You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The idea behind a BOM Meta endpoint is to provide format, hash, and external signature information.
The BOM Meta retrieval would work similar to the existing BOM retrieval, but would return metadata rather than the BOM itself.
bom-meta-url = system-url "/" bom-identifier
bom-identifier = segment
; an identifier that uniquely identifies a BOM
; NOTE: MUST be appropriately URI encoded
; segment as defined in RFC3986
As an example, here's a snippet response for what I'm thinking about being returned:
The idea behind a BOM Meta endpoint is to provide format, hash, and external signature information.
The BOM Meta retrieval would work similar to the existing BOM retrieval, but would return metadata rather than the BOM itself.
As an example, here's a snippet response for what I'm thinking about being returned:
I think
alg
should be an enum with only those supported algorithms.As for signatures, it would be ideal if we could support external signature files, signature services (e.g sigstore), and external inline.
The text was updated successfully, but these errors were encountered: