You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Chainloop allows to add materials to a contract that are not part of the specification. On the summary of the attestation those are mixed with the materials that actually belong to the contract, example:
$ chainloop --insecure attestation push --key cosign.key
WRN API contacted in insecure mode
Enter password for private key:
INF push completed
┌───────────────────┬──────────────────────────────────────┐
│ Initialized At │ 22 May 24 13:38 UTC │
├───────────────────┼──────────────────────────────────────┤
│ Attestation ID │ 583553ef-d051-4c41-aec4-a4cdd725bf89 │
│ Name │ wf-test │
│ Team │ founding │
│ Project │ core │
│ Contract Revision │ 3 │
└───────────────────┴──────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────────────────────────┐
│ Materials │
├───────────┬─────────────────────────────────────────────────────────────────────────┤
│ Name │ one-file │
│ Type │ ARTIFACT │
│ Set │ Yes │
│ Required │ Yes │
│ Is output │ Yes │
│ Value │ go.mod │
│ Digest │ sha256:29773f085c46a33efcb6cdb185f6ec30ce1c4ca708b860708cd055b70488ef4d │
├───────────┼─────────────────────────────────────────────────────────────────────────┤
│ Name │ other-file │
│ Type │ EVIDENCE │
│ Set │ Yes │
│ Required │ Yes │
│ Is output │ Yes │
│ Value │ LICENSE.md │
│ Digest │ sha256:c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4 │
├───────────┼─────────────────────────────────────────────────────────────────────────┤
│ Name │ material-1716385111238449000 │
│ Type │ SBOM_CYCLONEDX_JSON │
│ Set │ Yes │
│ Required │ No │
│ Value │ controlplane.cyclonedx.json │
│ Digest │ sha256:a6bc29d7a2d8d9f6df12a86ee4c86c58189d77bb6ded9487330c39f46ee00d9a │
└───────────┴─────────────────────────────────────────────────────────────────────────┘
Attestation Digest: sha256:8a0b3a9db0372fdf571dbe85c8a9b5202f473ca97e9dbcdf77c3f9b423ea3b9c
As you can see the material with name material-1716385111238449000 is mixed with the other two.
The goal of the task is to research if we want such materials to be shown along with the contract's materials and additionally if those materials needs to be shown differently on the Platform UI by establishing for example special annotations.
The text was updated successfully, but these errors were encountered:
Chainloop allows to add materials to a contract that are not part of the specification. On the summary of the attestation those are mixed with the materials that actually belong to the contract, example:
As you can see the material with name
material-1716385111238449000
is mixed with the other two.The goal of the task is to research if we want such materials to be shown along with the contract's materials and additionally if those materials needs to be shown differently on the Platform UI by establishing for example special annotations.
The text was updated successfully, but these errors were encountered: