Bomly

Bomly Diff JSON Schema Reference

Complete reference for the bomly diff JSON output.

Document

FieldTypeDescription
schema_versionstring
commandstring
projectProjectDescriptor
comparisonDiffComparison
resultsDiffResults
summaryDiffSummary
auditDiffAudit
metadataMetadata

Types

AffectedSymbol

FieldTypeDescription
symbolstring
kindstring
packagestring
modulestring
definitionSourcePosition

AuditFinding

FieldTypeDescription
idstring
kindstring
severitystring
packagePackageRef
titlestring
reasonsArray<string>
sourcestring
auditorstring
dispositionstring
fixed_instring
fixed_versionsArray<string>
fix_statestring
fix_availableArray<FixAvailable>
aliasesArray<string>
descriptionstring
severity_sourcestring
cvssArray<CVSSScore>
affected_version_rangestring
referencesArray<Reference>
kev_exploitedboolean
known_exploitedArray<KnownExploited>
epssArray<EPSSScore>
cwesArray<CWE>
risk_scorenumber
data_sourcestring
namespacestring
cpesArray<string>
reachabilityReachability

AuditSummary

FieldTypeDescription
criticalinteger
highinteger
mediuminteger
lowinteger
unknowninteger
totalinteger

CVSSScore

FieldTypeDescription
vectorstring
scorenumber
versionstring
sourcestring

CWE

FieldTypeDescription
cvestring
idstring
sourcestring
typestring

CallFrame

FieldTypeDescription
functionstring
packagestring
receiverstring
positionSourcePosition

CallPath

FieldTypeDescription
sinkAffectedSymbol
framesArray<CallFrame>

DiffAudit

FieldTypeDescription
introducedArray<AuditFinding>
resolvedArray<AuditFinding>
persistedArray<AuditFinding>
audit_summaryAuditSummary

DiffChangedPackage

FieldTypeDescription
afterPackageRef
beforePackageRef

DiffComparison

FieldTypeDescription
basestring
headstring

DiffDependencyResults

FieldTypeDescription
addedArray<DiffPackageChange>
removedArray<DiffPackageChange>
changedArray<DiffChangedPackage>

DiffLicenseChange

FieldTypeDescription
packagePackageRef
licensesArray<LicenseRef>

DiffLicenseDelta

FieldTypeDescription
packagePackageRef
beforeArray<LicenseRef>
afterArray<LicenseRef>

DiffLicenseResults

FieldTypeDescription
addedArray<DiffLicenseChange>
removedArray<DiffLicenseChange>
changedArray<DiffLicenseDelta>

DiffManifestResult

FieldTypeDescription
statusstring
pathstring
kindstring
subprojectstring
ecosystemstring
package_managerstring
addedArray<DiffPackageChange>
removedArray<DiffPackageChange>
changedArray<DiffChangedPackage>

DiffPackageChange

FieldTypeDescription
packagePackageRef

DiffResults

FieldTypeDescription
dependenciesDiffDependencyResults
licensesDiffLicenseResults
vulnerabilitiesDiffVulnerabilityResults
manifestsArray<DiffManifestResult>

DiffSummary

FieldTypeDescription
added_manifest_countinteger
changed_manifest_countinteger
removed_manifest_countinteger
unchanged_manifest_countinteger
added_package_countinteger
changed_package_countinteger
removed_package_countinteger
exact_match_countinteger
fuzzy_match_countinteger
unmatched_package_countinteger

DiffVulnerabilityChange

FieldTypeDescription
packagePackageRef
vulnerabilityVulnerabilityRef

DiffVulnerabilityResults

FieldTypeDescription
addedArray<DiffVulnerabilityChange>
removedArray<DiffVulnerabilityChange>

EPSSScore

FieldTypeDescription
cvestring
epssnumber
percentilenumber
datestring

FixAvailable

FieldTypeDescription
versionstring
datestring
kindstring

KnownExploited

FieldTypeDescription
cvestring
vendor_projectstring
productstring
date_addedstring
required_actionstring
due_datestring
known_ransomware_campaign_usestring
notesstring
urlsArray<string>
cwesArray<string>

LicenseRef

FieldTypeDescription
valuestring
spdxExpressionstring
typestring

LocationRef

FieldTypeDescription
real_pathstring
access_pathstring
positionPositionRef

Metadata

FieldTypeDescription
duration_msinteger
reachability_enabledboolean
analyzer_runsArray<string>
analyzer_statsobject

PackageRef

FieldTypeDescription
namestring
versionstring
scopestring
purlstring
idstring
metadataobject
locationsArray<LocationRef>
licensesArray<LicenseRef>
vulnerabilitiesArray<VulnerabilityRef>
scorecardPackageScorecard

PackageScorecard

FieldTypeDescription
sourcestring
repositorystring
commitShastring
scorecardVersionstring
runDateTime
aggregateScorenumber
checksArray<PackageScorecardCheck>

PackageScorecardCheck

FieldTypeDescription
namestring
scoreinteger
reasonstring
documentationstring

PositionRef

FieldTypeDescription
filestring
lineinteger
columninteger
end_lineinteger

ProjectDescriptor

FieldTypeDescription
namestring
pathstring
target_typestring
target_refstring
ecosystemstring
package_managerstring

Reachability

FieldTypeDescription
statusstring
tierstring
analyzerstring
reasonstring
symbolsArray<AffectedSymbol>
call_pathsArray<CallPath>
hopsinteger
confidencestring
dynamic_imports_detectedboolean
analyzed_atstring

Reference

FieldTypeDescription
urlstring
typestring

SourcePosition

FieldTypeDescription
filestring
lineinteger
columninteger
end_lineinteger

Time

VulnerabilityRef

FieldTypeDescription
idstring
sourcestring
titlestring
severitystring
severity_sourcestring
aliasesArray<string>
descriptionstring
reasonsArray<string>
cvssArray<CVSSScore>
fixed_instring
fixed_versionsArray<string>
fix_statestring
fix_availableArray<FixAvailable>
affected_version_rangestring
referencesArray<Reference>
kev_exploitedboolean
known_exploitedArray<KnownExploited>
epssArray<EPSSScore>
cwesArray<CWE>
risk_scorenumber
data_sourcestring
namespacestring
cpesArray<string>
affected_symbolsArray<AffectedSymbol>
reachabilityReachability
Back to all docs