ThreatLedger third-party notices
ThreatLedger Third-Party Software Notices
Version: 1.2.3 Last Updated: June 2026
Overview
ThreatLedger incorporates a number of open-source software components and container runtime technologies. We gratefully acknowledge the authors and maintainers of these projects.
ThreatLedger itself is proprietary software. The licenses listed below apply only to the respective third-party components.
Container Runtime Components
ThreatLedger is distributed using Docker containers and includes the following major runtime components:
| Component | Version | Purpose | Project |
|---|---|---|---|
| nginx | 1.31.1 | Web frontend server and reverse proxy | https://nginx.org/ |
| Python | 3.12.13 | ThreatLedger API runtime | https://www.python.org/ |
| Gunicorn | 26.0.0 | WSGI application server | https://gunicorn.org/ |
| Alpine Linux | Base Image | Lightweight container operating system | https://alpinelinux.org/ |
Python Application Dependencies
| Component | Version | License | Project |
|---|---|---|---|
| Flask | 3.1.3 | BSD-3-Clause | https://github.com/pallets/flask/ |
| Jinja2 | 3.1.6 | BSD License | https://github.com/pallets/jinja/ |
| MarkupSafe | 3.0.3 | BSD-3-Clause | https://github.com/pallets/markupsafe/ |
| Werkzeug | 3.1.8 | BSD-3-Clause | https://github.com/pallets/werkzeug/ |
| blinker | 1.9.0 | MIT License | https://github.com/pallets-eco/blinker/ |
| certifi | 2026.4.22 | Mozilla Public License 2.0 | https://github.com/certifi/python-certifi |
| cffi | 2.0.0 | MIT License | https://cffi.readthedocs.io/ |
| charset-normalizer | 3.4.7 | MIT License | https://github.com/jawah/charset_normalizer |
| click | 8.3.3 | BSD-3-Clause | https://github.com/pallets/click/ |
| cryptography | 48.0.0 | Apache-2.0 OR BSD-3-Clause | https://github.com/pyca/cryptography |
| gunicorn | 26.0.0 | MIT License | https://gunicorn.org/ |
| idna | 3.13 | BSD-3-Clause | https://github.com/kjd/idna |
| itsdangerous | 2.2.0 | BSD License | https://github.com/pallets/itsdangerous/ |
| lxml | 6.1.0 | BSD-3-Clause | https://lxml.de/ |
| packaging | 26.2 | Apache-2.0 OR BSD-2-Clause | https://github.com/pypa/packaging |
| Pillow | 12.2.0 | MIT-CMU | https://python-pillow.github.io/ |
| pycparser | 3.0 | BSD-3-Clause | https://github.com/eliben/pycparser |
| reportlab | 4.4.10 | BSD License | https://www.reportlab.com/ |
| requests | 2.33.1 | Apache Software License | https://github.com/psf/requests |
| urllib3 | 2.6.3 | MIT License | https://github.com/urllib3/urllib3 |
License Summary
ThreatLedger currently uses permissive open-source licenses including:
- BSD License Family
- BSD-2-Clause
- BSD-3-Clause
- MIT License
- Apache License 2.0
- Mozilla Public License 2.0
At the time of publication, ThreatLedger does not include components licensed under GPL, LGPL, AGPL, or similar reciprocal copyleft licenses.
Attribution
All trademarks, service marks, product names, and project names referenced herein remain the property of their respective owners.
ThreatLedger thanks the maintainers and contributors of these open-source projects for their work and dedication to the software community.
End of Document