#vuln-scan-contract
apiVersion: chainloop.dev/v1
kind: Contract
metadata:
  name: vulnerability-management
  description: Contract for vulnerability scanning and management
spec:
  materials:
    # SCA scans will be uploaded to your artifact registry and referenced by digest in the attestation
    # BLACKDUCK_SCA_JSON, SARIF, TWISTCLI_SCAN_JSON, GHAS_DEPENDENCY_SCAN
    # are supported
    - type: SARIF
      name: vuln-scan
  policyGroups:
    - ref: vulnerability-management