Skip to main content
POST
/
api
/
v1
/
deployments
/
{deploymentId}
/
sbom
/
export
Create a new SBOM export job
curl --request POST \
  --url https://semgrep.dev/api/v1/deployments/{deploymentId}/sbom/export \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "deploymentId": 123,
  "formatVersion": {
    "format": "SBOM_FORMAT_CYCLONEDX",
    "version": "1.5"
  },
  "metadataComponentType": "SBOM_METADATA_COMPONENT_TYPE_CYCLONE_DX_V15_APPLICATION",
  "metadataSupplier": {
    "contact": {
      "email": "<string>",
      "name": "<string>",
      "phone": "<string>"
    },
    "name": "<string>",
    "url": "<string>"
  },
  "ref": "refs/pull/1234/merge",
  "repositoryId": 123,
  "sbomOutputFormat": "SBOM_OUTPUT_FORMAT_JSON"
}
'
{
  "taskToken": "<string>"
}

Documentation Index

Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Get access to data with your API token. Example header:

Authorization: Bearer 2991e2fb4b540fe75b8f90677b0b892b6314e4961cb001fe6eb452eee248a628

The token can be provisioned from the Tokens section in your Settings, and requires explicitly enabling Web API access.

Path Parameters

deploymentId
string<uint64>
required

Deployment ID (numeric). Example: 123. Can be found at /deployments, or in your Settings in the web UI.

Example:

123

Body

application/json
deploymentId
string<uint64>

Deployment ID (numeric). Example: 123. Can be found at /deployments, or in your Settings in the web UI.

Example:

123

formatVersion
object
metadataComponentType
enum<string>
default:SBOM_METADATA_COMPONENT_TYPE_CYCLONE_DX_V15_APPLICATION

Metadata component type for the SBOM export.

valuedescription
SBOM_METADATA_COMPONENT_TYPE_CYCLONE_DX_V15_APPLICATION
SBOM_METADATA_COMPONENT_TYPE_CYCLONE_DX_V15_FRAMEWORK
SBOM_METADATA_COMPONENT_TYPE_CYCLONE_DX_V15_LIBRARY
SBOM_METADATA_COMPONENT_TYPE_CYCLONE_DX_V15_CONTAINER
SBOM_METADATA_COMPONENT_TYPE_CYCLONE_DX_V15_PLATFORM
SBOM_METADATA_COMPONENT_TYPE_CYCLONE_DX_V15_OPERATING_SYSTEM
SBOM_METADATA_COMPONENT_TYPE_CYCLONE_DX_V15_DEVICE
SBOM_METADATA_COMPONENT_TYPE_CYCLONE_DX_V15_DEVICE_DRIVER
SBOM_METADATA_COMPONENT_TYPE_CYCLONE_DX_V15_FIRMWARE
SBOM_METADATA_COMPONENT_TYPE_CYCLONE_DX_V15_FILE
SBOM_METADATA_COMPONENT_TYPE_CYCLONE_DX_V15_MACHINE_LEARNING_MODEL
SBOM_METADATA_COMPONENT_TYPE_CYCLONE_DX_V15_DATA
Available options:
SBOM_METADATA_COMPONENT_TYPE_CYCLONE_DX_V15_APPLICATION,
SBOM_METADATA_COMPONENT_TYPE_CYCLONE_DX_V15_FRAMEWORK,
SBOM_METADATA_COMPONENT_TYPE_CYCLONE_DX_V15_LIBRARY,
SBOM_METADATA_COMPONENT_TYPE_CYCLONE_DX_V15_CONTAINER,
SBOM_METADATA_COMPONENT_TYPE_CYCLONE_DX_V15_PLATFORM,
SBOM_METADATA_COMPONENT_TYPE_CYCLONE_DX_V15_OPERATING_SYSTEM,
SBOM_METADATA_COMPONENT_TYPE_CYCLONE_DX_V15_DEVICE,
SBOM_METADATA_COMPONENT_TYPE_CYCLONE_DX_V15_DEVICE_DRIVER,
SBOM_METADATA_COMPONENT_TYPE_CYCLONE_DX_V15_FIRMWARE,
SBOM_METADATA_COMPONENT_TYPE_CYCLONE_DX_V15_FILE,
SBOM_METADATA_COMPONENT_TYPE_CYCLONE_DX_V15_MACHINE_LEARNING_MODEL,
SBOM_METADATA_COMPONENT_TYPE_CYCLONE_DX_V15_DATA
Example:

"SBOM_METADATA_COMPONENT_TYPE_CYCLONE_DX_V15_APPLICATION"

metadataSupplier
object
ref
string

Branch to export SBOM for (Ex. ref=refs/pull/1234/merge).

Example:

"refs/pull/1234/merge"

repositoryId
string<uint64>

Repository ID to export SBOM for.

Example:

123

sbomOutputFormat
enum<string>

SBOM output format for the SBOM export.

valuedescription
SBOM_OUTPUT_FORMAT_JSON
Available options:
SBOM_OUTPUT_FORMAT_JSON,
SBOM_OUTPUT_FORMAT_CYCLONEDX
Example:

"SBOM_OUTPUT_FORMAT_JSON"

Response

200 - application/json

OK

taskToken
string

Task token for the SBOM export job.