Downloading attribution reports
This guide shows how to see FOSSA's endpoints to download FOSSA reports to your machine.
Pre-requisites
- Must have at least one project locator. You can get the list of projects by running this endpoint.
How to do it
In this example, we have a project called potential-spoon
and we want to generate a report in plain text format.
The fields that we want in this report are the following:
Customize Report Information
- Dependencies Summary
- Direct Dependencies
- Transitive Dependencies
- Full License List
Dependency Metadata Information
Click on "Edit Dependency Info" to see the options.
- Package
- Authors
- Dependency Paths
Calling the endpoints
Set the dependency metadata information
To download the report with all of the fields that you need, we first need to set the dependency metadata information via the following endpoint: PUT https://app.fossa.com/api/projects/<project-locator>
where the bom_column_settings[]=<attribute>
is the body.
For example, here's how to call this endpoint:
curl --location --request PUT 'https://app.fossa.com/api/projects/<project-locator>' \
--header 'Authorization: Bearer <fossa-full-access-token>' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'bom_column_settings[]=Authors' \
--data-urlencode 'bom_column_settings[]=Library' \
--data-urlencode 'bom_column_settings[]=DependencyPaths'
After running this you should see get s 200 OK
along with a JSON response.
Download the actual report in plain text
The next thing to do is to run the following endpoint:
GET https://app.fossa.com/api/revisions/<encoded-project-locator-with-revision>/attribution/download
where the following query include
parameters can be set to true. format
will be TXT in this example and download
is required to be set to true:
- format=TXT
- download=true
- includeProjectLicense=
- includeLicenseScan=
- includeDependencySummary=
- includeDirectDependencies=
- includeDeepDependencies=
- includeLicenseList=
- includeVulnerabilities=
- includeLicenseHeaders=
For example, here's how to call this endpoint:
curl --location --request GET 'https://app.fossa.com/api/revisions/git%2Bgithub.com%2Fcmboling%2Fpotential-spoon%24f5b0ad1c10923475620c9b5bb5d0561271354e38/attribution/download?includeProjectLicense=&includeLicenseScan=&includeDependencySummary=true&includeDirectDependencies=true&includeDeepDependencies=true&includeLicenseList=true&includeVulnerabilities=&format=TXT&includeLicenseHeaders=&download=true' \
--header 'Authorization: Bearer <fossa-full-access-token>'
The output should be the report in plain text, which you can pipe to a plain text file.
Updated about 1 month ago