Table of Contents
...
Field Name | Description | Required |
---|---|---|
artifactId | Filename or Maven artifactId of the dependency | Yes |
filename | Filename of the file | No, it's recommended to use both artifactId and filename |
version | Version of the dependency | No, this is only necessary for a build tool dependency (for example, Maven dependency) and not a simple file |
groupId | groupId of the dependency | No, this is only necessary for a build tool dependency (for example, Maven dependency) and not a simple file |
sha1 | SHA-1 checksum of the file | No, in case where there is no SHA-1, for example NPM package that is found within a package.json file |
systemPath | Path of the file on your local machine | No |
type | Type of the dependency (only relevant for Maven) | No |
scope | Scope of the dependency (only relevant for Maven) | No |
classifier | Classifier of the dependency (only relevant for Maven if applicable) | No |
dependencyType | representing the type of the dependency, see DependencyType The dependencyType field is used to improve identification of certain dependencies, can be one of:
| No, but recommended when sending dependencies identified in a non-standard way. For example in a package.json file (NPM) or scanned as an installed RPM package via querying the package manager |
checksums | A map of checksumType and the actual checksum values, see ChecksumType The checksums map will be used in future versions to hold all calculated checksums in a single object instead of in separate fields, the checksumType can be one of:
| Yes, in case you plan on sending more than the standard sha1 checksum In the future we plan on deprecating the 'sha1' field, so please make sure to populate both 'sha1' field and the SHA1 checksumType in the checksums map |
children | An array of DependencyInfo objects which are considered transitive dependencies | No |
...