Release Lifecycle Management GraphQL
Get Release Bundle v2 Version (GraphQL)
Description: Returns the requested data for the Release Bundle v2 version defined by the One Model GraphQL query.
Important
When operating in a Self-Hosted environment, you must enable the Evidence service in the system.yaml file as a prerequisite to using this endpoint. Add the following:
evidence: enabled: true
Security: Requires a valid token; requires Read permissions for the specified Release Bundle
Usage: POST /onemodel/api/v1/graphql
Tip
To jump directly to common use cases & examples, click here.
Query a Release Bundle Version
Use the getVersion query to fetch a specific Release Bundle version. This is the primary entry point for all Release Bundle version data.
getVersion
Fetches a single Release Bundle version identified by its name, version, and location (repository or project).
query {
releaseBundleVersion {
getVersion(name: "my-release-bundle", version: "1.0.0") {
# Fields to retrieve
createdBy
createdAt
}
}
}| Field | Required/Optional | Type | Description |
|---|---|---|---|
name | required | String! | The name of the Release Bundle. |
version | required | String! | The Release Bundle version. |
repositoryKey | optional | String | The repository key where the Release Bundle is stored. The default is release-bundles-v2. |
projectKey | optional | String | The project key associated with the Release Bundle. If used without repositoryKey, it resolves to the project's default Release Bundle repository ([project-key]-release-bundles-v2). |
Repository Selection Logic
This API uses a specific order of preference to determine which repository to query:
- repositoryKey is provided: The query targets the specified repository directly. The
projectKeyis ignored, if provided. - projectKey is provided alone: The query targets the default Release Bundle repository within the specified project.
- Neither is provided: The query targets the default global repository,
release-bundles-v2.
ReleaseBundleVersion Type
This type represents a specific Release Bundle version and contains all its associated data.
Field | Type | Description |
|---|---|---|
| string | The user who created the Release Bundle version. |
| date | The timestamp of when the Release Bundle version was created. |
| ReleaseBundleVersionArtifact | Use this connection to retrieve a paginated list of artifacts included in the Release Bundle version. You can filter the results. |
| EvidenceConnection | Use this connection to retrieve a paginated list of evidence associated with the Release Bundle version. You can filter the results based on certain criteria:
For more information about evidence, see Search Evidence (GraphQL). |
| array:ReleaseBundleVersionBuild | A list of source builds used to create the Release Bundle version. |
Note
Fields such as
ReleaseBundleVersionArtifactandEvidenceConnectionuse a cursor-based pagination model, which is a standard GraphQL pattern for handling large data sets efficiently.
EvidenceConnectionrequires the following format:evidenceConnection { totalCount edges { node { predicateSlug predicateType...}}}
ReleaseBundleVersionArtifactrequires the following format:artifactConnection { totalCount edges { node { path name ...}}}For more information, see One Model GraphQL Common Patterns and Conventions.
Detailed Object Types
ReleaseBundleVersionArtifact
This type represents a single artifact within the Release Bundle version.
| Field | Type | Description |
|---|---|---|
path | string | The artifact path inside the Release Bundle. |
name | string | The artifact name. |
sha256 | SHA-256 | The SHA256 of the artifact. |
sourceRepositoryPath | string | The source path from which the artifact was added to the Release Bundle. |
packageType | string | The package type of the package to which the artifact belongs. |
packageName | string | The name of the package to which the artifact belongs. |
packageVersion | string | The version of the package to which the artifact belongs. |
size | integer | The artifact size. |
properties | array:ReleaseBundleVersionArtifactProperty | User-defined properties defined for the artifact. |
evidenceConnection | EvidenceConnection | Information related to the evidence associated with each artifact. For more details about evidence, see Search Evidence (GraphQL). |
ReleaseBundleVersionBuild
This type represents a build used as a source for the Release Bundle version.
| Field | Type | Description |
|---|---|---|
name | string | The name of the build-info in Artifactory. |
number | string | The build number. |
startedAt | date | The start time of the build. |
repositoryKey | string | The repository that contains the build-info. |
evidenceConnection | EvidenceConnection | Information related to the evidence associated with each artifact. For more details about evidence, see Search Evidence (GraphQL). |
ReleaseBundleVersionArtifactProperty
This type represents the key-value pairs defined as properties of the artifact.
| Field | Type | Description |
|---|---|---|
key | string | The property key. |
values | array:string | A list of values for the property. |
Status Codes
| Code | Message | Description |
|---|---|---|
| 200 | Ok | The request was successful. |
| 401 | Bad Credentials | The request failed because the provided authentication token is invalid or expired. |
| 403 | Permission Denied | The request failed because the authenticated user does not have the required Read permissions for the subject repository. |
Get Release Bundle v2 Version (GraphQL) Use Cases & Examples
This section contains practical examples that demonstrate how to solve common tasks with the Get Release Bundle v2 Version GraphQL API:
- Example 1: Fetching basic details
- Example 2: Retrieving all artifacts and their properties
- Example 3: Inspecting source builds
- Example 4: Paginating through a large set of artifacts
- Example 5: Full traceability from release to build evidence
- Example 6: Find all Docker images with evidence
Example 1: Fetching basic details
This GraphQL query retrieves the creator and creation date for a specific Release Bundle v2 version.
query GetVersionDetails {
releaseBundleVersion {
getVersion(name: "my-app", version: "2.1.0", projectKey: "my-proj") {
createdBy
createdAt
}
}
}cURL Request & Response
Request:
curl -X POST -H "Authorization: Bearer <YOUR_TOKEN>" -H "Content-Type: application/json" \
https://<YOUR_JFROG_URL>/onemodel/api/v1/graphql \
--data '{
"query": "query GetVersionDetails { releaseBundleVersion { getVersion(name: \"my-app\", version: \"2.1.0\", projectKey: \"my-proj\") { createdBy createdAt } } }"
}'Response:
{
"data": {
"releaseBundleVersion": {
"getVersion": {
"createdBy": "admin",
"createdAt": "2025-08-05T06:53:00.123Z"
}
}
}
}Example 2: Retrieving all artifacts and their properties
This query fetches all artifacts in a Release Bundle version and lists its associated properties. This is useful for auditing or generating a complete Software Bill of Materials (SBOM).
query GetAllArtifactsAndProperties {
releaseBundleVersion {
getVersion(name: "my-app", version: "3.0.0-GA") {
artifactsConnection(first: 50) { # Adjust 'first' as needed
edges {
node {
name
path
sha256
properties {
key
values
}
}
}
}
}
}
}Example 3: Inspecting source builds
You can query from the fromBuilds field to help understand the CI/CD origins of a Release Bundle version. This example retrieves the build name, number, and start time for all source builds.
query GetSourceBuilds {
releaseBundleVersion {
getVersion(name: "my-app", version: "3.0.0-GA", projectKey: "my-proj") {
fromBuilds {
name
number
startedAt
repositoryKey
}
}
}
}Example 4: Paginating through a large set of artifacts
If a Release Bundle version contains more artifacts than can be fetched in one request, you must paginate.
Step 1: Fetch the first page
This query returns the first 100 artifacts.
query GetFirstArtifactPage {
releaseBundleVersion {
getVersion(name: "large-bundle", version: "10.5.0") {
artifactsConnection(first: 100) {
totalCount
edges {
node {
name
}
}
pageInfo {
hasNextPage
endCursor # <-- Save this cursor!
}
}
}
}
}Step 2: Fetch the next page
Use the endCursor from the previous response in the after argument to get the next set of 100 results.
query GetNextArtifactPage {
releaseBundleVersion {
getVersion(name: "large-bundle", version: "10.5.0") {
artifactsConnection(first: 100, after: "YXJ0aWZhY3Q6Mg==") {
edges {
node {
name
}
}
pageInfo {
hasNextPage
endCursor
}
}
}
}
}Tip
To fetch all artifacts, repeat step 2 for as long as
hasNextPageistrue.
Example 5: Full traceability from release to build evidence
This query provides end-to-end traceability. It starts with a Release Bundle, drills down into its source builds, and retrieves the evidence associated with each of those builds. This is critical for compliance and auditing.
query FullTraceabilityAudit {
releaseBundleVersion {
getVersion(name: "mission-critical-app", version: "1.2.3") {
fromBuilds {
name
number
evidenceConnection(first: 10) {
edges {
node {
# Fields from the Evidence type
evidenceType
sha256
issuedBy
issuedAt
}
}
}
}
}
}
}Example 6: Find all Docker images with evidence
This query demonstrates a powerful workflow. It retrieves all artifacts, but you would filter them programmatically on the client side to find specific packageTypes (such as docker). It then fetches the associated evidence for each matching artifact. This enables you to find all Docker images that have a Security Scan evidence report.
query FindDockerImagesWithEvidence {
releaseBundleVersion {
getVersion(name: "webapp-release", version: "4.5.1") {
# Filter artifacts that have evidence on the server
artifactsConnection(first: 50, where: { hasEvidence: true }) {
edges {
node {
# Retrieve fields needed for client-side filtering
name
packageType
# And get the evidence for each one
evidenceConnection(first: 5) {
edges {
node {
evidenceType
sha256
}
}
}
}
}
}
}
}
}Note
In a real application, you would iterate through the query results If
node.packageTypeisdocker, you would then process its evidenceConnection.
Updated 7 days ago