debsbom trace-path

Synopsis

debsbom trace-path [-h] [-t {cdx,spdx}] [--format {text,json,ref,dot}]
                   [--mode {shortest,all-shortest,all}]
                   [bomin] source

Description

Trace path between components

Processes an SBOM and a package identifier and emits paths from this package to the root. The textual outputs (text and ref) are not considered stable and should not be parsed. The JSON output is in json-lines format, whereby each line adheres to the schema-download.json schema.

JSON Output Schema

When the application is run with JSON output enabled (via the --json flag), status messages are emitted as single-line JSON objects to standard output. Each line represents a single path from the package to the root.

The schema for these JSON objects is as follows:

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://raw.githubusercontent.com/siemens/debsbom/refs/heads/main/src/debsbom/schema/schema-trace-path.json",
  "title": "Trace Path Result",
  "description": "List of components on a path between a source and a destination component",
  "type": "array",
  "items": {
    "type": "object",
    "required": [
      "name",
      "ref"
    ],
    "properties": {
      "name": {
        "type": "string",
        "description": "Name of the component"
      },
      "ref": {
        "type": "string",
        "description": "Reference identifier for the component"
      },
      "version": {
        "type": [
          "string",
          "null"
        ],
        "description": "Version of the component"
      },
      "maintainer": {
        "type": [
          "string",
          "null"
        ],
        "description": "Maintainer of the component"
      },
      "purl": {
        "type": [
          "string",
          "null"
        ],
        "description": "Package URL of the component"
      }
    }
  }
}

Options

Positional Arguments

bomin

sbom file(s) to process for ‘bomin’. Use ‘-’ to read from stdin

source

source node (PURL)

Named Arguments

-t, --sbom-type

SBOM type to process (default: auto-detect), required when reading from stdin

Possible choices: cdx, spdx

--format='text'

path output format (default: ‘text’)

Possible choices: text, json, ref, dot

--mode='shortest'

Possible choices: shortest, all-shortest, all

SEE ALSO

debsbom-generate(1)

DEBSBOM

Part of the debsbom(1) suite.