specification icon indicating copy to clipboard operation
specification copied to clipboard
Published 1 month ago verified publisher icon CycloneDX

`organizationalContact` enhancements

Open prabhu opened this issue 1 year ago • 0 comments

Consider enhancing organizationalContact to support the following:

  • public gpg key bom-ref - This is especially useful to verify publishers and identify all components published with the same key. Tools must first create a component of type cryptographic-asset and use that bom-ref in the contact attribute
  • tags - Tags such as maintainer or git user ids can help locate the contact and their published components faster

prabhu avatar Apr 13 '24 19:04 prabhu