SBOM API
Generate a Software Bill of Materials (SBOM) from a .NET project manifest.
POST /api/sbom
Request
curl -X POST https://rorix.io/api/sbom \
-H "Authorization: Bearer rxk_your_api_key_here" \
-H "Content-Type: application/json" \
-d '{
"content": "<Project Sdk=\"Microsoft.NET.Sdk\">\n <ItemGroup>\n <PackageReference Include=\"Newtonsoft.Json\" Version=\"13.0.3\" />\n <PackageReference Include=\"Serilog\" Version=\"3.1.1\" />\n </ItemGroup>\n</Project>",
"filename": "MyApp.csproj",
"format": "cyclonedx"
}'Parameters
| Parameter | Required | Type | Description |
| --- | --- | --- | --- |
| content | Yes | string | Contents of the project file |
| filename | Yes | string | Name of the file (used to determine parser) |
| format | No | string | SBOM format: cyclonedx (default) or spdx |
Response
The response body contains the generated SBOM document in the requested format.
CycloneDX responses are returned as JSON with Content-Type: application/json and include:
- BOM metadata (serial number, timestamp, tool information)
- Component list with names, versions, purls, and licenses
- Dependency graph
- Vulnerability references
SPDX responses are returned as JSON with Content-Type: application/json and include:
- Document creation information
- Package list with download locations and licenses
- Relationship descriptions
- External references
See the SBOM Formats page for a detailed comparison of the two formats.