Skip to content

Download FOSSA project attribution reports

Jump to bottom
Chelsea Boling edited this page Jun 8, 2023 · 1 revision

This guide will show you how to see FOSSA's endpoints to download FOSSA reports to your machine.

Pre-requisites

  • Must have at least one project locator. You can get the list of projects by running this endpoint.

How to do it

In this example, we have a project called potential-spoon and we want to generate a report in plain text format. image

The fields that we want in this report are the following:

Customize Report Information

  • Dependencies Summary
  • Direct Dependencies
  • Transitive Dependencies
  • Full License List

Dependency Metadata Information

Click on "Edit Dependency Info" to see the options.

image
  • Package
  • Authors
  • Dependency Paths

Calling the endpoints

Set the dependency metadata information

To download the report with all of the fields that you need, we first need to set the dependency metadata information via the following endpoint: PUT https://app.fossa.com/api/projects/<project-locator> where the bom_column_settings[]=<attribute> is the body.

For example, here's how to call this endpoint:

curl --location --request PUT 'https://app.fossa.com/api/projects/<project-locator>' \
--header 'Authorization: Bearer <fossa-full-access-token>' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'bom_column_settings[]=Authors' \
--data-urlencode 'bom_column_settings[]=Library' \
--data-urlencode 'bom_column_settings[]=DependencyPaths'

After running this you should see get s 200 OK along with a JSON response.

Download the actual report in plain text

The next thing to do is to run the following endpoint: GET https://app.fossa.com/api/revisions/<encoded-project-locator-with-revision>/attribution/download

where the following query include parameters can be set to true. format will be TXT in this example and download is required to be set to true:

  • format=TXT
  • download=true
  • includeProjectLicense=
  • includeLicenseScan=
  • includeDependencySummary=
  • includeDirectDependencies=
  • includeDeepDependencies=
  • includeLicenseList=
  • includeVulnerabilities=
  • includeLicenseHeaders=

For example, here's how to call this endpoint:

curl --location --request GET 'https://app.fossa.com/api/revisions/git%2Bgithub.com%2Fcmboling%2Fpotential-spoon%24f5b0ad1c10923475620c9b5bb5d0561271354e38/attribution/download?includeProjectLicense=&includeLicenseScan=&includeDependencySummary=true&includeDirectDependencies=true&includeDeepDependencies=true&includeLicenseList=true&includeVulnerabilities=&format=TXT&includeLicenseHeaders=&download=true' \
--header 'Authorization: Bearer <fossa-full-access-token>'

The output should be the report in plain text, which you can pipe to a plain text file.

Clone this wiki locally