You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Transparency Exchange API (TEA) is being worked on within the CycloneDX community
12
-
with the goal to standardise the API in ECMA. A working group within ECMA TC54 has been
13
-
formed - TC54 TG1. The working group has a slack channel in the CycloneDX slack space.
11
+
The Transparency Exchange API (TEA) is being worked on within the ECMA TC54 tg 1
12
+
with the goal to standardise the API in ECMA.
13
+
The working group has a slack channel in the CycloneDX slack space.
14
14
15
15

16
16
@@ -23,17 +23,20 @@ We encourage developers to start with both client and server implementations of
23
23
participate in interoperability tests. These will be organised both as hackathons and
24
24
informally using the Slack channel.
25
25
26
-
There will likely be multiple beta releases. We will announce these by adding new
27
-
tags in the repository as well as in the slack channel.
28
26
29
-
Priority issues for Beta 3:
27
+
Priority issues for v1.0:
30
28
- Refinement of distribution types and distributionType fields, see https://github.com/CycloneDX/transparency-exchange-api/issues/198
31
29
- CLE Spec needs to be integrated in TEA
32
30
- E2e poc of authn/z workflow with TEA consumer spec, including consumer spec adjustment to better support authn/z
33
31
- Compliance document workflow, see https://github.com/CycloneDX/transparency-exchange-api/issues/205
34
32
35
33
## Introduction
36
34
35
+
The TEA API is created to support automation of the software supply chain. Upstream
36
+
vendors and open source projects can use this standard to keep downstream consumers
37
+
up to date with transparency artefacts such as, but not limited to, bill of materials,
38
+
VEX files, attestations and much more.
39
+
37
40
This specification defines a standard, format agnostic, API for the exchange of
38
41
product related artefacts, like BOMs, between systems. The work includes:
39
42
@@ -67,7 +70,7 @@ The working group has produced a list of use cases and requirements for the prot
67
70
68
71
The Transparency Exchange API (TEA) supports publication and retrieval of a set of transparency exchange artefacts. The API itself should not be restricting the types of the artefacts. A few examples:
69
72
70
-
### xBOM
73
+
### *xBOM
71
74
72
75
Bill of materials for any type of component and service are supported. This includes, but is not limited to, SBOM, HBOM, AI/ML-BOM, SaaSBOM, and CBOM. The API provides a BOM format agnostic way of publishing, searching, and retrieval of xBOM artefacts.
73
76
@@ -92,6 +95,8 @@ Much of the focus on Software Transparency from the U.S. Government and others c
92
95
93
96
Insights allows for “limited transparency” that can be asked and answered using an expression language that can be tightly scoped or outcome-driven. Insights also removes the complexities of BOM format conversion away from the consumers. An object model derived from CycloneDX will be an integral part of this API, since the objects within CycloneDX are self-contained (thus API friendly) and the specification supports all the necessary xBOM types along with CDXA.
94
97
98
+
Insights will be integrated into the API after the 1.0 release.
99
+
95
100
## Presentations and videos
96
101
97
102
- You can find presentations in the repository in the [Presentations](/presentations) directory
@@ -105,8 +110,8 @@ Contributors are listed in the [Contributors](contributors.md) file.
105
110
## Terminology
106
111
107
112
- API: Application programming interface
108
-
- Authorization (authz):
109
-
- Authentication (authn):
113
+
- Authorization (authz): Which products/components that a user has the right to access
114
+
- Authentication (authn): Credentials to get authorization
110
115
- Collection: A set of artefacts representing a version of a product
111
116
- Product: An item sold or delivered under one name
0 commit comments