You can use the SCA Agent REST API to generate a software bill of materials (SBOM) from your Veracode Software Composition Analysis agent-based scan results. The response includes an inventory of all components in your project in CycloneDX JSON format.
Before You Begin
You must have:
- API credentials
- HMAC authentication enabled
- Completed Veracode SCA agent-based scans
Steps
-
Use this command to return the list of GUIDs for your workspaces:
http --auth-type=veracode_hmac "https://api.veracode.com/srcclr/v3/workspaces"
-
Use this command to return the list of project GUIDs for the workspace:
http --auth-type=veracode_hmac "https://api.veracode.com/srcclr/v3/workspaces/{workspaceGuid}/projects?type=agent"
-
Use this command to return the SBOM containing the SCA agent-based scan results for your project:
http --auth-type=veracode_hmac "https://api.veracode.com/srcclr/sbom/v1/targets/{projectGuid}/cyclonedx?type=agent"
Setting the
typeproperty toagentspecifies that the API retrieves data from Veracode SCA agent-based scans. To generate an SBOM for upload scans, follow these instructions.