As a member of the community promoting software supply chain transparency, you will find below the necessary information to make your process a breeze.

How to transfer information for your indicator ?

Step 1: Retrieve the SBOM corresponding to your software version in CycloneDX json format. We have prepared detailed instructions for each environment.

Step 2: Post the SBOM of your software version. Use the following template, replacing all the parts in gray with your personal information:

curl --request PUT '' \
     --header 'ApiKey: your-secret-token' \
     --form 'versionName="your-version-name"' \
     --form 'description="Some description of the changes associated with the version"' \
     --form 'sbom=@"/path/to/the/sbom"'

Hint: Include once those steps in your build automation pipeline

How to include your indicator on your website ?

Step 1: Place this script on your page once. Ideally just before the </body> tag

<script src="" async defer crossorigin="anonymous"></script>

Step 2: Place this html code wherever you want the indicator to appear on you page, replacing all parts in gray

<div class="software-health-indicator" data-software="your-application-id" data-version="your-version-name"><a href="" style="display: none;"></a></div>

Hint: Targeting a specific version is useful on a version history page of your website. Anywhere else you would probably use the latest version only. To get automatically the latest version, just leave your-version-name empty.

How to include your indicator in markdown on GitHub ?

Place the following in your markdown, replacing all parts in gray

[<img src="" alt="Software health indicator" title="Open detail" height="140px"/>](

Hint: Github is doing heavy image caching which is out of our control. You might have to add some random string after latest? (for eg: latest?nonce=20230323) to force image refresh.

We are here to support you. Contact us for any questions.