Man page - debsbom-download(1)

Packages contains this manual

Package:  debsbom
apt-get install debsbom

Manuals in package:
• debsbom-decisions(1)
• debsbom-filter(1)
• debsbom-merge(1)
• debsbom(1)
• debsbom-source-merge(1)
• debsbom-export(1)
• debsbom-repack(1)
• debsbom-delta(1)
• debsbom-trace-path(1)
• debsbom-download(1)
• debsbom-generate(1)
Documentations in package:
• debsbom

Manual

DEBSBOM-DOWNLOAD

NAME
SYNOPSIS
DESCRIPTION
JSON Output Schema
Fields
OPTIONS
SEE ALSO
DEBSBOM
AUTHOR
COPYRIGHT

---

NAME

debsbom-download - debsbom download command

SYNOPSIS

debsbom download [-h] [-t {cdx,spdx}] [--outdir OUTDIR] [--sources]
[--binaries] [--skip-pkgs SKIP]
[--resolver {debian-snapshot}]
[bomin]

DESCRIPTION

Download referenced packages

Processes a SBOM and downloads the referenced packages. If no SBOM is provided, it reads line separated entries (name version arch) from stdin to define what shall be downloaded.

JSON Output Schema

When the application is run with JSON output enabled (via the --json flag), status messages are emitted as single-line JSON objects to standard output. Each line represents a distinct package download operation.

The schema for these JSON objects is as follows:

{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://github.com/siemens/debsbom/blob/main/src/debsbom/schema/schema-download.json",
"title": "Download Result",
"description": "The result of a download operation including the status, package name, package version, file name and file path.",
"type": "object",
"properties": {
"status": {
"description": "The status of the download operation.",
"enum": ["ok", "not_found", "checksum_mismatch"]
},
"package": {
"type": "object",
"description": "An object identifying the package.",
"properties": {
"name": {
"type": "string",
"description": "The name of the package."
},
"version": {
"type": "string",
"description": "The version of the package."
},
"purl": {
"type": "string",
"description": "The package url of the package."
}
},
"required": ["name", "version", "purl"]
},
"filename": {
"type": "string",
"description": "The name of the processed file or an empty string if the package is unavailable."
},
"path": {
"type": "string",
"description": "The absolute path to the downloaded file on success."
}
},
"required": ["status", "package"]
}

Fields

•

status : The status of the download operation. This field will contain one of the following predefined values from the DownloadStatus enum:

•

			"ok" : The file was either successfully downloaded or found in the cache, and the checksum was verified.
	•		"checksum_mismatch" : The downloaded file's checksum did not match the expected value.
	•		"not_found" : The requested file or package could not be located.
	•

package : An object identifying the package, including the name and the version as a string.

	•		filename : The name of the processed file or an empty string if the package is unavailable.
	•		path : The absolute path to the downloaded file or an empty string if nothing could be downloaded.

OPTIONS

Positional Arguments

bomin

sbom file(s) to process for 'bomin'. Use '-' to read from stdin

Named Arguments
-t , --sbom-type

SBOM type to process (default: auto-detect), required when reading from stdin

Possible choices: cdx, spdx

--outdir='downloads'

directory to store downloaded files

--sources=False

operate only on source packages (skip binaries)

--binaries=False

operate only on binary packages (skip sources)

--skip-pkgs

packages to exclude from the download, in package-list format

--resolver='debian-snapshot'

resolver to use to find upstream packages (default: 'debian-snapshot')

Possible choices: debian-snapshot

SEE ALSO

debsbom-generate(1)

DEBSBOM

Part of the debsbom(1) suite.

AUTHOR

Christoph Steiger, Felix Moessbauer

COPYRIGHT

2025, Siemens

---