SbomReport
aquasecurity.github.io / v1alpha1
apiVersion: aquasecurity.github.io/v1alpha1
kind: SbomReport
metadata:
name: example
apiVersion
string
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind
string
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata
object
report object required
Report is the actual sbom report data.
artifact object required
Artifact represents a standalone, executable package of software that includes everything needed to
run an application.
digest
string
Digest is a unique and immutable identifier of an Artifact.
mimeType
string
MimeType represents a type and format of an Artifact.
repository
string
Repository is the name of the repository in the Artifact registry.
tag
string
Tag is a mutable, human-readable string used to identify an Artifact.
components object required
Bom is artifact bill of materials.
bomFormat
string required
components []object
bom-ref
string
group
string
hashes []object
alg
string
content
string
licenses []object
expression
string
license object
id
string
name
string
url
string
name
string
properties []object
name
string
value
string
purl
string
supplier object
contact []object
email
string
name
string
phone
string
name
string
url
[]string
type
string
version
string
dependencies []object
dependsOn
[]string
ref
string
metadata object
component object
bom-ref
string
group
string
hashes []object
alg
string
content
string
licenses []object
expression
string
license object
id
string
name
string
url
string
name
string
properties []object
name
string
value
string
purl
string
supplier object
contact []object
email
string
name
string
phone
string
name
string
url
[]string
type
string
version
string
timestamp
string
tools object
components []object
bom-ref
string
group
string
hashes []object
alg
string
content
string
licenses []object
expression
string
license object
id
string
name
string
url
string
name
string
properties []object
name
string
value
string
purl
string
supplier object
contact []object
email
string
name
string
phone
string
name
string
url
[]string
type
string
version
string
serialNumber
string
specVersion
string required
version
integer
registry object
Registry is the registry the Artifact was pulled from.
server
string
Server the FQDN of registry server.
scanner object required
Scanner is the scanner that generated this report.
name
string required
Name the name of the scanner.
vendor
string required
Vendor the name of the vendor providing the scanner.
version
string required
Version the version of the scanner.
summary object required
Summary is a summary of sbom report.
componentsCount
integer required
ComponentsCount is the number of components in bom.
minimum:
0
dependenciesCount
integer required
DependenciesCount is the number of dependencies in bom.
minimum:
0
updateTimestamp
string required
UpdateTimestamp is a timestamp representing the server time in UTC when this report was updated.
format:
date-timeNo matches. Try .report.artifact for an exact path