slsa-framework · MarkLodato · Jan 20, 2023 · Oct 20, 2022 · Oct 21, 2022 · Oct 21, 2022
diff --git a/docs/_data/versions.yml b/docs/_data/versions.yml
@@ -29,6 +29,9 @@ provenance:
       name: Version 0.1
     v0.2:
       name: Version 0.2
+    v1.0:
+      name: Version 1.0 (DRAFT)
+      draft: true
   current: v0.2
 
 verification_summary:

diff --git a/docs/provenance/v1.0.cue b/docs/provenance/v1.0.cue
@@ -0,0 +1,51 @@
+{
+    // Standard attestation fields:
+    "_type": "https://in-toto.io/Statement/v0.1",
+    "subject": [...],
+
+    // Predicate:
+    "predicateType": "https://slsa.dev/provenance/v1.0?draft",
+    "predicate": {
+        "buildDefinition": {
+            "topLevelInputs": {
+                "buildType": string,
+                "inputArtifacts": {
+                    [string]: #ArtifactReference
+                },
+                "entryPoint": string,
+                "parameters": {...}
+            },
+            "buildDependencies": {
+                "resolvedDependencies": [...#ArtifactReference],
+                "environment": {...}
+            }
+        },
+        "runDetails": {
+            "builder": {
+                "id": string,
+                "version": string,
+                "builderDependencies": [...#ArtifactReference]
+            },
+            "metadata": {
+                "invocationId": string,
+                "startedOn": string,  // timestamp
+                "finishedOn": string  // timestamp
+            },
+            "byproducts": [...#ArtifactReference]
+        }
+    }
+}
+
+#ArtifactReference: {
+    "uri": string,
+    "digest": {
+        "sha256": string,
+        "sha512": string,
+        "sha1": string,
+        // TODO: list the other standard algorithms
+        [string]: string
+    },
+    "localName": string,
+    "downloadLocation": string,
+    "mediaType": string
+}