chainloop-dev
diff --git a/‎README.md‎
Lines changed: 4 additions & 1 deletion b/‎README.md‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎app/controlplane/api/gen/frontend/workflowcontract/v1/crafting_schema.ts‎
Lines changed: 32 additions & 14 deletions b/‎app/controlplane/api/gen/frontend/workflowcontract/v1/crafting_schema.ts‎
Lines changed: 32 additions & 14 deletions
diff --git a/‎app/controlplane/api/workflowcontract/v1/crafting_schema.pb.go‎
Lines changed: 52 additions & 37 deletions b/‎app/controlplane/api/workflowcontract/v1/crafting_schema.pb.go‎
Lines changed: 52 additions & 37 deletions
diff --git a/‎app/controlplane/api/workflowcontract/v1/crafting_schema.proto‎
Lines changed: 6 additions & 3 deletions b/‎app/controlplane/api/workflowcontract/v1/crafting_schema.proto‎
Lines changed: 6 additions & 3 deletions
diff --git a/‎docs/docs/reference/operator/contract.mdx‎
Lines changed: 4 additions & 1 deletion b/‎docs/docs/reference/operator/contract.mdx‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎go.mod‎
Lines changed: 1 addition & 1 deletion b/‎go.mod‎
Lines changed: 1 addition & 1 deletion
@@ -126,11 +126,14 @@ Chainloop supports the collection of the following pieces of evidence types:
 - [Container Image Reference](https://github.com/opencontainers/image-spec)
 - [CycloneDX SBOM](https://github.com/CycloneDX/specification)
 - [SPDX SBOM](https://spdx.dev/specifications/)
-- [CSAF VEX](https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html)
 - [OpenVEX](https://github.com/openvex)
 - [SARIF](https://docs.oasis-open.org/sarif/sarif/v2.1.0/)
 - [JUnit](https://www.ibm.com/docs/en/developer-for-zos/14.1?topic=formats-junit-xml-format)
 - [Helm Chart](https://helm.sh/docs/topics/charts/)
+- [CSAF Security Incident Report](https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#42-profile-2-security-incident-response)
+- [CSAF Informational Advisory](https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#43-profile-3-informational-advisory)
+- [CSAF Security Advisory](https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#44-profile-4-security-advisory)
+- [CSAF VEX](https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#45-profile-5-vex)
 - Attestation: existing Chainloop attestations.
 - Artifact Type: It represents a software artifact.
 - Custom Evidence Type: Custom piece of evidence that doesn't fit in any other category, for instance, an approval report in json format, etc.
 
@@ -78,19 +78,22 @@ message CraftingSchema {
       JUNIT_XML = 6;
       // https://github.com/openvex/spec
       OPENVEX = 7;
-      // https://docs.oasis-open.org/csaf/csaf/v2.0/cs03/csaf-v2.0-cs03.html
-      CSAF_VEX = 8;
       // Static analysis output format
       // https://github.com/microsoft/sarif-tutorials/blob/main/docs/1-Introduction.md
-      SARIF = 9;
       HELM_CHART = 10;
+      SARIF = 9;
 
       // Pieces of evidences represent generic, additional context that don't fit
       // into one of the well known material types. For example, a custom approval report (in json), ...
       EVIDENCE = 11;
 
       // Chainloop attestation coming from a different workflow.
       ATTESTATION = 12;
+      // https://docs.oasis-open.org/csaf/csaf/v2.0/cs03/csaf-v2.0-cs03.html
+      CSAF_VEX = 8;
+      CSAF_INFORMATIONAL_ADVISORY = 13;
+      CSAF_SECURITY_ADVISORY = 14;
+      CSAF_SECURITY_INCIDENT_RESPONSE = 15;
     }
   }
 }
 
@@ -51,11 +51,14 @@ Chainloop supports the collection of the following pieces of evidence types:
 - [Container Image Reference](https://github.com/opencontainers/image-spec)
 - [CycloneDX SBOM](https://github.com/CycloneDX/specification)
 - [SPDX SBOM](https://spdx.dev/specifications/)
-- [CSAF VEX](https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html)
 - [OpenVEX](https://github.com/openvex)
 - [SARIF](https://docs.oasis-open.org/sarif/sarif/v2.1.0/)
 - [JUnit](https://www.ibm.com/docs/en/developer-for-zos/14.1?topic=formats-junit-xml-format)
 - [Helm Chart](https://helm.sh/docs/topics/charts/)
+- [CSAF Security Incident Report](https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#42-profile-2-security-incident-response)
+- [CSAF Informational Advisory](https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#43-profile-3-informational-advisory)
+- [CSAF Security Advisory](https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#44-profile-4-security-advisory)
+- [CSAF VEX](https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#45-profile-5-vex)
 - Attestation: existing Chainloop attestations.
 - Artifact Type: It represents a software artifact.
 - Custom Evidence Type: Custom piece of evidence that doesn't fit in any other category, for instance, an approval report in json format, etc.
 
@@ -226,7 +226,7 @@ require (
 	github.com/gorilla/mux v1.8.1
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/go-plugin v1.4.10
 	github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect