> ## Documentation Index > Fetch the complete documentation index at: https://docs.codeant.ai/llms.txt > Use this file to discover all available pages before exploring further. # Get SBOM Results > Retrieves the Software Bill of Materials (SBOM) results for a specific repository and commit ## OpenAPI ````yaml /openapi.json post /api/analysis/results/sbom openapi: 3.0.3 info: title: CodeAnt AI API description: >- API for code analysis (SAST, SCA, secrets, IaC) and developer productivity metrics. Supports GitHub, GitLab, Bitbucket, and Azure DevOps. version: 1.0.0 servers: - url: https://api.codeant.ai description: Production server security: [] tags: - name: Analysis description: Code analysis operations - name: Agent Analysis description: >- AI-powered agent analysis operations. Uses LLM-based code exploration agents to perform deep security threat hunting, bug finding, and custom analysis with reflection-based false positive filtering. - name: Developer Metrics — Teams description: >- Manage developer teams: create, update, delete teams and manage team membership. Teams are used to organize developers and scope metrics. - name: Developer Metrics description: >- Developer productivity and activity metrics: active developers, PR throughput, individual comparisons, and AI-generated summaries. All endpoints support GitHub, GitLab, Bitbucket, and Azure DevOps. paths: /api/analysis/results/sbom: post: tags: - Analysis summary: Get SBOM Results description: >- Retrieves the Software Bill of Materials (SBOM) results for a specific repository and commit operationId: getSBOMResults requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SBOMRequest' examples: github: summary: GitHub repository example value: repo: owner/repository commit_id: abc123def456 access_token: ghp_xxxxxxxxxxxx service: github responses: '200': description: SBOM results retrieved successfully content: application/json: schema: $ref: '#/components/schemas/SBOMResponse' example: results: rootFolder: /mnt/lambda/owner/repository/abc123def456 timestamp: null sboms: - language: Python sourceFile: /tmp/requirements.txt packages: - name: requests version: 2.28.0 licenseDeclared: Apache-2.0 licenseConcluded: Apache-2.0 licenseReason: NOASSERTION licenseStandard: true copyleftStrength: permissive policyLevel: allow policyNote: 'Permissive license: keep license and notices' spdxId: Apache-2.0 packagesCount: 1 status: done commit_id: abc123def456 '401': description: Invalid access token content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' example: error: Access token invalid '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' example: error: Error retrieving SBOM results components: schemas: SBOMRequest: type: object required: - repo - access_token - service properties: repo: type: string description: Repository identifier (format varies by service) example: owner/repository commit_id: type: string description: >- Git commit SHA or identifier. Either commit_id or branch is required. If both are provided, commit_id takes precedence. example: abc123def456 branch: type: string description: >- Git branch name. When provided without commit_id, the service resolves the latest commit from scan history for this branch. Either commit_id or branch is required. example: main access_token: type: string description: Authentication token for the service example: ghp_xxxxxxxxxxxx service: type: string description: Version control service provider enum: - github - azuredevops - gitlab - bitbucket example: github gitlab_base_url: type: string description: Base URL for the service (optional for GitHub, required for GitLab) example: https://gitlab.com SBOMResponse: type: object description: >- Software Bill of Materials (SBOM) response containing package and license information properties: results: type: object description: SBOM analysis results properties: rootFolder: type: string description: Root folder path where the analysis was performed example: /mnt/lambda/owner/repository/abc123def456 timestamp: type: string nullable: true description: Timestamp of the analysis example: null sboms: type: array description: List of SBOM entries for different languages items: type: object properties: language: type: string description: Programming language of the packages example: Python sourceFile: type: string description: Source file containing package information example: /tmp/superRequirements.txt packages: type: array description: List of packages found in the source file items: type: object properties: name: type: string description: Package name example: '@alloc/quick-lru' version: type: string description: Package version or hash example: 5.2.0 licenseDeclared: type: string description: Declared license for the package example: MIT licenseConcluded: type: string description: Concluded license after analysis example: MIT licenseReason: type: string description: Reason for license determination example: NOASSERTION licenseStandard: type: boolean description: Whether the license is a standard license example: true copyleftStrength: type: string description: Copyleft strength classification enum: - permissive - weak - strong - proprietary_or_unknown example: permissive policyLevel: type: string description: Policy compliance level enum: - allow - review - deny example: allow policyNote: type: string description: Notes about policy requirements example: 'Permissive license: keep license and notices' spdxId: type: string nullable: true description: SPDX identifier for the license example: MIT badTerms: type: array description: List of concerning license terms items: type: object properties: tag: type: string description: Tag identifying the concerning term example: modifications_must_be_public start: type: integer description: Start position of the term in license text example: 246 end: type: integer description: End position of the term in license text example: 268 evidence: type: string description: Excerpt of the concerning text example: >- out limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell co packagesCount: type: integer description: Total number of packages found example: 1 status: type: string description: Status of the SBOM analysis enum: - pending - processing - done - failed example: done commit_id: type: string description: Git commit SHA that was analyzed example: abc123def456 ErrorResponse: type: object properties: error: type: string description: Error message ````