Skip to main content

Generate an SBOM with Veracode Container Security

You can generate a software bill of materials (SBOM) with Veracode Container Security. Supported formats include CycloneDX, SPDX, standard JSON, and more.

Before you begin:

Ensure you have installed the Veracode CLI.

To complete this task:

  1. At the command prompt, run this command: ./veracode configure.

  2. When prompted, enter the API ID and secret key you generated in the Veracode Platform.

  3. Run the sbom command with the appropriate target type, target, and flags. For example:

    ./veracode sbom --source alpine:latest --type image -f spdx-json

    To print the output to a file, add the -o flag. You can share this file or save it as an artifact in a pipeline. For example:

    ./veracode sbom --source alpine:latest --type image -f spdx-json -o alpine-latest-sbom.json
  4. Review the generated SBOM.