You will need a CLI that can produce and consume SCITT transparent statements. This one supports RFC9162 and json, and is 🚧 EXPERIMENTAL 🚧.
npm i -g @transmute/clibrew install sbom-toolCreates a _manifest directory and places a spdx sbom in json format inside it.
sbom-tool generate -D true -b artifacts -ps scitt-community -pn scitt-nodejs-example -pv 0.0.0 Signs the sbom, registeres it with a test ledger, adds a receipt to the signature, producing a transparent statement.
./script.sh