Join the discussion within GitHub Community

Tue, Apr 14 · 4:00 PM UTC 2 min read

Compiled by KHAO Editorial — aggregated from 1 outlet. See llms.txt for citation guidance.

★ Tier-1 Source

A Dependency graph page with a Download SBOM button for the octocats/goggle-shop repository.

Software Bill of Materials (SBOM) exports from repository pages and new API endpoints are now asynchronous operations.

Key facts

GET /repos/{owner}/{repo}/dependency-graph/sbom/fetch-report/{sbom-uuid}: This returns a 201 until the report is ready for download, at which point it will perform a 302 redirect to the actual
Software Bill of Materials (SBOM) exports from repository pages and new API endpoints are now asynchronous operations
To use the new UI, navigate to a repository’s Insights tab, click Dependency Graph, then click Export SBOM
Previously, navigating to a repository’s dependency graph page and clicking the Export SBOM button, or requesting an SBOM from the /repos/{owner}/{repo}/dependency-graph/sbom REST API

Summary

Now, there’s a new web experience which polls for job completion and new API endpoints to match. For API access, there are two new endpoints which work together to provide asynchronous access to SBOMs:. GET /repos/{owner}/{repo}/dependency-graph/sbom/generate-report: This returns a URL containing a unique identifier, {sbom-uuid}, indicating the service has started working on the request. GET /repos/{owner}/{repo}/dependency-graph/sbom/fetch-report/{sbom-uuid}: This returns a 201 until the report is ready for download, at which point it will perform a 302 redirect to the actual contents of the SBOM.

Read full article at GitHub Blog →

#GitHub