Software Bill of Materials (SBOM)
This page presents the Software Bill of Materials (SBOM) for Karafka and its runtime dependencies. An SBOM is a comprehensive inventory that details the components, libraries, and software packages utilized in a software product. It plays a crucial role in understanding the software's composition, enhancing transparency, and bolstering security by identifying potential vulnerabilities.
This page exists because of our commitment to security, compliance, and transparency. It serves as a resource for users and developers to understand the external dependencies that Karafka relies on during operation.
Runtime Dependencies in the Karafka SBOM
This SBOM explicitly contains only the Karafka ecosystem's runtime dependencies. This document does not include development and test dependencies, which are crucial during the build and testing phases but are not required for the software's operation.
Version-Specific SBOM Details
This SBOM reflects the components used in the most recent versions of all ecosystem components within Karafka. It is important to note that older versions may have different dependencies.
License Variability in OSS Dependencies
Please be aware that the license status of the dependencies within the Karafka ecosystem may change over time due to the dynamic nature of open-source software (OSS) and dependency management. While we strive to keep this SBOM as accurate and up-to-date as possible, it represents a best-effort snapshot. For those seeking to construct a comprehensive and current SBOM for their projects, incorporating all dependencies accurately, we recommend utilizing tools such as Mend.io. Mend.io can help automate the creation of a detailed SBOM, ensuring it reflects the complete state of your target software, including any license changes in its dependencies.
karafka + subcomponents
| Software | Version | License | Copyrights |
|---|---|---|---|
| karafka | 2.0+ (without Pro enhancements) | LGPL-3.0-only | Maciej Mensfeld |
| karafka pro | 2.0+ (Pro enhancements) | Commercial | Maciej Mensfeld |
| karafka-core | 2.0+ | MIT | Maciej Mensfeld |
| waterdrop | All | MIT | Maciej Mensfeld |
| zeitwerk | All | MIT | Xavier Noria |
| karafka-web | All (without Pro enhancements) | LGPL-3.0-only | Maciej Mensfeld |
| karafka-web pro | All (Pro enhancements) | Commercial | Maciej Mensfeld |
| e-ruby | All | MIT | Jeremy Evans |
| roda | All | MIT | Jeremy Evans |
| tilt | All | MIT | Jeremy Evans |
| fugit | All | MIT | John Mettraux |
| et-orbi | All | MIT | John Mettraux |
| raabro | All | MIT | John Mettraux |
| tailwindcss | 3.4.7 | MIT | Tailwind Labs, Inc. |
| heroicons | N/A | MIT | Tailwind Labs, Inc. |
| daisyUI | 4.12.10 | MIT | Pouya Saadeghi |
| turbo | 3.4.7 | MIT | 37signals LLC |
| air datepicker | 3.4.0 | MIT | Timofey Marochkin |
| highlight.js + embedded themes | 11.7.0 | BSD-3-Clause | Ivan Sagalaev |
| chart.js | 4.1.1 | MIT | Chart.js Contributors |
| color | 0.3.0 | MIT | Jukka Kurkela |
| timeago.js | 4.0.2 | MIT | Hust.cc |
rdkafka-ruby + subcomponents
| Software | Version | License | Copyrights |
|---|---|---|---|
| rdkafka / rdkafka-ruby | All | MIT | Maciej Mensfeld + project contributors |
| ffi | All | BSD-3-Clause | Ruby FFI project contributors |
| mini_portile2 | All | MIT | Luis Lavena and Mike Dalessio |
| rake | All | MIT | Jim Weirich |
librdkafka + subcomponents
| Software | Version | License | Copyrights |
|---|---|---|---|
| librdkafka | 2.4.0 | BSD-2-Clause | Confluent Inc. |
| cJSON | 1.7.14 | MIT | Dave Gamble and cJSON contributors |
| crc32c | 1.1 | Zlib | Mark Adler |
| rdfnv1a | N/A | Public Domain | Landon Curt Noll |
| rdhdrhistogram | N/A | MIT | Coda Hale |
| murmur2 | N/A | Public Domain | Austin Appleby |
| pycrc / rdcrc32 | 0.7.10 | MIT | Thomas Pircher |
| queue | 8.5 | BSD | The Regents of the University of California |
| regexp | N/A | Public Domain | Tor Andersson |
| snappy | 1.1.0 | BSD-3-Clause | Intel Corporation |
| tinycthread | 1.2 | Zlib | Evan Nemerson |
| wingetopt | N/A | ISC | The NetBSD Foundation |