sboms

Creates, updates, deletes, gets or lists a sboms resource.

Overview

Name	sboms
Type	Resource
Id	github.dependency_graph.sboms

Fields

The following fields are returned by SELECT queries:

export_sbom

Response

Name	Datatype	Description
name	string	The name of the SPDX document. (example: github/github)
SPDXID	string	The SPDX identifier for the SPDX document. (example: SPDXRef-DOCUMENT)
comment	string	An optional comment about the SPDX document. (example: Exact versions could not be resolved for some packages. For more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/)
creationInfo	object
dataLicense	string	The license under which the SPDX document is licensed. (example: CC0-1.0)
documentNamespace	string	The namespace for the SPDX document. (example: https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57)
packages	array
relationships	array
spdxVersion	string	The version of the SPDX specification that this document conforms to. (example: SPDX-2.3)

Methods

The following methods are available for this resource:

Name	Accessible by	Required Params	Optional Params	Description
export_sbom	select	owner, repo		Exports the software bill of materials (SBOM) for a repository in SPDX JSON format.

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

Name	Datatype	Description
owner	string	The account owner of the repository. The name is not case sensitive.
repo	string	The name of the repository without the .git extension. The name is not case sensitive.

SELECT examples

export_sbom

Exports the software bill of materials (SBOM) for a repository in SPDX JSON format.

SELECT
name,
SPDXID,
comment,
creationInfo,
dataLicense,
documentNamespace,
packages,
relationships,
spdxVersion
FROM github.dependency_graph.sboms
WHERE owner = '{{ owner }}' -- required
AND repo = '{{ repo }}' -- required
;