Edit SBOM Metadata

You can change a version's metadata through the API: who authored the SBOM, and who supplies it. This guide covers SBOM authors and suppliers.

Author of the SBOM vs author of a component. An SBOM has authors, the people or tools that produced the document. This maps to metadata.authors in CycloneDX. A component inside the SBOM also has an author field, but that one is read-only through the API: it is set when the SBOM is ingested and cannot be changed with a mutation. To edit component-level fields you can change, see Edit a Component.

Every call here needs the version ID (sbomId). Get it from List Products and Versions.

Add an author

authorCreate adds an author to a version.

curl https://api.interlynk.io/lynkapi \
  -H "Authorization: Bearer $INTERLYNK_SECURITY_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "mutation AddAuthor($sbomId: Uuid!, $name: String!, $email: String, $phone: String) { authorCreate(input: { sbomId: $sbomId, name: $name, email: $email, phone: $phone }) { author { id name email phone } errors } }",
    "variables": {
      "sbomId": "4e423fe0-d089-4025-b1e4-8fe9608138d6",
      "name": "Jane Doe",
      "email": "[email protected]"
    }
  }'

{
  "data": {
    "authorCreate": {
      "author": {
        "id": "b1c2d3e4-0000-0000-0000-000000000001",
        "name": "Jane Doe",
        "email": "[email protected]",
        "phone": null
      },
      "errors": []
    }
  }
}

Input

Type

Required

sbomId

Uuid

Yes. The version to add the author to.

name

String

Yes.

email

String

No.

phone

String

No.

Save the returned author.id. You need it to update or delete the author.

List the authors on a version

curl https://api.interlynk.io/lynkapi \
  -H "Authorization: Bearer $INTERLYNK_SECURITY_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "query Authors($projectId: Uuid!, $sbomId: Uuid!) { sbom(projectId: $projectId, sbomId: $sbomId) { authors { id name email phone } } }",
    "variables": {
      "projectId": "1fade833-0603-4139-8ca0-26592264a4c9",
      "sbomId": "4e423fe0-d089-4025-b1e4-8fe9608138d6"
    }
  }'

Update an author

authorUpdate changes an existing author. Pass the authorId and only the fields you want to change.

curl https://api.interlynk.io/lynkapi \
  -H "Authorization: Bearer $INTERLYNK_SECURITY_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "mutation UpdateAuthor($authorId: Uuid!, $sbomId: Uuid!, $email: String) { authorUpdate(input: { authorId: $authorId, sbomId: $sbomId, email: $email }) { author { id name email } errors } }",
    "variables": {
      "authorId": "b1c2d3e4-0000-0000-0000-000000000001",
      "sbomId": "4e423fe0-d089-4025-b1e4-8fe9608138d6",
      "email": "[email protected]"
    }
  }'

Delete an author

curl https://api.interlynk.io/lynkapi \
  -H "Authorization: Bearer $INTERLYNK_SECURITY_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "mutation DeleteAuthor($authorId: Uuid!, $sbomId: Uuid!) { authorDelete(input: { authorId: $authorId, sbomId: $sbomId }) { errors } }",
    "variables": {
      "authorId": "b1c2d3e4-0000-0000-0000-000000000001",
      "sbomId": "4e423fe0-d089-4025-b1e4-8fe9608138d6"
    }
  }'

Suppliers

A version also has suppliers. The mutations work the same way as authors:

Mutation

Purpose

sbomSupplierCreate

Add a supplier to a version.

sbomSupplierUpdate

Change an existing supplier.

sbomSupplierDelete

Remove a supplier.

To set a supplier on an individual component instead of the whole SBOM, see Edit a Component.

Errors

Mutation failures come back in the errors list rather than as an HTTP error:

{
  "data": {
    "authorCreate": {
      "author": null,
      "errors": ["Sbom not found"]
    }
  }
}

Sbom not found means the sbomId is wrong or the token cannot access it. See Errors.

PreviousCheck Processing Status NextEdit a Component

Last updated 20 days ago