Support Snyk Learn API reference Product updates Sign up for free

SBOM

This document uses the REST API. For more details, see the Authentication for API page.

PreviousReporting API (v1)NextSastSettings

Last updated 6 months ago

Was this helpful?

Get a project’s SBOM document

This endpoint lets you retrieve the SBOM document of a software project. It supports the following formats:

CycloneDX version 1.6 in JSON (set format to cyclonedx1.6+json).
CycloneDX version 1.6 in XML (set format to cyclonedx1.6+xml).
CycloneDX version 1.5 in JSON (set format to cyclonedx1.5+json).
CycloneDX version 1.5 in XML (set format to cyclonedx1.5+xml).
CycloneDX version 1.4 in JSON (set format to cyclonedx1.4+json).
CycloneDX version 1.4 in XML (set format to cyclonedx1.4+xml).
SPDX version 2.3 in JSON (set format to spdx2.3+json).

By default it will respond with an empty JSON:API response.

get

/orgs/{org_id}/projects/{project_id}/sbom

Authorizations

Path parameters

org_idstring uuidrequired

Unique identifier for an organization

project_idstring uuidrequired

Unique identifier for a project

Query parameters

versionstringrequired

Requested API version

Example: 2021-06-04

Pattern:

^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$

formatenum

The desired SBOM format of the response.

Example: cyclonedx1.6+json

Options: cyclonedx1.6+json, cyclonedx1.6+xml, cyclonedx1.5+json, cyclonedx1.5+xml, cyclonedx1.4+json, cyclonedx1.4+xml, spdx2.3+json

excludeenum[]

An array of features to be excluded from the generated SBOM.

Responses

application/vnd.api+json

cURL

JavaScript

Python

HTTP

curl -L \
  --url 'https://api.snyk.io/rest/orgs/{org_id}/projects/{project_id}/sbom?version=text' \
  --header 'Authorization: Bearer YOUR_SECRET_TOKEN'

200

400

401

403

404

409

500

{
  "ANY_ADDITIONAL_PROPERTY": "anything"
}

Returns the SBOM document of a project