Skip to content

Commit

Permalink
SBOM and Omnitrail Attestor (#464)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jkjell
jkjell authored Jun 13, 2024
1 parent 460f040 commit c1352bd
Show file tree
Hide file tree
Showing 16 changed files with 551 additions and 122 deletions.
1 change: 0 additions & 1 deletion cmd/run.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,6 @@ func runRun(ctx context.Context, ro options.RunOptions, args []string, signers .
witness.RunWithAttestors(attestors),
witness.RunWithAttestationOpts(attestation.WithWorkingDir(ro.WorkingDir), attestation.WithHashes(roHashes)),
witness.RunWithTimestampers(timestampers...),
witness.RunWithSigners(signers...),
)
if err != nil {
return err
Expand Down
4 changes: 3 additions & 1 deletion docs/attestors/git.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,9 @@
"$ref": "#/$defs/Tag"
},
"type": "array"
},
"branch": {
"type": "string"
}
},
"additionalProperties": false,
Expand Down Expand Up @@ -129,4 +132,3 @@
}
}
}

3 changes: 3 additions & 0 deletions docs/attestors/git.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,9 @@ The attestor returns the SHA1 ([Secure Hash Algorithm 1](https://en.wikipedia.or
"$ref": "#/$defs/Tag"
},
"type": "array"
},
"branch": {
"type": "string"
}
},
"additionalProperties": false,
Expand Down
145 changes: 145 additions & 0 deletions docs/attestors/omnitrail.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,145 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$ref": "#/$defs/Attestor",
"$defs": {
"Attestor": {
"properties": {
"Envelope": {
"$ref": "#/$defs/Envelope"
}
},
"additionalProperties": false,
"type": "object",
"required": [
"Envelope"
]
},
"Element": {
"properties": {
"type": {
"type": "string"
},
"sha1": {
"type": "string"
},
"sha256": {
"type": "string"
},
"gitoid:sha1": {
"type": "string"
},
"gitoid:sha256": {
"type": "string"
},
"posix": {
"$ref": "#/$defs/Posix"
}
},
"additionalProperties": false,
"type": "object",
"required": [
"type"
]
},
"Envelope": {
"properties": {
"header": {
"$ref": "#/$defs/Header"
},
"mapping": {
"additionalProperties": {
"$ref": "#/$defs/Element"
},
"type": "object"
}
},
"additionalProperties": false,
"type": "object",
"required": [
"header",
"mapping"
]
},
"Feature": {
"properties": {
"algorithms": {
"items": {
"type": "string"
},
"type": "array"
}
},
"additionalProperties": false,
"type": "object"
},
"Header": {
"properties": {
"features": {
"additionalProperties": {
"$ref": "#/$defs/Feature"
},
"type": "object"
}
},
"additionalProperties": false,
"type": "object",
"required": [
"features"
]
},
"Posix": {
"properties": {
"atime": {
"type": "string"
},
"ctime": {
"type": "string"
},
"creation_time": {
"type": "string"
},
"extended_attributes": {
"type": "string"
},
"file_device_id": {
"type": "string"
},
"file_flags": {
"type": "string"
},
"file_inode": {
"type": "string"
},
"file_system_id": {
"type": "string"
},
"file_type": {
"type": "string"
},
"hard_link_count": {
"type": "string"
},
"mtime": {
"type": "string"
},
"metadata_ctime": {
"type": "string"
},
"owner_gid": {
"type": "string"
},
"owner_uid": {
"type": "string"
},
"permissions": {
"type": "string"
},
"size": {
"type": "string"
}
},
"additionalProperties": false,
"type": "object"
}
}
}
148 changes: 148 additions & 0 deletions docs/attestors/omnitrail.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,148 @@
## Schema
```json
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$ref": "#/$defs/Attestor",
"$defs": {
"Attestor": {
"properties": {
"Envelope": {
"$ref": "#/$defs/Envelope"
}
},
"additionalProperties": false,
"type": "object",
"required": [
"Envelope"
]
},
"Element": {
"properties": {
"type": {
"type": "string"
},
"sha1": {
"type": "string"
},
"sha256": {
"type": "string"
},
"gitoid:sha1": {
"type": "string"
},
"gitoid:sha256": {
"type": "string"
},
"posix": {
"$ref": "#/$defs/Posix"
}
},
"additionalProperties": false,
"type": "object",
"required": [
"type"
]
},
"Envelope": {
"properties": {
"header": {
"$ref": "#/$defs/Header"
},
"mapping": {
"additionalProperties": {
"$ref": "#/$defs/Element"
},
"type": "object"
}
},
"additionalProperties": false,
"type": "object",
"required": [
"header",
"mapping"
]
},
"Feature": {
"properties": {
"algorithms": {
"items": {
"type": "string"
},
"type": "array"
}
},
"additionalProperties": false,
"type": "object"
},
"Header": {
"properties": {
"features": {
"additionalProperties": {
"$ref": "#/$defs/Feature"
},
"type": "object"
}
},
"additionalProperties": false,
"type": "object",
"required": [
"features"
]
},
"Posix": {
"properties": {
"atime": {
"type": "string"
},
"ctime": {
"type": "string"
},
"creation_time": {
"type": "string"
},
"extended_attributes": {
"type": "string"
},
"file_device_id": {
"type": "string"
},
"file_flags": {
"type": "string"
},
"file_inode": {
"type": "string"
},
"file_system_id": {
"type": "string"
},
"file_type": {
"type": "string"
},
"hard_link_count": {
"type": "string"
},
"mtime": {
"type": "string"
},
"metadata_ctime": {
"type": "string"
},
"owner_gid": {
"type": "string"
},
"owner_uid": {
"type": "string"
},
"permissions": {
"type": "string"
},
"size": {
"type": "string"
}
},
"additionalProperties": false,
"type": "object"
}
}
}
```
17 changes: 17 additions & 0 deletions docs/attestors/sbom.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://github.com/in-toto/go-witness/attestation/sbom/sbom-attestor",
"$ref": "#/$defs/SBOMAttestor",
"$defs": {
"SBOMAttestor": {
"properties": {
"SBOMDocument": true
},
"additionalProperties": false,
"type": "object",
"required": [
"SBOMDocument"
]
}
}
}
24 changes: 24 additions & 0 deletions docs/attestors/sbom.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# SBOM Attestor

The SBOM attestor records the contents of any [products](./product.md) that are valid [CycloneDX](https://cyclonedx.org/specification/overview/) or [SPDX](https://spdx.dev/learn/overview/) json files. The SBOM file is parsed and the contents are recorded in the attestation.

## Schema
```json
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://github.com/in-toto/go-witness/attestation/sbom/sbom-attestor",
"$ref": "#/$defs/SBOMAttestor",
"$defs": {
"SBOMAttestor": {
"properties": {
"SBOMDocument": true
},
"additionalProperties": false,
"type": "object",
"required": [
"SBOMDocument"
]
}
}
}
```
1 change: 1 addition & 0 deletions docs/commands.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ witness run [cmd] [flags]
--attestor-maven-pom-path string The path to the Project Object Model (POM) XML file used for task being attested (default "pom.xml"). (default "pom.xml")
--attestor-product-exclude-glob string Pattern to use when recording products. Files that match this pattern will be excluded as subjects on the attestation.
--attestor-product-include-glob string Pattern to use when recording products. Files that match this pattern will be included as subjects on the attestation. (default "*")
--attestor-sbom-export Export the SBOM predicate in its own attestation
--attestor-slsa-export Export the SLSA provenance predicate in its own attestation
--enable-archivista Use Archivista to store or retrieve attestations
--hashes strings Hashes selected for digest calculation. Defaults to SHA256 (default [sha256])
Expand Down
Loading

0 comments on commit c1352bd

Please sign in to comment.