Man page - debsbom-download(1)

Packages contas this manual

Package: debsbom
apt-get install debsbom

Manuals in package:

Documentations in package:

debsbom

Manual

DEBSBOM-DOWNLOAD(1)

debsbom

DEBSBOM-DOWNLOAD(1)

NAME

debsbom-download - debsbom download command

SYNOPSIS

debsbom download [-h] [-t {cdx,spdx}] [--outdir OUTDIR] [--sources]


                 [--binaries] [--skip-pkgs SKIP]


                 [--resolver {debian-snapshot}]


                 [bomin]

DESCRIPTION

Download referenced packages

Processes a SBOM and downloads the referenced packages. If no SBOM is provided, it reads line separated entries (name version arch) from stdin to define what shall be downloaded.

JSON Output Schema

When the application is run with JSON output enabled (via the --json flag), status messages are emitted as single-line JSON objects to standard output. Each line represents a distinct package download operation.

The schema for these JSON objects is as follows:

{


  "$schema": "https://json-schema.org/draft/2020-12/schema",


  "$id": "https://github.com/siemens/debsbom/blob/main/src/debsbom/schema/schema-download.json",


  "title": "Download Result",


  "description": "The result of a download operation including the status, package name, package version, file name and file path.",


  "type": "object",


  "properties": {


    "status": {


      "description": "The status of the download operation.",


      "enum": ["ok", "not_found", "checksum_mismatch"]


    },


    "package": {


      "type": "object",


      "description": "An object identifying the package.",


      "properties": {


        "name": {


          "type": "string",


          "description": "The name of the package."


        },


        "version": {


          "type": "string",


          "description": "The version of the package."


        },


        "purl": {


          "type": "string",


          "description": "The package url of the package."


        }


      },


      "required": ["name", "version", "purl"]


    },


    "filename": {


      "type": "string",


      "description": "The name of the processed file or an empty string if the package is unavailable."


    },


    "path": {


      "type": "string",


      "description": "The absolute path to the downloaded file on success."


    }


  },


  "required": ["status", "package"]
}

Fields

•: status: The status of the download operation. This field will contain one of the following predefined values from the DownloadStatus enum:

"ok": The file was either successfully downloaded or found in the cache, and the checksum was verified.
"checksum_mismatch": The downloaded file's checksum did not match the expected value.
"not_found": The requested file or package could not be located.

package: An object identifying the package, including the name and the version as a string.
filename: The name of the processed file or an empty string if the package is unavailable.
path: The absolute path to the downloaded file or an empty string if nothing could be downloaded.

OPTIONS

Positional Arguments

bomin: sbom file(s) to process for 'bomin'. Use '-' to read from stdin

Named Arguments

-t, --sbom-type: SBOM type to process (default: auto-detect), required when reading from stdin
Possible choices: cdx, spdx
--outdir='downloads': directory to store downloaded files
--sources=False: operate only on source packages (skip binaries)
--binaries=False: operate only on binary packages (skip sources)
--skip-pkgs: packages to exclude from the download, in package-list format
--resolver='debian-snapshot': resolver to use to find upstream packages (default: 'debian-snapshot')
Possible choices: debian-snapshot

DEBSBOM

Part of the debsbom(1) suite.

AUTHOR

Christoph Steiger, Felix Moessbauer

COPYRIGHT

2025, Siemens

March 24, 2026