You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+12-12Lines changed: 12 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -32,16 +32,16 @@ tags in the repository as well as in the slack channel.
32
32
## Introduction
33
33
34
34
This specification defines a standard, format agnostic, API for the exchange of
35
-
product related artifacts, like BOMs, between systems. The work includes:
35
+
product related artefacts, like BOMs, between systems. The work includes:
36
36
37
37
-[Discovery of servers](/discovery/readme.md): Describes discovery using the Transparency Exchange Identifier (TEI)
38
-
- Retrieval of artifacts
39
-
- Publication of artifacts
38
+
- Retrieval of artefacts
39
+
- Publication of artefacts
40
40
- Authentication and authorization
41
41
- Querying
42
42
43
43
System and tooling implementors are encouraged to adopt this API standard for
44
-
sending/receiving transparency artifacts between systems.
44
+
sending/receiving transparency artefacts between systems.
45
45
This will enable more widespread
46
46
"out of the box" integration support in the BOM ecosystem.
47
47
@@ -58,24 +58,24 @@ The working group has produced a list of use cases and requirements for the prot
58
58
-[TEA Product](tea-product/tea-product.md): An optional higher-level object that groups a set of Product Releases for a product line or family. Products can be discovered and browsed; releases are accessed via `/product/{uuid}/releases`.
59
59
-[TEA Component](tea-component/tea-component.md): Represents a component lineage. A Component is a collection of Component Releases (accessible via `/component/{uuid}/releases`).
60
60
-[TEA Release](/tea-component/tea-release.md: A Component Release object. Each Component Release may have its own TEA Collection.
61
-
-[TEA Collection](tea-collection/tea-collection.md): A versioned list of artifacts for a specific Release (Component Release) or Product Release. Collections are versioned to indicate changes, e.g., an updated VEX or corrected SBOM.
62
-
-[TEA Artifacts](tea-artifact/tea-artifact.md): Files associated with a Collection. A single Artifact can appear in multiple Collections.
61
+
-[TEA Collection](tea-collection/tea-collection.md): A versioned list of artefacts for a specific Release (Component Release) or Product Release. Collections are versioned to indicate changes, e.g., an updated VEX or corrected SBOM.
62
+
-[TEA Artefacts](tea-artifact/tea-artifact.md): Files associated with a Collection. A single Artefact can appear in multiple Collections.
63
63
64
-
## artifacts available of the API
64
+
## Artefacts available of the API
65
65
66
-
The Transparency Exchange API (TEA) supports publication and retrieval of a set of transparency exchange artifacts. The API itself should not be restricting the types of the artifacts. A few examples:
66
+
The Transparency Exchange API (TEA) supports publication and retrieval of a set of transparency exchange artefacts. The API itself should not be restricting the types of the artefacts. A few examples:
67
67
68
68
### xBOM
69
69
70
-
Bill of materials for any type of component and service are supported. This includes, but is not limited to, SBOM, HBOM, AI/ML-BOM, SaaSBOM, and CBOM. The API provides a BOM format agnostic way of publishing, searching, and retrieval of xBOM artifacts.
70
+
Bill of materials for any type of component and service are supported. This includes, but is not limited to, SBOM, HBOM, AI/ML-BOM, SaaSBOM, and CBOM. The API provides a BOM format agnostic way of publishing, searching, and retrieval of xBOM artefacts.
71
71
72
72
### CDXA
73
73
74
-
Standards and requirements along with attestations to those standards and requirements are captured and supported by CycloneDX Attestations (CDXA). Much like xBOM, these are supply chain artifacts that are captured allowing for consistent publishing, searching, and retrieval.
74
+
Standards and requirements along with attestations to those standards and requirements are captured and supported by CycloneDX Attestations (CDXA). Much like xBOM, these are supply chain artefacts that are captured allowing for consistent publishing, searching, and retrieval.
75
75
76
76
### VDR/VEX
77
77
78
-
Vulnerability Disclosure Reports (VDR) and Vulnerability Exploitability eXchange (VEX) are supported artifact types. Like the xBOM element, the VDR/VEX support is format agnostic. However, CSAF has its own distribution requirements that may not be compatible with APIs. Therefore, the initial focus will be on CycloneDX (VDR and VEX) and OpenVEX.
78
+
Vulnerability Disclosure Reports (VDR) and Vulnerability Exploitability eXchange (VEX) are supported artefact types. Like the xBOM element, the VDR/VEX support is format agnostic. However, CSAF has its own distribution requirements that may not be compatible with APIs. Therefore, the initial focus will be on CycloneDX (VDR and VEX) and OpenVEX.
79
79
80
80
### CLE
81
81
@@ -105,7 +105,7 @@ Contributors are listed in the [Contributors](contributors.md) file.
105
105
- API: Application programming interface
106
106
- Authorization (authz):
107
107
- Authentication (authn):
108
-
- Collection: A set of artifacts representing a version of a product
108
+
- Collection: A set of artefacts representing a version of a product
109
109
- Product: An item sold or delivered under one name
0 commit comments