{ "$schema": "https://json-schema.org/draft/2020-12/schema", "title": "SlsaSbomEvidenceBridgeSchema", "type": "object", "required": [ "stage", "source_stage", "schema_version", "producer_id", "source_git_commit", "schema_sha256", "evidence_sha256", "fail_closed", "supply_chain_artifacts" ], "properties": { "stage": { "const": 349 }, "source_stage": { "const": 348 }, "schema_version": { "type": "string" }, "producer_id": { "type": "string", "minLength": 1 }, "source_git_commit": { "type": "string", "minLength": 7 }, "schema_sha256": { "type": "string", "pattern": "^[a-fA-F0-9]{64}$" }, "evidence_sha256": { "type": "string", "pattern": "^[a-fA-F0-9]{64}$" }, "fail_closed": { "type": "boolean" }, "supply_chain_artifacts": { "type": "array", "minItems": 1, "items": { "type": "object", "required": [ "name", "source_stage", "artifact_type", "format", "sha256_present", "signature_present", "provenance_present", "policy_decision" ], "properties": { "name": { "type": "string" }, "source_stage": { "enum": [237, 238, 239, 240, 273] }, "artifact_type": { "enum": [ "sbom", "slsa_provenance", "artifact_attestation", "policy_gate", "ed25519_review_evidence", "vulnerability_scan_evidence" ] }, "format": { "enum": [ "SPDX", "CycloneDX", "SLSA-Provenance", "GitHub-Attestation", "Ed25519", "SHA256", "Policy-JSON", "Unknown" ] }, "sha256_present": { "type": "boolean" }, "signature_present": { "type": "boolean" }, "provenance_present": { "type": "boolean" }, "policy_decision": { "enum": ["accept", "pass", "reject", "fail", "unknown"] } } } } } }