SBOM
Create an SBOM test run by supplying an SBOM document. The components contained in the given document will get analyzed for known vulnerabilities. In order for component identification to be successful, they must have a PackageURL (purl) of a supported purl type assigned. Analysis will be skipped for any component that does not fulfill this requirement. Supported SBOM formats: CycloneDX 1.4 JSON, CycloneDX 1.5 JSON, CycloneDX 1.6 JSON, SPDX 2.3 JSON Supported purl types: apk, cargo, cocoapods, composer, conan, deb, gem, generic, golang, hex, maven, npm, nuget, pub, pypi, rpm, swift
Required permissions
Test Projects (org.project.test)
Org ID
Requested API version
2021-06-04
Pattern: ^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$
POST /rest/orgs/{org_id}/sbom_tests HTTP/1.1
Host: api.snyk.io
Authorization: YOUR_API_KEY
Content-Type: application/vnd.api+json
Accept: */*
Content-Length: 105
{
"data": {
"attributes": {
"format": "text",
"sbom": {
"ANY_ADDITIONAL_PROPERTY": "anything"
}
},
"type": "resource"
}
}
{
"data": {
"id": "d5b640e5-d88c-4c17-9bf0-93597b7a1ce2",
"type": "resource"
},
"jsonapi": {
"version": "1.0"
},
"links": {
"first": "https://example.com/api/resource",
"last": "https://example.com/api/resource",
"next": "https://example.com/api/resource",
"prev": "https://example.com/api/resource",
"related": "https://example.com/api/resource",
"self": "https://example.com/api/resource"
}
}
Get an SBOM test run status
Required permissions
Test Projects (org.project.test)
Org ID
Job ID
Requested API version
2021-06-04
Pattern: ^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$
GET /rest/orgs/{org_id}/sbom_tests/{job_id} HTTP/1.1
Host: api.snyk.io
Authorization: YOUR_API_KEY
Accept: */*
{
"data": {
"attributes": {
"status": "processing"
},
"id": "123e4567-e89b-12d3-a456-426614174000",
"type": "resource"
},
"jsonapi": {
"version": "1.0"
},
"links": {
"first": "https://example.com/api/resource",
"last": "https://example.com/api/resource",
"next": "https://example.com/api/resource",
"prev": "https://example.com/api/resource",
"related": "https://example.com/api/resource",
"self": "https://example.com/api/resource"
}
}
Get an SBOM test run result
Required permissions
Test Projects (org.project.test)
Org ID
Job ID
Requested API version
2021-06-04
Pattern: ^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$
Return the page of results immediately after this cursor
v1.eyJpZCI6IjEwMDAifQo=
Return the page of results immediately before this cursor
v1.eyJpZCI6IjExMDAifQo=
Number of results to return per page
10
Example: 10
GET /rest/orgs/{org_id}/sbom_tests/{job_id}/results HTTP/1.1
Host: api.snyk.io
Authorization: YOUR_API_KEY
Accept: */*
SBOM test results
{
"ANY_ADDITIONAL_PROPERTY": "anything"
}
This endpoint lets you retrieve the SBOM document of a software project. It supports the following formats:
- CycloneDX version 1.6 in JSON (set
format
tocyclonedx1.6+json
). - CycloneDX version 1.6 in XML (set
format
tocyclonedx1.6+xml
). - CycloneDX version 1.5 in JSON (set
format
tocyclonedx1.5+json
). - CycloneDX version 1.5 in XML (set
format
tocyclonedx1.5+xml
). - CycloneDX version 1.4 in JSON (set
format
tocyclonedx1.4+json
). - CycloneDX version 1.4 in XML (set
format
tocyclonedx1.4+xml
). - SPDX version 2.3 in JSON (set
format
tospdx2.3+json
).
By default it will respond with an empty JSON:API response.
Required permissions
View Project history (org.project.snapshot.read)
Unique identifier for an organization
Unique identifier for a project
Requested API version
2021-06-04
Pattern: ^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$
The desired SBOM format of the response.
cyclonedx1.6+json
Possible values: GET /rest/orgs/{org_id}/projects/{project_id}/sbom HTTP/1.1
Host: api.snyk.io
Authorization: YOUR_API_KEY
Accept: */*
{
"ANY_ADDITIONAL_PROPERTY": "anything"
}
Last updated
Was this helpful?