0
0
mirror of https://github.com/mongodb/mongo.git synced 2024-11-24 16:46:00 +01:00

SERVER-91464: Generate README.third_party.md from sbom.json (#24780)

GitOrigin-RevId: 3412ce4befa333c3f43fe166d0e7f635e92a1281
This commit is contained in:
wbradmoore 2024-07-30 14:46:12 -04:00 committed by MongoDB Bot
parent 80e1153600
commit 688180fff1
4 changed files with 723 additions and 92 deletions

View File

@ -1,3 +1,5 @@
[DO NOT MODIFY THIS FILE MANUALLY. It is generated by src/third_party/tools/gen_thirdpartyreadme.py]: #
# MongoDB Third Party Dependencies
MongoDB depends on third party libraries to implement some
@ -20,93 +22,106 @@ a notice will be included in
`THIRD-PARTY-NOTICES`.
| Name | License | Vendored Version | Emits persisted data | Distributed in Release Binaries |
| -------------------------- | -------------------------------------------------------------- | -------------------------------------------------- | :------------------: | :-----------------------------: |
| [abseil-cpp] | Apache-2.0 | 20230802.1 | | ✗ |
| [Aladdin MD5] | Zlib | Unknown | ✗ | ✗ |
| [ASIO] | BSL-1.0 | 1.12.2 | | ✗ |
| [benchmark] | Apache-2.0 | 1.5.2 | | |
| [Boost] | BSL-1.0 | 1.79.0 | | ✗ |
| ---------------------------------------------------- | --------------------------------------------------------------------------------------------------- | -------------------------- | -------------------- | ------------------------------- |
| [Abseil] | Apache-2.0 | 20230802.1 | | ✗ |
| [arximboldi/immer] | BSL-1.0 | Unknown | | ✗ |
| [Asio C++ Library] | BSL-1.0 | 1.12.2 | | ✗ |
| [benchmark] | Apache-2.0 | v1.5.2 | | |
| [Boost C++ Libraries - boost] | BSL-1.0 | 1.79.0 | | ✗ |
| [c-ares] | MIT | 1.19.1 | | ✗ |
| [CRoaring] | Apache-2.0/ MIT | 2.1.2.1 | | ✗ |
| [fmt] | BSD-2-Clause | 7.1.3 | | ✗ |
| [GPerfTools] | BSD-3-Clause | 2.9.1 | | ✗ |
| [gRPC] | Apache-2.0 | 1.59.2 | | ✗ |
| [ICU4] | ICU | 57.1 | ✗ | ✗ |
| [immer] | BSL-1.0 | d98a68c + changes | | ✗ |
| [Intel Decimal FP Library] | BSD-3-Clause | 2.0 Update 1 | | ✗ |
| [JSON-Schema-Test-Suite] | MIT | 728066f9c5 | | |
| [libstemmer] | BSD-3-Clause | Unknown | ✗ | ✗ |
| [librdkafka] | BSD-2-Clause | 2.0.2 | | |
| [concurrencytest] | GPL-3.0-or-later | 0.1.2 | unknown | |
| [Cyrus SASL] | BSD-Attribution-HPND-disclaimer | 2.1.26 | unknown | |
| [dcleblanc/SafeInt] | MIT | 3.0.26 | | ✗ |
| [derickr/timelib] | MIT | 2022.10 | | ✗ |
| [discover] | BSD-3-Clause | 0.4.0 | unknown | |
| [fmtlib/fmt] | MIT | 7.1.3 | | ✗ |
| [google-re2] | BSD-3-Clause | 2023-11-01 | | ✗ |
| [google-snappy] | BSD-3-Clause | 1.1.10 | ✗ | ✗ |
| [google/s2geometry] | Apache-2.0 | Unknown | ✗ | ✗ |
| [gperftools] | BSD-3-Clause | 2.9.1 | | ✗ |
| [grpc] | Apache-2.0 | 1.59.2 | | ✗ |
| [ICU for C/C++ (ICU4C)] | BSD-3-Clause, MIT v2 with Ad Clause License, Public Domain, BSD-2-Clause | 57.1 | ✗ | ✗ |
| [Intel Decimal Floating-Point Math Library] | BSD-3-Clause | v2.0 U1 | | ✗ |
| [jbeder/yaml-cpp] | MIT | 0.6.3 | | ✗ |
| [JSON-Schema-Test-Suite] | Unknown License | Unknown | | |
| [libmongocrypt] | Apache-2.0 | 1.8.4 | ✗ | ✗ |
| [linenoise] | BSD-3-Clause | 6cdc775 + changes | | ✗ |
| [mongo-c-driver] | Apache-2.0 | 1.27.1 | ✗ | ✗ |
| [MozJS] | MPL-2.0 | ESR 115.7 | | ✗ |
| [MurmurHash3] | Public Domain | a6bd3ce + changes | ✗ | ✗ |
| [librdkafka - the Apache Kafka C/C++ client library] | BSD-3-Clause, Xmlproc License, ISC, MIT, Public Domain, Zlib, BSD-2-Clause, Andreas Stolcke License | 2.0.2 | | ✗ |
| [LibTomCrypt] | WTFPL, Public Domain | 1.18.2 | ✗ | ✗ |
| [libunwind/libunwind] | MIT | v1.6.2 | | ✗ |
| [linenoise] | BSD-2-Clause | Unknown | | ✗ |
| [MongoDB C Driver] | Apache-2.0 | 1.27.1 | ✗ | ✗ |
| [Mozilla Firefox] | MPL-2.0 | 115.7.0esr | unknown | ✗ |
| [nlohmann.json.decomposed] | MIT | 3.10.5 | unknown | |
| [node] | ISC | 22.1.0 | unknown | |
| [ocspbuilder] | MIT | 0.10.2 | | |
| [ocspresponder] | Apache-2.0 | 0.5.0 | | |
| [pcre2] | BSD-3-Clause | 10.40 | | ✗ |
| [protobuf] | BSD-3-Clause | 4.25.0 | | ✗ |
| [re2] | BSD-3-Clause | 2021-09-01 | | ✗ |
| [S2] | Apache-2.0 | c872048da5d1 + changes | ✗ | ✗ |
| [SafeInt] | MIT | 3.0.26 | | |
| [schemastore.org] | Apache-2.0 | 6847cfc3a1 | | |
| [scons] | MIT | 3.1.2 | | |
| [Snappy] | BSD-3-Clause | 1.1.10 | ✗ | ✗ |
| [TCMalloc] | Apache-2.0 | 093ba93 + changes | | ✗ |
| [timelib] | MIT | 2022.10 | | ✗ |
| [TomCrypt] | Public Domain | 1.18.2 | ✗ | ✗ |
| [Unicode] | Unicode-DFS-2015 | 8.0.0 | ✗ | ✗ |
| [libunwind] | MIT | 1.6.2 + changes | | ✗ |
| [lz4] | BSD-2-Clause | 1.9.3 | | ✗ |
| [Valgrind] | BSD-4-Clause<sup>\[<a href="#note_vg" id="ref_vg">1</a>]</sup> | 3.17.0 | | ✗ |
| [wiredtiger] | | <sup>\[<a href="#note_wt" id="ref_wt">2</a>]</sup> | ✗ | ✗ |
| [xxHash] | BSD-2-Clause | 0.8.0 | | ✗ |
| [yaml-cpp] | MIT | 0.6.3 | | ✗ |
| [Zlib] | Zlib | 1.3 | ✗ | ✗ |
| [Zstandard] | BSD-3-Clause | 1.5.5 | ✗ | ✗ |
| [zydis] | MIT | 4d4fe4c293c5438f32688b14b29017ae3f48369e | | ✗ |
| [PCRE2] | BSD-3-Clause, Public Domain | 10.40 | | ✗ |
| [Protobuf] | BSD-3-Clause | v4.25.0 | | ✗ |
| [pyiso8601] | MIT | 2.1.0 | unknown | |
| [RoaringBitmap/CRoaring] | Unknown License | v3.0.1 | | ✗ |
| [SchemaStore/schemastore] | Apache-2.0 | Unknown | | |
| [SCons - a Software Construction tool] | MIT | 3.1.2 | | ✗ |
| [smhasher] | Unknown License | Unknown | unknown | ✗ |
| [Snowball Stemming Algorithms] | BSD-3-Clause | Unknown | unknown | ✗ |
| [subunit] | BSD-3-Clause, Apache-2.0 | 1.4.4 | unknown | |
| [tcmalloc] | Apache-2.0 | 20230227-snapshot-093ba93c | | ✗ |
| [testing-cabal/extras] | MIT | 0.0.3 | unknown | |
| [testscenarios] | BSD-3-Clause, Apache-2.0 | 0.4 | unknown | |
| [testtools] | MIT | 2.7.1 | unknown | |
| [unicode-data] | Unicode-DFS-2016 | 8.0 | ✗ | ✗ |
| [valgrind] | GPL-2.0-or-later | Unknown | | ✗ |
| [zlib] | Zlib | v1.3 | ✗ | ✗ |
| [zstd] | BSD-3-Clause, GPL-2.0-or-later | 1.5.5 | ✗ | ✗ |
[abseil-cpp]: https://github.com/abseil/abseil-cpp
[ASIO]: https://github.com/chriskohlhoff/asio
[benchmark]: https://github.com/google/benchmark
[Boost]: http://www.boost.org/
[CRoaring]: https://github.com/RoaringBitmap/CRoaring
[fmt]: http://fmtlib.net/
[GPerfTools]: https://github.com/gperftools/gperftools
[gRPC]: https://github.com/grpc/grpc
[ICU4]: http://site.icu-project.org/download/
[immer]: https://github.com/arximboldi/immer
[Intel Decimal FP Library]: https://software.intel.com/en-us/articles/intel-decimal-floating-point-math-library
[Abseil]: https://github.com/abseil/abseil-cpp
[Asio C++ Library]: https://github.com/chriskohlhoff/asio
[Boost C++ Libraries - boost]: http://www.boost.org/
[Cyrus SASL]: https://www.cyrusimap.org/sasl/
[ICU for C/C++ (ICU4C)]: http://site.icu-project.org/download/
[Intel Decimal Floating-Point Math Library]: https://software.intel.com/en-us/articles/intel-decimal-floating-point-math-library
[JSON-Schema-Test-Suite]: https://github.com/json-schema-org/JSON-Schema-Test-Suite
[libstemmer]: https://github.com/snowballstem/snowball
[librdkafka]: https://github.com/confluentinc/librdkafka
[LibTomCrypt]: https://github.com/libtom/libtomcrypt/releases
[MongoDB C Driver]: https://github.com/mongodb/mongo-c-driver
[Mozilla Firefox]: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr
[PCRE2]: http://www.pcre.org/
[Protobuf]: https://github.com/protocolbuffers/protobuf
[RoaringBitmap/CRoaring]: https://github.com/RoaringBitmap/CRoaring
[SCons - a Software Construction tool]: https://github.com/SCons/scons
[SchemaStore/schemastore]: https://www.schemastore.org/json/
[Snowball Stemming Algorithms]: https://github.com/snowballstem/snowball
[arximboldi/immer]: https://github.com/arximboldi/immer
[benchmark]: https://github.com/google/benchmark
[c-ares]: https://c-ares.org/
[concurrencytest]: https://pypi.org/project/concurrencytest/
[dcleblanc/SafeInt]: https://github.com/dcleblanc/SafeInt
[derickr/timelib]: https://github.com/derickr/timelib
[discover]: https://pypi.org/project/discover/
[fmtlib/fmt]: http://fmtlib.net/
[google-re2]: https://github.com/google/re2
[google-snappy]: https://github.com/google/snappy/releases
[google/s2geometry]: https://github.com/google/s2geometry
[gperftools]: https://github.com/gperftools/gperftools
[grpc]: https://github.com/grpc/grpc
[jbeder/yaml-cpp]: https://github.com/jbeder/yaml-cpp/releases
[libmongocrypt]: https://github.com/mongodb/libmongocrypt
[librdkafka - the Apache Kafka C/C++ client library]: https://github.com/confluentinc/librdkafka
[libunwind/libunwind]: http://www.nongnu.org/libunwind/
[linenoise]: https://github.com/antirez/linenoise
[lz4]: https://github.com/lz4/lz4
[mongo-c-driver]: https://github.com/mongodb/mongo-c-driver
[MozJS]: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr
[MurmurHash3]: https://github.com/aappleby/smhasher/blob/a6bd3ce/
[nlohmann.json.decomposed]: https://www.nuget.org/packages/nlohmann.json.decomposed
[node]: https://nodejs.org/en/blog/release
[ocspbuilder]: https://github.com/wbond/ocspbuilder
[ocspresponder]: https://github.com/threema-ch/ocspresponder
[pcre2]: http://www.pcre.org/
[protobuf]: https://github.com/protocolbuffers/protobuf
[S2]: https://github.com/google/s2geometry
[SafeInt]: https://github.com/dcleblanc/SafeInt
[schemastore.org]: https://www.schemastore.org/json/
[scons]: https://github.com/SCons/scons
[Snappy]: https://github.com/google/snappy/releases
[TCMalloc]: https://github.com/google/tcmalloc
[timelib]: https://github.com/derickr/timelib
[TomCrypt]: https://github.com/libtom/libtomcrypt/releases
[Unicode]: http://www.unicode.org/versions/enumeratedversions.html
[libunwind]: http://www.nongnu.org/libunwind/
[Valgrind]: http://valgrind.org/downloads/current.html
[wiredtiger]: https://github.com/wiredtiger/wiredtiger
[xxHash]: https://github.com/Cyan4973/xxHash
[yaml-cpp]: https://github.com/jbeder/yaml-cpp/releases
[Zlib]: https://zlib.net/
[Zstandard]: https://github.com/facebook/zstd
[zydis]: https://github.com/zyantific/zydis
[pyiso8601]: https://pypi.org/project/iso8601/
[smhasher]: https://github.com/aappleby/smhasher/blob/a6bd3ce/
[subunit]: https://github.com/testing-cabal/subunit
[tcmalloc]: https://github.com/google/tcmalloc
[testing-cabal/extras]: https://github.com/testing-cabal/extras
[testscenarios]: https://pypi.org/project/testscenarios/
[testtools]: https://github.com/testing-cabal/testtools
[unicode-data]: http://www.unicode.org/versions/enumeratedversions.html
[valgrind]: http://valgrind.org/downloads/current.html
[zlib]: https://zlib.net/
[zstd]: https://github.com/facebook/zstd
## WiredTiger Vendored Test Libraries
@ -115,13 +130,13 @@ and are used by that component for testing. They don't appear in
released binary artifacts.
| Name |
| :-------------- |
| ------------------------ |
| concurrencytest |
| discover |
| extras |
| iso8601 |
| nlohmann/json |
| python-subunit |
| nlohmann.json.decomposed |
| pyiso8601 |
| subunit |
| testing-cabal/extras |
| testscenarios |
| testtools |

340
sbom.json
View File

@ -36,6 +36,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "https://github.com/abseil/abseil-cpp"
}
],
"type": "library",
@ -66,6 +74,14 @@
{
"name": "internal:team_responsible",
"value": "Storage Execution"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "https://github.com/arximboldi/immer"
}
],
"type": "library",
@ -98,6 +114,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "https://github.com/chriskohlhoff/asio"
}
],
"type": "library",
@ -129,6 +153,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "https://github.com/google/benchmark"
}
],
"type": "library",
@ -160,6 +192,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "http://www.boost.org/"
}
],
"type": "library",
@ -191,6 +231,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "https://c-ares.org/"
}
],
"type": "library",
@ -222,6 +270,10 @@
{
"name": "internal:team_responsible",
"value": "Storage Engines"
},
{
"name": "info_link",
"value": "https://pypi.org/project/concurrencytest/"
}
],
"type": "library",
@ -253,6 +305,10 @@
{
"name": "internal:team_responsible",
"value": "Build"
},
{
"name": "info_link",
"value": "https://www.cyrusimap.org/sasl/"
}
],
"type": "library",
@ -277,6 +333,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "https://github.com/dcleblanc/SafeInt"
}
],
"type": "library",
@ -307,6 +371,14 @@
{
"name": "internal:team_responsible",
"value": "Query Execution"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "https://github.com/derickr/timelib"
}
],
"type": "library",
@ -339,6 +411,10 @@
{
"name": "internal:team_responsible",
"value": "Storage Engines"
},
{
"name": "info_link",
"value": "https://pypi.org/project/discover/"
}
],
"type": "library",
@ -370,6 +446,14 @@
{
"name": "internal:team_responsible",
"value": "Server Security"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "http://fmtlib.net/"
}
],
"type": "library",
@ -401,6 +485,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "https://github.com/google/re2"
}
],
"type": "library",
@ -431,6 +523,14 @@
{
"name": "internal:team_responsible",
"value": "Query Integration"
},
{
"name": "emits_persisted_data",
"value": "true"
},
{
"name": "info_link",
"value": "https://github.com/google/s2geometry"
}
],
"type": "library",
@ -463,6 +563,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
},
{
"name": "emits_persisted_data",
"value": "true"
},
{
"name": "info_link",
"value": "https://github.com/google/snappy/releases"
}
],
"type": "library",
@ -494,6 +602,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "https://github.com/gperftools/gperftools"
}
],
"type": "library",
@ -525,6 +641,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "https://github.com/grpc/grpc"
}
],
"type": "library",
@ -571,6 +695,14 @@
{
"name": "internal:team_responsible",
"value": "Query Execution"
},
{
"name": "emits_persisted_data",
"value": "true"
},
{
"name": "info_link",
"value": "http://site.icu-project.org/download/"
}
],
"type": "library",
@ -601,6 +733,14 @@
{
"name": "internal:team_responsible",
"value": "Storage Execution"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "https://software.intel.com/en-us/articles/intel-decimal-floating-point-math-library"
}
],
"type": "library",
@ -633,6 +773,14 @@
{
"name": "internal:team_responsible",
"value": "Server Security"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "https://github.com/jbeder/yaml-cpp/releases"
}
],
"type": "library",
@ -663,6 +811,14 @@
{
"name": "internal:team_responsible",
"value": "Query Optimization"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "https://github.com/json-schema-org/JSON-Schema-Test-Suite"
}
],
"type": "library",
@ -695,6 +851,14 @@
{
"name": "internal:team_responsible",
"value": "Server Security"
},
{
"name": "emits_persisted_data",
"value": "true"
},
{
"name": "info_link",
"value": "https://github.com/mongodb/libmongocrypt"
}
],
"type": "library",
@ -761,6 +925,14 @@
{
"name": "internal:team_responsible",
"value": "Atlas Streams"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "https://github.com/confluentinc/librdkafka"
}
],
"type": "library",
@ -797,6 +969,14 @@
{
"name": "internal:team_responsible",
"value": "Server Security"
},
{
"name": "emits_persisted_data",
"value": "true"
},
{
"name": "info_link",
"value": "https://github.com/libtom/libtomcrypt/releases"
}
],
"type": "library",
@ -828,6 +1008,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "http://www.nongnu.org/libunwind/"
}
],
"type": "library",
@ -858,6 +1046,14 @@
{
"name": "internal:team_responsible",
"value": "Build"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "https://github.com/antirez/linenoise"
}
],
"type": "library",
@ -893,6 +1089,14 @@
{
"name": "internal:team_responsible",
"value": "Server Security"
},
{
"name": "emits_persisted_data",
"value": "true"
},
{
"name": "info_link",
"value": "https://github.com/mongodb/mongo-c-driver"
}
],
"type": "library",
@ -924,6 +1128,10 @@
{
"name": "internal:team_responsible",
"value": "Query Integration"
},
{
"name": "info_link",
"value": "https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr"
}
],
"type": "library",
@ -955,6 +1163,10 @@
{
"name": "internal:team_responsible",
"value": "Storage Engines"
},
{
"name": "info_link",
"value": "https://www.nuget.org/packages/nlohmann.json.decomposed"
}
],
"type": "library",
@ -986,6 +1198,10 @@
{
"name": "internal:team_responsible",
"value": "Workload Scheduling"
},
{
"name": "info_link",
"value": "https://nodejs.org/en/blog/release"
}
],
"type": "library",
@ -1017,6 +1233,14 @@
{
"name": "internal:team_responsible",
"value": "Server Security"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "https://github.com/wbond/ocspbuilder"
}
],
"type": "library",
@ -1048,6 +1272,14 @@
{
"name": "internal:team_responsible",
"value": "Server Security"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "https://github.com/threema-ch/ocspresponder"
}
],
"type": "library",
@ -1084,6 +1316,14 @@
{
"name": "internal:team_responsible",
"value": "Query Execution"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "http://www.pcre.org/"
}
],
"type": "library",
@ -1115,6 +1355,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "https://github.com/protocolbuffers/protobuf"
}
],
"type": "library",
@ -1146,6 +1394,10 @@
{
"name": "internal:team_responsible",
"value": "Storage Engines"
},
{
"name": "info_link",
"value": "https://pypi.org/project/iso8601/"
}
],
"type": "library",
@ -1177,6 +1429,14 @@
{
"name": "internal:team_responsible",
"value": "Query Execution"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "https://github.com/RoaringBitmap/CRoaring"
}
],
"type": "library",
@ -1207,6 +1467,14 @@
{
"name": "internal:team_responsible",
"value": "Query Optimization"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "https://www.schemastore.org/json/"
}
],
"type": "library",
@ -1239,6 +1507,14 @@
{
"name": "internal:team_responsible",
"value": "Build"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "https://github.com/SCons/scons"
}
],
"type": "library",
@ -1269,6 +1545,10 @@
{
"name": "internal:team_responsible",
"value": "Storage Execution"
},
{
"name": "info_link",
"value": "https://github.com/aappleby/smhasher/blob/a6bd3ce/"
}
],
"type": "library",
@ -1300,6 +1580,10 @@
{
"name": "internal:team_responsible",
"value": "Query Integration"
},
{
"name": "info_link",
"value": "https://github.com/snowballstem/snowball"
}
],
"type": "library",
@ -1337,6 +1621,10 @@
{
"name": "internal:team_responsible",
"value": "Storage Engines"
},
{
"name": "info_link",
"value": "https://github.com/testing-cabal/subunit"
}
],
"type": "library",
@ -1368,6 +1656,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "https://github.com/google/tcmalloc"
}
],
"type": "library",
@ -1399,6 +1695,10 @@
{
"name": "internal:team_responsible",
"value": "Storage Engines"
},
{
"name": "info_link",
"value": "https://github.com/testing-cabal/extras"
}
],
"type": "library",
@ -1435,6 +1735,10 @@
{
"name": "internal:team_responsible",
"value": "Storage Engines"
},
{
"name": "info_link",
"value": "https://pypi.org/project/testscenarios/"
}
],
"type": "library",
@ -1466,6 +1770,10 @@
{
"name": "internal:team_responsible",
"value": "Storage Engines"
},
{
"name": "info_link",
"value": "https://github.com/testing-cabal/testtools"
}
],
"type": "library",
@ -1496,6 +1804,14 @@
{
"name": "internal:team_responsible",
"value": "Query Execution"
},
{
"name": "emits_persisted_data",
"value": "true"
},
{
"name": "info_link",
"value": "http://www.unicode.org/versions/enumeratedversions.html"
}
],
"type": "library",
@ -1527,6 +1843,14 @@
{
"name": "internal:team_responsible",
"value": "Build"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "http://valgrind.org/downloads/current.html"
}
],
"type": "library",
@ -1559,6 +1883,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
},
{
"name": "emits_persisted_data",
"value": "true"
},
{
"name": "info_link",
"value": "https://zlib.net/"
}
],
"type": "library",
@ -1595,6 +1927,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
},
{
"name": "emits_persisted_data",
"value": "true"
},
{
"name": "info_link",
"value": "https://github.com/facebook/zstd"
}
],
"type": "library",

View File

@ -0,0 +1,72 @@
# MongoDB Third Party Dependencies
MongoDB depends on third party libraries to implement some
functionality. This document describes which libraries are depended
upon, and how. It is maintained by and for humans, and so while it is a
best effort attempt to describe the server's dependencies, it is subject
to change as libraries are added or removed.
## Server Vendored Libraries
This is the list of third party libraries vendored into the server
codebase, and the upstream source where updates may be obtained. These
sources are periodically consulted, and the existence of new versions is
reflected in this list. A ticket is filed in Jira if a determination is
made to upgrade a vendored library.
Whenever a vendored library is included in released binary artifacts, is
not authored by MongoDB, and has a license which requires reproduction,
a notice will be included in
`THIRD-PARTY-NOTICES`.
{{ component_chart }}
{{ component_links }}
## WiredTiger Vendored Test Libraries
The following Python libraries are transitively included by WiredTiger,
and are used by that component for testing. They don't appear in
released binary artifacts.
{{ wiredtiger_chart }}
## Dynamically Linked Libraries
Sometimes MongoDB needs to load libraries provided and managed by the
runtime environment. These libraries are not vendored into the MongoDB
source directory, and are not compiled into release artifacts. Because
they are provided by the runtime environment, the precise versions of
these libraries cannot be known in advance. Further, these libraries may
themselves load other libraries. The full set of transitively linked
libraries will depend on the runtime environment, and cannot be outlined
here. On Windows and Mac OS, other libraries and components provided by
the Operating System may be loaded.
For Windows Enterprise, we may ship precompiled DLLs containing some of
these libraries. Releases prepared in this fashion will include a copy
of these libraries' license in a file named
`THIRD-PARTY-NOTICES.windows`.
| Name | Enterprise Only | Has Windows DLLs |
| :--------- | :-------------: | :-----------------------------------------------------: |
| Cyrus SASL | Yes | Yes |
| libldap | Yes | No |
| net-snmp | Yes | Yes |
| OpenSSL | No | Yes<sup>\[<a href="#note_ssl" id="ref_ssl">3</a>]</sup> |
| libcurl | No | No |
## Notes:
1. <a id="note_vg" href="#ref_vg">^</a>
The majority of Valgrind is licensed under the GPL, with the exception of a single
header file which is licensed under a BSD license. This BSD licensed header is the only
file from Valgrind which is vendored and consumed by MongoDB.
2. <a id="note_wt" href="#ref_wt">^</a>
WiredTiger is maintained by MongoDB in a separate repository. As a part of our
development process, we periodically ingest the latest snapshot of that repository.
3. <a id="note_ssl" href="#ref_ssl">^</a>
OpenSSL is only shipped as a dependency of the MongoDB tools written in Go. The MongoDB
shell and server binaries use Windows' cryptography APIs.

View File

@ -0,0 +1,204 @@
from jinja2 import Environment, FileSystemLoader
import sys
import os
import json
import bisect
import logging
from functools import reduce
SBOM_PATH = "../../../sbom.json"
TEMPLATE_PATH = "README.third_party.md.template"
README_PATH = "../../../README.third_party.md"
logging.basicConfig(level=logging.INFO,
format='%(asctime)s - %(levelname)s - %(message)s')
def main():
test_filepaths()
sbom = load_sbom()
component_chart = sbom_to_component_chart(sbom)
right_pad_chart_values(component_chart)
component_chart_string = chart_to_string(component_chart)
component_links_string = sbom_to_component_links_string(sbom)
wiredtiger_chart = sbom_to_wiredtiger_chart(sbom)
right_pad_chart_values(wiredtiger_chart)
wiredtiger_chart_string = chart_to_string(wiredtiger_chart)
template_data = {
"component_chart": component_chart_string,
"component_links": component_links_string,
"wiredtiger_chart": wiredtiger_chart_string
}
create_markdown_with_template(template_data)
def test_filepaths() -> None:
for filepath in [SBOM_PATH, TEMPLATE_PATH]:
if not os.path.exists(filepath):
logging.error("Error: %s does not exist. Exiting.", filepath)
sys.exit(1)
def load_sbom() -> dict:
try:
with open(SBOM_PATH, 'r') as file:
sbom = json.load(file)
logging.info("%s JSON data loaded.", SBOM_PATH)
return sbom
except json.JSONDecodeError as e:
logging.error("Error decoding %s JSON: %e Exiting.", SBOM_PATH, e)
sys.exit(1)
def sbom_to_component_chart(sbom: dict) -> list[list[str]]:
components = sbom["components"]
component_chart = []
for component in components:
check_component_validity(component)
name = component["name"]
license_string = []
for lic in component["licenses"]:
for key in ["id", "name"]:
if key in lic["license"]:
license_string.append(lic["license"][key])
license_string = ", ".join(license_string)
version = component["version"]
emits_persisted_data = "unknown"
for prop in component["properties"]:
k, v = prop["name"], prop["value"]
if k == "emits_persisted_data":
emits_persisted_data = ("", "")[v == "true"]
distributed_in_release_binaries = (
"", "")[component["scope"] == "required"]
row = [
item.replace(
"|",
"") for item in [
f"[{name}]",
license_string,
version,
emits_persisted_data,
distributed_in_release_binaries]]
bisect.insort(component_chart, row, key=lambda c: c[0].lower())
component_chart.insert(0,
["Name",
"License",
"Vendored Version",
"Emits persisted data",
"Distributed in Release Binaries"])
return component_chart
def sbom_to_component_links_string(sbom: dict) -> list[list[str]]:
components = sbom["components"]
link_list = []
for component in components:
check_component_validity(component)
info_link = get_component_info_link(component)
bisect.insort(
link_list,
f"[{component['name'].replace('|','')}]: {info_link}")
return "\n".join(link_list)
def sbom_to_wiredtiger_chart(sbom: dict) -> list[list[str]]:
components = sbom["components"]
wiredtiger_chart = [["Name"]]
for component in components:
check_component_validity(component)
locations = get_component_locations(component)
for location in locations:
if location.startswith("src/third_party/wiredtiger/"):
bisect.insort(
wiredtiger_chart, [
component["name"].replace(
"|", "")])
return wiredtiger_chart
def check_component_validity(component) -> None:
for required_key in ["name", "version", "licenses"]:
if required_key not in component:
logging.error(
"Error: no key %s found in json. Exiting. JSON dump:",
required_key)
logging.error(json.dumps(component))
sys.exit(1)
def get_component_info_link(component) -> str:
name = component["name"]
links = []
for prop in component["properties"]:
k, v = prop["name"], prop["value"]
if k == "info_link":
links.append(v)
if len(links) != 1:
logging.warning(
"Warning: Expected 1 info_link for %s. Got %d:",
name,
len(links))
if len(links) > 1:
logging.warning(" ".join(links))
logging.warning("Using first link only.")
else:
logging.warning(
"Falling back to `purl` value: %s",
component['purl'])
links.append(component["purl"])
return links[0]
def get_component_locations(component) -> list[str]:
if "evidence" not in component or "occurrences" not in component["evidence"]:
return []
return [occurence["location"]
for occurence in component["evidence"]["occurrences"]]
def right_pad_chart_values(chart: list[list[str]]) -> list[list[str]]:
h, w = len(chart), len(chart[0])
max_lens = [3 for _ in range(w)]
for row in chart:
for c in range(0, w):
max_lens[c] = max(max_lens[c], len(row[c]))
for r in range(0, h):
for c in range(0, w):
chart[r][c] = chart[r][c].ljust(max_lens[c])
chart.insert(1, ["-" * max_len for max_len in max_lens])
def chart_to_string(chart: list[list[str]]) -> str:
chart = [" | ".join(row) for row in chart]
chart = "\n".join(["| " + row + " |" for row in chart])
return chart
def create_markdown_with_template(data: str) -> None:
file_loader = FileSystemLoader('.')
env = Environment(loader=file_loader)
template = env.get_template(TEMPLATE_PATH)
output = template.render(data)
with open(README_PATH, 'w') as f:
f.write("[DO NOT MODIFY THIS FILE MANUALLY. It is generated by src/third_party/tools/gen_thirdpartyreadme.py]: #\n\n")
f.write(output)
f.write("\n")
logging.info("Markdown file created successfully.")
if __name__ == "__main__":
main()