TEA - Let the SBOM ride down the software supply chain!

The SBOM file is a carrier of software transparency data. It is meant to be shared across the borders of a software supply chain, together with other artefacts like VEX files, SCITT statements, IN-TOTO attestations and much more. The OWASP Transparency Exchange API is going to be a standard for this exchange with a focus on discovery and retrieval of these objects and as a second step, a way to reach and query actual data within objects. In this talk, you will get an overview of the TEA platform, a status update of how far the project has come towards writing enough specifications and starting to test implementations.