naftiko: 1.0.0-alpha2 info: label: Snyk API — SBOM description: 'Snyk API — SBOM. 4 operations. Lead operation: Get a project’s SBOM document. Self-contained Naftiko capability covering one Snyk business surface.' tags: - Snyk - SBOM created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: SNYK_API_KEY: SNYK_API_KEY capability: consumes: - type: http namespace: rest-sbom baseUri: https://api.snyk.io/rest description: Snyk API — SBOM business capability. Self-contained, no shared references. resources: - name: orgs-org_id-projects-project_id-sbom path: /orgs/{org_id}/projects/{project_id}/sbom operations: - name: getsbom method: GET description: Get a project’s SBOM document outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: org_id in: path type: string description: Unique identifier for an organization required: true - name: project_id in: path type: string description: Unique identifier for a project required: true - name: orgs-org_id-sbom_tests path: /orgs/{org_id}/sbom_tests operations: - name: createsbomtestrun method: POST description: Create an SBOM test run (Early Access) outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: org_id in: path type: string description: Org ID required: true - name: body in: body type: object description: Request body (JSON). required: false - name: orgs-org_id-sbom_tests-job_id path: /orgs/{org_id}/sbom_tests/{job_id} operations: - name: getsbomteststatus method: GET description: Gets an SBOM test run status (Early Access) outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: org_id in: path type: string description: Org ID required: true - name: orgs-org_id-sbom_tests-job_id-results path: /orgs/{org_id}/sbom_tests/{job_id}/results operations: - name: getsbomtestresult method: GET description: Gets an SBOM test run result (Early Access) outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: org_id in: path type: string description: Org ID required: true authentication: type: bearer token: '{{env.SNYK_API_KEY}}' exposes: - type: rest namespace: rest-sbom-rest port: 8080 description: REST adapter for Snyk API — SBOM. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/orgs/{org-id}/projects/{project-id}/sbom name: orgs-org-id-projects-project-id-sbom description: REST surface for orgs-org_id-projects-project_id-sbom. operations: - method: GET name: getsbom description: Get a project’s SBOM document call: rest-sbom.getsbom with: org_id: rest.org_id project_id: rest.project_id outputParameters: - type: object mapping: $. - path: /v1/orgs/{org-id}/sbom-tests name: orgs-org-id-sbom-tests description: REST surface for orgs-org_id-sbom_tests. operations: - method: POST name: createsbomtestrun description: Create an SBOM test run (Early Access) call: rest-sbom.createsbomtestrun with: org_id: rest.org_id body: rest.body outputParameters: - type: object mapping: $. - path: /v1/orgs/{org-id}/sbom-tests/{job-id} name: orgs-org-id-sbom-tests-job-id description: REST surface for orgs-org_id-sbom_tests-job_id. operations: - method: GET name: getsbomteststatus description: Gets an SBOM test run status (Early Access) call: rest-sbom.getsbomteststatus with: org_id: rest.org_id outputParameters: - type: object mapping: $. - path: /v1/orgs/{org-id}/sbom-tests/{job-id}/results name: orgs-org-id-sbom-tests-job-id-results description: REST surface for orgs-org_id-sbom_tests-job_id-results. operations: - method: GET name: getsbomtestresult description: Gets an SBOM test run result (Early Access) call: rest-sbom.getsbomtestresult with: org_id: rest.org_id outputParameters: - type: object mapping: $. - type: mcp namespace: rest-sbom-mcp port: 9090 transport: http description: MCP adapter for Snyk API — SBOM. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: get-project-s-sbom-document description: Get a project’s SBOM document hints: readOnly: true destructive: false idempotent: true call: rest-sbom.getsbom with: org_id: tools.org_id project_id: tools.project_id outputParameters: - type: object mapping: $. - name: create-sbom-test-run-early description: Create an SBOM test run (Early Access) hints: readOnly: true destructive: false idempotent: false call: rest-sbom.createsbomtestrun with: org_id: tools.org_id body: tools.body outputParameters: - type: object mapping: $. - name: gets-sbom-test-run-status description: Gets an SBOM test run status (Early Access) hints: readOnly: true destructive: false idempotent: true call: rest-sbom.getsbomteststatus with: org_id: tools.org_id outputParameters: - type: object mapping: $. - name: gets-sbom-test-run-result description: Gets an SBOM test run result (Early Access) hints: readOnly: true destructive: false idempotent: true call: rest-sbom.getsbomtestresult with: org_id: tools.org_id outputParameters: - type: object mapping: $.