Skip to content
/Applications - SBOM Scans

Mend API (3.0)

Mend's enhanced API enables automation of workflows in a REST compliant format. The API features:

  • Access for any user with Mend credentials, via a user key available in the user's profile page in the Mend Platform.
  • Improved security with a JWT token per organization, which expires every 30 minutes.
  • Added scalability with support for cursor pagination and limiting results size.
  • Broader functionality available programmatically.
  • New standard API documentation for easy navigation and search.

If you have a dedicated instance of Mend, contact your Mend representative to access this API on your instance.

Note: To help you get started with the Mend API 3.0, we recommend reviewing our onboarding guide -> Getting Started with API 3.0. This resource covers initial setup, authentication instructions, and helpful tips to help you successfully begin working with the Mend API 3.0.

Download OpenAPI description
3.0.json
3.0.yaml
Languages
Servers
Generated server url
https://baseUrl

Access Management

Operations

Administration - Groups

Operations

Administration - Users

Operations

Administration - Labels

Operations

Reports

Operations

Scans

Operations

Projects

Operations

Applications

Operations

Findings - Project

Operations

Findings - Scan

Operations

User Management - Permissions

Operations

Integrations

Operations

Source Files

Operations

Reports - Account

Operations

Applications - SBOM Scans

Operations

Trigger SBOM Scan (creates project)

Request

Upload a single SBOM file, associate it with an application, and automatically create a new project. The SBOM scan is queued for asynchronous processing. Supported formats: SPDX (JSON/XML), CycloneDX (JSON/XML).

Security
bearer-key
Path
applicationIdentifierstringrequired

Application UUID (Administration > Applications)

Bodymultipart/form-data
projectNamestringrequired

Name of the project to create under this application

projectDescriptionstring

Optional project description

sbomFilestring(binary)required

The SBOM file to upload (SPDX or CycloneDX). Only one file per request.

multipart/form-data
{
  "projectName": "string",
  "projectDescription": "string",
  "sbomFile": "string"
}

Responses

SBOM scan successfully created and queued

Bodyapplication/json
supportTokenstring

Support token for tracking

Example: "1171c60d"
projectobject(ProjectDTOV3)

Project information

scanobject(SbomScanInfoDTO)

Scan information

linkobject(SbomScanLinksDTO)

Log Link

Response
application/json
{
  "supportToken": "1171c60d",
  "project": {
    "uuid": "123e4567-e89b-12d3-a456-426655440000",
    "name": "My Project",
    "path": "My Application",
    "applicationName": "My Application",
    "applicationUuid": "123e4567-e89b-12d3-a456-426655440000"
  },
  "scan": {
    "scanUuid": "45e0c7f0-2a64-4a1c-bb2b-22e1c4f02126",
    "createdAt": "2025-10-27T18:50:05Z"
  },
  "link": {
    "logs": "/api/v3.0/projects/{projectUuid}/scans/{scanUuid}/dependencies/SBOM/logs"
  }
}

Projects - SBOM Scans

Operations

Scans - SBOM

Operations

AI

Operations

Red Team

Operations