attestation

package
v1.11.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 24, 2022 License: Apache-2.0 Imports: 8 Imported by: 7

Documentation

Index

Constants

View Source
const (
	// CosignCustomProvenanceV01 specifies the type of the Predicate.
	CosignCustomProvenanceV01 = "cosign.sigstore.dev/attestation/v1"

	// CosignVulnProvenanceV01 specifies the type of VulnerabilityScan Predicate
	CosignVulnProvenanceV01 = "cosign.sigstore.dev/attestation/vuln/v1"
)

Variables

This section is empty.

Functions

func GenerateStatement

func GenerateStatement(opts GenerateOpts) (interface{}, error)

GenerateStatement returns an in-toto statement based on the provided predicate type (custom|slsaprovenance|spdx|spdxjson|cyclonedx|link).

Types

type CosignPredicate

type CosignPredicate struct {
	Data      interface{}
	Timestamp string
}

CosignPredicate specifies the format of the Custom Predicate.

type CosignVulnPredicate added in v1.5.0

type CosignVulnPredicate struct {
	Invocation Invocation `json:"invocation"`
	Scanner    Scanner    `json:"scanner"`
	Metadata   Metadata   `json:"metadata"`
}

VulnPredicate specifies the format of the Vulnerability Scan Predicate

type CosignVulnStatement added in v1.8.0

type CosignVulnStatement struct {
	in_toto.StatementHeader
	Predicate CosignVulnPredicate `json:"predicate"`
}

I think this will be moving to upstream in-toto in the fullness of time but creating it here for now so that we have a way to deserialize it as a InToto Statement https://github.com/in-toto/attestation/issues/58

type DB added in v1.5.0

type DB struct {
	URI     string `json:"uri"`
	Version string `json:"version"`
}

type GenerateOpts

type GenerateOpts struct {
	// Predicate is the source of bytes (e.g. a file) to use as the statement's predicate.
	Predicate io.Reader
	// Type is the pre-defined enums (provenance|link|spdx).
	// default: custom
	Type string
	// Digest of the Image reference.
	Digest string
	// Repo context of the reference.
	Repo string

	// Function to return the time to set
	Time func() time.Time
}

GenerateOpts specifies the options of the Statement generator.

type Invocation added in v1.5.0

type Invocation struct {
	Parameters interface{} `json:"parameters"`
	URI        string      `json:"uri"`
	EventID    string      `json:"event_id"`
	BuilderID  string      `json:"builder.id"`
}

type Metadata added in v1.5.0

type Metadata struct {
	ScanStartedOn  time.Time `json:"scanStartedOn"`
	ScanFinishedOn time.Time `json:"scanFinishedOn"`
}

type Scanner added in v1.5.0

type Scanner struct {
	URI     string      `json:"uri"`
	Version string      `json:"version"`
	DB      DB          `json:"db"`
	Result  interface{} `json:"result"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL