jake


Namejake JSON
Version 3.0.11 PyPI version JSON
download
home_pagehttps://github.com/sonatype-nexus-community/jake
SummaryAn OSS Index integration to check for vulnerabilities in your Python environments
upload_time2023-12-08 23:31:53
maintainerSonatype Community
docs_urlNone
authorSonatype Community
requires_python>=3.7,<4.0
licenseApache-2.0
keywords bom sbom sca owasp
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            <!--

    Copyright 2019-Present Sonatype Inc.

    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
    You may obtain a copy of the License at

        http://www.apache.org/licenses/LICENSE-2.0

    Unless required by applicable law or agreed to in writing, software
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.

-->

<p align="center">
    <img src="https://raw.githubusercontent.com/sonatype-nexus-community/jake/main/docs/images/jake.png" width="350" alt="jake icon"/>
</p>

# Jake

[![CircleCI](https://circleci.com/gh/sonatype-nexus-community/jake/tree/main.svg?style=svg)](https://circleci.com/gh/sonatype-nexus-community/jake/tree/main)
![Python Version Support](https://img.shields.io/badge/python-3.7+-blue)
[![PyPI Version](https://img.shields.io/pypi/v/jake?label=PyPI&logo=pypi)](https://pypi.org/project/jake)
[![GitHub license](https://img.shields.io/github/license/sonatype-nexus-community/jake)](https://github.com/sonatype-nexus-community/jake/blob/main/LICENSE)
[![GitHub issues](https://img.shields.io/github/issues/sonatype-nexus-community/jake)](https://github.com/sonatype-nexus-community/jake/issues)
[![GitHub forks](https://img.shields.io/github/forks/sonatype-nexus-community/jake)](https://github.com/sonatype-nexus-community/jake/network)
[![GitHub stars](https://img.shields.io/github/stars/sonatype-nexus-community/jake)](https://github.com/sonatype-nexus-community/jake/stargazers)

----

`jake` is a tool to check for your Python environments and applications that can:
- produce CycloneDX software bill-of-materials
- report on known vulnerabilities

`jake` is powered by [Sonatype OSS Index](https://ossindex.sonatype.org) and can also be used with 
[Sonatype's Nexus IQ Server](https://www.sonatype.com/product-nexus-lifecycle).

## Installation

Install from pypi.org as you would any other Python module:

```
pip install jake
```

or 

```
poetry add jake
```

_Other Python package managers are available._

## Usage

### Getting Started

`jake` can guide you...

```
> jake --help
usage: jake [-h] [-v] [-w] [-X]  ...

Put your Python dependencies in a chokehold

optional arguments:
  -h, --help       show this help message and exit
  -v, --version    show which version of jake you are running
  -w, --warn-only  prevents exit with non-zero code when issues have been
                   detected
  -X               enable debug output

Jake sub-commands:
  
    iq             perform a scan backed by Nexus Lifecycle
    ddt            perform a scan backed by OSS Index
    sbom           generate a CycloneDX software-bill-of-materials (no
                   vulnerabilities)
```

`jake` will exit with code `0` under normal operation and `1` if vulnerabilities are found (OssIndex) or Policy 
Violations are detected (Nexus IQ), unless you pass the `-w` flag in which case `jake` will always exit with code `0`....

### Generating an SBOM

`jake` can take data from various inputs (or just look at your current Python environment) and produce a CycloneDX for 
you.

```
> jake sbom --help

usage: jake sbom [-h] [-f FILE_PATH] [-t TYPE] [-o PATH/TO/FILE]
                   [--output-format {json,xml}]
                   [--schema-version {1.0,1.1,1.2,1.3}]

optional arguments:
  -h, --help            show this help message and exit
  -f FILE_PATH, --input FILE_PATH
                        Where to get input data from. If a path to a file is
                        not specified directly here,then we will attempt to
                        read data from STDIN. If there is no data on STDIN, we
                        will then fall back to looking for standard files in
                        the current directory that relate to the type of input
                        indicated by the -t flag.
  -t TYPE, --type TYPE, -it TYPE, --input-type TYPE
                        how jake should find the packages from which to
                        generate your SBOM.ENV = Read from the current Python
                        Environment; CONDA = Read output from `conda list
                        --explicit`; CONDA_JSON = Read output from `conda list
                        --json`; PIP = read from a requirements.txt; PIPENV =
                        read from Pipfile.lock; POETRY = read from a
                        poetry.lock. (Default = ENV)
  -o PATH/TO/FILE, --output-file PATH/TO/FILE
                        Specify a file to output the SBOM to
  --output-format {json,xml}
                        SBOM output format (default = xml)
  --schema-version {1.0,1.1,1.2,1.3}
                        CycloneDX schema version to use (default = 1.3)
```

Check out these examples using STDIN:
```
conda list --explicit --md5 | jake sbom -t CONDA
conda list --json | jake sbom -t CONDA_JSON
cat /path/to/Pipfile.lock | python -m jake.app sbom -t PIPENV
```

Check out these examples specifying a manifest:
```
jake sbom -t PIP -f /path/to/requirements.txt
jake sbom -t PIPENV -f /path/to/Pipfile.lock
```

### Check for vulnerabilities using OSS Index

`jake` will look at the packaged installed in your current Python environment and check these against OSS Index for you.
Optionally, it can create a CycloneDX software bill-of-materials at the same time in a format that suits you.

```
> jake ddt --help

usage: jake ddt [-h] [-f FILE_PATH] [-t TYPE] [--clear-cache] [-o PATH/TO/FILE] 
                   [--output-format {xml,json}]
                   [--schema-version {1.2,1.1,1.0,1.3}]
                   [--whitelist OSS_WHITELIST_JSON_FILE]

optional arguments:
  -h, --help            show this help message and exit
  -f FILE_PATH, --input-file FILE_PATH
                        Where to get input data from. If a path to a file is
                        not specified directly here,then we will attempt to
                        read data from STDIN. If there is no data on STDIN, we
                        will then fall back to looking for standard files in
                        the current directory that relate to the type of input
                        indicated by the -t flag.
  -t TYPE, --type TYPE, -it TYPE, --input-type TYPE
                        how jake should find the packages from which to
                        generate your SBOM.ENV = Read from the current Python
                        Environment; CONDA = Read output from `conda list
                        --explicit`; CONDA_JSON = Read output from `conda list
                        --json`; PIP = read from a requirements.txt; PIPENV =
                        read from Pipfile.lock; POETRY = read from a
                        poetry.lock. (Default = ENV)
  --clear-cache         Clears any local cached OSS Index data prior to execution
  -o PATH/TO/FILE, --output-file PATH/TO/FILE
                        Specify a file to output the SBOM to. If not specified the report will be output to the console. STDOUT is not supported.
  --output-format {xml,json}
                        SBOM output format (default = xml)
  --schema-version {1.2,1.1,1.0,1.3}
                        CycloneDX schema version to use (default = 1.3)
  --whitelist OSS_WHITELIST_JSON_FILE
                        Set path to whitelist json file
```

So you can quickly get a report by running:

```
> jake ddt

                   ___           ___           ___     
       ___        /  /\         /  /\         /  /\    
      /__/\      /  /::\       /  /:/        /  /::\   
      \__\:\    /  /:/\:\     /  /:/        /  /:/\:\  
  ___ /  /::\  /  /::\ \:\   /  /::\____   /  /::\ \:\ 
 /__/\  /:/\/ /__/:/\:\_\:\ /__/:/\:::::\ /__/:/\:\ \:\
 \  \:\/:/~~  \__\/  \:\/:/ \__\/~|:|~~~~ \  \:\ \:\_\/
  \  \::/          \__\::/     |  |:|      \  \:\ \:\  
   \__\/           /  /:/      |  |:|       \  \:\_\/  
                  /__/:/       |__|:|        \  \:\    
                  \__\/         \__\|         \__\/    

                                                  
            /)                     /)             
        _/_(/    _     _  __   _  (/_   _         
 o   o  (__/ )__(/_   /_)_/ (_(_(_/(___(/_ o   o  
                                                  
                                                  

Jake Version: 1.1.0
Put your Python dependencies in a chokehold.

๐Ÿ Collected 42 packages from your environment (0:00:00.10)
๐Ÿ Successfully queried OSS Index for package and vulnerability info (0:00:00.59)
๐Ÿ Sane number of results from OSS Index


โ•”Summaryโ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•ฆโ•โ•โ•โ•โ•—
โ•‘ Audited Dependencies โ•‘ 42 โ•‘
โ• โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•ฌโ•โ•โ•โ•โ•ฃ
โ•‘ Vulnerablities Found โ•‘ 0  โ•‘
โ•šโ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•ฉโ•โ•โ•โ•โ•
```

...and this is what `jake` will output if any bad things are found:
```
                   ___           ___           ___     
       ___        /  /\         /  /\         /  /\    
      /__/\      /  /::\       /  /:/        /  /::\   
      \__\:\    /  /:/\:\     /  /:/        /  /:/\:\  
  ___ /  /::\  /  /::\ \:\   /  /::\____   /  /::\ \:\ 
 /__/\  /:/\/ /__/:/\:\_\:\ /__/:/\:::::\ /__/:/\:\ \:\
 \  \:\/:/~~  \__\/  \:\/:/ \__\/~|:|~~~~ \  \:\ \:\_\/
  \  \::/          \__\::/     |  |:|      \  \:\ \:\  
   \__\/           /  /:/      |  |:|       \  \:\_\/  
                  /__/:/       |__|:|        \  \:\    
                  \__\/         \__\|         \__\/    

                                                  
            /)                     /)             
        _/_(/    _     _  __   _  (/_   _         
 o   o  (__/ )__(/_   /_)_/ (_(_(_/(___(/_ o   o  
                                                  
                                                  

Jake Version: 1.1.5
Put your Python dependencies in a chokehold

๐Ÿ Collected 69 packages from your environment                       โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ” 100% -:--:--
๐Ÿ Successfully queried OSS Index for package and vulnerability info โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ” 100% -:--:--
๐Ÿ Sane number of results from OSS Index                             โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ” 100% -:--:--

[59/69] - pkg:pypi/cryptography@2.2 [VULNERABLE]
Vulnerability Details for pkg:pypi/cryptography@2.2                                                                                                                                                                                                                                                                     
โ”œโ”€โ”€ โš   ID: 333aca51-7375-4a9d-be64-16d316ab9274                                                                                                                                                                                                                                                                         
โ”‚   โ””โ”€โ”€ โ•ญโ”€ CVE-2020-36242 โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฎ
โ”‚       โ”‚                                                                                                                                                                                                                                                                                                              โ”‚
โ”‚       โ”‚ In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.                                                                                โ”‚
โ”‚       โ”‚                                                                                                                                                                                                                                                                                                              โ”‚
โ”‚       โ”‚ Details:                                                                                                                                                                                                                                                                                                     โ”‚
โ”‚       โ”‚   - CVSS Score: 9.1 - Critical                                                                                                                                                                                                                                                                               โ”‚
โ”‚       โ”‚   - CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H                                                                                                                                                                                                                                                โ”‚
โ”‚       โ”‚   - CWE: Unknown                                                                                                                                                                                                                                                                                             โ”‚
โ”‚       โ”‚                                                                                                                                                                                                                                                                                                              โ”‚
โ”‚       โ”‚ References:                                                                                                                                                                                                                                                                                                  โ”‚
โ”‚       โ”‚   - https://ossindex.sonatype.org/vulnerability/333aca51-7375-4a9d-be64-16d316ab9274?component-type=pypi&component-name=cryptography&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration                                                                                                          โ”‚
โ”‚       โ”‚   - https://nvd.nist.gov/vuln/detail/CVE-2020-36242                                                                                                                                                                                                                                                          โ”‚
โ”‚       โ”‚                                                                                                                                                                                                                                                                                                              โ”‚
โ”‚       โ•ฐโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฏ
โ””โ”€โ”€ โš   ID: f19ff95c-cec5-4263-8d3b-e3e64698881e                                                                                                                                                                                                                                                                         
    โ””โ”€โ”€ โ•ญโ”€ CVE-2018-10903 โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฎ
        โ”‚                                                                                                                                                                                                                                                                                                              โ”‚
        โ”‚ A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1      โ”‚
        โ”‚ byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.                                                                                                                                                                                         โ”‚
        โ”‚                                                                                                                                                                                                                                                                                                              โ”‚
        โ”‚ Details:                                                                                                                                                                                                                                                                                                     โ”‚
        โ”‚   - CVSS Score: 7.5 - High                                                                                                                                                                                                                                                                                   โ”‚
        โ”‚   - CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N                                                                                                                                                                                                                                                โ”‚
        โ”‚   - CWE: Unknown                                                                                                                                                                                                                                                                                             โ”‚
        โ”‚                                                                                                                                                                                                                                                                                                              โ”‚
        โ”‚ References:                                                                                                                                                                                                                                                                                                  โ”‚
        โ”‚   - https://ossindex.sonatype.org/vulnerability/f19ff95c-cec5-4263-8d3b-e3e64698881e?component-type=pypi&component-name=cryptography&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration                                                                                                          โ”‚
        โ”‚   - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903                                                                                                                                                                                                                                               โ”‚
        โ”‚   - https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef                                                                                                                                                                                                          โ”‚
        โ”‚   - https://nvd.nist.gov/vuln/detail/CVE-2018-10903                                                                                                                                                                                                                                                          โ”‚
        โ”‚                                                                                                                                                                                                                                                                                                              โ”‚
        โ•ฐโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฏ

                    Summary                     
โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”ณโ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”“
โ”ƒ Audited Dependencies โ”ƒ Vulnerabilities Found โ”ƒ
โ”กโ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ•‡โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”ฉ
โ”‚ 69                   โ”‚ 2                     โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
```

Check out these examples using STDIN:
```
conda list --explicit --md5 | jake ddt -t CONDA
conda list --json | jake ddt -t CONDA_JSON
cat /path/to/Pipfile.lock | python -m jake.app ddt -t PIPENV
```

Check out these examples specifying a manifest:
```
jake ddt -t PIP -f /path/to/requirements.txt
jake ddt -t PIPENV -f /path/to/Pipfile.lock
```

A pre-commit hook is also available for use

```Yaml
  - repo: https://github.com/sonatype-nexus-community/jake
    rev: "v1.3.0"
    hooks:
      - id: scan
```

#### Whitelisting

Whitelisting of vulnerabilities can be done! To whitelist vulnerabilities add the `--whitelist` argument and pass a json file like this:

```
> jake ddt --whitelist jake-whitelist.json

```

The file should look like this:

```json
{"ignore": [{"id": "f19ff95c-cec5-4263-8d3b-e3e64698881e", "reason": "Insert reason here"}]}
```

The only field that actually matters is id and that is the ID you receive from OSS Index for a vulnerability.
You can add fields such as reason so that you later can understand why you whitelisted a vulnerability.

Any id that is whitelisted will be squelched from the results, and not cause a failure.

### Check for vulnerabilities using Sonatype Nexus Lifecycle

Access Sonatype's proprietary vulnerability data using `jake`:

```
> jake iq --help

usage: jake iq [-h] [-f FILE_PATH] [-t TYPE] -s https://localhost:8070 -i APP_ID -u USER_ID -p PASSWORD [-st STAGE]

optional arguments:
  -h, --help            show this help message and exit
  -f FILE_PATH, --input-file FILE_PATH
                        Where to get input data from. If a path to a file is
                        not specified directly here,then we will attempt to
                        read data from STDIN. If there is no data on STDIN, we
                        will then fall back to looking for standard files in
                        the current directory that relate to the type of input
                        indicated by the -t flag.
  -t TYPE, --type TYPE, -it TYPE, --input-type TYPE
                        how jake should find the packages from which to
                        generate your SBOM.ENV = Read from the current Python
                        Environment; CONDA = Read output from `conda list
                        --explicit`; CONDA_JSON = Read output from `conda list
                        --json`; PIP = read from a requirements.txt; PIPENV =
                        read from Pipfile.lock; POETRY = read from a
                        poetry.lock. (Default = ENV)
  -s https://localhost:8070, --server-url https://localhost:8070
                        Full http(s):// URL to your Nexus Lifecycle server
  -i APP_ID, --application-id APP_ID
                        Public Application ID in Nexus Lifecycle
  -u USER_ID, --username USER_ID
                        Username for authentication to Nexus Lifecycle
  -p PASSWORD, --password PASSWORD
                        Password for authentication to Nexus Lifecycle
  -st STAGE, --stage STAGE
                        The stage for the report
```

So passing parameters that suit your Nexus Lifecycle environment you can get a report:

```
> jake iq -s https://my-nexus-lifecyle -i APP_ID -u USERNAME -p PASSWORD

                   ___           ___           ___     
       ___        /  /\         /  /\         /  /\    
      /__/\      /  /::\       /  /:/        /  /::\   
      \__\:\    /  /:/\:\     /  /:/        /  /:/\:\  
  ___ /  /::\  /  /::\ \:\   /  /::\____   /  /::\ \:\ 
 /__/\  /:/\/ /__/:/\:\_\:\ /__/:/\:::::\ /__/:/\:\ \:\
 \  \:\/:/~~  \__\/  \:\/:/ \__\/~|:|~~~~ \  \:\ \:\_\/
  \  \::/          \__\::/     |  |:|      \  \:\ \:\  
   \__\/           /  /:/      |  |:|       \  \:\_\/  
                  /__/:/       |__|:|        \  \:\    
                  \__\/         \__\|         \__\/    

                                                  
            /)                     /)             
        _/_(/    _     _  __   _  (/_   _         
 o   o  (__/ )__(/_   /_)_/ (_(_(_/(___(/_ o   o  
                                                  
                                                  

Jake Version: 1.0.1
Put your Python dependencies in a chokehold

๐Ÿ IQ Server at https://my-nexus-lifecyle is up and accessible (0:00:00.14)
๐Ÿ Collected 42 packages from your environment (0:00:00.09)
๐Ÿงจ Something slithers around your ankle! There are policy warnings from Sonatype Nexus IQ. (0:00:11.50)

Your Sonatype Nexus IQ Lifecycle Report is available here:
  HTML: https://my-nexus-lifecyle/ui/links/application/APP_ID/report/4831bcb7fbaa45c3a2481048e446b598
  PDF:  https://my-nexus-lifecyle/ui/links/application/APP_ID/report/4831bcb7fbaa45c3a2481048e446b598/pdf
```

## Why Jake?

Jake The Snake was scared of Snakes. The finishing move was DDT. He finishes the Snake with DDT.

Who better to wrangle those slippery dependencies in any virtual or real environment.

## Python Support

We endeavour to support all functionality for all [current actively supported Python versions](https://www.python.org/downloads/).
However, some features may not be possible/present in older Python versions due to their lack of support.

## Changelog

See our [CHANGELOG](./CHANGELOG.md).

## Releasing

We perform releases manually by clicking the "On Hold" button in the CircleCI web page.

If you see a feature in the code that we have not released, please speak up, and we'll be sure to click the magic button.

We use [python-semantic-release](https://python-semantic-release.readthedocs.io/en/latest/) to generate releases
from commits to the `main` branch.

For example, to perform a "patch" release, add a commit to `main` with a comment like below. The `fix: ` prefix matters.

```
fix: Resolve vulnerability: CVE-2020-27783 in lxml
```

## The Fine Print

Remember:

It is worth noting that this is **NOT SUPPORTED** by Sonatype, and is a contribution of ours to the open source
community (read: you!)

* Use this contribution at the risk tolerance that you have
* Do NOT file Sonatype support tickets related to `ossindex-lib`
* DO file issues here on GitHub, so that the community can pitch in

Phew, that was easier than I thought. Last but not least of all - have fun!


            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/sonatype-nexus-community/jake",
    "name": "jake",
    "maintainer": "Sonatype Community",
    "docs_url": null,
    "requires_python": ">=3.7,<4.0",
    "maintainer_email": "community-group@sonatype.com",
    "keywords": "BOM,SBOM,SCA,OWASP",
    "author": "Sonatype Community",
    "author_email": "community-group@sonatype.com",
    "download_url": "https://files.pythonhosted.org/packages/2a/43/919a5f54adefac6c716f54245a6965466f5606de8b23935cf3b300987f33/jake-3.0.11.tar.gz",
    "platform": null,
    "description": "<!--\n\n    Copyright 2019-Present Sonatype Inc.\n\n    Licensed under the Apache License, Version 2.0 (the \"License\");\n    you may not use this file except in compliance with the License.\n    You may obtain a copy of the License at\n\n        http://www.apache.org/licenses/LICENSE-2.0\n\n    Unless required by applicable law or agreed to in writing, software\n    distributed under the License is distributed on an \"AS IS\" BASIS,\n    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n    See the License for the specific language governing permissions and\n    limitations under the License.\n\n-->\n\n<p align=\"center\">\n    <img src=\"https://raw.githubusercontent.com/sonatype-nexus-community/jake/main/docs/images/jake.png\" width=\"350\" alt=\"jake icon\"/>\n</p>\n\n# Jake\n\n[![CircleCI](https://circleci.com/gh/sonatype-nexus-community/jake/tree/main.svg?style=svg)](https://circleci.com/gh/sonatype-nexus-community/jake/tree/main)\n![Python Version Support](https://img.shields.io/badge/python-3.7+-blue)\n[![PyPI Version](https://img.shields.io/pypi/v/jake?label=PyPI&logo=pypi)](https://pypi.org/project/jake)\n[![GitHub license](https://img.shields.io/github/license/sonatype-nexus-community/jake)](https://github.com/sonatype-nexus-community/jake/blob/main/LICENSE)\n[![GitHub issues](https://img.shields.io/github/issues/sonatype-nexus-community/jake)](https://github.com/sonatype-nexus-community/jake/issues)\n[![GitHub forks](https://img.shields.io/github/forks/sonatype-nexus-community/jake)](https://github.com/sonatype-nexus-community/jake/network)\n[![GitHub stars](https://img.shields.io/github/stars/sonatype-nexus-community/jake)](https://github.com/sonatype-nexus-community/jake/stargazers)\n\n----\n\n`jake` is a tool to check for your Python environments and applications that can:\n- produce CycloneDX software bill-of-materials\n- report on known vulnerabilities\n\n`jake` is powered by [Sonatype OSS Index](https://ossindex.sonatype.org) and can also be used with \n[Sonatype's Nexus IQ Server](https://www.sonatype.com/product-nexus-lifecycle).\n\n## Installation\n\nInstall from pypi.org as you would any other Python module:\n\n```\npip install jake\n```\n\nor \n\n```\npoetry add jake\n```\n\n_Other Python package managers are available._\n\n## Usage\n\n### Getting Started\n\n`jake` can guide you...\n\n```\n> jake --help\nusage: jake [-h] [-v] [-w] [-X]  ...\n\nPut your Python dependencies in a chokehold\n\noptional arguments:\n  -h, --help       show this help message and exit\n  -v, --version    show which version of jake you are running\n  -w, --warn-only  prevents exit with non-zero code when issues have been\n                   detected\n  -X               enable debug output\n\nJake sub-commands:\n  \n    iq             perform a scan backed by Nexus Lifecycle\n    ddt            perform a scan backed by OSS Index\n    sbom           generate a CycloneDX software-bill-of-materials (no\n                   vulnerabilities)\n```\n\n`jake` will exit with code `0` under normal operation and `1` if vulnerabilities are found (OssIndex) or Policy \nViolations are detected (Nexus IQ), unless you pass the `-w` flag in which case `jake` will always exit with code `0`....\n\n### Generating an SBOM\n\n`jake` can take data from various inputs (or just look at your current Python environment) and produce a CycloneDX for \nyou.\n\n```\n> jake sbom --help\n\nusage: jake sbom [-h] [-f FILE_PATH] [-t TYPE] [-o PATH/TO/FILE]\n                   [--output-format {json,xml}]\n                   [--schema-version {1.0,1.1,1.2,1.3}]\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -f FILE_PATH, --input FILE_PATH\n                        Where to get input data from. If a path to a file is\n                        not specified directly here,then we will attempt to\n                        read data from STDIN. If there is no data on STDIN, we\n                        will then fall back to looking for standard files in\n                        the current directory that relate to the type of input\n                        indicated by the -t flag.\n  -t TYPE, --type TYPE, -it TYPE, --input-type TYPE\n                        how jake should find the packages from which to\n                        generate your SBOM.ENV = Read from the current Python\n                        Environment; CONDA = Read output from `conda list\n                        --explicit`; CONDA_JSON = Read output from `conda list\n                        --json`; PIP = read from a requirements.txt; PIPENV =\n                        read from Pipfile.lock; POETRY = read from a\n                        poetry.lock. (Default = ENV)\n  -o PATH/TO/FILE, --output-file PATH/TO/FILE\n                        Specify a file to output the SBOM to\n  --output-format {json,xml}\n                        SBOM output format (default = xml)\n  --schema-version {1.0,1.1,1.2,1.3}\n                        CycloneDX schema version to use (default = 1.3)\n```\n\nCheck out these examples using STDIN:\n```\nconda list --explicit --md5 | jake sbom -t CONDA\nconda list --json | jake sbom -t CONDA_JSON\ncat /path/to/Pipfile.lock | python -m jake.app sbom -t PIPENV\n```\n\nCheck out these examples specifying a manifest:\n```\njake sbom -t PIP -f /path/to/requirements.txt\njake sbom -t PIPENV -f /path/to/Pipfile.lock\n```\n\n### Check for vulnerabilities using OSS Index\n\n`jake` will look at the packaged installed in your current Python environment and check these against OSS Index for you.\nOptionally, it can create a CycloneDX software bill-of-materials at the same time in a format that suits you.\n\n```\n> jake ddt --help\n\nusage: jake ddt [-h] [-f FILE_PATH] [-t TYPE] [--clear-cache] [-o PATH/TO/FILE] \n                   [--output-format {xml,json}]\n                   [--schema-version {1.2,1.1,1.0,1.3}]\n                   [--whitelist OSS_WHITELIST_JSON_FILE]\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -f FILE_PATH, --input-file FILE_PATH\n                        Where to get input data from. If a path to a file is\n                        not specified directly here,then we will attempt to\n                        read data from STDIN. If there is no data on STDIN, we\n                        will then fall back to looking for standard files in\n                        the current directory that relate to the type of input\n                        indicated by the -t flag.\n  -t TYPE, --type TYPE, -it TYPE, --input-type TYPE\n                        how jake should find the packages from which to\n                        generate your SBOM.ENV = Read from the current Python\n                        Environment; CONDA = Read output from `conda list\n                        --explicit`; CONDA_JSON = Read output from `conda list\n                        --json`; PIP = read from a requirements.txt; PIPENV =\n                        read from Pipfile.lock; POETRY = read from a\n                        poetry.lock. (Default = ENV)\n  --clear-cache         Clears any local cached OSS Index data prior to execution\n  -o PATH/TO/FILE, --output-file PATH/TO/FILE\n                        Specify a file to output the SBOM to. If not specified the report will be output to the console. STDOUT is not supported.\n  --output-format {xml,json}\n                        SBOM output format (default = xml)\n  --schema-version {1.2,1.1,1.0,1.3}\n                        CycloneDX schema version to use (default = 1.3)\n  --whitelist OSS_WHITELIST_JSON_FILE\n                        Set path to whitelist json file\n```\n\nSo you can quickly get a report by running:\n\n```\n> jake ddt\n\n                   ___           ___           ___     \n       ___        /  /\\         /  /\\         /  /\\    \n      /__/\\      /  /::\\       /  /:/        /  /::\\   \n      \\__\\:\\    /  /:/\\:\\     /  /:/        /  /:/\\:\\  \n  ___ /  /::\\  /  /::\\ \\:\\   /  /::\\____   /  /::\\ \\:\\ \n /__/\\  /:/\\/ /__/:/\\:\\_\\:\\ /__/:/\\:::::\\ /__/:/\\:\\ \\:\\\n \\  \\:\\/:/~~  \\__\\/  \\:\\/:/ \\__\\/~|:|~~~~ \\  \\:\\ \\:\\_\\/\n  \\  \\::/          \\__\\::/     |  |:|      \\  \\:\\ \\:\\  \n   \\__\\/           /  /:/      |  |:|       \\  \\:\\_\\/  \n                  /__/:/       |__|:|        \\  \\:\\    \n                  \\__\\/         \\__\\|         \\__\\/    \n\n                                                  \n            /)                     /)             \n        _/_(/    _     _  __   _  (/_   _         \n o   o  (__/ )__(/_   /_)_/ (_(_(_/(___(/_ o   o  \n                                                  \n                                                  \n\nJake Version: 1.1.0\nPut your Python dependencies in a chokehold.\n\n\ud83d\udc0d Collected 42 packages from your environment (0:00:00.10)\n\ud83d\udc0d Successfully queried OSS Index for package and vulnerability info (0:00:00.59)\n\ud83d\udc0d Sane number of results from OSS Index\n\n\n\u2554Summary\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2566\u2550\u2550\u2550\u2550\u2557\n\u2551 Audited Dependencies \u2551 42 \u2551\n\u2560\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u256c\u2550\u2550\u2550\u2550\u2563\n\u2551 Vulnerablities Found \u2551 0  \u2551\n\u255a\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2569\u2550\u2550\u2550\u2550\u255d\n```\n\n...and this is what `jake` will output if any bad things are found:\n```\n                   ___           ___           ___     \n       ___        /  /\\         /  /\\         /  /\\    \n      /__/\\      /  /::\\       /  /:/        /  /::\\   \n      \\__\\:\\    /  /:/\\:\\     /  /:/        /  /:/\\:\\  \n  ___ /  /::\\  /  /::\\ \\:\\   /  /::\\____   /  /::\\ \\:\\ \n /__/\\  /:/\\/ /__/:/\\:\\_\\:\\ /__/:/\\:::::\\ /__/:/\\:\\ \\:\\\n \\  \\:\\/:/~~  \\__\\/  \\:\\/:/ \\__\\/~|:|~~~~ \\  \\:\\ \\:\\_\\/\n  \\  \\::/          \\__\\::/     |  |:|      \\  \\:\\ \\:\\  \n   \\__\\/           /  /:/      |  |:|       \\  \\:\\_\\/  \n                  /__/:/       |__|:|        \\  \\:\\    \n                  \\__\\/         \\__\\|         \\__\\/    \n\n                                                  \n            /)                     /)             \n        _/_(/    _     _  __   _  (/_   _         \n o   o  (__/ )__(/_   /_)_/ (_(_(_/(___(/_ o   o  \n                                                  \n                                                  \n\nJake Version: 1.1.5\nPut your Python dependencies in a chokehold\n\n\ud83d\udc0d Collected 69 packages from your environment                       \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501 100% -:--:--\n\ud83d\udc0d Successfully queried OSS Index for package and vulnerability info \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501 100% -:--:--\n\ud83d\udc0d Sane number of results from OSS Index                             \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501 100% -:--:--\n\n[59/69] - pkg:pypi/cryptography@2.2 [VULNERABLE]\nVulnerability Details for pkg:pypi/cryptography@2.2                                                                                                                                                                                                                                                                     \n\u251c\u2500\u2500 \u26a0  ID: 333aca51-7375-4a9d-be64-16d316ab9274                                                                                                                                                                                                                                                                         \n\u2502   \u2514\u2500\u2500 \u256d\u2500 CVE-2020-36242 \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256e\n\u2502       \u2502                                                                                                                                                                                                                                                                                                              \u2502\n\u2502       \u2502 In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.                                                                                \u2502\n\u2502       \u2502                                                                                                                                                                                                                                                                                                              \u2502\n\u2502       \u2502 Details:                                                                                                                                                                                                                                                                                                     \u2502\n\u2502       \u2502   - CVSS Score: 9.1 - Critical                                                                                                                                                                                                                                                                               \u2502\n\u2502       \u2502   - CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H                                                                                                                                                                                                                                                \u2502\n\u2502       \u2502   - CWE: Unknown                                                                                                                                                                                                                                                                                             \u2502\n\u2502       \u2502                                                                                                                                                                                                                                                                                                              \u2502\n\u2502       \u2502 References:                                                                                                                                                                                                                                                                                                  \u2502\n\u2502       \u2502   - https://ossindex.sonatype.org/vulnerability/333aca51-7375-4a9d-be64-16d316ab9274?component-type=pypi&component-name=cryptography&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration                                                                                                          \u2502\n\u2502       \u2502   - https://nvd.nist.gov/vuln/detail/CVE-2020-36242                                                                                                                                                                                                                                                          \u2502\n\u2502       \u2502                                                                                                                                                                                                                                                                                                              \u2502\n\u2502       \u2570\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256f\n\u2514\u2500\u2500 \u26a0  ID: f19ff95c-cec5-4263-8d3b-e3e64698881e                                                                                                                                                                                                                                                                         \n    \u2514\u2500\u2500 \u256d\u2500 CVE-2018-10903 \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256e\n        \u2502                                                                                                                                                                                                                                                                                                              \u2502\n        \u2502 A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1      \u2502\n        \u2502 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.                                                                                                                                                                                         \u2502\n        \u2502                                                                                                                                                                                                                                                                                                              \u2502\n        \u2502 Details:                                                                                                                                                                                                                                                                                                     \u2502\n        \u2502   - CVSS Score: 7.5 - High                                                                                                                                                                                                                                                                                   \u2502\n        \u2502   - CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N                                                                                                                                                                                                                                                \u2502\n        \u2502   - CWE: Unknown                                                                                                                                                                                                                                                                                             \u2502\n        \u2502                                                                                                                                                                                                                                                                                                              \u2502\n        \u2502 References:                                                                                                                                                                                                                                                                                                  \u2502\n        \u2502   - https://ossindex.sonatype.org/vulnerability/f19ff95c-cec5-4263-8d3b-e3e64698881e?component-type=pypi&component-name=cryptography&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration                                                                                                          \u2502\n        \u2502   - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903                                                                                                                                                                                                                                               \u2502\n        \u2502   - https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef                                                                                                                                                                                                          \u2502\n        \u2502   - https://nvd.nist.gov/vuln/detail/CVE-2018-10903                                                                                                                                                                                                                                                          \u2502\n        \u2502                                                                                                                                                                                                                                                                                                              \u2502\n        \u2570\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256f\n\n                    Summary                     \n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 Audited Dependencies \u2503 Vulnerabilities Found \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 69                   \u2502 2                     \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n```\n\nCheck out these examples using STDIN:\n```\nconda list --explicit --md5 | jake ddt -t CONDA\nconda list --json | jake ddt -t CONDA_JSON\ncat /path/to/Pipfile.lock | python -m jake.app ddt -t PIPENV\n```\n\nCheck out these examples specifying a manifest:\n```\njake ddt -t PIP -f /path/to/requirements.txt\njake ddt -t PIPENV -f /path/to/Pipfile.lock\n```\n\nA pre-commit hook is also available for use\n\n```Yaml\n  - repo: https://github.com/sonatype-nexus-community/jake\n    rev: \"v1.3.0\"\n    hooks:\n      - id: scan\n```\n\n#### Whitelisting\n\nWhitelisting of vulnerabilities can be done! To whitelist vulnerabilities add the `--whitelist` argument and pass a json file like this:\n\n```\n> jake ddt --whitelist jake-whitelist.json\n\n```\n\nThe file should look like this:\n\n```json\n{\"ignore\": [{\"id\": \"f19ff95c-cec5-4263-8d3b-e3e64698881e\", \"reason\": \"Insert reason here\"}]}\n```\n\nThe only field that actually matters is id and that is the ID you receive from OSS Index for a vulnerability.\nYou can add fields such as reason so that you later can understand why you whitelisted a vulnerability.\n\nAny id that is whitelisted will be squelched from the results, and not cause a failure.\n\n### Check for vulnerabilities using Sonatype Nexus Lifecycle\n\nAccess Sonatype's proprietary vulnerability data using `jake`:\n\n```\n> jake iq --help\n\nusage: jake iq [-h] [-f FILE_PATH] [-t TYPE] -s https://localhost:8070 -i APP_ID -u USER_ID -p PASSWORD [-st STAGE]\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -f FILE_PATH, --input-file FILE_PATH\n                        Where to get input data from. If a path to a file is\n                        not specified directly here,then we will attempt to\n                        read data from STDIN. If there is no data on STDIN, we\n                        will then fall back to looking for standard files in\n                        the current directory that relate to the type of input\n                        indicated by the -t flag.\n  -t TYPE, --type TYPE, -it TYPE, --input-type TYPE\n                        how jake should find the packages from which to\n                        generate your SBOM.ENV = Read from the current Python\n                        Environment; CONDA = Read output from `conda list\n                        --explicit`; CONDA_JSON = Read output from `conda list\n                        --json`; PIP = read from a requirements.txt; PIPENV =\n                        read from Pipfile.lock; POETRY = read from a\n                        poetry.lock. (Default = ENV)\n  -s https://localhost:8070, --server-url https://localhost:8070\n                        Full http(s):// URL to your Nexus Lifecycle server\n  -i APP_ID, --application-id APP_ID\n                        Public Application ID in Nexus Lifecycle\n  -u USER_ID, --username USER_ID\n                        Username for authentication to Nexus Lifecycle\n  -p PASSWORD, --password PASSWORD\n                        Password for authentication to Nexus Lifecycle\n  -st STAGE, --stage STAGE\n                        The stage for the report\n```\n\nSo passing parameters that suit your Nexus Lifecycle environment you can get a report:\n\n```\n> jake iq -s https://my-nexus-lifecyle -i APP_ID -u USERNAME -p PASSWORD\n\n                   ___           ___           ___     \n       ___        /  /\\         /  /\\         /  /\\    \n      /__/\\      /  /::\\       /  /:/        /  /::\\   \n      \\__\\:\\    /  /:/\\:\\     /  /:/        /  /:/\\:\\  \n  ___ /  /::\\  /  /::\\ \\:\\   /  /::\\____   /  /::\\ \\:\\ \n /__/\\  /:/\\/ /__/:/\\:\\_\\:\\ /__/:/\\:::::\\ /__/:/\\:\\ \\:\\\n \\  \\:\\/:/~~  \\__\\/  \\:\\/:/ \\__\\/~|:|~~~~ \\  \\:\\ \\:\\_\\/\n  \\  \\::/          \\__\\::/     |  |:|      \\  \\:\\ \\:\\  \n   \\__\\/           /  /:/      |  |:|       \\  \\:\\_\\/  \n                  /__/:/       |__|:|        \\  \\:\\    \n                  \\__\\/         \\__\\|         \\__\\/    \n\n                                                  \n            /)                     /)             \n        _/_(/    _     _  __   _  (/_   _         \n o   o  (__/ )__(/_   /_)_/ (_(_(_/(___(/_ o   o  \n                                                  \n                                                  \n\nJake Version: 1.0.1\nPut your Python dependencies in a chokehold\n\n\ud83d\udc0d IQ Server at https://my-nexus-lifecyle is up and accessible (0:00:00.14)\n\ud83d\udc0d Collected 42 packages from your environment (0:00:00.09)\n\ud83e\udde8 Something slithers around your ankle! There are policy warnings from Sonatype Nexus IQ. (0:00:11.50)\n\nYour Sonatype Nexus IQ Lifecycle Report is available here:\n  HTML: https://my-nexus-lifecyle/ui/links/application/APP_ID/report/4831bcb7fbaa45c3a2481048e446b598\n  PDF:  https://my-nexus-lifecyle/ui/links/application/APP_ID/report/4831bcb7fbaa45c3a2481048e446b598/pdf\n```\n\n## Why Jake?\n\nJake The Snake was scared of Snakes. The finishing move was DDT. He finishes the Snake with DDT.\n\nWho better to wrangle those slippery dependencies in any virtual or real environment.\n\n## Python Support\n\nWe endeavour to support all functionality for all [current actively supported Python versions](https://www.python.org/downloads/).\nHowever, some features may not be possible/present in older Python versions due to their lack of support.\n\n## Changelog\n\nSee our [CHANGELOG](./CHANGELOG.md).\n\n## Releasing\n\nWe perform releases manually by clicking the \"On Hold\" button in the CircleCI web page.\n\nIf you see a feature in the code that we have not released, please speak up, and we'll be sure to click the magic button.\n\nWe use [python-semantic-release](https://python-semantic-release.readthedocs.io/en/latest/) to generate releases\nfrom commits to the `main` branch.\n\nFor example, to perform a \"patch\" release, add a commit to `main` with a comment like below. The `fix: ` prefix matters.\n\n```\nfix: Resolve vulnerability: CVE-2020-27783 in lxml\n```\n\n## The Fine Print\n\nRemember:\n\nIt is worth noting that this is **NOT SUPPORTED** by Sonatype, and is a contribution of ours to the open source\ncommunity (read: you!)\n\n* Use this contribution at the risk tolerance that you have\n* Do NOT file Sonatype support tickets related to `ossindex-lib`\n* DO file issues here on GitHub, so that the community can pitch in\n\nPhew, that was easier than I thought. Last but not least of all - have fun!\n\n",
    "bugtrack_url": null,
    "license": "Apache-2.0",
    "summary": "An OSS Index integration to check for vulnerabilities in your Python environments",
    "version": "3.0.11",
    "project_urls": {
        "Bug Tracker": "https://github.com/sonatype-nexus-community/jake/issues",
        "Homepage": "https://github.com/sonatype-nexus-community/jake",
        "Repository": "https://github.com/sonatype-nexus-community/jake"
    },
    "split_keywords": [
        "bom",
        "sbom",
        "sca",
        "owasp"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "2ba36bd480f326b2603071c3d8c855d866bc3e4e319b3ae0b707859a98e511de",
                "md5": "30fce1c8f2d1f9eed84bbfc6e635f08d",
                "sha256": "ab830bbb33a47117eb4907cdf83e356948c7f081308c69864e13eed2c5f59351"
            },
            "downloads": -1,
            "filename": "jake-3.0.11-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "30fce1c8f2d1f9eed84bbfc6e635f08d",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.7,<4.0",
            "size": 30728,
            "upload_time": "2023-12-08T23:31:51",
            "upload_time_iso_8601": "2023-12-08T23:31:51.142702Z",
            "url": "https://files.pythonhosted.org/packages/2b/a3/6bd480f326b2603071c3d8c855d866bc3e4e319b3ae0b707859a98e511de/jake-3.0.11-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "2a43919a5f54adefac6c716f54245a6965466f5606de8b23935cf3b300987f33",
                "md5": "aa5b9fc31fea4f90c17783f5b08ddeab",
                "sha256": "9e52240ad595c0176c115aa4a9fa3d896f1931eade9796bf1dd2a86d34447288"
            },
            "downloads": -1,
            "filename": "jake-3.0.11.tar.gz",
            "has_sig": false,
            "md5_digest": "aa5b9fc31fea4f90c17783f5b08ddeab",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.7,<4.0",
            "size": 25005,
            "upload_time": "2023-12-08T23:31:53",
            "upload_time_iso_8601": "2023-12-08T23:31:53.977174Z",
            "url": "https://files.pythonhosted.org/packages/2a/43/919a5f54adefac6c716f54245a6965466f5606de8b23935cf3b300987f33/jake-3.0.11.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2023-12-08 23:31:53",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "sonatype-nexus-community",
    "github_project": "jake",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": false,
    "circle": true,
    "tox": true,
    "lcname": "jake"
}
        
Elapsed time: 0.18557s