railiance-infra/sbom-tools.yaml

# sbom-tools.yaml — system-level tool dependencies for railiance-infra
# Generated by sbom-capture-agent on 2026-03-12
# Review each entry before committing. Entries with confidence: low need human verification.
#
# NOT included here (covered by other parsers):
#   - Terraform providers → terraform/hetzner/.terraform.lock.hcl
#   - Ansible Galaxy collections → ansible/requirements.yaml
tools:
  - name: terraform
    version: "1.9.5"       # confidence: medium (README install example URL; constraint >= 1.7)
    ecosystem: terraform
    license_spdx: BSL-1.1
    is_direct: true
    is_dev: false

  - name: ansible
    version: null           # confidence: low (README states >= 2.16; no pinned version found)
    ecosystem: ansible
    license_spdx: GPL-3.0-only
    is_direct: true
    is_dev: false

  - name: sops
    version: "3.10.2"      # confidence: high (README install example URL)
    ecosystem: tool
    license_spdx: MPL-2.0
    is_direct: true
    is_dev: false

  - name: age
    version: null           # confidence: low (referenced in Makefile; installed via apt, no version pin)
    ecosystem: tool
    license_spdx: BSD-3-Clause
    is_direct: true
    is_dev: false

  - name: cloud-init
    version: null           # confidence: low (referenced for first-boot; version depends on server OS)
    ecosystem: tool
    license_spdx: Apache-2.0
    is_direct: false
    is_dev: false