export

Use the sbom export command to export an SBOM for a software package from Endor Labs.

The sbom export command allows you to export an SBOM for a specified package from Endor Labs.

Usage

To export an SBOM for a specified package version named go://github.com/Dreamacro/clash@main in Endor Labs.

endorctl sbom export --package-version-name=go://github.com/Dreamacro/clash@main

To export an SBOM for a specified package version given its UUID with the UUID of “653c625cd44ec559e19349dc” to a file called “sbom.json”

endorctl sbom export --package-version-uuid=653c625cd44ec559e19349dc >> sbom.json

Options

Flag Environment Variable Description
component-type ENDOR_SBOM_COMPONENT_TYPE Set the SBOM component type (application, or library). (default application)
output-format ENDOR_SBOM_OUTPUT_FORMAT Set the SBOM format (json, or xml) (default json).
package-version-name ENDOR_SBOM_PACKAGE_VERSION_NAME Name of the package version for which you want to generate an SBOM.
package-version-uuid ENDOR_SBOM_PACKAGE_VERSION_UUID The UUID of the package version for which you want to generate an SBOM.
timeout ENDOR_SBOM_TIMEOUT Set the timeout for the SBOM generation (default 30s).
with-vex ENDOR_SBOM_WITH_VEX Generate the corresponding VEX document along with the SBOM.
project-uuid ENDOR_SBOM_PROJECT_UUID The UUID of the project for which you want to generate an SBOM.
project-name ENDOR_SBOM_PROJECT_NAME Name of the project for which you want to generate an SBOM.
app-name ENDOR_SBOM_APP_NAME Name of the application/library. Required for multi-package SBOM export.
package-version-uuids ENDOR_SBOM_PACKAGE_VERSION_UUIDS The list of package version UUIDs to export an SBOM.