Generating a Software Bill of Materials (SBOM) for Upload Scans

Veracode Software Composition Analysis

You can use the Veracode SCA Agent REST API to generate a software bill of materials (SBOM) from your Veracode Software Composition Analysis upload scan results.

The REST API generates an SBOM in CycloneDX JSON format. It provides an inventory of all the components in your application and adds details about the relationships between the components. It also identifies which components are from third-party sources that make up the software supply chain.

The REST API can generate SBOMs for applications that have completed these types of Veracode SCA upload scans:
  • Policy scans
  • Sandbox scans promoted to policy scans