SBOM

This document uses the REST API. For more details, see the Authentication for API page.

Create an SBOM test run (Early Access)

post

Create an SBOM test run by supplying an SBOM document. The components contained in the given document will get analyzed for known vulnerabilities. In order for component identification to be successful, they must have a PackageURL (purl) of a supported purl type assigned. Analysis will be skipped for any component that does not fulfill this requirement. Supported SBOM formats: CycloneDX 1.4 JSON, CycloneDX 1.5 JSON, CycloneDX 1.6 JSON, SPDX 2.3 JSON Supported purl types: apk, cargo, cocoapods, composer, conan, deb, gem, generic, golang, hex, maven, npm, nuget, pub, pypi, rpm, swift

Required permissions

  • Test Projects (org.project.test)
Authorizations
Path parameters
org_idstring · uuidRequired

Org ID

Query parameters
versionstringRequired

Requested API version

Example: 2021-06-04Pattern: ^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$
Body
Responses
201
Created SBOM test successfully
application/vnd.api+json
post
POST /rest/orgs/{org_id}/sbom_tests HTTP/1.1
Host: api.snyk.io
Authorization: YOUR_API_KEY
Content-Type: application/vnd.api+json
Accept: */*
Content-Length: 105

{
  "data": {
    "attributes": {
      "format": "text",
      "sbom": {
        "ANY_ADDITIONAL_PROPERTY": "anything"
      }
    },
    "type": "resource"
  }
}
{
  "data": {
    "id": "d5b640e5-d88c-4c17-9bf0-93597b7a1ce2",
    "type": "resource"
  },
  "jsonapi": {
    "version": "1.0"
  },
  "links": {
    "first": "https://example.com/api/resource",
    "last": "https://example.com/api/resource",
    "next": "https://example.com/api/resource",
    "prev": "https://example.com/api/resource",
    "related": "https://example.com/api/resource",
    "self": "https://example.com/api/resource"
  }
}

Gets an SBOM test run status (Early Access)

get

Get an SBOM test run status

Required permissions

  • Test Projects (org.project.test)
Authorizations
Path parameters
org_idstring · uuidRequired

Org ID

job_idstring · uuidRequired

Job ID

Query parameters
versionstringRequired

Requested API version

Example: 2021-06-04Pattern: ^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$
Responses
200
SBOM test run status
application/vnd.api+json
get
GET /rest/orgs/{org_id}/sbom_tests/{job_id} HTTP/1.1
Host: api.snyk.io
Authorization: YOUR_API_KEY
Accept: */*
{
  "data": {
    "attributes": {
      "status": "processing"
    },
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "type": "resource"
  },
  "jsonapi": {
    "version": "1.0"
  },
  "links": {
    "first": "https://example.com/api/resource",
    "last": "https://example.com/api/resource",
    "next": "https://example.com/api/resource",
    "prev": "https://example.com/api/resource",
    "related": "https://example.com/api/resource",
    "self": "https://example.com/api/resource"
  }
}

Gets an SBOM test run result (Early Access)

get

Get an SBOM test run result

Required permissions

  • Test Projects (org.project.test)
Authorizations
Path parameters
org_idstring · uuidRequired

Org ID

job_idstring · uuidRequired

Job ID

Query parameters
versionstringRequired

Requested API version

Example: 2021-06-04Pattern: ^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$
starting_afterstringOptional

Return the page of results immediately after this cursor

Example: v1.eyJpZCI6IjEwMDAifQo=
ending_beforestringOptional

Return the page of results immediately before this cursor

Example: v1.eyJpZCI6IjExMDAifQo=
limitinteger · int32 · min: 10 · max: 100Optional

Number of results to return per page

Default: 10Example: 10
Header parameters
AcceptstringOptional
Responses
200
SBOM test results
get
GET /rest/orgs/{org_id}/sbom_tests/{job_id}/results HTTP/1.1
Host: api.snyk.io
Authorization: YOUR_API_KEY
Accept: */*
200

SBOM test results

{
  "ANY_ADDITIONAL_PROPERTY": "anything"
}

Get a project’s SBOM document

get

This endpoint lets you retrieve the SBOM document of a software project. It supports the following formats:

  • CycloneDX version 1.6 in JSON (set format to cyclonedx1.6+json).
  • CycloneDX version 1.6 in XML (set format to cyclonedx1.6+xml).
  • CycloneDX version 1.5 in JSON (set format to cyclonedx1.5+json).
  • CycloneDX version 1.5 in XML (set format to cyclonedx1.5+xml).
  • CycloneDX version 1.4 in JSON (set format to cyclonedx1.4+json).
  • CycloneDX version 1.4 in XML (set format to cyclonedx1.4+xml).
  • SPDX version 2.3 in JSON (set format to spdx2.3+json).

By default it will respond with an empty JSON:API response.

Required permissions

  • View Project history (org.project.snapshot.read)
Authorizations
Path parameters
org_idstring · uuidRequired

Unique identifier for an organization

project_idstring · uuidRequired

Unique identifier for a project

Query parameters
versionstringRequired

Requested API version

Example: 2021-06-04Pattern: ^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$
formatstring · enumOptional

The desired SBOM format of the response.

Example: cyclonedx1.6+jsonPossible values:
Responses
200
Returns the SBOM document of a project
get
GET /rest/orgs/{org_id}/projects/{project_id}/sbom HTTP/1.1
Host: api.snyk.io
Authorization: YOUR_API_KEY
Accept: */*
{
  "ANY_ADDITIONAL_PROPERTY": "anything"
}

Last updated

Was this helpful?