SBOM Attestor
The SBOM attestor records the contents of any products that are valid CycloneDX or SPDX json files. The SBOM file is parsed and the contents are recorded in the attestation.
Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://github.com/in-toto/go-witness/attestation/sbom/sbom-attestor",
"$ref": "#/$defs/SBOMAttestor",
"$defs": {
"SBOMAttestor": {
"properties": {
"SBOMDocument": true
},
"additionalProperties": false,
"type": "object",
"required": [
"SBOMDocument"
]
}
}
}