Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var AssertBuiltWithLeeway = &Assertion{ Name: "built-with-leeway", Description: "ensures all bundle entries have been built with leeway", Run: func(stmt *provenance.Statement) []Violation { if strings.HasPrefix(stmt.Predicate.Builder.ID, leeway.ProvenanceBuilderID) { return nil } return []Violation{ {Desc: "was not built using leeway"}, } }, }
View Source
var AssertGitMaterialOnly = &Assertion{ Name: "git-material-only", Description: "ensures all subjects were built from Git material only", Run: func(stmt *provenance.Statement) []Violation { for _, m := range stmt.Predicate.Materials { if strings.HasPrefix(m.URI, "git+") || strings.HasPrefix(m.URI, "git://") { continue } return []Violation{{ Desc: "contains non-Git material, e.g. " + m.URI, }} } return nil }, }
Functions ¶
func DecodeBundle ¶ added in v0.2.13
DecodeBundle returns a function which attempts to decode an attestation bundle from the reader and calls the handler for every envelope found in the bundle. If decoding fails, or the handler returns an error, decoding stops and the error is returned.
Types ¶
type Assertion ¶
type Assertion struct { Name string Description string Run func(stmt *provenance.Statement) []Violation RunEnvelope func(env *provenance.Envelope) []Violation }
func AssertSignedWith ¶
type Assertions ¶
type Assertions []*Assertion
func (Assertions) AssertEnvelope ¶
func (a Assertions) AssertEnvelope(env *provenance.Envelope) (failed []Violation)
func (Assertions) AssertStatement ¶
func (a Assertions) AssertStatement(stmt *provenance.Statement) (failed []Violation)
Click to show internal directories.
Click to hide internal directories.