Export SPDX SBOMs from any GitHub repository's dependency graph using the REST API or gh CLI. No build required — GitHub generates SBOMs from your existing Dependabot dependency graph.
SaaS platformSPDX
Run GitHub SBOM Export in CI
Scan on every push and upload the results to Vulnetix:
- name: Export GitHub dependency SBOM
run: |
gh api "/repos/${{ github.repository }}/dependency-graph/sbom" > sbom.spdx.json
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload SBOM to Vulnetix
run: vulnetix upload --file sbom.spdx.json
Centralise GitHub SBOM Export results in Vulnetix
Upload GitHub SBOM Export SPDX output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.