Software Bill of Materials
v5.12.1
Search this version
Software Bill of Materials
Software Bill of Materials
Title
Message
Create new category
What is the title of your new category?
Edit page index title
What is the title of the page index?
Edit category
What is the new title of your category?
Edit link
What is the new title and URL of your link?
JSON response
Copy Markdown
Open in ChatGPT
Open in Claude
Source code:
If the "Enable dependency check for source code" option is not enabled, please ignore all "dependencies" attributes
{
"final_verdict":{//the aggregated section for both direct and dependent libs
"blocked": <boolean> //true: found CVEs that have severities are higher than the configured threshold, otherwise it is false
"verdict": <string>
<"No Vulnerabilities Found" | "Vulnerabilities Found"> //explaination
"vulnerable_package_count": <int> //total direct and dependent vulnerable libs
"total_package_count": <int>, //total direct and dependent libs
"vulnerability_counts":{ // total unique direct and dependent vulnerabilities
"critical": <int>, //total critical CVE
"high": <int>, //total high CVE
"medium": <int>, //total medium CVE
"low": <int>, //total low CVE
"unknown": <int> //total unknown CVE, do not know the severity
},
"severity": <string> //highest CVE severity from direct and dependent libs
"dependencies_severity": <string>, //show if enable dependency detection
},
"overview_report": {
"scan_mode": "source_code", //source code or container
"severity": <string>, //the highest CVE severity from the direct libs
"is_partial_report": <boolean>, //if yes, please download the full SBOM report to see all packages info, by default, this JSON only returns 100 package info
"package_count": <int>, //total direct libs
"vulnerable_package_count": <int>, //total direct vulnerable libs
"vulnerability_count": <number> //total direct vulnerabilities
"vulnerability_counts":{ //direct vulnerabilities
"critical": <int>
"high": <int>
"medium": <int>
"low": <int>
"unknown": <int>
},
"dependencies_vulnerability_count": <int> //total vulnerabilities from the dependent libs
"dependencies_package_count": <int> //total dependent libs
"vulnerable_dependencies_package_count": <int> //total vulnerability in the dependent libs
"dependencies_severity": <string>, //highest CVE severity from the dependent libs
"dependencies_vulnerability_counts":{
"critical": <int>
"high": <int>
"medium": <int>
"low": <int>
"unknown": <int>
},
"packages": [//package details
//the below JSON is the info of one package, including the dependencies info of the package
{
"ecosystem": <string>,
"group": <string> ["lang_pkg"],
"package_name": <string>,
"package_version": <string>,
"target": <string>,//in case of source code, it is the input file name such as pom.xml, requirement.txt
"vulnerabilities": [
{
"id": <string>,
"severity": <string>,
"source": <string>,
"cwes": [<string>],
"fixed_versions": <string> //all fixed version > installed version,
"type": <string>, ["vuln", "potential_vuln"] //potential_vuln is returned when the libs in the input is not clearly defined, i.e: http-client: >2.0
}
],
"vulnerability_counts": {
"critical": <int>,
"high": <int>,
"low": <int>,
"medium": <int>,
"unknown": <int>
},
"dependencies_package_count": <int>// all detected dependencies for this package
"dependencies":
[ //empty if disable
{
"package_name": <string>, // only show if there is a vulnerability
"package_version": <string>,
"ecosystem": <string>,
"vulnerabilities": [
{
"id": <string>,
"severity": <string>,
"cwes": [<string>],
"source": <string>,
"fixed_versions": <string>
"type": <string>, ["vuln", "potential_vuln"]
}
],
"vulnerability_counts": {
"critical": <int>,
"high": <int>,
"medium": <int>,
"low": <int>,
"unknown": <int>
}
}
],
"dependencies_severity": <string>,
"dependencies_vulnerability_counts": { // the aggregated result of the vulnerable libs, empty if disable or no dependencies detection
"critical": <int>,
"high": <int>,
"low": <int>,
"medium": <int>,
"unknown": <int>
}
}
]
}
}
›
Container:
{
"final_verdict":{
"blocked": <boolean>
"verdict": <string>
["No Vulnerabilities Found" | "Found Vulnerabilities"]
"vulnerable_package_count": <int>
"total_package_count": <int>
"vulnerability_counts":{
"critical": <int>
"high": <int>
"medium": <int>
"low": <int>
"unknown": <int>
},
"severity": <string>
}
"scan_mode": "container",
"os_info": {
"os_name": <string>,
"os_version": <string>
},
"steps": [
{
"step": <int>,
"command": <string>,
"sha256": <string>,
"severity": <string>
"vulnerability_count": <number>
"packages": [
{
"arch": <string>,
"ecosystem": <string>,
"group": <string> ["os_pkg"],
"os_name": <string>,
"os_version": <string>,
"package_name": <string>,
"package_version": <string>,
"vulnerabilities": [
{
"id": <string>,
"severity": <string>,
"source": <string>,
"fixed_versions": <string>
}
],
"vulnerability_counts": {
"critical": <number>,
"high": <number>,
"low": <number>,
"medium": <number>,
"unknown": <number>
}
},
{
"ecosystem": <string>,
"group": <string> ["lang_pkg"],
"package_name": <string>,
"package_version": <string>,
}
]
}
]
}
Last updated on
Was this page helpful?
null
Discard Changes
Do you want to discard your current changes and overwrite with the template?
Archive Synced Block
Message
Create new Template
What is this template's title?
Delete Template
Message