SBOMs API

GET /sboms/{scan_id}

List SBOMs generated by a scan (usually a cyclonedx + spdx pair).

[
  { "id": "...", "scan_id": "...", "format": "cyclonedx", "component_count": 147, "created_at": "..." },
  { "id": "...", "scan_id": "...", "format": "spdx",      "component_count": 147, "created_at": "..." }
]

GET /sboms/{scan_id}/{sbom_id}

Full SBOM detail — returns the document JSON verbatim. Use the Accept: application/json header; add ?download=1 to receive a Content-Disposition: attachment for direct download.

Repository-scoped SBOM generation is documented under the Repos API: /repos/{repo_id}/sbom.