Python Example

You will need a CLI that can produce and consume SCITT transparent statements. This one supports RFC9162 and json, and is 🚧 EXPERIMENTAL 🚧.

npm i -g @transmute/cli

pip install cyclonedx-bom

Create a cyclonedx sbom in xml format.

cyclonedx-py -i  artifacts/requirements.txt -r --output artifacts/_manifest/artifact.cdx.xml

Sign the sbom, register the signature, attach the receipt to the signature, produce a transparent statement.

./script.sh

Provide feedback