In artifacts--claims-evidence.md, evidence is described as optional supporting information for a claim.
The claim is the "fips.compliance":"true", with the supporting evidence of an sbom.
Rather than requiring SCITT to understand that abstraction, SCITT understands one level deep. The user would first submit the SBOM, then a separate claim that understands how to link to the SBOM that's already in the ledger.
In artifacts--claims-evidence.md, evidence is described as optional supporting information for a claim.
The claim is the
"fips.compliance":"true", with the supporting evidence of an sbom.Rather than requiring SCITT to understand that abstraction, SCITT understands one level deep. The user would first submit the SBOM, then a separate claim that understands how to link to the SBOM that's already in the ledger.