Skip to content

Add support for downloading OSS Scan results as SPDX files [FoD] #914

New issue
New issue
Open
Feature
Open
Add support for downloading OSS Scan results as SPDX files [FoD]#914
Feature
Assignees
kadraman
Labels
effort:lowEasy to implement/fixenhancementNew feature or requestfcli-fodIssue related to 'fcli fod' commandsprio:lowLow priority; nice to have but minimal impact
@kadraman

Description

@kadraman
kadraman
opened on Feb 3, 2026

Enhancement Request

With the release of OpenText Core Application Security 26.1 we now have support for exporting OSS scan results in CycloneDX or SPDX format - SPDX is new.

This is available with the API endpoint GET /api/v3/open-source-scans/{scanId}/sbom.

We should update the fcli fod oss-scan download command to be able to specify this format, e.g.:

fcli fod oss-scan download 12345 --format SPDX -f test.com

If no --format option is specified we default to (current) CycloneDX format.

Metadata

Metadata

Assignees

Labels

effort:lowEasy to implement/fixenhancementNew feature or requestfcli-fodIssue related to 'fcli fod' commandsprio:lowLow priority; nice to have but minimal impact

Type

Feature

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions