Try JFrog
Guides
Contact SupportTry JFrog
Start typing to search…
  1. Integrations
  2. JFrog API

Deprecated JFrog APIs

JFrog APIs that have been deprecated are archived here until being decommissioned. Note there will not be OpenAPI specification endpoints created for these legacy APIs. For an overview of available OpenAPI specification endpoints that are available, see OpenAPI Specifications.

Get Users (deprecated)

📘

Note

  • From Artifactory release 7.49.3, this API is being replaced by the GET Users (SCIM) API available in the JFrog Platform.
  • Requires Artifactory Pro.

Description: Get the list of users.

Since: 2.4.0

To support spaces in the User, Group, or Permission names, a plus symbol ('+') is automatically placed when there is a space. This is set by default because the property artifactory.security.api.plus.insteadof.space is set to true. If you want to use the plus symbol ('+'), set artifactory.security.api.plus.insteadof.space to false.

Security: Requires an admin user.

Usage: GET /artifactory/api/security/users

Produces: application/json (application/vnd.org.jfrog.artifactory.security.Users+json)

Sample Output:

GET /artifactory/api/security/users
[
  {
    "name": "davids"
    "uri" : "http://localhost:8082/artifactory/api/security/users/davids"
    "realm" : "internal"
  }, {
    "name": "danl"
    "uri" : "http://localhost:8082/artifactory/api/security/users/danl"
    "realm" : "ldap"
  }
]

Create or Replace User (deprecated)

📘

Note

  • From Artifactory release 7.49.3, this API is being replaced by the Create User API available in the JFrog Platform.
  • Requires Artifactory Pro.

Description: Creates a new user in Artifactory or replaces an existing user.

Since: 2.4.0

Missing values will be set to the default values as defined by the consumed type.

Security: Requires an admin user

Usage: PUT /artifactory/api/security/users/{userName}

Consumes: application/json (application/vnd.org.jfrog.artifactory.security.User+json)

Sample Usage:

PUT /artifactory/api/security/users/davids
{
  user.json
}

Update User (deprecated)

📘

Note

  • From Artifactory release 7.49.3, this API is being replaced by the Update a User API available in the JFrog Platform.
  • Requires Artifactory Pro.

Description: Updates an existing user in Artifactory with the provided user details.

Since: 2.4.0

Missing values will be set to the default values as defined by the consumed type.

To support spaces in the User, Group, or Permission names, a plus symbol ('+') is automatically placed when there is a space. This is set by default because the property artifactory.security.api.plus.insteadof.space is set to true. If you want to use the plus symbol ('+'), set artifactory.security.api.plus.insteadof.space to false.

Security: Requires an admin user.

Usage: POST /artifactory/api/security/users/{userName}

Consumes: application/json (application/vnd.org.jfrog.artifactory.security.User+json)

Sample Usage:

POST /artifactory/api/security/users/davids
{
  user.json
}

Delete User (deprecated)

📘

Note

  • From Artifactory release 7.49.3, this API is being replaced by the Delete User API available in the JFrog Platform.
  • Requires Artifactory Pro.

Description: Removes an Artifactory user.

Since: 2.4.0

To support spaces in the User, Group, or Permission names, a plus symbol ('+') is automatically placed when there is a space. This is set by default because the property artifactory.security.api.plus.insteadof.space is set to true. If you want to use the plus symbol ('+'), set artifactory.security.api.plus.insteadof.space to false.

Security: Requires an admin user

Usage: DELETE /artifactory/api/security/users/{userName}

Produces: application/text

Sample Usage:

DELETE /artifactory/api/security/users/davids

User 'davids' has been removed successfully.

Expire Password for a Single User (deprecated)

📘

Note

Description: Expires a user's password.

Since: 4.4.2

Security: Requires an admin user.

Usage: POST /artifactory/api/security/users/authorization/expirePassword/{userName}

Sample Usage:

POST /artifactory/api/security/users/authorization/expirePassword/davids

Change Password (deprecated)

📘

Note

  • From Artifactory release 7.49.3, this API is being replaced by the Change a User Password API available in the JFrog Platform.
  • Requires Artifactory Pro.

Description: Changes a user's password.

Since: 4.4.2

Security: Admin can apply this method to all users, and each (non-anonymous) user can use this method to change their own password.

Usage: POST /artifactory/api/security/users/authorization/changePassword -H "Content-type: application/json" -d ' { "userName" : "{user}", "oldPassword" : "{old password}", "newPassword1" : "{new password}", "newPassword2" : "{verify new password}" }

Produces: application/text

Sample Usage:

POST /artifactory/api/security/users/authorization/changePassword -H "Content-type: application/json" -d '{ "userName" : "davids", "oldPassword" : "op", "newPassword1" : "np", "newPassword2" : "np" }'

Unlock Locked Out User (deprecated)

📘

Note

  • From Artifactory release 7.49.3, this API is being replaced by the Unlock User API available in the JFrog Platform.
  • Requires Artifactory Pro.

Description: Unlocks a single user who was locked out due to recurrent incorrect login attempts.

Security: Requires a valid admin user

Usage: POST /artifactory/api/security/unlockUsers/{userName}

Produces: application/text

Since: 4.4

Sample Usage:

POST /artifactory/api/security/unlockUsers/{userName}

Get Groups (deprecated)

📘

Note

  • From Artifactory release 7.49.3, this API is being replaced by the Get a List of Groups API available in the JFrog Platform.
  • Requires Artifactory Pro.

Description: Get the groups list.

Since: 2.4.0

Security: Requires an admin user

To support spaces in the User, Group, or Permission names, a plus symbol ('+') is automatically placed when there is a space. This is set by default because the property artifactory.security.api.plus.insteadof.space is set to true. If you want to use the plus symbol ('+'), set artifactory.security.api.plus.insteadof.space to false.

Usage: GET /artifactory/api/security/groups

Produces: application/json (application/vnd.org .jfrog.artifactory.security.Users+json) , application/json (application/vnd.org.jfrog.artifactory.security.Groups+json), application/json (application/vnd.org.jfrog.artifactory.security.PermissionTargets+json)

Sample Output:

GET /artifactory/api/security/groups
[
  {
    "name": "readers"
    "uri" : "http://localhost:8081/artifactory/api/security/groups/readers"
  }, {
    "name": "tech-leads"
    "uri" : "http://localhost:8081/artifactory/api/security/groups/tech-leads"
  }
]

Get Group Details (deprecated)

📘

Note

  • From Artifactory release 7.49.3, this API is being replaced by the Get Group Details API available in the JFrog Platform.
  • Requires Artifactory Pro.

Description: Get the details of an Artifactory Group

Since: 2.4.0

From Artifactory version 6.13, you can use the includeUsers parameter (includeUsers=true) to get the users' details.

Security: Requires an admin user

Usage: GET /artifactory/api/security/groups/{groupName}

Produces: application/json (application/vnd.org .jfrog.artifactory.security.Group+json)

Sample Output:

GET /artifactory/api/security/groups/dev-leads
{
group.json
}

Create or Replace Group (deprecated)

📘

Note

  • From Artifactory release 7.49.3, this API is being replaced by the Create or Replace Group API available in the JFrog Platform.
  • Requires Artifactory Pro.

Description: Creates a new group in Artifactory or replaces an existing group

Since: 2.4.0

📘

Note

Missing values will be set to the default values as defined by the consumed type

To support spaces in the User, Group, or Permission names, a plus symbol ('+') is automatically placed when there is a space. This is set by default because the property artifactory.security.api.plus.insteadof.space is set to true. If you want to use the plus symbol ('+'), set artifactory.security.api.plus.insteadof.space to false.

Security: Requires an admin user

Usage: PUT /artifactory/api/security/groups/{groupName}

Consumes: application/json (application/vnd.org.jfrog.artifactory.security.Group+json)

Sample Usage:

PUT /artifactory/api/security/groups
{
group.json
}

Update Group (deprecated)

📘

Note

  • From Artifactory release 7.49.3, this API is being replaced by the Group Update API available in the JFrog Platform.
  • Requires Artifactory Pro.

Description: Updates an existing group in Artifactory with the provided group details.

Since: 2.4.0

To support spaces in the User, Group, or Permission names, a plus symbol ('+') is automatically placed when there is a space. This is set by default because the property artifactory.security.api.plus.insteadof.space is set to true. If you want to use the plus symbol ('+'), set artifactory.security.api.plus.insteadof.space to false.

From Artifactory 7.15.3, you can enforce using lower-case characters in user names when associating users to groups by setting the validate.lowercase.username.on.groupto true. The default is set to false. When set to true, an error will be generated if an upper-case character is used in a user name.

Security: Requires an admin user

Usage: POST /artifactory/api/security/groups/{groupName}

Consumes: application/json (application/vnd.org.jfrog.artifactory.security.Group+json)

Sample Usage:

POST /artifactory/api/security/groups/dev-leads
{
group.json
}

Delete Group (deprecated)

📘

Note

  • From Artifactory release 7.49.3, this API is being replaced by the Delete a Group API available in the JFrog Platform.
  • Requires Artifactory Pro.

Description: Removes an Artifactory group.

Since: 2.4.0

To support spaces in the User, Group, or Permission names, a plus symbol ('+') is automatically placed when there is a space. This is set by default because the property artifactory.security.api.plus.insteadof.space is set to true. If you want to use the plus symbol ('+'), set artifactory.security.api.plus.insteadof.space to false.

Security: Requires an admin user

Usage: DELETE /artifactory/api/security/groups/{groupName}

Produces: application/text

Sample Usage:

DELETE /artifactory/api/security/groups/dev-leads

Group 'dev-leads' has been removed successfully.

Create Token (deprecated)

📘

Note

This API is being deprecated and replaced by the Create Token API.

Description: Creates an access token

Since: 5.0.0

Security: Requires a valid user

Usage: POST /artifactory/api/security/token

Content-Type: application/x-www-form-urlencoded

Produces: application/json

{
   "access_token":   "<the access token>",
   "expires_in":    <Validity period in seconds>,
   "scope":         "<access scope>",
   "token_type":    "Bearer",
   "refresh_token": "<the refresh token if access_token is refreshable>"
}

Sample Usage:

curl -uadmin:password -XPOST "http://localhost:8082/artifactory/api/security/token" -d "username=johnq" -d "scope=member-of-groups:readers"
 
200
{
   "access_token":   "adsdgbtybbeeyh...",
   "expires_in":    3600,
   "scope":         "api:* member-of-groups:readers",
   "token_type":    "Bearer",
   "refresh_token": "fgsfgsdugh8dgu9s8gy9hsg..."
}

This endpoint takes the following parameters:

Parameter

Description

grant_type

[Optional, default: "client_credentials"]

The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified.

username

The user name for which this token is created. If the user does not exist, a transient user is created. Non-admin users can only create tokens for themselves so they must specify their own username.

If the user does not exist, the member-of-groups scope token must be provided (e.g. member-of-groups: g1, g2, g3...).

scope

The scope to assign to the token, provided as a space-separated list of scope tokens. Currently, there are three possible scope tokens:

  • "api:*" - indicates that the token grants access to REST API calls. This is always granted by default whether specified in the call or not.

  • member-of-groups:[<group-name>] - indicates the groups that the token is associated with (e.g. member-of-groups: g1, g2, g3...). The token grants access according to the permission targets specified for the groups listed.

    If any of the group names includes a space character, the whole value should be enclosed in escaped quotation marks. For example:

    scope=member-of-groups:"readers,test group"

    Specify "*" for group-name to indicate that this is a "user-scoped token", i.e., the token provides the same access privileges that the current subject, as specified in the username parameter, has, and is therefore evaluated dynamically.

    A non-admin user can only provide a scope that is a subset of the groups to which the user belongs.

  • "jfrt@<instance-id>:admin" - provides admin privileges on the specified Artifactory instance. This is only available for administrators.

expires_in

[Optional, default: 3600]

The time in seconds for which the token will be valid. To specify a token that never expires, set to zero. Non-admin can only set a value that is equal to or less than the default 3600.

refreshable

[Optional, default: false]

If true, this token is refreshable and the refresh token can be used to replace it with a new token once it expires.

audience

[Optional, default: Only the service ID of the Artifactory instance that created the token]

A space-separate list of the other Artifactory instances or services that should accept this token identified by their Artifactory Service IDs as obtained from the Get Server ID endpoint.

In case you want the token to be accepted by all Artifactory instances you may use the following audience parameter "audience=jfrt@*".

Refresh Token (deprecated)

This API is being deprecated and replaced by the Create Token API.

Description: Refresh an access token to extend its validity. If only the access token and the refresh token are provided (and no other parameters), this pair is used for authentication. If username or any other parameter is provided, then the request must be authenticated by a token that grants admin permissions.

Since: 5.0.0

Security: Requires a valid user (unless both access token and refresh token are provided)

Usage: POST /artifactory/api/security/token

Content-Type: application/x-www-form-urlencoded

Produces: application/json (refer to Create Token)

Sample Usage:

curl -XPOST "http://localhost:8082/artifactory/api/security/token" -d "grant_type=refresh_token" -d "refresh_token=fgsg53t3g…" -d "access_token=gsfdgw35gt..."
 
200 (Success) As in Create Token
 
400 (Error) If the token was created by a different Artifactory instance (and hence cannot be refreshed)

Parameter

Description

grant_type

Should be set to refresh_token.

refresh_token

The refresh token of the access token that needs to be refreshed.

access_token

The access token to refresh.

Note: access_token and username are mutually exclusive, so only one of these parameters should be specified. If access_token is provided, the new token is created with the same settings as that token.

username

The user name for which this token is created. If the user does not exist, a transient user is created. Non-admin users can only create tokens for themselves so they must specify their own username.

If the user does not exist, the member-of-groups scope token must be provided (e.g. member-of-groups: g1, g2, g3...).

Note: access_token and username are mutually exclusive, so only one of these parameters should be specified.

scope

The scope to assign to the token, provided as a space-separated list of scope tokens. Currently, there are three possible scope tokens:

  • "api:*" - indicates that the token grants access to REST API calls. This is always granted by default whether specified in the call or not.

  • member-of-groups:[<group-name>] - indicates the groups that the token is associated with (e.g. member-of-groups: g1, g2, g3...). The token grants access according to the permission targets specified for the groups listed.

    If any of the group names includes a space character, the whole value should be enclosed in escaped quotation marks. For example:

    scope=member-of-groups:"readers,test group"

    Specify "*" for group-name to indicate that this is a "user-scoped token", i.e., the token provides the same access privileges that the current subject, as specified in the username parameter, has, and is therefore evaluated dynamically.

    A non-admin user can only provide a scope that is a subset of the groups to which the user belongs.

  • "jfrt@<instance-id>:admin" - provides admin privileges on the specified Artifactory instance. This is only available for administrators.

expires_in

[Optional, default: 3600]

The time in seconds for which the token will be valid. To specify a token that never expires, set to zero. Non-admin can only set a value that is equal to or less than the default 3600.

refreshable

[Optional, default: false]

If true, this token is refreshable and the refresh token can be used to replace it with a new token once it expires.

audience

[Optional, default: Only the service ID of the Artifactory instance that created the token]

A space-separate list of the other Artifactory instances or services that should accept this token identified by their Artifactory Service IDs as obtained from the Get Server ID endpoint.

In case you want the token to be accepted by all Artifactory instances you may use the following audience parameter "audience=jfrt@*".

Get Tokens (deprecated)

📘

Note

This API is being deprecated and replaced by the Get Tokens API.

Description: Get a list of all tokens created by an Artifactory instance

Since: 5.0.0

Security: Requires an admin user.

Usage: GET /artifactory/api/security/token

Content-Type: application/x-www-form-urlencoded

Produces: application/json

{
  "tokens":[
    {
      "token_id":"<the token id>",
      "issuer":"<the service ID of the issuing Artifactory instance>",
      "subject":"<subject>",
      "expiry": <time when token expires as seconds since 00:00:00 1/1/1970>,
      "refreshable":<true | false>,
      "issued_at":<time issued as seconds since 00:00:00 1/1/1970>,
    }, ...
  ]
}

Sample Usage:

curl -uadmin:password -XGET "http://localhost:8082/artifactory/api/security/token

 
200 OK
{
  "tokens":[
    {
      "token_id":"123",
      "issuer":"jf-artifactory@123123",
      "subject":"jf-artifactory@123123/users/theusername",
      "expiry":145154545,
      "refreshable":true,
      "issued_at":144152345
    }, ...
  ]
}

Revoke Token (deprecated)

📘

Note

This API is being deprecated and replaced by the Revoke Token by ID and Revoke Token by Value APIs.

Description: Revoke an access token by specifying the token or the token_id.

Since: 5.0.0

Security: Requires an admin user.

Usage: POST /artifactory/api/security/token/revoke

Content-Type: application/x-www-form-urlencoded

Produces: application/json

Sample Usage:

curl -uadmin:password -XPOST "http://localhost:8082/artifactory/api/security/token/revoke" -d "token=fasdt3..."
or
curl -uadmin:password -XPOST "http://localhost:8082/artifactory/api/security/token/revoke" -d "token_id=7e0eec..."
 
200 OK (Also returned if the token was already revoked or non-existent)
 
400 (Error) If the token was created by a different Artifactory instance (and hence cannot be revoked)

This endpoint can take either of the following parameters:

ParameterDescription
tokenThe token to be revoked.
token_idThe ID of the token to be revoked.

Save Security Configuration (deprecated)

📘

Note

This REST API is deprecated from Artifactory 7.x and later. JFrog recommends replace this API with Export Access Configuration REST API , which uses the access.bootstrap.json.

Description: Saves the security configuration (security.xml). Requires the security.xml file from the same version.

Since: From Artifactory 2.2.0 - 6.x.

Security: Requires a valid admin user

Usage: POST /artifactory/api/system/security

Consumes: application/xml

Sample Usage:

POST /artifactory/api/system/security

<security.xml/>

Expire Password for All Users (deprecated)

📘

Note

Description: Expires a password for all users.

Since: 4.4.2

Security: Requires an admin user.

Usage: POST /artifactory/api/security/users/authorization/expirePasswordForAllUsers

Sample Request:

POST https://[JFrogPlatformURL]/artifactory/api/security/users/authorization/expirePasswordForAllUsers

Remote Repository Configuration (deprecated)


📘

Note

This API is deprecated. Use the Get Repository Configuration API instead.

Description: Returns the shared configuration of a remote repository.

Since: 2.2.0

Security: Requires a valid user for a shared remote repository and admin user for anything else. Shared remote repository data will be sanitized for security when non-admin user is used.

Usage: GET /artifactory/api/repositories/{remoteRepoName}/configuration

Produces: application/json (application/vnd.org.jfrog.artifactory.repositories.SharedRemoteRepositoryConfiguration+json)

Sample Output:

GET /artifactory/api/repositories/remote-repo/configuration

{
repository-config.json
}

Folder Sync (deprecated)

📘

Note

Requires Artifactory Pro.

Description: Triggers a no-content download of artifacts from a remote Artifactory repository for all artifacts under the specified remote folder. Can optionally delete local files if they do not exist in the remote folder, overwrite local files only if they are older than remote files, or never overwrite local files.

The default is not to delete any local files and to overwrite older local files with remote ones. By default progress marks of the sync are displayed. The default timeout for the remote file list is 15000 milliseconds (15 seconds).

Security: Requires a privileged user (can be anonymous). For non-admin users will replicate at max the number of files as defined by the artifactory.search.userQueryLimit system property.

Usage: GET artifactory/api/sync/{remoteRepositoryKey}/{folderPath}[?progress=showProgress][&mark=numOfBytesToPrintANewProgressMark][&delete=deleteExistingFiles][&overwrite=never/force][&timeout=fileListTimeoutInMillis]

Produces: text/plain

Since: 2.2.4

Sample Output:

GET artifactory/api/sync/my-remote/org/acme/1.0?progress=1&delete=1
.....................................................
.....................................................
.....................................................
..........................................

Completed: 970/1702 bytes
.....................................................
..................
Completed: 1702/1702 bytes
Completed with 0 errors and 2 warnings (please check the server log for more details).

File Compliance Info (deprecated)

📘

Note

This API is deprecated from Artifactory version 5.0.

Description: Get compliance info for a given artifact path. The result includes license and vulnerabilities if any. Supported by local and local-cached repositories.

Since: 3.0.0

Security: Requires an authenticated user.

Usage: GET: artifactory/api/compliance/{repoKey}/{item-path}

Produces: application/json

Sample Output:

GET: artifactory/api/compliance/libs-release-local/ch/qos/logback/logback-classic/0.9.9/logback-classic-0.9.9.jar
{
  "licenses" : [ {"name":"LGPL v3", "url": "http://"}, {"name":"APL v2", "url": "http://"}... ],
  "vulnerabilities" : [ {"name":"CVE-13427", "url": "http://"}, {"name":"CVE-1041", "url": "http://"}...  ]
}

Pull/Push Replication (deprecated)

📘

Note

This API is deprecated. Use the Pull/Push Replication API instead.

Description: Schedules immediate content replication between two Artifactory instances. Replication can include properties and can optionally delete local items if they do not exist in the source repository.

This API completes the existing cron-based replication exposed via the Artifactory UI and allows for on-demand execution.

  • Pull Replication: Pulls content from a remote Artifactory repository to a local cache of the remote repository.
  • Push Replication: Pushes content from a local repository into a remote Artifactory local repository.

Supported by local, local-cached, and remote repositories.

Notes: Requires Artifactory Pro

Security: Requires a privileged user (can be anonymous) For non-admin users, will replicate at max the number of files as defined by the artifactory.search.userQueryLimit system property.

Usage: POST /api/replication/{srcRepoKey}/{srcPath}

Consumes: application/json (application/vnd.org.jfrog.artifactory.replication.ReplicationRequest+json)

Since: 2.4.0

Sample Usage:

POST /api/replication/libs-release-local/com/acme
{
  //The following is only applicable for push replication
  + "url" : "https://repo.nmiy.org/repo-key", // The remote repository URL
  + "username": "replicator", //The name of a user with deploy permissions on the remote repository
  + "password": "***", //The remote repository password
  - "properties": true, //Sync item properties (true by default)
  - "delete": true, //Sync deletions (false by default)
  - "proxy": "org-prox", //A name of an Artifactory-configured proxy to use for remote requests
}

Export Component Details V1 (deprecated)

Description: Export component scan results, SPDX SBOM doc or CycloneDX SBOM doc.

Security: Requires a valid user with the "Read" permission.

Usage: POST /xray/api/v1/component/exportDetails

Consumes: application/json

Produces: application/octet-stream

Request Body:

Name

Type

Required/Optional

Description

package_type

string

required

The type of package. Acceptable values: build, releaseBundle, docker, debian, npm, rpm, go, pypi, conan, terraform, alpine, nuget, cran, maven, huggingfaceml, cran, cargo, conda, composer.

sha_256

string

required

SHA256 checksum of the component.

Note: The request must include either this property or component_name. If both are included, they must correspond to the same component.

component_name

string

required

The name of the component, e.g image:tag.

Note: The request must include either this property or sha_256. If both are included, they must correspond to the same component.

Scan results export options:

violations

boolean

optional

Include violations in the export.

include_ignored_violations

boolean

optional

Include ignored violations in the export.

license

boolean

optional

Include license information in the export.

exclude_unknown

boolean

optional

Exclude components with unknown licenses from the export.

security

boolean

optional

Include security vulnerability information in the export.

operational_risk

boolean

optional

Include operational risk information in the export.

secrets

boolean

optional

Include information about secrets in the export.

services

boolean

optional

Include information about services in the export

applications

boolean

optional

Include information about applications in the export.

iac

boolean

optional

Include information about Infrastructure as Code (IaC)

output_format

string

required

Output format of the exported scan results. Acceptable values:

  • pdf, csv, json: returns multiple files of the corresponding results in the requested format packed in a ZIP file.
  • json_full: returns all the results in a single json.

Note: SPDX and CycloneDX formats are set by the other properties below.

SPDX SBOM doc export options:

spdx

boolean

optional

Generate SPDX format in the export.

spdx_format

string

optional

Format of the SPDX output.

Acceptable values: json, tag:value, xlsx

CycloneDX SBOM doc export options:

cyclonedx

boolean

optional

Generate CycloneDX format in the export

cyclonedx_format

string

optional

Format of the CycloneDX output.

Acceptable values: json, xml

vex

boolean

optional

Include VEX in CycloneDX exported doc.

Sample Request exporting the scan results:

{
 "package_type": "docker",
 "sha_256": "1d36301476dc57eb479e03d9e37a885dd751a6e6979f6f916a92c10cb7520e4e",
 "component_name": "ics:latest",

 "violations": true,
 "include_ignored_violations": true,            
 "license": true,
 "exclude_unknown": false,
 "operational_risk": true,
 "security": true,
 "secrets": true,
 "services": true,
 "applications": true,
  "output_format": "pdf"
}

Sample Request - exporting CycloneDX Doc:

{
 "package_type": "docker",  
 "component_name": "ics:latest",
 "sha_256": "1d36301476dc57eb479e03d9e37a885dd751a6e6979f6f916a92c10cb7520e4e",

 "cyclonedx": true,
 "cyclonedx_format": "json",
 "vex": false
}

Sample Request - exporting SPDX and CycloneDX JSON Docs:

{
 "package_type": "maven",
 "component_name": "org.eclipse.jdt:ecj:3.12.3",
 
 "spdx": true,
 "spdx_format": "json",
 "cyclonedx": true,
 "cyclonedx_format": "json",
 "vex": false
}

Response Codes

Response CodesDescription
200Success
400Invalid request payload
403No permission to component
500Failed to export component details

Updated 5 days ago