This is the multi-page printable view of this section.
Click here to print.
Return to the regular view of this page.
sbom
Use the sbom command to import or export SBOMs to or from Endor Labs
The endorctl sbom command allows you to import or export SBOMs to or from Endor Labs.
Usage
The syntax of endorctl sbom is as follows:
endorctl sbom [subcommand] [flags]
The following subcommands are supported as part of endorctl api:
endorctl sbom import imports an SBOM to be managed by Endor Labs.endorctl sbom export allows you to export an SBOM from Endor Labs.
Options
| Flag |
Environment Variable |
Description |
format |
ENDOR_SBOM_FORMAT |
Set the SBOM format (cyclonedx, or SPDX) (default cyclonedx) |
1 - export
Use the sbom export command to export an SBOM for a software package from Endor Labs.
The sbom export command allows you to export an SBOM for a specified package from Endor Labs.
Usage
To export an SBOM for a specified package version named go://github.com/Dreamacro/clash@main in Endor Labs.
endorctl sbom export --package-version-name=go://github.com/Dreamacro/clash@main
To export an SBOM for a specified package version given its UUID with the UUID of “653c625cd44ec559e19349dc” to a file called “sbom.json”
endorctl sbom export --package-version-uuid=653c625cd44ec559e19349dc >> sbom.json
Options
| Flag |
Environment Variable |
Description |
component-type |
ENDOR_SBOM_COMPONENT_TYPE |
Set the SBOM component type (application, or library). (default application) |
output-format |
ENDOR_SBOM_OUTPUT_FORMAT |
Set the SBOM format (json, or xml) (default json). |
package-version-name |
ENDOR_SBOM_PACKAGE_VERSION_NAME |
Name of the package version for which you want to generate an SBOM. |
package-version-uuid |
ENDOR_SBOM_PACKAGE_VERSION_UUID |
The UUID of the package version for which you want to generate an SBOM. |
timeout |
ENDOR_SBOM_TIMEOUT |
Set the timeout for the SBOM generation (default 30s). |
with-vex |
ENDOR_SBOM_WITH_VEX |
Generate the corresponding VEX document along with the SBOM. |
project-uuid |
ENDOR_SBOM_PROJECT_UUID |
The UUID of the project for which you want to generate an SBOM. |
project-name |
ENDOR_SBOM_PROJECT_NAME |
Name of the project for which you want to generate an SBOM. |
app-name |
ENDOR_SBOM_APP_NAME |
Name of the application/library. Required for multi-package SBOM export. |
package-version-uuids |
ENDOR_SBOM_PACKAGE_VERSION_UUIDS |
The list of package version UUIDs to export an SBOM. |
2 - import
Use the SBOM import command to import SBOMs to Endor Labs
The sbom import command allows you to import SBOMs to Endor Labs to track your third party risk.
Usage
To import an SBOM to Endor Labs use the following command:
-
-
endorctl sbom import --sbom-file-path=/path/to/your/sbom.json
endorctl sbom import --format=spdx --sbom-file-path=/path/to/your/sbom.json
Options
| Flag |
Environment Variable |
Description |
format |
ENDOR_SBOM_FORMAT |
Set the SBOM format (cyclonedx, or SPDX) (default cyclonedx) |
sbom-file-path |
ENDOR_SBOM_FILE_PATH |
Set the file path to the SBOM to import. |