Get an Application Version SBOM - AnchoreCTL

Run the anchorectl application sbom <application_name>@<application_version> (e.g., anchorectl application sbom [email protected]) command to download a combined software bill of materials (SBOM) for all components and supply-chain elements of an application in native Syft JSON format. This lets you easily archive the components, or provide them to others for verification process compliance requirements. The data structure includes the version and version metadata for the application version, along with the SBOMs for each associated artifact in a JSON array.

To filter the results by artifact type, add the argument –-type <source,image> to the end of the command.

Note: Applications with multiple image/source artifacts associated may result in a very large SBOM.

Last modified June 5, 2025