Awesome!! Ty! On Wed, Sep 28, 2022 at 11:57 AM William Bartholomew (CELA) < [email protected]> wrote:
> That one is still valid (it’s for Tag/Value), the JSON one is here: > > https://www.iana.org/assignments/media-types/application/spdx+json > > > > William > > > > *From:* Brandon Lum <[email protected]> > *Sent:* Wednesday, September 28, 2022 6:18 AM > *To:* William Bartholomew (CELA) <[email protected]> > *Cc:* [email protected] > *Subject:* [EXTERNAL] Re: [spdx-tech] OCI and ORAS Support for SBOM > > > > Awesome!!! > > > > I have a related question, although I feel like this question may have > been asked before, but is there a process that's happening to specify an > SPDX MIMEType? I found this but looks outdated ( > https://www.iana.org/assignments/media-types/text/spdx > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.iana.org%2Fassignments%2Fmedia-types%2Ftext%2Fspdx&data=05%7C01%7Cwillbar%40microsoft.com%7Cc742f2e2195045c8c8e208daa153e6d6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637999678980148255%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=T2XkcZ0S9xLL%2BpQwdA19IPtCL%2Bo3E5%2B3fbuvOdEJn2A%3D&reserved=0> > ) > > > > On Fri, Sep 23, 2022 at 2:17 PM William Bartholomew (CELA) via > lists.spdx.org > <https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.spdx.org%2F&data=05%7C01%7Cwillbar%40microsoft.com%7Cc742f2e2195045c8c8e208daa153e6d6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637999678980148255%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Jsps0URSc%2FRlbEnIua2qWK9RIbi%2B8zI619aWeYE%2BXbU%3D&reserved=0> > <[email protected]> wrote: > > OCI and ORAS have added support for attaching SBOMs (or other related > artifacts) to container images in a registry: > > https://oras.land/blog/oras-0.14-and-future/ > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Foras.land%2Fblog%2Foras-0.14-and-future%2F&data=05%7C01%7Cwillbar%40microsoft.com%7Cc742f2e2195045c8c8e208daa153e6d6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637999678980148255%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=oGPJDzcCHXFQfnWg8l1t04Q6rky0yEgodcDc6lM9xKk%3D&reserved=0> > > > > Their example > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Foras.land%2Fblog%2Foras-0.14-and-future%2F%23using-sbom-tool-to-generate-a-sbom&data=05%7C01%7Cwillbar%40microsoft.com%7Cc742f2e2195045c8c8e208daa153e6d6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637999678980148255%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=IRBm3v%2FNUfKT%2BK3afFqI5P67dw35TRyblNMXXWoeTak%3D&reserved=0> > uses Microsoft’s SBOM Tool to generate an SPDX SBOM and then the ORAS > client to attach it to a container image in the registry. > > > > William > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4795): https://lists.spdx.org/g/Spdx-tech/message/4795 Mute This Topic: https://lists.spdx.org/mt/93876716/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
