> ## Documentation Index > Fetch the complete documentation index at: https://docs.binarly.io/llms.txt > Use this file to discover all available pages before exploring further. # Compliance Artifacts > Generate SBOMs, VEX, CBOM, and PQC compliance reports for supply chain security. Software supply chain security requires transparent, machine-readable compliance artifacts. The Binarly API enables you to programmatically generate industry-standard reports for auditing, vulnerability disclosure, and post-quantum cryptography readiness assessment. ## Available Reports | Report | Purpose | Documentation | | ------------ | ------------------------------------------------------------------------------- | -------------------------------------------------------- | | **SBOM** | Software Bill of Materials - inventory of all software components | [SBOM Report](/api-reference/report/sbom-report) | | **VEX** | Vulnerability Exploitability - communicate which vulnerabilities are actionable | [VEX Report](/api-reference/report/vex-report) | | **CBOM** | Cryptographic Bill of Materials - inventory of crypto assets | [CBOM Report](/api-reference/report/cbom-report) | | **PQC** | Post-Quantum Cryptography Compliance - readiness for quantum threats | [PQC Report](/api-reference/report/pqc-report) | | **Findings** | Security Findings - comprehensive security analysis results | [Findings Report](/api-reference/report/findings-report) | ## Use Case: Regulatory Compliance When preparing for regulatory submissions (e.g., FDA, EU Cyber Resilience Act), you typically need: 1. **SBOM** - Required by most regulations to demonstrate software transparency 2. **VEX** - Demonstrates how you're addressing known vulnerabilities 3. **PQC Report** - Shows cryptographic posture for quantum readiness ## Use Case: Continuous Compliance in CI/CD Integrate compliance artifact generation into your release pipeline: 1. Upload binary image → [Upload Image](/api-reference/image/upload-image) 2. Wait for scan completion → [List Scans](/api-reference/scan/list-scans) 3. Download artifacts → Individual report endpoints above ## Use Case: Third-Party Audits For supply chain audits: 1. Generate **SBOM** for software inventory 2. Generate **CBOM** for cryptographic material inventory 3. Generate **Findings Report** for security posture overview ## Automation Script Download all compliance artifacts for a binary image: ```bash theme={null} #!/bin/bash set -e # Configuration (set these environment variables) # BINARLY_API_URL, BINARLY_PRODUCT_ID, TOKEN IMAGE_ID="${1:?Usage: $0 }" OUTPUT_DIR="./compliance-artifacts" mkdir -p "$OUTPUT_DIR" echo "Downloading compliance artifacts for image: $IMAGE_ID" # See individual report endpoints for full options: # - /api-reference/report/sbom-report # - /api-reference/report/vex-report # - /api-reference/report/cbom-report # - /api-reference/report/pqc-report # - /api-reference/report/findings-report BASE="${BINARLY_API_URL}/api/v4/products/${BINARLY_PRODUCT_ID}/images/${IMAGE_ID}" curl -s -H "Authorization: Bearer ${TOKEN}" "${BASE}/sbomReport:cycloneDX?contentType=json" -o "${OUTPUT_DIR}/sbom.json" curl -s -H "Authorization: Bearer ${TOKEN}" "${BASE}/vexReport:openVEX" -o "${OUTPUT_DIR}/vex.json" curl -s -H "Authorization: Bearer ${TOKEN}" "${BASE}/cbomReport:cycloneDX" -o "${OUTPUT_DIR}/cbom.json" curl -s -H "Authorization: Bearer ${TOKEN}" "${BASE}/cryptographicMaterialsReport?mode=pqc-compliance&contentType=json" -o "${OUTPUT_DIR}/pqc.json" curl -s -H "Authorization: Bearer ${TOKEN}" "${BASE}?contentType=pdf&imageFields=findings" -o "${OUTPUT_DIR}/findings.pdf" echo "✓ Artifacts saved to: $OUTPUT_DIR" ``` ## Related **API Reference** * [CI/CD Integration](/api-reference/use-cases/cicd/overview) * [Triage & Analysis](/api-reference/use-cases/triage-and-analysis) **User Guides** * [SBOM Export Guide](/user-guides/export/sbom) - UI walkthrough and use cases * [VEX Export Guide](/user-guides/export/vex) - Vulnerability disclosure workflows * [CBOM Export Guide](/user-guides/export/cbom) - Cryptographic inventory * [PQC Compliance Guide](/user-guides/export/pqc) - Detailed report contents and generation