transparency-exchange-api
transparency-exchange-api copied to clipboard
CycloneDX
A standard API specification for exchanging CycloneDX BOMs
The current URL semantics for retrieving a BOM uses query parameters: ``` bom-retrieval-url = system-url "?" bom-identifier-query bom-identifier-query = "bomIdentifier=" bom-identifier bom-identifier = *( pchar / "/" / "?" )...
Hello 👋. I have quickly reviewed the spec draft here and noticed that only CycloneDX and SPDX are identified. Is SWID, more specifically the compact CBOR alterntive [in IETF RFC9393](https://datatracker.ietf.org/doc/rfc9393/)...
This allows polling for latest version of a BOM without having to retrieve it entirely.
A Bom Post API should accept a Bom payload as Base64 (URL Safe) encoded format. Dependency track application also accepts Bom JSON as Base64 Encoded data. Project CycloneDX/cyclonedx-bom-repo-server implemented Post...
Are you considering an endpoint that could be given a PURL and return a list of `bom-identifiers` for SBOMs that describe that PURL? It might also be useful to have...
As a user, i do not know the URN of the SBOM I want to retrieve. This specification should define how I can determine the URN for an SBOM I...
We need to reference [MUD](https://datatracker.ietf.org/doc/html/rfc8520) in the spec and provide a statement that says the BOM Exchange API is compatible with MUD, possibly providing an example of interop.