diff --git a/schema/bom-1.7.proto b/schema/bom-1.7.proto
index 999dccba..24e781d2 100644
--- a/schema/bom-1.7.proto
+++ b/schema/bom-1.7.proto
@@ -320,6 +320,8 @@ enum ExternalReferenceType {
EXTERNAL_REFERENCE_TYPE_RFC_9116 = 41;
// Reference to release notes
EXTERNAL_REFERENCE_TYPE_RELEASE_NOTES = 42;
+ // The URL to the latest TEA Collection on a Transparency Exchange API server.
+ EXTERNAL_REFERENCE_TYPE_TEA_COLLECTION = 43;
}
enum HashAlg {
diff --git a/schema/bom-1.7.schema.json b/schema/bom-1.7.schema.json
index 60459495..f53fcf09 100644
--- a/schema/bom-1.7.schema.json
+++ b/schema/bom-1.7.schema.json
@@ -1805,6 +1805,7 @@
"electronic-signature",
"digital-signature",
"rfc-9116",
+ "tea-collection",
"other"
],
"meta:enum": {
@@ -1850,6 +1851,7 @@
"electronic-signature": "An e-signature is commonly a scanned representation of a written signature or a stylized script of the person's name.",
"digital-signature": "A signature that leverages cryptography, typically public/private key pairs, which provides strong authenticity verification.",
"rfc-9116": "Document that complies with [RFC 9116](https://www.ietf.org/rfc/rfc9116.html) (A File Format to Aid in Security Vulnerability Disclosure)",
+ "tea-collection": "The URL to the latest TEA Collection on a Transparency Exchange API server.",
"other": "Use this if no other types accurately describe the purpose of the external reference."
}
},
diff --git a/schema/bom-1.7.xsd b/schema/bom-1.7.xsd
index dfc9eaa5..0c4dc816 100644
--- a/schema/bom-1.7.xsd
+++ b/schema/bom-1.7.xsd
@@ -1578,6 +1578,11 @@ limitations under the License.
Document that complies with RFC-9116 (A File Format to Aid in Security Vulnerability Disclosure)
+
+
+ The URL to the latest TEA Collection on a Transparency Exchange API server.
+
+
Use this if no other types accurately describe the purpose of the external reference
diff --git a/tools/src/test/resources/1.7/valid-external-reference-1.7.json b/tools/src/test/resources/1.7/valid-external-reference-1.7.json
index 6b9895a3..ee8f63fa 100644
--- a/tools/src/test/resources/1.7/valid-external-reference-1.7.json
+++ b/tools/src/test/resources/1.7/valid-external-reference-1.7.json
@@ -208,6 +208,10 @@
"type": "rfc-9116",
"url": "http://example.com/extref/rfc-9116"
},
+ {
+ "type": "tea-collection",
+ "url": "https://example.com/tea/v1/release/3f92c28c-13c9-4e32-8d5b-5f8ae77ef265/collection"
+ },
{
"type": "other",
"url": "http://example.com/extref/other"
diff --git a/tools/src/test/resources/1.7/valid-external-reference-1.7.textproto b/tools/src/test/resources/1.7/valid-external-reference-1.7.textproto
index 06117b3a..fd5c3620 100644
--- a/tools/src/test/resources/1.7/valid-external-reference-1.7.textproto
+++ b/tools/src/test/resources/1.7/valid-external-reference-1.7.textproto
@@ -202,6 +202,10 @@ components {
type: EXTERNAL_REFERENCE_TYPE_RFC_9116
url: "http://example.com/extref/rfc-9116"
}
+ external_references {
+ type: EXTERNAL_REFERENCE_TYPE_TEA_COLLECTION
+ url: "https://example.com/tea/v1/release/3f92c28c-13c9-4e32-8d5b-5f8ae77ef265/collection"
+ }
external_references {
type: EXTERNAL_REFERENCE_TYPE_OTHER
url: "http://example.com/extref/other"
diff --git a/tools/src/test/resources/1.7/valid-external-reference-1.7.xml b/tools/src/test/resources/1.7/valid-external-reference-1.7.xml
index f46368b1..08e2051d 100644
--- a/tools/src/test/resources/1.7/valid-external-reference-1.7.xml
+++ b/tools/src/test/resources/1.7/valid-external-reference-1.7.xml
@@ -70,6 +70,7 @@
http://example.com/extref/electronic-signature
http://example.com/extref/digital-signature
http://example.com/extref/rfc-9116
+ https://example.com/tea/v1/release/3f92c28c-13c9-4e32-8d5b-5f8ae77ef265/collection
http://example.com/extref/other