Test an SBOM using the Snyk CLI

We are very pleased to announce that you can now use the Snyk CLI to scan CycloneDX and SPDX SBOM files!

Snyk has enabled SBOM testing via the API for a while. Adding this to the CLI makes it significantly easier to test SBOMs produced using other tools, or SBOMs received from 3rd-party vendors.

To get started install Snyk CLI v1.1290 or above, and run the following command (using your actual SBOM file name 😉).

snyk sbom test --experimental --file=bom.cdx.json

This feature is in Open Beta, the following SBOM formats are currently supported.

• CycloneDX: JSON version 1.4 and 1.5

• SPDX: JSON version 2.3

See snyk help or Snyk User Docs for more usage details 🙌