Skip to content

Filtering Output

Use jq queries to extract specific information from CBOM output.

Basic Queries

Count Components

cat cbom.json | jq '.components | length'

List Component Names

cat cbom.json | jq -r '.components[].name'

Get Metadata Properties

cat cbom.json | jq '.metadata.properties'

Filtering by Type

Find Certificates

cat cbom.json | jq '.components[] | select(.cryptoProperties?.assetType == "certificate")'

Find Algorithms

cat cbom.json | jq '.components[] | select(.cryptoProperties?.assetType == "algorithm")'

Find Libraries

cat cbom.json | jq '.components[] | select(.type == "library")'

Find Services

cat cbom.json | jq '.components[] | select(.type == "operating-system")'

Filtering by Properties

Find by PQC Status

# Find DEPRECATED algorithms
cat cbom.json | jq '.components[] |
    select(.properties[]? | select(.name == "cbom:pqc:status" and .value == "DEPRECATED"))'

# Find PQC SAFE components
cat cbom.json | jq '.components[] |
    select(.properties[]? | select(.name == "cbom:pqc:status" and .value == "SAFE"))'

Find Weak Keys

cat cbom.json | jq '.components[] |
    select(.properties[]? | select(.name == "cbom:key:is_weak" and .value == "true"))'

Find by Security Profile

cat cbom.json | jq '.components[] |
    select(.properties[]? | select(.name == "cbom:proto:security_profile" and .value == "OLD"))'

Extracting Specific Fields

Component Summary

cat cbom.json | jq '.components[] | {name, type, "bom-ref"}'

Certificate Details

cat cbom.json | jq '.components[] |
    select(.cryptoProperties?.assetType == "certificate") |
    {name,
     valid_from: .cryptoProperties.certificateProperties.notValidBefore,
     valid_to: .cryptoProperties.certificateProperties.notValidAfter}'

Key Information

cat cbom.json | jq '.components[] |
    select(.cryptoProperties?.assetType == "related-crypto-material") |
    {name,
     type: .cryptoProperties.relatedCryptoMaterialProperties.type,
     size: .cryptoProperties.relatedCryptoMaterialProperties.size}'

Aggregation Queries

Count by Asset Type

cat cbom.json | jq '[.components[] | .cryptoProperties?.assetType] |
    group_by(.) |
    map({type: .[0], count: length})'

Count by PQC Status

cat cbom.json | jq '[.components[] |
    [.properties[]? | select(.name == "cbom:pqc:status")][0].value] |
    group_by(.) |
    map({status: .[0], count: length})'

Algorithm Distribution

cat cbom.json | jq '[.components[] |
    select(.cryptoProperties?.assetType == "algorithm") |
    .name] |
    group_by(.) |
    map({algorithm: .[0], count: length}) |
    sort_by(.count) |
    reverse'

Dependency Queries

Find Service Dependencies

cat cbom.json | jq '.dependencies[] | select(.ref | startswith("service:"))'

Trace Algorithm Usage

cat cbom.json | jq '.dependencies[] |
    select(.dependsOn[]? | contains("algo:sha256")) |
    .ref'

Find Components Using a Library

cat cbom.json | jq '.dependencies[] |
    select(.dependsOn[]? | contains("library:openssl")) |
    .ref'

Output Formatting

CSV Export

cat cbom.json | jq -r '.components[] | [.name, .type, .["bom-ref"]] | @csv'

TSV Export

cat cbom.json | jq -r '.components[] | [.name, .type] | @tsv'

Custom Format

cat cbom.json | jq -r '.components[] |
    select(.cryptoProperties?.assetType == "certificate") |
    "\(.name)\t\(.cryptoProperties.certificateProperties.notValidAfter)"'

Complex Queries

Certificates Expiring Within 30 Days

EXPIRE=$(date -d "+30 days" --iso-8601)
cat cbom.json | jq --arg exp "$EXPIRE" '.components[] |
    select(.cryptoProperties?.certificateProperties?.notValidAfter < $exp) |
    select(.cryptoProperties?.certificateProperties != null) |
    {name, expires: .cryptoProperties.certificateProperties.notValidAfter}'

Services with Deprecated Protocols

cat cbom.json | jq '.dependencies[] |
    select(.ref | startswith("service:")) |
    select(.dependsOn[]? | test("protocol:tls-1\\.[01]")) |
    .ref'

Complete Dependency Chain

# Get all dependencies for a service
SERVICE="service:nginx"
cat cbom.json | jq --arg svc "$SERVICE" '
    def deps($ref): .dependencies[] | select(.ref == $ref) | .dependsOn[];
    {service: $svc, chain: [deps($svc)]}
'