Skip to main content
The REST API is now versioned. For more information, see "About API versioning."

Software bill of materials (SBOM)

Use the REST API to export the software bill of materials (SBOM) for a repository.

Export a software bill of materials (SBOM) for a repository.

Exports the software bill of materials (SBOM) for a repository in SPDX JSON format.

Parameters for "Export a software bill of materials (SBOM) for a repository."

Headers
Name, Type, Description
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
Name, Type, Description
owner string Required

The account owner of the repository. The name is not case sensitive.

repo string Required

The name of the repository. The name is not case sensitive.

HTTP response status codes for "Export a software bill of materials (SBOM) for a repository."

Status codeDescription
200

OK

403

Forbidden

404

Resource not found

Code samples for "Export a software bill of materials (SBOM) for a repository."

get/repos/{owner}/{repo}/dependency-graph/sbom
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>"\ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/OWNER/REPO/dependency-graph/sbom

Response

Status: 200
{ "sbom": { "SPDXID": "SPDXRef-DOCUMENT", "spdxVersion": "SPDX-2.3", "creationInfo": { "created": "2021-09-01T00:00:00Z", "creators": [ "Tool: GitHub.com-Dependency-Graph" ] }, "name": "github/example", "dataLicense": "CC0-1.0", "documentDescribes": [ "github/example" ], "documentNamespace": "https://github.com/github/example/dependency_graph/sbom-abcdef123456", "packages": [ { "SPDXID": "SPDXRef-Package", "name": "rubygems:rails", "versionInfo": "1.0.0", "downloadLocation": "NOASSERTION", "filesAnalyzed": false, "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION" } ] } }