vsa

package
v0.7.98 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 25, 2025 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NoopUploader 

func NoopUploader(ctx context.Context, att oci.Signature, location string) (string, error)

func OCIUploader 

func OCIUploader(ctx context.Context, att oci.Signature, location string) (string, error)

Built-in uploaders

func RekorUploader 

func RekorUploader(ctx context.Context, att oci.Signature, location string) (string, error)

Types

type AttestationSigner 

type AttestationSigner func(ctx context.Context, signer signature.SignerVerifier, ref name.Reference, att oci.Signature, opts *cosign.CheckOpts) (name.Digest, error)

type AttestationUploader 

type AttestationUploader func(ctx context.Context, att oci.Signature, location string) (string, error)

AttestationUploader is a function that uploads an attestation and returns a result string or error This allows pluggable upload logic (OCI, Rekor, None, or custom)

type Generator 

type Generator struct{}

Generator handles VSA predicate generation

func NewGenerator 

func NewGenerator() *Generator

NewGenerator creates a new VSA predicate generator

func (*Generator) GeneratePredicate 

func (g *Generator) GeneratePredicate(ctx context.Context, report applicationsnapshot.Report, comp applicationsnapshot.Component) (*Predicate, error)

GeneratePredicate creates a Predicate for a validated image/component.

type Predicate 

type Predicate struct {
	ImageRef         string                 `json:"imageRef"`
	ValidationResult string                 `json:"validationResult"`
	Timestamp        string                 `json:"timestamp"`
	Verifier         string                 `json:"verifier"`
	PolicySource     string                 `json:"policySource"`
	Component        map[string]interface{} `json:"component"`
	RuleResults      []evaluator.Result     `json:"ruleResults"`
}

Predicate represents a Verification Summary Attestation (VSA) predicate.

type PrivateKeyLoader 

type PrivateKeyLoader func(key []byte, pass []byte) (signature.SignerVerifier, error)

type Signer 

type Signer struct {
	FS        afero.Fs          // for reading the VSA file
	KeyLoader PrivateKeyLoader  // injected loader
	SignFunc  AttestationSigner // injected cosign API
}

func NewSigner 

func NewSigner(fs afero.Fs, loader PrivateKeyLoader, signer AttestationSigner) *Signer

func (*Signer) Sign 

func (s *Signer) Sign(ctx context.Context, vsaPath, keyPath, imageRef string) (oci.Signature, error)

Sign reads the file, loads the key, and returns the signature.

type Writer 

type Writer struct {
	FS            afero.Fs    // defaults to the package-level FS or afero.NewOsFs()
	TempDirPrefix string      // defaults to "vsa-"
	FilePerm      os.FileMode // defaults to 0600
}

Writer handles VSA file writing

func NewWriter 

func NewWriter() *Writer

NewWriter creates a new VSA file writer

func (*Writer) WriteVSA 

func (w *Writer) WriteVSA(predicate *Predicate) (string, error)

WriteVSA writes the Predicate as a JSON file to a temp directory and returns the path.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.