Upload SBOM
POST /service/{service}/version/{serviceVersionName}/sbom
POST
/service/{service}/version/{serviceVersionName}/sbom
Upload a Software Bill of Materials (SBOM) for a service version to enable vulnerability analysis. The SBOM can be uploaded during the build step before deployment (e.g., in CI/CD pipeline) or after the service has already been deployed. Multiple SBOMs can be uploaded for the same service version to track vulnerabilities across different components or images.
Important considerations:
- Ensure the
serviceVersionNameused when uploading the SBOM matches exactly the version name used during deployment. Mismatches will prevent proper association of vulnerability data with your running service. - When providing the
imageparameter, use the exact same image reference (including registry, repository, tag, or digest) that will be deployed. This ensures accurate tracking of vulnerabilities for the specific image version. - The SBOM must be valid JSON in either CycloneDX or SPDX format. Invalid formats will result in a 400 error.
Authorizations
Section titled “Authorizations ”Parameters
Section titled “ Parameters ”Path Parameters
Section titled “Path Parameters ” service
required
string
Service name or ID
serviceVersionName
required
string
Version name or alias
Query Parameters
Section titled “Query Parameters ” image
string
Container image reference (e.g., registry/repo:tag)
Request Body required
Section titled “Request Body required ”SBOM content in JSON format (CycloneDX or SPDX)
SBOM JSON document in CycloneDX or SPDX format
object
Responses
Section titled “ Responses ”SBOM uploaded successfully
Invalid SBOM format or request
Access token is missing or invalid
Request failure
object
errorMessage
string
Unknown service