OBJECT

SpringArtifactSBOM

Represents a software bundle or unit. This is a hierarchical structure where one package may have other packages as dependencies.

link GraphQL Schema definition

  • type SpringArtifactSBOM implements ArtifactSBOM, Node {
  • # Domain-specific artifact sbom identifier
  • # unique identifier for a package, may be hash value or checksum generated from
  • # the package's content
  • artifactSBOMId: String!
  • # Connection of interconnected packages contained within a Package
  • #
  • # Arguments
  • # after: Return records after the given cursor, as per GraphQL
  • # Relay spec
  • # before: Return records before the given cursor, as per GraphQL
  • # Relay spec
  • # filter: This is not supported as of now, will be supported in
  • # future
  • # first: Return first N records in a paged response, as per
  • # GraphQL Relay spec
  • # sbomFilter: Input filters to filter Package Dependencies
  • # sort: Sort by one or more attributes
  • dependencies(
  • after: String,
  • before: String,
  • filter: QueryFilter,
  • first: Int,
  • sbomFilter: SpringArtifactSBOMFilterInput,
  • sort: [QuerySort!]
  • ): SpringArtifactSBOMConnection!
  • # Global opaque identifier to meet Node contract
  • id: ID!
  • # Latest Version of the package
  • latestVersion: String
  • # license is determined by the SPDX document creator (which is often an SBOM tool
  • # or the document creator in the case of disjunctive licenses)
  • # refer :
  • # https://fossa.com/blog/understanding-using-spdx-license-identifiers-license-expressions
  • licenseConcluded: String
  • # license is stated by the component (e.g. package or file) author
  • # refer :
  • # https://fossa.com/blog/understanding-using-spdx-license-identifiers-license-expressions
  • licenseDeclared: String
  • # Name of the package
  • name: String!
  • # Open-source support information about Package
  • ossSupport: SpringArtifactSBOMOssSupport
  • # Package URL - standardized format for representing package metadata.
  • # Eg. pkg:rpm/fedora/curl@7.50.3-1.fc25?arch=i386&distro=fedora-25 ,
  • # pkg:pypi/django@1.11.1
  • # Refer : https://github.com/package-url/purl-spec ,
  • # https://github.com/package-url/purl-spec/blob/master/PURL-SPECIFICATION.rst
  • packageUrl: String
  • # Effort required to upgrade Package
  • upgradeEffort: SpringArtifactSBOMUpgradeEffort
  • # Version of the package
  • version: String
  • # Connection of potential vulnerabilities detected for a Package.
  • # The vulnerabilities will be aggregated from all levels to the root,
  • #
  • # Arguments
  • # after: Return records after the given cursor, as per GraphQL
  • # Relay spec
  • # before: Return records before the given cursor, as per GraphQL
  • # Relay spec
  • # filter: Input filters to filter Package Dependencies
  • # first: Return first N records in a paged response, as per
  • # GraphQL Relay spec
  • # vulnerabilityFilter: Input filters to filter Vulnerabilities
  • vulnerabilities(
  • after: String,
  • before: String,
  • filter: QueryFilter,
  • first: Int,
  • vulnerabilityFilter: SpringArtifactSBOMVulnerabilityFilterInput
  • ): SpringArtifactVulnerabilityConnection!
  • # Package Vulnerability Summary based on severity type
  • vulnerabilitySummary: SpringArtifactSBOMVulnerabilitySummary
  • }