Export Component Details V2

Xray REST APIs

Products
JFrog Xray
Content Type
REST API
ft:sourceType
Paligo

Description: Export component scan results, SPDX SBOM doc or CycloneDX SBOM doc.

Security: Requires a valid user with the "Read" permission.

Usage: POST /xray/api/v2/component/exportDetails

Consumes: application/json

Produces: application/octet-stream

Request body:

Name

Type

Required/Optional

Description

component_name

string

required

Name of the component e.g image:tag

package_type

string

required

Type of the package. Acceptable values:

build, releaseBundle, releaseBundleV2, alpine, nuget, docker, npm, rpm, debian, go, pypi, conan, terraform, cran, maven, huggingfaceml, huggingface, cargo, conda, composer, npm, npm

path

string

required

path (Artifactory path) to the component

Scan results export options:

violations

boolean

optional

Include violations in the export

include_ignored_violations

boolean

optional

Include ignored violations in the export

license

boolean

optional

Include license information in the export

exclude_unknown

boolean

optional

Exclude components with unknown licenses from the export

vulnerabilities

boolean

optional

Include security vulnerabilities information in the export

operational_risk

boolean

optional

Include operational risk information in the export

secrets

boolean

optional

Include information about secrets in the export

services

boolean

optional

Include information about services in the export

applications

boolean

optional

Include information about applications in the export

iac

boolean

optional

Include information about Infrastructure as Code (IaC)

output_format

string

required

Output format of the exported scan results. Acceptable values:

pdf, csv, json - returns multiple files of the corresponding results in the requested format packed in a ZIP file.

json_full - returns all the results in a single json.

Note: SPDX and CycloneDX formats are set by their corresponding properties below.

SPDX SBOM doc export options:

spdx

boolean

optional

Generate SPDX format in the export

spdx_format

string

optional

Format of the SPDX output.

Acceptable values: json, tag:value, xlsx

CycloneDX SBOM doc export options:

cyclonedx

boolean

optional

Generate CycloneDX format in the export

cyclonedx_format

string

optional

Format of the CycloneDX output.

Acceptable values: json, xml

vex

boolean

optional

Include VEX in CycloneDX exported doc.

Sample Request exporting the scan results :

{
  "package_type": "docker",
  "component_name": "ics:latest",
  "path": "my-dockers/ics/latest/manifest.json",

  "violations": true,
  "include_ignored_violations": true,
  "license": true,
  "exclude_unknown": false,
  "operational_risk": true,
  "security": true,
  "secrets": true,
  "services": true,
  "applications": true,
  "output_format": "pdf"
}

Sample Request - exporting CycloneDX Doc:

{
  "package_type": "docker",
  "component_name": "image:tag",
  "path": "my-dockers/ics/latest/manifest.json",
  
  "cyclonedx": true,
  "cyclonedx_format": "json",
  "vex": false
}

Sample Request - exporting SPDX and CycloneDX JSON Docs:

{
  "package_type": "maven",
  "component_name": "org.eclipse.jdt:ecj:3.12.3",
  "path":"my-maven-local/ecj/ecj/3.12.3/ecj-3.12.3.jar",

  "spdx": true,
  "spdx_format": "json",
  "cyclonedx": true,
  "cyclonedx_format": "json",
  "vex": false
}

Response Codes:

Response Codes

Description

200

Success

400

Invalid request payload

403

No permission to component

500

Failed to export component details