Edit a Component

componentUpdate changes the fields of a single component inside an SBOM. Use it to correct a license, add a copyright line, fix a purl, and more.

You need two IDs: the component ID and the version ID (sbomId).

Find the component ID

List the components in a version and read the id of the one you want.

curl https://api.interlynk.io/lynkapi \
  -H "Authorization: Bearer $INTERLYNK_SECURITY_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "query Components($sbomId: Uuid!) { sbom(projectId: \"1fade833-0603-4139-8ca0-26592264a4c9\", sbomId: $sbomId) { components(sbomId: $sbomId, first: 25) { totalCount nodes { id name version purl copyright licensesExp } } } }",
    "variables": { "sbomId": "4e423fe0-d089-4025-b1e4-8fe9608138d6" }
  }'

{
  "data": {
    "sbom": {
      "components": {
        "totalCount": 88,
        "nodes": [
          {
            "id": "10ad56c1-2b33-49c0-9822-cfcb54be40f4",
            "name": "jackson-core",
            "version": "2.15.2",
            "purl": "pkg:maven/com.fasterxml.jackson.core/[email protected]?type=jar",
            "copyright": null,
            "licensesExp": "Apache-2.0"
          }
        ]
      }
    }
  }
}

components is a paginated connection. To search by name, add a search argument, or page through with first and after. See Conventions.

Update the component

Pass the component id, the sbomId, and only the fields you want to change. Omitted fields are left untouched.

curl https://api.interlynk.io/lynkapi \
  -H "Authorization: Bearer $INTERLYNK_SECURITY_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "mutation EditComponent($id: Uuid!, $sbomId: Uuid!, $copyright: String) { componentUpdate(input: { id: $id, sbomId: $sbomId, copyright: $copyright }) { component { id name copyright } errors } }",
    "variables": {
      "id": "10ad56c1-2b33-49c0-9822-cfcb54be40f4",
      "sbomId": "4e423fe0-d089-4025-b1e4-8fe9608138d6",
      "copyright": "Copyright (c) FasterXML, LLC"
    }
  }'

{
  "data": {
    "componentUpdate": {
      "component": {
        "id": "10ad56c1-2b33-49c0-9822-cfcb54be40f4",
        "name": "jackson-core",
        "copyright": "Copyright (c) FasterXML, LLC"
      },
      "errors": []
    }
  }
}

Editable fields

componentUpdate accepts these inputs. id and sbomId are required, the rest are optional.

Input

Type

Description

id

Uuid

The component ID. Required.

sbomId

Uuid

The version the component belongs to. Required.

name

String

Component name.

version

String

Component version.

purl

String

Package URL.

cpes

[String]

CPE identifiers.

licenses

LicenseInput

License expression. See below.

copyright

String

notice

String

License notice text.

description

String

Free-text description.

group

String

Group or namespace, for example a Maven group ID.

scope

String

Component scope.

kind

String

Component kind.

internal

Boolean

Mark the component as internal.

primary

Boolean

Mark the component as the primary component.

checksums

[ChecksumInput]

Hashes. Each is { alg, content }.

externalUrls

[ExternalUrlInput]

External links. Each is { name, url }.

Setting a license

licenses takes a LicenseInput object with a single field, licensesExp, an SPDX license expression:

"variables": {
  "id": "10ad56c1-2b33-49c0-9822-cfcb54be40f4",
  "sbomId": "4e423fe0-d089-4025-b1e4-8fe9608138d6",
  "licenses": { "licensesExp": "Apache-2.0 OR MIT" }
}

with the mutation:

mutation EditComponent($id: Uuid!, $sbomId: Uuid!, $licenses: LicenseInputType) {
  componentUpdate(input: { id: $id, sbomId: $sbomId, licenses: $licenses }) {
    component { id name licensesExp }
    errors
  }
}

A component has a read-only author field that componentUpdate does not accept. To record authorship, set it at the SBOM level with authorCreate. See Edit SBOM Metadata. To set a component's supplier, use compSupplierCreate.

Set a component supplier

componentUpdate does not change the supplier. Use compSupplierCreate:

curl https://api.interlynk.io/lynkapi \
  -H "Authorization: Bearer $INTERLYNK_SECURITY_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "mutation AddSupplier($componentId: Uuid!, $name: String!, $url: String, $contactName: String, $contactEmail: String) { compSupplierCreate(input: { componentId: $componentId, name: $name, url: $url, contactName: $contactName, contactEmail: $contactEmail }) { errors } }",
    "variables": {
      "componentId": "10ad56c1-2b33-49c0-9822-cfcb54be40f4",
      "name": "FasterXML, LLC",
      "url": "https://fasterxml.com"
    }
  }'

Errors

A failed update returns the reason in errors:

{
  "data": {
    "componentUpdate": {
      "component": null,
      "errors": ["Component not found"]
    }
  }
}

Message

Cause

Component not found

The component id is wrong, or it does not belong to that sbomId.

No arguments provided

You sent only id and sbomId with no fields to change.

Project not enabled

The product the component belongs to is disabled.

PreviousEdit SBOM Metadata NextVulnerabilities and VEX

Last updated 20 days ago