CODEWITHSUNDEEP
restjfrog-clijfrog-xrayjfrog-container-registry
Arun Lal
Arun Lal

Reputation: 37

JFrog REST API to Export the X-ray SBOM report

I have created the following call to export the JFrog X-ray SBOM data

curl -u $USER_NAME:$API_KEY -X POST $ARTIFACT_DOMAIN_URL/xray/api/v1/component/exportDetails \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-o "test.json" \
-d '{
    "component_name": "docker://test-docker-image:latest",
    "package_type": "docker",
    "sha_256": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "violations": true,
    "include_ignored_violations": false,
    "license": true,
    "exclude_unknown": false,
    "security": true,
    "malicious_code": false,
    "iac": false,
    "services": false,
    "applications": false,
    "output_format": "json",
    "spdx": false,
    "cyclonedx": true,
    "cyclonedx_format": "json",
    "vex": false,
    "operational_risk": false
}'

The output is written on the test.json file, but it is in the binary format and I couldn't read it and also couldn't see the results on the terminal.

If I try to see the output on the terminal, I am getting the following waring message

Warning: Binary output can mess up your terminal. Use "--output -" to tell
Warning: curl to output it to your terminal anyway, or consider "--output
Warning: <FILE>" to save to a file.

If anyone knows the solution for this or any other method except from UI to export the X-ray SBOM data, please let me know.

Upvotes: 0

Views: 536

Answers (2)

Roy solomon
Roy solomon

Reputation: 1

"Hello, as Dor Tambour has mentioned, you should modify the output file option from -o "test.json" to -o "test.zip". Additionally, you have the option to change the output_format to PDF, as detailed in the JFrog Xray documentation: https://jfrog.com/help/r/xray-rest-apis/export-component-details-v2. I also encountered similar issues when trying to export my SBOM files. Using this approach, I was able to obtain the SBOM exactly as it appears when downloaded directly from the Artifactory UI.

Cheers, Roy"

Upvotes: 0

Dor Tambour
Dor Tambour

Reputation: 146

The JFrog REST-API export component details is exporting a zip file (thus a binary file) inside it you'll have all the files that you set as true (In your case cyclonedx)

Upvotes: 1

Related Questions