debsbom download
Synopsis
debsbom download [-h] [-t {cdx,spdx}] [--outdir OUTDIR] [--sources]
[--binaries] [--skip-pkgs SKIP]
[--resolver {debian-snapshot}]
[bomin]
Description
Download referenced packages
Processes a SBOM and downloads the referenced packages. If no SBOM is provided, it reads line separated entries (name version arch) from stdin to define what shall be downloaded.
JSON Output Schema
When the application is run with JSON output enabled (via the --json flag),
status messages are emitted as single-line JSON objects to standard output.
Each line represents a distinct package download operation.
The schema for these JSON objects is as follows:
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://raw.githubusercontent.com/siemens/debsbom/refs/heads/main/src/debsbom/schema/schema-download.json",
"title": "Download Result",
"description": "The result of a download operation including the status, package name, package version, file name and file path.",
"type": "object",
"properties": {
"status": {
"description": "The status of the download operation.",
"enum": [
"ok",
"not_found",
"checksum_mismatch"
]
},
"package": {
"type": "object",
"description": "An object identifying the package.",
"properties": {
"name": {
"type": "string",
"description": "The name of the package."
},
"version": {
"type": "string",
"description": "The version of the package."
},
"purl": {
"type": "string",
"description": "The package url of the package."
}
},
"required": [
"name",
"version",
"purl"
]
},
"filename": {
"type": "string",
"description": "The name of the processed file or an empty string if the package is unavailable."
},
"path": {
"type": "string",
"description": "The absolute path to the downloaded file on success."
}
},
"required": [
"status",
"package"
]
}
Fields
status: The status of the download operation. This field will contain one of the following predefined values from the
DownloadStatusenum:"ok": The file was either successfully downloaded or found in the cache, and the checksum was verified."checksum_mismatch": The downloaded file’s checksum did not match the expected value."not_found": The requested file or package could not be located.
package: An object identifying the package, including the name and the version as a string.
filename: The name of the processed file or an empty string if the package is unavailable.
path: The absolute path to the downloaded file or an empty string if nothing could be downloaded.
Options
Positional Arguments
- bomin
sbom file(s) to process for ‘bomin’. Use ‘-’ to read from stdin
Named Arguments
- -t, --sbom-type
SBOM type to process (default: auto-detect), required when reading from stdin
Possible choices: cdx, spdx
- --outdir='downloads'
directory to store downloaded files
- --sources=False
operate only on source packages (skip binaries)
- --binaries=False
operate only on binary packages (skip sources)
- --skip-pkgs
packages to exclude from the download, in package-list format
- --resolver='debian-snapshot'
resolver to use to find upstream packages (default: ‘debian-snapshot’)
Possible choices: debian-snapshot
SEE ALSO
debsbom-generate(1)
DEBSBOM
Part of the debsbom(1) suite.