github.com/in-toto/in-toto-golang@v0.9.1-0.20240517212500-990269f763cf/in_toto/attestations.go (about) 1 package in_toto 2 3 import ( 4 ita1 "github.com/in-toto/attestation/go/v1" 5 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/common" 6 slsa01 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.1" 7 slsa02 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2" 8 slsa1 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v1" 9 ) 10 11 const ( 12 // StatementInTotoV01 is the statement type for the generalized link format 13 // containing statements. This is constant for all predicate types. 14 StatementInTotoV01 = "https://in-toto.io/Statement/v0.1" 15 16 // StatementInTotoV1 is the type URI for ITE-6 v1 Statements. 17 // This is constant for all predicate types. 18 StatementInTotoV1 = ita1.StatementTypeUri 19 20 // PredicateSPDX represents a SBOM using the SPDX standard. 21 // The SPDX mandates 'spdxVersion' field, so predicate type can omit 22 // version. 23 PredicateSPDX = "https://spdx.dev/Document" 24 // PredicateCycloneDX represents a CycloneDX SBOM 25 PredicateCycloneDX = "https://cyclonedx.org/bom" 26 // PredicateLinkV1 represents an in-toto 0.9 link. 27 PredicateLinkV1 = "https://in-toto.io/Link/v1" 28 ) 29 30 // Subject describes the set of software artifacts the statement applies to. 31 // 32 // Deprecated: This implementation of Subject exists for historical 33 // compatibility and should not be used. This implementation has been 34 // superseded by a ResourceDescriptor struct generated from the Protobuf 35 // definition in 36 // https://github.com/in-toto/attestation/tree/main/protos/in_toto_attestation/v1. 37 // To generate an ITE-6 v1 Statement subject, use the ResourceDescriptor Go 38 // APIs provided in https://github.com/in-toto/attestation/tree/main/go/v1. 39 type Subject struct { 40 Name string `json:"name"` 41 Digest common.DigestSet `json:"digest"` 42 } 43 44 // StatementHeader defines the common fields for all statements 45 // 46 // Deprecated: This implementation of StatementHeader exists for historical 47 // compatibility and should not be used. This implementation has been 48 // superseded by the Statement struct generated from the Protobuf 49 // definition in 50 // https://github.com/in-toto/attestation/tree/main/protos/in_toto_attestation/v1. 51 // To generate an ITE-6 v1 Statement, use the Go APIs provided in 52 // https://github.com/in-toto/attestation/tree/main/go/v1. 53 type StatementHeader struct { 54 Type string `json:"_type"` 55 PredicateType string `json:"predicateType"` 56 Subject []Subject `json:"subject"` 57 } 58 59 /* 60 Statement binds the attestation to a particular subject and identifies the 61 of the predicate. This struct represents a generic statement. 62 */ 63 // Deprecated: This implementation of Statement exists for historical 64 // compatibility and should not be used. This implementation has been 65 // superseded by the Statement struct generated from the Protobuf 66 // definition in 67 // https://github.com/in-toto/attestation/tree/main/protos/in_toto_attestation/v1. 68 // To generate an ITE-6 v1 Statement, use the Go APIs provided in 69 // https://github.com/in-toto/attestation/tree/main/go/v1. 70 type Statement struct { 71 StatementHeader 72 // Predicate contains type speficic metadata. 73 Predicate interface{} `json:"predicate"` 74 } 75 76 // ProvenanceStatementSLSA01 is the definition for an entire provenance statement with SLSA 0.1 predicate. 77 type ProvenanceStatementSLSA01 struct { 78 StatementHeader 79 Predicate slsa01.ProvenancePredicate `json:"predicate"` 80 } 81 82 // ProvenanceStatementSLSA02 is the definition for an entire provenance statement with SLSA 0.2 predicate. 83 type ProvenanceStatementSLSA02 struct { 84 StatementHeader 85 Predicate slsa02.ProvenancePredicate `json:"predicate"` 86 } 87 88 // ProvenanceStatementSLSA1 is the definition for an entire provenance statement with SLSA 1.0 predicate. 89 // 90 // Deprecated: ProvenanceStatementSLSA1 exists for historical 91 // compatibility and should not be used. To generate an ITE-6 v1 Statement 92 // with an ITE-9 Provenance v1 predicate, use the Go APIs provided in 93 // https://github.com/in-toto/attestation/tree/main/go. 94 type ProvenanceStatementSLSA1 struct { 95 StatementHeader 96 Predicate slsa1.ProvenancePredicate `json:"predicate"` 97 } 98 99 // ProvenanceStatement is the definition for an entire provenance statement with SLSA 0.2 predicate. 100 // Deprecated: Only version-specific provenance structs will be maintained (ProvenanceStatementSLSA01, ProvenanceStatementSLSA02). 101 type ProvenanceStatement struct { 102 StatementHeader 103 Predicate slsa02.ProvenancePredicate `json:"predicate"` 104 } 105 106 // LinkStatement is the definition for an entire link statement. 107 type LinkStatement struct { 108 StatementHeader 109 Predicate Link `json:"predicate"` 110 } 111 112 /* 113 SPDXStatement is the definition for an entire SPDX statement. 114 This is currently not implemented. Some tooling exists here: 115 https://github.com/spdx/tools-golang, but this software is still in 116 early state. 117 This struct is the same as the generic Statement struct but is added for 118 completeness 119 */ 120 type SPDXStatement struct { 121 StatementHeader 122 Predicate interface{} `json:"predicate"` 123 } 124 125 /* 126 CycloneDXStatement defines a cyclonedx sbom in the predicate. It is not 127 currently serialized just as its SPDX counterpart. It is an empty 128 interface, like the generic Statement. 129 */ 130 type CycloneDXStatement struct { 131 StatementHeader 132 Predicate interface{} `json:"predicate"` 133 }