Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var AssertBuiltWithLeeway = &Assertion{ Name: "built-with-leeway", Description: "ensures all bundle entries have been built with leeway", Run: func(stmt *provenance.Statement) []Violation { pred := stmt.Predicate if strings.HasPrefix(pred.Builder.ID, leeway.ProvenanceBuilderID) { return nil } return []Violation{ {Desc: "was not built using leeway"}, } }, }
View Source
var AssertGitMaterialOnly = &Assertion{ Name: "git-material-only", Description: "ensures all subjects were built from Git material only", Run: func(stmt *provenance.Statement) []Violation { pred := stmt.Predicate for _, m := range pred.Materials { if strings.HasPrefix(m.URI, "git+") || strings.HasPrefix(m.URI, "git://") { continue } return []Violation{{ Desc: "contains non-Git material, e.g. " + m.URI, }} } return nil }, }
Functions ¶
func DecodeBundle ¶ added in v0.2.13
DecodeBundle returns a function which attempts to decode an attestation bundle from the reader and calls the handler for every envelope found in the bundle. If decoding fails, or the handler returns an error, decoding stops and the error is returned.
Types ¶
type Assertion ¶
type Assertion struct {
Name string
Description string
Run func(stmt *provenance.Statement) []Violation
RunBundle func(bundle *provenance.Envelope) []Violation
}
func AssertSignedWith ¶
type Assertions ¶
type Assertions []*Assertion
func (Assertions) AssertBundle ¶ added in v0.9.3
func (a Assertions) AssertBundle(bundle *provenance.Envelope) (failed []Violation)
func (Assertions) AssertStatement ¶
func (a Assertions) AssertStatement(stmt *provenance.Statement) (failed []Violation)
Source Files
Click to show internal directories.
Click to hide internal directories.