Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( NoteKind_name = map[int32]string{ 0: "NOTE_KIND_UNSPECIFIED", 1: "VULNERABILITY", 2: "BUILD", 3: "IMAGE", 4: "PACKAGE", 5: "DEPLOYMENT", 6: "DISCOVERY", 7: "ATTESTATION", } NoteKind_value = map[string]int32{ "NOTE_KIND_UNSPECIFIED": 0, "VULNERABILITY": 1, "BUILD": 2, "IMAGE": 3, "PACKAGE": 4, "DEPLOYMENT": 5, "DISCOVERY": 6, "ATTESTATION": 7, } )
Enum value maps for NoteKind.
var File_google_devtools_containeranalysis_v1beta1_common_common_proto protoreflect.FileDescriptor
Functions ¶
This section is empty.
Types ¶
type NoteKind ¶
type NoteKind int32
Kind represents the kinds of notes supported.
const ( // Unknown. NoteKind_NOTE_KIND_UNSPECIFIED NoteKind = 0 // The note and occurrence represent a package vulnerability. NoteKind_VULNERABILITY NoteKind = 1 // The note and occurrence assert build provenance. NoteKind_BUILD NoteKind = 2 // This represents an image basis relationship. NoteKind_IMAGE NoteKind = 3 // This represents a package installed via a package manager. NoteKind_PACKAGE NoteKind = 4 // The note and occurrence track deployment events. NoteKind_DEPLOYMENT NoteKind = 5 // The note and occurrence track the initial discovery status of a resource. NoteKind_DISCOVERY NoteKind = 6 // This represents a logical "role" that can attest to artifacts. NoteKind_ATTESTATION NoteKind = 7 )
func (NoteKind) Descriptor ¶
func (NoteKind) Descriptor() protoreflect.EnumDescriptor
func (NoteKind) EnumDescriptor
deprecated
func (NoteKind) Number ¶
func (x NoteKind) Number() protoreflect.EnumNumber
func (NoteKind) Type ¶
func (NoteKind) Type() protoreflect.EnumType
type RelatedUrl ¶
type RelatedUrl struct {
// Specific URL associated with the resource.
Url string `protobuf:"bytes,1,opt,name=url,proto3" json:"url,omitempty"`
// Label to describe usage of the URL.
Label string `protobuf:"bytes,2,opt,name=label,proto3" json:"label,omitempty"`
// contains filtered or unexported fields
}
Metadata for any related URL information.
func (*RelatedUrl) Descriptor
deprecated
func (*RelatedUrl) Descriptor() ([]byte, []int)
Deprecated: Use RelatedUrl.ProtoReflect.Descriptor instead.
func (*RelatedUrl) GetLabel ¶
func (x *RelatedUrl) GetLabel() string
func (*RelatedUrl) GetUrl ¶
func (x *RelatedUrl) GetUrl() string
func (*RelatedUrl) ProtoMessage ¶
func (*RelatedUrl) ProtoMessage()
func (*RelatedUrl) ProtoReflect ¶
func (x *RelatedUrl) ProtoReflect() protoreflect.Message
func (*RelatedUrl) Reset ¶
func (x *RelatedUrl) Reset()
func (*RelatedUrl) String ¶
func (x *RelatedUrl) String() string
type Signature ¶
type Signature struct {
// The content of the signature, an opaque bytestring.
// The payload that this signature verifies MUST be unambiguously provided
// with the Signature during verification. A wrapper message might provide
// the payload explicitly. Alternatively, a message might have a canonical
// serialization that can always be unambiguously computed to derive the
// payload.
Signature []byte `protobuf:"bytes,1,opt,name=signature,proto3" json:"signature,omitempty"`
// The identifier for the public key that verifies this signature.
// * The `public_key_id` is required.
// * The `public_key_id` MUST be an RFC3986 conformant URI.
// * When possible, the `public_key_id` SHOULD be an immutable reference,
// such as a cryptographic digest.
//
// Examples of valid `public_key_id`s:
//
// OpenPGP V4 public key fingerprint:
// * "openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA"
// See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more
// details on this scheme.
//
// RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER
// serialization):
// * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU"
// * "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5"
PublicKeyId string `protobuf:"bytes,2,opt,name=public_key_id,json=publicKeyId,proto3" json:"public_key_id,omitempty"`
// contains filtered or unexported fields
}
Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy). Typically this means that the verifier has been configured with a map from `public_key_id` to public key material (and any required parameters, e.g. signing algorithm).
In particular, verification implementations MUST NOT treat the signature `public_key_id` as anything more than a key lookup hint. The `public_key_id` DOES NOT validate or authenticate a public key; it only provides a mechanism for quickly selecting a public key ALREADY CONFIGURED on the verifier through a trusted channel. Verification implementations MUST reject signatures in any of the following circumstances:
- The `public_key_id` is not recognized by the verifier.
- The public key that `public_key_id` refers to does not verify the signature with respect to the payload.
The `signature` contents SHOULD NOT be "attached" (where the payload is included with the serialized `signature` bytes). Verifiers MUST ignore any "attached" payload and only verify signatures with respect to explicitly provided payload (e.g. a `payload` field on the proto message that holds this Signature, or the canonical serialization of the proto message that holds this signature).
func (*Signature) Descriptor
deprecated
func (*Signature) GetPublicKeyId ¶
func (*Signature) GetSignature ¶
func (*Signature) ProtoMessage ¶
func (*Signature) ProtoMessage()
func (*Signature) ProtoReflect ¶
func (x *Signature) ProtoReflect() protoreflect.Message
Source Files