Documentation
¶
Index ¶
- Constants
- func DSSEMediaType(predicateType string) (string, error)
- func ToVSAResourceURI(sub intoto.Subject) (string, error)
- func ValidPayloadType(payloadType string) bool
- func VerifyDSSE(ctx context.Context, env *Envelope, opts *VerifyOptions) ([]byte, error)
- type AttestationImage
- type AttestationLayer
- type AttestationManifest
- type DockerDsseExtension
- type DockerTlExtension
- type Envelope
- type Extension
- type KeyMetadata
- type Keys
- type KeysMap
- type Signature
- type SignedAttestationImage
- type SigningOptions
- type VSAInputAttestation
- type VSAPolicy
- type VSAPredicate
- type VSAVerifier
- type VerifyOptions
Constants ¶
View Source
const ( DockerReferenceType = "vnd.docker.reference.type" AttestationManifestType = "attestation-manifest" DockerReferenceDigest = "vnd.docker.reference.digest" DockerDsseExtKind = "application/vnd.docker.attestation-verification.v1+json" RekorTlExtKind = "Rekor" OCIDescriptorDSSEMediaType = ociv1.MediaTypeDescriptor + "+dsse" )
View Source
const (
VSAPredicateType = "https://slsa.dev/verification_summary/v1"
)
Variables ¶
This section is empty.
Functions ¶
func DSSEMediaType ¶ added in v0.1.3
func ValidPayloadType ¶
func VerifyDSSE ¶
Types ¶
type AttestationImage ¶ added in v0.1.3
type AttestationImage struct {
Layers []AttestationLayer
Image v1.Image
}
type AttestationLayer ¶ added in v0.1.3
type AttestationLayer struct {
Statement *intoto.Statement
Layer v1.Layer
MediaType types.MediaType
Annotations map[string]string
}
func GetAttestationsFromImage ¶ added in v0.1.3
func GetAttestationsFromImage(image v1.Image) ([]AttestationLayer, error)
GetAttestationsFromImage extracts all attestation layers from an image
type AttestationManifest ¶ added in v0.1.3
type AttestationManifest struct {
Descriptor v1.Descriptor
Attestation AttestationImage
MediaType types.MediaType
Annotations map[string]string
Digest v1.Hash
SubjectDescriptor *v1.Descriptor
}
func GetAttestationManifestsFromIndex ¶ added in v0.1.3
func GetAttestationManifestsFromIndex(index v1.ImageIndex) ([]AttestationManifest, error)
GetAttestationManifestsFromIndex extracts all attestation manifests from an index
type DockerDsseExtension ¶
type DockerDsseExtension struct {
Tl DockerTlExtension `json:"tl"`
}
type DockerTlExtension ¶
type Envelope ¶
type Envelope struct {
PayloadType string `json:"payloadType"`
Payload string `json:"payload"`
Signatures []Signature `json:"signatures"`
}
the following types are needed until https://github.com/secure-systems-lab/dsse/pull/61 is merged
func SignDSSE ¶
func SignDSSE(ctx context.Context, payload []byte, signer dsse.SignerVerifier, opts *SigningOptions) (*Envelope, error)
SignDSSE signs a payload with a given signer and uploads the signature to the transparency log
type Extension ¶
type Extension struct {
Kind string `json:"kind"`
Ext DockerDsseExtension `json:"ext"`
}
type KeyMetadata ¶
type Keys ¶
type Keys []KeyMetadata
type KeysMap ¶
type KeysMap map[string]KeyMetadata
type SignedAttestationImage ¶ added in v0.1.5
type SignedAttestationImage struct {
Image v1.Image
Descriptor *v1.Descriptor
AttestationManifest AttestationManifest
}
type SigningOptions ¶ added in v0.1.5
type VSAInputAttestation ¶ added in v0.1.3
type VSAPredicate ¶ added in v0.1.3
type VSAPredicate struct {
Verifier VSAVerifier `json:"verifier"`
TimeVerified string `json:"timeVerified"`
ResourceUri string `json:"resourceUri"`
Policy VSAPolicy `json:"policy"`
InputAttestations []VSAInputAttestation `json:"inputAttestations"`
VerificationResult string `json:"verificationResult"`
VerifiedLevels []string `json:"verifiedLevels"`
}
type VSAVerifier ¶ added in v0.1.3
type VSAVerifier struct {
ID string `json:"id"`
}
type VerifyOptions ¶ added in v0.1.5
type VerifyOptions struct {
Keys []KeyMetadata `json:"keys"`
SkipTL bool `json:"skip_tl"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.