attestation

package
v0.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 25, 2024 License: Apache-2.0 Imports: 2 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	PredicateClearlyDefined = "https://in-toto.io/attestation/clearlydefined/v0.1"
)

PredicateVuln This is a new predicate type for vulnerabilities based off https://github.com/sigstore/cosign/blob/main/specs/COSIGN_VULN_ATTESTATION_SPEC.md. This is used by the certifier to attest to vulnerabilities in an artifact. Currently, the predicate is defined here but the intention is to upstream this to https://github.com/in-toto/attestation in the near future once the quirks are worked out.

View Source 
const (
	PredicateVuln = "https://in-toto.io/attestation/vuln/v0.1"
)

PredicateVuln This is a new predicate type for vulnerabilities based off https://github.com/sigstore/cosign/blob/main/specs/COSIGN_VULN_ATTESTATION_SPEC.md. This is used by the certifier to attest to vulnerabilities in an artifact. Currently, the predicate is defined here but the intention is to upstream this to https://github.com/in-toto/attestation in the near future once the quirks are worked out.

Variables

This section is empty.

Functions

This section is empty.

Types

type ClearlyDefinedPredicate added in v0.8.0 

type ClearlyDefinedPredicate struct {
	Definition Definition `json:"definition,omitempty"`
	Metadata   Metadata   `json:"metadata,omitempty"`
}

ClearlyDefinedPredicate defines predicate definition of the license attestation

type ClearlyDefinedStatement added in v0.8.0 

type ClearlyDefinedStatement struct {
	attestationv1.Statement
	// Predicate contains type specific metadata.
	Predicate ClearlyDefinedPredicate `json:"predicate"`
}

ClearlyDefinedStatement defines the statement header and the license predicate

type DB 

type DB struct {
	Uri     string `json:"uri,omitempty"`
	Version string `json:"version,omitempty"`
}

DB defines the scanner database used at the time of scan

type Definition added in v0.8.0 

type Definition struct {
	Described struct {
		ReleaseDate    string `json:"releaseDate"`
		SourceLocation *struct {
			Type      string `json:"type"`
			Provider  string `json:"provider"`
			Namespace string `json:"namespace"`
			Name      string `json:"name"`
			Revision  string `json:"revision"`
			URL       string `json:"url"`
		} `json:"sourceLocation,omitempty"`
		Urls struct {
			Registry string `json:"registry"`
			Version  string `json:"version"`
			Download string `json:"download"`
		} `json:"urls"`
		Hashes struct {
			Sha1   string `json:"sha1"`
			Sha256 string `json:"sha256"`
		} `json:"hashes"`
		Files     int      `json:"files"`
		Tools     []string `json:"tools"`
		ToolScore struct {
			Total  int `json:"total"`
			Date   int `json:"date"`
			Source int `json:"source"`
		} `json:"toolScore"`
		Score struct {
			Total  int `json:"total"`
			Date   int `json:"date"`
			Source int `json:"source"`
		} `json:"score"`
	} `json:"described"`
	Files []struct {
		Path    string   `json:"path"`
		License string   `json:"license,omitempty"`
		Natures []string `json:"natures,omitempty"`
		Hashes  struct {
			Sha1   string `json:"sha1"`
			Sha256 string `json:"sha256"`
		} `json:"hashes"`
		Token        string   `json:"token,omitempty"`
		Attributions []string `json:"attributions,omitempty"`
	} `json:"files"`
	Licensed struct {
		Declared  string `json:"declared"`
		ToolScore struct {
			Total       int `json:"total"`
			Declared    int `json:"declared"`
			Discovered  int `json:"discovered"`
			Consistency int `json:"consistency"`
			Spdx        int `json:"spdx"`
			Texts       int `json:"texts"`
		} `json:"toolScore"`
		Facets struct {
			Core struct {
				Attribution struct {
					Unknown int      `json:"unknown"`
					Parties []string `json:"parties"`
				} `json:"attribution"`
				Discovered struct {
					Unknown     int      `json:"unknown"`
					Expressions []string `json:"expressions"`
				} `json:"discovered"`
				Files int `json:"files"`
			} `json:"core"`
		} `json:"facets"`
		Score struct {
			Total       int `json:"total"`
			Declared    int `json:"declared"`
			Discovered  int `json:"discovered"`
			Consistency int `json:"consistency"`
			Spdx        int `json:"spdx"`
			Texts       int `json:"texts"`
		} `json:"score"`
	} `json:"licensed"`
	Coordinates struct {
		Type      string `json:"type"`
		Provider  string `json:"provider"`
		Namespace string `json:"namespace"`
		Name      string `json:"name"`
		Revision  string `json:"revision"`
	} `json:"coordinates"`
	Meta struct {
		SchemaVersion string    `json:"schemaVersion"`
		Updated       time.Time `json:"updated"`
	} `json:"_meta"`
	Scores struct {
		Effective int `json:"effective"`
		Tool      int `json:"tool"`
	} `json:"scores"`
}

Definition represents the structure of the data returned by the API

type Invocation 

type Invocation struct {
	Parameters []string `json:"parameters,omitempty"`
	Uri        string   `json:"uri,omitempty"`
	EventID    string   `json:"event_id,omitempty"`
	ProducerID string   `json:"producer_id,omitempty"`
}

Invocation defines how the scan was initiated and by which producer

type Metadata 

type Metadata struct {
	ScannedOn *time.Time `json:"scannedOn,omitempty"`
}

Metadata defines when the last scan was done

type Result 

type Result struct {
	VulnerabilityId string   `json:"vulnerability_id,omitempty"`
	Aliases         []string `json:"aliases,omitempty"`
}

Result defines the Vulnerability ID and its alias. There can be multiple results per artifact

type Scanner 

type Scanner struct {
	Uri      string   `json:"uri,omitempty"`
	Version  string   `json:"version,omitempty"`
	Database DB       `json:"db,omitempty"`
	Result   []Result `json:"result,omitempty"`
}

Scanner defines the scanner that was used to scan the artifacts and the resulting vulnerabilities found

type VulnerabilityPredicate 

type VulnerabilityPredicate struct {
	Invocation Invocation `json:"invocation,omitempty"`
	Scanner    Scanner    `json:"scanner,omitempty"`
	Metadata   Metadata   `json:"metadata,omitempty"`
}

VulnerabilityPredicate defines predicate definition of the vulnerability attestation

type VulnerabilityStatement 

type VulnerabilityStatement struct {
	attestationv1.Statement
	// Predicate contains type specific metadata.
	Predicate VulnerabilityPredicate `json:"predicate"`
}

VulnerabilityStatement defines the statement header and the vulnerability predicate

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.