Description: Export component scan results, SPDX SBOM doc or CycloneDX SBOM doc.
Security: Requires a valid user with the "Read" permission.
Usage: POST /xray/api/v1/component/exportDetails
Consumes: application/json
Produces: application/octet-stream
Request body:
Name | Type | Required/Optional | Description |
|---|---|---|---|
| string | required | Type of the package. Acceptable values: build, releaseBundle, docker, debian, npm, rpm, go, pypi, conan, terraform, alpine, nuget, cran, maven, huggingfaceml, cran, cargo, conda, composer |
| string | required | SHA256 checksum of the component. The request must include either this property or the component_name. If both are included they must correspond to the same component. |
| string | required | Name of the component e.g image:tag The request must include either this property or the sha_256. If both are included they must correspond to the same component. |
Scan results export options: | |||
| boolean | optional | Include violations in the export |
i | boolean | optional | Include ignored violations in the export |
| boolean | optional | Include license information in the export |
| boolean | optional | Exclude components with unknown licenses from the export |
| boolean | optional | Include security vulnerability information in the export |
| boolean | optional | Include operational risk information in the export |
| boolean | optional | Include information about secrets in the export |
| boolean | optional | Include information about services in the export |
| boolean | optional | Include information about applications in the export |
| boolean | optional | Include information about Infrastructure as Code (IaC) |
| string | required | Output format of the exported scan results. Acceptable values: pdf, csv, json - returns multiple files of the corresponding results in the requested format packed in a ZIP file. json_full - returns all the results in a single json. Note: SPDX and CycloneDX formats are set by the other properties below. |
SPDX SBOM doc export options: | |||
| boolean | optional | Generate SPDX format in the export |
| string | optional | Format of the SPDX output. Acceptable values: json, tag:value, xlsx |
CycloneDX SBOM doc export options: | |||
| boolean | optional | Generate CycloneDX format in the export |
| string | optional | Format of the CycloneDX output. Acceptable values: json, xml |
| boolean | optional | Include VEX in CycloneDX exported doc. |
Sample Request exporting the scan results:
{
"package_type": "docker",
"sha_256": "1d36301476dc57eb479e03d9e37a885dd751a6e6979f6f916a92c10cb7520e4e",
"component_name": "ics:latest",
"violations": true,
"include_ignored_violations": true,
"license": true,
"exclude_unknown": false,
"operational_risk": true,
"security": true,
"secrets": true,
"services": true,
"applications": true,
"output_format": "pdf"
}
Sample Request - exporting CycloneDX Doc:
{
"package_type": "docker",
"component_name": "ics:latest",
"sha_256": "1d36301476dc57eb479e03d9e37a885dd751a6e6979f6f916a92c10cb7520e4e",
"cyclonedx": true,
"cyclonedx_format": "json",
"vex": false
}
Sample Request - exporting SPDX and CycloneDX JSON Docs:
{
"package_type": "maven",
"component_name": "org.eclipse.jdt:ecj:3.12.3",
"spdx": true,
"spdx_format": "json",
"cyclonedx": true,
"cyclonedx_format": "json",
"vex": false
}
Response Codes
Response Codes | Description |
|---|---|
200 | Success |
400 | Invalid request payload |
403 | No permission to component |
500 | Failed to export component details |