Get Release Bundle v2 Version (GraphQL) Use Cases & Examples

JFrog REST APIs
Content Type
REST API

This topic contains practical examples that demonstrate how to solve common tasks with the Get Release Bundle v2 Version GraphQL API:

Example 1: Fetching basic details

This GraphQL query retrieves the creator and creation date for a specific Release Bundle v2 version.

query GetVersionDetails {
  releaseBundleVersion {
    getVersion(name: "my-app", version: "2.1.0", projectKey: "my-proj") {
      createdBy
      createdAt
    }
  }
}

cURL Request & Response

Request:

curl -X POST -H "Authorization: Bearer <YOUR_TOKEN>" -H "Content-Type: application/json" \
https://<YOUR_JFROG_URL>/onemodel/api/v1/graphql \
--data '{
    "query": "query GetVersionDetails { releaseBundleVersion { getVersion(name: \"my-app\", version: \"2.1.0\", projectKey: \"my-proj\") { createdBy createdAt } } }"
}'

Response:

{
    "data": {
        "releaseBundleVersion": {
            "getVersion": {
                "createdBy": "admin",
                "createdAt": "2025-08-05T06:53:00.123Z"
            }
        }
    }
}

Example 2: Retrieving all artifacts and their properties

This query fetches all artifacts in a Release Bundle version and lists its associated properties. This is useful for auditing or generating a complete Software Bill of Materials (SBOM).

query GetAllArtifactsAndProperties {
  releaseBundleVersion {
    getVersion(name: "my-app", version: "3.0.0-GA") {
      artifactsConnection(first: 50) { # Adjust 'first' as needed
        edges {
          node {
            name
            path
            sha256
            properties {
              key
              values
            }
          }
        }
      }
    }
  }
}

Example 3: Inspecting source builds

You can query from the fromBuilds field to help understand the CI/CD origins of a Release Bundle version. This example retrieves the build name, number, and start time for all source builds.

query GetSourceBuilds {
  releaseBundleVersion {
    getVersion(name: "my-app", version: "3.0.0-GA", projectKey: "my-proj") {
      fromBuilds {
        name
        number
        startedAt
        repositoryKey
      }
    }
  }
}

Example 4: Paginating through a large set of artifacts

If a Release Bundle version contains more artifacts than can be fetched in one request, you must paginate.

Step 1: Fetch the first page

This query returns the first 100 artifacts.

query GetFirstArtifactPage {
  releaseBundleVersion {
    getVersion(name: "large-bundle", version: "10.5.0") {
      artifactsConnection(first: 100) {
        totalCount
        edges {
          node {
            name
          }
        }
        pageInfo {
          hasNextPage
          endCursor # <-- Save this cursor!
        }
      }
    }
  }
}

Step 2: Fetch the next page

Use the endCursor from the previous response in the after argument to get the next set of 100 results.

query GetNextArtifactPage {
  releaseBundleVersion {
    getVersion(name: "large-bundle", version: "10.5.0") {
      artifactsConnection(first: 100, after: "YXJ0aWZhY3Q6Mg==") {
        edges {
          node {
            name
          }
        }
        pageInfo {
          hasNextPage
          endCursor
        }
      }
    }
  }
}

Tip

To fetch all artifacts, repeat step 2 for as long as hasNextPage is true.

Example 5: Full traceability from release to build evidence

This query provides end-to-end traceability. It starts with a Release Bundle, drills down into its source builds, and retrieves the evidence associated with each of those builds. This critical for compliance and auditing.

query FullTraceabilityAudit {
  releaseBundleVersion {
    getVersion(name: "mission-critical-app", version: "1.2.3") {
      fromBuilds {
        name
        number
        evidenceConnection(first: 10) {
          edges {
            node {
              # Fields from the Evidence type
              evidenceType
              sha256
              issuedBy
              issuedAt
            }
          }
        }
      }
    }
  }
}

Example 6: Find all Docker images with evidence

This query demonstrates a powerful workflow. It retrieves all artifacts, but you would filter them programmatically on the client side to find specific packageTypes (such as docker). It then fetches the associated evidence for each matching artifact. This enables you to find all Docker images that have a Security Scan evidence report.

query FindDockerImagesWithEvidence {
  releaseBundleVersion {
    getVersion(name: "webapp-release", version: "4.5.1") {
      # Filter artifacts that have evidence on the server
      artifactsConnection(first: 50, where: { hasEvidence: true }) {
        edges {
          node {
            # Retrieve fields needed for client-side filtering
            name
            packageType
            # And get the evidence for each one
            evidenceConnection(first: 5) {
              edges {
                node {
                  evidenceType
                  sha256
                }
              }
            }
          }
        }
      }
    }
  }
}

Note

In a real application, you would iterate through the query results If node.packageType is docker, you would then process its evidenceConnection.