railiance-cluster/sbom-tools.yaml

# sbom-tools.yaml — system-level tool dependencies for railiance-cluster
# Generated by sbom-capture-agent on 2026-03-12
# Review each entry before committing. Entries with confidence: low need human verification.
#
# NOT included here (covered by other parsers):
#   - ansible / ansible-core Python packages → uv.lock
#
# Note: ansible is installed via uv (see uv.lock) — versions 12.3.0 / 13.4.0 depending
# on Python version. Listed here as a system-level runtime tool for completeness; the
# uv.lock entry is the authoritative version source.
tools:
  - name: k3s
    version: null           # confidence: low (referenced in Makefile and CLAUDE.md; no version pin found)
    ecosystem: tool
    license_spdx: Apache-2.0
    is_direct: true
    is_dev: false

  - name: helm
    version: null           # confidence: low (referenced in bin/railiance and Makefile; no version pin)
    ecosystem: tool
    license_spdx: Apache-2.0
    is_direct: true
    is_dev: false

  - name: kubectl
    version: null           # confidence: low (referenced in bin/railiance dispatcher; no version pin)
    ecosystem: tool
    license_spdx: Apache-2.0
    is_direct: true
    is_dev: false

  - name: goss
    version: null           # confidence: low (referenced in Makefile verify targets; no version pin)
    ecosystem: tool
    license_spdx: Apache-2.0
    is_direct: true
    is_dev: true

  - name: sops
    version: null           # confidence: low (referenced via railiance-doctor check; no version pin)
    ecosystem: tool
    license_spdx: MPL-2.0
    is_direct: true
    is_dev: false

  - name: age
    version: null           # confidence: low (referenced via railiance-doctor check; no version pin)
    ecosystem: tool
    license_spdx: BSD-3-Clause
    is_direct: true
    is_dev: false