Test an SBOM document for vulnerabilities

Snyk offers a collection of API endpoints to asynchronously test a software bill of materials (SBOM) document. You can use these endpoints to learn more about the vulnerabilities impacting your SBOM and its packages.

Snyk identifies components within the SBOM by their package URL (purl). If a component does not contain a purl or the purl type is not supported, Snyk skips vulnerability analysis for that component. Supported purl types are: apk, cargo, cocoapods, composer, deb, gem, golang, hex, maven, npm, nuget, pypi, rpm