We maintain a few SBoMs and they change regularly.
It is impossible for us to manually update these in Vulmatch.
How can I automate this process?
This is not too difficult if you have the products in CPE format.
You can pass them as a list to /v1/sbom/add-cpes/ like so
curl -X 'POST' \
'https://api.vulmatch.com/v1/sbom/add-cpes/' \
-H 'accept: application/json' \
-H 'API-KEY: HIDDEN \
-H 'Content-Type: application/json' \
-d '{
"cpes": [
"cpe:2.3:a:01generator:pireospay:-:*:*:*:*:prestashop:*:*",
"cpe:2.3:a:01generator:pireospay:1.7.9:*:*:*:*:prestashop:*:*"
]
}'
In terms of updates, you have two options.
You can delete CPEs as they are removed…
curl -X 'POST' \
'https://api.vulmatch.com/v1/sbom/remove-cpes/' \
-H 'accept: application/json' \
-H 'API-KEY: HIDDEN' \
-H 'Content-Type: application/json' \
-d '{
"cpes": [
"cpe:2.3:a:01generator:pireospay:-:*:*:*:*:prestashop:*:*"
]
}'
I suspect you might not track this very easily. The other option is to remove everything and then add it, the best workflow for this would be:
- GET
/v1/sbom - Using the CPEs returned, POST
v1/sbom/remove-cpes/with the list - Using the current CPE list you have, add the current list using POST
v1/sbom/add-cpes/