Upload a local SBOM json file and retrieve a unique URL to access it anytime:

curl -T someSBOM.json

To retrieve the SBOM data, you can use the curl command as below using your unique URL:


Alternatively, you can also retrieve the SBOM data by visiting the URL using your browser:


Currently only CycloneDX JSON SBOMs are supported. To upload SBOM files make sure they have the CycloneDX json format.

Create an SBOM and share it

You can effortlessly create and share an SBOM using in one step. Check out these examples::

Local repository using trivy

trivy fs . -f cyclonedx -q | curl -d @- -H "Content-Type: application/json"

Container image using trivy, i. e. Postgres

trivy image postgres -f cyclonedx --scanners vuln -q | curl -d @- -H "Content-Type: application/json"

Container image using syft

syft -o cyclonedx-json -q | curl -d @- -H "Content-Type: application/json"

Container image using grype

grype -o cyclonedx-json -q | curl -d @- -H "Content-Type: application/json"

Acceptable Use Policy

Please do not post any information that may violate the law (login/password lists, email lists, personal information). IP addresses are logged, so you might get banned.

Life span of a single SBOM is one month. Older SBOMs are deleted.