You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: tools/sbom-diff-and-risk/docs/report-schema.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -130,8 +130,8 @@ not a CVE result. The same value appears at top level, in `summary`, and in
130
130
|`local_manifest_only`| The report was produced from local manifest-style inputs without SBOM input, policy matches, or enrichment evidence. |
131
131
|`sbom_present`| At least one input is an SBOM format such as CycloneDX JSON or SPDX JSON. |
132
132
|`policy_matched`| Local policy evaluation produced at least one blocking, warning, or suppressed policy match. |
133
-
|`enrichment_mocked`|Enrichment-shaped evidence is present without recorded live network access, or the report explicitly marks constructed snapshot evidence as mocked. |
134
-
|`enrichment_live`|Opt-in enrichment recorded live network access for PyPI provenance or OpenSSF Scorecard evidence. |
133
+
|`enrichment_recorded`|Optional non-provenance enrichment evidence, such as OpenSSF Scorecard evidence, was recorded for the report. |
134
+
|`provenance_recorded`|PyPI provenance evidence or provenance-enrichment metadata was recorded for the report. |
135
135
136
136
`summary.policy` appears only when a policy is applied. Absence of
137
137
`summary.policy` means policy was not used, not that policy evaluation failed.
0 commit comments