#release-contract
apiVersion: chainloop.dev/v1
kind: Contract
metadata:
  name: sbom-quality
  description: Contract for SBOM quality checks
spec:
  materials:
    # SBOMs will be uploaded to your artifact registry and referenced by digest in the attestation
    # Both SBOM_CYCLONEDX_JSON and SBOM_SPDX_JSON are supported
    - type: SBOM_CYCLONEDX_JSON
      name: sbom
  policyGroups:
    - ref: sbom-quality