Documentation ¶
Index ¶
Constants ¶
const (
PredicateVuln = "https://in-toto.io/attestation/vulns/v0.1"
)
PredicateVuln This is a new predicate type for vulnerabilities based off https://github.com/sigstore/cosign/blob/main/specs/COSIGN_VULN_ATTESTATION_SPEC.md. This is used by the certifier to attest to vulnerabilities in an artifact. Currently, the predicate is defined here but the intention is to upstream this to https://github.com/in-toto/attestation in the near future once the quirks are worked out.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DB ¶
type DB struct { Uri string `json:"uri,omitempty"` Version string `json:"version,omitempty"` // required LastUpdate *time.Time `json:"lastUpdate,omitempty"` }
DB defines the scanner database used at the time of scan
type Metadata ¶
type Metadata struct { ScanStartedOn *time.Time `json:"scanStartedOn,omitempty"` ScanFinishedOn *time.Time `json:"scanFinishedOn,omitempty"` }
Metadata defines when the last scan was done
type Result ¶
type Result struct { Id string `json:"id,omitempty"` Severity []Severity `json:"severity,omitempty"` }
Result defines the Vulnerability ID and its alias. There can be multiple results per artifact TODO: The spec has a discrepency that needs to be resolved, we are following the example json in the spec since that seems to be what 2 examples we've seen are using. Tracking https://github.com/in-toto/attestation/issues/391
type Scanner ¶
type Scanner struct { Uri string `json:"uri,omitempty"` Version string `json:"version,omitempty"` Database DB `json:"db,omitempty"` // required Result []Result `json:"result,omitempty"` }
Scanner defines the scanner that was used to scan the artifacts and the resulting vulnerabilities found
type Severity ¶
type Severity struct { // required Method string `json:"method,omitempty"` // required Score string `json:"score,omitempty"` // ambiguous type definition ins spec, look at // https://github.com/in-toto/attestation/issues/390https://github.com/in-toto/attestation/issues/390 Annotations []map[string]interface{} `json:"annotations,omitempty"` }
Severity describes the severity of a vulnerability using one or more quantitative scoring method.
type VulnerabilityPredicate ¶
type VulnerabilityPredicate struct { // required Scanner Scanner `json:"scanner,omitempty"` // required Metadata Metadata `json:"metadata,omitempty"` }
VulnerabilityPredicate defines predicate definition of the vulnerability attestation
type VulnerabilityStatement ¶
type VulnerabilityStatement struct { attestationv1.Statement // Predicate contains type specific metadata. Predicate VulnerabilityPredicate `json:"predicate"` }
VulnerabilityStatement defines the statement header and the vulnerability predicate