inspectorscan/aws.sdk.kotlin.services.inspectorscan/InspectorScanClient/scanSbom

scanSbom

abstract suspend fun scanSbom(input: ScanSbomRequest): ScanSbomResponse

Scans a provided CycloneDX 1.5 SBOM and reports on any vulnerabilities discovered in that SBOM. You can generate compatible SBOMs for your resources using the Amazon Inspector SBOM generator.

The output of this action reports NVD and CVSS scores when NVD and CVSS scores are available. Because the output reports both scores, you might notice a discrepency between them. However, you can triage the severity of either score depending on the vendor of your choosing.

Samples

import aws.sdk.kotlin.services.inspectorscan.model.OutputFormat
import aws.smithy.kotlin.runtime.content.Document
import aws.smithy.kotlin.runtime.content.buildDocument

fun main() { 
   //sampleStart 
   // Sample ScanSbom Call
val resp = inspectorScanClient.scanSbom {
    outputFormat = OutputFormat.fromValue("CYCLONE_DX_1_5")
    sbom = buildDocument {
        "bomFormat" to Document("CycloneDX")
        "specVersion" to Document("1.5")
        "components" to Document(
            listOf(
                buildDocument {
                    "type" to Document("library")
                    "name" to Document("log4j-core")
                    "purl" to Document("pkg:maven/org.apache.logging.log4j/log4j-core@2.17.0")
                },

            )
        )
    }
} 
   //sampleEnd
}
© 2026, Amazon Web Services, Inc. or its affiliates. All rights reserved. Generated by dokka