Skip to content

Commit 6834354

Browse files
oejoej
authored
Merge pull request #146 from ppkarwasz/fix/artifact-types
feat: trim down TEA Artifact types
2 parents f669ed8 + 1554ba1 commit 6834354

File tree

2 files changed

+29
-45
lines changed

2 files changed

+29
-45
lines changed

spec/openapi.yaml

Lines changed: 11 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -498,49 +498,17 @@ components:
498498
type: string
499499
description: Specifies the type of external reference.
500500
enum:
501-
- vcs
502-
- issue-tracker
503-
- website
504-
- advisories
505-
- bom
506-
- mailing-list
507-
- social
508-
- chat
509-
- documentation
510-
- support
511-
- source-distribution
512-
- distribution
513-
- distribution-intake
514-
- license
515-
- build-meta
516-
- build-system
517-
- release-notes
518-
- security-contact
519-
- model-card
520-
- log
521-
- configuration
522-
- evidence
523-
- formulation
524-
- attestation
525-
- threat-model
526-
- adversary-model
527-
- risk-assessment
528-
- vulnerability-assertion
529-
- exploitability-statement
530-
- pentest-report
531-
- static-analysis-report
532-
- dynamic-analysis-report
533-
- runtime-analysis-report
534-
- component-analysis-report
535-
- maturity-report
536-
- certification-report
537-
- codified-infrastructure
538-
- quality-metrics
539-
- poam
540-
- electronic-signature
541-
- digital-signature
542-
- rfc-9116
543-
- other
501+
- ATTESTATION
502+
- BOM
503+
- BUILD_META
504+
- CERTIFICATION
505+
- FORMULATION
506+
- LICENSE
507+
- RELEASE_NOTES
508+
- SECURITY_TXT
509+
- THREAT_MODEL
510+
- VULNERABILITIES
511+
- OTHER
544512
artifact-format:
545513
type: object
546514
description: A security-related document in a specific format

tea-collection/tea-collection.md

Lines changed: 18 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -128,7 +128,7 @@ The TEA Artifact object has the following parts:
128128
- __uuid__: UUID of the TEA Artifact object.
129129
- __name__: Artifact name.
130130
- __type__: Type of artifact.
131-
See [TEA Artifact types](../tea-artifact/tea-artifact.md) for a list.
131+
See [TEA Artifact types](#tea-artifact-types) for a list.
132132
- __formats__: List of objects with the same content, but in different formats.
133133
The order of the list has no significance.
134134
- __mime_type__: The MIME type of the document
@@ -142,7 +142,7 @@ The TEA Artifact object has the following parts:
142142

143143
### The reason for TCO update enum
144144

145-
| ENUM | Explanation |
145+
| ENUM | Description |
146146
|------------------|----------------------------------------|
147147
| INITIAL_RELEASE | Initial release of the collection |
148148
| VEX_UPDATED | Updated the VEX artifact(s) |
@@ -153,6 +153,22 @@ The TEA Artifact object has the following parts:
153153
Updates of VEX (CSAF) files may be handled in a different way by a TEA client,
154154
producing different alerts than other changes of a collection.
155155

156+
### TEA Artifact types
157+
158+
| ENUM | Description |
159+
|-----------------|-------------------------------------------------------------------------------------|
160+
| ATTESTATION | Machine-readable statements containing facts, evidence, or testimony. |
161+
| BOM | Bill of Materials: SBOM, OBOM, HBOM, SaaSBOM, etc. |
162+
| BUILD_META | Build-system specific metadata file: `pom.xml`, `package.json`, `.nuspec`, etc. |
163+
| CERTIFICATION | Industry, regulatory, or other certification from an accredited certification body. |
164+
| FORMULATION | Describes how a component or service was manufactured or deployed. |
165+
| LICENSE | License file |
166+
| RELEASE_NOTES | Release notes document |
167+
| SECURITY_TXT | A `security.txt` file |
168+
| THREAT_MODEL | A threat model |
169+
| VULNERABILITIES | A list of vulnerabilities: VDR/VEX |
170+
| OTHER | Document that does not fall into any of the above categories |
171+
156172
### Examples
157173

158174
```json

0 commit comments

Comments
 (0)