# Import SBOM and create a new project (Dependencies - SCA)

Imports an SBOM and creates a new project as part of the process. The SBOM scan is queued for asynchronous processing. Supported formats: SPDX (JSON/XML), CycloneDX (JSON/XML).

Endpoint: POST /api/v3.0/applications/{applicationUuid}/dependencies/projects/importSbom
Version: 3.0
Security: bearer-key

## Path parameters:

  - `applicationUuid` (string, required)
    Application UUID (Administration > Applications)

## Request fields (multipart/form-data):

  - `projectName` (string, required)
    Name of the project to create under this application

  - `projectDescription` (string)
    Optional project description

  - `sbomFile` (string, required)
    The SBOM file to upload (SPDX or CycloneDX). Only one file per request.

## Response 201 fields (application/json):

  - `supportToken` (string)
    Support token for tracking
    Example: "1171c60d"

  - `project` (object)
    Project information

  - `project.uuid` (string)
    Example: "123e4567-e89b-12d3-a456-426655440000"

  - `project.name` (string)
    Example: "My Project"

  - `project.path` (string)
    Example: "My Application"

  - `project.applicationName` (string)
    Example: "My Application"

  - `project.applicationUuid` (string)
    Example: "123e4567-e89b-12d3-a456-426655440000"

  - `scan` (object)
    Scan information

  - `scan.scanUuid` (string)
    Scan identifier
    Example: "45e0c7f0-2a64-4a1c-bb2b-22e1c4f02126"

  - `scan.createdAt` (string)
    Scan creation timestamp
    Example: "2025-10-27T18:50:05Z"

  - `link` (object)
    Log Link

  - `link.logs` (string)
    Link to scan logs
    Example: "/api/v3.0/projects/{projectUuid}/scans/{scanUuid}/dependencies/SBOM/logs"

## Response 400 fields (*/*):

  - `supportToken` (string)
    Example: "1171c60d"

## Response 404 fields (application/json):

  - `supportToken` (string)
    Example: "1171c60d"

  - `response` (object)