Description: Export component scan results, SPDX SBOM doc or CycloneDX SBOM doc.
Security: Requires a valid user with the "Read" permission.
Usage: POST /xray/api/v2/component/exportDetails
Consumes: application/json
Produces: application/octet-stream
Request body:
Name | Type | Required/Optional | Description |
---|---|---|---|
| string | required | Name of the component e.g image:tag |
| string | required | Type of the package. Acceptable values: build, releaseBundle, releaseBundleV2, alpine, nuget, docker, npm, rpm, debian, go, pypi, conan, terraform, cran, maven, huggingfaceml, huggingface, cargo, conda, composer, npm, npm |
| string | required | path (Artifactory path) to the component |
Scan results export options: | |||
| boolean | optional | Include violations in the export |
| boolean | optional | Include ignored violations in the export |
| boolean | optional | Include license information in the export |
| boolean | optional | Exclude components with unknown licenses from the export |
| boolean | optional | Include security vulnerabilities information in the export |
| boolean | optional | Include operational risk information in the export |
| boolean | optional | Include information about secrets in the export |
| boolean | optional | Include information about services in the export |
| boolean | optional | Include information about applications in the export |
| boolean | optional | Include information about Infrastructure as Code (IaC) |
| string | required | Output format of the exported scan results. Acceptable values: pdf, csv, json - returns multiple files of the corresponding results in the requested format packed in a ZIP file. json_full - returns all the results in a single json. Note: SPDX and CycloneDX formats are set by their corresponding properties below. |
SPDX SBOM doc export options: | |||
| boolean | optional | Generate SPDX format in the export |
| string | optional | Format of the SPDX output. Acceptable values: json, tag:value, xlsx |
CycloneDX SBOM doc export options: | |||
| boolean | optional | Generate CycloneDX format in the export |
| string | optional | Format of the CycloneDX output. Acceptable values: json, xml |
| boolean | optional | Include VEX in CycloneDX exported doc. |
Sample Request exporting the scan results :
{ "package_type": "docker", "component_name": "ics:latest", "path": "my-dockers/ics/latest/manifest.json", "violations": true, "include_ignored_violations": true, "license": true, "exclude_unknown": false, "operational_risk": true, "security": true, "secrets": true, "services": true, "applications": true, "output_format": "pdf" }
Sample Request - exporting CycloneDX Doc:
{ "package_type": "docker", "component_name": "image:tag", "path": "my-dockers/ics/latest/manifest.json", "cyclonedx": true, "cyclonedx_format": "json", "vex": false }
Sample Request - exporting SPDX and CycloneDX JSON Docs:
{ "package_type": "maven", "component_name": "org.eclipse.jdt:ecj:3.12.3", "path":"my-maven-local/ecj/ecj/3.12.3/ecj-3.12.3.jar", "spdx": true, "spdx_format": "json", "cyclonedx": true, "cyclonedx_format": "json", "vex": false }
Response Codes:
Response Codes | Description |
---|---|
200 | Success |
400 | Invalid request payload |
403 | No permission to component |
500 | Failed to export component details |