From 86e515c6e15f0d9bc2cc9cb8253165f8176f6ce6 Mon Sep 17 00:00:00 2001 From: Arnaud J Le Hors Date: Mon, 17 Oct 2022 17:37:40 +0200 Subject: [PATCH] Update CycloneDX predicate This is in line with the decision from the CycloneDX project: https://github.com/in-toto/attestation/issues/82#issuecomment-1280983953 This resolves an incompatibility between cosign and syft. Signed-off-by: Arnaud J Le Hors --- in_toto/model.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/in_toto/model.go b/in_toto/model.go index 12a3a6a8..e22b79da 100644 --- a/in_toto/model.go +++ b/in_toto/model.go @@ -82,7 +82,7 @@ const ( // version. PredicateSPDX = "https://spdx.dev/Document" // PredicateCycloneDX represents a CycloneDX SBOM - PredicateCycloneDX = "https://cyclonedx.org/schema" + PredicateCycloneDX = "https://cyclonedx.org/bom" // PredicateLinkV1 represents an in-toto 0.9 link. PredicateLinkV1 = "https://in-toto.io/Link/v1" )