GET /api/v1/admin/orgs/:slug/sbom
This page is auto-generated from
src/admin/routes.ts. Do not edit by hand — seedocs/dev/docs-auto-sync.md.
:warning: Heuristic extraction — not a contract. Response shapes below are mined from
c.json(...)literals in the handler via an AST walker. Computed fields, ternaries, and non-literal returns are shown as placeholders. Refer to the linked source file for the authoritative behaviour.
GET /api/v1/admin/orgs/:slug/sbom
Section titled “GET /api/v1/admin/orgs/:slug/sbom”Authentication
Section titled “Authentication”Requires the following capability(ies):
audit:r
Middleware
Section titled “Middleware”Other middleware observed on this route (heuristic):
requireCapability
Description
Section titled “Description”#336 — gated on audit:r. SBOM is computed from the audit_log served set, so the cap that unlocks audit reads also unlocks SBOM generation. Free-tier orgs without audit retention don’t get SBOMs — the body would be empty anyway, so the 403 is a friendlier failure than a hollow document.
Responses
Section titled “Responses”HTTP 404
Section titled “HTTP 404”{ "error": "Org not found"}HTTP 400
Section titled “HTTP 400”{ "error": <template-string>}HTTP 200
Section titled “HTTP 200”Shape not a JSON literal — passed through from a variable or expression. See source.
Source
Section titled “Source”- File:
src/admin/routes.ts - Line: 7609