SBOM
Create an SBOM test run by supplying an SBOM document. The components contained in the given document will get analyzed for known vulnerabilities. In order for component identification to be successful, they must have a PackageURL (purl) of a supported purl type assigned. Analysis will be skipped for any component that does not fulfill this requirement. Supported SBOM formats: CycloneDX 1.4 JSON, CycloneDX 1.5 JSON, CycloneDX 1.6 JSON, SPDX 2.3 JSON Supported purl types: apk, cargo, cocoapods, composer, conan, deb, gem, generic, golang, hex, maven, npm, nuget, pub, pypi, rpm, swift
Required permissions
Test Projects (org.project.test)
Org ID
Requested API version
2021-06-04Pattern: ^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$Created SBOM test successfully
Bad Request: A parameter provided as a part of the request was invalid.
Unauthorized: the request requires an authentication token.
Forbidden: the request requires an authentication token with more or different permissions.
Not Found: The resource being operated on could not be found.
Conflict: The requested operation conflicts with the current state of the resource in some way.
Internal Server Error: An error was encountered while attempting to process the request.
POST /rest/orgs/{org_id}/sbom_tests HTTP/1.1
Host: api.snyk.io
Authorization: YOUR_API_KEY
Content-Type: application/vnd.api+json
Accept: */*
Content-Length: 105
{
"data": {
"attributes": {
"format": "text",
"sbom": {
"ANY_ADDITIONAL_PROPERTY": "anything"
}
},
"type": "resource"
}
}{
"data": {
"id": "d5b640e5-d88c-4c17-9bf0-93597b7a1ce2",
"type": "resource"
},
"jsonapi": {
"version": "1.0"
},
"links": {
"first": "https://example.com/api/resource",
"last": "https://example.com/api/resource",
"next": "https://example.com/api/resource",
"prev": "https://example.com/api/resource",
"related": "https://example.com/api/resource",
"self": "https://example.com/api/resource"
}
}Get an SBOM test run status
Required permissions
Test Projects (org.project.test)
Org ID
Job ID
Requested API version
2021-06-04Pattern: ^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$SBOM test run status
Bad Request: A parameter provided as a part of the request was invalid.
Unauthorized: the request requires an authentication token.
Forbidden: the request requires an authentication token with more or different permissions.
Not Found: The resource being operated on could not be found.
Conflict: The requested operation conflicts with the current state of the resource in some way.
Internal Server Error: An error was encountered while attempting to process the request.
GET /rest/orgs/{org_id}/sbom_tests/{job_id} HTTP/1.1
Host: api.snyk.io
Authorization: YOUR_API_KEY
Accept: */*
{
"data": {
"attributes": {
"status": "processing"
},
"id": "123e4567-e89b-12d3-a456-426614174000",
"type": "resource"
},
"jsonapi": {
"version": "1.0"
},
"links": {
"first": "https://example.com/api/resource",
"last": "https://example.com/api/resource",
"next": "https://example.com/api/resource",
"prev": "https://example.com/api/resource",
"related": "https://example.com/api/resource",
"self": "https://example.com/api/resource"
}
}Get an SBOM test run result
Required permissions
Test Projects (org.project.test)
Org ID
Job ID
Requested API version
2021-06-04Pattern: ^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$Return the page of results immediately after this cursor
v1.eyJpZCI6IjEwMDAifQo=Return the page of results immediately before this cursor
v1.eyJpZCI6IjExMDAifQo=Number of results to return per page
10Example: 10SBOM test results
GET /rest/orgs/{org_id}/sbom_tests/{job_id}/results HTTP/1.1
Host: api.snyk.io
Authorization: YOUR_API_KEY
Accept: */*
SBOM test results
{
"ANY_ADDITIONAL_PROPERTY": "anything"
}This endpoint lets you retrieve the SBOM document of a software project. It supports the following formats:
- CycloneDX version 1.6 in JSON (set
formattocyclonedx1.6+json). - CycloneDX version 1.6 in XML (set
formattocyclonedx1.6+xml). - CycloneDX version 1.5 in JSON (set
formattocyclonedx1.5+json). - CycloneDX version 1.5 in XML (set
formattocyclonedx1.5+xml). - CycloneDX version 1.4 in JSON (set
formattocyclonedx1.4+json). - CycloneDX version 1.4 in XML (set
formattocyclonedx1.4+xml). - SPDX version 2.3 in JSON (set
formattospdx2.3+json).
By default it will respond with an empty JSON:API response.
Required permissions
View Project history (org.project.snapshot.read)
Unique identifier for an organization
Unique identifier for a project
Requested API version
2021-06-04Pattern: ^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$The desired SBOM format of the response.
cyclonedx1.6+jsonPossible values: Returns the SBOM document of a project
Bad Request: A parameter provided as a part of the request was invalid.
Unauthorized: the request requires an authentication token.
Forbidden: the request requires an authentication token with more or different permissions.
Not Found: The resource being operated on could not be found.
Conflict: The requested operation conflicts with the current state of the resource in some way.
Internal Server Error: An error was encountered while attempting to process the request.
GET /rest/orgs/{org_id}/projects/{project_id}/sbom HTTP/1.1
Host: api.snyk.io
Authorization: YOUR_API_KEY
Accept: */*
{
"ANY_ADDITIONAL_PROPERTY": "anything"
}Last updated
Was this helpful?