Download OpenAPI specification:Download
Revenera SBOM Insights offers APIs to manage your Software Bill of Materials (SBOM) via buckets and parts. It supports manual software parts creation as well as ingestion of SBOMs in various formats. It also supports various queries into the constructed SBOM data.
Retrieve all the archetypes.
Archetypes can be filtered using any 'one' of the following parameters.
parameter | description |
---|---|
ids | comma separated list of archetype ids |
categories | comma separated list of categories. For e.g : part_types, bucket_types, origin_types, link_types, file_types etc |
trailId | provide job id to list all the records that was created/updated during the job run |
Required security scopes for GlobalSession:
sbom:archetype:index
OK response.
Bad Request response.
Unauthorized response.
Forbidden response.
Internal Server Error response.
Bad Gateway response.
{- "data": [
- {
- "id": 101,
- "other-fields": "please check the respective model for all the fields returned in this reponse"
}
], - "meta": {
- "limit": 100,
- "offset": 1,
- "total": 1000
}
}
Create an archetype. Required security scopes for GlobalSession:
sbom:archetype:create
Created response.
Bad Request response.
Unauthorized response.
Forbidden response.
Internal Server Error response.
Bad Gateway response.
{- "category": "part_types",
- "key": "app_key",
- "label": "Application Name",
- "source": "internal"
}
{- "id": 101
}
Retrieve an archetype Required security scopes for GlobalSession:
sbom:archetype:show
OK response.
Bad Request response.
Unauthorized response.
Forbidden response.
Not Found response.
Internal Server Error response.
Bad Gateway response.
{- "category": "bucket_types",
- "createdBy": {
- "email": "adam@server.com",
- "firstName": "Adam",
- "id": 2435456,
- "lastName": "Stone"
}, - "createdOn": "2022-07-20 04:55:49",
- "id": 101,
- "key": "application_type",
- "label": "Application Name",
- "modifiedBy": {
- "email": "adam@server.com",
- "firstName": "Adam",
- "id": 2435456,
- "lastName": "Stone"
}, - "modifiedOn": "2022-07-20 04:55:49",
- "orgId": 38808,
- "source": "custom",
- "trailId": 22
}
Update an existing archetype Required security scopes for GlobalSession:
sbom:archetype:update
OK response.
Bad Request response.
Unauthorized response.
Forbidden response.
Not Found response.
Internal Server Error response.
Bad Gateway response.
{- "category": "bucket_types",
- "key": "app_key",
- "label": "Application Name",
- "source": "internal"
}
{- "category": "bucket_types",
- "createdBy": {
- "email": "adam@server.com",
- "firstName": "Adam",
- "id": 2435456,
- "lastName": "Stone"
}, - "createdOn": "2022-07-20 04:55:49",
- "id": 101,
- "key": "application_type",
- "label": "Application Name",
- "modifiedBy": {
- "email": "adam@server.com",
- "firstName": "Adam",
- "id": 2435456,
- "lastName": "Stone"
}, - "modifiedOn": "2022-07-20 04:55:49",
- "orgId": 38808,
- "source": "custom",
- "trailId": 22
}
Delete an existing archetype Required security scopes for GlobalSession:
sbom:archetype:delete
OK response.
Bad Request response.
Unauthorized response.
Forbidden response.
Not Found response.
Internal Server Error response.
Bad Gateway response.
{- "id": 101
}
Retrieves all the buckets for the given orgId.
Buckets can be filtered using any 'one' of the following parameters.
parameter | description |
---|---|
ids | comma separated list of bucket ids |
name | bucket name |
trailId | provide job id to list all the records that was created/updated during the job run |
Required security scopes for GlobalSession:
sbom:bucket:index
OK response.
Bad Request response.
Unauthorized response.
Forbidden response.
Internal Server Error response.
Bad Gateway response.
{- "data": [
- {
- "id": 101,
- "other-fields": "please check the respective model for all the fields returned in this reponse"
}
], - "meta": {
- "limit": 100,
- "offset": 1,
- "total": 1000
}
}
Create a bucket. Required security scopes for GlobalSession:
sbom:bucket:create
Created response.
Bad Request response.
Unauthorized response.
Forbidden response.
Internal Server Error response.
Bad Gateway response.
{- "customFieldValues": "{'filedname1:value2, fieldname2:value2}",
- "description": "short description of the bucket",
- "name": "bucket name",
- "originId": 202,
- "originTypeId": 1,
- "parentId": 1,
- "typeId": 101
}
{- "id": 205
}
Retrieve detailed information for the requested bucket Required security scopes for GlobalSession:
sbom:bucket:show
OK response.
Bad Request response.
Unauthorized response.
Forbidden response.
Not Found response.
Internal Server Error response.
Bad Gateway response.
{- "bucketType": {
- "category": "bucket_types",
- "id": 1,
- "key": "application",
- "label": "Application",
- "orgId": -1,
- "source": "spdx"
}, - "createdBy": {
- "email": "adam@server.com",
- "firstName": "Adam",
- "id": 2435456,
- "lastName": "Stone"
}, - "createdOn": "2022-07-20 04:55:49",
- "customFieldValues": {
- "value": "{ field1 : value1 , field2 : value2 }"
}, - "description": "bucket describption",
- "id": 205,
- "modifiedBy": {
- "email": "adam@server.com",
- "firstName": "Adam",
- "id": 2435456,
- "lastName": "Stone"
}, - "modifiedOn": "2022-07-20 04:55:49",
- "name": "my bucket",
- "orgId": 38808,
- "originId": 202,
- "originType": "null",
- "originTypeId": 0,
- "parentId": 1,
- "trailId": 22,
- "typeId": 1
}
Update bucket information for the given bucket id Required security scopes for GlobalSession:
sbom:bucket:update
OK response.
Bad Request response.
Unauthorized response.
Forbidden response.
Not Found response.
Internal Server Error response.
Bad Gateway response.
{- "customFieldValues": "{'filedname1:value2, fieldname2:value2}",
- "description": "short description of the bucket",
- "name": "bucket name",
- "originId": 1,
- "originTypeId": 1,
- "parentId": 1,
- "typeId": 101
}
{- "bucketType": {
- "category": "bucket_types",
- "id": 1,
- "key": "application",
- "label": "Application",
- "orgId": -1,
- "source": "spdx"
}, - "createdBy": {
- "email": "adam@server.com",
- "firstName": "Adam",
- "id": 2435456,
- "lastName": "Stone"
}, - "createdOn": "2022-07-20 04:55:49",
- "customFieldValues": {
- "value": "{ field1 : value1 , field2 : value2 }"
}, - "description": "bucket describption",
- "id": 205,
- "modifiedBy": {
- "email": "adam@server.com",
- "firstName": "Adam",
- "id": 2435456,
- "lastName": "Stone"
}, - "modifiedOn": "2022-07-20 04:55:49",
- "name": "my bucket",
- "orgId": 38808,
- "originId": 202,
- "originType": "null",
- "originTypeId": 0,
- "parentId": 1,
- "trailId": 22,
- "typeId": 1
}
Delete a bucket Required security scopes for GlobalSession:
sbom:bucket:delete
OK response.
Bad Request response.
Unauthorized response.
Forbidden response.
Not Found response.
Internal Server Error response.
Bad Gateway response.
{- "id": 205
}
Retrieve all the files
Files can be filtered using any 'one' of the following parameters.
parameter | description |
---|---|
ids | comma separated list of file ids |
partId | get all the files for a specific part id |
trailId | provide job id to list all the records that was created/updated during the job run |
Required security scopes for GlobalSession:
sbom:file:index
OK response.
Bad Request response.
Unauthorized response.
Forbidden response.
Internal Server Error response.
Bad Gateway response.
{- "data": [
- {
- "id": 101,
- "other-fields": "please check the respective model for all the fields returned in this reponse"
}
], - "meta": {
- "limit": 100,
- "offset": 1,
- "total": 1000
}
}
Creates a file Required security scopes for GlobalSession:
sbom:file:create
Created response.
Bad Request response.
Unauthorized response.
Forbidden response.
Internal Server Error response.
Bad Gateway response.
{- "hashes": [
- {
- "type": "MD5/SHA1/SHA3",
- "value": "f7s24f5532b846c37ac6e994255afd624"
}, - {
- "type": "MD5/SHA1/SHA3",
- "value": "f7s24f5532b846c37ac6e994255afd624"
}, - {
- "type": "MD5/SHA1/SHA3",
- "value": "f7s24f5532b846c37ac6e994255afd624"
}, - {
- "type": "MD5/SHA1/SHA3",
- "value": "f7s24f5532b846c37ac6e994255afd624"
}
], - "linkId": 323,
- "linkTypeId": 345,
- "name": "my_file.zip",
- "path": "/source/download",
- "subTypeId": 53,
- "typeId": 2223
}
{- "id": 305
}
Retrieve detailed information for the requested file Required security scopes for GlobalSession:
sbom:file:show
OK response.
Bad Request response.
Unauthorized response.
Forbidden response.
Not Found response.
Internal Server Error response.
Bad Gateway response.
{- "createdBy": {
- "email": "adam@server.com",
- "firstName": "Adam",
- "id": 2435456,
- "lastName": "Stone"
}, - "createdOn": "2022-07-20 04:55:49",
- "hashes": [
- {
- "type": "MD5/SHA1/SHA3",
- "value": "f7s24f5532b846c37ac6e994255afd624"
}, - {
- "type": "MD5/SHA1/SHA3",
- "value": "f7s24f5532b846c37ac6e994255afd624"
}, - {
- "type": "MD5/SHA1/SHA3",
- "value": "f7s24f5532b846c37ac6e994255afd624"
}, - {
- "type": "MD5/SHA1/SHA3",
- "value": "f7s24f5532b846c37ac6e994255afd624"
}
], - "id": 305,
- "linkId": 86,
- "linkTypeId": 75,
- "modifiedBy": {
- "email": "adam@server.com",
- "firstName": "Adam",
- "id": 2435456,
- "lastName": "Stone"
}, - "modifiedOn": "2022-07-20 04:55:49",
- "name": "my_file.zip",
- "orgId": 38808,
- "path": "/source/download",
- "subTypeId": 53,
- "trailId": 22,
- "typeId": 305
}
Update file information Required security scopes for GlobalSession:
sbom:file:update
OK response.
Bad Request response.
Unauthorized response.
Forbidden response.
Not Found response.
Internal Server Error response.
Bad Gateway response.
{- "hashes": [
- {
- "type": "MD5/SHA1/SHA3",
- "value": "f7s24f5532b846c37ac6e994255afd624"
}, - {
- "type": "MD5/SHA1/SHA3",
- "value": "f7s24f5532b846c37ac6e994255afd624"
}, - {
- "type": "MD5/SHA1/SHA3",
- "value": "f7s24f5532b846c37ac6e994255afd624"
}, - {
- "type": "MD5/SHA1/SHA3",
- "value": "f7s24f5532b846c37ac6e994255afd624"
}
], - "linkId": 323,
- "linkTypeId": 45,
- "name": "my_file.zip",
- "path": "/source/download",
- "subTypeId": 53,
- "typeId": 23
}
{- "createdBy": {
- "email": "adam@server.com",
- "firstName": "Adam",
- "id": 2435456,
- "lastName": "Stone"
}, - "createdOn": "2022-07-20 04:55:49",
- "hashes": [
- {
- "type": "MD5/SHA1/SHA3",
- "value": "f7s24f5532b846c37ac6e994255afd624"
}, - {
- "type": "MD5/SHA1/SHA3",
- "value": "f7s24f5532b846c37ac6e994255afd624"
}, - {
- "type": "MD5/SHA1/SHA3",
- "value": "f7s24f5532b846c37ac6e994255afd624"
}
], - "id": 305,
- "linkId": 86,
- "linkTypeId": 75,
- "modifiedBy": {
- "email": "adam@server.com",
- "firstName": "Adam",
- "id": 2435456,
- "lastName": "Stone"
}, - "modifiedOn": "2022-07-20 04:55:49",
- "name": "my_file.zip",
- "orgId": 38808,
- "path": "/source/download",
- "subTypeId": 53,
- "trailId": 22,
- "typeId": 305
}
Delete a file Required security scopes for GlobalSession:
sbom:file:delete
OK response.
Bad Request response.
Unauthorized response.
Forbidden response.
Not Found response.
Internal Server Error response.
Bad Gateway response.
{- "id": 305
}
Import Software Bill Of Materials into the system Required security scopes for GlobalSession:
sbom:importer:import
OK response.
Bad Request response.
Unauthorized response.
Forbidden response.
Internal Server Error response.
Bad Gateway response.
{- "jobId": 812,
- "message": "Import job QUEUED. Check the /jobs/{jobId} api for details."
}
Retrieve all the Jobs for the given orgId.
Jobs can be filtered using any 'one' of the following parameters.
parameter | description |
---|---|
status | list all the jobs for the given status |
bucketId | list all the jobs for a bucketId |
Required security scopes for GlobalSession:
sbom:job:index
OK response.
Bad Request response.
Unauthorized response.
Forbidden response.
Internal Server Error response.
Bad Gateway response.
{- "data": [
- {
- "id": 101,
- "other-fields": "please check the respective model for all the fields returned in this reponse"
}
], - "meta": {
- "limit": 100,
- "offset": 1,
- "total": 1000
}
}
Retrieve a Job Required security scopes for GlobalSession:
sbom:job:show
OK response.
Bad Request response.
Unauthorized response.
Forbidden response.
Not Found response.
Internal Server Error response.
Bad Gateway response.
{- "bucketId": 205,
- "createdBy": {
- "email": "adam@server.com",
- "firstName": "Adam",
- "id": 2435456,
- "lastName": "Stone"
}, - "createdOn": "2022-07-20 04:55:49",
- "id": 812,
- "input": {
- "fileHash": "cb26478a28a51ce1ce08ccd2bc3f6942",
- "fileName": "project-hello.spdx",
- "filePath": "/project-import/843514967_40062_2_project-hello.spdx",
- "logFile": "/project-import/843514967_40062_2_project-hello.log",
- "provenance": {
- "component": "Mixed-Bag-Trial",
- "timestamp": "Nov 18, 2022 11:36:10 AM",
- "tool": "[Steve Ranger (steve@ranger.org)], [github.com/spdx/tools-golang/builder]",
- "version": "SPDX-2.2"
}
}, - "modifiedBy": {
- "email": "adam@server.com",
- "firstName": "Adam",
- "id": 2435456,
- "lastName": "Stone"
}, - "modifiedOn": "2022-07-20 04:55:49",
- "orgId": 38808,
- "output": {
- "parsed": {
- "errors": "null",
- "failed": 0,
- "messages": "null",
- "processed": 10,
- "skipped": 2,
- "timeTaken": "4.51025ms",
- "total": 12
}, - "processed": {
- "errors": "null",
- "failed": 0,
- "messages": "null",
- "processed": 10,
- "skipped": 0,
- "timeTaken": "1.215864501s",
- "total": 10
}, - "totalTime": "1.246455001s"
}, - "status": "queued / processing / completed",
- "type": "import / others"
}
This API retrieves information about SBOM parts in the current Organization. These parts can be filtered using one of the following parameters.
Parameter | Description |
---|---|
ids | A comma-separated list of SBOM part IDs to retrieve only those parts. |
bucketIds | A comma-separated list of bucket IDs to retrieve only those SBOM parts in the specified buckets. |
trailId | The ID of a specific job to retrieve only those SBOM parts that were created or updated during the job's execution. |
Required security scopes for GlobalSession:
sbom:part:index
OK response.
Bad Request response.
Unauthorized response.
Forbidden response.
Internal Server Error response.
Bad Gateway response.
{- "data": [
- {
- "id": 101,
- "other-fields": "please check the respective model for all the fields returned in this reponse"
}
], - "meta": {
- "limit": 100,
- "offset": 1,
- "total": 1000
}
}
Use this API to register an SBOM part. Required security scopes for GlobalSession:
sbom:part:create
Created response.
Bad Request response.
Unauthorized response.
Forbidden response.
Internal Server Error response.
Bad Gateway response.
{- "additionalNotes": "Notes found from Automated Finding...",
- "bucketId": 205,
- "catalogId": 644,
- "copyrightText": "Copyright (c) 2020 golden authors",
- "customFieldValues": "{'field1': 'value1','field2': 'value2'}",
- "description": "Module used to execute heavy tasks under forked processes in parallel... ",
- "fileIds": [
- 4696596040447724000,
- 7552993849763046000,
- 2706809669988982300,
- 7169943111464219000
], - "linkId": 323,
- "linkNotes": "Note the following about the link established between MyComponent and OtherComponent...",
- "linkTypeId": 345,
- "name": "ComponentABC 1.0 (Apache 2.0)",
- "noticesText": "The following lists the content of the licenses for the components used by this software ...",
- "originId": 1,
- "originTypeId": 1,
- "purl": "pkg:alpine/alpine-keys@2.4-r0?arch=x86_64",
- "status": "Approved",
- "typeId": 1,
}
{- "id": 411
}
This API retrieves information about a specific SBOM part. Required security scopes for GlobalSession:
sbom:part:show
OK response.
Bad Request response.
Unauthorized response.
Forbidden response.
Not Found response.
Internal Server Error response.
Bad Gateway response.
{- "additionalNotes": "Notes found from Automated Finding...",
- "bucket": {
- "bucketType": 22,
- "description": "The description for the new bucket.",
- "id": 5,
- "name": "my bucket in an org",
- "orgId": 40062,
- "parentId": "null",
- "typeId": 1
}, - "bucketId": 205,
- "catalog": {
- "id": 1,
- "orgId": -1,
- "title": "vul-bug-apache-struts"
}, - "catalogId": 644,
- "copyrightText": "Copyright (c) 2020 golden authors",
- "createdBy": {
- "email": "adam@server.com",
- "firstName": "Adam",
- "id": 2435456,
- "lastName": "Stone"
}, - "createdOn": "2022-07-20 04:55:49",
- "customFieldValues": {
- "value": "{ field1 : value1 , field2 : value2 }"
}, - "description": "Module used to execute heavy tasks under forked processes in parallel... ",
- "fileIds": [
- 790737669679069700,
- 4336423386627879400
], - "id": 411,
- "internalNotes": {
- "value": "Dolor repellendus voluptatem consectetur nam repellendus."
}, - "linkId": 404,
- "linkNotes": "Note the following about the link established between MyComponent and OtherComponent...",
- "linkType": {
- "category": "link_types",
- "id": 9,
- "key": "cloned",
- "label": "Clone",
- "orgId": -1
}, - "linkTypeId": 54,
- "modifiedBy": {
- "email": "adam@server.com",
- "firstName": "Adam",
- "id": 2435456,
- "lastName": "Stone"
}, - "modifiedOn": "2022-07-20 04:55:49",
- "name": "my bucket name",
- "noticesText": "The following lists the content of the licenses for the components used by this software ...",
- "orgId": 38808,
- "originId": 545,
- "originType": "Accusamus qui dolores rem ipsam.",
- "originTypeId": 54,
- "partType": {
- "category": "part_types",
- "id": 9,
- "key": "application",
- "label": "Application",
- "orgId": -1
}, - "purl": "pkg:alpine/alpine-keys@2.4-r0?arch=x86_64",
- "status": "Reviewed / Not Reviewed / Pending",
- "trailId": 22,
- "typeId": 1,
}
This API updates information for an SBOM part. Required security scopes for GlobalSession:
sbom:part:update
OK response.
Bad Request response.
Unauthorized response.
Forbidden response.
Not Found response.
Internal Server Error response.
Bad Gateway response.
{- "additionalNotes": "Notes found from Automated Finding...",
- "bucketId": 205,
- "catalogId": 1,
- "copyrightText": "Copyright (c) 2020 golden authors",
- "customFieldValues": "{'field1': 'value1','field2': 'value2'}",
- "description": "Module used to execute heavy tasks under forked processes in parallel... ",
- "fileIds": [
- 2161086129761030700,
- 3443200593062312400,
- 64720631712548530,
- 7842496638812339000
], - "linkId": 323,
- "linkNotes": "Note the following about the link established between MyComponent and OtherComponent...",
- "linkTypeId": 345,
- "name": "ComponentABC 1.0 (Apache 2.0)",
- "noticesText": "The following lists the content of the licenses for the components used by this software ...",
- "originId": 1,
- "originTypeId": 1,
- "purl": "pkg:alpine/alpine-keys@2.4-r0?arch=x86_64",
- "status": "Approved",
- "typeId": 1,
}
{- "additionalNotes": "Notes found from Automated Finding...",
- "bucket": {
- "bucketType": 22,
- "description": "The description for the new bucket.",
- "id": 5,
- "name": "my bucket in an org",
- "orgId": 40062,
- "parentId": "null",
- "typeId": 1
}, - "bucketId": 205,
- "catalog": {
- "id": 1,
- "orgId": -1,
- "title": "vul-bug-apache-struts"
}, - "catalogId": 644,
- "copyrightText": "Copyright (c) 2020 golden authors",
- "createdBy": {
- "email": "adam@server.com",
- "firstName": "Adam",
- "id": 2435456,
- "lastName": "Stone"
}, - "createdOn": "2022-07-20 04:55:49",
- "customFieldValues": {
- "value": "{ field1 : value1 , field2 : value2 }"
}, - "description": "Module used to execute heavy tasks under forked processes in parallel... ",
- "fileIds": [
- 7758661390078550000,
- 7414551146711562000,
- 5778034391515241000,
- 4204687440953552000
], - "id": 411,
- "internalNotes": {
- "value": "Dolor repellendus voluptatem consectetur nam repellendus."
}, - "linkId": 404,
- "linkNotes": "Note the following about the link established between MyComponent and OtherComponent...",
- "linkType": {
- "category": "link_types",
- "id": 9,
- "key": "cloned",
- "label": "Clone",
- "orgId": -1
}, - "linkTypeId": 54,
- "modifiedBy": {
- "email": "adam@server.com",
- "firstName": "Adam",
- "id": 2435456,
- "lastName": "Stone"
}, - "modifiedOn": "2022-07-20 04:55:49",
- "name": "my bucket name",
- "noticesText": "The following lists the content of the licenses for the components used by this software ...",
- "orgId": 38808,
- "originId": 545,
- "originType": "Libero iste consectetur corrupti minus.",
- "originTypeId": 54,
- "partType": {
- "category": "part_types",
- "id": 9,
- "key": "application",
- "label": "Application",
- "orgId": -1
}, - "purl": "pkg:alpine/alpine-keys@2.4-r0?arch=x86_64",
- "status": "Reviewed / Not Reviewed / Pending",
- "trailId": 22,
- "typeId": 1,
}
Un-register an SBOM part. Required security scopes for GlobalSession:
sbom:part:delete
OK response.
Bad Request response.
Unauthorized response.
Forbidden response.
Not Found response.
Internal Server Error response.
Bad Gateway response.
{- "id": 411
}
Search for SBOM Parts using various filters and other parameters that you construct based on a search model within the request body.
To perform a search of SBOM parts in the Organization to which you are currently connected, you must use the search model (described in the next sections) to construct an appropriate search within the request body of this API. The main attribute of the model is a query that defines parameters for the data you want to retrieve. The query can include both filters that refine search results and a sort definition that orders these results in the response. The search construction must be in JSON format and contain the search attributes described in the next section.
The search model consists of the following attributes.
Name | Required | Description |
---|---|---|
query | Yes | The primary search attribute consisting of one or more properties that define the search. See the "Query Properties" section below. |
offset | No | The page number in the results at which to start fetching results. The default is the first page. |
limit | No | The maximum number of results per page. The default (and overall maximum) value is 100. |
The following properties are defined within the "query" search attribute.
Name | Required | Description |
---|---|---|
where | No | The clause containing one or more criteria (in the form of field definitions) that a given SBOM part must match in order to be included in the search results. The search uses AND logic to process these criteria, meaning that a given part must match all the criteria in the "where" clause to be considered a match. The "where" is required only if the query has no "or" clause. |
or | No | The clause that further refines the search results of the "where" clause. The "or" clause defines two or more criteria to which OR logic is applied, meaning that an SBOM part resulting from the "where" search must match at least one of the criteria in the "or" clause to be included in the final search results. The "or" clause is required only if the query has no "where" clause. |
sort | No | The definition specifying one or more fields on which to sort the search results. By default, the results are sorted on the SBOM part id field in ascending order. Include the "sort" definition to override this default behavior. Refer to the "Results Sorting" section below for more information. |
The "where" and "or" clauses within the "query" search attribute contain one or more field definitions (that is, search criteria) by which to filter the SBOM parts. Each criterion contains the following properties.
Name | Required | Description |
---|---|---|
field | Yes | The field against which the part should be searched. Refer the "Searchable Fields" section for the list of fields that you can use to search SBOM parts. |
operator | No | The action portion of the search criterion. By default, the "equals" operator is used. To override this value, specify another valid operator as listed in the "Operators" section below. |
value | Yes | The value that is matched against the value for the same field in an SBOM part definition. If providing a value for the name or bucket.name field, you can enter the full name (for an exact name match) or a string within the name. Always supply the value (whether a string, integer, float, date, or boolean) as a string enclosed in double quotes. |
Note: All searches are case-insensitive so you can use any case or case combination for the values of the name, operator, and value properties in a field definition. The results will be the same.
The following table lists the fields (used in the SBOM part definition) by which SBOM parts can be filtered during a search. A field definition (that is, a search criterion) in the "where" or "or" clause must use a field name from this table for the "field" property. This table also includes each field's allowable operators in the field definition.
The names of the "searchable fields" match the names of their corresponding attributes returned in the response object. Consider that some of these fields identify attributes contained within a nested object in the response. The field name for this type of attribute uses qualifiers that reflect the attribute's hierarchy within the response.
For example, in the response, bucket is a nested object containing the attributes id, name, description, and other attributes describing the bucket. In the query, you can search by the bucket's name or ID within the bucket object by using the field name bucket.id or bucket.name (as listed in the table below), which matches the attribute name for the nested bucket in the response. Before including a field definition in the query, always check this table to ensure that you use the exact field name listed.
Additionally, when a valid field is used with an operator that it does not support, the system ignores the condition and returns all values for that field. Refer to this table to ensure that operator you specify for a field is supported by that field.
Field | Description | Supported Operators |
---|---|---|
name | Name of the SBOM part | equals, contains, starts_with, ends_with, in |
bucketId | ID of each bucket containing the SBOM parts you want to search | equals, in |
createdOn | SBOM part creation date | equals, between |
modifiedOn | Date that the SBOM part was last modified | equals, between |
bucket.id | ID of the bucket containing the SBOM parts you want to search | equals, in |
bucket.name | Name of the bucket containing the SBOM parts you want to search | equals, contains, starts_with, ends_with, in |
catalog.cvlProps.componentName | Name of the component | equals, contains, starts_with, ends_with, in |
catalog.cvlProps.componentUrl | URL of the component | equals, contains, starts_with, ends_with, in |
catalog.cvlProps.version.name | Name of the component version, such as "2.9.3" | equals, contains, starts_with, ends_with, in |
catalog.cvlProps.version.purl | Package URL (purl) of the version | equals, contains, starts_with, ends_with, in |
catalog.cvlProps.licenses.name | Name of the license associated with the component version | equals, contains, starts_with, ends_with, in |
catalog.cvlProps.licenses.spdxIdentifier | SPDX identifier of the license | equals, contains, starts_with, ends_with, in |
catalog.cvlProps.licenses.spdxName | SPDX name of the license | equals, contains, starts_with, ends_with, in |
catalog.cvlProps.licenses.shortName | Short name of the license | equals, contains, starts_with, ends_with, in |
catalog.cvlProps.licenses.url | URL of the license | equals, contains, starts_with, ends_with, in |
vulnerability.name | Security vulnerability ID (CVE or other) | equals, contains, in |
vulnerability.publishDate | Publication date of the vulnerability | equals, between |
vulnerability.revisedDate | Last revision date of the vulnerability | equals, between |
vulnerability.cvss2Score | CVSS v2 score the of the vulnerability | equals, between, greater_than, lesser_than |
vulnerability.cvss3Score | CVSS v3 score the of the vulnerability | equals, between, greater_than, lesser_than |
In a field definition, always supply the value for the value property (whether it is a string, integer, float, date, or boolean data type) as a string data type enclosed within double quotes. A value not enclosed in double quotes results in an error. For example, a value for the "bucket.id" field must be in double quotes even though it is an integer:
"field": "bucket.id"
"operator": "equals"
"value": "301"
Note: A date value must be in either YYYY-MM-DD, YYYY/MM/DD, or MM-DD-YYYY format (and placed in double quotes as mentioned above).
The following table lists the operators allowed in field definitions (that is, the filter criteria) set up in the "where" clause.
The term value in each operator description in the table refers to the value property in the field definition used in the query. For example, if a field definition uses the equals operator to process the value specified for the field bucket.name, the criterion syntactically reads "The value for bucket.name in the SBOM part definition must exactly match the value property for bucket.name in the field definition in the query."
Operator | Description |
---|---|
equals | Matches the value exactly |
starts_with | Starts with the given value |
ends_with | Ends with the given value |
contains | Contains the given value |
in | Matches at least one of the multiple values provided |
between | Matches within the given range |
greater_than | Is greater than the given value |
lesser_than | Is less than the given value |
When the "in" operator is used, multiple values entered for the "value" field in the field definition must be formatted as a comma-separated list (such as 209,265,266). The values in this field are processed using OR logic.
When the "between" operator is used, two values must be entered for the "value" field in the field definition. The values are formatted as a comma-separated list (such as 2022-12-01,2023-01-31). If you enter the values in wrong order (with the later date first and the earlier date last, as in 2023-01-31,2022-12-01,), Code Insight will handle the order of the supplied values internally to ensure proper sorting.
If multiple field definitions are defined in the "where" clause of the query, AND logic is used to process the definitions as criteria against SBOM parts during the search. When AND logic is applied, a given part must match all the defined criteria in order to be included in the search results.
If you want OR logic to be used when processing multiple criteria against SBOM parts, include the "or" clause in the query. When OR logic is applied, a part must match at least one of the criteria in order to be included in the search results.
By default, search results are sorted in ascending order on the id field identifying each SBOM part. You can override this default by specifying one or more field names for the "field" property in the "sort" definition in the query. Specify the sorting order by entering ASC (for ascending) or DESC (for descending) for the "order" property in the definition.
Multiple fields are sorted in the sequence in which they are listed for the "field" property in the "sort" definition.
Note: You can sort on any field listed in the Searchable & Sortable Fields table.
The following shows the standard structure of a request and response used in an SBOM parts search.
The following illustrates the basic structure of a request used to search SBOM parts. The search model shows the format of search attributes, query properties, and field definitions.
POST /parts/search
{
"query": {
"where": [
{
"field": "bucket.name",
"operator": "equals",
"values": "test project"
}
],
"or": [
{
"field": "name",
"operator": "contains",
"values": "xyz"
}
],
"sort": [
{
"field": "createdOn",
"order": "ASC"
}
]
},
"offset": 1,
"limit": 100
}
A standard response shows "data" and "meta" properties. The "data" attribute contains the actual results, while the "meta" attribute provides page configuration information for the results.
{
"data": [
{
...
}
],
"meta": {
"total": 1,
"offset": 1,
"limit": 100
}
}
The following examples illustrate some common searches that you can perform on SBOM parts.
Note: To conserve space, the response in many of these examples uses an ellipsis after the details for the first retrieved result. The ellipsis represents the remaining details for that result as well as all remaining results and their details.
This search example retrieves only those SBOM parts found in specified buckets and then sorts these results by the part's creation date in ascending order.
The query in the following request body for Example 1 uses the "in" operator to retrieve all SBOM parts that belong to two buckets (identified by their Ids) and then sorts these results on the createdOn field in ascending order.
Note: If you want to retrieve all SBOM parts without a filter, provide empty brackets for the "where" clause, as in:
"where": [ ]
POST /parts/search
{
"query": {
"where": [
{
"field": "bucketId",
"operator": "in",
"value": "101,201"
}
]
,"sort" :[
{
"field": "createdOn",
"order": "asc"
}
]
}
}
The results show details for all SBOM parts found in each specified bucket, listing the parts in ascending order by their creation date.
{
"data": [
{
"id": 123,
"name": "testComponent",
"bucketId": 101
...
}
],
"meta": {
"total": 230,
"offset": 1,
"limit": 100
}
}
This search example retrieves all SBOM parts whose name contains the string "apache".
The "where" clause in the query uses the "contains" operator to search for SBOM parts that have the string "apache" in their name. The search is performed across all buckets in the organization.
POST /parts/search
{
"query": {
"where": [
{
"field": "name",
"operator": "contains",
"value": "Apache"
}
]
}
}
The response shows details for every SBOM part that contains "apache" in its name.
{
"data": [
{
"id": 123,
"name": "Apache Commons",
"bucketId": 110
...
}
],
"meta": {
"total": 2,
"offset": 1,
"limit": 100
}
}
This search example searches two buckets for all SBOM parts that were last modified within a specified date range.
The following shows a request body for Example 3. The search uses the AND logic of the "where" clause to locate all SBOM parts that belong to either "Test Bucket" or "Mixed Bucket" and, of those parts, only those that were last updated between November 1 and November 30, 2022.
Note: This request lists the "modifiedOn" field values for the "between" operator in wrong order (with the later date first and the earlier date last). When a wrong order is used in the request, Code Insight will internally re-order out-of-order dates for the "between" operator to ensure that proper sorting occurs.
POST /parts/search
{
"query": {
"where": [
{
"field": "bucket.name",
"operator": "in",
"value": "Test Bucket,Mixed Bucket"
}
,{
"field": "modifiedOn",
"operator": "between",
"value": "2022-11-30,2022-11-01"
}
]
}
}
The response shows details for the SBOM parts belonging either bucket that were modified within the given date range.
{
"data": [
{
"id": 123,
"name": "Apache Commons",
"bucketId": 115,
"modifiedOn": "2022-11-15 13:03:50",
...
}
],
"meta": {
"total": 5,
"offset": 1,
"limit": 100
}
}
This search example searches a single bucket for those SBOM parts whose name contains one or more specified strings.
The query in the following request body for Example 4 uses an "or" clause to search for those SBOM parts whose name contains either "abc" or "xyz" or both strings. The search is performed on the SBOM parts in the bucket specified in "where" clause. The results are listed in descending order on the part name.
POST /parts/search
{
"query": {
"where": [
{
"field": "bucket.name",
"operator": "equals",
"value": "test project"
}
],
"or": [
{
"field": "name",
"operator": "contains",
"value": "abc"
},
{
"field": "name",
"operator": "contains",
"value": "xyz"
}
],
"sort": [
{
"field": "name",
"order": "desc"
}
]
}
}
The response shows details for each SBOM part whose name contains one or both specified strings within the bucket "test bucket" (whose ID is 110).
{
"data": [
{
"id": 123,
"name": "Apache Commons abc",
"bucketId": 110,
...
}
],
"meta": {
"total": 5,
"offset": 1,
"limit": 100
}
}
This example searches two buckets for all SBOM parts that have one or more security vulnerabilities whose scores are within a certain range.
The following shows the request body for Example 5. The query uses an "or" clause to search for those SBOM parts that have at least one security vulnerability with either a CVSSv3 score between the range of 9.0 and 10.0 or a CVSSv2 score greater than 9.0. The search is performed on the SBOM parts belonging to the two buckets identified in the "where" clause.
POST /parts/search
{
"query": {
"where": [
{
"field": "bucketId",
"operator": "in",
"value": "1,2"
}
],
"or": [
{
"field": "vulnerability.cvss3Score",
"operator": "between",
"value": "9.0, 10.0"
},
{
"field": "vulnerability.cvss2Score",
"operator": "greater_than",
"value": "9.0"
}
]
},
"offset": 1
}
The response shows details for each SBOM part (in the two buckets specified) that have one or more security vulnerabilities whose scores are within either of the indicated ranges.
{
"data": [
{
"id": 123,
"name": "Apache Commons",
"bucketId": 110,
...
}
],
"meta": {
"total": 5,
"offset": 1,
"limit": 100
}
}
This search example retrieves those SBOM parts that meet multiple license criteria. The search is performed across all buckets in the organization.
The query in the following request body for Example 6 searches for those SBOM parts that meet both of these criteria across all buckets:
Notice the following about the example request body:
Note: If you want to broaden the search, you can omit the "where" clause altogether and add both criteria to an "or" clause that searches for all SBOM parts that meet at least one of the criteria.
POST /parts/search
{
"query": {
"where": [
{
"field": "catalog.cvlProps.licenses.spdxIdentifier",
"operator": "starts_with",
"value": "mit"
}
],
"or": [
{
"field": "catalog.cvlProps.licenses.shortName",
"operator": "contains",
"value": "mit"
}
]
},
"offset": 1
}
The response shows details for each SBOM part that meets at least one of the license criteria.
{
"data": [
{
"id": 123,
"name": "Apache Commons",
"bucketId": 110,
"catalog": {
"cvlProps": {
"licenses": [
{
"id": 7,
"name": "MIT License",
"shortName": null,
"url": "https://spdx.org/licenses/MIT.html",
"spdxIdentifier": "MIT",
"spdxName": "MIT license"
}
]
}
...
}
}
],
"meta": {
"total": 5,
"offset": 1,
"limit": 100
}
}
This example demonstrates a search that fails because an invalid field name is specified for the "field" property in a field definition.
The query in following request body for Example 7 is set up to search for SBOM parts whose field "invalid.field.name" contains either "Test Bucket" or Mixed Bucket" as a value.
POST /parts/search
{
"query": {
"where": [
{
"field": "invalid.field.name",
"operator": "in",
"value": "Test Bucket,Mixed Bucket"
}
]
}
}
The response returns a "400 Bad Request" error because no field with the name "invalid.field.name" is used in an SBOM part definition.
{
"name": "bad_request",
"id": "Z6Pg9Bps",
"message": "invalid field(s) / operator(s) : invalid.field.name ",
"temporary": false,
"timeout": false,
"fault": false
}
This example demonstrates a search failure due to an invalid "operator" used in the query.
The query in the following request body for Example 8 uses an unknown operator (called "invalid-operator") in the field definition.
POST /parts/search
{
"query": {
"where": [
{
"field": "name",
"operator": "invalid-operator",
"value": "Test Bucket,Mixed Bucket"
}
]
}
}
The response returns a "400 Bad Request" error.
{
"name": "bad_request",
"id": "Z6Pg9Bps",
"message": "invalid field(s) / operator(s) : invalid-operator ",
"temporary": false,
"timeout": false,
"fault": false
}
Required security scopes for GlobalSession:
sbom:part:search
OK response.
Bad Request response.
Unauthorized response.
Forbidden response.
Internal Server Error response.
Bad Gateway response.
{- "limit": 10,
- "offset": 1,
- "query": {
- "or": [
- {
- "field": "createdOn",
- "operator": "between",
- "value": "2022-11-30, 2022-11-01"
}
], - "sort": [
- {
- "field": "createdOn",
- "order": "asc"
}
], - "where": [
- {
- "field": "name",
- "operator": "equals",
- "value": "sbom"
}
]
}
}
{- "data": [
- {
- "id": 101,
- "other-fields": "please check the respective model for all the fields returned in this reponse"
}
], - "meta": {
- "limit": 100,
- "offset": 1,
- "total": 1000
}
}