Info
this capability requires toggling the following feature flag in Xray's system.yaml reports.sbomExportConfigEnabled: true
Feature is supported in Xray Version 3.108 or later.
Via UI
Creating Filter Property Set
- Go to Administration -> Artifactory Settings -> Property Sets
- Create a property-set called "sbom.report.filtered"
- Create a property (in this example we'll use "first-party-comps") and choose "Multi-Select"
- Enter the component Names you want to filter (with version number if you want to be explicit)
- Save the property set
Apply Property Set to Repositories
- Go to "Repositories" and under a repository "Advanced" Tab - select the "sbom.report.filtered" for the repository.
Applying Filter Set to Artifacts
- Go Artifactory -> Artifacts and choose a repository / artifact to apply the filter set to.
- Choose your newly created property set and in the values choose the components to filter.
- Toggle the "Recursive" Option to apply to all artifacts in the repository
That's It! Now when you'll export an SBOM report - your 1st party artifacts will not appear in the report.
Via REST API
Use Artifactory Set Property API
PATCH artifactory/api/metadata/artifact-repo?&recursiveProperties=0&atomicProperties=0
{
"props":{
"sbom.report.filtered.1st-party-comp1": "go://acme.com/acme-internal"
"sbom.report.filtered.1st-party-comp2": "pypi://acme-lib:5.13.0"
}
}