# sbomLib
Represents a software library found in the SBOM with detailed metadata.
### Examples
```graphql
type SbomLib {
id: String
references: [SbomReference]
appType: String
language: String
libId: String
libraryName: String
libraryVersion: String
license: String
appName: String
location: String
dependencyType: String
source: String
appId: String
locationLink: String
appLink: String
pkgName: String
copyWriteInfo: [String]
copyWriteInfoLink: String
libLink: String
vulnerabilityCounts: IssuesBySeverity
triggerPackage: String
vulnerabilities: [SCAVulnerability]
latestVersion: String
latestVersionDate: String
stars: Int
forks: Int
openIssues: Int
packageManager: String
purl: String
packageManagerLink: String
maintainers: Int
contributors: Int
downloads: Int
sourceLink: String
notPopular: Boolean
licenseIssue: Boolean
malicious: Boolean
malwareType: String
osVname: String
notMaintained: Boolean
isDeprecated: Boolean
notImported: Boolean
notUsed: Boolean
notUpdated: Boolean
dependencyLevel: Int
requestId: String
licenseLink: String
artifactInSbomLibs: [ArtifactInSbomLibs]
sha: String
maintainersList: [Maintainer]
runtimeStatus: String
runtimeContext: RuntimeInfo
usedVersionReleaseDate: String
projectDescription: String
firstSeenDate: String
}
```
### Fields
| Field | Description | Supported fields |
| ------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| id `String` | Unique identifier of the SBOM library | |
| references [`[SbomReference]`](/api-documentation/api-reference/api--issue/types/objects/sbom-reference.md) | List of references associated with this library | triggerPackage String
location String
locationLink String
dependencyType String
dependencyLevel Int
commit SbomCommit
fileName String
|
| ~~appType `String`~~ ⚠️ | **Deprecated**: This field is not used anymore | |
| language `String` | Programming language of the library | |
| ~~libId `String`~~ ⚠️ | **Deprecated**: This field is not used anymore | |
| libraryName `String` | Official name of the library | |
| libraryVersion `String` | Version string of the library | |
| license `String` | License type(s) of the library | |
| appName `String` | Name of the application that uses the library | |
| location `String` | Location path where the library is used or referenced | |
| dependencyType `String` | Type of dependency | |
| source `String` | Source of the library | |
| appId `String` | Application identifier using the library | |
| locationLink `String` | URL link to the location where the library is used | |
| appLink `String` | URL link to the application | |
| pkgName `String` | Package name of the library | |
| copyWriteInfo `[String]` | List of copyright notices associated with the library | |
| copyWriteInfoLink `String` | Link to the copyright information | |
| libLink `String` | URL link to the library source or homepage | |
| vulnerabilityCounts [`IssuesBySeverity`](/api-documentation/api-reference/api--issue/types/objects/issues-by-severity.md) | Counts of vulnerabilities by severity | appox Int
critical Int
high Int
medium Int
low Int
info Int
|
| triggerPackage `String` | Package that triggered this library in the dependency graph | |
| vulnerabilities [`[SCAVulnerability]`](/api-documentation/api-reference/api--issue/types/objects/sca-vulnerability.md) | List of software composition analysis vulnerabilities associated | issueId String
oxSeverity String
severityNumberFromTool String
severityFromTool String
cve String
cveLink String
cvsVer String
cvssVersion Float
epss Float
percentile Float
libName String
dependencyChain String
runtimeStatus String
runtimeContext RuntimeInfo
libVersion String
chainDepth Int
exploitInTheWild Boolean
exploitInTheWildLink String
description String
dateDiscovered String
minorVerWithFix String
majorVerWithFix String
exploitRequirement String
exploitCode String
originalSeverity String
|
| latestVersion `String` | Latest available version of the library | |
| latestVersionDate `String` | Release date of the latest version | |
| stars `Int` | Number of stars (popularity metric) on the repository | |
| forks `Int` | Number of forks on the repository | |
| openIssues `Int` | Number of open issues in the repository | |
| packageManager `String` | Package manager name | |
| purl `String` | Package URL (PURL) identifier for this library, e.g. pkg:npm/lodash\@4.17.21 | |
| packageManagerLink `String` | URL link to the package manager page | |
| maintainers `Int` | Number of maintainers of the library | |
| contributors `Int` | Number of contributors to the library | |
| downloads `Int` | Number of downloads for the library | |
| sourceLink `String` | Source code link | |
| notPopular `Boolean` | Indicates if the library is considered not popular | |
| licenseIssue `Boolean` | Indicates if the library has license compliance issues | |
| malicious `Boolean` | Indicates if the library is malicious | |
| malwareType `String` | Malware type | |
| osVname `String` | Operating system | |
| notMaintained `Boolean` | Indicates if the library is not actively maintained | |
| isDeprecated `Boolean` | Indicates if the library is deprecated | |
| notImported `Boolean` | Deprecated: Indicates if the library is not imported (use other fields) | |
| ~~notUsed `Boolean`~~ ⚠️ | **Deprecated**: No longer supported | |
| notUpdated `Boolean` | Indicates if the library version is not up-to-date | |
| dependencyLevel `Int` | Dependency level in the graph | |
| requestId `String` | Request identifier associated with the data fetch | |
| licenseLink `String` | Link to the license details | |
| artifactInSbomLibs [`[ArtifactInSbomLibs]`](/api-documentation/api-reference/api--issue/types/objects/artifact-in-sbom-libs.md) | List of artifacts that include this library | image String
imageLink String
imageCreatedAt String
sha String
os String
osVersion String
baseImage String
baseImageVersion String
tag String
layer String
registryName String
source String
|
| sha `String` | SHA hash associated with the library | |
| maintainersList [`[Maintainer]`](/api-documentation/api-reference/api--issue/types/objects/maintainer.md) | List of maintainers with detailed info | name String
email String
|
| runtimeStatus `String` | Runtime status of the library indicating eBPF loading state | |
| runtimeContext [`RuntimeInfo`](/api-documentation/api-reference/api--issue/types/objects/runtime-info.md) | Runtime information including status and cloud contexts | runtimeStatus String
cloudContexts \[RuntimeContext]
|
| usedVersionReleaseDate `String` | Used version release date | |
| projectDescription `String` | Project description | |
| firstSeenDate `String` | Date when this library was first seen by the scanner | |
### References
#### Queries using this object:
* [\ getSingleSbomLibrary](/api-documentation/api-reference/api--sbom/queries/get-single-sbom-library.md)
#### Fields with this object:
* [{} Issue.sbom](/api-documentation/api-reference/api--issue/types/objects/issue.md)
* [{} SbomLibResponse.sbomLibs](/api-documentation/api-reference/api--sbom/types/objects/sbom-lib-response.md)
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.ox.security/api-documentation/api-reference/api--issue/types/objects/sbom-lib.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.