gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 11:11:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
certctl/THIRD_PARTY_NOTICES.md
T
shankar0123 8c0c8aa69d legal: ship NOTICE + THIRD_PARTY_NOTICES.md (Phase 0 RED-3) 
Phase 0 closure (Path B2, post-rewrite, post-LICENSE-flip):

NOTICE — top-level file at repo root, certctl LLC copyright + BSL
1.1 reference + pointer at LICENSE and THIRD_PARTY_NOTICES.md.
Industry-standard format.

THIRD_PARTY_NOTICES.md — full inventory of binary-link dependencies:
  - 60 Go modules from `go list -deps ./...` (excluding stdlib +
    the certctl module itself). License distribution: 28 Apache-2.0,
    15 BSD-2/3-Clause, 14 MIT, 2 MPL-2.0, 1 ISC.
  - 48 npm production transitive deps from walking the
    `web/package.json` dependencies graph (excludes devDependencies
    — Vitest, Playwright, Vite, etc. don't ship in the bundle).
    License distribution: 35 MIT, 11 ISC, 1 BSD-3-Clause, 1
    MIT-AND-ISC.

Test-fixture-only deps (Cisco libest + f5-mock-icontrol) noted at
the end of THIRD_PARTY_NOTICES.md but excluded from the main table
because they don't ship in any distributed release artifact (libest
is a Docker sidecar invoked only by the est-e2e profile;
f5-mock-icontrol rebuilds from source per Phase 1 RED-1 closure).

Generation method documented inline so the file can be regenerated
deterministically when deps change. No tool dependency vendored —
the underlying `go list` + filesystem walk approach works against
any GOMODCACHE + node_modules state.

Closes: cowork/certctl-architecture-diligence-audit.html#fix-RED-3
2026-05-13 21:20:27 +00:00

7.6 KiB
Raw Permalink Blame History

Third-Party Notices

certctl is distributed under the Business Source License 1.1 (see LICENSE). The binaries built from this source link third-party Go and JavaScript libraries listed below; certctl LLC acknowledges each library's authors and reproduces their copyright and license terms here in compliance with each library's license.

Full license text for each library lives in that library's upstream repository. The license type is provided per-row; for the canonical notice, refer to the upstream source.

  • Last reviewed: 2026-05-13
  • Holder: certctl LLC
  • License: BSL 1.1 (Apache 2.0 effective March 14, 2076)

Go Modules (binary-link dependencies)

Generated by walking go list -deps ./... against the certctl server, agent, CLI, and MCP-server build paths. Excludes the Go standard library and the certctl-io/certctl module itself.

Count: see commit; generate via go list -deps -f '{{if .Module}}{{.Module.Path}} {{.Module.Version}}{{end}}' ./...

Module Version License
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0 MIT
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 MIT
github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 MIT
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates v1.4.0 MIT
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.2.0 MIT
github.com/Azure/go-ntlmssp v0.1.1 MIT
github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 MIT
github.com/ChrisTrenkamp/goxpath v0.0.0-20210404020558-97928f7e12b6 MIT
github.com/aws/aws-sdk-go-v2 v1.41.7 Apache-2.0
github.com/aws/aws-sdk-go-v2/config v1.32.17 Apache-2.0
github.com/aws/aws-sdk-go-v2/credentials v1.19.16 Apache-2.0
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.23 Apache-2.0
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.23 Apache-2.0
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.23 Apache-2.0
github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.24 Apache-2.0
github.com/aws/aws-sdk-go-v2/service/acm v1.38.3 Apache-2.0
github.com/aws/aws-sdk-go-v2/service/acmpca v1.46.14 Apache-2.0
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.9 Apache-2.0
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.23 Apache-2.0
github.com/aws/aws-sdk-go-v2/service/signin v1.0.11 Apache-2.0
github.com/aws/aws-sdk-go-v2/service/sso v1.30.17 Apache-2.0
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.21 Apache-2.0
github.com/aws/aws-sdk-go-v2/service/sts v1.42.1 Apache-2.0
github.com/aws/smithy-go v1.25.1 Apache-2.0
github.com/bodgit/ntlmssp v0.0.0-20240506230425-31973bb52d9b BSD-2/3-Clause
github.com/bodgit/windows v1.0.1 BSD-2/3-Clause
github.com/coreos/go-oidc/v3 v3.18.0 Apache-2.0
github.com/go-jose/go-jose/v4 v4.1.4 Apache-2.0
github.com/go-logr/logr v1.4.3 Apache-2.0
github.com/gofrs/uuid v4.4.0+incompatible MIT
github.com/golang-jwt/jwt/v5 v5.3.0 MIT
github.com/google/jsonschema-go v0.4.2 MIT
github.com/google/uuid v1.6.0 BSD-2/3-Clause
github.com/hashicorp/go-cleanhttp v0.5.2 MPL-2.0
github.com/hashicorp/go-uuid v1.0.3 MPL-2.0
github.com/jcmturner/aescts/v2 v2.0.0 Apache-2.0
github.com/jcmturner/dnsutils/v2 v2.0.0 Apache-2.0
github.com/jcmturner/gofork v1.7.6 BSD-2/3-Clause
github.com/jcmturner/goidentity/v6 v6.0.1 Apache-2.0
github.com/jcmturner/gokrb5/v8 v8.4.4 Apache-2.0
github.com/jcmturner/rpc/v2 v2.0.3 Apache-2.0
github.com/kr/fs v0.1.0 BSD-2/3-Clause
github.com/kylelemons/godebug v1.1.0 Apache-2.0
github.com/lib/pq v1.10.9 MIT
github.com/masterzen/simplexml v0.0.0-20190410153822-31eea3082786 Apache-2.0
github.com/masterzen/winrm v0.0.0-20250927112105-5f8e6c707321 Apache-2.0
github.com/modelcontextprotocol/go-sdk v1.4.1 Apache-2.0
github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c BSD-2/3-Clause
github.com/pkg/sftp v1.13.10 BSD-2/3-Clause
github.com/segmentio/asm v1.1.3 MIT
github.com/segmentio/encoding v0.5.4 MIT
github.com/tidwall/transform v0.0.0-20201103190739-32f242e2dbde ISC
github.com/yosida95/uritemplate/v3 v3.0.2 BSD-2/3-Clause
golang.org/x/crypto v0.50.0 BSD-2/3-Clause
golang.org/x/net v0.53.0 BSD-2/3-Clause
golang.org/x/oauth2 v0.36.0 BSD-2/3-Clause
golang.org/x/sync v0.20.0 BSD-2/3-Clause
golang.org/x/sys v0.43.0 BSD-2/3-Clause
golang.org/x/text v0.36.0 BSD-2/3-Clause
software.sslmate.com/src/go-pkcs12 v0.7.0 BSD-2/3-Clause

JavaScript Packages (production transitive closure)

Generated by walking the dependencies graph from web/package.json through node_modules/. Excludes devDependencies (Vitest, Playwright, Vite, etc.) since they don't ship in the distributed frontend bundle.

Package Version License
@reduxjs/toolkit 2.11.2 MIT
@remix-run/router 1.23.2 MIT
@standard-schema/spec 1.1.0 MIT
@standard-schema/utils 0.3.0 MIT
@tanstack/query-core 5.90.20 MIT
@tanstack/react-query 5.90.21 MIT
@types/d3-array 3.2.2 MIT
@types/d3-color 3.1.3 MIT
@types/d3-ease 3.0.2 MIT
@types/d3-interpolate 3.0.4 MIT
@types/d3-path 3.1.1 MIT
@types/d3-scale 4.0.9 MIT
@types/d3-shape 3.1.8 MIT
@types/d3-time 3.0.4 MIT
@types/d3-timer 3.0.2 MIT
@types/use-sync-external-store 0.0.6 MIT
clsx 2.1.1 MIT
d3-array 3.2.4 ISC
d3-color 3.1.0 ISC
d3-ease 3.0.1 BSD-3-Clause
d3-format 3.1.2 ISC
d3-interpolate 3.0.1 ISC
d3-path 3.1.0 ISC
d3-scale 4.0.2 ISC
d3-shape 3.2.0 ISC
d3-time 3.1.0 ISC
d3-time-format 4.1.0 ISC
d3-timer 3.0.1 ISC
decimal.js-light 2.5.1 MIT
es-toolkit 1.45.1 MIT
eventemitter3 5.0.4 MIT
immer 10.2.0 MIT
internmap 2.0.3 ISC
js-tokens 4.0.0 MIT
loose-envify 1.4.0 MIT
react 18.3.1 MIT
react-dom 18.3.1 MIT
react-redux 9.2.0 MIT
react-router 6.30.3 MIT
react-router-dom 6.30.3 MIT
recharts 3.8.0 MIT
redux 5.0.1 MIT
redux-thunk 3.1.0 MIT
reselect 5.1.1 MIT
scheduler 0.23.2 MIT
tiny-invariant 1.3.3 MIT
use-sync-external-store 1.6.0 MIT
victory-vendor 37.3.6 MIT AND ISC

Test-fixture-only dependencies

Cisco libest. The certctl integration test suite exercises the EST (RFC 7030) endpoints against Cisco's libest reference client. libest runs as a sidecar container (certctl-test-libest) only when the est-e2e Docker Compose profile is active — it is not vendored into the certctl source tree and not linked into any distributed release artifact (server, agent, CLI, MCP-server, container images, or release tarballs). For libest's own license terms, see https://github.com/cisco/libest.

f5-mock-icontrol. The F5 deployment-target integration test ships a small Go program at deploy/test/f5-mock-icontrol/main.go under the same BSL 1.1 license as the rest of certctl. The compiled ELF was removed from the tracked tree in Phase 1 closure (commit eda3b48, 2026-05-13); it now rebuilds via the Dockerfile's multi-stage build on demand.

Reference in New Issue View Git Blame Copy Permalink