Upload SBOM
POST /service/{service}/version/sbom
Upload a Software Bill of Materials (SBOM) for a service version to enable vulnerability analysis. The SBOM can be uploaded during the build step before deployment (e.g., in CI/CD pipeline) or after the service has already been deployed. Multiple SBOMs can be uploaded for the same service version to track vulnerabilities across different components or images.
For usage examples, see the SBOM documentation.
Important considerations:
- Provide both
versionandimagewhen possible. At least one is required. - If both are provided,
versionis used. If onlyimageis provided, bifrost derives the service version from the image tag or digest. - Ensure the provided version or image matches what is used during deployment.
- The SBOM must be valid JSON in either CycloneDX or SPDX format. Invalid formats will result in a 415 error.
Authorizations
Section titled “Authorizations ”Parameters
Section titled “ Parameters ”Path Parameters
Section titled “Path Parameters ”Service name or ID
Query Parameters
Section titled “Query Parameters ”Service version name or alias. Recommended together with image; required when image is not provided.
Container image reference used to derive the version from the image tag or digest. Recommended together with version; required when version is not provided.
Request Body required
Section titled “Request Body required ”SBOM content in JSON format (CycloneDX or SPDX)
SBOM JSON document in CycloneDX or SPDX format
object
Responses
Section titled “ Responses ”SBOM uploaded successfully
Invalid request
Access token is missing or invalid
Request failure
object
Unknown service
Invalid SBOM format: must be a valid SPDX or CycloneDX document