Skip to main content
Software supply chain security requires transparent, machine-readable compliance artifacts. The Binarly API enables you to programmatically generate industry-standard reports for auditing, vulnerability disclosure, and post-quantum cryptography readiness assessment.

​
Available Reports

ReportPurposeDocumentation
SBOMSoftware Bill of Materials - inventory of all software componentsSBOM Report
VEXVulnerability Exploitability - communicate which vulnerabilities are actionableVEX Report
CBOMCryptographic Bill of Materials - inventory of crypto assetsCBOM Report
PQCPost-Quantum Cryptography Compliance - readiness for quantum threatsPQC Report
FindingsSecurity Findings - comprehensive security analysis resultsFindings Report

​
Use Case: Regulatory Compliance

When preparing for regulatory submissions (e.g., FDA, EU Cyber Resilience Act), you typically need:
  1. SBOM - Required by most regulations to demonstrate software transparency
  2. VEX - Demonstrates how you’re addressing known vulnerabilities
  3. PQC Report - Shows cryptographic posture for quantum readiness

​
Use Case: Continuous Compliance in CI/CD

Integrate compliance artifact generation into your release pipeline:
  1. Upload binary image β†’ Upload Image
  2. Wait for scan completion β†’ List Scans
  3. Download artifacts β†’ Individual report endpoints above

​
Use Case: Third-Party Audits

For supply chain audits:
  1. Generate SBOM for software inventory
  2. Generate CBOM for cryptographic material inventory
  3. Generate Findings Report for security posture overview

​
Automation Script

Download all compliance artifacts for a binary image: 
#!/bin/bash
set -e

# Configuration (set these environment variables)
# BINARLY_API_URL, BINARLY_PRODUCT_ID, TOKEN
IMAGE_ID="${1:?Usage: $0 <image-id>}"
OUTPUT_DIR="./compliance-artifacts"

mkdir -p "$OUTPUT_DIR"

echo "Downloading compliance artifacts for image: $IMAGE_ID"

# See individual report endpoints for full options:
# - /api-reference/report/sbom-report
# - /api-reference/report/vex-report
# - /api-reference/report/cbom-report
# - /api-reference/report/pqc-report
# - /api-reference/report/findings-report

BASE="${BINARLY_API_URL}/api/v4/products/${BINARLY_PRODUCT_ID}/images/${IMAGE_ID}"

curl -s -H "Authorization: Bearer ${TOKEN}" "${BASE}/sbomReport:cycloneDX?contentType=json" -o "${OUTPUT_DIR}/sbom.json"
curl -s -H "Authorization: Bearer ${TOKEN}" "${BASE}/vexReport:openVEX" -o "${OUTPUT_DIR}/vex.json"
curl -s -H "Authorization: Bearer ${TOKEN}" "${BASE}/cbomReport:cycloneDX" -o "${OUTPUT_DIR}/cbom.json"
curl -s -H "Authorization: Bearer ${TOKEN}" "${BASE}/cryptographicMaterialsReport?mode=pqc-compliance&contentType=json" -o "${OUTPUT_DIR}/pqc.json"
curl -s -H "Authorization: Bearer ${TOKEN}" "${BASE}/findingsReport:pdf?mode=full" -o "${OUTPUT_DIR}/findings.pdf"

echo "βœ“ Artifacts saved to: $OUTPUT_DIR"
API Reference User Guides