Generate a Software Bill of Materials (SBOM) for Agent-Based Projects with the REST API

Veracode APIs

Publication

Veracode APIs

Edition date

2023-01-27

Last publication

2023-01-27T02:45:54.600583

You can use the SCA Agent REST API to generate a software bill of materials (SBOM) based on your latest Veracode Software Composition Analysis agent-based scan results. The response includes an inventory of all components in your project in CycloneDX JSON format.

Before you begin:

You must have:

A Veracode account with the Security Lead role
API credentials
HMAC authentication enabled
Completed at least one Veracode SCA agent-based scan in the last 13 months

To complete this task:

Use this command to return the list of GUIDs for your workspaces:

http --auth-type=veracode_hmac "https://api.veracode.com/srcclr/v3/workspaces"

Use this command to return the list of project GUIDs for the workspace:

http --auth-type=veracode_hmac "https://api.veracode.com/srcclr/v3/workspaces/{workspaceGuid}/projects?type=agent"

Use this command to return the SBOM containing the SCA agent-based scan results for your project:
```
http --auth-type=veracode_hmac "https://api.veracode.com/srcclr/sbom/v1/targets/{projectGuid}/cyclonedx?type=agent"
```
Set the type property to agent to retrieve data from Veracode SCA agent-based scans. To generate an SBOM for upload scans or for agent-based scans linked to an application profile, follow these instructions.

Additional documentation is available on SwaggerHub.