Review: syft 1.42.4+ds-1
New Package Report
.changes
| Architecture | source amd64 |
|---|---|
| Distribution | unstable |
| Date | Thu, 09 Apr 2026 14:21:19 +0200 |
| Source | syft |
| Version | 1.42.4+ds-1 |
| Changed-By | Juan Manuel Méndez Rey |
Changelog
syft (1.42.4+ds-1) unstable; urgency=low . * Initial release (Closes: #1124819)
.dsc
| Priority | optional |
|---|---|
| Component | main |
| Package-List | syft deb devel optional arch=any |
| Section | devel |
debian/copyright
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: syft
Upstream-Contact: Anchore, Inc. <support@anchore.com>
Source: https://github.com/anchore/syft
Comment: This package includes vendored Go dependencies in the vendor/ directory.
Files: *
Copyright: 2020-2025 Anchore, Inc.
License: Apache-2.0
Files: debian/*
Copyright: 2026 Juan Manuel Méndez Rey <juan.mendezr@proton.me>
License: Apache-2.0
Files: vendor/cel.dev/expr/*
Copyright: 2022-2024 Google LLC
License: Apache-2.0
Files: vendor/cloud.google.com/go/*
Copyright: 2014-2024 Google LLC
License: Apache-2.0
Files: vendor/github.com/CycloneDX/cyclonedx-go/*
Copyright: OWASP Foundation
License: Apache-2.0
Files: vendor/github.com/GoogleCloudPlatform/opentelemetry-operations-go/*
Copyright: 2022-2024 Google LLC
License: Apache-2.0
Files: vendor/github.com/Masterminds/goutils/*
Copyright: 2014 Alexander Okoli
License: Apache-2.0
Files: vendor/github.com/OneOfOne/xxhash/*
Copyright: 2014 Ahmed W.
License: Apache-2.0
Files: vendor/github.com/agext/levenshtein/*
Copyright: 2016 ALRUX Inc.
License: Apache-2.0
Files: vendor/github.com/anchore/bubbly/*
vendor/github.com/anchore/clio/*
vendor/github.com/anchore/fangs/*
vendor/github.com/anchore/go-collections/*
vendor/github.com/anchore/go-logger/*
vendor/github.com/anchore/go-macholibre/*
vendor/github.com/anchore/go-struct-converter/*
vendor/github.com/anchore/go-sync/*
vendor/github.com/anchore/stereoscope/*
Copyright: 2020-2025 Anchore, Inc.
License: Apache-2.0
Files: vendor/github.com/aquasecurity/go-pep440-version/*
vendor/github.com/aquasecurity/go-version/*
Copyright: 2020 Aqua Security Software Ltd.
License: Apache-2.0
Files: vendor/github.com/aws/aws-sdk-go-v2/*
Copyright: 2015 Amazon.com, Inc. or its affiliates. All Rights Reserved.
2014-2015 Stripe, Inc.
License: Apache-2.0
Files: vendor/github.com/aws/smithy-go/*
Copyright: Amazon.com, Inc. or its affiliates. All Rights Reserved.
License: Apache-2.0
Files: vendor/github.com/bitnami/go-version/*
Copyright: 2023 Bitnami
License: Apache-2.0
Files: vendor/github.com/cncf/xds/go/*
Copyright: 2020-2024 Cloud Native Computing Foundation xDS authors
License: Apache-2.0
Files: vendor/github.com/containerd/containerd/*
Copyright: 2012-2015 Docker, Inc.
License: Apache-2.0
Files: vendor/github.com/containerd/cgroups/*
vendor/github.com/containerd/continuity/*
vendor/github.com/containerd/errdefs/*
vendor/github.com/containerd/fifo/*
vendor/github.com/containerd/log/*
vendor/github.com/containerd/platforms/*
vendor/github.com/containerd/plugin/*
vendor/github.com/containerd/stargz-snapshotter/*
vendor/github.com/containerd/ttrpc/*
vendor/github.com/containerd/typeurl/*
Copyright: 2017-2024 The containerd Authors
License: Apache-2.0
Files: vendor/github.com/deitch/magic/*
Copyright: 2023 Avi Deitcher
License: Apache-2.0
Files: vendor/github.com/distribution/reference/*
Copyright: 2013-2023 Docker, Inc.
License: Apache-2.0
Files: vendor/github.com/docker/cli/*
Copyright: 2012-2017 Docker, Inc.
License: Apache-2.0
Files: vendor/github.com/docker/distribution/*
Copyright: 2014 Docker, Inc.
License: Apache-2.0
Files: vendor/github.com/docker/go-connections/*
vendor/github.com/docker/go-units/*
Copyright: 2015 Docker, Inc.
License: Apache-2.0
Files: vendor/github.com/envoyproxy/go-control-plane/*
vendor/github.com/envoyproxy/protoc-gen-validate/*
Copyright: 2018-2024 Envoy Project Authors
License: Apache-2.0
Files: vendor/github.com/facebookincubator/nvdtools/*
Copyright: Facebook, Inc. and its affiliates.
License: Apache-2.0
Files: vendor/github.com/go-git/go-billy/*
vendor/github.com/go-git/go-git/*
Copyright: 2015-2021 go-git contributors
License: Apache-2.0
Files: vendor/github.com/go-logr/logr/*
Copyright: 2019-2023 The logr Authors.
License: Apache-2.0
Files: vendor/github.com/go-logr/stdr/*
Copyright: 2019-2021 The logr Authors.
License: Apache-2.0
Files: vendor/github.com/golang/groupcache/*
Copyright: 2013-2021 Google LLC
License: Apache-2.0
Files: vendor/github.com/google/go-containerregistry/*
Copyright: 2018-2020 Google LLC
License: Apache-2.0
Files: vendor/github.com/google/pprof/*
Copyright: 2014-2017 Google LLC
License: Apache-2.0
Files: vendor/github.com/google/s2a-go/*
Copyright: 2021-2022 Google LLC
License: Apache-2.0
Files: vendor/github.com/googleapis/enterprise-certificate-proxy/*
Copyright: 2022 Google LLC
License: Apache-2.0
Files: vendor/github.com/inconshreveable/mousetrap/*
Copyright: 2022 Alan Shreve
License: Apache-2.0
Files: vendor/github.com/maruel/natural/*
Copyright: 2015-2022 Marc-Antoine Ruel
License: Apache-2.0
Files: vendor/github.com/minio/minlz/*
Copyright: 2025 MinIO Inc.
License: Apache-2.0
Files: vendor/github.com/moby/docker-image-spec/*
vendor/github.com/moby/locker/*
vendor/github.com/moby/moby/*
vendor/github.com/moby/sys/*
Copyright: 2017-2024 Docker, Inc.
License: Apache-2.0
Files: vendor/github.com/modern-go/concurrent/*
vendor/github.com/modern-go/reflect2/*
Copyright: 2018 Tao Wen
License: Apache-2.0
Files: vendor/github.com/nix-community/go-nix/*
Copyright: 2021-2023 The go-nix Authors
License: Apache-2.0
Files: vendor/github.com/opencontainers/go-digest/*
Copyright: 2019-2020 OCI Contributors
2017 Docker, Inc.
License: Apache-2.0
Files: vendor/github.com/opencontainers/image-spec/*
Copyright: 2016-2022 The Linux Foundation
License: Apache-2.0
Files: vendor/github.com/opencontainers/runtime-spec/*
Copyright: 2015-2020 The Linux Foundation
License: Apache-2.0
Files: vendor/github.com/opencontainers/selinux/*
Copyright: 2017-2023 The opencontainers Authors
License: Apache-2.0
Files: vendor/github.com/pborman/indent/*
Copyright: 2022 Paul Borman
License: Apache-2.0
Files: vendor/github.com/pjbgf/sha1cd/*
Copyright: 2020-2023 Patrick Jungermann
License: Apache-2.0
Files: vendor/github.com/sassoftware/go-rpmutils/*
Copyright: 2019-2021 SAS Institute Inc.
License: Apache-2.0
Files: vendor/github.com/scylladb/go-set/*
Copyright: 2018-2019 ScyllaDB
License: Apache-2.0
Files: vendor/github.com/skeema/knownhosts/*
Copyright: 2025 Skeema LLC and the Skeema Knownhosts authors
License: Apache-2.0
Files: vendor/github.com/spf13/afero/*
Copyright: 2014-2016 Steve Francia <spf@spf13.com>
2015-2019 The Hugo Authors
License: Apache-2.0
Files: vendor/github.com/spf13/cobra/*
Copyright: 2013-2023 The Cobra Authors
License: Apache-2.0
Files: vendor/github.com/spiffe/go-spiffe/v2/*
Copyright: 2020-2023 SPIFFE Authors
License: Apache-2.0
Files: vendor/github.com/xanzy/ssh-agent/*
Copyright: 2014-2018 Sander van Harmelen
License: Apache-2.0
Files: vendor/github.com/xeipuuv/gojsonpointer/*
vendor/github.com/xeipuuv/gojsonreference/*
vendor/github.com/xeipuuv/gojsonschema/*
Copyright: 2015-2018 xeipuuv
License: Apache-2.0
Files: vendor/github.com/wk8/go-ordered-map/v2/*
Copyright: 2022 Benoît Gantaume
License: Apache-2.0
Files: vendor/go.opencensus.io/*
Copyright: 2017-2018 OpenCensus Authors
License: Apache-2.0
Files: vendor/go.opentelemetry.io/*
Copyright: The OpenTelemetry Authors
License: Apache-2.0
Files: vendor/go4.org/*
Copyright: 2011-2018 The Go4 Authors
License: Apache-2.0
Files: vendor/google.golang.org/genproto/*
Copyright: 2015 Google LLC
License: Apache-2.0
Files: vendor/google.golang.org/grpc/*
Copyright: 2014 gRPC authors.
License: Apache-2.0
Files: vendor/github.com/acobaugh/osrelease/*
Copyright: 2017 Andrew Cobaugh
License: BSD-3-clause
Files: vendor/github.com/atotto/clipboard/*
Copyright: 2013 Ato Araki. All rights reserved.
License: BSD-3-clause
Files: vendor/github.com/bahlo/generic-list-go/*
Copyright: 2009 The Go Authors. All rights reserved.
License: BSD-3-clause
Files: vendor/github.com/cloudflare/circl/*
Copyright: 2019 Cloudflare
2009 The Go Authors. All rights reserved.
License: BSD-3-clause
Files: vendor/dario.cat/mergo/*
Copyright: 2013 Dario Castane. All rights reserved.
2012 The Go Authors. All rights reserved.
License: BSD-3-clause
Files: vendor/github.com/DataDog/zstd/*
Copyright: 2016 Datadog <info@datadoghq.com>
License: BSD-3-clause
Files: vendor/github.com/ProtonMail/go-crypto/*
Copyright: 2009 The Go Authors. All rights reserved.
License: BSD-3-clause
Files: vendor/github.com/STARRY-S/zip/*
Copyright: 2023 Starry
License: BSD-3-clause
Files: vendor/github.com/fsnotify/fsnotify/*
Copyright: 2012 The Go Authors. All rights reserved.
2012-2019 fsnotify Authors
License: BSD-3-clause
Files: vendor/github.com/go-git/gcfg/*
Copyright: 2012 Peter Suranyi
2009 The Go Authors. All rights reserved.
License: BSD-3-clause
Files: vendor/github.com/go-jose/go-jose/v4/*
Copyright: 2012 The Go Authors. All rights reserved.
License: BSD-3-clause
Files: vendor/github.com/gogo/protobuf/*
Copyright: 2013 The GoGo Authors. All rights reserved.
2010 The Go Authors. All rights reserved.
License: BSD-3-clause
Files: vendor/github.com/google/go-cmp/*
Copyright: 2017 The Go Authors. All rights reserved.
License: BSD-3-clause
Files: vendor/github.com/google/licensecheck/*
Copyright: 2019 The Go Authors. All rights reserved.
License: BSD-3-clause
Files: vendor/github.com/google/uuid/*
Copyright: 2009, 2014 Google Inc. All rights reserved.
License: BSD-3-clause
Files: vendor/github.com/googleapis/gax-go/*
Copyright: 2016 Google Inc.
License: BSD-3-clause
Files: vendor/github.com/kastenhq/goversion/*
Copyright: 2009 The Go Authors. All rights reserved.
License: BSD-3-clause
Files: vendor/github.com/klauspost/compress/*
Copyright: 2012 The Go Authors. All rights reserved.
2019 Klaus Post. All rights reserved.
2011 The Snappy-Go Authors. All rights reserved.
License: BSD-3-clause and Apache-2.0
Files: vendor/github.com/pierrec/lz4/*
Copyright: 2015 Pierre Curro
License: BSD-3-clause
Files: vendor/github.com/planetscale/vtprotobuf/*
Copyright: 2021 PlanetScale Inc.
2013 The GoGo Authors. All rights reserved.
2018 The Go Authors. All rights reserved.
License: BSD-3-clause
Files: vendor/github.com/pmezard/go-difflib/*
Copyright: 2013 Patrick Mezard
License: BSD-3-clause
Files: vendor/github.com/quasilyte/go-ruleguard/*
Copyright: 2022 Iskander (Alex) Sharipov / quasilyte
License: BSD-3-clause
Files: vendor/github.com/remyoudompheng/bigfft/*
Copyright: 2012 The Go Authors. All rights reserved.
License: BSD-3-clause
Files: vendor/github.com/rogpeppe/go-internal/*
Copyright: 2018 The Go Authors. All rights reserved.
License: BSD-3-clause
Files: vendor/github.com/spf13/pflag/*
Copyright: 2012 Alex Ogier. All rights reserved.
2012 The Go Authors. All rights reserved.
License: BSD-3-clause
Files: vendor/github.com/sylabs/sif/*
Copyright: 2018-2023 Sylabs Inc. All rights reserved.
License: BSD-3-clause
Files: vendor/github.com/sylabs/squashfs/*
Copyright: 2020 Caleb Gardner
License: BSD-3-clause
Files: vendor/github.com/ulikunitz/xz/*
Copyright: 2014-2022 Ulrich Kunitz
License: BSD-3-clause
Files: vendor/github.com/vbatts/go-mtree/*
Copyright: 2016 Vincent Batts, Raleigh, NC, USA
License: BSD-3-clause
Files: vendor/github.com/vbatts/tar-split/*
Copyright: 2015 Vincent Batts, Raleigh, NC, USA
License: BSD-3-clause
Files: vendor/golang.org/x/*
Copyright: 2009 The Go Authors.
License: BSD-3-clause
Files: vendor/gonum.org/v1/gonum/*
Copyright: 2013 The Gonum Authors. All rights reserved.
License: BSD-3-clause
Files: vendor/google.golang.org/api/*
Copyright: 2011 Google Inc. All rights reserved.
License: BSD-3-clause
Files: vendor/google.golang.org/protobuf/*
Copyright: 2018 The Go Authors. All rights reserved.
License: BSD-3-clause
Files: vendor/modernc.org/libc/*
vendor/modernc.org/mathutil/*
vendor/modernc.org/memory/*
vendor/modernc.org/sqlite/*
Copyright: 2017 The Libc Authors. All rights reserved.
2017 The Sqlite Authors. All rights reserved.
2009 The Go Authors. All rights reserved.
2005-2020 Rich Felker, et al.
License: BSD-3-clause
Files: vendor/github.com/Masterminds/semver/*
Copyright: 2014-2019 Matt Butcher and Matt Farina
License: Expat
Files: vendor/github.com/Masterminds/sprig/*
Copyright: 2013-2020 Masterminds
License: Expat
Files: vendor/github.com/BurntSushi/toml/*
Copyright: 2013 TOML authors
License: Expat
Files: vendor/github.com/Microsoft/go-winio/*
vendor/github.com/Microsoft/hcsshim/*
Copyright: 2015 Microsoft Corporation
License: Expat
Files: vendor/github.com/acarl005/stripansi/*
Copyright: 2018 Andrew Carlson
License: Expat
Files: vendor/github.com/adrg/xdg/*
Copyright: 2014 Adrian-George Bostan <adrg@epistack.com>
License: Expat
Files: vendor/github.com/anchore/go-homedir/*
Copyright: 2013 Mitchell Hashimoto
License: Expat
Files: vendor/github.com/anchore/go-lzo/*
Copyright: 2025 Anchore, Inc.
License: Expat
Files: vendor/github.com/anchore/go-rpmdb/*
Copyright: 2019 Teppei Fukuda
License: Expat
Files: vendor/github.com/anchore/packageurl-go/*
Copyright: the purl authors
License: Expat
Files: vendor/github.com/andybalholm/brotli/*
Copyright: 2009-2016 the Brotli Authors.
License: Expat
Files: vendor/github.com/anmitsu/go-shlex/*
Copyright: anmitsu <anmitsu.s@gmail.com>
License: Expat
Files: vendor/github.com/apparentlymart/go-textseg/*
Copyright: 2017 Martin Atkins
2014 Couchbase, Inc.
1991-2017 Unicode, Inc.
License: Expat
Files: vendor/github.com/aymanbagabas/go-osc52/*
Copyright: 2022 Ayman Bagabas
License: Expat
Files: vendor/github.com/becheran/wildmatch-go/*
Copyright: 2021 Armin Becher
License: Expat
Files: vendor/github.com/bgentry/go-netrc/*
Copyright: 2010 Fazlul Shahriar
2014 Blake Gentry
License: Expat
Files: vendor/github.com/blakesmith/ar/*
Copyright: 2013 Blake Smith <blakesmith0@gmail.com>
License: Expat
Files: vendor/github.com/bmatcuk/doublestar/*
Copyright: 2014 Bob Matcuk
License: Expat
Files: vendor/github.com/bodgit/plumbing/*
vendor/github.com/bodgit/sevenzip/*
vendor/github.com/bodgit/windows/*
Copyright: 2019-2020 Matt Dainty
License: Expat
Files: vendor/github.com/buger/jsonparser/*
Copyright: 2016 Leonid Bugaev
License: Expat
Files: vendor/github.com/cespare/xxhash/v2/*
Copyright: 2016 Caleb Spare
License: Expat
Files: vendor/github.com/charmbracelet/bubbles/*
vendor/github.com/charmbracelet/bubbletea/*
vendor/github.com/charmbracelet/colorprofile/*
vendor/github.com/charmbracelet/harmonica/*
vendor/github.com/charmbracelet/lipgloss/*
vendor/github.com/charmbracelet/x/*
Copyright: 2020-2025 Charmbracelet, Inc
License: Expat
Files: vendor/github.com/clipperhouse/displaywidth/*
vendor/github.com/clipperhouse/uax29/*
Copyright: 2020-2025 Matt Sherman
License: Expat
Files: vendor/github.com/dave/jennifer/*
Copyright: 2017 David Brophy
License: Expat
Files: vendor/github.com/diskfs/go-diskfs/*
Copyright: 2017 Avi Deitcher
License: Expat
Files: vendor/github.com/docker/docker-credential-helpers/*
Copyright: 2016 David Calavera
License: Expat
Files: vendor/github.com/dustin/go-humanize/*
Copyright: 2005-2008 Dustin Sallings <dustin@spy.net>
License: Expat
Files: vendor/github.com/elliotchance/phpserialize/*
Copyright: 2019 Elliot Chance
License: Expat
Files: vendor/github.com/erikgeiser/coninput/*
Copyright: 2021 Erik G.
License: Expat
Files: vendor/github.com/fatih/color/*
Copyright: 2013 Fatih Arslan
License: Expat
Files: vendor/github.com/felixge/fgprof/*
Copyright: 2020 Felix Geisendoerfer
License: Expat
Files: vendor/github.com/felixge/httpsnoop/*
Copyright: 2016 Felix Geisendoerfer <felix@debuggable.com>
License: Expat
Files: vendor/github.com/gabriel-vasile/mimetype/*
Copyright: 2018 Gabriel Vasile
License: Expat
Files: vendor/github.com/github/go-spdx/*
Copyright: 2022 GitHub
License: Expat
Files: vendor/github.com/gkampitakis/ciinfo/*
vendor/github.com/gkampitakis/go-snaps/*
Copyright: 2021 Georgios Kampitakis
License: Expat
Files: vendor/github.com/goccy/go-yaml/*
Copyright: 2019 Masaaki Goshima
License: Expat
Files: vendor/github.com/go-test/deep/*
Copyright: 2015-2017 Daniel Nichter
License: Expat
Files: vendor/github.com/go-viper/mapstructure/*
Copyright: 2013 Mitchell Hashimoto
License: Expat
Files: vendor/github.com/gohugoio/hashstructure/*
Copyright: 2016 Mitchell Hashimoto
License: Expat
Files: vendor/github.com/gookit/color/*
Copyright: 2016 inhere
License: Expat
Files: vendor/github.com/gpustack/gguf-parser-go/*
Copyright: 2024 gguf-parser-go authors
License: Expat
Files: vendor/github.com/henvic/httpretty/*
Copyright: 2020 Henrique Vicente
License: Expat
Files: vendor/github.com/huandu/xstrings/*
Copyright: 2015 Huan Du
License: Expat
Files: vendor/github.com/iancoleman/strcase/*
Copyright: 2015 Ian Coleman
2018 Ma_124 <github.com/Ma124>
License: Expat
Files: vendor/github.com/invopop/jsonschema/*
Copyright: 2014 Alec Thomas
License: Expat
Files: vendor/github.com/jbenet/go-context/*
Copyright: 2014 Juan Batiz-Benet
License: Expat
Files: vendor/github.com/jedib0t/go-pretty/*
Copyright: 2018 jedib0t
License: Expat
Files: vendor/github.com/jinzhu/copier/*
Copyright: 2015 Jinzhu
License: Expat
Files: vendor/github.com/json-iterator/go/*
Copyright: 2016 json-iterator
License: Expat
Files: vendor/github.com/kevinburke/ssh_config/*
Copyright: 2017 Kevin Burke
2013-2017 Thomas Pelletier, Eric Anderton
License: Expat
Files: vendor/github.com/klauspost/pgzip/*
Copyright: 2014 Klaus Post
License: Expat
Files: vendor/github.com/lucasb-eyer/go-colorful/*
Copyright: 2013 Lucas Beyer
License: Expat
Files: vendor/github.com/mailru/easyjson/*
Copyright: 2016 Mail.Ru Group
License: Expat
Files: vendor/github.com/mattn/go-colorable/*
vendor/github.com/mattn/go-isatty/*
vendor/github.com/mattn/go-localereader/*
vendor/github.com/mattn/go-runewidth/*
Copyright: 2016-2022 Yasuhiro Matsumoto
License: Expat
Files: vendor/github.com/mgutz/ansi/*
Copyright: 2013 Mario L. Gutierrez
License: Expat
Files: vendor/github.com/mholt/archives/*
Copyright: 2016 Matthew Holt
License: Expat
Files: vendor/github.com/mitchellh/copystructure/*
vendor/github.com/mitchellh/go-homedir/*
vendor/github.com/mitchellh/go-wordwrap/*
vendor/github.com/mitchellh/reflectwalk/*
Copyright: 2013-2014 Mitchell Hashimoto
License: Expat
Files: vendor/github.com/muesli/ansi/*
vendor/github.com/muesli/cancelreader/*
vendor/github.com/muesli/termenv/*
Copyright: 2019-2022 Christian Muehlhaeuser
License: Expat
Files: vendor/github.com/ncruces/go-strftime/*
Copyright: 2022 Nuno Cruces
License: Expat
Files: vendor/github.com/olekukonko/cat/*
vendor/github.com/olekukonko/errors/*
vendor/github.com/olekukonko/ll/*
vendor/github.com/olekukonko/tablewriter/*
Copyright: 2014-2025 Oleku Konko
License: Expat
Files: vendor/github.com/pelletier/go-toml/*
Copyright: 2013-2021 Thomas Pelletier, Eric Anderton
2021-2023 Thomas Pelletier
License: Expat
Files: vendor/github.com/rivo/uniseg/*
Copyright: 2019 Oliver Kuederle
License: Expat
Files: vendor/github.com/rust-secure-code/go-rustaudit/*
Copyright: Microsoft Corporation
License: Expat
Files: vendor/github.com/sahilm/fuzzy/*
Copyright: 2017 Sahil Muthoo
License: Expat
Files: vendor/github.com/saintfish/chardet/*
Copyright: 2012 chardet Authors
License: Expat
Files: vendor/github.com/sagikazarmark/locafero/*
Copyright: 2023 Mark Sagi-Kazar
License: Expat
Files: vendor/github.com/sanity-io/litter/*
Copyright: 2016-2017 Sanity.io
License: Expat
Files: vendor/github.com/sergi/go-diff/*
Copyright: 2012-2016 the go-diff Authors. All rights reserved.
License: Expat
Files: vendor/github.com/shopspring/decimal/*
Copyright: 2015 Spring, Inc.
2013 Oguz Bilgic
License: Expat
Files: vendor/github.com/sirupsen/logrus/*
Copyright: 2014 Simon Eskildsen
License: Expat
Files: vendor/github.com/smallnest/ringbuffer/*
Copyright: 2019 smallnest
License: Expat
Files: vendor/github.com/sourcegraph/conc/*
Copyright: 2023 Sourcegraph
License: Expat
Files: vendor/github.com/spdx/gordf/*
Copyright: 2020 SPDX
License: Expat
Files: vendor/github.com/spf13/cast/*
Copyright: 2014 Steve Francia
License: Expat
Files: vendor/github.com/spf13/viper/*
Copyright: 2014 Steve Francia <spf@spf13.com>
License: Expat
Files: vendor/github.com/stretchr/objx/*
Copyright: 2014 Stretchr, Inc.
2017-2018 objx contributors
License: Expat
Files: vendor/github.com/stretchr/testify/*
Copyright: 2012-2020 Mat Ryer, Tyler Bunnell and contributors.
License: Expat
Files: vendor/github.com/subosito/gotenv/*
Copyright: 2013 Alif Rachmawadi
License: Expat
Files: vendor/github.com/tidwall/gjson/*
vendor/github.com/tidwall/match/*
vendor/github.com/tidwall/pretty/*
vendor/github.com/tidwall/sjson/*
Copyright: 2016-2017 Josh Baker
License: Expat
Files: vendor/github.com/vifraa/gopom/*
Copyright: 2020 Viktor Franzen
License: Expat
Files: vendor/github.com/wagoodman/go-partybus/*
vendor/github.com/wagoodman/go-progress/*
Copyright: 2020 Alex Goodman
License: Expat
Files: vendor/github.com/xo/terminfo/*
Copyright: 2016 Anmol Sethi
License: Expat
Files: vendor/github.com/zclconf/go-cty/*
Copyright: 2017-2018 Martin Atkins
License: Expat
Files: vendor/github.com/zyedidia/generic/*
Copyright: 2021 Zachary Yedidia
License: Expat
Files: vendor/go.uber.org/atomic/*
Copyright: 2016 Uber Technologies, Inc.
License: Expat
Files: vendor/go.uber.org/goleak/*
vendor/go.uber.org/multierr/*
Copyright: 2017-2021 Uber Technologies, Inc.
License: Expat
Files: vendor/github.com/dsnet/compress/*
Copyright: 2015 Joe Tsai and The Go Authors. All rights reserved.
License: BSD-2-clause
Files: vendor/github.com/emirpasic/gods/*
Copyright: 2015 Emir Pasic
2017 Benjamin Scher Purcell <benjapurcell@gmail.com>
License: BSD-2-clause
Files: vendor/github.com/magiconair/properties/*
Copyright: 2013-2020 Frank Schroeder
License: BSD-2-clause
Files: vendor/github.com/nwaples/rardecode/*
Copyright: 2015 Nicholas Waples
License: BSD-2-clause
Files: vendor/github.com/pkg/errors/*
Copyright: 2015 Dave Cheney <dave@cheney.net>
License: BSD-2-clause
Files: vendor/github.com/pkg/profile/*
Copyright: 2013 Dave Cheney. All rights reserved.
License: BSD-2-clause
Files: vendor/github.com/pkg/xattr/*
Copyright: 2012 Dave Cheney. All rights reserved.
2014 Kuba Podgorski. All rights reserved.
License: BSD-2-clause
Files: vendor/gopkg.in/warnings.v0/*
Copyright: 2016 Peter Suranyi.
License: BSD-2-clause
Files: vendor/github.com/anchore/go-version/*
Copyright: Anchore, Inc.
License: MPL-2.0
Files: vendor/github.com/cyphar/filepath-securejoin/*
Copyright: 2014-2015 Docker Inc & Go Authors. All rights reserved.
2017-2024 SUSE LLC. All rights reserved.
License: BSD-3-clause and MPL-2.0
Files: vendor/github.com/hashicorp/aws-sdk-go-base/*
Copyright: 2019 HashiCorp, Inc.
License: MPL-2.0
Files: vendor/github.com/hashicorp/errwrap/*
vendor/github.com/hashicorp/go-cleanhttp/*
vendor/github.com/hashicorp/go-multierror/*
Copyright: HashiCorp, Inc.
License: MPL-2.0
Files: vendor/github.com/hashicorp/go-getter/*
Copyright: 2015, 2025 IBM Corp.
License: MPL-2.0
Files: vendor/github.com/hashicorp/go-version/*
Copyright: 2014, 2025 IBM Corp.
License: MPL-2.0
Files: vendor/github.com/hashicorp/golang-lru/*
vendor/github.com/hashicorp/hcl/*
Copyright: 2014 HashiCorp, Inc.
License: MPL-2.0
Files: vendor/github.com/davecgh/go-spew/*
Copyright: 2012-2016 Dave Collins <dave@davec.name>
License: ISC
Files: vendor/github.com/go-restruct/restruct/*
Copyright: 2015 John Chadwick <johnwchadwick@gmail.com>
License: ISC
Files: vendor/github.com/spdx/tools-golang/*
Copyright: The SPDX Authors
License: Apache-2.0 or GPL-2.0-or-later
Files: vendor/go.yaml.in/yaml/v3/*
vendor/gopkg.in/yaml.v3/*
Copyright: 2006-2011 Kirill Simonov
2011-2019 Canonical Ltd
License: Expat and Apache-2.0
Files: vendor/github.com/mikelolasagasti/xz/*
Copyright: 2015-2017 Michael Cross <https://github.com/xi2>
License: 0BSD
Files: vendor/github.com/sorairolake/lzip-go/*
Copyright: 2024 Shun Sakai
License: Apache-2.0 or Expat
Files: vendor/github.com/therootcompany/xz/*
Copyright: CC0 dedication; no copyright holder
License: CC0-1.0
Files: vendor/github.com/xi2/xz/*
Copyright: Michael Cross, Lasse Collin, Igor Pavlov
License: public-domain
License: Apache-2.0
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
https://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian systems, the complete text of the Apache License, Version 2.0
can be found in "/usr/share/common-licenses/Apache-2.0".
License: Expat
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
.
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
License: BSD-3-clause
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
.
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
.
3. Neither the name of the copyright holder nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
License: BSD-2-clause
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
.
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
License: MPL-2.0
On Debian systems, the complete text of the Mozilla Public License,
version 2.0 can be found in "/usr/share/common-licenses/MPL-2.0".
License: ISC
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
License: GPL-2.0-or-later
On Debian systems, the complete text of the GNU General Public License,
version 2 can be found in "/usr/share/common-licenses/GPL-2".
License: 0BSD
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted.
.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
License: CC0-1.0
The person who associated a work with this deed has dedicated the work to
the public domain by waiving all of his or her rights to the work worldwide
under copyright law, including all related and neighboring rights, to the
extent allowed by law.
.
You can copy, modify, distribute and perform the work, even for commercial
purposes, all without asking permission.
.
On Debian systems, the complete text of the CC0 1.0 Universal license can
be found in "/usr/share/common-licenses/CC0-1.0".
License: public-domain
All the files in this package have been put into the public domain.
You can do whatever you want with these files.
This software is provided "as is", without any warranty.
Review Information
rejected — allocated to siretart 9 days ago, started 9 days ago, completed 8 days ago.
Final Comment
I have reviewed the syft source package and it is currently not suitable for inclusion in the Debian archive.
Critical Issues:
- Excessive Vendoring and Maintainability: This package currently ships over 340MB of vendored sources, accounting for approximately 88% of the entire source tree. This level of vendoring is a serious concern for maintainability, security tracking, and causes unnecessary bookkeeping and reviewing overhead. This is a partial review; a full rescan will be required only after the vendor tree has been significantly reduced by utilizing existing Debian libraries where possible.
- Incomplete DFSG Repack: The
.orig.tar.gzcontains non-free license text in test fixtures (e.g., NVIDIA/CUDA license). Patching these out is insufficient; they must be removed from the upstream tarball using a proper+dsrepack (e.g.,Files-Excludedindebian/copyright). - Missing Author Attributions: A scan identified 64 missing author attributions. Apache, MIT, and BSD licenses require the full reproduction of the copyright notice. Missing authors include:
WebGPU native developers,Mihai Bazon,Sam Lantinga,David Schultz,Emscripten authors,Alibaba Cloud,Oracle America, Inc, and many others found ininternal/andtestdata/.
- Inaccurate Copyright Declarations:
syft/pkg/cataloger/golang/internal/xcoff/*: Misattributed to Anchore/Apache-2.0 instead of Go Authors/BSD-3-clause.vendor/github.com/ProtonMail/go-crypto: Incomplete entry; missingProton AGandProtonTech AG.- Missing entries:
vendor/github.com/kr/pretty,vendor/github.com/kr/text, andvendor/cyphar.com/go-pathrs.
Given the complexity and the scale of the Go dependencies, it is essential that you reach out to the Debian Go Team (pkg-go-maintainers@lists.alioth.debian.org). This package should ideally be maintained within the Go team to ensure it aligns with team standards for unvendoring and dependency management.
Please perform a proper DFSG-clean repack, significantly reduce the vendored code, and ensure all required copyrights are fully reproduced before resubmitting.
-rt
Other Reviews of this Package
| Version | Hash | Allocated | Completed | Reviewer | Status | Details |
|---|---|---|---|---|---|---|
| 1.42.3+ds-1 | 3b5b6d1f… | 2026-04-06 11:21 | 2026-04-06 23:33 | siretart | rejected | VIEW |
Public Notes
9 days ago
● public
Missed Author Check
Command: dnq author-check -prepare
Exit code: 0
Author check: scanned 2567 files.
NOT IN debian/copyright (64):
"WebGPU native" developers
internal/licenses/testdata/multi-license:393
(c) Mihai Bazon <mihai.bazon@gmail.com>
internal/licenses/testdata/multi-license:359
- Laszlo Boszormenyi (GCS) <gcs@debian.org>
syft/pkg/cataloger/debian/testdata/image-distroless-deb/usr/share/doc/libsqlite3-0/copyright:12
Alibaba Cloud
syft/pkg/cataloger/golang/testdata/licenses-vendor/github.com/someorg/somename/LICENSE:189
syft/pkg/cataloger/golang/testdata/licenses-vendor/github.com/someorg/strangelicense/LiCeNsE.tXt:189
syft/pkg/cataloger/golang/testdata/licenses/pkg/mod/github.com/someorg/somename@v0.3.2/LICENSE:189
syft/pkg/cataloger/golang/testdata/licenses/pkg/mod/github.com/someorg/strangelicense@v1.2.3/LiCeNsE.tXt:189
Andrew Dudman
syft/pkg/cataloger/debian/testdata/copyright/liblzma5:133
Andrey Petrov
syft/pkg/cataloger/debian/testdata/copyright/python:944
Automatrix, Inc
syft/pkg/cataloger/debian/testdata/copyright/python:479
Autonomous Zones Industries, Inc., all rights
syft/pkg/cataloger/debian/testdata/copyright/python:466
Benjamin Peterson
syft/pkg/cataloger/debian/testdata/copyright/python:861
Bioreason, Inc
syft/pkg/cataloger/debian/testdata/copyright/python:476
Carnegie Mellon University
syft/pkg/cataloger/debian/testdata/copyright/libc6:157
Daniel Mealha Cabrita
syft/pkg/cataloger/debian/testdata/copyright/liblzma5:140
David Schultz <das@FreeBSD.ORG>
internal/licenses/testdata/multi-license:423
Digital Equipment Corporation
syft/pkg/cataloger/debian/testdata/copyright/libc6:86
Dimitri van Heesch
syft/pkg/cataloger/debian/testdata/copyright/liblzma5:160
Donald Stufft
syft/pkg/cataloger/debian/testdata/copyright/python:931
Emscripten authors, see AUTHORS file
internal/licenses/testdata/multi-license:19
internal/licenses/testdata/multi-license:41
Eric Larson
syft/pkg/cataloger/debian/testdata/copyright/python:865
syft/pkg/cataloger/debian/testdata/copyright/python:867
Eric Young
syft/pkg/cataloger/debian/testdata/copyright/libc6:284
Expat maintainers
syft/pkg/cataloger/debian/testdata/copyright/python:673
Fredrik Lundh
syft/pkg/cataloger/debian/testdata/copyright/python:532
syft/pkg/cataloger/debian/testdata/copyright/python:702
Giorgos Verigakis <verigak@gmail.com>
syft/pkg/cataloger/debian/testdata/copyright/python:936
Gruppo traduzione italiano di Ubuntu-it
syft/pkg/cataloger/debian/testdata/copyright/liblzma5:207
Henry Spencer
syft/pkg/cataloger/debian/testdata/copyright/libc6:388
Intel Corporation
syft/pkg/cataloger/debian/testdata/copyright/libc6:213
Internet Software Consortium
syft/pkg/cataloger/debian/testdata/copyright/libc6:106
Jean-loup Gailly
syft/pkg/cataloger/debian/testdata/copyright/liblzma5:123
syft/pkg/cataloger/debian/testdata/copyright/python:616
John Doe
syft/pkg/cataloger/debian/testdata/copyright/trilicense:2
Jonathan Nieder
syft/pkg/cataloger/debian/testdata/copyright/liblzma5:288
Kenneth Reitz
syft/pkg/cataloger/debian/testdata/copyright/python:940
Lance Ellinghouse
syft/pkg/cataloger/debian/testdata/copyright/python:499
Makoto Matsumoto and Takuji Nishimura
syft/pkg/cataloger/debian/testdata/copyright/python:321
Marc Alexamder Lehmann
syft/pkg/cataloger/debian/testdata/copyright/libaudit-common:11
syft/pkg/cataloger/debian/testdata/glob-paths/usr/share/doc/libpam-runtime/copyright:11
syft/pkg/cataloger/debian/testdata/image-dpkg/usr/share/doc/libpam-runtime/copyright:11
Marek Černocký
syft/pkg/cataloger/debian/testdata/copyright/liblzma5:200
Mark Pilgrim
syft/pkg/cataloger/debian/testdata/copyright/python:956
Mojam Media, Inc
syft/pkg/cataloger/debian/testdata/copyright/python:473
Oracle America, Inc
syft/pkg/cataloger/debian/testdata/copyright/libc6:124
Pallets
syft/pkg/cataloger/python/testdata/site-packages/license/with-license-file-declared.dist-info/LICENSE.txt:1
syft/pkg/cataloger/python/testdata/site-packages/license/without-license-file-declared.dist-info/LICENSE.txt:1
syft/pkg/cataloger/python/testdata/site-packages/nested/dist-name/dist-info/LICENSE.txt:1
Peter Astrand <astrand@lysator.liu.se>
syft/pkg/cataloger/debian/testdata/copyright/python:704
Philipp Matthias Hahn <pmhahn@debian.org>
syft/pkg/cataloger/debian/testdata/copyright/libaudit-common:24
syft/pkg/cataloger/debian/testdata/glob-paths/usr/share/doc/libpam-runtime/copyright:24
syft/pkg/cataloger/debian/testdata/image-dpkg/usr/share/doc/libpam-runtime/copyright:24
Plataformatec
syft/pkg/cataloger/binary/testdata/classifiers/snippets/elixir/1.19.1/linux-amd64/elixir:5
Python Software Foundation
syft/pkg/cataloger/debian/testdata/copyright/python:834
syft/pkg/cataloger/debian/testdata/copyright/python:952
Raymond Hettinger
syft/pkg/cataloger/debian/testdata/copyright/python:948
Red Hat, Inc
syft/pkg/cataloger/debian/testdata/copyright/libc6:317
syft/pkg/cataloger/debian/testdata/copyright/python:642
Regents of the University of California
syft/pkg/cataloger/debian/testdata/copyright/libc6:53
Sam Lantinga <slouken@libsdl.org>
internal/licenses/testdata/multi-license:306
Secret Labs AB
syft/pkg/cataloger/debian/testdata/copyright/python:531
syft/pkg/cataloger/debian/testdata/copyright/python:703
Simon Josefsson
syft/pkg/cataloger/debian/testdata/copyright/libc6:294
Some Place, Inc
syft/pkg/cataloger/internal/licenses/testdata/LICENSE:1
Someone Cool <someone@cool.net.com.exe>
syft/pkg/cataloger/golang/testdata/licenses-vendor/github.com/!cap!o!r!g/!cap!project/LICENSE.txt:3
syft/pkg/cataloger/golang/testdata/licenses/pkg/mod/github.com/!cap!o!r!g/!cap!project@v4.111.5/LICENSE.txt:3
Stephen L. Moshier <moshier@na-net.ornl.gov>
syft/pkg/cataloger/debian/testdata/copyright/libc6:470
Steve Grubb <sgrubb@redhat.com>
syft/pkg/cataloger/debian/testdata/copyright/libaudit-common:15
syft/pkg/cataloger/debian/testdata/copyright/libaudit-common:6
syft/pkg/cataloger/debian/testdata/glob-paths/usr/share/doc/libpam-runtime/copyright:15
syft/pkg/cataloger/debian/testdata/glob-paths/usr/share/doc/libpam-runtime/copyright:6
syft/pkg/cataloger/debian/testdata/image-dpkg/usr/share/doc/libpam-runtime/copyright:15
... and 1 more file
Steven G. Johnson <stevenj@alum.mit.edu>
syft/pkg/cataloger/debian/testdata/copyright/liblzma5:156
Stichting Mathematisch Centrum
syft/pkg/cataloger/debian/testdata/copyright/python:284
syft/pkg/cataloger/debian/testdata/copyright/python:482
Sun Microsystems, Inc
syft/pkg/cataloger/debian/testdata/copyright/libc6:452
Thai Open Source Software Center Ltd
syft/pkg/cataloger/debian/testdata/copyright/python:671
Tim Peters
syft/pkg/cataloger/debian/testdata/copyright/python:694
Timothy O'Malley <timo@alum.mit.edu>
syft/pkg/cataloger/debian/testdata/copyright/python:438
Toby Dickenson
syft/pkg/cataloger/debian/testdata/copyright/python:724
Tom Lord
syft/pkg/cataloger/debian/testdata/copyright/libc6:366
Tom Tromey
syft/pkg/cataloger/debian/testdata/copyright/libc6:316
University of Cambridge
syft/pkg/cataloger/debian/testdata/copyright/libc6:411
Vinay Sajip
syft/pkg/cataloger/debian/testdata/copyright/python:889
syft/pkg/cataloger/debian/testdata/copyright/python:932
WIDE Project
syft/pkg/cataloger/debian/testdata/copyright/libc6:337
Result: ATTENTION REQUIRED — 64 authors not in debian/copyright