mongodb/mongo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SERVER-107852 Update README.third_party.md and SBOM on master (#39934)

Browse Source 
GitOrigin-RevId: 0c9796a25a04bafd00551c5f62ddfc1afcc19327
This commit is contained in:
Jason Hills 2025-09-03 17:55:10 -04:00 committed by MongoDB Bot
parent d05fa0244f
commit 7af4081495
5 changed files with 229 additions and 166 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.prettierignore
View File

@ -55,6 +55,9 @@ version_expansions.yml
# Ignore all formatting in third_party/*
src/third_party
# this file is automatically generated and conforms to formatting requirements
README.third_party.md
# Ignore anything in the build output directories
build
bazel-*

224
README.third_party.md
View File

@ -21,136 +21,146 @@ not authored by MongoDB, and has a license which requires reproduction,
a notice will be included in
`THIRD-PARTY-NOTICES`.
| Name | License | Vendored Version | Emits persisted data | Distributed in Release Binaries |
| ---------------------------------------------------- | --------------------------------------------------------------------------------------------------- | ---------------------------------------- | -------------------- | ------------------------------- |
| [Abseil] | Apache-2.0 | 20250512.1 | | ✗ |
| [arximboldi/immer] | BSL-1.0 | Unknown | | ✗ |
| [Asio C++ Library] | BSL-1.0 | 1.12.2 | | ✗ |
| [Apache Avro C++] | Apache-2.0 | 1.12.0 | | ✗ |
| [aws-sdk - the AWS SDK client library] | Apache-2.0 | 1.11.471 | | ✗ |
| [benchmark] | Apache-2.0 | v1.5.2 | | |
| [Boost C++ Libraries - boost] | BSL-1.0 | 1.88.0 | | ✗ |
| [c-ares] | MIT | 1.27.0 | | ✗ |
| [concurrencytest] | GPL-3.0-or-later | 0.1.2 | unknown | |
| [Cyrus SASL] | BSD-Attribution-HPND-disclaimer | 2.1.28 | unknown | |
| [dcleblanc/SafeInt] | MIT | 3.0.26 | | ✗ |
| [derickr/timelib] | MIT | 2022.13 | | ✗ |
| [discover] | BSD-3-Clause | 0.4.0 | unknown | |
| [fmtlib/fmt] | MIT | 11.1.3 | | ✗ |
| [folly] | Apache-2.0 | v2025.04.21.00 | | ✗ |
| [google-re2] | BSD-3-Clause | 2023-11-01 | | ✗ |
| [google-snappy] | BSD-3-Clause | 1.1.10 | ✗ | ✗ |
| [google/s2geometry] | Apache-2.0 | Unknown | ✗ | ✗ |
| [gperftools] | BSD-3-Clause | 2.9.1 | | ✗ |
| [grpc] | Apache-2.0 | 1.59.5 | | ✗ |
| [ICU for C/C++ (ICU4C)] | BSD-3-Clause, MIT v2 with Ad Clause License, Public Domain, BSD-2-Clause | 57.1 | ✗ | ✗ |
| [Intel Decimal Floating-Point Math Library] | BSD-3-Clause | v2.0 U1 | | ✗ |
| [jbeder/yaml-cpp] | MIT | 0.6.3 | | ✗ |
| [JSON-Schema-Test-Suite] | Unknown License | Unknown | | |
| [libmongocrypt] | Apache-2.0 | 1.14.0 | ✗ | ✗ |
| [librdkafka - the Apache Kafka C/C++ client library] | BSD-3-Clause, Xmlproc License, ISC, MIT, Public Domain, Zlib, BSD-2-Clause, Andreas Stolcke License | 2.6.0 | | ✗ |
| [LibTomCrypt] | WTFPL, Public Domain | 1.18.2 | ✗ | ✗ |
| [libunwind/libunwind] | MIT | v1.8.1 | | ✗ |
| [linenoise] | BSD-2-Clause | Unknown | | ✗ |
| [MongoDB C Driver] | Apache-2.0 | 1.28.1 | ✗ | ✗ |
| [Mozilla Firefox] | MPL-2.0 | 128.11.0esr | unknown | ✗ |
| [nlohmann-json] | MIT | 3.11.3 | ✗ | |
| [nlohmann.json.decomposed] | MIT | 3.10.5 | unknown | |
| [node] | ISC | 22.1.0 | unknown | |
| [ocspbuilder] | MIT | 0.10.2 | | |
| [ocspresponder] | Apache-2.0 | 0.5.0 | | |
| [opentelemetry-cpp] | Apache-2.0 | 1.17 | ✗ | |
| [opentelemetry-proto] | Apache-2.0 | 1.3.2 | ✗ | |
| [PCRE2] | BSD-3-Clause, Public Domain | 10.40 | | ✗ |
| [Protobuf] | BSD-3-Clause | v4.25.0 | | ✗ |
| [pyiso8601] | MIT | 2.1.0 | unknown | |
| [RoaringBitmap/CRoaring] | Unknown License | v3.0.1 | | ✗ |
| [SchemaStore/schemastore] | Apache-2.0 | Unknown | | |
| [sls-proto] | Unknown License | 1.0 | unknown | ✗ |
| [smhasher] | Unknown License | Unknown | unknown | ✗ |
| [Snowball Stemming Algorithms] | BSD-3-Clause | 7b264ffa0f767c579d052fd8142558dc8264d795 | ✗ | ✗ |
| [subunit] | BSD-3-Clause, Apache-2.0 | 1.4.4 | unknown | |
| [tcmalloc] | Apache-2.0 | 20230227-snapshot-093ba93c | | ✗ |
| [testing-cabal/extras] | MIT | 0.0.3 | unknown | |
| [testscenarios] | BSD-3-Clause, Apache-2.0 | 0.4 | unknown | |
| [testtools] | MIT | 2.7.1 | unknown | |
| [unicode-data] | Unicode-DFS-2016 | 8.0 | ✗ | ✗ |
| [valgrind] | GPL-2.0-or-later | Unknown | | ✗ |
| [zlib] | Zlib | v1.3.1 | ✗ | ✗ |
| [zstd] | BSD-3-Clause, GPL-2.0-or-later | 1.5.5 | ✗ | ✗ |
| Name | License | Vendored Version | Emits persisted data | Distributed in Release Binaries |
| ---------------------------------------------------- | ---------------------------------------------- | ---------------------------------------- | -------------------- | ------------------------------- |
| [Abseil Common Libraries (C++)] | Apache-2.0 | 20250512.1 | | ✗ |
| [Apache Avro C++] | Apache-2.0 | 1.12.0 | | ✗ |
| [Asio C++ Library] | BSL-1.0 | 1.34.2 | | ✗ |
| [AWS SDK for C++] | Apache-2.0 | 1.11.471 | | ✗ |
| [benchmark] | Apache-2.0 | v1.5.2 | | |
| [Boost C++ Libraries] | BSL-1.0 | 1.88.0 | | ✗ |
| [c-ares] | MIT | 1.27.0 | | ✗ |
| [CRoaring] | Apache-2.0 OR MIT | 3.0.1 | | ✗ |
| [Cyrus SASL] | BSD-Attribution-HPND-disclaimer | 2.1.28 | | |
| [fmt] | MIT | 11.2.0 | | ✗ |
| [github.com/facebook/folly] | Apache-2.0 | v2025.04.21.00 | | ✗ |
| [googletest] | BSD-3-Clause | 1.17.0 | | |
| [gperftools] | BSD-3-Clause | 2.9.1 | | ✗ |
| [gRPC (C++)] | Apache-2.0 | 1.59.5 | | ✗ |
| [immer] | BSL-1.0 | 0.8.0 | | ✗ |
| [Intel® Decimal Floating-Point Math Library] | BSD-3-Clause | v2.0U1 | | ✗ |
| [International Components for Unicode C/C++ (ICU4C)] | Unicode-3.0 | 57.1 | ✗ | ✗ |
| [JSON Schema Store] | Apache-2.0 | 6847cfc3a17a04a7664474212db50c627e1e3408 | | |
| [JSON-Schema-Test-Suite] | MIT | 728066f9c5c258ba3b1804a22a5b998f2ec77ec0 | | |
| [libdwarf] | LGPL-2.1-or-later, BSD-3-Clause, Public Domain | v2.1.0 | | |
| [libmongocrypt] | Apache-2.0 | 1.15.0 | ✗ | ✗ |
| [librdkafka - The Apache Kafka C/C++ library] | BSD-2-Clause | 2.6.0 | | ✗ |
| [LibTomCrypt] | Unlicense | 1.18.2 | ✗ | ✗ |
| [libunwind] | MIT | v1.8.1 | | ✗ |
| [linenoise] | BSD-2-Clause | 6cdc775807e57b2c3fd64bd207814f8ee1fe35f3 | | ✗ |
| [MongoDB C Driver] | Apache-2.0 | 1.28.1 | ✗ | ✗ |
| [Mozilla Firefox ESR] | MPL-2.0 | 128.11.0esr | | ✗ |
| [MurmurHash3] | Public Domain | a6bd3ce7be8ad147ea820a7cf6229a975c0c96bb | | ✗ |
| [nlohmann/json] | MIT | 3.10.5 | | |
| [nlohmann/json] | MIT | 3.11.3 | ✗ | |
| [node] | ISC | 22.1.0 | | |
| [opentelemetry-cpp] | Apache-2.0 | 1.17 | ✗ | |
| [opentelemetry-proto] | Apache-2.0 | 1.3.2 | ✗ | |
| [PCRE2 - Perl-Compatible Regular Expressions] | BSD-3-Clause WITH PCRE2-exception | 10.40 | | ✗ |
| [Protobuf] | BSD-3-Clause | v4.25.0 | | ✗ |
| [pypi/asn1crypto] | MIT | 1.5.1 | | |
| [pypi/bottle] | MIT | 0.12.25 | | |
| [pypi/concurrencytest] | GPL-3.0-or-later | 0.1.2 | | |
| [pypi/discover] | BSD-3-Clause | 0.4.0 | | |
| [pypi/extras] | MIT | 0.0.3 | | |
| [pypi/iso8601] | MIT | 2.1.0 | | |
| [pypi/ocspbuilder] | MIT | 0.10.2 | | |
| [pypi/ocspresponder] | Apache-2.0 | 0.5.0 | | |
| [pypi/oscrypto] | MIT | 1.3.0 | | |
| [pypi/python-subunit] | (Apache-2.0 OR BSD-3-Clause) | 1.4.4 | | |
| [pypi/testscenarios] | BSD-3-Clause | 0.4 | | |
| [pypi/testtools] | MIT | 2.7.1 | | |
| [re2] | BSD-3-Clause | 2023-11-01 | | ✗ |
| [S2 Geometry Library] | Apache-2.0 | c872048da5d1 | ✗ | ✗ |
| [SafeInt] | MIT | 3.0.26 | | ✗ |
| [snappy] | BSD-3-Clause | 1.1.10 | ✗ | ✗ |
| [Snowball Stemming Algorithms (libstemmer)] | BSD-3-Clause | 7b264ffa0f767c579d052fd8142558dc8264d795 | ✗ | ✗ |
| [tcmalloc] | Apache-2.0 | 093ba93c1bd6dca03b0a8334f06d01b019244291 | | ✗ |
| [timelib] | MIT | 2022.13 | | ✗ |
| [Unicode Character Database] | Unicode-DFS-2016 | 8.0.0 | ✗ | ✗ |
| [valgrind.h] | BSD-4-Clause | 3.17.0 | | ✗ |
| [WiredTiger] | GPL-2.0-only OR GPL-3.0-only | mongodb-master | ✗ | ✗ |
| [yaml-cpp] | MIT | 0.6.3 | | ✗ |
| [zlib] | Zlib | 1.3.1 | ✗ | ✗ |
| [Zstandard (zstd)] | BSD-3-Clause OR GPL-2.0-only | 1.5.5 | ✗ | ✗ |
[Abseil]: https://github.com/abseil/abseil-cpp
[Asio C++ Library]: https://github.com/chriskohlhoff/asio
[AWS SDK for C++]: https://github.com/aws/aws-sdk-cpp
[Abseil Common Libraries (C++)]: https://github.com/abseil/abseil-cpp
[Apache Avro C++]: https://avro.apache.org/
[Boost C++ Libraries - boost]: http://www.boost.org/
[Asio C++ Library]: https://github.com/chriskohlhoff/asio
[Boost C++ Libraries]: http://www.boost.org/
[CRoaring]: https://github.com/RoaringBitmap/CRoaring
[Cyrus SASL]: https://www.cyrusimap.org/sasl/
[ICU for C/C++ (ICU4C)]: http://site.icu-project.org/download/
[Intel Decimal Floating-Point Math Library]: https://software.intel.com/en-us/articles/intel-decimal-floating-point-math-library
[Intel® Decimal Floating-Point Math Library]: https://software.intel.com/en-us/articles/intel-decimal-floating-point-math-library
[International Components for Unicode C/C++ (ICU4C)]: http://site.icu-project.org/download/
[JSON Schema Store]: https://www.schemastore.org/json/
[JSON-Schema-Test-Suite]: https://github.com/json-schema-org/JSON-Schema-Test-Suite
[LibTomCrypt]: https://github.com/libtom/libtomcrypt/releases
[MongoDB C Driver]: https://github.com/mongodb/mongo-c-driver
[Mozilla Firefox]: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr
[PCRE2]: http://www.pcre.org/
[Mozilla Firefox ESR]: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr
[MurmurHash3]: https://github.com/aappleby/smhasher/blob/a6bd3ce/
[PCRE2 - Perl-Compatible Regular Expressions]: http://www.pcre.org/
[Protobuf]: https://github.com/protocolbuffers/protobuf
[RoaringBitmap/CRoaring]: https://github.com/RoaringBitmap/CRoaring
[SchemaStore/schemastore]: https://www.schemastore.org/json/
[Snowball Stemming Algorithms]: https://github.com/snowballstem/snowball
[arximboldi/immer]: https://github.com/arximboldi/immer
[aws-sdk - the AWS SDK client library]: https://github.com/aws/aws-sdk-cpp
[S2 Geometry Library]: https://github.com/google/s2geometry
[SafeInt]: https://github.com/dcleblanc/SafeInt
[Snowball Stemming Algorithms (libstemmer)]: https://github.com/snowballstem/snowball
[Unicode Character Database]: http://www.unicode.org/versions/enumeratedversions.html
[WiredTiger]: https://source.wiredtiger.com/
[Zstandard (zstd)]: https://github.com/facebook/zstd
[benchmark]: https://github.com/google/benchmark
[c-ares]: https://c-ares.org/
[concurrencytest]: https://pypi.org/project/concurrencytest/
[dcleblanc/SafeInt]: https://github.com/dcleblanc/SafeInt
[derickr/timelib]: https://github.com/derickr/timelib
[discover]: https://pypi.org/project/discover/
[fmtlib/fmt]: http://fmtlib.net/
[folly]: https://github.com/facebook/folly
[google-re2]: https://github.com/google/re2
[google-snappy]: https://github.com/google/snappy/releases
[google/s2geometry]: https://github.com/google/s2geometry
[fmt]: http://fmtlib.net/
[gRPC (C++)]: https://github.com/grpc/grpc
[github.com/facebook/folly]: https://github.com/facebook/folly
[googletest]: https://github.com/google/googletest
[gperftools]: https://github.com/gperftools/gperftools
[grpc]: https://github.com/grpc/grpc
[jbeder/yaml-cpp]: https://github.com/jbeder/yaml-cpp/releases
[immer]: https://github.com/arximboldi/immer
[libdwarf]: https://github.com/davea42/libdwarf-code
[libmongocrypt]: https://github.com/mongodb/libmongocrypt
[librdkafka - the Apache Kafka C/C++ client library]: https://github.com/confluentinc/librdkafka
[libunwind/libunwind]: http://www.github.com/libunwind/libunwind
[librdkafka - The Apache Kafka C/C++ library]: https://github.com/confluentinc/librdkafka
[libunwind]: http://www.github.com/libunwind/libunwind
[linenoise]: https://github.com/antirez/linenoise
[nlohmann-json]: https://github.com/open-telemetry/opentelemetry-proto
[nlohmann.json.decomposed]: https://www.nuget.org/packages/nlohmann.json.decomposed
[nlohmann/json]: https://github.com/nlohmann/json
[nlohmann/json]: https://github.com/open-telemetry/opentelemetry-proto
[node]: https://nodejs.org/en/blog/release
[ocspbuilder]: https://github.com/wbond/ocspbuilder
[ocspresponder]: https://github.com/threema-ch/ocspresponder
[opentelemetry-cpp]: https://github.com/open-telemetry/opentelemetry-cpp/
[opentelemetry-proto]: https://github.com/open-telemetry/opentelemetry-proto
[pyiso8601]: https://pypi.org/project/iso8601/
[sls-proto]: https://github.com/10gen/sls
[smhasher]: https://github.com/aappleby/smhasher/blob/a6bd3ce/
[subunit]: https://github.com/testing-cabal/subunit
[pypi/asn1crypto]: https://pypi.org/project/asn1crypto/
[pypi/bottle]: https://bottlepy.org/docs/dev/
[pypi/concurrencytest]: https://pypi.org/project/concurrencytest/
[pypi/discover]: https://pypi.org/project/discover/
[pypi/extras]: https://github.com/testing-cabal/extras
[pypi/iso8601]: https://pypi.org/project/iso8601/
[pypi/ocspbuilder]: https://github.com/wbond/ocspbuilder
[pypi/ocspresponder]: https://github.com/threema-ch/ocspresponder
[pypi/oscrypto]: https://pypi.org/project/oscrypto/
[pypi/python-subunit]: https://github.com/testing-cabal/subunit
[pypi/testscenarios]: https://pypi.org/project/testscenarios/
[pypi/testtools]: https://github.com/testing-cabal/testtools
[re2]: https://github.com/google/re2
[snappy]: https://github.com/google/snappy/releases
[tcmalloc]: https://github.com/google/tcmalloc
[testing-cabal/extras]: https://github.com/testing-cabal/extras
[testscenarios]: https://pypi.org/project/testscenarios/
[testtools]: https://github.com/testing-cabal/testtools
[unicode-data]: http://www.unicode.org/versions/enumeratedversions.html
[valgrind]: http://valgrind.org/downloads/current.html
[timelib]: https://github.com/derickr/timelib
[valgrind.h]: http://valgrind.org/downloads/current.html
[yaml-cpp]: https://github.com/jbeder/yaml-cpp/releases
[zlib]: https://zlib.net/
[zstd]: https://github.com/facebook/zstd
## WiredTiger Vendored Test Libraries
The following Python libraries are transitively included by WiredTiger,
The following libraries are transitively included by WiredTiger,
and are used by that component for testing. They don't appear in
released binary artifacts.
| Name |
| ------------------------ |
| concurrencytest |
| discover |
| nlohmann.json.decomposed |
| pyiso8601 |
| subunit |
| testing-cabal/extras |
| testscenarios |
| testtools |
| Name |
| -------------------------- |
| nlohmann/json@3.10.5 |
| pypi/concurrencytest@0.1.2 |
| pypi/discover@0.4.0 |
| pypi/extras@0.0.3 |
| pypi/iso8601@2.1.0 |
| pypi/python-subunit@1.4.4 |
| pypi/testscenarios@0.4 |
| pypi/testtools@2.7.1 |
## Dynamically Linked Libraries

100
sbom.json
View File

@ -3,9 +3,9 @@
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"serialNumber": "urn:uuid:a973a3fe-5abe-4432-91fa-cc30c1034545",
"version": 1,
"version": 5,
"metadata": {
"timestamp": "2025-07-16T18:51:45Z",
"timestamp": "2025-09-02T13:18:05Z",
"tools": [
{
"vendor": "OWASP",
@ -520,6 +520,10 @@
"name": "internal:team_responsible",
"value": "Build"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "https://www.cyrusimap.org/sasl/"
@ -669,7 +673,7 @@
},
"author": "Victor Zverovich",
"group": "fmtlib",
"name": "{fmt}",
"name": "fmt",
"version": "11.2.0",
"description": "A modern formatting library",
"licenses": [
@ -711,7 +715,7 @@
},
{
"type": "library",
"bom-ref": "pkg:github/folly/folly@v2025.04.21.00",
"bom-ref": "pkg:github/facebook/folly@v2025.04.21.00",
"supplier": {
"name": "Meta Open Source",
"url": [
@ -732,7 +736,7 @@
],
"copyright": "Copyright (c) Meta Platforms, Inc. and affiliates.",
"cpe": "cpe:2.3:a:facebook:folly:2025.04.21.00:*:*:*:*:*:*:*",
"purl": "pkg:github/folly/folly@v2025.04.21.00",
"purl": "pkg:github/facebook/folly@v2025.04.21.00",
"externalReferences": [
{
"type": "vcs",
@ -915,11 +919,19 @@
"scope": "required"
},
{
"type": "library",
"bom-ref": "pkg:github/google/googletest@v1.17.0",
"supplier": {
"name": "Organization: github"
"name": "Google LLC",
"url": [
"https://opensource.google/"
]
},
"author": "The Google Test and Google Mock Communities",
"group": "google.opensource",
"name": "googletest",
"version": "1.17.0",
"description": "GoogleTest - Google Testing and Mocking Framework",
"licenses": [
{
"license": {
@ -927,7 +939,9 @@
}
}
],
"purl": "pkg:github/googletest/googletest@v1.17.0",
"copyright": "Copyright 2008, Google Inc. All rights reserved.",
"cpe": "cpe:2.3:a:google:google_test:1.17.0:*:*:*:*:*:*:*",
"purl": "pkg:github/google/googletest@v1.17.0",
"properties": [
{
"name": "internal:team_responsible",
@ -946,8 +960,6 @@
"value": "src/third_party/googletest_restricted_for_disagg_only/scripts/import.sh"
}
],
"type": "library",
"bom-ref": "e57f94bd-b0b1-4e47-912e-c690a01e4f95",
"evidence": {
"occurrences": [
{
@ -955,7 +967,7 @@
}
]
},
"scope": "required"
"scope": "excluded"
},
{
"type": "library",
@ -1574,6 +1586,10 @@
"name": "internal:team_responsible",
"value": "Query Integration"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr"
@ -1616,7 +1632,7 @@
},
{
"name": "info_link",
"value": "https://www.nuget.org/packages/nlohmann.json.decomposed"
"value": "https://github.com/nlohmann/json"
}
],
"evidence": {
@ -2026,6 +2042,10 @@
"name": "internal:team_responsible",
"value": "Storage Execution"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "https://github.com/aappleby/smhasher/blob/a6bd3ce/"
@ -2374,9 +2394,6 @@
{
"type": "library",
"bom-ref": "pkg:generic/valgrind/valgrind.h@3.17.0",
"supplier": {
"name": "Julian Seward"
},
"author": "The Valgrind Developers",
"group": "valgrind",
"name": "valgrind.h",
@ -2396,9 +2413,7 @@
{
"type": "library",
"bom-ref": "pkg:generic/valgrind@3.17.0",
"supplier": {
"name": "Julian Seward"
},
"author": "The Valgrind Developers",
"group": "valgrind",
"name": "valgrind",
"version": "3.17.0",
@ -2684,7 +2699,7 @@
},
{
"type": "framework",
"bom-ref": "pkg:github/wiredtiger/wiredtiger@mongodb-8.2.0-alpha2",
"bom-ref": "pkg:github/wiredtiger/wiredtiger@mongodb-master",
"supplier": {
"name": "MongoDB, Inc.",
"url": [
@ -2694,7 +2709,7 @@
"author": "MongoDB, Inc.",
"group": "mongodb",
"name": "WiredTiger",
"version": "mongodb-8.2.0-alpha2",
"version": "mongodb-master",
"description": "WiredTiger is an high performance, scalable, production quality, NoSQL, Open Source extensible platform for data management.",
"licenses": [
{
@ -2702,12 +2717,16 @@
}
],
"copyright": "Copyright (c) 2014-present MongoDB, Inc., Copyright (c) 2008-2014 WiredTiger, Inc., All rights reserved.",
"purl": "pkg:github/wiredtiger/wiredtiger@mongodb-8.2.0-alpha2",
"purl": "pkg:github/wiredtiger/wiredtiger@mongodb-master",
"properties": [
{
"name": "internal:team_responsible",
"value": "Storage Engines"
},
{
"name": "emits_persisted_data",
"value": "true"
},
{
"name": "info_link",
"value": "https://source.wiredtiger.com/"
@ -2741,6 +2760,10 @@
"name": "internal:team_responsible",
"value": "Server Security"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "https://pypi.org/project/asn1crypto/"
@ -2774,6 +2797,10 @@
"name": "internal:team_responsible",
"value": "Server Security"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "https://bottlepy.org/docs/dev/"
@ -2802,6 +2829,10 @@
"name": "internal:team_responsible",
"value": "Server Security"
},
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "info_link",
"value": "https://pypi.org/project/oscrypto/"
@ -2811,11 +2842,11 @@
"purl": "pkg:pypi/oscrypto@1.3.0"
},
{
"name": "libdwarf",
"type": "library",
"supplier": {
"name": "Organization: github"
},
"bom-ref": "pkg:github/davea42/libdwarf-code@v2.1.0",
"author": "David Anderson",
"group": "davea42",
"name": "libdwarf",
"version": "v2.1.0",
"licenses": [
{
@ -2834,7 +2865,9 @@
}
}
],
"copyright": "Copyright 2000,2004 Silicon Graphics, Inc.; Portions Copyright 2002-2010 Sun Microsystems, Inc.; Portions Copyright 2007-2025 David Anderson.; Portions Copyright 2008-2010 Arxan Technologies, Inc.; Portions Copyright 2010-2012 SN Systems Ltd.; Portions Copyright 2015,2020 Google, Inc.; All Rights Reserved.",
"purl": "pkg:github/davea42/libdwarf-code@v2.1.0",
"cpe": "cpe:2.3:a:libdwarf_project:libdwarf:2.1.0:*:*:*:*:*:*:*",
"properties": [
{
"name": "internal:team_responsible",
@ -2853,7 +2886,6 @@
"value": "src/third_party/libdwarf/scripts/import.sh"
}
],
"bom-ref": "eb4cc09f-c13a-4d71-a276-5d47365f2372",
"evidence": {
"occurrences": [
{
@ -2884,15 +2916,17 @@
"pkg:github/chriskohlhoff/asio@asio-1-34-2",
"pkg:github/confluentinc/librdkafka@v2.6.0",
"pkg:github/cyrusimap/cyrus-sasl@cyrus-sasl-2.1.28",
"pkg:github/davea42/libdwarf-code@v2.1.0",
"pkg:github/dcleblanc/safeint@3.0.26",
"pkg:github/derickr/timelib@2022.13",
"pkg:github/facebook/zstd@v1.5.5",
"pkg:github/fmtlib/fmt@11.1.3",
"pkg:github/folly/folly@v2025.04.21.00",
"pkg:github/facebook/folly@v2025.04.21.00",
"pkg:github/google/benchmark@v1.5.2",
"pkg:github/google/re2@2023-11-01",
"pkg:github/google/snappy@1.1.10",
"pkg:github/google/tcmalloc@093ba93c1bd6dca03b0a8334f06d01b019244291",
"pkg:github/google/googletest@v1.17.0",
"pkg:github/gperftools/gperftools@gperftools-2.9.1",
"pkg:github/grpc/grpc@v1.59.5",
"pkg:github/jbeder/yaml-cpp@yaml-cpp-0.6.3",
@ -2911,7 +2945,7 @@
"pkg:github/schemastore/schemastore@6847cfc3a17a04a7664474212db50c627e1e3408",
"pkg:github/snowballstem/snowball@7b264ffa0f767c579d052fd8142558dc8264d795",
"pkg:github/unicode-org/icu@release-57-1",
"pkg:github/wiredtiger/wiredtiger@mongodb-8.2.0-alpha2",
"pkg:github/wiredtiger/wiredtiger@mongodb-master",
"pkg:pypi/ocspresponder@0.5.0"
]
},
@ -2983,6 +3017,10 @@
"ref": "pkg:github/cyrusimap/cyrus-sasl@cyrus-sasl-2.1.28",
"dependsOn": []
},
{
"ref": "pkg:github/davea42/libdwarf-code@v2.1.0",
"dependsOn": []
},
{
"ref": "pkg:github/dcleblanc/safeint@3.0.26",
"dependsOn": []
@ -3000,7 +3038,7 @@
"dependsOn": []
},
{
"ref": "pkg:github/folly/folly@v2025.04.21.00",
"ref": "pkg:github/facebook/folly@v2025.04.21.00",
"dependsOn": []
},
{
@ -3019,6 +3057,10 @@
"ref": "pkg:github/google/tcmalloc@093ba93c1bd6dca03b0a8334f06d01b019244291",
"dependsOn": []
},
{
"ref": "pkg:github/google/googletest@v1.17.0",
"dependsOn": []
},
{
"ref": "pkg:github/gperftools/gperftools@gperftools-2.9.1",
"dependsOn": []
@ -3092,7 +3134,7 @@
"dependsOn": []
},
{
"ref": "pkg:github/wiredtiger/wiredtiger@mongodb-8.2.0-alpha2",
"ref": "pkg:github/wiredtiger/wiredtiger@mongodb-master",
"dependsOn": [
"pkg:pypi/concurrencytest@0.1.2",
"pkg:pypi/discover@0.4.0",

2
src/third_party/scripts/README.third_party.md.template vendored
View File

@ -25,7 +25,7 @@ $component_links
## WiredTiger Vendored Test Libraries
The following Python libraries are transitively included by WiredTiger,
The following libraries are transitively included by WiredTiger,
and are used by that component for testing. They don't appear in
released binary artifacts.

66
src/third_party/scripts/gen_thirdpartyreadme.py vendored
View File

@ -64,22 +64,24 @@ def sbom_to_component_chart(sbom: dict) -> list[list[str]]:
check_component_validity(component)
name = component["name"]
license_string = []
for licenses in component["licenses"]:
# Items can be of the form {"expression": ...} or {"license": {"id"/"name": ...}}
for k, v in licenses.items():
if k == "expression":
license_string.append(v)
elif k == "license":
for key in ["id", "name"]:
if key in v:
license_string.append(v[key])
for lic in component["licenses"]:
if "license" in lic:
for key in ["id", "name"]:
if key in lic["license"]:
license_string.append(lic["license"][key])
elif "expression" in lic:
license_string.append(lic["expression"])
license_string = ", ".join(license_string)
version = component["version"]
emits_persisted_data = "unknown"
for prop in component["properties"]:
k, v = prop["name"], prop["value"]
if k == "emits_persisted_data":
emits_persisted_data = ("", "")[v == "true"]
if component["scope"] == "excluded":
emits_persisted_data = ""
else:
emits_persisted_data = "unknown"
if "properties" in component:
for prop in component["properties"]:
k, v = prop["name"], prop["value"]
if k == "emits_persisted_data":
emits_persisted_data = ("", "")[v == "true"]
distributed_in_release_binaries = ("", "")[component["scope"] == "required"]
row = [
@ -114,7 +116,7 @@ def sbom_to_component_links_string(sbom: dict) -> list[list[str]]:
for component in components:
check_component_validity(component)
info_link = get_component_info_link(component)
bisect.insort(link_list, f"[{component['name'].replace('|','')}]: {info_link}")
bisect.insort(link_list, f"[{component['name'].replace('|', '')}]: {info_link}")
return "\n".join(link_list)
@ -128,7 +130,10 @@ def sbom_to_wiredtiger_chart(sbom: dict) -> list[list[str]]:
locations = get_component_locations(component)
for location in locations:
if location.startswith("src/third_party/wiredtiger/"):
bisect.insort(wiredtiger_chart, [component["name"].replace("|", "")])
bisect.insort(
wiredtiger_chart,
([component["name"].replace("|", "") + "@" + component["version"]]),
)
return wiredtiger_chart
@ -144,19 +149,22 @@ def check_component_validity(component) -> None:
def get_component_info_link(component) -> str:
name = component["name"]
links = []
for prop in component["properties"]:
k, v = prop["name"], prop["value"]
if k == "info_link":
links.append(v)
if len(links) != 1:
logging.warning("Warning: Expected 1 info_link for %s. Got %d:", name, len(links))
if len(links) > 1:
logging.warning(" ".join(links))
logging.warning("Using first link only.")
else:
logging.warning("Falling back to `purl` value: %s", component["purl"])
links.append(component["purl"])
return links[0]
if "properties" in component:
for prop in component["properties"]:
k, v = prop["name"], prop["value"]
if k == "info_link":
links.append(v)
if len(links) != 1:
logging.warning("Warning: Expected 1 info_link for %s. Got %d:", name, len(links))
if len(links) > 1:
logging.warning(" ".join(links))
logging.warning("Using first link only.")
else:
logging.warning("Falling back to `purl` value: %s", component["purl"])
links.append(component["purl"])
return links[0]
else:
return ""
def get_component_locations(component) -> list[str]: