Skip to main content
The REST API is now versioned. For more information, see "About API versioning."

软件材料清单 (SBOM)

使用 REST API 导出存储库的软件材料清单 (SBOM)。

如果至少具有对存储库的读取访问权限,则可以通过 GitHub UI 或 GitHub REST API,将存储库的依赖项关系图导出为与 SPDX 兼容的软件物料清单 (SBOM)。 有关详细信息,请参阅“导出存储库的软件物料清单”。

本文提供有关 REST API 终结点的详细信息。

Export a software bill of materials (SBOM) for a repository.

Exports the software bill of materials (SBOM) for a repository in SPDX JSON format.

Parameters for "Export a software bill of materials (SBOM) for a repository."

标头
名称, 类型, 说明
accept string

Setting to application/vnd.github+json is recommended.

路径参数
名称, 类型, 说明
owner string 必须

The account owner of the repository. The name is not case sensitive.

repo string 必须

The name of the repository without the .git extension. The name is not case sensitive.

HTTP response status codes for "Export a software bill of materials (SBOM) for a repository."

Status codeDescription
200

OK

403

Forbidden

404

Resource not found

Code samples for "Export a software bill of materials (SBOM) for a repository."

get/repos/{owner}/{repo}/dependency-graph/sbom
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/OWNER/REPO/dependency-graph/sbom

Response

Status: 200
{ "sbom": { "SPDXID": "SPDXRef-DOCUMENT", "spdxVersion": "SPDX-2.3", "creationInfo": { "created": "2021-09-01T00:00:00Z", "creators": [ "Tool: GitHub.com-Dependency-Graph" ] }, "name": "github/example", "dataLicense": "CC0-1.0", "documentDescribes": [ "github/example" ], "documentNamespace": "https://github.com/github/example/dependency_graph/sbom-abcdef123456", "packages": [ { "SPDXID": "SPDXRef-Package", "name": "rubygems:rails", "versionInfo": "1.0.0", "downloadLocation": "NOASSERTION", "filesAnalyzed": false, "licenseConcluded": "MIT", "licenseDeclared": "MIT" } ] } }