Documentation
¶
Index ¶
Constants ¶
const (
PredicateVuln = "https://in-toto.io/attestation/vuln/v0.1"
)
PredicateVuln This is a new predicate type for vulnerabilities based off https://github.com/sigstore/cosign/blob/main/specs/COSIGN_VULN_ATTESTATION_SPEC.md. This is used by the certifier to attest to vulnerabilities in an artifact. Currently, the predicate is defined here but the intention is to upstream this to https://github.com/in-toto/attestation in the near future once the quirks are worked out.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Invocation ¶
type Invocation struct {
Parameters []string `json:"parameters,omitempty"`
Uri string `json:"uri,omitempty"`
EventID string `json:"event_id,omitempty"`
ProducerID string `json:"producer_id,omitempty"`
}
Invocation defines how the scan was initiated and by which producer
type Result ¶
type Result struct {
VulnerabilityId string `json:"vulnerability_id,omitempty"`
Aliases []string `json:"aliases,omitempty"`
}
Result defines the Vulnerability ID and its alias. There can be multiple results per artifact
type Scanner ¶
type Scanner struct {
Uri string `json:"uri,omitempty"`
Version string `json:"version,omitempty"`
Database DB `json:"db,omitempty"`
Result []Result `json:"result,omitempty"`
}
Scanner defines the scanner that was used to scan the artifacts and the resulting vulnerabilities found
type VulnerabilityPredicate ¶
type VulnerabilityPredicate struct {
Invocation Invocation `json:"invocation,omitempty"`
Scanner Scanner `json:"scanner,omitempty"`
Metadata Metadata `json:"metadata,omitempty"`
}
VulnerabilityPredicate defines predicate definition of the vulnerability attestation
type VulnerabilityStatement ¶
type VulnerabilityStatement struct {
intoto.StatementHeader
// Predicate contains type specific metadata.
Predicate VulnerabilityPredicate `json:"predicate"`
}
VulnerabilityStatement defines the statement header and the vulnerability predicate
Source Files