OBJECT

HubArtifactSbomInfo

link GraphQL Schema definition

  • type HubArtifactSbomInfo implements ArtifactSBOM, Node {
  • # Domain-specific artifact sbom identifier
  • # unique identifier for a package, may be hash value or checksum generated from
  • # the package's content
  • artifactSBOMId: String!
  • # Connection packages used by this Package (transitive dependecies)
  • #
  • # Arguments
  • # after: Return records after the given cursor, as per GraphQL
  • # Relay spec
  • # before: Return records before the given cursor, as per GraphQL
  • # Relay spec
  • # filter: Input filters to filter Package Dependencies
  • # first: Return first N records in a paged response, as per
  • # GraphQL Relay spec
  • # sbomFilter: filter by package name and versions
  • dependencies(
  • after: String,
  • before: String,
  • filter: QueryFilter,
  • first: Int,
  • sbomFilter: HubArtifactSBOMFilterInput
  • ): ArtifactSBOMConnection!
  • # Global opaque identifier to meet Node contract
  • id: ID!
  • # license is determined by the SPDX document creator (which is often an SBOM tool
  • # or the document creator in the case of disjunctive licenses)
  • # refer :
  • # https://fossa.com/blog/understanding-using-spdx-license-identifiers-license-expressions
  • licenseConcluded: String
  • # license is stated by the component (e.g. package or file) author
  • # refer :
  • # https://fossa.com/blog/understanding-using-spdx-license-identifiers-license-expressions
  • licenseDeclared: String
  • # Name of the package
  • name: String!
  • # Package URL - standardized format for representing package metadata.
  • # Eg. pkg:rpm/fedora/curl@7.50.3-1.fc25?arch=i386&distro=fedora-25 ,
  • # pkg:pypi/django@1.11.1
  • # Refer : https://github.com/package-url/purl-spec ,
  • # https://github.com/package-url/purl-spec/blob/master/PURL-SPECIFICATION.rst
  • packageUrl: String!
  • # Version of the package
  • version: String!
  • # Connection of potential vulnerabilities detected for a Package.
  • # The vulnerabilities will be aggregated from dependent packages to this package
  • #
  • # Arguments
  • # after: Return records after the given cursor, as per GraphQL
  • # Relay spec
  • # before: Return records before the given cursor, as per GraphQL
  • # Relay spec
  • # filter: Input filters to filter Vulnerabilities
  • # first: Return first N records in a paged response, as per
  • # GraphQL Relay spec
  • # vulnerabilityFilter: filter by CVE_ID, severity and score
  • vulnerabilities(
  • after: String,
  • before: String,
  • filter: QueryFilter,
  • first: Int,
  • vulnerabilityFilter: HubArtifactVulnerabilityFilterInput
  • ): ArtifactVulnerabilityConnection
  • }

link Require by