Documentation
¶
Overview ¶
attest.go
Index ¶
- func AttestVSA(ctx context.Context, attestor PredicateAttestor, ...) (string, error)
- func GenerateAndWriteVSA(ctx context.Context, generator PredicateGenerator, writer PredicateWriter, ...) (string, error)
- func NoopUploader(ctx context.Context, att oci.Signature, location string) (string, error)
- func OCIUploader(ctx context.Context, att oci.Signature, location string) (string, error)
- func RekorUploader(ctx context.Context, att oci.Signature, location string) (string, error)
- type AttestationUploader
- type Attestor
- type Generator
- type Predicate
- type PredicateAttestor
- type PredicateGenerator
- type PredicateWriter
- type Signer
- type Writer
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AttestVSA ¶ added in v0.7.108
func AttestVSA(ctx context.Context, attestor PredicateAttestor, comp applicationsnapshot.Component) (string, error)
AttestVSA handles VSA attestation and envelope writing for a single component.
func GenerateAndWriteVSA ¶ added in v0.7.108
func GenerateAndWriteVSA(ctx context.Context, generator PredicateGenerator, writer PredicateWriter, comp applicationsnapshot.Component) (string, error)
GenerateAndWriteVSA generates a VSA predicate and writes it to a file, returning the written path.
func NoopUploader ¶
func OCIUploader ¶
Built-in uploaders
Types ¶
type AttestationUploader ¶
type AttestationUploader func(ctx context.Context, att oci.Signature, location string) (string, error)
AttestationUploader is a function that uploads an attestation and returns a result string or error This allows pluggable upload logic (OCI, Rekor, None, or custom)
type Attestor ¶ added in v0.7.108
type Attestor struct {
PredicatePath string // path to the raw VSA (predicate) JSON
PredicateType string // e.g. "https://enterprisecontract.dev/attestations/vsa/v1" // TODO: make this configurable
ImageDigest string // sha256:abcd… (as returned by `skopeo inspect --format {{.Digest}}`)
Repo string // "quay.io/acme/widget" (hostname/namespace/repo)
Signer *Signer
}
func NewAttestor ¶ added in v0.7.108
Add a constructor with sensible defaults
func (Attestor) AttestPredicate ¶ added in v0.7.108
AttestPredicate builds an in‑toto Statement around the predicate and returns the fully‑signed **DSSE envelope** (identical to cosign's --no-upload output). Nothing is pushed to a registry or the TLog.
type Generator ¶
type Generator struct {
Report applicationsnapshot.Report
}
Generator handles VSA predicate generation
func NewGenerator ¶
func NewGenerator(report applicationsnapshot.Report) *Generator
NewGenerator creates a new VSA predicate generator
func (*Generator) GeneratePredicate ¶
func (g *Generator) GeneratePredicate(ctx context.Context, comp applicationsnapshot.Component) (*Predicate, error)
GeneratePredicate creates a Predicate for a validated image/component.
type Predicate ¶
type Predicate struct {
ImageRef string `json:"imageRef"`
ValidationResult string `json:"validationResult"`
Timestamp string `json:"timestamp"`
Verifier string `json:"verifier"`
PolicySource string `json:"policySource"`
Component map[string]interface{} `json:"component"`
RuleResults []evaluator.Result `json:"ruleResults"`
}
Predicate represents a Verification Summary Attestation (VSA) predicate.
type PredicateAttestor ¶ added in v0.7.108
type PredicateAttestor interface {
AttestPredicate(ctx context.Context) ([]byte, error)
WriteEnvelope(data []byte) (string, error)
}
PredicateAttestor interface for attesting VSA predicates and writing envelopes
type PredicateGenerator ¶ added in v0.7.108
type PredicateGenerator interface {
GeneratePredicate(ctx context.Context, comp applicationsnapshot.Component) (*Predicate, error)
}
PredicateGenerator interface for generating VSA predicates
type PredicateWriter ¶ added in v0.7.108
PredicateWriter interface for writing VSA predicates to files
Source Files