#vuln-scan-contract
schemaVersion: v1
materials:
  # SCA scans will be uploaded to your artifact registry and referenced by digest in the attestation
  # BLACKDUCK_SCA_JSON, SARIF, TWISTCLI_SCAN_JSON, GHAS_DEPENDENCY_SCAN
  # are supported
  - type: SARIF
    name: vuln-scan
policyGroups:
  - ref: vulnerability-management