transparency-exchange-api icon indicating copy to clipboard operation
transparency-exchange-api copied to clipboard
Published 2 months ago verified publisher icon CycloneDX

TEA publishing in various eco systems

Open oej opened this issue 1 year ago • 0 comments

Should we open issues to discuss how publishing to TEA would look for various ecosystems?

As I stated before, a TEA publisher REST API is probably not required in the first TEA versions. For the Maven ecosystem I would expect TEA publishing to work as follows:

  1. User publish artifacts with a classifier of cyclonedx or sbom, as they do now.
  2. The Maven repository manager will expose those artifacts through some kind of additional TEA plugin. We probably should ask the main repository managers (Sonatype Nexus and JFrog) how they feel about exporting the current repository metadata through TEA.

Do we have any contacts with JFrog?

Originally posted by @ppkarwasz in #55

oej avatar Nov 18 '24 11:11 oej