Upload a local SBOM json file and retrieve a unique URL to access it anytime:
curl -T someSBOM.json https://sbom.sh
To retrieve the SBOM data, you can use the curl
command as below using your unique URL:
curl https://sbom.sh/78389675-0358-46e5-81c7-04186dbfb8a8
Alternatively, you can also retrieve the SBOM data by visiting the URL using your browser:
https://sbom.sh/78389675-0358-46e5-81c7-04186dbfb8a8
Currently only CycloneDX JSON SBOMs are supported. To upload SBOM files make sure they have the CycloneDX json format.
You can effortlessly create and share an SBOM using SBOM.sh in one step. Check out these examples::
Local repository using trivy
trivy fs . -f cyclonedx -q | curl -d @- https://sbom.sh -H "Content-Type: application/json"
Container image using trivy, i. e. Postgres
trivy image postgres -f cyclonedx --scanners vuln -q | curl -d @- https://sbom.sh -H "Content-Type: application/json"
Container image using syft
syft registry:docker.io/postgres -o cyclonedx-json -q | curl -d @- https://sbom.sh -H "Content-Type: application/json"
Container image using grype
grype registry:docker.io/postgres -o cyclonedx-json -q | curl -d @- https://sbom.sh -H "Content-Type: application/json"
Please do not post any information that may violate the law (login/password lists, email lists, personal information). IP addresses are logged, so you might get banned.
Life span of a single SBOM is one month. Older SBOMs are deleted.