Open Source Disclosure
Total Page:16
File Type:pdf, Size:1020Kb
Open source disclosure Last updated June 2020 When we talk about transparent managed security it includes being transparent about the open source software we use to deliver our service. After all, how we secure ourselves (including the security of our code and third-party code we integrate into our Workbench) is a key part of our customers’ security posture. System Open Source Software Name Description Type of Open Source License CentOS Operating System Various Fedora Project Extra Packages Additional applications for CentOS Various for Enterprise Linux (EPEL) Confluent Kafka Stream Processing Apache License Version 2.0 Zookeeper Service Discovery Apache License Version 2.0 Consul Service Discovery Mozilla Public License 2.0 Redis NoSQL DB Three Clause BSD Burrow Kafka monitoring Apache License Version 2.0 Timesketch Collaborative forensic timeline analysis Apache License Version 2.0 Vault Managing secrets Mozilla Public License 2.0 oauth2_proxy Authentication MIT Gravitational Teleport SSH proxy Apache License Version 2.0 Postgres Database PostgreSQL License Packer Image building Mozilla Public License 2.0 Terraform Infrastructure Management Mozilla Public License 2.0 OpenResty Web server Three Clause BSD, Two Clause BSD, MIT, OpenSSL ElasticSearch Document indexing and search Apache License Version 2.0 snoopy Command logging GNU General Public License v2.0 ship_it Python RPM building MIT 1 www.expel.io Python Open Source Software Name Description Type of Open Source License simplejson Simple, fast, extensible JSON encoder/decoder for Academic Free License, MIT Python aiohttp Async http client/server framework (asyncio) Apache License Version 2.0 ansible-tower-cli A CLI tool for Ansible Tower and AWX. Apache License Version 2.0 apache-libcloud A standard Python library that abstracts away Apache License Version 2.0 differences among multiple cloud provider APIs. For more information and documentation, please see https://libcloud.apache.org async-timeout Timeout context manager for asyncio programs Apache License Version 2.0 avro Avro is a serialization and RPC framework. Apache License Version 2.0 bandit Security oriented static analyser for python code. Apache License Version 2.0 boto3 The AWS SDK for Python Apache License Version 2.0 confluent-kafka Confluent’s Python client for Apache Kafka Apache License Version 2.0 coverage Code coverage measurement for Python Apache License Version 2.0 dulwich Python Git Library Apache License Version 2.0 elasticsearch Python client for Elasticsearch Apache License Version 2.0 elasticsearch-dsl Python client for Elasticsearch Apache License Version 2.0 google-api-python-client Google API Client Library for Python Apache License Version 2.0 google-auth Google Authentication Library Apache License Version 2.0 google-auth-oauthlib Google Authentication Library Apache License Version 2.0 google-cloud-monitoring Stackdriver Monitoring API client library Apache License Version 2.0 google-cloud-pubsub Google Cloud Pub/Sub API client library Apache License Version 2.0 google-cloud-storage Google Cloud Storage API client library Apache License Version 2.0 google-cloud-trace Stackdriver Trace API client library Apache License Version 2.0 grpcio HTTP/2-based RPC framework Apache License Version 2.0 grpcio-health-checking Standard Health Checking Service for gRPC Apache License Version 2.0 grpcio-opentracing Python OpenTracing Extensions for gRPC Apache License Version 2.0 grpcio-tools Protobuf code generator for gRPC Apache License Version 2.0 hvac HashiCorp Vault API client Apache License Version 2.0 2 www.expel.io Open Source Software Name Description Type of Open Source License launchdarkly-server-sdk LaunchDarkly SDK for Python Apache License Version 2.0 multidict multidict implementation Apache License Version 2.0 prometheus_client Python client for the Prometheus monitoring Apache License Version 2.0 system. pykafka Full-Featured Pure-Python Kafka Client Apache License Version 2.0 pymongo Python driver for MongoDB <http://www.mongodb. Apache License Version 2.0 org> pyOpenSSL Python wrapper module around the OpenSSL Apache License Version 2.0 library PyPika A SQL query builder API for Python Apache License Version 2.0 python-editor Programmatically open an editor, capture the Apache License Version 2.0 result. python-registry Read access to Windows Registry files. Apache License Version 2.0 ravello-sdk Python SDK for the Ravello API Apache License Version 2.0 regrippy A modern Python-3-based alternative to RegRipper Apache License Version 2.0 requests Python HTTP for Humans. Apache License Version 2.0 requests-toolbelt A utility belt for advanced users of python-requests Apache License Version 2.0 responses A utility library for mocking out the `requests` Apache License Version 2.0 Python library. retrying Retrying Apache License Version 2.0 slacker Slack API client Apache License Version 2.0 thrift Python bindings for the Apache Thrift RPC system Apache License Version 2.0 yarl Yet another URL library Apache License Version 2.0 streamlit Frontend library for machine learning engineers Apache License Version 2.0 cryptography cryptography is a package which provides Apache License Version 2.0, cryptographic recipes and primitives to Python BSD developers. python-dateutil Extensions to the standard Python datetime Apache License Version 2.0, module BSD pycryptodome Cryptographic library for Python Apache License Version 2.0, BSD, Public Domain structlog Structured Logging for Python Apache License Version 2.0, MIT 3 www.expel.io Open Source Software Name Description Type of Open Source License altair Altair: A declarative statistical visualization library BSD for Python. aniso8601 A library for parsing ISO 8601 strings. BSD cached-property A decorator for caching properties in classes. BSD capstone Capstone disassembly engine BSD celery Distributed Task Queue. BSD click Composable command line interface toolkit BSD colorama Cross-platform colored terminal text. BSD datadog The Datadog Python library BSD dateparser Date parsing library designed to parse dates from BSD HTML pages decorator Decorators for Humans BSD Django A high-level Python Web framework that BSD encourages rapid development and clean, pragmatic design. duo-client Reference client for Duo Security APIs BSD file-magic (official) libmagic Python bindings BSD Flask A simple framework for building complex web BSD applications. Flask-Bcrypt Brcrypt hashing for Flask. BSD Flask-RESTful Simple framework for creating REST APIs BSD Flask-Script Scripting support for Flask BSD Flask-SQLAlchemy Adds SQLAlchemy support to your Flask BSD application. Flask-WTF Simple integration of Flask and WTForms. BSD hiredis Python wrapper for hiredis BSD idna Internationalized Domain Names in Applications BSD (IDNA) invoke Pythonic task execution BSD iocextract Advanced Indicator of Compromise (IOC) extractor. BSD ipdb IPython-enabled pdb BSD ipython IPython: Productive Interactive Computing BSD 4 www.expel.io Open Source Software Name Description Type of Open Source License ipython_genutils Vestigial utilities from IPython BSD ipywidgets IPython HTML widgets for Jupyter BSD isodate An ISO 8601 date/time/duration parser and BSD formatter itsdangerous Various helpers to pass data to untrusted BSD environments and back. Jinja2 A very fast and expressive template engine. BSD jira Python library for interacting with JIRA via REST BSD APIs. jsonpickle Python library for serializing any arbitrary object BSD graph into JSON lxml Powerful and Pythonic XML processing library BSD combining libxml2/libxslt with the ElementTree API. lz4 LZ4 Bindings for Python BSD MarkupSafe Safely add untrusted strings to HTML/XML markup. BSD mock Rolling backport of unittest.mock for all Pythons BSD msg-parser This module enables reading, parsing and BSD converting Microsoft Outlook MSG E-Mail files. nodeenv Node.js virtual environment builder BSD notebook A web-based notebook environment for interactive BSD computing npyscreen Writing user interfaces without all that ugly mucking BSD about in hyperspace oauthlib A generic, spec-compliant, thorough BSD implementation of the OAuth request-signing logic prompt-toolkit Library for building powerful interactive command BSD lines in Python psutil Cross-platform lib for process and system BSD monitoring in Python. py-trello Python wrapper around the Trello API BSD Pygments Pygments is a syntax highlighting package written BSD in Python. pytest-cov Pytest plugin for measuring coverage. BSD python-snappy Python library for the snappy compression library BSD from Google 5 www.expel.io Open Source Software Name Description Type of Open Source License raven Raven is a client for Sentry (https://getsentry.com) BSD requests-oauthlib OAuthlib authentication support for Requests. BSD rq RQ is a simple, lightweight, library for creating BSD background jobs, and processing them. scipy SciPy: Scientific Library for Python BSD seaborn seaborn: statistical data visualization BSD Sphinx Python documentation generator BSD sphinxcontrib-confluencebuilder Sphinx extension to output Atlassian Confluence BSD Storage Markup documents and publish to Confluence instances. sphinxcontrib-restbuilder Sphinx extension to output reST files. BSD sqlalchemy_json_api Fast SQLAlchemy query builder for returning JSON BSD API responses. SQLAlchemy-Utils Various utility functions for SQLAlchemy. BSD tldextract Accurately separate the TLD from the registered BSD domain and subdomains of a URL, using the Public Suffix List. By default, this includes the public ICANN