Getting Started: Manifest API

The Manifest API provides programmatic access to our SBOM management platform. You can integrate software supply chain security into your existing workflows using standard REST endpoints.

What You Can Do

Upload and manage SBOMs in CycloneDX and SPDX formats
Enrich SBOMs with vulnerability data and exploitability scoring
Automate compliance reporting for regulatory requirements
Integrate with CI/CD pipelines through our GitHub Actions and CLI tools
Manage products and organizations programmatically

Getting Started

Authentication

Generate an API key from your organization settings at app.manifestcyber.com. Include it in requests using:

Authorization: Bearer your-api-key
Content-Type: application/json

To adhere to security best practices, store API keys in the MANIFEST_API_KEY environment variable rather than hardcoding credentials. Manifest API tokens are limited in time length and we recommend rotating your API keys every month or shorter.

Instructions to generate API tokens can be found here: Creating API Keys

Quick Examples

Using the CLI:

# Upload an SBOM using the Manifest CLI
export MANIFEST_API_KEY=your-api-token
manifest-cli sbom ./ --publish

Using curl:

# Example API call (replace with actual endpoint)
curl -X GET "https://api.manifestcyber.com/v1/endpoint" \
  -H "Authorization: Bearer your-api-key" \
  -H "Content-Type: application/json"

Key Endpoints

Base URL: https://api.manifestcyber.com/v1

SBOM Management - Upload, merge, and organize SBOMs
Vulnerability Data - Get enriched vulnerability information
Products & Organizations - Manage your software inventory
Reports - Generate compliance and security reports

API Integration Resources

Manifest CLI - Command-line interface for all operations
GitHub Action - Automate SBOM generation in workflows
CircleCI Orb - Integration for CircleCI pipelines

Best Practices

Use environment variables for API keys (never hardcode)
Batch operations when possible for better performance