github.com/noqcks/syft@v0.0.0-20230920222752-a9e2c4e288e5/schema/json/vnd.syft+json

github.com/noqcks/syft@v0.0.0-20230920222752-a9e2c4e288e5/schema/json/vnd.syft+json (about)

     1  (registered 2021-11-05, last updated 2021-11-05)
     2  
     3  Media type name: application
     4  Media subtype name: vnd.syft+json
     5  
     6  Required parameters: N/A
     7  
     8  Optional parameters:
     9  version
    10  
    11  The version parameter refers to the Syft specification version in use.
    12  
    13  version = 1*DIGIT "." 1*DIGIT "." 1*DIGIT
    14  
    15  Encoding considerations: binary
    16  This media type has all of the same encoding considerations of
    17  application/json as described in [RFC8259]
    18  
    19  
    20  Security considerations:
    21  This media type has all of the same security
    22  considerations of application/json as described in [RFC8259].
    23  
    24  Depending on the operational context of the device or software being described by the SBOM there may be additional security requirements. These may include but are not limited to, encryption at rest, encryption in transit, and restrictions on the transmission of the SBOM to 3rd parties. These additional requirements are considered out of scope for the specification. They will typically be enforced by contract or copyright terms.
    25  
    26  
    27  Interoperability considerations:
    28  This media type has the same interoperability considerations of application/json as described in [RFC8259].
    29  
    30  Published specification:
    31  The specification can be found on the main Syft GitHub repository under the schema directory https://github.com/anchore/syft/blob/main/schema/json
    32  
    33  Applications which use this media:
    34  This media type is used to specify a software bill of materials.
    35  It will be used by tools that produce SBOMs either during the software build process or as a result of software composition analysis.
    36  
    37  It will also be used by tools that consume SBOMs for software
    38  supply chain, component, supplier, license, and vulnerability
    39  analysis.
    40  
    41  Fragment identifier considerations:
    42  N/A
    43  
    44  Restrictions on usage:
    45  N/A
    46  
    47  Provisional registration? (standards tree only):
    48  N/A
    49  
    50  Additional information:
    51  
    52  1. Deprecated alias names for this type: N/A
    53  2. Magic number(s): N/A
    54  3. File extension(s): .syft.json
    55  4. Macintosh file type code: N/A
    56  5. Object Identifiers: N/A
    57  
    58  General Comments:
    59  
    60  
    61  Person to contact for further information:
    62  
    63  1. Name: Dan Luhring
    64  2. Email: dan.luhring@anchore.com
    65  
    66  Intended usage: Common
    67  The Syft SBOM format is an open-source software bill of materials specification. It is intended to be exchanged between different parties of the software supply chain.
    68  
    69  
    70  Author/Change controller: Dan Luhring, on behalf of Anchore