Improved SBOM testing is now available in Early Access 🎉

We are excited to share that we've made several improvements to how you test CycloneDX and SPDX SBOM files with Snyk, now available in Early Access for Snyk Open Source and Snyk Container.

These changes give you greater feature parity and a more consistent experience across your CLI testing workflows.

Here's what you can expect in Snyk CLI version 1.1302.0 and greater:

• The snyk sbom test command no longer requires the use of the --experimental option.

• You can now use previously unsupported options, including --severity-threshold, --reachability, --reachability-filter. These additions provide more granular control over your SBOM scanning results.

• Findings are returned by default in a human readable output and now include any applicable enrichments such as Reachability, Policy, Ignores, and Fix Advice.

• When you use the --json option, findings will be returned in a new JSON schema.

• We've also introduced clearer error messages, helping you quickly understand and resolve issues if Snyk is unable to test your SBOM file.

To minimize disruption to your workflows, we recommend reviewing your current integration and making any necessary changes prior to updating.

For those using Snyk CLI versions 1.1301.0 and below, the --experimental flag remains supported, and findings are returned in the previous format.

For more details, please refer to our User Docs.