Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	BuildSignature_KeyType_name = map[int32]string{
		0: "KEY_TYPE_UNSPECIFIED",
		1: "PGP_ASCII_ARMORED",
		2: "PKIX_PEM",
	}
	BuildSignature_KeyType_value = map[string]int32{
		"KEY_TYPE_UNSPECIFIED": 0,
		"PGP_ASCII_ARMORED":    1,
		"PKIX_PEM":             2,
	}
)

Enum value maps for BuildSignature_KeyType.

View Source
var File_google_devtools_containeranalysis_v1beta1_build_build_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type Build

type Build struct {

	// Required. Immutable. Version of the builder which produced this build.
	BuilderVersion string `protobuf:"bytes,1,opt,name=builder_version,json=builderVersion,proto3" json:"builder_version,omitempty"`
	// Signature of the build in occurrences pointing to this build note
	// containing build details.
	Signature *BuildSignature `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"`
	// contains filtered or unexported fields
}

Note holding the version of the provider's builder and the signature of the provenance message in the build details occurrence.

func (*Build) Descriptor

func (*Build) Descriptor() ([]byte, []int)

Deprecated: Use Build.ProtoReflect.Descriptor instead.

func (*Build) GetBuilderVersion

func (x *Build) GetBuilderVersion() string

func (*Build) GetSignature

func (x *Build) GetSignature() *BuildSignature

func (*Build) ProtoMessage

func (*Build) ProtoMessage()

func (*Build) ProtoReflect

func (x *Build) ProtoReflect() protoreflect.Message

func (*Build) Reset

func (x *Build) Reset()

func (*Build) String

func (x *Build) String() string

type BuildSignature

type BuildSignature struct {

	// Public key of the builder which can be used to verify that the related
	// findings are valid and unchanged. If `key_type` is empty, this defaults
	// to PEM encoded public keys.
	//
	// This field may be empty if `key_id` references an external key.
	//
	// For Cloud Build based signatures, this is a PEM encoded public
	// key. To verify the Cloud Build signature, place the contents of
	// this field into a file (public.pem). The signature field is base64-decoded
	// into its binary representation in signature.bin, and the provenance bytes
	// from `BuildDetails` are base64-decoded into a binary representation in
	// signed.bin. OpenSSL can then verify the signature:
	// `openssl sha256 -verify public.pem -signature signature.bin signed.bin`
	PublicKey string `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
	// Required. Signature of the related `BuildProvenance`. In JSON, this is
	// base-64 encoded.
	Signature []byte `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"`
	// An ID for the key used to sign. This could be either an ID for the key
	// stored in `public_key` (such as the ID or fingerprint for a PGP key, or the
	// CN for a cert), or a reference to an external key (such as a reference to a
	// key in Cloud Key Management Service).
	KeyId string `protobuf:"bytes,3,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
	// The type of the key, either stored in `public_key` or referenced in
	// `key_id`.
	KeyType BuildSignature_KeyType `` /* 133-byte string literal not displayed */
	// contains filtered or unexported fields
}

Message encapsulating the signature of the verified build.

func (*BuildSignature) Descriptor

func (*BuildSignature) Descriptor() ([]byte, []int)

Deprecated: Use BuildSignature.ProtoReflect.Descriptor instead.

func (*BuildSignature) GetKeyId

func (x *BuildSignature) GetKeyId() string

func (*BuildSignature) GetKeyType

func (x *BuildSignature) GetKeyType() BuildSignature_KeyType

func (*BuildSignature) GetPublicKey

func (x *BuildSignature) GetPublicKey() string

func (*BuildSignature) GetSignature

func (x *BuildSignature) GetSignature() []byte

func (*BuildSignature) ProtoMessage

func (*BuildSignature) ProtoMessage()

func (*BuildSignature) ProtoReflect

func (x *BuildSignature) ProtoReflect() protoreflect.Message

func (*BuildSignature) Reset

func (x *BuildSignature) Reset()

func (*BuildSignature) String

func (x *BuildSignature) String() string

type BuildSignature_KeyType

type BuildSignature_KeyType int32

Public key formats.

const (
	// `KeyType` is not set.
	BuildSignature_KEY_TYPE_UNSPECIFIED BuildSignature_KeyType = 0
	// `PGP ASCII Armored` public key.
	BuildSignature_PGP_ASCII_ARMORED BuildSignature_KeyType = 1
	// `PKIX PEM` public key.
	BuildSignature_PKIX_PEM BuildSignature_KeyType = 2
)

func (BuildSignature_KeyType) Descriptor

func (BuildSignature_KeyType) Enum

func (BuildSignature_KeyType) EnumDescriptor

func (BuildSignature_KeyType) EnumDescriptor() ([]byte, []int)

Deprecated: Use BuildSignature_KeyType.Descriptor instead.

func (BuildSignature_KeyType) Number

func (BuildSignature_KeyType) String

func (x BuildSignature_KeyType) String() string

func (BuildSignature_KeyType) Type

type Details

type Details struct {

	// Required. The actual provenance for the build.
	Provenance *provenance.BuildProvenance `protobuf:"bytes,1,opt,name=provenance,proto3" json:"provenance,omitempty"`
	// Serialized JSON representation of the provenance, used in generating the
	// build signature in the corresponding build note. After verifying the
	// signature, `provenance_bytes` can be unmarshalled and compared to the
	// provenance to confirm that it is unchanged. A base64-encoded string
	// representation of the provenance bytes is used for the signature in order
	// to interoperate with openssl which expects this format for signature
	// verification.
	//
	// The serialized form is captured both to avoid ambiguity in how the
	// provenance is marshalled to json as well to prevent incompatibilities with
	// future changes.
	ProvenanceBytes string `protobuf:"bytes,2,opt,name=provenance_bytes,json=provenanceBytes,proto3" json:"provenance_bytes,omitempty"`
	// contains filtered or unexported fields
}

Details of a build occurrence.

func (*Details) Descriptor

func (*Details) Descriptor() ([]byte, []int)

Deprecated: Use Details.ProtoReflect.Descriptor instead.

func (*Details) GetProvenance

func (x *Details) GetProvenance() *provenance.BuildProvenance

func (*Details) GetProvenanceBytes

func (x *Details) GetProvenanceBytes() string

func (*Details) ProtoMessage

func (*Details) ProtoMessage()

func (*Details) ProtoReflect

func (x *Details) ProtoReflect() protoreflect.Message

func (*Details) Reset

func (x *Details) Reset()

func (*Details) String

func (x *Details) String() string

Source Files