Skip to content

Commit

Permalink
adding schema for link, policyverify, slsa
Browse files Browse the repository at this point in the history 
Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
  • Loading branch information
@ChaosInTheCRD
ChaosInTheCRD committed May 9, 2024
1 parent 5807ce8 commit 55917ef
Show file tree
Hide file tree
Showing 6 changed files with 659 additions and 0 deletions.
88 changes: 88 additions & 0 deletions docs/attestors/link.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://github.com/in-toto/attestation/go/predicates/link/v0/link",
"$ref": "#/$defs/Link",
"$defs": {
"Link": {
"properties": {
"name": {
"type": "string"
},
"command": {
"items": {
"type": "string"
},
"type": "array"
},
"materials": {
"items": {
"$ref": "#/$defs/ResourceDescriptor"
},
"type": "array"
},
"byproducts": {
"$ref": "#/$defs/Struct"
},
"environment": {
"$ref": "#/$defs/Struct"
}
},
"additionalProperties": false,
"type": "object"
},
"ResourceDescriptor": {
"properties": {
"name": {
"type": "string"
},
"uri": {
"type": "string"
},
"digest": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"content": {
"type": "string",
"contentEncoding": "base64"
},
"download_location": {
"type": "string"
},
"media_type": {
"type": "string"
},
"annotations": {
"$ref": "#/$defs/Struct"
}
},
"additionalProperties": false,
"type": "object"
},
"Struct": {
"properties": {
"fields": {
"additionalProperties": {
"$ref": "#/$defs/Value"
},
"type": "object"
}
},
"additionalProperties": false,
"type": "object"
},
"Value": {
"properties": {
"Kind": true
},
"additionalProperties": false,
"type": "object",
"required": [
"Kind"
]
}
}
}

93 changes: 93 additions & 0 deletions docs/attestors/link.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
# Link Attestor

The Link Attestor generates an [in-toto Link attestation](https://in-toto.readthedocs.io/en/latest/in-toto-spec.html#link) for the step that it is invoked on.

## Schema
```json
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://github.com/in-toto/attestation/go/predicates/link/v0/link",
"$ref": "#/$defs/Link",
"$defs": {
"Link": {
"properties": {
"name": {
"type": "string"
},
"command": {
"items": {
"type": "string"
},
"type": "array"
},
"materials": {
"items": {
"$ref": "#/$defs/ResourceDescriptor"
},
"type": "array"
},
"byproducts": {
"$ref": "#/$defs/Struct"
},
"environment": {
"$ref": "#/$defs/Struct"
}
},
"additionalProperties": false,
"type": "object"
},
"ResourceDescriptor": {
"properties": {
"name": {
"type": "string"
},
"uri": {
"type": "string"
},
"digest": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"content": {
"type": "string",
"contentEncoding": "base64"
},
"download_location": {
"type": "string"
},
"media_type": {
"type": "string"
},
"annotations": {
"$ref": "#/$defs/Struct"
}
},
"additionalProperties": false,
"type": "object"
},
"Struct": {
"properties": {
"fields": {
"additionalProperties": {
"$ref": "#/$defs/Value"
},
"type": "object"
}
},
"additionalProperties": false,
"type": "object"
},
"Value": {
"properties": {
"Kind": true
},
"additionalProperties": false,
"type": "object",
"required": [
"Kind"
]
}
}
}```
73 changes: 73 additions & 0 deletions docs/attestors/policyverify.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$ref": "#/$defs/Attestor",
"$defs": {
"Attestor": {
"properties": {
"verifier": {
"$ref": "#/$defs/Verifier"
},
"timeVerified": {
"type": "string",
"format": "date-time"
},
"policy": {
"$ref": "#/$defs/ResourceDescriptor"
},
"inputAttestations": {
"items": {
"$ref": "#/$defs/ResourceDescriptor"
},
"type": "array"
},
"verificationResult": {
"type": "string"
}
},
"additionalProperties": false,
"type": "object",
"required": [
"verifier",
"timeVerified",
"policy",
"inputAttestations",
"verificationResult"
]
},
"DigestSet": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"ResourceDescriptor": {
"properties": {
"uri": {
"type": "string"
},
"digest": {
"$ref": "#/$defs/DigestSet"
}
},
"additionalProperties": false,
"type": "object",
"required": [
"uri",
"digest"
]
},
"Verifier": {
"properties": {
"id": {
"type": "string"
}
},
"additionalProperties": false,
"type": "object",
"required": [
"id"
]
}
}
}

80 changes: 80 additions & 0 deletions docs/attestors/policyverify.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
# Policy Verify (Verification Summary) Attestor

The Policy Verify Attestor generates a [verification summary attestation](https://slsa.dev/spec/v1.0/verification_summary) for `witness verify` invocations, providing information about the verification that took place.

**NOTE:** This attestor cannot be used during `witness run` (e.g., `witness run --attestors policyverify`).

## Schema
```json
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$ref": "#/$defs/Attestor",
"$defs": {
"Attestor": {
"properties": {
"verifier": {
"$ref": "#/$defs/Verifier"
},
"timeVerified": {
"type": "string",
"format": "date-time"
},
"policy": {
"$ref": "#/$defs/ResourceDescriptor"
},
"inputAttestations": {
"items": {
"$ref": "#/$defs/ResourceDescriptor"
},
"type": "array"
},
"verificationResult": {
"type": "string"
}
},
"additionalProperties": false,
"type": "object",
"required": [
"verifier",
"timeVerified",
"policy",
"inputAttestations",
"verificationResult"
]
},
"DigestSet": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"ResourceDescriptor": {
"properties": {
"uri": {
"type": "string"
},
"digest": {
"$ref": "#/$defs/DigestSet"
}
},
"additionalProperties": false,
"type": "object",
"required": [
"uri",
"digest"
]
},
"Verifier": {
"properties": {
"id": {
"type": "string"
}
},
"additionalProperties": false,
"type": "object",
"required": [
"id"
]
}
}
}```

0 comments on commit 55917ef

Please sign in to comment.