Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var AssertBuiltWithLeeway = &Assertion{ Name: "built-with-leeway", Description: "ensures all bundle entries have been built with leeway", Run: func(stmt *provenance.Statement) []Violation { if strings.HasPrefix(stmt.Predicate.Builder.ID, leeway.ProvenanceBuilderID) { return nil } return []Violation{ {Desc: "was not built using leeway"}, } }, }
View Source
var AssertGitMaterialOnly = &Assertion{ Name: "git-material-only", Description: "ensures all subjects were built from Git material only", Run: func(stmt *provenance.Statement) []Violation { for _, m := range stmt.Predicate.Materials { if strings.HasPrefix(m.URI, "git+") || strings.HasPrefix(m.URI, "git://") { continue } return []Violation{{ Desc: "contains non-Git material, e.g. " + m.URI, }} } return nil }, }
Functions ¶
func AccessPkgAttestationBundle ¶
func AccessPkgAttestationBundle(pkgFN string, handler func(env *provenance.Envelope) error) error
AccessPkgAttestationBundle provides access to the attestation bundle entries from a cached build artifact. pkgFN is expected to point to a cached tar file.
Types ¶
type Assertion ¶
type Assertion struct {
Name string
Description string
Run func(stmt *provenance.Statement) []Violation
RunEnvelope func(env *provenance.Envelope) []Violation
}
func AssertSignedWith ¶
type Assertions ¶
type Assertions []*Assertion
func (Assertions) AssertEnvelope ¶
func (a Assertions) AssertEnvelope(env *provenance.Envelope) (failed []Violation)
func (Assertions) AssertStatement ¶
func (a Assertions) AssertStatement(stmt *provenance.Statement) (failed []Violation)
Source Files
Click to show internal directories.
Click to hide internal directories.