This is the multi-page printable view of this section.
Click here to print.
Return to the regular view of this page.
sbom
Use the sbom command to import or export SBOMs to or from Endor Labs
The endorctl sbom command allows you to import or export SBOMs to or from Endor Labs.
Usage
The syntax of endorctl sbom is as follows:
endorctl sbom [subcommand] [flags]
The following subcommands are supported as part of endorctl api:
endorctl sbom import imports an SBOM to be managed by Endor Labs.endorctl sbom export allows you to export an SBOM from Endor Labs.
Options
| Flag |
Environment Variable |
Description |
format |
ENDOR_SBOM_FORMAT |
Set the SBOM format (cyclonedx, or SPDX) (default cyclonedx) |
1 - export
Use the sbom export command to export an SBOM for a software package from Endor Labs.
The sbom export command allows you to export an SBOM for a specified package from Endor Labs.
Usage
To export an SBOM for a specified package version named “go://github.com/Dreamacro/clash@master” in Endor Labs.
endorctl sbom export --package-version-name=go://github.com/Dreamacro/clash@master
To export an SBOM for a specified package version given its UUID with the UUID of “653c625cd44ec559e19349dc” to a file called “sbom.json”
endorctl sbom export --package-version-uuid=653c625cd44ec559e19349dc >> sbom.json
Options
| Flag |
Environment Variable |
Description |
component-type |
ENDOR_SBOM_COMPONENT_TYPE |
Set the SBOM component type (application, or library). (default application) |
output-format |
ENDOR_SBOM_OUTPUT_FORMAT |
Set the SBOM format (json, or xml) (default json). |
package-version-name |
ENDOR_SBOM_PACKAGE_VERSION_NAME |
Name of the package version to create an SBOM for. |
package-version-uuid |
ENDOR_SBOM_PACKAGE_VERSION_UUID |
UUID of the package version to create an SBOM for. |
timeout |
ENDOR_SBOM_TIMEOUT |
Set the timeout for the SBOM generation (default 30s). |
with-vex |
ENDOR_SBOM_WITH_VEX |
Also generate the corresponding VEX document. |
2 - import
Use the SBOM import command to import SBOMs to Endor Labs
The sbom import command allows you to import SBOMs to Endor Labs to track your third party risk.
Usage
To import an SBOM to Endor Labs use the following command:
-
-
endorctl sbom import --sbom-file-path=/path/to/your/sbom.json
endorctl sbom import --format=spdx --sbom-file-path=/path/to/your/sbom.json
Options
| Flag |
Environment Variable |
Description |
format |
ENDOR_SBOM_FORMAT |
Set the SBOM format (cyclonedx, or SPDX) (default cyclonedx) |
sbom-file-path |
ENDOR_SBOM_FILE_PATH |
Set the file path to the SBOM to import. |