Documentation ¶
Index ¶
- Constants
- Variables
- func BuildDigestPolicyOption(a artifact.DigestedArtifact) (verify.ArtifactPolicyOption, error)
- func DefaultOptionsWithCacheSetting() *tuf.Options
- func FilterAttestations(predicateType string, attestations []*api.Attestation) []*api.Attestation
- func GetAttestations(c FetchAttestationsConfig) ([]*api.Attestation, error)
- func GetLocalAttestations(path string) ([]*api.Attestation, error)
- func GetOCIAttestations(c FetchAttestationsConfig) ([]*api.Attestation, error)
- func GetRemoteAttestations(c FetchAttestationsConfig) ([]*api.Attestation, error)
- func GitHubTUFOptions() *tuf.Options
- func VerifyCertExtensions(results []*AttestationProcessingResult, tenant, owner, repo string) error
- type AttestationProcessingResult
- type FailSigstoreVerifier
- type FetchAttestationsConfig
- type IntotoStatement
- type LiveSigstoreVerifier
- type MockSigstoreVerifier
- type SigstoreConfig
- type SigstoreResults
- type SigstoreVerifier
Constants ¶
View Source
const ( PublicGoodIssuerOrg = "sigstore.dev" GitHubIssuerOrg = "GitHub, Inc." )
View Source
const GitHubTUFMirror = "https://tuf-repo.github.com"
View Source
const SLSAPredicateType = "https://slsa.dev/provenance/v1"
Variables ¶
View Source
var ErrEmptyBundleFile = errors.New("provided bundle file is empty")
View Source
var ErrUnrecognisedBundleExtension = errors.New("bundle file extension not supported, must be json or jsonl")
Functions ¶
func BuildDigestPolicyOption ¶
func BuildDigestPolicyOption(a artifact.DigestedArtifact) (verify.ArtifactPolicyOption, error)
BuildDigestPolicyOption builds a verify.ArtifactPolicyOption from the given artifact digest and digest algorithm
func FilterAttestations ¶ added in v2.48.0
func FilterAttestations(predicateType string, attestations []*api.Attestation) []*api.Attestation
func GetAttestations ¶
func GetAttestations(c FetchAttestationsConfig) ([]*api.Attestation, error)
func GetLocalAttestations ¶
func GetLocalAttestations(path string) ([]*api.Attestation, error)
GetLocalAttestations returns a slice of attestations read from a local bundle file.
func GetOCIAttestations ¶ added in v2.56.0
func GetOCIAttestations(c FetchAttestationsConfig) ([]*api.Attestation, error)
func GetRemoteAttestations ¶
func GetRemoteAttestations(c FetchAttestationsConfig) ([]*api.Attestation, error)
func GitHubTUFOptions ¶
func VerifyCertExtensions ¶ added in v2.54.0
func VerifyCertExtensions(results []*AttestationProcessingResult, tenant, owner, repo string) error
Types ¶
type AttestationProcessingResult ¶
type AttestationProcessingResult struct { Attestation *api.Attestation `json:"attestation"` VerificationResult *verify.VerificationResult `json:"verificationResult"` }
AttestationProcessingResult captures processing a given attestation's signature verification and policy evaluation
type FailSigstoreVerifier ¶ added in v2.48.0
type FailSigstoreVerifier struct{}
func (*FailSigstoreVerifier) Verify ¶ added in v2.48.0
func (v *FailSigstoreVerifier) Verify(attestations []*api.Attestation, policy verify.PolicyBuilder) *SigstoreResults
type FetchAttestationsConfig ¶
type FetchAttestationsConfig struct { APIClient api.Client BundlePath string Digest string Limit int Owner string Repo string OCIClient oci.Client UseBundleFromRegistry bool NameRef name.Reference }
func (*FetchAttestationsConfig) IsBundleProvided ¶
func (c *FetchAttestationsConfig) IsBundleProvided() bool
type IntotoStatement ¶ added in v2.48.0
type IntotoStatement struct {
PredicateType string `json:"predicateType"`
}
type LiveSigstoreVerifier ¶ added in v2.48.0
type LiveSigstoreVerifier struct {
// contains filtered or unexported fields
}
func NewLiveSigstoreVerifier ¶ added in v2.48.0
func NewLiveSigstoreVerifier(config SigstoreConfig) *LiveSigstoreVerifier
NewLiveSigstoreVerifier creates a new LiveSigstoreVerifier struct that is used to verify artifacts and attestations against the Public Good, GitHub, or a custom trusted root.
func (*LiveSigstoreVerifier) Verify ¶ added in v2.48.0
func (v *LiveSigstoreVerifier) Verify(attestations []*api.Attestation, policy verify.PolicyBuilder) *SigstoreResults
type MockSigstoreVerifier ¶ added in v2.48.0
type MockSigstoreVerifier struct {
// contains filtered or unexported fields
}
func NewMockSigstoreVerifier ¶ added in v2.48.0
func NewMockSigstoreVerifier(t *testing.T) *MockSigstoreVerifier
func (*MockSigstoreVerifier) Verify ¶ added in v2.48.0
func (v *MockSigstoreVerifier) Verify(attestations []*api.Attestation, policy verify.PolicyBuilder) *SigstoreResults
type SigstoreConfig ¶
type SigstoreResults ¶
type SigstoreResults struct { VerifyResults []*AttestationProcessingResult Error error }
type SigstoreVerifier ¶
type SigstoreVerifier interface {
Verify(attestations []*api.Attestation, policy verify.PolicyBuilder) *SigstoreResults
}
Click to show internal directories.
Click to hide internal directories.