Documentation
¶
Index ¶
Constants ¶
const (
PredicateClearlyDefined = "https://in-toto.io/attestation/clearlydefined/v0.1"
)
PredicateVuln This is a new predicate type for vulnerabilities based off https://github.com/sigstore/cosign/blob/main/specs/COSIGN_VULN_ATTESTATION_SPEC.md. This is used by the certifier to attest to vulnerabilities in an artifact. Currently, the predicate is defined here but the intention is to upstream this to https://github.com/in-toto/attestation in the near future once the quirks are worked out.
const (
PredicateVuln = "https://in-toto.io/attestation/vuln/v0.1"
)
PredicateVuln This is a new predicate type for vulnerabilities based off https://github.com/sigstore/cosign/blob/main/specs/COSIGN_VULN_ATTESTATION_SPEC.md. This is used by the certifier to attest to vulnerabilities in an artifact. Currently, the predicate is defined here but the intention is to upstream this to https://github.com/in-toto/attestation in the near future once the quirks are worked out.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ClearlyDefinedPredicate ¶ added in v0.8.0
type ClearlyDefinedPredicate struct {
Definition Definition `json:"definition,omitempty"`
Metadata Metadata `json:"metadata,omitempty"`
}
ClearlyDefinedPredicate defines predicate definition of the license attestation
type ClearlyDefinedStatement ¶ added in v0.8.0
type ClearlyDefinedStatement struct {
attestationv1.Statement
// Predicate contains type specific metadata.
Predicate ClearlyDefinedPredicate `json:"predicate"`
}
ClearlyDefinedStatement defines the statement header and the license predicate
type Definition ¶ added in v0.8.0
type Definition struct {
Described struct {
ReleaseDate string `json:"releaseDate"`
SourceLocation *struct {
Type string `json:"type"`
Provider string `json:"provider"`
Namespace string `json:"namespace"`
Name string `json:"name"`
Revision string `json:"revision"`
URL string `json:"url"`
} `json:"sourceLocation,omitempty"`
Urls struct {
Registry string `json:"registry"`
Version string `json:"version"`
Download string `json:"download"`
} `json:"urls"`
Hashes struct {
Sha1 string `json:"sha1"`
Sha256 string `json:"sha256"`
} `json:"hashes"`
Files int `json:"files"`
Tools []string `json:"tools"`
ToolScore struct {
Total int `json:"total"`
Date int `json:"date"`
Source int `json:"source"`
} `json:"toolScore"`
Score struct {
Total int `json:"total"`
Date int `json:"date"`
Source int `json:"source"`
} `json:"score"`
} `json:"described"`
Files []struct {
Path string `json:"path"`
License string `json:"license,omitempty"`
Natures []string `json:"natures,omitempty"`
Hashes struct {
Sha1 string `json:"sha1"`
Sha256 string `json:"sha256"`
} `json:"hashes"`
Token string `json:"token,omitempty"`
Attributions []string `json:"attributions,omitempty"`
} `json:"files"`
Licensed struct {
Declared string `json:"declared"`
ToolScore struct {
Total int `json:"total"`
Declared int `json:"declared"`
Discovered int `json:"discovered"`
Consistency int `json:"consistency"`
Spdx int `json:"spdx"`
Texts int `json:"texts"`
} `json:"toolScore"`
Facets struct {
Core struct {
Attribution struct {
Unknown int `json:"unknown"`
Parties []string `json:"parties"`
} `json:"attribution"`
Discovered struct {
Unknown int `json:"unknown"`
Expressions []string `json:"expressions"`
} `json:"discovered"`
Files int `json:"files"`
} `json:"core"`
} `json:"facets"`
Score struct {
Total int `json:"total"`
Declared int `json:"declared"`
Discovered int `json:"discovered"`
Consistency int `json:"consistency"`
Spdx int `json:"spdx"`
Texts int `json:"texts"`
} `json:"score"`
} `json:"licensed"`
Coordinates struct {
Type string `json:"type"`
Provider string `json:"provider"`
Namespace string `json:"namespace"`
Name string `json:"name"`
Revision string `json:"revision"`
} `json:"coordinates"`
Meta struct {
SchemaVersion string `json:"schemaVersion"`
Updated time.Time `json:"updated"`
} `json:"_meta"`
Scores struct {
Effective int `json:"effective"`
Tool int `json:"tool"`
} `json:"scores"`
}
Definition represents the structure of the data returned by the API
type Invocation ¶
type Invocation struct {
Parameters []string `json:"parameters,omitempty"`
Uri string `json:"uri,omitempty"`
EventID string `json:"event_id,omitempty"`
ProducerID string `json:"producer_id,omitempty"`
}
Invocation defines how the scan was initiated and by which producer
type Result ¶
type Result struct {
VulnerabilityId string `json:"vulnerability_id,omitempty"`
Aliases []string `json:"aliases,omitempty"`
}
Result defines the Vulnerability ID and its alias. There can be multiple results per artifact
type Scanner ¶
type Scanner struct {
Uri string `json:"uri,omitempty"`
Version string `json:"version,omitempty"`
Database DB `json:"db,omitempty"`
Result []Result `json:"result,omitempty"`
}
Scanner defines the scanner that was used to scan the artifacts and the resulting vulnerabilities found
type VulnerabilityPredicate ¶
type VulnerabilityPredicate struct {
Invocation Invocation `json:"invocation,omitempty"`
Scanner Scanner `json:"scanner,omitempty"`
Metadata Metadata `json:"metadata,omitempty"`
}
VulnerabilityPredicate defines predicate definition of the vulnerability attestation
type VulnerabilityStatement ¶
type VulnerabilityStatement struct {
attestationv1.Statement
// Predicate contains type specific metadata.
Predicate VulnerabilityPredicate `json:"predicate"`
}
VulnerabilityStatement defines the statement header and the vulnerability predicate
Source Files