search
Book a demo

sbomLib

Represents a software library found in the SBOM with detailed metadata.

hashtag
Examples

type SbomLib {
  id: String
  references: [SbomReference]
  appType: String
  language: String
  libId: String
  libraryName: String
  libraryVersion: String
  license: String
  appName: String
  location: String
  dependencyType: String
  source: String
  appId: String
  locationLink: String
  appLink: String
  pkgName: String
  copyWriteInfo: [String]
  copyWriteInfoLink: String
  libLink: String
  vulnerabilityCounts: IssuesBySeverity
  triggerPackage: String
  vulnerabilities: [SCAVulnerability]
  latestVersion: String
  latestVersionDate: String
  stars: Int
  forks: Int
  openIssues: Int
  packageManager: String
  packageManagerLink: String
  maintainers: Int
  contributors: Int
  downloads: Int
  sourceLink: String
  notPopular: Boolean
  licenseIssue: Boolean
  malicious: Boolean
  malwareType: String
  osVname: String
  notMaintained: Boolean
  isDeprecated: Boolean
  notImported: Boolean
  notUsed: Boolean
  notUpdated: Boolean
  dependencyLevel: Int
  requestId: String
  licenseLink: String
  artifactInSbomLibs: [ArtifactInSbomLibs]
  sha: String
  maintainersList: [Maintainer]
  runtimeStatus: String
  usedVersionReleaseDate: String
  projectDescription: String
}

hashtag
Fields

Field
Description
Supported fields

id String

Unique identifier of the SBOM library

references [SbomReference]

List of references associated with this library

triggerPackage String location String locationLink String dependencyType String dependencyLevel Int commit SbomCommit fileName String

appType String ⚠️

Deprecated: This field is not used anymore

language String

Programming language of the library

libId String ⚠️

Deprecated: This field is not used anymore

libraryName String

Official name of the library

libraryVersion String

Version string of the library

license String

License type(s) of the library

appName String

Name of the application that uses the library

location String

Location path where the library is used or referenced

dependencyType String

Type of dependency

source String

Source of the library

appId String

Application identifier using the library

locationLink String

URL link to the location where the library is used

appLink String

URL link to the application

pkgName String

Package name of the library

copyWriteInfo [String]

List of copyright notices associated with the library

copyWriteInfoLink String

Link to the copyright information

libLink String

URL link to the library source or homepage

vulnerabilityCounts IssuesBySeverity

Counts of vulnerabilities by severity

appox Int critical Int high Int medium Int low Int info Int

triggerPackage String

Package that triggered this library in the dependency graph

vulnerabilities [SCAVulnerability]

List of software composition analysis vulnerabilities associated

issueId String oxSeverity String severityNumberFromTool String severityFromTool String cve String cveLink String cvsVer String cvssVersion Float epss Float percentile Float libName String dependencyChain String runtimeStatus String libVersion String chainDepth Int exploitInTheWild Boolean exploitInTheWildLink String description String dateDiscovered String minorVerWithFix String majorVerWithFix String exploitRequirement String exploitCode String originalSeverity String

latestVersion String

Latest available version of the library

latestVersionDate String

Release date of the latest version

stars Int

Number of stars (popularity metric) on the repository

forks Int

Number of forks on the repository

openIssues Int

Number of open issues in the repository

packageManager String

Package manager name

packageManagerLink String

URL link to the package manager page

maintainers Int

Number of maintainers of the library

contributors Int

Number of contributors to the library

downloads Int

Number of downloads for the library

sourceLink String

Source code link

notPopular Boolean

Indicates if the library is considered not popular

licenseIssue Boolean

Indicates if the library has license compliance issues

malicious Boolean

Indicates if the library is malicious

malwareType String

Malware type

osVname String

Operating system

notMaintained Boolean

Indicates if the library is not actively maintained

isDeprecated Boolean

Indicates if the library is deprecated

notImported Boolean

Deprecated: Indicates if the library is not imported (use other fields)

notUsed Boolean ⚠️

Deprecated: No longer supported

notUpdated Boolean

Indicates if the library version is not up-to-date

dependencyLevel Int

Dependency level in the graph

requestId String

Request identifier associated with the data fetch

licenseLink String

Link to the license details

artifactInSbomLibs [ArtifactInSbomLibs]

List of artifacts that include this library

image String imageLink String imageCreatedAt String sha String os String osVersion String baseImage String baseImageVersion String tag String layer String registryName String source String

sha String

SHA hash associated with the library

maintainersList [Maintainer]

List of maintainers with detailed info

name String email String

runtimeStatus String

Runtime status of the library indicating eBPF loading state

usedVersionReleaseDate String

Used version release date

projectDescription String

Project description

hashtag
References

hashtag
Queries using this object:

hashtag
Fields with this object:

Last updated