Get Revision Attribution JSON
https://app.fossa.com/api/revisions/{locator}/attribution/jsonReturn a JSON report of a revision's attribution. **Requires a Premium subscription.** Organizations below the Premium access level receive a `403`.
Path parameters
locatorstringrequiredthe url-encoded locator of the revision
Query parameters
previewbooleanWhether to preview the report (default is false)
includeDeepDependenciesbooleanWhether to include deep dependencies (default is true)
includeHashAndVersionDatabooleanWhether to include hash and version data (default is false)
includeCopyrightListbooleanWhether to include the copyright list (default is false)
includeFileMatchesbooleanWhether to include the file matches (default is false)
includeOpenVulnerabilitiesbooleanWhether to include the open vulnerabilities (default is false)
includeClosedVulnerabilitiesbooleanWhether to include the closed vulnerabilities (default is false)
includeNoticeFilesbooleanWhether to include the notice files match data (default is false)
includePackageLabelsbooleanWhether to include the package labels assigned to each dependency (default is false)
excludeFieldsobjectObject controlling which dependencies are excluded from the report. The only supported nested field is `packageLabels`: a non-empty array of package-label values; dependencies carrying any of these labels are excluded from the report. The server parses the query string with the `qs` library, so the array is sent using bracket-and-index notation rather than standard OpenAPI `deepObject` serialization. For example, to exclude two labels send (before URL-encoding): `excludeFields[packageLabels][0]=internal&excludeFields[packageLabels][1]=vendored`.
Responses
200A JSON Report of the Revision's attributionprojectobjectProject information
namestringThe name of the project
revisionstringThe revision of the project
directDependenciesobject[]packagestringThe package name
sourcestringThe source of the package
versionstringThe version of the package
hashstringThe hash of the package
authorsstring[]The authors of the package
descriptionstringThe description of the package
licensesobject[]The licenses of the package
namestringThe name of the license
attributionstringThe attribution of the license
otherLicensesobject[]The other licenses of the package
namestringThe name of the license
attributionstringThe attribution of the license
projectUrlstringThe project URL
dependencyPathsstring[]The dependency paths
notesstring[]The notes of the package
downloadUrlstringThe download URL
isGolangbooleanWhether the package is Golang
titlestringThe title of the package
noticeFilesobject[]The notice file matches of the package
idintegerThe ID of the notice match
revisionIdstringThe revision ID of the notice match
pathstringThe file path of the notice match
contentsstringThe contents of the notice match
copyrightsstring[]The copyrights of the notice match
createdAtstring <date-time>The creation date of the notice match
updatedAtstring <date-time>The update date of the notice match
correctedbooleanWhether the notice match has been manually corrected
ignoredbooleanWhether the notice match has been manually ignored
packageLabelsstring[]All applicable package labels assigned to the package, including globally applied labels, project applied labels, and revision applied labels that match this package in this revision.
deepDependenciesobject[]packagestringThe package name
sourcestringThe source of the package
versionstringThe version of the package
hashstringThe hash of the package
authorsstring[]The authors of the package
descriptionstringThe description of the package
licensesobject[]The licenses of the package
namestringThe name of the license
attributionstringThe attribution of the license
otherLicensesobject[]The other licenses of the package
namestringThe name of the license
attributionstringThe attribution of the license
projectUrlstringThe project URL
dependencyPathsstring[]The dependency paths
notesstring[]The notes of the package
downloadUrlstringThe download URL
isGolangbooleanWhether the package is Golang
titlestringThe title of the package
noticeFilesobject[]The notice file matches of the package
idintegerThe ID of the notice match
revisionIdstringThe revision ID of the notice match
pathstringThe file path of the notice match
contentsstringThe contents of the notice match
copyrightsstring[]The copyrights of the notice match
createdAtstring <date-time>The creation date of the notice match
updatedAtstring <date-time>The update date of the notice match
correctedbooleanWhether the notice match has been manually corrected
ignoredbooleanWhether the notice match has been manually ignored
packageLabelsstring[]All applicable package labels assigned to the package, including globally applied labels, project applied labels, and revision applied labels that match this package in this revision.
licensesobjectA record of license names to their text
copyrightsByLicenseobjectA record of license names to their copyrights
noticeFilesobject[]A list of notice file matches
idintegerThe ID of the notice match
revisionIdstringThe revision ID of the notice match
pathstringThe file path of the notice match
contentsstringThe contents of the notice match
copyrightsstring[]The copyrights of the notice match
createdAtstring <date-time>The creation date of the notice match
updatedAtstring <date-time>The update date of the notice match
correctedbooleanWhether the notice match has been manually corrected
ignoredbooleanWhether the notice match has been manually ignored
401UnauthorizeduuidstringUnique identifier associated with the error
codeintegerfossa specific error code
messagestringmessage associated with this error
namestringname of the error
httpStatusCodeintegerhttp status code number
403Forbidden — requires a premium subscription.uuidstringUnique identifier associated with the error
codeintegerfossa specific error code
messagestringmessage associated with this error
namestringname of the error
httpStatusCodeintegerhttp status code number
404Not FounduuidstringUnique identifier associated with the error
codeintegerfossa specific error code
messagestringmessage associated with this error
namestringname of the error
httpStatusCodeintegerhttp status code number
500Server ErroruuidstringUnique identifier associated with the error
codeintegerfossa specific error code
messagestringmessage associated with this error
namestringname of the error
httpStatusCodeintegerhttp status code number
Try this endpoint
Build a request and run it against app.fossa.com.
Stored in this browser for 24 hours. Try It uses a docs proxy for CORS and does not store tokens server-side.
GET https://app.fossa.com/api/revisions/%7Blocator%7D/attribution/jsoncurl --request GET \ --url 'https://app.fossa.com/api/revisions/%7Blocator%7D/attribution/json' \ --header 'accept: application/json' \ --header 'authorization: Bearer YOUR_API_TOKEN'Real request. Mutating methods can change data.
Path params
locatorstringrequiredthe url-encoded locator of the revision
Query params
previewbooleanWhether to preview the report (default is false)
includeDeepDependenciesbooleanWhether to include deep dependencies (default is true)
includeHashAndVersionDatabooleanWhether to include hash and version data (default is false)
includeCopyrightListbooleanWhether to include the copyright list (default is false)
includeFileMatchesbooleanWhether to include the file matches (default is false)
includeOpenVulnerabilitiesbooleanWhether to include the open vulnerabilities (default is false)
includeClosedVulnerabilitiesbooleanWhether to include the closed vulnerabilities (default is false)
includeNoticeFilesbooleanWhether to include the notice files match data (default is false)
includePackageLabelsbooleanWhether to include the package labels assigned to each dependency (default is false)
excludeFieldsobjectObject controlling which dependencies are excluded from the report. The only supported nested field is `packageLabels`: a non-empty array of package-label values; dependencies carrying any of these labels are excluded from the report. The server parses the query string with the `qs` library, so the array is sent using bracket-and-index notation rather than standard OpenAPI `deepObject` serialization. For example, to exclude two labels send (before URL-encoding): `excludeFields[packageLabels][0]=internal&excludeFields[packageLabels][1]=vendored`.