Software Component Download API

POST /qps/rest/1.0/download/ca/downloadcdxsbom/

Using this API you can view or download the Software Composition Analysis (SwCA) Scan Report in JSON format as per the Cyclone Dx standard.

The API response has an option to download the SwCA Scan Report in JSON format. Once downloaded, the API response displays a success message with the proper status code. You can download the Software Component report for single or multiple assets. We are providing you with the Criteria filter to specify the assets for which you want to download the report. You can specify the assets using different parameters in the Criteria filter, such as tagName, id, activationKey, and cdxschemaversion.

Permissions Required: CA Manager users should have all the permissions. Other users must have Access Permissions - API Access and Asset Management Permissions - Read Asset.

Input ParametersInput Parameters

Use the following input parameters to generate the SwCA Scan Report.

Input Parameter	Mandatory/Optional	Data Type	Description
cdxschemaversion	Mandatory	String	Specify the CyclonDx Schema Version for your reports. Acceptable values: CYCLONE_DX_1_4, CYCLONE_DX_1_6
tagName	Optional	String	Use this parameter to specify the assets using the asset tags associated with them.
id	Optional	Integer	Use this parameter to specify the assets using asset IDs. You can enter single or multiple asset IDs.
activationKey	Optional	String	Use this parameter to specify the assets using the activation key.

Sample: Download the SwCA Scan Report for Single AssetSample: Download the SwCA Scan Report for Single Asset

The following API illustrates downloading SwCA scan report in JSON format as per the CycloneDX_1_6. standard.

API Request


    curl -u fo_username:password -X POST -H "application/xml" 
    -H "X-Requested-With: curl" --data-binary @download_report.xml 
    "<qualys_base_url>/qps/rest/1.0/download/ca/downloadcdxsbom/"

API Request Body


    <?xml version="1.0" encoding="UTF-8"?>
    <ServiceRequest>
       <data>
         <DownloadCDXSbom>
             <assetId>12345678</assetId>
             <cdxschemaversion>CYCLONE_DX_1_6</cdxschemaversion>
         </DownloadCDXSbom>
      </data>
    </ServiceRequest>

API Response

    
    200 OK

Sample: Download SwCA Component Report for Multiple AssetsSample: Download SwCA Component Report for Multiple Assets

The following sample illustartes downloading the SwCA Componenet report for multiple assets in JSON format as per Cyclone Dx standard.

API Request

curl --location '
<qualys_base_url>/qps/rest/1.0/download/ca/downloadcdxsbom/' \
--header 'Content-Type: application/xml' \
--header 'Authorization: <authentication_token>' \
--header 'Cookie: JSESSIONID=EACF8DCFC60B2028B6F5F19D01AE2D9E' \
--data '

API Request Body

 
<ServiceRequest>
     <data>
        <DownloadCDXSbom>
            <cdxschemaversion>CYCLONE_DX_1_4</cdxschemaversion>
        </DownloadCDXSbom>
     </data>
     <filters>
          <Criteria field="tagName" operator="EQUALS">Cloud Agent</Criteria>
     </filters>
</ServiceRequest>

API Response

 
    200 OK.

Click the Send and Download on the API response page to download the SwCA component report in JSON format as per the Cyclone Dx standard.