010/gettext-go github.com/cyphar/filepath-securejoin github.com/ericlagergren/decimal github.com/evanphx/json-patch github.com/evanphx/json-patch/v5 github.com/fsnotify/fsnotify github.com/go-crypt/x github.com/go-jose/go-jose/v3 github.com/go-jose/go-jose/v4 github.com/go-json-experiment/json github.com/go-webauthn/webauthn github.com/go-webauthn/x github.com/gogo/protobuf github.com/golang/gddo github.com/golang/protobuf github.com/google/go-github/v38 github.com/google/go-querystring github.com/google/uuid github.com/googleapis/gax-go/v2 github.com/gorilla/css github.com/gorilla/securecookie github.com/grpc-ecosystem/grpc-gateway/v2 github.com/inhies/go-bytesize github.com/julienschmidt/httprouter github.com/klauspost/compress github.com/liggitt/tabwriter github.com/microcosm-cc/bluemonday github.com/munnerz/goautoneg github.com/mxk/go-flowrate github.com/nats-io/nats-server/v2 github.com/open-policy-agent/opa github.com/ory/jsonschema/v3 github.com/ory/sessions github.com/phayes/freeport github.com/pmezard/go-difflib github.com/prometheus/client_golang github.com/rogpeppe/go-internal github.com/seatgeek/logrus-gelf-formatter github.com/sourcegraph/annotate github.com/sourcegraph/syntaxhighlight github.com/spf13/pflag github.com/ulikunitz/xz github.com/vektah/gqlparser/v2 github.com/volatiletech/randomize github.com/volatiletech/sqlboiler/v4 github.com/volatiletech/strmangle go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp go.opentelemetry.io/otel go.opentelemetry.io/otel/exporters/jaeger go.opentelemetry.io/otel/metric go.opentelemetry.io/otel/sdk go.opentelemetry.io/otel/sdk/metric go.opentelemetry.io/otel/trace golang.org/x/crypto golang.org/x/exp golang.org/x/mod golang.org/x/net golang.org/x/oauth2 golang.org/x/sync golang.org/x/sys golang.org/x/term golang.org/x/text golang.org/x/time golang.org/x/xerrors google.golang.org/api google.golang.org/protobuf gopkg.in/evanphx/json-patch.v4 gopkg.in/inf.v0 k8s.io/apimachinery k8s.io/client-go k8s.io/kube-openapi k8s.io/utils sigs.k8s.io/json sigs.k8s.io/yaml
CC-BY-SA-4.0	1 dependency github.com/opencontainers/go-digest
CC0-1.0	1 dependency github.com/gtank/cryptopasta
ISC	1 dependency github.com/davecgh/go-spew
MIT	167 dependencies code.dny.dev/ssrf disorder.dev/shandler github.com/Azure/azure-sdk-for-go/sdk/azcore github.com/Azure/azure-sdk-for-go/sdk/azidentity github.com/Azure/azure-sdk-for-go/sdk/internal github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal github.com/AzureAD/microsoft-authentication-library-for-go github.com/BurntSushi/toml github.com/MakeNowJust/heredoc github.com/Masterminds/semver/v3 github.com/Masterminds/sprig/v3 github.com/Masterminds/squirrel github.com/agnivade/levenshtein github.com/antithesishq/antithesis-sdk-go github.com/antonfisher/nested-logrus-formatter github.com/asaskevich/govalidator github.com/avast/retry-go/v4 github.com/aymanbagabas/go-osc52/v2 github.com/aymerick/douceur github.com/beorn7/perks github.com/blang/semver/v4 github.com/boombuler/barcode github.com/cenkalti/backoff github.com/cenkalti/backoff/v4 github.com/cenkalti/backoff/v5 github.com/cespare/xxhash/v2 github.com/charmbracelet/colorprofile github.com/charmbracelet/lipgloss github.com/charmbracelet/x/ansi github.com/charmbracelet/x/cellbuf github.com/charmbracelet/x/term github.com/choria-io/fisk github.com/dghubble/oauth1 github.com/dgraph-io/ristretto github.com/docker/docker github.com/dustin/go-humanize github.com/emicklei/go-restful/v3 github.com/exponent-io/jsonpath github.com/expr-lang/expr github.com/fatih/color github.com/fatih/structs github.com/felixge/httpsnoop github.com/friendsofgo/errors github.com/fxamacker/cbor/v2 github.com/gabriel-vasile/mimetype github.com/go-chi/chi/v5 github.com/go-chi/httprate github.com/go-co-op/gocron/v2 github.com/go-crypt/crypt github.com/go-errors/errors github.com/go-faker/faker/v4 github.com/go-gorp/gorp/v3 github.com/go-playground/locales github.com/go-playground/universal-translator github.com/go-playground/validator/v10 github.com/go-viper/mapstructure/v2 github.com/gobuffalo/envy github.com/gobuffalo/fizz github.com/gobuffalo/flect github.com/gobuffalo/github_flavored_markdown github.com/gobuffalo/helpers github.com/gobuffalo/nulls github.com/gobuffalo/plush/v4 github.com/gobuffalo/pop/v6 github.com/gobuffalo/tags/v3 github.com/gobuffalo/validate/v3 github.com/gobwas/glob github.com/goccy/go-yaml github.com/gofrs/uuid github.com/golang-jwt/jwt/v4 github.com/golang-jwt/jwt/v5 github.com/gosuri/uitable github.com/gregjones/httpcache github.com/huandu/xstrings github.com/jackc/chunkreader/v2 github.com/jackc/pgconn github.com/jackc/pgio github.com/jackc/pgpassfile github.com/jackc/pgproto3/v2 github.com/jackc/pgservicefile github.com/jackc/pgtype github.com/jackc/pgx/v4 github.com/jackc/puddle/v2 github.com/jedib0t/go-pretty/v6 github.com/jellydator/ttlcache/v3 github.com/jmoiron/sqlx github.com/joho/godotenv github.com/josharian/intern github.com/json-iterator/go github.com/kballard/go-shellquote github.com/klauspost/compress github.com/klauspost/cpuid/v2 github.com/knadh/koanf/maps github.com/knadh/koanf/parsers/json github.com/knadh/koanf/parsers/toml github.com/knadh/koanf/parsers/yaml github.com/knadh/koanf/providers/posflag github.com/knadh/koanf/v2 github.com/laher/mergefs github.com/lann/builder github.com/lann/ps github.com/leodido/go-urn github.com/lestrrat-go/backoff/v2 github.com/lestrrat-go/blackmagic github.com/lestrrat-go/httpcc github.com/lestrrat-go/httprc/v3 github.com/lestrrat-go/iter github.com/lestrrat-go/jwx github.com/lestrrat-go/jwx/v3 github.com/lestrrat-go/option github.com/lestrrat-go/option/v2 github.com/lib/pq github.com/lucasb-eyer/go-colorful github.com/luna-duclos/instrumentedsql github.com/mailru/easyjson github.com/mattn/go-colorable github.com/mattn/go-isatty github.com/mattn/go-runewidth github.com/mfridman/interpolate github.com/mitchellh/copystructure github.com/mitchellh/go-wordwrap github.com/mitchellh/mapstructure github.com/mitchellh/reflectwalk github.com/mohae/deepcopy github.com/monochromegane/go-gitignore github.com/muesli/termenv github.com/nyaruka/phonenumbers github.com/ory/mail/v3 github.com/ory/nosurf github.com/ory/x github.com/pelletier/go-toml github.com/pelletier/go-toml/v2 github.com/peterbourgon/diskv github.com/peterhellberg/link github.com/pressly/goose/v3 github.com/rivo/uniseg github.com/robfig/cron/v3 github.com/rs/cors github.com/rubenv/sql-migrate github.com/samber/lo github.com/segmentio/ksuid github.com/sergi/go-diff github.com/shopspring/decimal github.com/sirupsen/logrus github.com/spf13/cast github.com/sqlc-dev/pqtype github.com/stretchr/testify github.com/tchap/go-patricia/v2 github.com/tidwall/gjson github.com/tidwall/match github.com/tidwall/pretty github.com/tidwall/sjson github.com/urfave/negroni github.com/valyala/fastjson github.com/vektah/gqlparser/v2 github.com/volatiletech/inflect github.com/wI2L/jsondiff github.com/x448/float16 github.com/xlab/treeprint github.com/xo/terminfo go.uber.org/multierr go.yaml.in/yaml/v3 gopkg.in/natefinch/lumberjack.v2 gopkg.in/yaml.v3 k8s.io/kube-openapi sigs.k8s.io/yaml
MPL-2.0	6 dependencies github.com/go-sql-driver/mysql github.com/hashicorp/errwrap github.com/hashicorp/go-cleanhttp github.com/hashicorp/go-multierror github.com/hashicorp/go-retryablehttp github.com/hashicorp/golang-lru/v2
Unlicense	1 dependency github.com/akamensky/base58

Private Link

synadia-io/private-link

No external dependencies.

HTTP Gateway

synadia-io/http-gateway

License	Dependencies
Apache-2.0	14 dependencies github.com/klauspost/compress github.com/minio/highwayhash github.com/nats-io/jsm.go github.com/nats-io/jwt/v2 github.com/nats-io/nats-server/v2 github.com/nats-io/nats.go github.com/nats-io/nkeys github.com/nats-io/nuid github.com/prometheus/client_golang github.com/prometheus/client_model github.com/prometheus/common github.com/prometheus/procfs go.yaml.in/yaml/v2 gopkg.in/yaml.v3
BSD-2-Clause	1 dependency github.com/bits-and-blooms/bloom/v3
BSD-3-Clause	12 dependencies github.com/bits-and-blooms/bitset github.com/klauspost/compress github.com/munnerz/goautoneg github.com/nats-io/nats-server/v2 github.com/prometheus/client_golang golang.org/x/crypto golang.org/x/net golang.org/x/sys golang.org/x/term golang.org/x/text golang.org/x/time google.golang.org/protobuf
MIT	25 dependencies github.com/AlecAivazis/survey/v2 github.com/antithesishq/antithesis-sdk-go github.com/beorn7/perks github.com/cespare/xxhash/v2 github.com/choria-io/fisk github.com/dustin/go-humanize github.com/expr-lang/expr github.com/go-chi/chi/v5 github.com/go-chi/cors github.com/jedib0t/go-pretty/v6 github.com/kballard/go-shellquote github.com/klauspost/compress github.com/mattn/go-colorable github.com/mattn/go-isatty github.com/mattn/go-runewidth github.com/mgutz/ansi github.com/quic-go/qpack github.com/quic-go/quic-go github.com/rivo/uniseg github.com/tidwall/gjson github.com/tidwall/match github.com/tidwall/pretty github.com/tidwall/sjson go.yaml.in/yaml/v2 gopkg.in/yaml.v3
Proprietary	1 dependency github.com/synadia-io/platform-component
Unlicense	1 dependency github.com/akamensky/base58

Workloads

synadia-io/nex-ce

License	Dependencies
Apache-2.0	88 dependencies github.com/containerd/errdefs github.com/containerd/errdefs/pkg github.com/containerd/log github.com/containerd/platforms github.com/containerd/stargz-snapshotter/estargz github.com/containers/buildah github.com/containers/common github.com/containers/image/v5 github.com/containers/libtrust github.com/containers/ocicrypt github.com/containers/podman/v5 github.com/containers/psgo github.com/containers/storage github.com/coreos/go-systemd/v22 github.com/cyberphone/json-canonicalization github.com/distribution/reference github.com/docker/distribution github.com/docker/docker github.com/docker/go-connections github.com/docker/go-units github.com/go-jose/go-jose/v4 github.com/go-logr/logr github.com/go-logr/stdr github.com/go-openapi/jsonpointer github.com/go-openapi/jsonreference github.com/go-openapi/swag github.com/google/gnostic-models github.com/google/go-containerregistry github.com/google/go-intervals github.com/goombaio/namegenerator github.com/klauspost/compress github.com/minio/highwayhash github.com/mistifyio/go-zfs/v3 github.com/moby/docker-image-spec github.com/moby/sys/mountinfo github.com/moby/sys/user github.com/moby/sys/userns github.com/moby/term github.com/modern-go/concurrent github.com/modern-go/reflect2 github.com/nats-io/jsm.go github.com/nats-io/jwt/v2 github.com/nats-io/nats-server/v2 github.com/nats-io/nats.go github.com/nats-io/nkeys github.com/nats-io/nuid github.com/opencontainers/cgroups github.com/opencontainers/go-digest github.com/opencontainers/image-spec github.com/opencontainers/runc github.com/opencontainers/runtime-spec github.com/opencontainers/runtime-tools github.com/opencontainers/selinux github.com/prometheus/client_golang github.com/prometheus/client_model github.com/prometheus/common github.com/prometheus/procfs github.com/santhosh-tekuri/jsonschema/v6 github.com/sigstore/fulcio github.com/sigstore/protobuf-specs github.com/sigstore/sigstore github.com/skeema/knownhosts github.com/stefanberger/go-pkcs11uri github.com/synadia-io/nexlet.go github.com/synadia-io/nexlet.podman github.com/synadia-io/orbit.go/natsext go.opentelemetry.io/auto/sdk go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp go.opentelemetry.io/otel go.opentelemetry.io/otel/metric go.opentelemetry.io/otel/trace go.yaml.in/yaml/v2 google.golang.org/genproto/googleapis/api google.golang.org/genproto/googleapis/rpc google.golang.org/grpc gopkg.in/yaml.v3 k8s.io/api k8s.io/apimachinery k8s.io/client-go k8s.io/klog/v2 k8s.io/kube-openapi k8s.io/metrics k8s.io/utils sigs.k8s.io/json sigs.k8s.io/randfill sigs.k8s.io/structured-merge-diff/v4 sigs.k8s.io/yaml tags.cncf.io/container-device-interface
BSD-2-Clause	5 dependencies github.com/godbus/dbus/v5 github.com/letsencrypt/boulder github.com/moby/sys/capability github.com/pkg/errors github.com/pkg/sftp
BSD-3-Clause	40 dependencies dario.cat/mergo github.com/containers/podman/v5 github.com/containers/storage github.com/cyphar/filepath-securejoin github.com/fsnotify/fsnotify github.com/go-jose/go-jose/v4 github.com/gogo/protobuf github.com/golang/protobuf github.com/google/go-cmp github.com/google/uuid github.com/gorilla/mux github.com/gorilla/schema github.com/klauspost/compress github.com/kr/fs github.com/manifoldco/promptui github.com/munnerz/goautoneg github.com/nats-io/nats-server/v2 github.com/prometheus/client_golang github.com/spf13/pflag github.com/sylabs/sif/v2 github.com/ulikunitz/xz github.com/vbatts/tar-split golang.org/x/crypto golang.org/x/net golang.org/x/oauth2 golang.org/x/sync golang.org/x/sys golang.org/x/term golang.org/x/text golang.org/x/time google.golang.org/protobuf gopkg.in/evanphx/json-patch.v4 gopkg.in/inf.v0 gopkg.in/tomb.v1 k8s.io/apimachinery k8s.io/client-go k8s.io/kube-openapi k8s.io/utils sigs.k8s.io/json sigs.k8s.io/yaml
CC-BY-SA-4.0	1 dependency github.com/opencontainers/go-digest
ISC	1 dependency github.com/davecgh/go-spew
MIT	50 dependencies disorder.dev/shandler github.com/BurntSushi/toml github.com/VividCortex/ewma github.com/acarl005/stripansi github.com/alecthomas/kong github.com/aymanbagabas/go-osc52/v2 github.com/beorn7/perks github.com/blang/semver/v4 github.com/cespare/xxhash/v2 github.com/charmbracelet/colorprofile github.com/charmbracelet/lipgloss github.com/charmbracelet/x/ansi github.com/charmbracelet/x/cellbuf github.com/charmbracelet/x/term github.com/chzyer/readline github.com/containers/common github.com/disiqueira/gotree/v3 github.com/docker/docker github.com/docker/docker-credential-helpers github.com/dustin/go-humanize github.com/emicklei/go-restful/v3 github.com/expr-lang/expr github.com/felixge/httpsnoop github.com/fxamacker/cbor/v2 github.com/jinzhu/copier github.com/josharian/intern github.com/json-iterator/go github.com/kevinburke/ssh_config github.com/klauspost/compress github.com/klauspost/pgzip github.com/lucasb-eyer/go-colorful github.com/mailru/easyjson github.com/mattn/go-isatty github.com/mattn/go-runewidth github.com/mattn/go-sqlite3 github.com/morikuni/aec github.com/muesli/termenv github.com/nxadm/tail github.com/rivo/uniseg github.com/secure-systems-lab/go-securesystemslib github.com/sirupsen/logrus github.com/smallstep/pkcs7 github.com/tchap/go-patricia/v2 github.com/titanous/rocacheck github.com/x448/float16 github.com/xo/terminfo go.yaml.in/yaml/v2 gopkg.in/yaml.v3 k8s.io/kube-openapi sigs.k8s.io/yaml
MPL-2.0	4 dependencies github.com/cyphar/filepath-securejoin github.com/hashicorp/errwrap github.com/hashicorp/go-multierror github.com/letsencrypt/boulder
Proprietary	1 dependency github.com/synadia-io/platform-component
Unlicense	1 dependency github.com/vbauerster/mpb/v8

Connectors

synadia-io/connect-node

License	Dependencies
Apache-2.0	22 dependencies github.com/go-git/go-billy/v5 github.com/go-git/go-git/v5 github.com/golang/groupcache github.com/klauspost/compress github.com/minio/highwayhash github.com/nats-io/jsm.go github.com/nats-io/jwt/v2 github.com/nats-io/nats-server/v2 github.com/nats-io/nats.go github.com/nats-io/nkeys github.com/nats-io/nuid github.com/pjbgf/sha1cd github.com/prometheus/client_golang github.com/prometheus/client_model github.com/prometheus/common github.com/prometheus/procfs github.com/santhosh-tekuri/jsonschema/v5 github.com/santhosh-tekuri/jsonschema/v6 github.com/skeema/knownhosts github.com/synadia-io/orbit.go/natsext github.com/xanzy/ssh-agent gopkg.in/yaml.v3
BSD-2-Clause	2 dependencies github.com/emirpasic/gods gopkg.in/warnings.v0
BSD-3-Clause	17 dependencies dario.cat/mergo github.com/ProtonMail/go-crypto github.com/cloudflare/circl github.com/cyphar/filepath-securejoin github.com/evanphx/json-patch/v5 github.com/go-git/gcfg github.com/klauspost/compress github.com/munnerz/goautoneg github.com/nats-io/nats-server/v2 github.com/prometheus/client_golang golang.org/x/crypto golang.org/x/net golang.org/x/sys golang.org/x/term golang.org/x/text golang.org/x/time google.golang.org/protobuf
ISC	1 dependency github.com/emirpasic/gods
MIT	26 dependencies disorder.dev/shandler github.com/aymanbagabas/go-osc52/v2 github.com/beorn7/perks github.com/cespare/xxhash/v2 github.com/charmbracelet/colorprofile github.com/charmbracelet/lipgloss github.com/charmbracelet/x/ansi github.com/charmbracelet/x/cellbuf github.com/charmbracelet/x/term github.com/choria-io/fisk github.com/dustin/go-humanize github.com/expr-lang/expr github.com/jbenet/go-context github.com/kevinburke/ssh_config github.com/klauspost/compress github.com/lucasb-eyer/go-colorful github.com/mattn/go-colorable github.com/mattn/go-isatty github.com/mattn/go-runewidth github.com/muesli/termenv github.com/rivo/uniseg github.com/rs/xid github.com/rs/zerolog github.com/sergi/go-diff github.com/xo/terminfo gopkg.in/yaml.v3
Proprietary	1 dependency github.com/synadia-io/platform-component

synadia-io/connect-runtime-wombat

License	Dependencies
Apache-2.0	165 dependencies cel.dev/expr cloud.google.com/go cloud.google.com/go/auth cloud.google.com/go/auth/oauth2adapt cloud.google.com/go/bigquery cloud.google.com/go/bigtable cloud.google.com/go/compute/metadata cloud.google.com/go/iam cloud.google.com/go/longrunning cloud.google.com/go/monitoring cloud.google.com/go/pubsub cloud.google.com/go/spanner cloud.google.com/go/storage cloud.google.com/go/trace cuelang.org/go github.com/AthenZ/athenz github.com/ClickHouse/ch-go github.com/ClickHouse/clickhouse-go/v2 github.com/GoogleCloudPlatform/grpc-gcp-go/grpcgcp github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping github.com/Jeffail/grok github.com/OneOfOne/xxhash github.com/apache/arrow-go/v18 github.com/apache/arrow/go/arrow github.com/apache/arrow/go/v15 github.com/apache/pulsar-client-go github.com/apache/thrift github.com/ardielle/ardielle-go github.com/authzed/authzed-go github.com/authzed/grpcutil github.com/aws/aws-lambda-go github.com/aws/aws-sdk-go-v2 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream github.com/aws/aws-sdk-go-v2/config github.com/aws/aws-sdk-go-v2/credentials github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue github.com/aws/aws-sdk-go-v2/feature/dynamodb/expression github.com/aws/aws-sdk-go-v2/feature/ec2/imds github.com/aws/aws-sdk-go-v2/feature/s3/manager github.com/aws/aws-sdk-go-v2/internal/configsources github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 github.com/aws/aws-sdk-go-v2/internal/ini github.com/aws/aws-sdk-go-v2/internal/v4a github.com/aws/aws-sdk-go-v2/service/cloudwatch github.com/aws/aws-sdk-go-v2/service/dynamodb github.com/aws/aws-sdk-go-v2/service/dynamodbstreams github.com/aws/aws-sdk-go-v2/service/firehose github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding github.com/aws/aws-sdk-go-v2/service/internal/checksum github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery github.com/aws/aws-sdk-go-v2/service/internal/presigned-url github.com/aws/aws-sdk-go-v2/service/internal/s3shared github.com/aws/aws-sdk-go-v2/service/kinesis github.com/aws/aws-sdk-go-v2/service/lambda github.com/aws/aws-sdk-go-v2/service/s3 github.com/aws/aws-sdk-go-v2/service/sns github.com/aws/aws-sdk-go-v2/service/sqs github.com/aws/aws-sdk-go-v2/service/sso github.com/aws/aws-sdk-go-v2/service/ssooidc github.com/aws/aws-sdk-go-v2/service/sts github.com/aws/smithy-go github.com/bradfitz/gomemcache github.com/bufbuild/protocompile github.com/cncf/xds/go github.com/cockroachdb/apd/v3 github.com/couchbase/gocb/v2 github.com/couchbase/gocbcore/v10 github.com/couchbase/gocbcoreps github.com/couchbaselabs/gocbconnstr/v2 github.com/dgraph-io/ristretto/v2 github.com/elastic/elastic-transport-go/v8 github.com/elastic/go-elasticsearch/v8 github.com/envoyproxy/go-control-plane/envoy github.com/envoyproxy/protoc-gen-validate github.com/go-git/go-billy/v5 github.com/go-git/go-git/v5 github.com/go-jose/go-jose/v4 github.com/go-logr/logr github.com/go-logr/stdr github.com/gocql/gocql github.com/golang-sql/civil github.com/golang/groupcache github.com/google/flatbuffers github.com/google/martian/v3 github.com/google/pprof github.com/google/s2a-go github.com/googleapis/enterprise-certificate-proxy github.com/googleapis/go-sql-spanner github.com/gosimple/unidecode github.com/grpc-ecosystem/go-grpc-middleware github.com/jcmturner/aescts/v2 github.com/jcmturner/dnsutils/v2 github.com/jcmturner/gokrb5/v8 github.com/jcmturner/rpc/v2 github.com/jhump/protoreflect github.com/jmespath/go-jmespath github.com/jzelinskie/stringz github.com/klauspost/compress github.com/kylelemons/godebug github.com/linkedin/goavro/v2 github.com/modern-go/concurrent github.com/modern-go/reflect2 github.com/nats-io/nats.go github.com/nats-io/nkeys github.com/nats-io/nuid github.com/nats-io/stan.go github.com/neo4j/neo4j-go-driver/v5 github.com/oapi-codegen/runtime github.com/oklog/ulid/v2 github.com/opensearch-project/opensearch-go/v3 github.com/parquet-go/parquet-go github.com/pinecone-io/go-pinecone github.com/pjbgf/sha1cd github.com/prometheus/client_golang github.com/prometheus/client_model github.com/prometheus/common github.com/prometheus/procfs github.com/qdrant/go-client github.com/questdb/go-questdb-client/v3 github.com/redpanda-data/connect/v4 github.com/skeema/knownhosts github.com/snowflakedb/gosnowflake github.com/spiffe/go-spiffe/v2 github.com/tetratelabs/wazero github.com/timeplus-io/proton-go-driver/v2 github.com/trinodb/trino-go-client github.com/xanzy/ssh-agent github.com/xdg-go/pbkdf2 github.com/xdg-go/scram github.com/xdg-go/stringprep github.com/xeipuuv/gojsonpointer github.com/xeipuuv/gojsonreference github.com/xeipuuv/gojsonschema github.com/xitongsys/parquet-go github.com/xitongsys/parquet-go-source go.mongodb.org/mongo-driver go.mongodb.org/mongo-driver/v2 go.nanomsg.org/mangos/v3 go.opencensus.io go.opentelemetry.io/auto/sdk go.opentelemetry.io/contrib/detectors/gcp go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp go.opentelemetry.io/otel go.opentelemetry.io/otel/exporters/jaeger go.opentelemetry.io/otel/exporters/otlp/otlptrace go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp go.opentelemetry.io/otel/metric go.opentelemetry.io/otel/sdk go.opentelemetry.io/otel/sdk/metric go.opentelemetry.io/otel/trace go.opentelemetry.io/proto/otlp google.golang.org/genproto google.golang.org/genproto/googleapis/api google.golang.org/genproto/googleapis/rpc google.golang.org/grpc gopkg.in/jcmturner/aescts.v1 gopkg.in/jcmturner/dnsutils.v1 gopkg.in/jcmturner/gokrb5.v6 gopkg.in/jcmturner/rpc.v1 gopkg.in/yaml.v3
BSD-2-Clause	23 dependencies github.com/apache/arrow/go/arrow github.com/apache/arrow/go/v15 github.com/apache/pulsar-client-go github.com/bwmarrin/snowflake github.com/emirpasic/gods github.com/go-sourcemap/sourcemap github.com/godbus/dbus github.com/gorilla/websocket github.com/pkg/browser github.com/pkg/errors github.com/pkg/sftp github.com/rabbitmq/amqp091-go github.com/redis/go-redis/v9 github.com/russross/blackfriday/v2 github.com/vmihailenco/msgpack/v5 github.com/vmihailenco/tagparser/v2 github.com/zeebo/xxh3 gitlab.com/golang-commonmark/html gitlab.com/golang-commonmark/linkify gitlab.com/golang-commonmark/markdown gitlab.com/golang-commonmark/mdurl gitlab.com/golang-commonmark/puny gopkg.in/warnings.v0
BSD-2-Clause-Views	1 dependency github.com/rcrowley/go-metrics
BSD-3-Clause	77 dependencies cloud.google.com/go cuelang.org/go dario.cat/mergo filippo.io/edwards25519 github.com/PaesslerAG/gval github.com/PaesslerAG/jsonpath github.com/ProtonMail/go-crypto github.com/apache/arrow-go/v18 github.com/apache/arrow/go/arrow github.com/apache/arrow/go/v15 github.com/apache/pulsar-client-go github.com/apache/thrift github.com/aws/aws-sdk-go-v2 github.com/aws/smithy-go github.com/bits-and-blooms/bitset github.com/bwmarrin/discordgo github.com/clbanning/mxj/v2 github.com/cloudflare/circl github.com/cyphar/filepath-securejoin github.com/denisenkom/go-mssqldb github.com/dop251/goja github.com/fsnotify/fsnotify github.com/generikvault/gvalstrings github.com/go-faster/errors github.com/go-git/gcfg github.com/go-jose/go-jose/v4 github.com/go-zeromq/zmq4 github.com/gogo/protobuf github.com/golang-sql/sqlexp github.com/golang/protobuf github.com/golang/snappy github.com/google/go-cmp github.com/google/pprof github.com/google/uuid github.com/googleapis/gax-go/v2 github.com/gorilla/css github.com/gorilla/handlers github.com/gorilla/mux github.com/grpc-ecosystem/grpc-gateway/v2 github.com/hashicorp/golang-lru/v2 github.com/jcmturner/gofork github.com/klauspost/compress github.com/kr/fs github.com/microcosm-cc/bluemonday github.com/munnerz/goautoneg github.com/pierrec/lz4 github.com/pierrec/lz4/v4 github.com/planetscale/vtprotobuf github.com/pmezard/go-difflib github.com/prometheus/client_golang github.com/remyoudompheng/bigfft github.com/rickb777/period github.com/rickb777/plural github.com/spaolacci/murmur3 github.com/twmb/franz-go github.com/twmb/franz-go/pkg/kadm github.com/twmb/franz-go/pkg/kmsg github.com/twmb/franz-go/pkg/sr go.opentelemetry.io/otel/exporters/jaeger golang.org/x/crypto golang.org/x/exp golang.org/x/mod golang.org/x/net golang.org/x/oauth2 golang.org/x/sync golang.org/x/sys golang.org/x/term golang.org/x/text golang.org/x/time golang.org/x/xerrors google.golang.org/api google.golang.org/protobuf gopkg.in/inf.v0 modernc.org/libc modernc.org/mathutil modernc.org/memory modernc.org/sqlite
BSL-1.0	2 dependencies github.com/apache/arrow/go/arrow github.com/apache/arrow/go/v15
CC-BY-3.0	2 dependencies github.com/apache/arrow/go/arrow github.com/apache/arrow/go/v15
CC0-1.0	1 dependency github.com/apache/arrow/go/arrow
EPL-2.0	1 dependency github.com/eclipse/paho.mqtt.golang
GPL-2.0-only	1 dependency modernc.org/libc
HPND	2 dependencies github.com/apache/arrow/go/arrow github.com/apache/arrow/go/v15
ISC	5 dependencies github.com/apache/pulsar-client-go github.com/davecgh/go-spew github.com/emirpasic/gods github.com/oschwald/geoip2-golang github.com/oschwald/maxminddb-golang
MIT	131 dependencies github.com/99designs/keyring github.com/Azure/azure-sdk-for-go/sdk/azcore github.com/Azure/azure-sdk-for-go/sdk/azidentity github.com/Azure/azure-sdk-for-go/sdk/data/azcosmos github.com/Azure/azure-sdk-for-go/sdk/data/aztables github.com/Azure/azure-sdk-for-go/sdk/internal github.com/Azure/azure-sdk-for-go/sdk/storage/azblob github.com/Azure/azure-sdk-for-go/sdk/storage/azdatalake github.com/Azure/azure-sdk-for-go/sdk/storage/azqueue github.com/Azure/go-amqp github.com/AzureAD/microsoft-authentication-library-for-go github.com/BurntSushi/toml github.com/IBM/sarama github.com/Jeffail/checkpoint github.com/Jeffail/gabs/v2 github.com/Jeffail/shutdown github.com/Masterminds/squirrel github.com/andybalholm/brotli github.com/apache/arrow/go/arrow github.com/apache/arrow/go/v15 github.com/apache/pulsar-client-go github.com/apapsch/go-jsonmerge/v2 github.com/aymerick/douceur github.com/beanstalkd/go-beanstalk github.com/benhoyt/goawk github.com/beorn7/perks github.com/bmatcuk/doublestar/v4 github.com/btnguyen2k/consu/checksum github.com/btnguyen2k/consu/g18 github.com/btnguyen2k/consu/gjrc github.com/btnguyen2k/consu/olaf github.com/btnguyen2k/consu/reddo github.com/btnguyen2k/consu/semita github.com/cenkalti/backoff/v4 github.com/cespare/xxhash/v2 github.com/clbanning/mxj/v2 github.com/colinmarc/hdfs github.com/cpuguy83/go-md2man/v2 github.com/dgraph-io/ristretto/v2 github.com/dgryski/go-rendezvous github.com/dlclark/regexp2 github.com/dop251/goja github.com/dop251/goja_nodejs github.com/dustin/go-humanize github.com/dvsekhvalnov/jose2go github.com/eapache/go-resiliency github.com/eapache/go-xerial-snappy github.com/eapache/queue github.com/expr-lang/expr github.com/fatih/color github.com/felixge/httpsnoop github.com/gabriel-vasile/mimetype github.com/getsentry/sentry-go github.com/go-faker/faker/v4 github.com/go-faster/city github.com/go-viper/mapstructure/v2 github.com/goccy/go-json github.com/gofrs/uuid github.com/gofrs/uuid/v5 github.com/golang-jwt/jwt/v5 github.com/govalues/decimal github.com/gsterjov/go-libsecret github.com/hailocab/go-hostpool github.com/hamba/avro/v2 github.com/influxdata/go-syslog/v3 github.com/influxdata/influxdb1-client github.com/itchyny/gojq github.com/itchyny/timefmt-go github.com/jackc/chunkreader/v2 github.com/jackc/pgconn github.com/jackc/pgio github.com/jackc/pgpassfile github.com/jackc/pgproto3/v2 github.com/jackc/pgservicefile github.com/jackc/pgtype github.com/jackc/pgx/v4 github.com/jackc/puddle github.com/jbenet/go-context github.com/json-iterator/go github.com/kevinburke/ssh_config github.com/klauspost/compress github.com/klauspost/pgzip github.com/lann/builder github.com/lann/ps github.com/lib/pq github.com/matoous/go-nanoid/v2 github.com/mattn/go-colorable github.com/mattn/go-isatty github.com/mattn/go-runewidth github.com/microsoft/gocosmos github.com/mitchellh/mapstructure github.com/montanaflynn/stats github.com/mtibben/percent github.com/nsf/jsondiff github.com/nsqio/go-nsq github.com/olekukonko/tablewriter github.com/parquet-go/parquet-go github.com/paulmach/orb github.com/pgvector/pgvector-go github.com/pkoukk/tiktoken-go github.com/planetscale/vtprotobuf github.com/pusher/pusher-http-go github.com/quipo/dependencysolver github.com/redpanda-data/benthos/v4 github.com/rivo/uniseg github.com/robfig/cron/v3 github.com/rs/zerolog github.com/samber/lo github.com/segmentio/asm github.com/segmentio/ksuid github.com/sergi/go-diff github.com/shopspring/decimal github.com/sijms/go-ora/v2 github.com/sirupsen/logrus github.com/smira/go-statsd github.com/sourcegraph/conc github.com/stretchr/testify github.com/tilinna/z85 github.com/tmc/langchaingo github.com/urfave/cli/v2 github.com/wombatwisdom/components github.com/wombatwisdom/wombat github.com/xrash/smetrics github.com/youmark/pkcs8 github.com/zeebo/errs go.uber.org/atomic go.uber.org/multierr go.uber.org/zap gopkg.in/natefinch/lumberjack.v2 gopkg.in/yaml.v3 modernc.org/libc
MIT-0	1 dependency github.com/aws/aws-lambda-go
MPL-2.0	9 dependencies github.com/certifi/gocertifi github.com/go-sql-driver/mysql github.com/gosimple/slug github.com/hashicorp/errwrap github.com/hashicorp/go-multierror github.com/hashicorp/go-uuid github.com/hashicorp/golang-lru/arc/v2 github.com/hashicorp/golang-lru/v2 github.com/r3labs/diff/v3
NCSA	2 dependencies github.com/apache/arrow/go/arrow github.com/apache/arrow/go/v15
OpenSSL	2 dependencies github.com/apache/arrow/go/arrow github.com/apache/arrow/go/v15
Zlib	2 dependencies github.com/apache/arrow/go/arrow github.com/apache/arrow/go/v15

Schema Registry

synadia-io/schema-registry

License	Dependencies
Apache-2.0	7 dependencies github.com/klauspost/compress github.com/nats-io/nats-server/v2 github.com/nats-io/nats.go github.com/nats-io/nkeys github.com/nats-io/nuid github.com/santhosh-tekuri/jsonschema/v6 github.com/synadia-io/orbit.go/natscontext
BSD-3-Clause	5 dependencies github.com/klauspost/compress github.com/nats-io/nats-server/v2 golang.org/x/crypto golang.org/x/net golang.org/x/text
MIT	2 dependencies github.com/choria-io/fisk github.com/klauspost/compress
Proprietary	1 dependency github.com/synadia-io/platform-component

Signed Attestation

Currently, only the control-plane OCI images are signed. This is being rolled out for the rest of the components.

For components distributed as OCI images, attestations are signed by a Synadia key to allow for verification of authenticity. This can be validated using Sigstore Cosign.

Signature Verification:

cosign verify-attestation \
    --certificate-identity-regexp '^https://github.com/ConnectEverything' \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    registry.synadia.io/<component> > /dev/null

Replace <component> with the component name (e.g., control-plane, http-gateway).

In the above command, we redirected STDOUT to /dev/null because it contains the complete SBOM as base64-encoded JSON. We are able to decode this if we want to see the SBOM itself.

cosign verify-attestation \
    --certificate-identity-regexp '^https://github.com/ConnectEverything' \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    registry.synadia.io/<component> \
    | jq -r '.payload' | base64 -d | jq '.predicate.Data | fromjson'