Ossprey OpenAPI Overview

You can use the Ossprey OpenAPI spec to submit SBOMs (software bills of materials), generate SBOMs from Package URLs (PURLs), track scan progress, and retrieve vulnerability findings.

Submit an SBOM

Send an SBOM to Ossprey for scanning.

Check scan status

Track queued and running scans.

Get scan results

Retrieve one SBOM with its scans, vulnerabilities, and findings.

Generate an SBOM

Create an SBOM from a Package URL.

Start here

Open Submit an SBOM for scanning to review the request body and response format.
Use Get the current status of a queued/running scan after submission to track progress.
Read Get one SBOM with all its scans, vulnerabilities and findings to inspect completed results.
Use List all SBOMs for the API-key holder to review previously submitted SBOMs.

What you can do with the API

Submit an SBOM for analysis.
Generate an SBOM from a Package URL.
Poll scan status for queued and running work.
Retrieve SBOMs, vulnerabilities, and findings.
Delete an SBOM along with its scans and vulnerability records.
Confirm an alert email address via a one-time token.

Additional endpoints

List all SBOMs

Browse submitted SBOMs and their latest scan status.

Delete an SBOM

Remove an SBOM together with its scans and vulnerability records.

POST scan status

Use the POST variant if your client submits status checks to /scans/status.