Documentation
¶
Index ¶
- Constants
- type GCBVerifier
- func (v *GCBVerifier) IsAuthoritativeFor(builderIDName string) bool
- func (v *GCBVerifier) VerifyArtifact(ctx context.Context, provenance []byte, artifactHash string, ...) ([]byte, *utils.TrustedBuilderID, error)
- func (v *GCBVerifier) VerifyImage(ctx context.Context, provenance []byte, artifactImage string, ...) ([]byte, *utils.TrustedBuilderID, error)
- func (v *GCBVerifier) VerifyNpmPackage(ctx context.Context, attestations []byte, tarballHash string, ...) ([]byte, *utils.TrustedBuilderID, error)
- type Provenance
- func (p *Provenance) GetVerifiedIntotoStatement() ([]byte, error)
- func (p *Provenance) VerifyBranch(branch string) error
- func (p *Provenance) VerifyBuilder(builderOpts *options.BuilderOpts) (*utils.TrustedBuilderID, error)
- func (p *Provenance) VerifyMetadata(provenanceOpts *options.ProvenanceOpts) error
- func (p *Provenance) VerifySignature() error
- func (p *Provenance) VerifySourceURI(expectedSourceURI string, builderID utils.TrustedBuilderID) error
- func (p *Provenance) VerifySubjectDigest(expectedHash string) error
- func (p *Provenance) VerifySummary(provenanceOpts *options.ProvenanceOpts) error
- func (p *Provenance) VerifyTag(expectedTag string) error
- func (p *Provenance) VerifyTextProvenance() error
- func (p *Provenance) VerifyVersionedTag(expectedTag string) error
Constants ¶
const VerifierName = "GCB"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type GCBVerifier ¶
type GCBVerifier struct{}
func GCBVerifierNew ¶
func GCBVerifierNew() *GCBVerifier
func (*GCBVerifier) IsAuthoritativeFor ¶
func (v *GCBVerifier) IsAuthoritativeFor(builderIDName string) bool
IsAuthoritativeFor returns true of the verifier can verify provenance generated by the builderID.
func (*GCBVerifier) VerifyArtifact ¶
func (v *GCBVerifier) VerifyArtifact(ctx context.Context, provenance []byte, artifactHash string, provenanceOpts *options.ProvenanceOpts, builderOpts *options.BuilderOpts, ) ([]byte, *utils.TrustedBuilderID, error)
VerifyArtifact verifies provenance for an artifact.
func (*GCBVerifier) VerifyImage ¶
func (v *GCBVerifier) VerifyImage(ctx context.Context, provenance []byte, artifactImage string, provenanceOpts *options.ProvenanceOpts, builderOpts *options.BuilderOpts, ) ([]byte, *utils.TrustedBuilderID, error)
VerifyImage verifies provenance for an OCI image.
func (*GCBVerifier) VerifyNpmPackage ¶ added in v2.1.0
func (v *GCBVerifier) VerifyNpmPackage(ctx context.Context, attestations []byte, tarballHash string, provenanceOpts *options.ProvenanceOpts, builderOpts *options.BuilderOpts, ) ([]byte, *utils.TrustedBuilderID, error)
VerifyNpmPackage verifies an npm package tarball.
type Provenance ¶
type Provenance struct {
// contains filtered or unexported fields
}
func ProvenanceFromBytes ¶
func ProvenanceFromBytes(payload []byte) (*Provenance, error)
func (*Provenance) GetVerifiedIntotoStatement ¶
func (p *Provenance) GetVerifiedIntotoStatement() ([]byte, error)
func (*Provenance) VerifyBranch ¶
func (p *Provenance) VerifyBranch(branch string) error
func (*Provenance) VerifyBuilder ¶
func (p *Provenance) VerifyBuilder(builderOpts *options.BuilderOpts) (*utils.TrustedBuilderID, error)
VerifyBuilder verifies the builder in the DSSE payload: - in the recipe type - the recipe argument type - the predicate builder ID.
func (*Provenance) VerifyMetadata ¶
func (p *Provenance) VerifyMetadata(provenanceOpts *options.ProvenanceOpts) error
VerifyMetadata verifies additional metadata contained in the provenance, which is not part of the DSSE payload or headers. It is part of the payload returned by `gcloud artifacts docker images describe image:tag --format json --show-provenance`.
func (*Provenance) VerifySignature ¶
func (p *Provenance) VerifySignature() error
VerifySignature verifiers the signature for a provenance.
func (*Provenance) VerifySourceURI ¶
func (p *Provenance) VerifySourceURI(expectedSourceURI string, builderID utils.TrustedBuilderID) error
Verify source URI in provenance statement.
func (*Provenance) VerifySubjectDigest ¶
func (p *Provenance) VerifySubjectDigest(expectedHash string) error
VerifySubjectDigest verifies the sha256 of the subject.
func (*Provenance) VerifySummary ¶
func (p *Provenance) VerifySummary(provenanceOpts *options.ProvenanceOpts) error
VerifySummary verifies the content of the `image_summary` structure returned by `gcloud artifacts docker images describe image:tag --format json --show-provenance`.
func (*Provenance) VerifyTag ¶
func (p *Provenance) VerifyTag(expectedTag string) error
func (*Provenance) VerifyTextProvenance ¶
func (p *Provenance) VerifyTextProvenance() error
VerifyTextProvenance verifies the text provenance prepended to the provenance.This text mirrors the DSSE payload but is human-readable.
func (*Provenance) VerifyVersionedTag ¶
func (p *Provenance) VerifyVersionedTag(expectedTag string) error
Source Files
Directories