> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cysmiq.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Manifests

> Use manifest views to inspect dependency files, direct and transitive dependencies, policy status, and SBOM exports.

## Overview

Use **Manifests** to review dependency files discovered during repository scans. A manifest represents a package manager file, lock file, or dependency source that Cysmiq uses to build dependency and SBOM data.

Manifest views help you move from a dependency file to its packages, package versions, repository, policy state, and SBOM export.

## When to use manifests

* Find dependency files across repositories
* Review direct and transitive dependencies for a manifest
* Inspect dependency paths in a dependency tree
* Review package and manifest policy status when policies are enabled
* Export a manifest-level SBOM
* Drill into packages, repositories, or vulnerabilities from dependency data

## Manifest list

The **Manifests** list shows manifest identity, language, type, asset, ref, package count, created date, policy status when policies are enabled, and row actions.

Use the list to filter by:

* Ref scope, with **Default refs** selected by default
* Whether a manifest has packages
* Language
* Type
* Asset
* Path
* Package, package version, or usage drilldowns opened from package views

Bulk actions can export selected manifests. When policies are enabled, owners can also add selected manifests to allow or deny policy rules.

## Manifest detail view

Open a manifest to review:

| Section                     | What it shows                                                                                                                                                       |
| --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Details**                 | Path, manifest file, lock file, directory, language, type, package manager, group key when available, version when available, linked asset, and created date.       |
| **Direct Dependencies**     | Packages used directly by the manifest, including package name, version, PURL, dependency usage labels, and policy state when policies are enabled.                 |
| **Transitive Dependencies** | Packages brought in by direct dependencies, including package name, version, PURL, introducer, dependency usage labels, and policy state when policies are enabled. |
| **Dependency Tree**         | A searchable dependency tree with expandable nodes and dependency scope controls.                                                                                   |
| **Summary**                 | Total packages, unique packages, direct and transitive dependency counts, production dependency counts, policy state when available, and SBOM export.               |

## Dependency scope

Direct dependencies, transitive dependencies, and the dependency tree include a **Dependency scope** control.

| Scope          | Meaning                                                                                    |
| -------------- | ------------------------------------------------------------------------------------------ |
| **Production** | Shows dependencies treated as production dependencies when Cysmiq has classification data. |
| **All**        | Shows all dependencies for the manifest.                                                   |

Non-production dependencies can show a **Dev** or group-specific badge when Cysmiq has enough classification data.

## Policy status

When package and manifest policies are enabled, the manifest detail page can show policy state in the summary and in dependency rows.

Public status labels include:

* **Compliant**
* **Violation**
* **Needs review**
* **Exception**

Owners can open **Manage policy** actions from supported policy surfaces.

## SBOM export

Use **Download SBOM** on the manifest detail page to export a CycloneDX SBOM for the manifest.

Available formats:

* CycloneDX JSON
* CycloneDX XML

Small SBOM exports download immediately. Larger exports are queued, and Cysmiq notifies you when the file is ready.

## Related docs

* [Repositories](./repositories)
* [Packages](./packages)
* [Package managers and manifests](../reference/package-managers-manifests)
* [Package and manifest policies](../policies/package-and-manifest-rules)
* [Default branch filters](../views-automation/default-branch-filters)
* [SBOMs](../concepts/sboms)
