The sbom export
command allows you to export an SBOM for a specified package from Endor Labs.
Usage
To export an SBOM for a specified package version named go://github.com/Dreamacro/clash@main
in Endor Labs.
endorctl sbom export --package-version-name=go://github.com/Dreamacro/clash@main
To export an SBOM for a specified package version given its UUID with the UUID of “653c625cd44ec559e19349dc” to a file called “sbom.json”
endorctl sbom export --package-version-uuid=653c625cd44ec559e19349dc >> sbom.json
Options
Flag | Environment Variable | Description |
---|---|---|
component-type |
ENDOR_SBOM_COMPONENT_TYPE |
Set the SBOM component type (application , or library ). (default application ) |
output-format |
ENDOR_SBOM_OUTPUT_FORMAT |
Set the SBOM format (json , or xml ) (default json ). |
package-version-name |
ENDOR_SBOM_PACKAGE_VERSION_NAME |
Name of the package version for which you want to generate an SBOM. |
package-version-uuid |
ENDOR_SBOM_PACKAGE_VERSION_UUID |
The UUID of the package version for which you want to generate an SBOM. |
timeout |
ENDOR_SBOM_TIMEOUT |
Set the timeout for the SBOM generation (default 30s ). |
with-vex |
ENDOR_SBOM_WITH_VEX |
Generate the corresponding VEX document along with the SBOM. |
project-uuid |
ENDOR_SBOM_PROJECT_UUID |
The UUID of the project for which you want to generate an SBOM. |
project-name |
ENDOR_SBOM_PROJECT_NAME |
Name of the project for which you want to generate an SBOM. |
app-name |
ENDOR_SBOM_APP_NAME |
Name of the application/library. Required for multi-package SBOM export. |
package-version-uuids |
ENDOR_SBOM_PACKAGE_VERSION_UUIDS |
The list of package version UUIDs to export an SBOM. |