Export Component Details V1 (Deprecated)

Xray REST APIs

Products
JFrog Xray
Content Type
REST API
ft:sourceType
Paligo

Description: Export component scan results, SPDX SBOM doc or CycloneDX SBOM doc.

Security: Requires a valid user with the "Read" permission.

Usage: POST /xray/api/v1/component/exportDetails

Consumes: application/json

Produces: application/octet-stream

Request body:

Name

Type

Required/Optional

Description

package_type

string

required

Type of the package. Acceptable values: build, releaseBundle, docker, debian, npm, rpm, go, pypi, conan, terraform, alpine, nuget, cran, maven, huggingfaceml, cran, cargo, conda, composer

sha_256

string

required

SHA256 checksum of the component.

The request must include either this property or the component_name.

If both are included they must correspond to the same component.

component_name

string

required

Name of the component e.g image:tag

The request must include either this property or the sha_256.

If both are included they must correspond to the same component.

Scan results export options:

violations

boolean

optional

Include violations in the export

include_ignored_violations

boolean

optional

Include ignored violations in the export

license

boolean

optional

Include license information in the export

exclude_unknown

boolean

optional

Exclude components with unknown licenses from the export

security

boolean

optional

Include security vulnerability information in the export

operational_risk

boolean

optional

Include operational risk information in the export

secrets

boolean

optional

Include information about secrets in the export

services

boolean

optional

Include information about services in the export

applications

boolean

optional

Include information about applications in the export

iac

boolean

optional

Include information about Infrastructure as Code (IaC)

output_format

string

required

Output format of the exported scan results. Acceptable values:

pdf, csv, json - returns multiple files of the corresponding results in the requested format packed in a ZIP file.

json_full - returns all the results in a single json.

Note: SPDX and CycloneDX formats are set by the other properties below.

SPDX SBOM doc export options:

spdx

boolean

optional

Generate SPDX format in the export

spdx_format

string

optional

Format of the SPDX output.

Acceptable values: json, tag:value, xlsx

CycloneDX SBOM doc export options:

cyclonedx

boolean

optional

Generate CycloneDX format in the export

cyclonedx_format

string

optional

Format of the CycloneDX output.

Acceptable values: json, xml

vex

boolean

optional

Include VEX in CycloneDX exported doc.

Sample Request exporting the scan results:

{
 "package_type": "docker",
 "sha_256": "1d36301476dc57eb479e03d9e37a885dd751a6e6979f6f916a92c10cb7520e4e",
 "component_name": "ics:latest",

 "violations": true,
 "include_ignored_violations": true,            
 "license": true,
 "exclude_unknown": false,
 "operational_risk": true,
 "security": true,
 "secrets": true,
 "services": true,
 "applications": true,
  "output_format": "pdf"
}

Sample Request - exporting CycloneDX Doc:

{
 "package_type": "docker",  
 "component_name": "ics:latest",
 "sha_256": "1d36301476dc57eb479e03d9e37a885dd751a6e6979f6f916a92c10cb7520e4e",

 "cyclonedx": true,
 "cyclonedx_format": "json",
 "vex": false
}

Sample Request - exporting SPDX and CycloneDX JSON Docs:

{
 "package_type": "maven",
 "component_name": "org.eclipse.jdt:ecj:3.12.3",
 
 "spdx": true,
 "spdx_format": "json",
 "cyclonedx": true,
 "cyclonedx_format": "json",
 "vex": false
}

Response Codes

Response Codes

Description

200

Success

400

Invalid request payload

403

No permission to component

500

Failed to export component details