Export SBOM
  • 21 Feb 2024
  • 1 Minute to read
  • Dark
  • PDF

Export SBOM

  • Dark
  • PDF

Article Summary

The Export SBOM is an endpoint in ProGet's SCA Directory API that can be used to generate an SBOM of project and release information of a project in ProGet.

šŸš€ Quick Example: Exporting SBOM with Curl

This example exports an SBOM of version 1.2.3 of a project myProject as an XML, authenticating with the API key abc12345:

curl -X GET -H "X-ApiKey: abc12345" "https://proget.corp.local/api/sca/export?project=myProject&version=1.2.3&format=xml"

Request Specification

To export an SBOM document, simply GET to the URL with an appropriate API Key.

GET /api/sca/export?project=Ā«projectNameĀ»&version=Ā«versionNumberĀ»&format=Ā«xml/jsonĀ»

Exporting an SBOM requires the project name (e.g. myProject) and the version (e.g. 1.2.3):

GET /api/sca/export?project=myProject&version=1.2.3&format=json

Response Specification

A successful (200) response body will contain an SBOM in either XML or JSON. For example, to exporting an SBOM of version 1.2.3 of myProject:

In JSON, the request would return:

  "bomFormat": "CycloneDX",
  "specVersion": "1.4",
  "metadata": {
    "timestamp": "2024-02-09T08:37:13Z",
    "tools": [
        "vendor": "Inedo",
        "name": "ProGet",
        "version": ""
    "component": {
      "type": "null",
      "name": "myProject",
      "version": "1.2.3",
      "description": "This is a test project",
      "licenses": []
  "components": [
      "type": "library",
      "name": "Newtonsoft.Json",
      "version": "13.0.3",
      "licenses": [
          "license": {
          "id": "MIT"
      "purl": "pkg:nuget/Newtonsoft.Json@13.0.3",
      "externalReferences": [
          "url": "https://proget.corp.local/packages/from-purl?purl=pkg%3anuget%2fNewtonsoft.Json%4013.0.3",
          "type": "website"

In XML, the request would return:

<?xml version="1.0" encoding="utf-8"?>
<bom xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://cyclonedx.org/schema/bom/1.4">
    <component type="Null">
      <description>This is a test project</description>
    <component type="library">
        <reference type="website">
200 (Success)body will contain the exported SBOM document in the specified format
404 (Project or Release Not Found)indicates that the specified project or release was not found
403 (Unauthorized API Key)indicates a missing, unknown, or unauthorized API Key; the body will be empty
500 (Server Error)indicates an unexpected error; the body will contain the message and stack trace, and this will also be logged

Was this article helpful?

What's Next