Get Revision Attribution JSONV2

gethttps://app.fossa.com/api/v2/revisions/{locator}/attribution/json

Return a JSON report of a revision's attribution (V2). **Requires a Premium subscription.** Organizations below the Premium access level receive a `403`.

Path parameters

locatorstringrequired

The URL-encoded locator of the revision

Query parameters

previewboolean

Whether to preview the report inline rather than generate a downloadable file (default is false)

includeDeepDependenciesboolean

Whether to include deep dependencies (default is false)

includeHashAndVersionDataboolean

Whether to include hash and version data (default is false)

includeCopyrightListboolean

Whether to include the copyright list (default is false)

includeFileMatchesboolean

Whether to include license file matches (default is false)

includeOpenVulnerabilitiesboolean

Whether to include open vulnerabilities (default is false)

includeClosedVulnerabilitiesboolean

Whether to include closed vulnerabilities (default is false)

includeNoticeFilesboolean

Whether to include the notice file match data (default is false)

includePackageLabelsboolean

Whether to include the package labels assigned to each dependency (default is false)

excludeFieldsobject

Object controlling which dependencies are excluded from the report. The only supported nested field is `packageLabels`: a non-empty array of package-label values; dependencies carrying any of these labels are excluded from the report. The server parses the query string with the `qs` library, so the array is sent using bracket-and-index notation rather than standard OpenAPI `deepObject` serialization. For example, to exclude two labels send (before URL-encoding): `excludeFields[packageLabels][0]=internal&excludeFields[packageLabels][1]=vendored`.

Responses

200A JSON report of the revision's attribution
projectobject

Project information

namestring

The name of the project

revisionstring

The revision of the project

directDependenciesobject[]
packagestring

The package name

sourcestring

The source of the package

versionstring

The version of the package

hashstring

The hash of the package

authorsstring[]

The authors of the package

descriptionstring

The description of the package

licensesobject[]

The licenses of the package

namestring

The name of the license

attributionstring

The attribution of the license

otherLicensesobject[]

The other licenses of the package

namestring

The name of the license

attributionstring

The attribution of the license

projectUrlstring

The project URL

dependencyPathsstring[]

The dependency paths

notesstring[]

The notes of the package

downloadUrlstring

The download URL

isGolangboolean

Whether the package is Golang

titlestring

The title of the package

noticeFilesobject[]

The notice file matches of the package

idinteger

The ID of the notice match

revisionIdstring

The revision ID of the notice match

pathstring

The file path of the notice match

contentsstring

The contents of the notice match

copyrightsstring[]

The copyrights of the notice match

createdAtstring <date-time>

The creation date of the notice match

updatedAtstring <date-time>

The update date of the notice match

correctedboolean

Whether the notice match has been manually corrected

ignoredboolean

Whether the notice match has been manually ignored

packageLabelsstring[]

All applicable package labels assigned to the package, including globally applied labels, project applied labels, and revision applied labels that match this package in this revision.

deepDependenciesobject[]
packagestring

The package name

sourcestring

The source of the package

versionstring

The version of the package

hashstring

The hash of the package

authorsstring[]

The authors of the package

descriptionstring

The description of the package

licensesobject[]

The licenses of the package

namestring

The name of the license

attributionstring

The attribution of the license

otherLicensesobject[]

The other licenses of the package

namestring

The name of the license

attributionstring

The attribution of the license

projectUrlstring

The project URL

dependencyPathsstring[]

The dependency paths

notesstring[]

The notes of the package

downloadUrlstring

The download URL

isGolangboolean

Whether the package is Golang

titlestring

The title of the package

noticeFilesobject[]

The notice file matches of the package

idinteger

The ID of the notice match

revisionIdstring

The revision ID of the notice match

pathstring

The file path of the notice match

contentsstring

The contents of the notice match

copyrightsstring[]

The copyrights of the notice match

createdAtstring <date-time>

The creation date of the notice match

updatedAtstring <date-time>

The update date of the notice match

correctedboolean

Whether the notice match has been manually corrected

ignoredboolean

Whether the notice match has been manually ignored

packageLabelsstring[]

All applicable package labels assigned to the package, including globally applied labels, project applied labels, and revision applied labels that match this package in this revision.

licensesobject

A record of license names to their text

copyrightsByLicenseobject

A record of license names to their copyrights

noticeFilesobject[]

A list of notice file matches

idinteger

The ID of the notice match

revisionIdstring

The revision ID of the notice match

pathstring

The file path of the notice match

contentsstring

The contents of the notice match

copyrightsstring[]

The copyrights of the notice match

createdAtstring <date-time>

The creation date of the notice match

updatedAtstring <date-time>

The update date of the notice match

correctedboolean

Whether the notice match has been manually corrected

ignoredboolean

Whether the notice match has been manually ignored

401Unauthorized
uuidstring

Unique identifier associated with the error

codeinteger

fossa specific error code

messagestring

message associated with this error

namestring

name of the error

httpStatusCodeinteger

http status code number

403Forbidden — requires a premium subscription.
uuidstring

Unique identifier associated with the error

codeinteger

fossa specific error code

messagestring

message associated with this error

namestring

name of the error

httpStatusCodeinteger

http status code number

404NotFound
uuidstring

Unique identifier associated with the error

codeinteger

fossa specific error code

messagestring

message associated with this error

namestring

name of the error

httpStatusCodeinteger

http status code number

500Server Error
uuidstring

Unique identifier associated with the error

codeinteger

fossa specific error code

messagestring

message associated with this error

namestring

name of the error

httpStatusCodeinteger

http status code number

Try this endpoint

Build a request and run it against app.fossa.com.

Bearer

Stored in this browser for 24 hours. Try It uses a docs proxy for CORS and does not store tokens server-side.

GET https://app.fossa.com/api/v2/revisions/%7Blocator%7D/attribution/json
curl --request GET \  --url 'https://app.fossa.com/api/v2/revisions/%7Blocator%7D/attribution/json' \  --header 'accept: application/json' \  --header 'authorization: Bearer YOUR_API_TOKEN'

Real request. Mutating methods can change data.

Click Try It to run a request and see the response here.
Enter a Bearer token before running this request.

Path params

locatorstringrequired

The URL-encoded locator of the revision

Query params

previewboolean

Whether to preview the report inline rather than generate a downloadable file (default is false)

includeDeepDependenciesboolean

Whether to include deep dependencies (default is false)

includeHashAndVersionDataboolean

Whether to include hash and version data (default is false)

includeCopyrightListboolean

Whether to include the copyright list (default is false)

includeFileMatchesboolean

Whether to include license file matches (default is false)

includeOpenVulnerabilitiesboolean

Whether to include open vulnerabilities (default is false)

includeClosedVulnerabilitiesboolean

Whether to include closed vulnerabilities (default is false)

includeNoticeFilesboolean

Whether to include the notice file match data (default is false)

includePackageLabelsboolean

Whether to include the package labels assigned to each dependency (default is false)

excludeFieldsobject

Object controlling which dependencies are excluded from the report. The only supported nested field is `packageLabels`: a non-empty array of package-label values; dependencies carrying any of these labels are excluded from the report. The server parses the query string with the `qs` library, so the array is sent using bracket-and-index notation rather than standard OpenAPI `deepObject` serialization. For example, to exclude two labels send (before URL-encoding): `excludeFields[packageLabels][0]=internal&excludeFields[packageLabels][1]=vendored`.