Support for SPDX in SBOM Test APIs Beta

We’re pleased to share that Snyk's SBOM Test APIs now support SPDX.

Software Package Data Exchange (SPDX) is part of The Linux Foundation® and described as "an open standard for communicating software bill of material information, including provenance, license, security, and other related information".

As a developer, you can now test SPDX 2.3 JSON documents for vulnerabilities. There is no need to specify this in your request, Snyk will automatically detect the SBOM format and test accordingly. This release adds to our existing support for CycloneDX — ensuring you can use both of the leading SBOM specifications.

As always, we’re excited to hear your feedback. Please reach out if you have any questions.