transparency-exchange-api icon indicating copy to clipboard operation
transparency-exchange-api copied to clipboard
Published 2 months ago verified publisher icon CycloneDX

Should `formats` within an Artifact Collection be flattened?

Open madpah opened this issue 7 months ago • 2 comments

  • mimeType tells us the format

There was a side discussion as to whether Artifact type is enough - as it does not allow us to understand which BOM is the SBOM for example.

Noting that various BOMs can have multiple purposes - i.e. a BOM can be both an SBOM, VDR and VEX. Some might just be an SBOM with VEX/VDR in a separate artifact.

madpah avatar May 28 '25 10:05 madpah

I didn't think mimeType was used anymore as mime was specific to SMTP. Should be mediaType IMO. CycloneDX v2.0 is changing mime-type on a component to mediaType.

stevespringett avatar May 28 '25 10:05 stevespringett

Yes, it's named Internet Media Types since a very long time.

https://www.iana.org/assignments/media-types/media-types.xhtml

oej avatar Jun 02 '25 12:06 oej