New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mediatype for SPDX should be application/spdx+json #3515
Comments
Yes, media type for |
WDYT @haydentherapper ? |
Seems correct, just want to avoid any breaking changes on the verification path. |
No it will not affect verification. Currently we have 2 way to add SBOM, one is @haydentherapper , One thing I wanted to ask, basically |
We don't need to continue to support anything that's been deprecated. |
Ok, let's close it. |
Description
According to IANA registered, the mediatype for spdx JSON documents should be
application/spdx+json
Currently, it is set to "text/spdx+json" in
cosign/pkg/types/media.go
Line 30 in 493e6e2
cosign/specs/SBOM_SPEC.md
Line 122 in 493e6e2
Version
head
The text was updated successfully, but these errors were encountered: