provenance

package

v0.0.0-...-6b0088a Latest Latest Go to latest Published: Oct 18, 2024 License: Apache-2.0 Imports: 0 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

chromium.googlesource.com/infra/luci/luci-go

Documentation ¶

Overview ¶

Package provenance provides API definitions and simple libraries to interface with the APIs.

It supports all possible provenance information that are supported currently.

Provenance is a metadata about an artifact that provides information to trace a binary back to its sources. It also provides a chain-of-custody as the artifact traverses through multiple systems.

Summary ¶

Provenance defines APIs for reporting `provenance` metadata, in order to establish a traceable lineage for artifacts produced within the LUCI ecosystem. Artifact provenance is otherwise defined as "metadata which records a snapshot of the build-time states that correspond to an artifact."

Usage ¶

Service self-report is used by local processes to insert relevant information into provenance. Server side implementation is beyond the scope of this package and is Google-internal.

A local git checkout can be reported by:

pClient, _ := client.MakeProvenanceClient(ctx, "http://localhost:port")
reporter := &reporter.Report{RClient: pClient}
ok, err := reporter.ReportGitCheckout(ctx, "https://repo.git", "deadbeef", "refs/heads/example")
if err != nil & !ok {
    ...
}

This call will return a result back to you, user can implement it in a blocking way to ensure the event was recorded. Failure mode here can be internal error (that would include invalid input) as well as absence of local provenance server.

Results here can be:

(true, nil) => report successfully exported
(true, ErrServiceUnavailable) => service unavailable
(false, err) => all other cases

This allows users to determine how to interpret failure. A concrete example would be a workload where security policy is set to "enforce" mode, meaning checkout should fail loudly, in this case `ok` status can be ignored. For workloads where this is in "audit" mode, API will return a success ok status when local server isn't configured/unreachable. This is particularly helpful for flexible workloads.

Similarly other interfaces of this API can be used to report a variety of interesting things.

Source Files ¶

View all Source files

doc.go

Directories ¶

Path	Synopsis
api
snooperpb/v1 Package snooperpb contains LUCI's self-reporting local gRPC server API definitions.	Package snooperpb contains LUCI's self-reporting local gRPC server API definitions.
spikepb/ids Package idspb contains Spike's Intrusion Detection System (IDS) API.	Package idspb contains Spike's Intrusion Detection System (IDS) API.
client Package client provides necessary interfaces to Self report with Snooper.	Package client provides necessary interfaces to Self report with Snooper.
reporter Package reporter provides interface implementation for reporting provenance information as useful library.	Package reporter provides interface implementation for reporting provenance information as useful library.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL