Content Manifest Component#
Stores software and hardware components associated with image manifests. Structure is based on the CycloneDX component. Link: https://cyclonedx.org/docs/1.4/json/#components
type
| String required
String parameters
enum
application | framework | library | container | operating-system | device | firmware | file
Specifies the type of component. For software components, classify as ‘application’ if no more specific appropriate classification is available or cannot be determined for the component.
name
| String required
The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery
content_manifest
| ContentManifestComponentManifest read-only
Associated manifest. Manifest cannot be disassociated after creating association with component.
image
| ContentManifestComponentImage read-only
Associated image. Image cannot be disassociated after creating association with component.
mime_type
| String
String parameters
regex
| ^[-+a-z0-9.]+/[-+a-z0-9.]+$
When used on file components, the mime-type can provide additional context about the kind of file being represented such as an image, font, or executable. Some library or framework components may also have an associated mime-type.
bom_ref
| String
An identifier which can be used to reference the component elsewhere in the BOM. Uniqueness within the BOM is ensured checking unique combination od manifest._id and bom_ref.
supplier
| Supplier
The organization that supplied the component. The supplier may often be the manufacturer, but may also be a distributor or repackager.
author
| String
The person(s) or organization(s) that authored the component.
publisher
| String
The person(s) or organization(s) that published the component.
group
| String
The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name. Whitespace and special characters should be avoided. Examples: apache, org.apache.commons, and apache.org.
version
| String
The component version. The version should ideally comply with semantic versioning but is not enforced.
description
| String
Specifies a description for the component.
scope
| String
String parameters
enum
required | optional | excluded
Specifies the scope of the component.
hashes
| List[ComponentHash]
Hashes of the component.
licenses
| List[ComponentLicense]
Licenses of the component.
copyright
| String
A copyright notice informing users of the underlying claims to copyright ownership in a published work.
purl
| String
Specifies the package-url (purl). The purl, if specified, MUST be valid and conform to the specification defined at: package-url/purl-spec
swid
| ComponentSwid
Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags. https://www.iso.org/standard/65666.html
external_references
| List[ComponentExternalReference]
External references provide a way to document systems, sites, and information that may be relevant but which are not included with the BOM.
evidence
| ComponentEvidence
Provides the ability to document evidence collected through various forms of extraction or analysis.
release_notes
| ComponentReleaseNotes
Specifies optional release notes.
build_dependency
| Boolean
Defines if the container is used as a build dependency during multi-stage builds.
properties
| List[ComponentProperties]
Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy (CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.
cpe
| String
Specifies a well-formed CPE name that conforms to the CPE 2.2 or 2.3 specification. See https://nvd.nist.gov/products/cpe
org_id
| Integer read-only
Red Hat Org ID / account_id from Red Hat SSO. Also corresponds to company_org_id in Red Hat Connect.
_id
| ObjectID read-only
MongoDB unique _id
creation_date
| DateTime read-only
The date when the entry was created. Value is created automatically on creation.
last_update_date
| DateTime read-only
The date when the entry was last updated.
content_manifest._id_1
- Fields
content_manifest._id: ASC
- Description
- Index for contentManifestComponent collection based on the content_manifest._id field.
name_1
- Fields
name: ASC
- Description
- Index for contentManifestComponent collection based on the name field.
edges.content_manifest
| Content manifest
Component manifest associated with the component.
Parent arguments: [‘content_manifest’, ‘_id’]
Uses GQL query: get_content_manifest
Example queries
{
find_content_manifest_components(page: 0, page_size: 50, sort_by: [{ field: "creation_date", order: DESC }]) {
error {
detail
status
}
total # omit for better performance
page_size
page
data {
_id
edges {
content_manifest {
error {
status
detail
}
data {
_id
}
}
}
}
}
}
{
get_content_manifest_component(id: "6304c560cbb2b2d2d4053b8e") {
error {
detail
status
}
data {
_id
edges {
content_manifest {
error {
status
detail
}
data {
_id
}
}
}
}
}
}
edges.image
| Container Image
Image associated with the component.
Parent arguments: [‘image’, ‘_id’]
Uses GQL query: get_image
Example queries
{
find_content_manifest_components(page: 0, page_size: 50, sort_by: [{ field: "creation_date", order: DESC }]) {
error {
detail
status
}
total # omit for better performance
page_size
page
data {
_id
edges {
image {
error {
status
detail
}
data {
_id
}
}
}
}
}
}
{
get_content_manifest_component(id: "6304c560cbb2b2d2d4053b8e") {
error {
detail
status
}
data {
_id
edges {
image {
error {
status
detail
}
data {
_id
}
}
}
}
}
}