Documentation
¶
Index ¶
- Constants
- Variables
- func New(payload []byte) (iface.Provenance, error)
- type DigestSet
- type GCBIntotoTextStatement
- type Provenance
- func (p *Provenance) BuildType() (string, error)
- func (p *Provenance) BuilderID() (string, error)
- func (p *Provenance) GetSystemParameters() (map[string]any, error)
- func (p *Provenance) Header() (intoto.StatementHeader, error)
- func (p *Provenance) Predicate() (interface{}, error)
- func (p *Provenance) PredicateType() (string, error)
- func (p *Provenance) SourceBranch() (string, error)
- func (p *Provenance) SourceTag() (string, error)
- func (p *Provenance) SourceURI() (string, error)
- func (p *Provenance) Subjects() ([]intoto.Subject, error)
- type ProvenanceBuilder
- type ProvenanceComplete
- type ProvenanceMaterial
- type ProvenanceMetadata
- type ProvenancePredicate
- type ProvenanceRecipe
Constants ¶
const ( // PredicateSLSAProvenance represents a build provenance for an artifact. PredicateSLSAProvenance = intotov01.PredicateSLSAProvenance )
Variables ¶
var BuilderIDs = []string{
"https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2",
"https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3",
}
var RegionalKeyRegex = regexp.MustCompile(`^projects\/verified-builder\/locations\/(.*)\/keyRings\/attestor\/cryptoKeys\/builtByGCB\/cryptoKeyVersions\/1$`)
Functions ¶
Types ¶
type DigestSet ¶
DigestSet contains a set of digests. It is represented as a map from algorithm name to lowercase hex-encoded value.
type GCBIntotoTextStatement ¶
type GCBIntotoTextStatement struct {
intoto.StatementHeader
SlsaProvenance ProvenancePredicate `json:"slsaProvenance"`
}
The GCB provenance contains a human-readable version of the intoto statement, but it is not compliant with the standard. It uses `slsaProvenance` instead of `predicate`. For backward compatibility, this has not been fixed by the GCB team.
type Provenance ¶
type Provenance struct {
intoto.StatementHeader
Pred ProvenancePredicate `json:"predicate"`
}
Provenance is GCB provenance.
func (*Provenance) BuildType ¶
func (p *Provenance) BuildType() (string, error)
BuildType implements Statement.BuildType.
func (*Provenance) BuilderID ¶
func (p *Provenance) BuilderID() (string, error)
BuilderID implements Statement.BuilderID.
func (*Provenance) GetSystemParameters ¶
func (p *Provenance) GetSystemParameters() (map[string]any, error)
BuildType implements Statement.GetSystemParameters.
func (*Provenance) Header ¶
func (p *Provenance) Header() (intoto.StatementHeader, error)
func (*Provenance) Predicate ¶
func (p *Provenance) Predicate() (interface{}, error)
func (*Provenance) PredicateType ¶
func (p *Provenance) PredicateType() (string, error)
func (*Provenance) SourceBranch ¶
func (p *Provenance) SourceBranch() (string, error)
SourceBranch implements Provenance.SourceBranch.
func (*Provenance) SourceTag ¶
func (p *Provenance) SourceTag() (string, error)
SourceTag implements Provenance.SourceTag.
func (*Provenance) SourceURI ¶
func (p *Provenance) SourceURI() (string, error)
SourceURI implements Statement.SourceURI.
type ProvenanceBuilder ¶
type ProvenanceBuilder struct {
ID string `json:"id"`
}
ProvenanceBuilder idenfifies the entity that executed the build steps.
type ProvenanceComplete ¶
type ProvenanceComplete struct {
Arguments bool `json:"arguments"`
Environment bool `json:"environment"`
Materials bool `json:"materials"`
}
ProvenanceComplete indicates whether the claims in build/recipe are complete. For in depth information refer to the specifictaion: https://github.com/in-toto/attestation/blob/v0.1.0/spec/predicates/provenance.md
type ProvenanceMaterial ¶
type ProvenanceMaterial struct {
URI string `json:"uri"`
Digest DigestSet `json:"digest,omitempty"`
}
ProvenanceMaterial defines the materials used to build an artifact.
type ProvenanceMetadata ¶
type ProvenanceMetadata struct {
// Use pointer to make sure that the abscense of a time is not
// encoded as the Epoch time.
BuildStartedOn *time.Time `json:"buildStartedOn,omitempty"`
BuildFinishedOn *time.Time `json:"buildFinishedOn,omitempty"`
Completeness ProvenanceComplete `json:"completeness"`
Reproducible bool `json:"reproducible"`
}
ProvenanceMetadata contains metadata for the built artifact.
type ProvenancePredicate ¶
type ProvenancePredicate struct {
Builder ProvenanceBuilder `json:"builder"`
Recipe ProvenanceRecipe `json:"recipe"`
Metadata *ProvenanceMetadata `json:"metadata,omitempty"`
Materials []ProvenanceMaterial `json:"materials,omitempty"`
}
ProvenancePredicate is the provenance predicate definition.
type ProvenanceRecipe ¶
type ProvenanceRecipe struct {
Type string `json:"type"`
// DefinedInMaterial can be sent as the null pointer to indicate that
// the value is not present.
// DefinedInMaterial *int `json:"definedInMaterial,omitempty"`
EntryPoint string `json:"entryPoint"`
Arguments interface{} `json:"arguments,omitempty"`
Environment interface{} `json:"environment,omitempty"`
}
ProvenanceRecipe describes the actions performed by the builder.
Source Files