Skip to content

Commit

Permalink
feat(containeranalysis): update the api
Browse files Browse the repository at this point in the history 
#### containeranalysis:v1alpha1

The following keys were added:
- schemas.BuildDetails.properties.intotoStatement.$ref (Total Keys: 1)
  • Loading branch information
@yoshi-automation
yoshi-automation committed Nov 23, 2021
1 parent c4cdd10 commit a86a46e
Show file tree
Hide file tree
Showing 6 changed files with 664 additions and 12 deletions.
83 changes: 82 additions & 1 deletion docs/dyn/containeranalysis_v1alpha1.projects.notes.occurrences.html
View file
Expand Up @@ -118,7 +118,7 @@ <h3>Method Details</h3>
},
},
&quot;buildDetails&quot;: { # Message encapsulating build provenance details. # Build details for a verifiable build.
&quot;intotoProvenance&quot;: { # In-toto Provenance representation as defined in spec.
&quot;intotoProvenance&quot;: { # Deprecated. See InTotoStatement for the replacement. In-toto Provenance representation as defined in spec.
&quot;builderConfig&quot;: { # required
&quot;id&quot;: &quot;A String&quot;,
},
Expand Down Expand Up @@ -152,6 +152,87 @@ <h3>Method Details</h3>
&quot;type&quot;: &quot;A String&quot;, # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
},
},
&quot;intotoStatement&quot;: { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always &quot;application/vnd.in-toto+json&quot;. # In-toto Statement representation as defined in spec. The intoto_statement can contain any type of provenance. The serialized payload of the statement can be stored and signed in the Occurrence&#x27;s envelope.
&quot;_type&quot;: &quot;A String&quot;, # Always &quot;https://in-toto.io/Statement/v0.1&quot;.
&quot;predicateType&quot;: &quot;A String&quot;, # &quot;https://slsa.dev/provenance/v0.1&quot; for SlsaProvenance.
&quot;provenance&quot;: { # provenance is a predicate of type intotoprovenance
&quot;builderConfig&quot;: { # required
&quot;id&quot;: &quot;A String&quot;,
},
&quot;materials&quot;: [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
&quot;A String&quot;,
],
&quot;metadata&quot;: { # Other properties of the build.
&quot;buildFinishedOn&quot;: &quot;A String&quot;, # The timestamp of when the build completed.
&quot;buildInvocationId&quot;: &quot;A String&quot;, # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
&quot;buildStartedOn&quot;: &quot;A String&quot;, # The timestamp of when the build started.
&quot;completeness&quot;: { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
&quot;arguments&quot;: True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
&quot;environment&quot;: True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
&quot;materials&quot;: True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called &quot;hermetic&quot;.
},
&quot;reproducible&quot;: True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
},
&quot;recipe&quot;: { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
&quot;arguments&quot;: [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were &quot;make&quot;, then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint.
{
&quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
},
],
&quot;definedInMaterial&quot;: &quot;A String&quot;, # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were &quot;make&quot;, then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn&#x27;t come from a material, as zero is default unset value for int64.
&quot;entryPoint&quot;: &quot;A String&quot;, # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were &quot;make&quot;, then this would reference the directory in which to run make as well as which target to use.
&quot;environment&quot;: [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy.
{
&quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
},
],
&quot;type&quot;: &quot;A String&quot;, # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
},
},
&quot;slsaProvenance&quot;: { # SlsaProvenance is the slsa provenance as defined by the slsa spec. # slsa_provenance is a predicate of type slsaProvenance
&quot;builder&quot;: { # SlsaBuilder encapsulates the identity of the builder of this provenance. # builder is the builder of this provenance
&quot;id&quot;: &quot;A String&quot;, # id is the id of the slsa provenance builder
},
&quot;materials&quot;: [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
{ # Material is a material used in the generation of the provenance
&quot;digest&quot;: { # digest is a map from a hash algorithm (e.g. sha256) to the value in the material
&quot;a_key&quot;: &quot;A String&quot;,
},
&quot;uri&quot;: &quot;A String&quot;, # uri is the uri of the material
},
],
&quot;metadata&quot;: { # Other properties of the build. # metadata is the metadata of the provenance
&quot;buildFinishedOn&quot;: &quot;A String&quot;, # The timestamp of when the build completed.
&quot;buildInvocationId&quot;: &quot;A String&quot;, # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
&quot;buildStartedOn&quot;: &quot;A String&quot;, # The timestamp of when the build started.
&quot;completeness&quot;: { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
&quot;arguments&quot;: True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
&quot;environment&quot;: True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
&quot;materials&quot;: True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called &quot;hermetic&quot;.
},
&quot;reproducible&quot;: True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
},
&quot;recipe&quot;: { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible).
&quot;arguments&quot;: { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were &quot;make&quot;, then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
&quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
},
&quot;definedInMaterial&quot;: &quot;A String&quot;, # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were &quot;make&quot;, then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn&#x27;t come from a material, as zero is default unset value for int64.
&quot;entryPoint&quot;: &quot;A String&quot;, # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were &quot;make&quot;, then this would reference the directory in which to run make as well as which target to use.
&quot;environment&quot;: { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
&quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
},
&quot;type&quot;: &quot;A String&quot;, # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
},
},
&quot;subject&quot;: [ # subject is the subjects of the intoto statement
{ # Subject refers to the subject of the intoto statement
&quot;digest&quot;: { # &quot;&quot;: &quot;&quot; Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
&quot;a_key&quot;: &quot;A String&quot;,
},
&quot;name&quot;: &quot;A String&quot;, # name is the name of the Subject used here
},
],
},
&quot;provenance&quot;: { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # The actual provenance
&quot;buildOptions&quot;: { # Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
&quot;a_key&quot;: &quot;A String&quot;,
Expand Down

0 comments on commit a86a46e

Please sign in to comment.