Skip to main content

Generating a software bill of materials (SBOM) for application profiles

You can use the Veracode SCA REST API to generate a software bill of materials (SBOM) based on the latest results from your Veracode Software Composition Analysis upload scans or agent-based scans that you have linked to an application profile.

The REST API generates an SBOM in CycloneDX JSON or SPDX format. It provides an inventory of all the components in your application and adds details about the relationships between the components. It also identifies which components are from third-party sources that make up the software supply chain.

The REST API can generate SBOMs for applications that have completed these types of Veracode SCA upload scans:

  • Policy scans
  • Sandbox scans promoted to policy scans
  • Agent-based scans linked to the application profile