SBOMs API
GET /sboms/{scan_id}
List SBOMs generated by a scan (usually a cyclonedx + spdx pair).
[
{ "id": "...", "scan_id": "...", "format": "cyclonedx", "component_count": 147, "created_at": "..." },
{ "id": "...", "scan_id": "...", "format": "spdx", "component_count": 147, "created_at": "..." }
]GET /sboms/{scan_id}/{sbom_id}
Full SBOM detail — returns the document JSON verbatim. Use the
Accept: application/json header; add ?download=1 to receive a
Content-Disposition: attachment for direct download.
Repository-scoped SBOM generation is documented under the Repos API:
/repos/{repo_id}/sbom.