attestation

package

v0.1.3 Latest Latest Go to latest Published: Apr 30, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/docker/attest

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func DSSEMediaType(predicateType string) (string, error)
func ToVSAResourceURI(sub intoto.Subject) (string, error)
func ValidPayloadType(payloadType string) bool
func VerifyDSSE(ctx context.Context, env *Envelope, keys KeysMap) ([]byte, error)
type AttestationImage
type AttestationLayer
- func GetAttestationsFromImage(image v1.Image) ([]AttestationLayer, error)
type AttestationManifest
- func GetAttestationManifestsFromIndex(index v1.ImageIndex) ([]AttestationManifest, error)
type DockerDsseExtension
type DockerTlExtension
type Envelope
- func SignDSSE(ctx context.Context, payload []byte, payloadType string, ...) (*Envelope, error)
type Extension
type KeyMetadata
type Keys
type KeysMap
type Signature
type VSAInputAttestation
type VSAOptions
type VSAPolicy
type VSAPredicate
type VSAVerifier

Constants ¶

View Source

const (
	DockerReferenceType        = "vnd.docker.reference.type"
	AttestationManifestType    = "attestation-manifest"
	DockerDsseExtKind          = "application/vnd.docker.attestation-verification.v1+json"
	RekorTlExtKind             = "Rekor"
	OCIDescriptorDSSEMediaType = ociv1.MediaTypeDescriptor + "+dsse"
)

View Source

const (
	VSAPredicateType = "https://slsa.dev/verification_summary/v1"
)

Variables ¶

This section is empty.

Functions ¶

func DSSEMediaType ¶ added in v0.1.3

func DSSEMediaType(predicateType string) (string, error)

func ToVSAResourceURI ¶ added in v0.1.3

func ToVSAResourceURI(sub intoto.Subject) (string, error)

func ValidPayloadType ¶

func ValidPayloadType(payloadType string) bool

func VerifyDSSE ¶

func VerifyDSSE(ctx context.Context, env *Envelope, keys KeysMap) ([]byte, error)

Types ¶

type AttestationImage ¶ added in v0.1.3

type AttestationImage struct {
	Layers []AttestationLayer
	Image  v1.Image
}

type AttestationLayer ¶ added in v0.1.3

type AttestationLayer struct {
	Statement   *intoto.Statement
	Layer       v1.Layer
	MediaType   types.MediaType
	Annotations map[string]string
}

func GetAttestationsFromImage ¶ added in v0.1.3

func GetAttestationsFromImage(image v1.Image) ([]AttestationLayer, error)

GetAttestationsFromImage extracts all attestation layers from an image

type AttestationManifest ¶ added in v0.1.3

type AttestationManifest struct {
	Manifest    v1.Descriptor
	Attestation AttestationImage
	MediaType   types.MediaType
	Annotations map[string]string
	Digest      v1.Hash
}

func GetAttestationManifestsFromIndex ¶ added in v0.1.3

func GetAttestationManifestsFromIndex(index v1.ImageIndex) ([]AttestationManifest, error)

GetAttestationManifestsFromIndex extracts all attestation manifests from an index

type DockerDsseExtension ¶

type DockerDsseExtension struct {
	Tl DockerTlExtension `json:"tl"`
}

type DockerTlExtension ¶

type DockerTlExtension struct {
	Kind string `json:"kind"`
	Data any    `json:"data"`
}

type Envelope ¶

type Envelope struct {
	PayloadType string      `json:"payloadType"`
	Payload     string      `json:"payload"`
	Signatures  []Signature `json:"signatures"`
}

the following types are needed until https://github.com/secure-systems-lab/dsse/pull/61 is merged

func SignDSSE ¶

func SignDSSE(ctx context.Context, payload []byte, payloadType string, signer dsse.SignerVerifier) (*Envelope, error)

SignDSSE signs a payload with a given signer and uploads the signature to the transparency log

type Extension ¶

type Extension struct {
	Kind string              `json:"kind"`
	Ext  DockerDsseExtension `json:"ext"`
}

type KeyMetadata ¶

type KeyMetadata struct {
	ID            string     `json:"id"`
	PEM           string     `json:"key"`
	From          time.Time  `json:"from"`
	To            *time.Time `json:"to"`
	Status        string     `json:"status"`
	SigningFormat string     `json:"signing-format"`
	Distrust      bool       `json:"distrust,omitempty"`
}

type Keys ¶

type Keys []KeyMetadata

type KeysMap ¶

type KeysMap map[string]KeyMetadata

type Signature ¶

type Signature struct {
	KeyID     string    `json:"keyid"`
	Sig       string    `json:"sig"`
	Extension Extension `json:"extension"`
}

type VSAInputAttestation ¶ added in v0.1.3

type VSAInputAttestation struct {
	Digest    map[string]string `json:"digest"`
	MediaType string            `json:"mediaType"`
}

type VSAOptions ¶ added in v0.1.3

type VSAOptions struct {
	BuildLevel string
	PolicyURI  string
	VerifierID string
}

type VSAPolicy ¶ added in v0.1.3

type VSAPolicy struct {
	URI string `json:"uri"`
}

type VSAPredicate ¶ added in v0.1.3

type VSAPredicate struct {
	Verifier           VSAVerifier           `json:"verifier"`
	TimeVerified       string                `json:"timeVerified"`
	ResourceUri        string                `json:"resourceUri"`
	Policy             VSAPolicy             `json:"policy"`
	InputAttestations  []VSAInputAttestation `json:"inputAttestations"`
	VerificationResult string                `json:"verificationResult"`
	VerifiedLevels     []string              `json:"verifiedLevels"`
}

type VSAVerifier ¶ added in v0.1.3

type VSAVerifier struct {
	ID string `json:"id"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL