That one is still valid (it's for Tag/Value), the JSON one is here: https://www.iana.org/assignments/media-types/application/spdx+json
William From: Brandon Lum <[email protected]> Sent: Wednesday, September 28, 2022 6:18 AM To: William Bartholomew (CELA) <[email protected]> Cc: [email protected] Subject: [EXTERNAL] Re: [spdx-tech] OCI and ORAS Support for SBOM Awesome!!! I have a related question, although I feel like this question may have been asked before, but is there a process that's happening to specify an SPDX MIMEType? I found this but looks outdated (https://www.iana.org/assignments/media-types/text/spdx<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.iana.org%2Fassignments%2Fmedia-types%2Ftext%2Fspdx&data=05%7C01%7Cwillbar%40microsoft.com%7Cc742f2e2195045c8c8e208daa153e6d6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637999678980148255%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=T2XkcZ0S9xLL%2BpQwdA19IPtCL%2Bo3E5%2B3fbuvOdEJn2A%3D&reserved=0>) On Fri, Sep 23, 2022 at 2:17 PM William Bartholomew (CELA) via lists.spdx.org<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.spdx.org%2F&data=05%7C01%7Cwillbar%40microsoft.com%7Cc742f2e2195045c8c8e208daa153e6d6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637999678980148255%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Jsps0URSc%2FRlbEnIua2qWK9RIbi%2B8zI619aWeYE%2BXbU%3D&reserved=0> <[email protected]<mailto:[email protected]>> wrote: OCI and ORAS have added support for attaching SBOMs (or other related artifacts) to container images in a registry: https://oras.land/blog/oras-0.14-and-future/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Foras.land%2Fblog%2Foras-0.14-and-future%2F&data=05%7C01%7Cwillbar%40microsoft.com%7Cc742f2e2195045c8c8e208daa153e6d6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637999678980148255%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=oGPJDzcCHXFQfnWg8l1t04Q6rky0yEgodcDc6lM9xKk%3D&reserved=0> Their example<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Foras.land%2Fblog%2Foras-0.14-and-future%2F%23using-sbom-tool-to-generate-a-sbom&data=05%7C01%7Cwillbar%40microsoft.com%7Cc742f2e2195045c8c8e208daa153e6d6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637999678980148255%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=IRBm3v%2FNUfKT%2BK3afFqI5P67dw35TRyblNMXXWoeTak%3D&reserved=0> uses Microsoft's SBOM Tool to generate an SPDX SBOM and then the ORAS client to attach it to a container image in the registry. William -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4794): https://lists.spdx.org/g/Spdx-tech/message/4794 Mute This Topic: https://lists.spdx.org/mt/93876716/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
