Affected by 
The highest tagged major version is
Documentation
¶
Index ¶
Constants ¶
View Source
const ( // CosignCustomProvenanceV01 specifies the type of the Predicate. CosignCustomProvenanceV01 = "cosign.sigstore.dev/attestation/v1" // CosignVulnProvenanceV01 specifies the type of VulnerabilityScan Predicate CosignVulnProvenanceV01 = "cosign.sigstore.dev/attestation/vuln/v1" )
Variables ¶
This section is empty.
Functions ¶
func GenerateStatement ¶
func GenerateStatement(opts GenerateOpts) (interface{}, error)
GenerateStatement returns an in-toto statement based on the provided predicate type (custom|slsaprovenance|spdx|spdxjson|cyclonedx|link).
Types ¶
type CosignPredicate ¶
type CosignPredicate struct {
Data interface{}
Timestamp string
}
CosignPredicate specifies the format of the Custom Predicate.
type CosignVulnPredicate ¶ added in v1.5.0
type CosignVulnPredicate struct {
Invocation Invocation `json:"invocation"`
Scanner Scanner `json:"scanner"`
Metadata Metadata `json:"metadata"`
}
VulnPredicate specifies the format of the Vulnerability Scan Predicate
type CosignVulnStatement ¶ added in v1.8.0
type CosignVulnStatement struct {
in_toto.StatementHeader
Predicate CosignVulnPredicate `json:"predicate"`
}
I think this will be moving to upstream in-toto in the fullness of time but creating it here for now so that we have a way to deserialize it as a InToto Statement https://github.com/in-toto/attestation/issues/58
type GenerateOpts ¶
type GenerateOpts struct {
// Predicate is the source of bytes (e.g. a file) to use as the statement's predicate.
Predicate io.Reader
// Type is the pre-defined enums (provenance|link|spdx).
// default: custom
Type string
// Digest of the Image reference.
Digest string
// Repo context of the reference.
Repo string
// Function to return the time to set
Time func() time.Time
}
GenerateOpts specifies the options of the Statement generator.
type Invocation ¶ added in v1.5.0
Source Files
Click to show internal directories.
Click to hide internal directories.