You can enable TEA from your workspace settings. TEA requires a Business plan or higher.
Walkthrough
What is TEA?
The Transparency Exchange API (TEA) is a standardized, format-agnostic API for automating software supply chain transparency. Developed within ECMA TC54, it provides a standard way for vendors and open-source projects to share transparency artifacts with downstream consumers.
TEA goes beyond just SBOMs. It supports sharing a range of artifact types:
- SBOMs - Software Bill of Materials
- VEX/VDR - Vulnerability exploitability and disclosure reports
- CLE - Common Lifecycle Enumeration (ECMA-428)
- CDXA - CycloneDX Attestations for standards compliance
- HBOM, AI/ML-BOM, SaaSBOM, CBOM - Hardware, AI/ML, SaaS, and Cryptography BOMs
Instead of manually exchanging files via email or portals, TEA lets consumers programmatically discover and retrieve artifacts for any product release using a standard API.
Enabling TEA
TEA is available on the Business plan and above.
To enable it:
- Navigate to your workspace Settings
- Go to the TEA section
- Toggle TEA on
- Configure your TEA endpoint settings
Once enabled, your published SBOMs become discoverable via the TEA protocol, making it easy for customers and partners to access your transparency data automatically.