mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-07 16:11:29 +00:00
shankar0123
8c0c8aa69d
Phase 0 closure (Path B2, post-rewrite, post-LICENSE-flip):
NOTICE — top-level file at repo root, certctl LLC copyright + BSL
1.1 reference + pointer at LICENSE and THIRD_PARTY_NOTICES.md.
Industry-standard format.
THIRD_PARTY_NOTICES.md — full inventory of binary-link dependencies:
- 60 Go modules from `go list -deps ./...` (excluding stdlib +
the certctl module itself). License distribution: 28 Apache-2.0,
15 BSD-2/3-Clause, 14 MIT, 2 MPL-2.0, 1 ISC.
- 48 npm production transitive deps from walking the
`web/package.json` dependencies graph (excludes devDependencies
— Vitest, Playwright, Vite, etc. don't ship in the bundle).
License distribution: 35 MIT, 11 ISC, 1 BSD-3-Clause, 1
MIT-AND-ISC.
Test-fixture-only deps (Cisco libest + f5-mock-icontrol) noted at
the end of THIRD_PARTY_NOTICES.md but excluded from the main table
because they don't ship in any distributed release artifact (libest
is a Docker sidecar invoked only by the est-e2e profile;
f5-mock-icontrol rebuilds from source per Phase 1 RED-1 closure).
Generation method documented inline so the file can be regenerated
deterministically when deps change. No tool dependency vendored —
the underlying `go list` + filesystem walk approach works against
any GOMODCACHE + node_modules state.
Closes: cowork/certctl-architecture-diligence-audit.html#fix-RED-3
162 lines
7.6 KiB
Markdown
162 lines
7.6 KiB
Markdown
# Third-Party Notices
|
|
|
|
certctl is distributed under the Business Source License 1.1
|
|
(see [LICENSE](LICENSE)). The binaries built from this source link
|
|
third-party Go and JavaScript libraries listed below; certctl LLC
|
|
acknowledges each library's authors and reproduces their copyright
|
|
and license terms here in compliance with each library's license.
|
|
|
|
Full license text for each library lives in that library's upstream
|
|
repository. The license type is provided per-row; for the canonical
|
|
notice, refer to the upstream source.
|
|
|
|
- **Last reviewed:** 2026-05-13
|
|
- **Holder:** certctl LLC
|
|
- **License:** BSL 1.1 (Apache 2.0 effective March 14, 2076)
|
|
|
|
## Go Modules (binary-link dependencies)
|
|
|
|
Generated by walking `go list -deps ./...` against the certctl
|
|
server, agent, CLI, and MCP-server build paths. Excludes the Go
|
|
standard library and the certctl-io/certctl module itself.
|
|
|
|
**Count:** see commit; generate via `go list -deps -f '{{if .Module}}{{.Module.Path}} {{.Module.Version}}{{end}}' ./...`
|
|
|
|
| Module | Version | License |
|
|
|---|---|---|
|
|
| `github.com/Azure/azure-sdk-for-go/sdk/azcore` | v1.20.0 | MIT |
|
|
| `github.com/Azure/azure-sdk-for-go/sdk/azidentity` | v1.13.1 | MIT |
|
|
| `github.com/Azure/azure-sdk-for-go/sdk/internal` | v1.11.2 | MIT |
|
|
| `github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates` | v1.4.0 | MIT |
|
|
| `github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal` | v1.2.0 | MIT |
|
|
| `github.com/Azure/go-ntlmssp` | v0.1.1 | MIT |
|
|
| `github.com/AzureAD/microsoft-authentication-library-for-go` | v1.6.0 | MIT |
|
|
| `github.com/ChrisTrenkamp/goxpath` | v0.0.0-20210404020558-97928f7e12b6 | MIT |
|
|
| `github.com/aws/aws-sdk-go-v2` | v1.41.7 | Apache-2.0 |
|
|
| `github.com/aws/aws-sdk-go-v2/config` | v1.32.17 | Apache-2.0 |
|
|
| `github.com/aws/aws-sdk-go-v2/credentials` | v1.19.16 | Apache-2.0 |
|
|
| `github.com/aws/aws-sdk-go-v2/feature/ec2/imds` | v1.18.23 | Apache-2.0 |
|
|
| `github.com/aws/aws-sdk-go-v2/internal/configsources` | v1.4.23 | Apache-2.0 |
|
|
| `github.com/aws/aws-sdk-go-v2/internal/endpoints/v2` | v2.7.23 | Apache-2.0 |
|
|
| `github.com/aws/aws-sdk-go-v2/internal/v4a` | v1.4.24 | Apache-2.0 |
|
|
| `github.com/aws/aws-sdk-go-v2/service/acm` | v1.38.3 | Apache-2.0 |
|
|
| `github.com/aws/aws-sdk-go-v2/service/acmpca` | v1.46.14 | Apache-2.0 |
|
|
| `github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding` | v1.13.9 | Apache-2.0 |
|
|
| `github.com/aws/aws-sdk-go-v2/service/internal/presigned-url` | v1.13.23 | Apache-2.0 |
|
|
| `github.com/aws/aws-sdk-go-v2/service/signin` | v1.0.11 | Apache-2.0 |
|
|
| `github.com/aws/aws-sdk-go-v2/service/sso` | v1.30.17 | Apache-2.0 |
|
|
| `github.com/aws/aws-sdk-go-v2/service/ssooidc` | v1.35.21 | Apache-2.0 |
|
|
| `github.com/aws/aws-sdk-go-v2/service/sts` | v1.42.1 | Apache-2.0 |
|
|
| `github.com/aws/smithy-go` | v1.25.1 | Apache-2.0 |
|
|
| `github.com/bodgit/ntlmssp` | v0.0.0-20240506230425-31973bb52d9b | BSD-2/3-Clause |
|
|
| `github.com/bodgit/windows` | v1.0.1 | BSD-2/3-Clause |
|
|
| `github.com/coreos/go-oidc/v3` | v3.18.0 | Apache-2.0 |
|
|
| `github.com/go-jose/go-jose/v4` | v4.1.4 | Apache-2.0 |
|
|
| `github.com/go-logr/logr` | v1.4.3 | Apache-2.0 |
|
|
| `github.com/gofrs/uuid` | v4.4.0+incompatible | MIT |
|
|
| `github.com/golang-jwt/jwt/v5` | v5.3.0 | MIT |
|
|
| `github.com/google/jsonschema-go` | v0.4.2 | MIT |
|
|
| `github.com/google/uuid` | v1.6.0 | BSD-2/3-Clause |
|
|
| `github.com/hashicorp/go-cleanhttp` | v0.5.2 | MPL-2.0 |
|
|
| `github.com/hashicorp/go-uuid` | v1.0.3 | MPL-2.0 |
|
|
| `github.com/jcmturner/aescts/v2` | v2.0.0 | Apache-2.0 |
|
|
| `github.com/jcmturner/dnsutils/v2` | v2.0.0 | Apache-2.0 |
|
|
| `github.com/jcmturner/gofork` | v1.7.6 | BSD-2/3-Clause |
|
|
| `github.com/jcmturner/goidentity/v6` | v6.0.1 | Apache-2.0 |
|
|
| `github.com/jcmturner/gokrb5/v8` | v8.4.4 | Apache-2.0 |
|
|
| `github.com/jcmturner/rpc/v2` | v2.0.3 | Apache-2.0 |
|
|
| `github.com/kr/fs` | v0.1.0 | BSD-2/3-Clause |
|
|
| `github.com/kylelemons/godebug` | v1.1.0 | Apache-2.0 |
|
|
| `github.com/lib/pq` | v1.10.9 | MIT |
|
|
| `github.com/masterzen/simplexml` | v0.0.0-20190410153822-31eea3082786 | Apache-2.0 |
|
|
| `github.com/masterzen/winrm` | v0.0.0-20250927112105-5f8e6c707321 | Apache-2.0 |
|
|
| `github.com/modelcontextprotocol/go-sdk` | v1.4.1 | Apache-2.0 |
|
|
| `github.com/pkg/browser` | v0.0.0-20240102092130-5ac0b6a4141c | BSD-2/3-Clause |
|
|
| `github.com/pkg/sftp` | v1.13.10 | BSD-2/3-Clause |
|
|
| `github.com/segmentio/asm` | v1.1.3 | MIT |
|
|
| `github.com/segmentio/encoding` | v0.5.4 | MIT |
|
|
| `github.com/tidwall/transform` | v0.0.0-20201103190739-32f242e2dbde | ISC |
|
|
| `github.com/yosida95/uritemplate/v3` | v3.0.2 | BSD-2/3-Clause |
|
|
| `golang.org/x/crypto` | v0.50.0 | BSD-2/3-Clause |
|
|
| `golang.org/x/net` | v0.53.0 | BSD-2/3-Clause |
|
|
| `golang.org/x/oauth2` | v0.36.0 | BSD-2/3-Clause |
|
|
| `golang.org/x/sync` | v0.20.0 | BSD-2/3-Clause |
|
|
| `golang.org/x/sys` | v0.43.0 | BSD-2/3-Clause |
|
|
| `golang.org/x/text` | v0.36.0 | BSD-2/3-Clause |
|
|
| `software.sslmate.com/src/go-pkcs12` | v0.7.0 | BSD-2/3-Clause |
|
|
|
|
## JavaScript Packages (production transitive closure)
|
|
|
|
Generated by walking the `dependencies` graph from `web/package.json`
|
|
through `node_modules/`. Excludes devDependencies (Vitest, Playwright,
|
|
Vite, etc.) since they don't ship in the distributed frontend bundle.
|
|
|
|
| Package | Version | License |
|
|
|---|---|---|
|
|
| `@reduxjs/toolkit` | 2.11.2 | MIT |
|
|
| `@remix-run/router` | 1.23.2 | MIT |
|
|
| `@standard-schema/spec` | 1.1.0 | MIT |
|
|
| `@standard-schema/utils` | 0.3.0 | MIT |
|
|
| `@tanstack/query-core` | 5.90.20 | MIT |
|
|
| `@tanstack/react-query` | 5.90.21 | MIT |
|
|
| `@types/d3-array` | 3.2.2 | MIT |
|
|
| `@types/d3-color` | 3.1.3 | MIT |
|
|
| `@types/d3-ease` | 3.0.2 | MIT |
|
|
| `@types/d3-interpolate` | 3.0.4 | MIT |
|
|
| `@types/d3-path` | 3.1.1 | MIT |
|
|
| `@types/d3-scale` | 4.0.9 | MIT |
|
|
| `@types/d3-shape` | 3.1.8 | MIT |
|
|
| `@types/d3-time` | 3.0.4 | MIT |
|
|
| `@types/d3-timer` | 3.0.2 | MIT |
|
|
| `@types/use-sync-external-store` | 0.0.6 | MIT |
|
|
| `clsx` | 2.1.1 | MIT |
|
|
| `d3-array` | 3.2.4 | ISC |
|
|
| `d3-color` | 3.1.0 | ISC |
|
|
| `d3-ease` | 3.0.1 | BSD-3-Clause |
|
|
| `d3-format` | 3.1.2 | ISC |
|
|
| `d3-interpolate` | 3.0.1 | ISC |
|
|
| `d3-path` | 3.1.0 | ISC |
|
|
| `d3-scale` | 4.0.2 | ISC |
|
|
| `d3-shape` | 3.2.0 | ISC |
|
|
| `d3-time` | 3.1.0 | ISC |
|
|
| `d3-time-format` | 4.1.0 | ISC |
|
|
| `d3-timer` | 3.0.1 | ISC |
|
|
| `decimal.js-light` | 2.5.1 | MIT |
|
|
| `es-toolkit` | 1.45.1 | MIT |
|
|
| `eventemitter3` | 5.0.4 | MIT |
|
|
| `immer` | 10.2.0 | MIT |
|
|
| `internmap` | 2.0.3 | ISC |
|
|
| `js-tokens` | 4.0.0 | MIT |
|
|
| `loose-envify` | 1.4.0 | MIT |
|
|
| `react` | 18.3.1 | MIT |
|
|
| `react-dom` | 18.3.1 | MIT |
|
|
| `react-redux` | 9.2.0 | MIT |
|
|
| `react-router` | 6.30.3 | MIT |
|
|
| `react-router-dom` | 6.30.3 | MIT |
|
|
| `recharts` | 3.8.0 | MIT |
|
|
| `redux` | 5.0.1 | MIT |
|
|
| `redux-thunk` | 3.1.0 | MIT |
|
|
| `reselect` | 5.1.1 | MIT |
|
|
| `scheduler` | 0.23.2 | MIT |
|
|
| `tiny-invariant` | 1.3.3 | MIT |
|
|
| `use-sync-external-store` | 1.6.0 | MIT |
|
|
| `victory-vendor` | 37.3.6 | MIT AND ISC |
|
|
|
|
## Test-fixture-only dependencies
|
|
|
|
**Cisco libest.** The certctl integration test suite exercises the EST
|
|
(RFC 7030) endpoints against Cisco's libest reference client. libest
|
|
runs as a sidecar container (`certctl-test-libest`) only when the
|
|
`est-e2e` Docker Compose profile is active — it is **not** vendored
|
|
into the certctl source tree and **not** linked into any distributed
|
|
release artifact (server, agent, CLI, MCP-server, container images,
|
|
or release tarballs). For libest's own license terms, see
|
|
<https://github.com/cisco/libest>.
|
|
|
|
**f5-mock-icontrol.** The F5 deployment-target integration test
|
|
ships a small Go program at `deploy/test/f5-mock-icontrol/main.go`
|
|
under the same BSL 1.1 license as the rest of certctl. The compiled
|
|
ELF was removed from the tracked tree in Phase 1 closure (commit
|
|
eda3b48, 2026-05-13); it now rebuilds via the Dockerfile's
|
|
multi-stage build on demand.
|