Hi! I’m part of the group in OWASP that defines an open API for customers to discover and access transparency artifacts like SBOM, VEX and other documentation for a given product and version of software. The API will be agnostic to type of SBOM or VEX and will be part of the ECMA standardisation that just approved CycloneDX. The API is called TEA - The transparency Exchange API.
We are currently developing this API. You can find many documents on our github repo, including the use cases and our first drafts at defining the various objects and operations. We will hopefully have an OpenAPI spec of the API as part of our work. https://github.com/CycloneDX/transparency-exchange-api Our next meeting is this wednesday July 31st at 16:00 CET using Zoom. If you’re interested in participating contact me for details. We have a slack channel in the OWASP CycloneDX slack space for general discussion. It is important that we have a generic API that can be used by all the platforms to automatically find and access the documents needed. Join me in this work! I’d be happy to talk about this in an SPDX community meeting if you’re interested. Regards, /Olle -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1890): https://lists.spdx.org/g/spdx/message/1890 Mute This Topic: https://lists.spdx.org/mt/107607249/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
