ScanSbom
Scans a provided CycloneDX 1.5 SBOM and reports on any vulnerabilities discovered in that SBOM. You can generate compatible SBOMs for your resources using the Amazon Inspector SBOM generator.
Note
The output of this action reports NVD and CVSS scores when NVD and CVSS scores are available. Because the output reports both scores, you might notice a discrepency between them. However, you can triage the severity of either score depending on the vendor of your choosing.
Request Syntax
POST /scan/sbom HTTP/1.1
Content-type: application/json
{
"outputFormat": "string
",
"sbom": JSON value
}
URI Request Parameters
The request does not use any URI parameters.
Request Body
The request accepts the following data in JSON format.
- outputFormat
-
The output format for the vulnerability report.
Type: String
Valid Values:
CYCLONE_DX_1_5 | INSPECTOR
Required: No
- sbom
-
The JSON file for the SBOM you want to scan. The SBOM must be in CycloneDX 1.5 format. This format limits you to passing 2000 components before throwing a
ValidException
error.Type: JSON value
Required: Yes
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"sbom": JSON value
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- sbom
-
The vulnerability report for the scanned SBOM.
Type: JSON value
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
You do not have sufficient access to perform this action.
HTTP Status Code: 403
- InternalServerException
-
The request processing has failed because of an unknown error, exception or failure.
HTTP Status Code: 500
- ThrottlingException
-
The request was denied due to request throttling.
HTTP Status Code: 429
- ValidationException
-
The request has failed validation due to missing required fields or having invalid inputs.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: