Usage

Upload a local SBOM json file and retrieve a unique URL to access it anytime:

curl -T someSBOM.json https://sbom.sh

To retrieve the SBOM data, you can use the curl command as below using your unique URL:

curl https://sbom.sh/78389675-0358-46e5-81c7-04186dbfb8a8

Alternatively, you can also retrieve the SBOM data by visiting the URL using your browser:

https://sbom.sh/78389675-0358-46e5-81c7-04186dbfb8a8

Requirements

Currently only CycloneDX JSON SBOMs are supported. To upload SBOM files make sure they have the CycloneDX json format.

Create an SBOM and share it

You can effortlessly create and share an SBOM using SBOM.sh in one step. Check out these examples::

Local repository using trivy

trivy fs . -f cyclonedx -q | curl -d @- https://sbom.sh -H "Content-Type: application/json"

Container image using trivy, i. e. Postgres

trivy image postgres -f cyclonedx --scanners vuln -q | curl -d @- https://sbom.sh -H "Content-Type: application/json"

Container image using syft

syft registry:docker.io/postgres -o cyclonedx-json -q | curl -d @- https://sbom.sh -H "Content-Type: application/json"

Container image using grype

grype registry:docker.io/postgres -o cyclonedx-json -q | curl -d @- https://sbom.sh -H "Content-Type: application/json"

Acceptable Use Policy

Please do not post any information that may violate the law (login/password lists, email lists, personal information). IP addresses are logged, so you might get banned.

Life span of a single SBOM is one month. Older SBOMs are deleted.