Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

intoto: add index on materials digest of slsa provenance #793

Merged
merged 3 commits into from Apr 29, 2022
Merged

intoto: add index on materials digest of slsa provenance #793

merged 3 commits into from Apr 29, 2022

Conversation

asraa
Copy link
Contributor

@asraa asraa commented Apr 26, 2022

Signed-off-by: Asra Ali asraa@google.com

Summary

Fixes #792

Adds a key to index based on the materials of a SLSA provenance

cc @tiziano88

Ticket Link

Fixes

Release Note

@asraa
add rekor index on materials
a675a5b 
Signed-off-by: Asra Ali <asraa@google.com>
@asraa asraa requested a review from bobcallaway as a code owner April 26, 2022 17:38
tiziano88
tiziano88 previously approved these changes Apr 26, 2022
View reviewed changes
Copy link
Contributor

@tiziano88 tiziano88 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

awesome, thanks Asra!

pkg/types/intoto/v0.0.1/entry.go Outdated
@@ -92,6 +92,14 @@ func (v V001Entry) IndexKeys() ([]string, error) {
result = append(result, alg+":"+ds)
}
}
predicate, err := parseSlsaPredicate(v.env.Payload)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps add a comment that not all in-toto statements contain SLSA predicates, and provide some supporting links if there are?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done! i figure we can extend this to something like "getPredicateMaterials" in case the SPDX or other predicates also include materials with digest sets.

pkg/types/intoto/v0.0.1/entry_test.go Outdated Show resolved Hide resolved
@asraa
update
47035c0 
Signed-off-by: Asra Ali <asraa@google.com>
@asraa
update
864c3d3 
Signed-off-by: Asra Ali <asraa@google.com>
@dlorenc dlorenc merged commit f91c8d5 into sigstore:main Apr 29, 2022
@github-actions github-actions bot added this to the v1.0.0 milestone Apr 29, 2022
@asraa asraa mentioned this pull request Sep 9, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bobcallaway bobcallaway bobcallaway left review comments

@dlorenc dlorenc dlorenc approved these changes

@tiziano88 tiziano88 tiziano88 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.0.0
Development

Successfully merging this pull request may close these issues.

Index materials of SLSA provenance statements
4 participants
@asraa @tiziano88 @dlorenc @bobcallaway