.\" Man page generated from reStructuredText.
.
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "DEBSBOM-DOWNLOAD" "1" "Mar 24, 2026" "" "debsbom"
.SH NAME
debsbom-download \- debsbom download command
.SH SYNOPSIS
.INDENT 0.0
.INDENT 3.5
.sp
.EX
debsbom download [\-h] [\-t {cdx,spdx}] [\-\-outdir OUTDIR] [\-\-sources]
                 [\-\-binaries] [\-\-skip\-pkgs SKIP]
                 [\-\-resolver {debian\-snapshot}]
                 [bomin]
.EE
.UNINDENT
.UNINDENT
.SH DESCRIPTION
.sp
Download referenced packages
.sp
Processes a SBOM and downloads the referenced packages.
If no SBOM is provided, it reads line separated entries (name version arch)
from stdin to define what shall be downloaded.
.SS JSON Output Schema
.sp
When the application is run with JSON output enabled (via the \fB\-\-json\fP flag),
status messages are emitted as single\-line JSON objects to standard output.
Each line represents a distinct package download operation.
.sp
The schema for these JSON objects is as follows:
.INDENT 0.0
.INDENT 3.5
.sp
.EX
{
  \(dq$schema\(dq: \(dqhttps://json\-schema.org/draft/2020\-12/schema\(dq,
  \(dq$id\(dq: \(dqhttps://github.com/siemens/debsbom/blob/main/src/debsbom/schema/schema\-download.json\(dq,
  \(dqtitle\(dq: \(dqDownload Result\(dq,
  \(dqdescription\(dq: \(dqThe result of a download operation including the status, package name, package version, file name and file path.\(dq,
  \(dqtype\(dq: \(dqobject\(dq,
  \(dqproperties\(dq: {
    \(dqstatus\(dq: {
      \(dqdescription\(dq: \(dqThe status of the download operation.\(dq,
      \(dqenum\(dq: [\(dqok\(dq, \(dqnot_found\(dq, \(dqchecksum_mismatch\(dq]
    },
    \(dqpackage\(dq: {
      \(dqtype\(dq: \(dqobject\(dq,
      \(dqdescription\(dq: \(dqAn object identifying the package.\(dq,
      \(dqproperties\(dq: {
        \(dqname\(dq: {
          \(dqtype\(dq: \(dqstring\(dq,
          \(dqdescription\(dq: \(dqThe name of the package.\(dq
        },
        \(dqversion\(dq: {
          \(dqtype\(dq: \(dqstring\(dq,
          \(dqdescription\(dq: \(dqThe version of the package.\(dq
        },
        \(dqpurl\(dq: {
          \(dqtype\(dq: \(dqstring\(dq,
          \(dqdescription\(dq: \(dqThe package url of the package.\(dq
        }
      },
      \(dqrequired\(dq: [\(dqname\(dq, \(dqversion\(dq, \(dqpurl\(dq]
    },
    \(dqfilename\(dq: {
      \(dqtype\(dq: \(dqstring\(dq,
      \(dqdescription\(dq: \(dqThe name of the processed file or an empty string if the package is unavailable.\(dq
    },
    \(dqpath\(dq: {
      \(dqtype\(dq: \(dqstring\(dq,
      \(dqdescription\(dq: \(dqThe absolute path to the downloaded file on success.\(dq
    }
  },
  \(dqrequired\(dq: [\(dqstatus\(dq, \(dqpackage\(dq]
}

.EE
.UNINDENT
.UNINDENT
.SS Fields
.INDENT 0.0
.IP \(bu 2
\fBstatus\fP:
The status of the download operation. This field will contain one of the
following predefined values from the \fBDownloadStatus\fP enum:
.INDENT 2.0
.IP \(bu 2
\fB\(dqok\(dq\fP: The file was either successfully downloaded or found in the cache, and the checksum was verified.
.IP \(bu 2
\fB\(dqchecksum_mismatch\(dq\fP: The downloaded file\(aqs checksum did not match the expected value.
.IP \(bu 2
\fB\(dqnot_found\(dq\fP: The requested file or package could not be located.
.UNINDENT
.IP \(bu 2
\fBpackage\fP:
An object identifying the package, including the name and the version as a string.
.IP \(bu 2
\fBfilename\fP:
The name of the processed file or an empty string if the package is unavailable.
.IP \(bu 2
\fBpath\fP:
The absolute path to the downloaded file or an empty string if nothing could be downloaded.
.UNINDENT
.SH OPTIONS
.sp

\fBPositional Arguments\fP
.PP
.INDENT 0.0
.TP
.B  bomin
sbom file(s) to process for \(aqbomin\(aq. Use \(aq\-\(aq to read from stdin
.UNINDENT
.sp

\fBNamed Arguments\fP
.PP
.INDENT 0.0
.TP
.B  \-t\fP,\fB  \-\-sbom\-type
SBOM type to process (default: auto\-detect), required when reading from stdin
.sp
Possible choices: cdx, spdx
.TP
.B  \-\-outdir=\(aqdownloads\(aq
directory to store downloaded files
.TP
.B  \-\-sources=False
operate only on source packages (skip binaries)
.TP
.B  \-\-binaries=False
operate only on binary packages (skip sources)
.TP
.B  \-\-skip\-pkgs
packages to exclude from the download, in package\-list format
.TP
.B  \-\-resolver=\(aqdebian\-snapshot\(aq
resolver to use to find upstream packages (default: \(aqdebian\-snapshot\(aq)
.sp
Possible choices: debian\-snapshot
.UNINDENT
.SH SEE ALSO
.sp
\fBdebsbom\-generate(1)\fP
.SH DEBSBOM
.sp
Part of the \fBdebsbom(1)\fP suite.
.SH AUTHOR
Christoph Steiger, Felix Moessbauer
.SH COPYRIGHT
2025, Siemens
.\" Generated by docutils manpage writer.
.