An artifact could be anything that is a blob or a collection of blobs.
An attestation is statement of proof regarding a claim.
A package URL or pURL is an attempt to standardize existing approaches to reliably identify and locate software packages. More details can be found in the specification repository for the project provides more details.
Policy enforcement describes the ability to automate, monitor, and enact guardrails and best practices around artifacts.
Provenance describes an artifact's origins and/or chain of custody. There is no single prescribed form for this information.
A software bill of materials or SBOM is a nested structured inventory of artifact metadata which makes up any given software component.