From dca45a255c2ad7aa358561c07358fb8eb11a948d Mon Sep 17 00:00:00 2001 From: Aditya Sirish Date: Tue, 27 Feb 2024 12:27:18 -0500 Subject: [PATCH] Support Witness attestation collections Signed-off-by: Aditya Sirish --- .github/workflows/ci.yml | 3 + go.mod | 117 ++++- go.sum | 454 ++++++++++++++++++- layouts/layout-npm.yml | 40 +- layouts/layout-witness.yml | 43 ++ layouts/layout.yml | 47 +- test-data-witness-raw/build.json | 620 ++++++++++++++++++++++++++ test-data-witness-raw/key | 1 + test-data-witness-raw/key.pub | 1 + test-data-witness/build.fe1c6281.json | 1 + verifier/models.go | 22 +- verifier/rules.go | 48 +- verifier/verifier.go | 192 ++++++-- 13 files changed, 1459 insertions(+), 130 deletions(-) create mode 100644 layouts/layout-witness.yml create mode 100644 test-data-witness-raw/build.json create mode 100644 test-data-witness-raw/key create mode 100644 test-data-witness-raw/key.pub create mode 100644 test-data-witness/build.fe1c6281.json diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d8561db..82b9b17 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,3 +15,6 @@ jobs: - name: Verify test NPM layout run: | go run main.go -l layouts/layout-npm.yml -a test-data-npm --substitute-parameters parameters/npm-sigstore.json + - name: Verify witness attestation collections + run: | + go run main.go -l layouts/layout-witness.yml -a test-data-witness diff --git a/go.mod b/go.mod index 220aeb5..a4ed12c 100644 --- a/go.mod +++ b/go.mod @@ -1,10 +1,11 @@ module github.com/in-toto/attestation-verifier -go 1.22 +go 1.22.7 require ( github.com/google/cel-go v0.22.0 github.com/in-toto/attestation v1.1.0 + github.com/in-toto/go-witness v0.6.0 github.com/in-toto/in-toto-golang v0.9.0 github.com/secure-systems-lab/go-securesystemslib v0.8.0 github.com/sirupsen/logrus v1.9.3 @@ -15,15 +16,113 @@ require ( require ( cel.dev/expr v0.18.0 // indirect - github.com/antlr4-go/antlr/v4 v4.13.0 // indirect + dario.cat/mergo v1.0.1 // indirect + github.com/CycloneDX/cyclonedx-go v0.9.1 // indirect + github.com/Microsoft/go-winio v0.6.2 // indirect + github.com/OneOfOne/xxhash v1.2.8 // indirect + github.com/ProtonMail/go-crypto v1.1.2 // indirect + github.com/agnivade/levenshtein v1.1.1 // indirect + github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect + github.com/antlr4-go/antlr/v4 v4.13.1 // indirect + github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect + github.com/aws/aws-sdk-go v1.55.5 // indirect + github.com/bahlo/generic-list-go v0.2.0 // indirect + github.com/beorn7/perks v1.0.1 // indirect + github.com/buger/jsonparser v1.1.1 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect + github.com/cloudflare/circl v1.5.0 // indirect + github.com/coreos/go-oidc/v3 v3.10.0 // indirect + github.com/cyphar/filepath-securejoin v0.3.4 // indirect + github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect + github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect + github.com/edwarnicke/gitoid v0.0.0-20220710194850-1be5bfda1f9d // indirect + github.com/emirpasic/gods v1.18.1 // indirect + github.com/fkautz/omnitrail-go v0.0.0-20230808061951-37d34c23539d // indirect + github.com/gabriel-vasile/mimetype v1.4.6 // indirect + github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect + github.com/go-git/go-billy/v5 v5.6.0 // indirect + github.com/go-git/go-git/v5 v5.12.0 // indirect + github.com/go-ini/ini v1.67.0 // indirect + github.com/go-jose/go-jose/v3 v3.0.3 // indirect + github.com/go-jose/go-jose/v4 v4.0.1 // indirect + github.com/go-logr/logr v1.4.2 // indirect + github.com/go-logr/stdr v1.2.2 // indirect + github.com/gobwas/glob v0.2.3 // indirect + github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect + github.com/google/go-containerregistry v0.19.1 // indirect + github.com/google/gofuzz v1.2.0 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/gorilla/mux v1.8.1 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect + github.com/in-toto/archivista v0.5.4 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/invopop/jsonschema v0.12.0 // indirect + github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect + github.com/jmespath/go-jmespath v0.4.0 // indirect + github.com/json-iterator/go v1.1.12 // indirect + github.com/kevinburke/ssh_config v1.2.0 // indirect + github.com/letsencrypt/boulder v0.0.0-20240226214708-a97e074b5a3e // indirect + github.com/mailru/easyjson v0.7.7 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/omnibor/omnibor-go v0.0.0-20230521145532-a77de61a16cd // indirect + github.com/open-policy-agent/opa v0.68.0 // indirect + github.com/opencontainers/go-digest v1.0.0 // indirect + github.com/openvex/go-vex v0.2.5 // indirect + github.com/owenrumney/go-sarif v1.1.1 // indirect + github.com/package-url/packageurl-go v0.1.1 // indirect + github.com/pjbgf/sha1cd v0.3.0 // indirect + github.com/prometheus/client_golang v1.20.2 // indirect + github.com/prometheus/client_model v0.6.1 // indirect + github.com/prometheus/common v0.55.0 // indirect + github.com/prometheus/procfs v0.15.1 // indirect + github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect + github.com/segmentio/ksuid v1.0.4 // indirect + github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect github.com/shibumi/go-pathspec v1.3.0 // indirect + github.com/sigstore/fulcio v1.4.5 // indirect + github.com/sigstore/sigstore v1.8.4 // indirect + github.com/skeema/knownhosts v1.3.0 // indirect + github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect + github.com/spdx/tools-golang v0.5.5 // indirect github.com/spf13/pflag v1.0.5 // indirect - github.com/stoewer/go-strcase v1.2.0 // indirect - golang.org/x/crypto v0.17.0 // indirect - golang.org/x/exp v0.0.0-20230515195305-f3d0a9c9a5cc // indirect - golang.org/x/sys v0.26.0 // indirect - golang.org/x/text v0.19.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241021214115-324edc3d5d38 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 // indirect + github.com/spiffe/go-spiffe/v2 v2.1.7 // indirect + github.com/stoewer/go-strcase v1.3.0 // indirect + github.com/tchap/go-patricia/v2 v2.3.1 // indirect + github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect + github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect + github.com/xanzy/ssh-agent v0.3.3 // indirect + github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect + github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect + github.com/yashtewari/glob-intersection v0.2.0 // indirect + github.com/zclconf/go-cty v1.15.0 // indirect + github.com/zeebo/errs v1.3.0 // indirect + go.opentelemetry.io/otel v1.28.0 // indirect + go.opentelemetry.io/otel/metric v1.28.0 // indirect + go.opentelemetry.io/otel/sdk v1.28.0 // indirect + go.opentelemetry.io/otel/trace v1.28.0 // indirect + golang.org/x/crypto v0.29.0 // indirect + golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f // indirect + golang.org/x/mod v0.22.0 // indirect + golang.org/x/net v0.31.0 // indirect + golang.org/x/oauth2 v0.23.0 // indirect + golang.org/x/sys v0.27.0 // indirect + golang.org/x/term v0.26.0 // indirect + golang.org/x/text v0.20.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 // indirect + google.golang.org/grpc v1.68.0 // indirect + gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/warnings.v0 v0.1.2 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect + k8s.io/apimachinery v0.30.6 // indirect + k8s.io/klog/v2 v2.120.1 // indirect + k8s.io/utils v0.0.0-20240423183400-0849a56e8f22 // indirect + sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect + sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/go.sum b/go.sum index 17d2954..38ae39d 100644 --- a/go.sum +++ b/go.sum @@ -1,63 +1,473 @@ cel.dev/expr v0.18.0 h1:CJ6drgk+Hf96lkLikr4rFf19WrU0BOWEihyZnI2TAzo= cel.dev/expr v0.18.0/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw= -github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI= -github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g= +dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= +dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= +github.com/CycloneDX/cyclonedx-go v0.9.1 h1:yffaWOZsv77oTJa/SdVZYdgAgFioCeycBUKkqS2qzQM= +github.com/CycloneDX/cyclonedx-go v0.9.1/go.mod h1:NE/EWvzELOFlG6+ljX/QeMlVt9VKcTwu8u0ccsACEsw= +github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= +github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= +github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= +github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8= +github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= +github.com/ProtonMail/go-crypto v1.1.2 h1:A7JbD57ThNqh7XjmHE+PXpQ3Dqt3BrSAC0AL0Go3KS0= +github.com/ProtonMail/go-crypto v1.1.2/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= +github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8= +github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo= +github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 h1:aM1rlcoLz8y5B2r4tTLMiVTrMtpfY0O8EScKJxaSaEc= +github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092/go.mod h1:rYqSE9HbjzpHTI74vwPvae4ZVYZd1lue2ta6xHPdblA= +github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= +github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= +github.com/antlr4-go/antlr/v4 v4.13.1 h1:SqQKkuVZ+zWkMMNkjy5FZe5mr5WURWnlpmOuzYWrPrQ= +github.com/antlr4-go/antlr/v4 v4.13.1/go.mod h1:GKmUxMtwp6ZgGwZSva4eWPC5mS6vUAmOABFgjdkM7Nw= +github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= +github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= +github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= +github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= +github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= +github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU= +github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go-v2 v1.32.2 h1:AkNLZEyYMLnx/Q/mSKkcMqwNFXMAvFto9bNsHqcTduI= +github.com/aws/aws-sdk-go-v2 v1.32.2/go.mod h1:2SK5n0a2karNTv5tbP1SjsX0uhttou00v/HpXKM1ZUo= +github.com/aws/aws-sdk-go-v2/config v1.27.43 h1:p33fDDihFC390dhhuv8nOmX419wjOSDQRb+USt20RrU= +github.com/aws/aws-sdk-go-v2/config v1.27.43/go.mod h1:pYhbtvg1siOOg8h5an77rXle9tVG8T+BWLWAo7cOukc= +github.com/aws/aws-sdk-go-v2/credentials v1.17.41 h1:7gXo+Axmp+R4Z+AK8YFQO0ZV3L0gizGINCOWxSLY9W8= +github.com/aws/aws-sdk-go-v2/credentials v1.17.41/go.mod h1:u4Eb8d3394YLubphT4jLEwN1rLNq2wFOlT6OuxFwPzU= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.17 h1:TMH3f/SCAWdNtXXVPPu5D6wrr4G5hI1rAxbcocKfC7Q= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.17/go.mod h1:1ZRXLdTpzdJb9fwTMXiLipENRxkGMTn1sfKexGllQCw= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21 h1:UAsR3xA31QGf79WzpG/ixT9FZvQlh5HY1NRqSHBNOCk= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21/go.mod h1:JNr43NFf5L9YaG3eKTm7HQzls9J+A9YYcGI5Quh1r2Y= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21 h1:6jZVETqmYCadGFvrYEQfC5fAQmlo80CeL5psbno6r0s= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21/go.mod h1:1SR0GbLlnN3QUmYaflZNiH1ql+1qrSiB2vwcJ+4UM60= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 h1:TToQNkvGguu209puTojY/ozlqy2d/SFNcoLIqTFi42g= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0/go.mod h1:0jp+ltwkf+SwG2fm/PKo8t4y8pJSgOCO4D8Lz3k0aHQ= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2 h1:s7NA1SOw8q/5c0wr8477yOPp0z+uBaXBnLE0XYb0POA= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2/go.mod h1:fnjjWyAW/Pj5HYOxl9LJqWtEwS7W2qgcRLWP+uWbss0= +github.com/aws/aws-sdk-go-v2/service/kms v1.31.3 h1:wLBgq6nDNYdd0A5CvscVAKV5SVlHKOHVPedpgtigATg= +github.com/aws/aws-sdk-go-v2/service/kms v1.31.3/go.mod h1:8lETO9lelSG2B6KMXFh2OwPPqGV6WQM3RqLAEjP1xaU= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.2 h1:bSYXVyUzoTHoKalBmwaZxs97HU9DWWI3ehHSAMa7xOk= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.2/go.mod h1:skMqY7JElusiOUjMJMOv1jJsP7YUg7DrhgqZZWuzu1U= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.2 h1:AhmO1fHINP9vFYUE0LHzCWg/LfUWUF+zFPEcY9QXb7o= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.2/go.mod h1:o8aQygT2+MVP0NaV6kbdE1YnnIM8RRVQzoeUH45GOdI= +github.com/aws/aws-sdk-go-v2/service/sts v1.32.2 h1:CiS7i0+FUe+/YY1GvIBLLrR/XNGZ4CtM1Ll0XavNuVo= +github.com/aws/aws-sdk-go-v2/service/sts v1.32.2/go.mod h1:HtaiBI8CjYoNVde8arShXb94UbQQi9L4EMr6D+xGBwo= +github.com/aws/smithy-go v1.22.0 h1:uunKnWlcoL3zO7q+gG2Pk53joueEOsnNB28QdMsmiMM= +github.com/aws/smithy-go v1.22.0/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= +github.com/bahlo/generic-list-go v0.2.0 h1:5sz/EEAK+ls5wF+NeqDpk5+iNdMDXrh3z3nPnH1Wvgk= +github.com/bahlo/generic-list-go v0.2.0/go.mod h1:2KvAjgMlE5NNynlg/5iLrrCCZ2+5xWbdbCW3pNTGyYg= +github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= +github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= +github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0= +github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= +github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= +github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HVHpXvjfy0Dy7g6fuA= +github.com/bytecodealliance/wasmtime-go/v3 v3.0.2/go.mod h1:RnUjnIXxEJcL6BgCvNyzCCRzZcxCgsZCi+RNlvYor5Q= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= +github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cloudflare/circl v1.5.0 h1:hxIWksrX6XN5a1L2TI/h53AGPhNHoUBo+TD1ms9+pys= +github.com/cloudflare/circl v1.5.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb h1:EDmT6Q9Zs+SbUoc7Ik9EfrFqcylYqgPZ9ANSbTAntnE= github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb/go.mod h1:ZjrT6AXHbDs86ZSdt/osfBi5qfexBrKUdONk989Wnk4= +github.com/coreos/go-oidc/v3 v3.10.0 h1:tDnXHnLyiTVyT/2zLDGj09pFPkhND8Gl8lnTRhoEaJU= +github.com/coreos/go-oidc/v3 v3.10.0/go.mod h1:5j11xcw0D3+SGxn6Z/WFADsgcWVMyNAlSQupk0KK3ac= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cyphar/filepath-securejoin v0.3.4 h1:VBWugsJh2ZxJmLFSM06/0qzQyiQX2Qs0ViKrUAcqdZ8= +github.com/cyphar/filepath-securejoin v0.3.4/go.mod h1:8s/MCNJREmFK0H02MF6Ihv1nakJe4L/w3WZLHNkvlYM= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dgraph-io/badger/v3 v3.2103.5 h1:ylPa6qzbjYRQMU6jokoj4wzcaweHylt//CH0AKt0akg= +github.com/dgraph-io/badger/v3 v3.2103.5/go.mod h1:4MPiseMeDQ3FNCYwRbbcBOGJLf5jsE0PPFzRiKjtcdw= +github.com/dgraph-io/ristretto v0.1.1 h1:6CWw5tJNgpegArSHpNHJKldNeq03FQCwYvfMVWajOK8= +github.com/dgraph-io/ristretto v0.1.1/go.mod h1:S1GPSBCYCIhmVNfcth17y2zZtQT6wzkzgwUve0VDWWA= +github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48 h1:fRzb/w+pyskVMQ+UbP35JkH8yB7MYb4q/qhBarqZE6g= +github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA= +github.com/digitorus/pkcs7 v0.0.0-20230713084857-e76b763bdc49/go.mod h1:SKVExuS+vpu2l9IoOc0RwqE7NYnb0JlcFHFnEJkVDzc= +github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 h1:ge14PCmCvPjpMQMIAH7uKg0lrtNSOdpYsRXlwk3QbaE= +github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352/go.mod h1:SKVExuS+vpu2l9IoOc0RwqE7NYnb0JlcFHFnEJkVDzc= +github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 h1:lxmTCgmHE1GUYL7P0MlNa00M67axePTq+9nBSGddR8I= +github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7/go.mod h1:GvWntX9qiTlOud0WkQ6ewFm0LPy5JUR1Xo0Ngbd1w6Y= +github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= +github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= +github.com/edwarnicke/gitoid v0.0.0-20220710194850-1be5bfda1f9d h1:4l+Uq5zFWSagXgGFaKRRVWJrnlzeathyagWgYUltCgY= +github.com/edwarnicke/gitoid v0.0.0-20220710194850-1be5bfda1f9d/go.mod h1:WxWwA3EYuCQjlR5EBUX3uaTS8bh9BOa7BcqVREHQ0uQ= +github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU= +github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= +github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= +github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= +github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= +github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/fkautz/omnitrail-go v0.0.0-20230808061951-37d34c23539d h1:p4DOjnN5IAuUhtksK+RuwR2q3VclzeI1+zh+AfNFFjw= +github.com/fkautz/omnitrail-go v0.0.0-20230808061951-37d34c23539d/go.mod h1:To+426All36lUwebm2u5Qptl3daW1Nnk+LHrkTFhiWQ= +github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= +github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= +github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7DlmewI= +github.com/foxcpp/go-mockdns v1.1.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk= +github.com/gabriel-vasile/mimetype v1.4.6 h1:3+PzJTKLkvgjeTbts6msPJt4DixhT4YtFNf1gtGe3zc= +github.com/gabriel-vasile/mimetype v1.4.6/go.mod h1:JX1qVKqZd40hUPpAfiNTe0Sne7hdfKSbOqqmkq8GCXc= +github.com/gliderlabs/ssh v0.3.7 h1:iV3Bqi942d9huXnzEF2Mt+CY9gLu8DNM4Obd+8bODRE= +github.com/gliderlabs/ssh v0.3.7/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8= +github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= +github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= +github.com/go-git/go-billy/v5 v5.6.0 h1:w2hPNtoehvJIxR00Vb4xX94qHQi/ApZfX+nBE2Cjio8= +github.com/go-git/go-billy/v5 v5.6.0/go.mod h1:sFDq7xD3fn3E0GOwUSZqHo9lrkmx8xJhA0ZrfvjBRGM= +github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= +github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= +github.com/go-git/go-git/v5 v5.12.0 h1:7Md+ndsjrzZxbddRDZjF14qK+NN56sy6wkqaVrjZtys= +github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXYjuz9i5OEY= +github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A= +github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= +github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= +github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= +github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U= +github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= +github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= +github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= +github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= +github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= +github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang/glog v1.2.2 h1:1+mZ9upx1Dh6FmUTFR1naJ77miKiXgALjWOZ3NVFPmY= +github.com/golang/glog v1.2.2/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= +github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/cel-go v0.22.0 h1:b3FJZxpiv1vTMo2/5RDUqAHPxkT8mmMfJIrq1llbf7g= github.com/google/cel-go v0.22.0/go.mod h1:BuznPXXfQDpXKWQ9sPW3TzlAJN5zzFe+i9tIs0yC4s8= +github.com/google/flatbuffers v2.0.8+incompatible h1:ivUb1cGomAB101ZM1T0nOiWz9pSrTMoa9+EiY7igmkM= +github.com/google/flatbuffers v2.0.8+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-containerregistry v0.19.1 h1:yMQ62Al6/V0Z7CqIrrS1iYoA5/oQCm88DeNujc7C1KY= +github.com/google/go-containerregistry v0.19.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= +github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k= +github.com/in-toto/archivista v0.5.4 h1:B3j7qzo7Nlcz9n1oHrSgqMXz1eZkTYuf7oyzI52pgug= +github.com/in-toto/archivista v0.5.4/go.mod h1:DZzhlYgChw2JJ666z83tVFL2gU9u5yk/BSQZe06Pshg= github.com/in-toto/attestation v1.1.0 h1:oRWzfmZPDSctChD0VaQV7MJrywKOzyNrtpENQFq//2Q= github.com/in-toto/attestation v1.1.0/go.mod h1:DB59ytd3z7cIHgXxwpSX2SABrU6WJUKg/grpdgHVgVs= +github.com/in-toto/go-witness v0.6.0 h1:TGbVvWtvIdDMw/EcbRaMxshn8LADLQF8VdgBFzyUcEo= +github.com/in-toto/go-witness v0.6.0/go.mod h1:ZwhfMkkNHtDc6dX/m7FYPy6lIqdL5BZQs5O+ZpxH6ss= +github.com/in-toto/go-witness v0.6.1-0.20241106010129-63940cbec45a h1:ArUNlF59JkFOpxMY6V6eslymLm7YOh3kiOh0SikbYhM= +github.com/in-toto/go-witness v0.6.1-0.20241106010129-63940cbec45a/go.mod h1:8HSaBdrsmMT+tzXmos2a5XU2Lku+hHQ6izUFgGK5li4= github.com/in-toto/in-toto-golang v0.9.0 h1:tHny7ac4KgtsfrG6ybU8gVOZux2H8jN05AXJ9EBM1XU= github.com/in-toto/in-toto-golang v0.9.0/go.mod h1:xsBVrVsHNsB61++S6Dy2vWosKhuA3lUTQd+eF9HdeMo= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/invopop/jsonschema v0.12.0 h1:6ovsNSuvn9wEQVOyc72aycBMVQFKz7cPdMJn10CvzRI= +github.com/invopop/jsonschema v0.12.0/go.mod h1:ffZ5Km5SWWRAIN6wbDXItl95euhFz2uON45H2qjYt+0= +github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= +github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= +github.com/jellydator/ttlcache/v3 v3.2.1 h1:eS8ljnYY7BllYGkXw/TfczWZrXUu/CH7SIkC6ugn9Js= +github.com/jellydator/ttlcache/v3 v3.2.1/go.mod h1:bj2/e0l4jRnQdrnSTaGTsh4GSXvMjQcy41i7th0GVGw= +github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= +github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= +github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/letsencrypt/boulder v0.0.0-20240226214708-a97e074b5a3e h1:0YcEneR01FfQAfP/OlniqnE+NMLLGuJ/RTJmlamX2EY= +github.com/letsencrypt/boulder v0.0.0-20240226214708-a97e074b5a3e/go.mod h1:qY5wBgmaPwKkhGd2gNWZcoJBe9c76gsHm4OTc/N12+g= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4= +github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY= +github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= +github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/omnibor/omnibor-go v0.0.0-20230521145532-a77de61a16cd h1:25EpGVgctk6V3DUa1gqFHvjVbmdWqM+jBZAed7p/krQ= +github.com/omnibor/omnibor-go v0.0.0-20230521145532-a77de61a16cd/go.mod h1:ArlQivzDQvZnFe8itjlA3ndPTXd9iWOgqzF31OyIEFQ= +github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= +github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= +github.com/open-policy-agent/opa v0.68.0 h1:Jl3U2vXRjwk7JrHmS19U3HZO5qxQRinQbJ2eCJYSqJQ= +github.com/open-policy-agent/opa v0.68.0/go.mod h1:5E5SvaPwTpwt2WM177I9Z3eT7qUpmOGjk1ZdHs+TZ4w= +github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= +github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= +github.com/openvex/go-vex v0.2.5 h1:41utdp2rHgAGCsG+UbjmfMG5CWQxs15nGqir1eRgSrQ= +github.com/openvex/go-vex v0.2.5/go.mod h1:j+oadBxSUELkrKh4NfNb+BPo77U3q7gdKME88IO/0Wo= +github.com/owenrumney/go-sarif v1.1.1 h1:QNObu6YX1igyFKhdzd7vgzmw7XsWN3/6NMGuDzBgXmE= +github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= +github.com/package-url/packageurl-go v0.1.1 h1:KTRE0bK3sKbFKAk3yy63DpeskU7Cvs/x/Da5l+RtzyU= +github.com/package-url/packageurl-go v0.1.1/go.mod h1:uQd4a7Rh3ZsVg5j0lNyAfyxIeGde9yrlhjF78GzeW0c= +github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= +github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v1.20.2 h1:5ctymQzZlyOON1666svgwn3s6IKWgfbjsejTMiXIyjg= +github.com/prometheus/client_golang v1.20.2/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= +github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= +github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= +github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= +github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= +github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM= +github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/secure-systems-lab/go-securesystemslib v0.8.0 h1:mr5An6X45Kb2nddcFlbmfHkLguCE9laoZCUzEEpIZXA= github.com/secure-systems-lab/go-securesystemslib v0.8.0/go.mod h1:UH2VZVuJfCYR8WgMlCU1uFsOUU+KeyrTWcSS73NBOzU= +github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c= +github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE= +github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= +github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= github.com/shibumi/go-pathspec v1.3.0 h1:QUyMZhFo0Md5B8zV8x2tesohbb5kfbpTi9rBnKh5dkI= github.com/shibumi/go-pathspec v1.3.0/go.mod h1:Xutfslp817l2I1cZvgcfeMQJG5QnU2lh5tVaaMCl3jE= +github.com/sigstore/fulcio v1.4.5 h1:WWNnrOknD0DbruuZWCbN+86WRROpEl3Xts+WT2Ek1yc= +github.com/sigstore/fulcio v1.4.5/go.mod h1:oz3Qwlma8dWcSS/IENR/6SjbW4ipN0cxpRVfgdsjMU8= +github.com/sigstore/sigstore v1.8.4 h1:g4ICNpiENFnWxjmBzBDWUn62rNFeny/P77HUC8da32w= +github.com/sigstore/sigstore v1.8.4/go.mod h1:1jIKtkTFEeISen7en+ZPWdDHazqhxco/+v9CNjc7oNg= +github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/skeema/knownhosts v1.3.0 h1:AM+y0rI04VksttfwjkSTNQorvGqmwATnvnAHpSgc0LY= +github.com/skeema/knownhosts v1.3.0/go.mod h1:sPINvnADmT/qYH1kfv+ePMmOBTH6Tbl7b5LvTDjFK7M= +github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 h1:JIAuq3EEf9cgbU6AtGPK4CTG3Zf6CKMNqf0MHTggAUA= +github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog= +github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb/go.mod h1:uKWaldnbMnjsSAXRurWqqrdyZen1R7kxl8TkmWk2OyM= +github.com/spdx/tools-golang v0.5.5 h1:61c0KLfAcNqAjlg6UNMdkwpMernhw3zVRwDZ2x9XOmk= +github.com/spdx/tools-golang v0.5.5/go.mod h1:MVIsXx8ZZzaRWNQpUDhC4Dud34edUYJYecciXgrw5vE= github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/stoewer/go-strcase v1.2.0 h1:Z2iHWqGXH00XYgqDmNgQbIBxf3wrNq0F3feEy0ainaU= -github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= +github.com/spiffe/go-spiffe/v2 v2.1.7 h1:VUkM1yIyg/x8X7u1uXqSRVRCdMdfRIEdFBzpqoeASGk= +github.com/spiffe/go-spiffe/v2 v2.1.7/go.mod h1:QJDGdhXllxjxvd5B+2XnhhXB/+rC8gr+lNrtOryiWeE= +github.com/stoewer/go-strcase v1.3.0 h1:g0eASXYtp+yvN9fK8sH94oCIk0fau9uV1/ZdJ0AVEzs= +github.com/stoewer/go-strcase v1.3.0/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= -golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/exp v0.0.0-20230515195305-f3d0a9c9a5cc h1:mCRnTeVUjcrhlRmO0VK8a6k6Rrf6TF9htwo2pJVSjIU= -golang.org/x/exp v0.0.0-20230515195305-f3d0a9c9a5cc/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= +github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes= +github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= +github.com/terminalstatic/go-xsd-validate v0.1.5 h1:RqpJnf6HGE2CB/lZB1A8BYguk8uRtcvYAPLCF15qguo= +github.com/terminalstatic/go-xsd-validate v0.1.5/go.mod h1:18lsvYFofBflqCrvo1umpABZ99+GneNTw2kEEc8UPJw= +github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0= +github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= +github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= +github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= +github.com/wk8/go-ordered-map/v2 v2.1.8 h1:5h/BUHu93oj4gIdvHHHGsScSTMijfx5PeYkE/fJgbpc= +github.com/wk8/go-ordered-map/v2 v2.1.8/go.mod h1:5nJHM5DyteebpVlHnWMV0rPz6Zp7+xBAnxjb1X5vnTw= +github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= +github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= +github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= +github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= +github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= +github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= +github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= +github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= +github.com/yashtewari/glob-intersection v0.2.0 h1:8iuHdN88yYuCzCdjt0gDe+6bAhUwBeEWqThExu54RFg= +github.com/yashtewari/glob-intersection v0.2.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= +github.com/zclconf/go-cty v1.15.0 h1:tTCRWxsexYUmtt/wVxgDClUe+uQusuI443uL6e+5sXQ= +github.com/zclconf/go-cty v1.15.0/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= +github.com/zeebo/errs v1.3.0 h1:hmiaKqgYZzcVgRL1Vkc1Mn2914BbzB0IBxs+ebeutGs= +github.com/zeebo/errs v1.3.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4= +go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= +go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg= +go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo= +go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0 h1:R3X6ZXmNPRR8ul6i3WgFURCHzaXjHdm0karRG/+dj3s= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0/go.mod h1:QWFXnDavXWwMx2EEcZsf3yxgEKAqsxQ+Syjp+seyInw= +go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q= +go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s= +go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE= +go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg= +go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g= +go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI= +go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= +go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ= +golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg= +golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f h1:XdNn9LlyWAhLVp6P/i8QYBW+hlyhrhei9uErw2B5GJo= +golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f/go.mod h1:D5SMRVC3C2/4+F/DB1wZsLRnSNimn2Sp/NPsCrsv8ak= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4= +golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo= +golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM= +golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= +golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ= +golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= -golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= -golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= -golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= -golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= -google.golang.org/genproto/googleapis/api v0.0.0-20241021214115-324edc3d5d38 h1:2oV8dfuIkM1Ti7DwXc0BJfnwr9csz4TDXI9EmiI+Rbw= -google.golang.org/genproto/googleapis/api v0.0.0-20241021214115-324edc3d5d38/go.mod h1:vuAjtvlwkDKF6L1GQ0SokiRLCGFfeBUXWr/aFFkHACc= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 h1:zciRKQ4kBpFgpfC5QQCVtnnNAcLIqweL7plyZRQHVpI= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= +golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= +golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU= +golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug= +golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/tools v0.27.0 h1:qEKojBykQkQ4EynWy4S8Weg69NumxKdn40Fce3uc/8o= +golang.org/x/tools v0.27.0/go.mod h1:sUi0ZgbwW9ZPAq26Ekut+weQPR5eIM6GQLQ1Yjm1H0Q= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 h1:M0KvPgPmDZHPlbRbaNU1APr28TvwvvdUPlSv7PUvy8g= +google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:dguCy7UOdZhTvLzDyt15+rOrawrpM4q7DD9dQ1P11P4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 h1:XVhgTWWV3kGQlwJHR3upFWZeTsei6Oks1apkZSeonIE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= +google.golang.org/grpc v1.68.0 h1:aHQeeJbo8zAkAa3pRzrVjZlbz6uSfeOXlJNQM0RAbz0= +google.golang.org/grpc v1.68.0/go.mod h1:fmSPC5AsjSBCK54MyHRx48kpOti1/jRfOlwEWywNjWA= google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/go-jose/go-jose.v2 v2.6.3 h1:nt80fvSDlhKWQgSWyHyy5CfmlQr+asih51R8PTWNKKs= +gopkg.in/go-jose/go-jose.v2 v2.6.3/go.mod h1:zzZDPkNNw/c9IE7Z9jr11mBZQhKQTMzoEEIoEdZlFBI= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= +gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +k8s.io/apimachinery v0.30.6 h1:dlplzGrUL/DiPOVVVjDcT9ZoQBOwYeB6hcFy90veggs= +k8s.io/apimachinery v0.30.6/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= +k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/utils v0.0.0-20240423183400-0849a56e8f22 h1:ao5hUqGhsqdm+bYbjH/pRkCs0unBGe9UyDahzs9zQzQ= +k8s.io/utils v0.0.0-20240423183400-0849a56e8f22/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/layouts/layout-npm.yml b/layouts/layout-npm.yml index ba8c465..6a93f79 100644 --- a/layouts/layout-npm.yml +++ b/layouts/layout-npm.yml @@ -11,34 +11,32 @@ functionaries: keyID: "fe1c6281c5ff13e35286cc67e5a1fb3e6575b840a6c39ca4267d3805eb17288a" steps: - name: "build" + expectedPredicateType: "https://slsa.dev/provenance/v0.2" + functionaries: + - "fe1c6281c5ff13e35286cc67e5a1fb3e6575b840a6c39ca4267d3805eb17288a" expectedMaterials: - "ALLOW git+https://github.com/{github_repository}@{github_ref}" - "DISALLOW *" expectedProducts: - "CREATE pkg:npm/{package_name}@{package_version}" - "DISALLOW *" - expectedPredicates: - - predicateType: "https://slsa.dev/provenance/v0.2" - expectedAttributes: - - rule: "predicate.buildType == 'https://github.com/npm/cli/gha/v2'" - - rule: "predicate.invocation.configSource.uri == '{config_source}'" - - rule: "predicate.invocation.configSource.entryPoint == '{entry_point}'" - - rule: "predicate.invocation.environment.GITHUB_REF == '{github_ref}'" - - rule: "predicate.invocation.environment.GITHUB_REPOSITORY == '{github_repository}'" - - rule: "predicate.invocation.environment.GITHUB_REPOSITORY_ID == '{github_repository_id}'" - - rule: "predicate.invocation.environment.GITHUB_REPOSITORY_OWNER_ID == '{github_repository_owner_id}'" - - rule: "predicate.invocation.environment.GITHUB_WORKFLOW_REF == '{github_workflow_ref}'" - functionaries: - - "fe1c6281c5ff13e35286cc67e5a1fb3e6575b840a6c39ca4267d3805eb17288a" + expectedAttributes: + - rule: "predicate.buildType == 'https://github.com/npm/cli/gha/v2'" + - rule: "predicate.invocation.configSource.uri == '{config_source}'" + - rule: "predicate.invocation.configSource.entryPoint == '{entry_point}'" + - rule: "predicate.invocation.environment.GITHUB_REF == '{github_ref}'" + - rule: "predicate.invocation.environment.GITHUB_REPOSITORY == '{github_repository}'" + - rule: "predicate.invocation.environment.GITHUB_REPOSITORY_ID == '{github_repository_id}'" + - rule: "predicate.invocation.environment.GITHUB_REPOSITORY_OWNER_ID == '{github_repository_owner_id}'" + - rule: "predicate.invocation.environment.GITHUB_WORKFLOW_REF == '{github_workflow_ref}'" - name: "publish" + expectedPredicateType: "https://github.com/npm/attestation/tree/main/specs/publish/v0.1" + functionaries: + - "fe1c6281c5ff13e35286cc67e5a1fb3e6575b840a6c39ca4267d3805eb17288a" expectedMaterials: - "MATCH * WITH products FROM build" - "DISALLOW *" - expectedPredicates: - - predicateType: "https://github.com/npm/attestation/tree/main/specs/publish/v0.1" - expectedAttributes: - - rule: "predicate.name == '{package_name}'" - - rule: "predicate.version == '{package_version}'" - - rule: "predicate.registry == 'https://registry.npmjs.org'" - functionaries: - - "fe1c6281c5ff13e35286cc67e5a1fb3e6575b840a6c39ca4267d3805eb17288a" + expectedAttributes: + - rule: "predicate.name == '{package_name}'" + - rule: "predicate.version == '{package_version}'" + - rule: "predicate.registry == 'https://registry.npmjs.org'" diff --git a/layouts/layout-witness.yml b/layouts/layout-witness.yml new file mode 100644 index 0000000..01bbda3 --- /dev/null +++ b/layouts/layout-witness.yml @@ -0,0 +1,43 @@ +expires: "2100-10-10T12:23:22Z" +functionaries: + fe1c6281c5ff13e35286cc67e5a1fb3e6575b840a6c39ca4267d3805eb17288a: + keyType: "ed25519" + scheme: "ed25519" + keyIDHashAlgorithms: + - "sha256" + - "sha512" + keyVal: + public: "7345b83c121ea0d9ffc3b38d69958718b8435e8cb0552f889d695586693e1b89" + keyID: "fe1c6281c5ff13e35286cc67e5a1fb3e6575b840a6c39ca4267d3805eb17288a" +steps: + - name: "build" + expectedPredicateType: "https://witness.testifysec.com/attestation-collection/v0.1" + functionaries: + - "fe1c6281c5ff13e35286cc67e5a1fb3e6575b840a6c39ca4267d3805eb17288a" + expectedMaterials: + - "ALLOW .git/*" + - "ALLOW .github/*" + - "ALLOW Makefile" + - "ALLOW *.go" + - "ALLOW *.json" + - "ALLOW go.*" + - "ALLOW LICENSE" + - "ALLOW Dockerfile" + - "ALLOW .gitignore" + - "ALLOW README.md" + - "ALLOW *.pem" + - "DISALLOW *" + expectedProducts: + - "ALLOW *" + expectedAttestors: + - attestorType: "https://witness.dev/attestations/git/v0.1" + expectedAttributes: + - rule: "attestation.author == 'John Kjell'" + - attestorType: "https://witness.dev/attestations/github/v0.1" + expectedAttributes: + - rule: "attestation.jwt.claims.actor == 'jkjell'" + - rule: "attestation.jwt.claims.repository == 'testifysec/swf'" + - attestorType: "https://witness.dev/attestations/command-run/v0.1" + expectedAttributes: + - rule: "attestation.cmd == ['/bin/sh', '-c', 'go build -o bin/software main.go']" + - rule: "attestation.exitcode == 0" diff --git a/layouts/layout.yml b/layouts/layout.yml index a2fc36b..3e40a0e 100644 --- a/layouts/layout.yml +++ b/layouts/layout.yml @@ -11,44 +11,41 @@ functionaries: keyID: "fe1c6281c5ff13e35286cc67e5a1fb3e6575b840a6c39ca4267d3805eb17288a" steps: - name: "clone" + expectedPredicateType: "https://in-toto.io/attestation/link/v0.3" + functionaries: + - "fe1c6281c5ff13e35286cc67e5a1fb3e6575b840a6c39ca4267d3805eb17288a" expectedMaterials: - "DISALLOW *" expectedProducts: - "CREATE foo" - "DISALLOW *" - expectedPredicates: - - predicateType: "https://in-toto.io/attestation/link/v0.3" - expectedAttributes: - - rule: "predicate.command == ['git', 'clone', 'https://example.com/foo.git']" - allowIfNoClaim: true - warn: true - functionaries: - - "fe1c6281c5ff13e35286cc67e5a1fb3e6575b840a6c39ca4267d3805eb17288a" + expectedAttributes: + - rule: "predicate.command == ['git', 'clone', 'https://example.com/foo.git']" + allowIfNoClaim: true + warn: true - name: "test" + expectedPredicateType: "https://in-toto.io/attestation/test-result/v0.1" + functionaries: + - "fe1c6281c5ff13e35286cc67e5a1fb3e6575b840a6c39ca4267d3805eb17288a" expectedMaterials: - "MATCH foo WITH products FROM clone" - "DISALLOW *" - expectedPredicates: - - predicateType: "https://in-toto.io/attestation/test-result/v0.1" - expectedAttributes: - - rule: "size(predicate.failedTests) == 0" - - rule: "predicate.result == 'PASSED'" - - rule: "size(subject) != 0" - functionaries: - - "fe1c6281c5ff13e35286cc67e5a1fb3e6575b840a6c39ca4267d3805eb17288a" + expectedAttributes: + - rule: "size(predicate.failedTests) == 0" + - rule: "predicate.result == 'PASSED'" + - rule: "size(subject) != 0" - name: "build" + expectedPredicateType: "https://slsa.dev/provenance/v1" + functionaries: + - "fe1c6281c5ff13e35286cc67e5a1fb3e6575b840a6c39ca4267d3805eb17288a" expectedMaterials: - "MATCH foo WITH products FROM clone" - "DISALLOW *" expectedProducts: - "CREATE bin/foo" - "DISALLOW *" - expectedPredicates: - - predicateType: "https://slsa.dev/provenance/v1" - expectedAttributes: - - rule: "predicate.buildDefinition.buildType == 'https://slsa-framework.github.io/github-actions-buildtypes/workflow/v1'" - allowIfNoClaim: false - - rule: "predicate.runDetails.builder.id == 'https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@refs/tags/v1.7.0'" - allowIfNoClaim: false - functionaries: - - "fe1c6281c5ff13e35286cc67e5a1fb3e6575b840a6c39ca4267d3805eb17288a" + expectedAttributes: + - rule: "predicate.buildDefinition.buildType == 'https://slsa-framework.github.io/github-actions-buildtypes/workflow/v1'" + allowIfNoClaim: false + - rule: "predicate.runDetails.builder.id == 'https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@refs/tags/v1.7.0'" + allowIfNoClaim: false diff --git a/test-data-witness-raw/build.json b/test-data-witness-raw/build.json new file mode 100644 index 0000000..abb91fd --- /dev/null +++ b/test-data-witness-raw/build.json @@ -0,0 +1,620 @@ +{ + "_type": "https://in-toto.io/Statement/v1", + "subject": [ + { + "name": "https://witness.dev/attestations/git/v0.1/committeremail:john@testifysec.com", + "digest": { + "sha256": "c70524a2f582439e3b3c2ec027cb1bfb636c029fa4101efa549d804b877241a7" + } + }, + { + "name": "https://witness.dev/attestations/git/v0.1/parenthash:924e1afbd54ab565de0d38bee11a5a173b9c56ad", + "digest": { + "sha256": "785eb706c5a2b1d138e897028884b0401618dd22f2bd59fce2c532e1b91c125d" + } + }, + { + "name": "https://witness.dev/attestations/github/v0.1/pipelineurl:https://github.com/testifysec/swf/actions/runs/7879307166", + "digest": { + "sha256": "bdefd315efd7eea52ccd8eca5517cbf82b8d9f145bef22e4b1a6a19e383073b2" + } + }, + { + "name": "https://witness.dev/attestations/github/v0.1/projecturl:https://github.com/testifysec/swf", + "digest": { + "sha256": "a6affbb590e833f4256f36e44b2d935325a174605990c30edcc3f29e73ee1f4a" + } + }, + { + "name": "https://witness.dev/attestations/product/v0.1/file:bin/software", + "digest": { + "gitoid:sha1": "gitoid:blob:sha1:ecec04ee443297a6c0de34992c013dd3c0ad259f", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "cc467e71acc4ceb44ecef92d495e754853f57a3bed7dec89cf938194666a4675" + } + }, + { + "name": "https://witness.dev/attestations/git/v0.1/commithash:5447bd853eb2e7220dc4f36682972654b93e63ac", + "digest": { + "sha1": "5447bd853eb2e7220dc4f36682972654b93e63ac" + } + }, + { + "name": "https://witness.dev/attestations/git/v0.1/authoremail:john@testifysec.com", + "digest": { + "sha256": "c70524a2f582439e3b3c2ec027cb1bfb636c029fa4101efa549d804b877241a7" + } + } + ], + "predicateType": "https://witness.testifysec.com/attestation-collection/v0.1", + "predicate": { + "name": "build", + "attestations": [ + { + "type": "https://witness.dev/attestations/git/v0.1", + "attestation": { + "commithash": "5447bd853eb2e7220dc4f36682972654b93e63ac", + "author": "John Kjell", + "authoremail": "john@testifysec.com", + "committername": "John Kjell", + "committeremail": "john@testifysec.com", + "commitdate": "2024-02-12 17:27:09 -0600 -0600", + "commitdigest": { + "sha1": "5447bd853eb2e7220dc4f36682972654b93e63ac" + }, + "parenthashes": [ + "924e1afbd54ab565de0d38bee11a5a173b9c56ad" + ], + "treehash": "76bd1c8891bc32403df1f02276a0e019b517a523", + "refs": [ + "refs/heads/main", + "refs/remotes/origin/main" + ] + }, + "starttime": "2024-02-12T23:28:39.63532877Z", + "endtime": "2024-02-12T23:28:39.642377725Z" + }, + { + "type": "https://witness.dev/attestations/github/v0.1", + "attestation": { + "jwt": { + "claims": { + "actor": "jkjell", + "actor_id": "135588", + "aud": "witness", + "base_ref": "", + "event_name": "push", + "exp": 1707780820, + "head_ref": "", + "iat": 1707780520, + "iss": "https://token.actions.githubusercontent.com", + "job_workflow_ref": "testifysec/swf/.github/workflows/witness.yml@refs/heads/main", + "job_workflow_sha": "5447bd853eb2e7220dc4f36682972654b93e63ac", + "jti": "7dc8db9f-750f-4921-8502-9ab80c5767ad", + "nbf": 1707779920, + "ref": "refs/heads/main", + "ref_protected": "false", + "ref_type": "branch", + "repository": "testifysec/swf", + "repository_id": "706339980", + "repository_owner": "testifysec", + "repository_owner_id": "87545603", + "repository_visibility": "public", + "run_attempt": "1", + "run_id": "7879307166", + "run_number": "52", + "runner_environment": "github-hosted", + "sha": "5447bd853eb2e7220dc4f36682972654b93e63ac", + "sub": "repo:testifysec/swf:ref:refs/heads/main", + "workflow": "pipeline", + "workflow_ref": "testifysec/swf/.github/workflows/pipeline.yml@refs/heads/main", + "workflow_sha": "5447bd853eb2e7220dc4f36682972654b93e63ac" + }, + "verifiedBy": { + "jwksUrl": "https://token.actions.githubusercontent.com/.well-known/jwks", + "jwk": { + "use": "sig", + "kty": "RSA", + "kid": "1F2AB83404C08EC9EA0BB99DAED02186B091DBF4", + "alg": "RS256", + "n": "u8zSYn5JR_O5yywSeOhmWWd7OMoLblh4iGTeIhTOVon-5e54RK30YQDeUCjpb9u3vdHTO7XS7i6EzkwLbsUOir27uhqoFGGWXSAZrPocOobSFoLC5l0NvSKRqVtpoADOHcAh59vLbr8dz3xtEEGx_qlLTzfFfWiCIYWiy15C2oo1eNPxzQfOvdu7Yet6Of4musV0Es5_mNETpeHOVEri8PWfxzw485UHIj3socl4Lk_I3iDyHfgpT49tIJYhHE5NImLNdwMha1cBCIbJMy1dJCfdoK827Hi9qKyBmftNQPhezGVRsOjsf2BfUGzGP5pCGrFBjEOcLhj_3j-TJebgvQ", + "e": "AQAB", + "x5c": [ + "MIIDrDCCApSgAwIBAgIQAP4blP36Q3WmMOhWf0RBMzANBgkqhkiG9w0BAQsFADA2MTQwMgYDVQQDEyt2c3RzLXZzdHNnaHJ0LWdoLXZzby1vYXV0aC52aXN1YWxzdHVkaW8uY29tMB4XDTIzMTAyNDE0NTI1NVoXDTI1MTAyNDE1MDI1NVowNjE0MDIGA1UEAxMrdnN0cy12c3RzZ2hydC1naC12c28tb2F1dGgudmlzdWFsc3R1ZGlvLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALvM0mJ+SUfzucssEnjoZllnezjKC25YeIhk3iIUzlaJ/uXueESt9GEA3lAo6W/bt73R0zu10u4uhM5MC27FDoq9u7oaqBRhll0gGaz6HDqG0haCwuZdDb0ikalbaaAAzh3AIefby26/Hc98bRBBsf6pS083xX1ogiGFosteQtqKNXjT8c0Hzr3bu2Hrejn+JrrFdBLOf5jRE6XhzlRK4vD1n8c8OPOVByI97KHJeC5PyN4g8h34KU+PbSCWIRxOTSJizXcDIWtXAQiGyTMtXSQn3aCvNux4vaisgZn7TUD4XsxlUbDo7H9gX1Bsxj+aQhqxQYxDnC4Y/94/kyXm4L0CAwEAAaOBtTCBsjAOBgNVHQ8BAf8EBAMCBaAwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwNgYDVR0RBC8wLYIrdnN0cy12c3RzZ2hydC1naC12c28tb2F1dGgudmlzdWFsc3R1ZGlvLmNvbTAfBgNVHSMEGDAWgBSmWMP5CXuaSzoLKwcLXYZnoeCJmDAdBgNVHQ4EFgQUpljD+Ql7mks6CysHC12GZ6HgiZgwDQYJKoZIhvcNAQELBQADggEBAINwybFwYpXJkvauL5QbtrykIDYeP8oFdVIeVY8YI9MGfx7OwWDsNBVXv2B62zAZ49hK5G87++NmFI/FHnGOCISDYoJkRSCy2Nbeyr7Nx2VykWzUQqHLZfvr5KqW4Gj1OFHUqTl8lP3FWDd/P+lil3JobaSiICQshgF0GnX2a8ji8mfXpJSP20gzrLw84brmtmheAvJ9X/sLbM/RBkkT6g4NV2QbTMqo6k601qBNQBsH+lTDDWPCkRoAlW6a0z9bWIhGHWJ2lcR70zagcxIVl5/Fq35770/aMGroSrIx3JayOEqsvgIthYBKHzpT2VFwUz1VpBpNVJg9/u6jCwLY7QA=" + ], + "x5t": "Hyq4NATAjsnqC7mdrtAhhrCR2_Q" + } + } + }, + "ciconfigpath": "", + "pipelineid": "7879307166", + "pipelinename": "pipeline", + "pipelineurl": "https://github.com/testifysec/swf/actions/runs/7879307166", + "projecturl": "https://github.com/testifysec/swf", + "runnerid": "GitHub Actions 58", + "cihost": "", + "ciserverurl": "https://github.com", + "runnerarch": "X64", + "runneros": "Linux" + }, + "starttime": "2024-02-12T23:28:39.642408492Z", + "endtime": "2024-02-12T23:28:39.942660467Z" + }, + { + "type": "https://witness.dev/attestations/environment/v0.1", + "attestation": { + "os": "linux", + "hostname": "fv-az568-332", + "username": "runner", + "variables": { + " ": "/home/runner/work/_actions/testifysec/witness-run-action/2ae7f93c013ccf24b8ff52b4f042b32ca95ec7b8/dist/witness", + "ACCEPT_EULA": "Y", + "ACTIONS_CACHE_URL": "https://acghubeus1.actions.githubusercontent.com/TPWTd7TbODB00LV4cLh5O4CXrF54b671YAeQzCb111oFRUIXT0/", + "ACTIONS_ID_TOKEN_REQUEST_URL": "https://pipelinesghubeus12.actions.githubusercontent.com/TPWTd7TbODB00LV4cLh5O4CXrF54b671YAeQzCb111oFRUIXT0/00000000-0000-0000-0000-000000000000/_apis/distributedtask/hubs/Actions/plans/73501c63-8389-4ab8-bb79-87278cbd3aed/jobs/029eed01-a9af-593a-beee-b2e6f46e5da7/idtoken?api-version=2.0", + "ACTIONS_RESULTS_URL": "https://results-receiver.actions.githubusercontent.com/", + "ACTIONS_RUNNER_ACTION_ARCHIVE_CACHE": "/opt/actionarchivecache", + "ACTIONS_RUNTIME_URL": "https://pipelinesghubeus12.actions.githubusercontent.com/TPWTd7TbODB00LV4cLh5O4CXrF54b671YAeQzCb111oFRUIXT0/", + "AGENT_TOOLSDIRECTORY": "/opt/hostedtoolcache", + "ANDROID_HOME": "/usr/local/lib/android/sdk", + "ANDROID_NDK": "/usr/local/lib/android/sdk/ndk/25.2.9519653", + "ANDROID_NDK_HOME": "/usr/local/lib/android/sdk/ndk/25.2.9519653", + "ANDROID_NDK_LATEST_HOME": "/usr/local/lib/android/sdk/ndk/26.1.10909125", + "ANDROID_NDK_ROOT": "/usr/local/lib/android/sdk/ndk/25.2.9519653", + "ANDROID_SDK_ROOT": "/usr/local/lib/android/sdk", + "ANT_HOME": "/usr/share/ant", + "AZURE_EXTENSION_DIR": "/opt/az/azcliextensions", + "BOOTSTRAP_HASKELL_NONINTERACTIVE": "1", + "CHROMEWEBDRIVER": "/usr/local/share/chromedriver-linux64", + "CHROME_BIN": "/usr/bin/google-chrome", + "CI": "true", + "CONDA": "/usr/share/miniconda", + "DEBIAN_FRONTEND": "noninteractive", + "DEPLOYMENT_BASEPATH": "/opt/runner", + "DOTNET_MULTILEVEL_LOOKUP": "0", + "DOTNET_NOLOGO": "1", + "DOTNET_SKIP_FIRST_TIME_EXPERIENCE": "1", + "EDGEWEBDRIVER": "/usr/local/share/edge_driver", + "GECKOWEBDRIVER": "/usr/local/share/gecko_driver", + "GHCUP_INSTALL_BASE_PREFIX": "/usr/local", + "GITHUB_ACTION": "__testifysec_witness-run-action_2", + "GITHUB_ACTIONS": "true", + "GITHUB_ACTION_REF": "2ae7f93c013ccf24b8ff52b4f042b32ca95ec7b8", + "GITHUB_ACTION_REPOSITORY": "testifysec/witness-run-action", + "GITHUB_ACTOR": "jkjell", + "GITHUB_ACTOR_ID": "135588", + "GITHUB_API_URL": "https://api.github.com", + "GITHUB_BASE_REF": "", + "GITHUB_ENV": "/home/runner/work/_temp/_runner_file_commands/set_env_4f6b1924-9ed5-4227-8b75-06e0787f140d", + "GITHUB_EVENT_NAME": "push", + "GITHUB_EVENT_PATH": "/home/runner/work/_temp/_github_workflow/event.json", + "GITHUB_GRAPHQL_URL": "https://api.github.com/graphql", + "GITHUB_HEAD_REF": "", + "GITHUB_JOB": "witness", + "GITHUB_OUTPUT": "/home/runner/work/_temp/_runner_file_commands/set_output_4f6b1924-9ed5-4227-8b75-06e0787f140d", + "GITHUB_PATH": "/home/runner/work/_temp/_runner_file_commands/add_path_4f6b1924-9ed5-4227-8b75-06e0787f140d", + "GITHUB_REF": "refs/heads/main", + "GITHUB_REF_NAME": "main", + "GITHUB_REF_PROTECTED": "false", + "GITHUB_REF_TYPE": "branch", + "GITHUB_REPOSITORY": "testifysec/swf", + "GITHUB_REPOSITORY_ID": "706339980", + "GITHUB_REPOSITORY_OWNER": "testifysec", + "GITHUB_REPOSITORY_OWNER_ID": "87545603", + "GITHUB_RETENTION_DAYS": "90", + "GITHUB_RUN_ATTEMPT": "1", + "GITHUB_RUN_ID": "7879307166", + "GITHUB_RUN_NUMBER": "52", + "GITHUB_SERVER_URL": "https://github.com", + "GITHUB_SHA": "5447bd853eb2e7220dc4f36682972654b93e63ac", + "GITHUB_STATE": "/home/runner/work/_temp/_runner_file_commands/save_state_4f6b1924-9ed5-4227-8b75-06e0787f140d", + "GITHUB_STEP_SUMMARY": "/home/runner/work/_temp/_runner_file_commands/step_summary_4f6b1924-9ed5-4227-8b75-06e0787f140d", + "GITHUB_TRIGGERING_ACTOR": "jkjell", + "GITHUB_WORKFLOW": "pipeline", + "GITHUB_WORKFLOW_REF": "testifysec/swf/.github/workflows/pipeline.yml@refs/heads/main", + "GITHUB_WORKFLOW_SHA": "5447bd853eb2e7220dc4f36682972654b93e63ac", + "GITHUB_WORKSPACE": "/home/runner/work/swf/swf", + "GOROOT_1_19_X64": "/opt/hostedtoolcache/go/1.19.13/x64", + "GOROOT_1_20_X64": "/opt/hostedtoolcache/go/1.20.13/x64", + "GOROOT_1_21_X64": "/opt/hostedtoolcache/go/1.21.6/x64", + "GRADLE_HOME": "/usr/share/gradle-8.6", + "HOME": "/home/runner", + "HOMEBREW_CLEANUP_PERIODIC_FULL_DAYS": "3650", + "HOMEBREW_NO_AUTO_UPDATE": "1", + "INPUT_ATTESTATIONS": "git github environment", + "INPUT_CERTIFICATE": "", + "INPUT_COMMAND": "/bin/sh -c \"go build -o bin/software main.go\"", + "INPUT_FULCIO": "", + "INPUT_INTERMEDIATES": "", + "INPUT_KEY": "", + "INPUT_OUTFILE": "", + "INPUT_STEP": "build", + "INPUT_TRACE": "false", + "INPUT_WORKINGDIR": "", + "INVOCATION_ID": "42c43f14264e4609bd2f3fc8f8fd119d", + "ImageOS": "ubuntu22", + "ImageVersion": "20240204.1.0", + "JAVA_HOME": "/usr/lib/jvm/temurin-11-jdk-amd64", + "JAVA_HOME_11_X64": "/usr/lib/jvm/temurin-11-jdk-amd64", + "JAVA_HOME_17_X64": "/usr/lib/jvm/temurin-17-jdk-amd64", + "JAVA_HOME_21_X64": "/usr/lib/jvm/temurin-21-jdk-amd64", + "JAVA_HOME_8_X64": "/usr/lib/jvm/temurin-8-jdk-amd64", + "JOURNAL_STREAM": "8:19014", + "LANG": "C.UTF-8", + "LEIN_HOME": "/usr/local/lib/lein", + "LEIN_JAR": "/usr/local/lib/lein/self-installs/leiningen-2.11.1-standalone.jar", + "NVM_DIR": "/home/runner/.nvm", + "PATH": "/home/runner/work/_actions/testifysec/witness-run-action/2ae7f93c013ccf24b8ff52b4f042b32ca95ec7b8/dist:/home/runner/go/bin:/opt/hostedtoolcache/go/1.21.6/x64/bin:/snap/bin:/home/runner/.local/bin:/opt/pipx_bin:/home/runner/.cargo/bin:/home/runner/.config/composer/vendor/bin:/usr/local/.ghcup/bin:/home/runner/.dotnet/tools:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/bin:/usr/bin", + "PERFLOG_LOCATION_SETTING": "RUNNER_PERFLOG", + "PIPX_BIN_DIR": "/opt/pipx_bin", + "PIPX_HOME": "/opt/pipx", + "POWERSHELL_DISTRIBUTION_CHANNEL": "GitHub-Actions-ubuntu22", + "PWD": "/home/runner/work/swf/swf", + "RUNNER_ARCH": "X64", + "RUNNER_ENVIRONMENT": "github-hosted", + "RUNNER_NAME": "GitHub Actions 58", + "RUNNER_OS": "Linux", + "RUNNER_PERFLOG": "/home/runner/perflog", + "RUNNER_TEMP": "/home/runner/work/_temp", + "RUNNER_TOOL_CACHE": "/opt/hostedtoolcache", + "RUNNER_TRACKING_ID": "github_824426be-86dc-4fba-9585-e7fbd4507ec8", + "RUNNER_USER": "runner", + "RUNNER_WORKSPACE": "/home/runner/work/swf", + "SELENIUM_JAR_PATH": "/usr/share/java/selenium-server.jar", + "SGX_AESM_ADDR": "1", + "STATS_EXT": "true", + "STATS_EXTP": "https://provjobdsettingscdn.blob.core.windows.net/settings/provjobdsettings-0.5.154/provjobd.data", + "STATS_RDCL": "true", + "STATS_TIS": "mining", + "STATS_TRP": "true", + "STATS_UE": "true", + "STATS_V3PS": "true", + "STATS_VMD": "true", + "SWIFT_PATH": "/usr/share/swift/usr/bin", + "SYSTEMD_EXEC_PID": "592", + "USER": "runner", + "VCPKG_INSTALLATION_ROOT": "/usr/local/share/vcpkg", + "XDG_CONFIG_HOME": "/home/runner/.config", + "XDG_RUNTIME_DIR": "/run/user/1001" + } + }, + "starttime": "2024-02-12T23:28:39.942692798Z", + "endtime": "2024-02-12T23:28:39.942785701Z" + }, + { + "type": "https://witness.dev/attestations/material/v0.1", + "attestation": { + ".git/FETCH_HEAD": { + "gitoid:sha1": "gitoid:blob:sha1:89a9c3f2abcc51c59fbcc98684970a67369ddc5e", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "d878e33be6b8202b5c0e92866bdd01c4386a63d0b26fe14f6d969bc133344cc7" + }, + ".git/HEAD": { + "gitoid:sha1": "gitoid:blob:sha1:b870d82622c1a9ca6bcaf5df639680424a1904b0", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "28d25bf82af4c0e2b72f50959b2beb859e3e60b9630a5e8c603dad4ddb2b6e80" + }, + ".git/config": { + "gitoid:sha1": "gitoid:blob:sha1:e252c29a5e102d52e1cba9044ca07de674869a32", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "7356beec20fb1c0cec33870784eb7fcb6ee8caedada068d20bd830ad9c5c8f8e" + }, + ".git/description": { + "gitoid:sha1": "gitoid:blob:sha1:498b267a8c7812490d6479839c5577eaaec79d62", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "85ab6c163d43a17ea9cf7788308bca1466f1b0a8d1cc92e26e9bf63da4062aee" + }, + ".git/hooks/applypatch-msg.sample": { + "gitoid:sha1": "gitoid:blob:sha1:a5d7b84a673458d14d9aab082183a1968c2c7492", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "0223497a0b8b033aa58a3a521b8629869386cf7ab0e2f101963d328aa62193f7" + }, + ".git/hooks/commit-msg.sample": { + "gitoid:sha1": "gitoid:blob:sha1:b58d1184a9d43a39c0d95f32453efc78581877d6", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "1f74d5e9292979b573ebd59741d46cb93ff391acdd083d340b94370753d92437" + }, + ".git/hooks/fsmonitor-watchman.sample": { + "gitoid:sha1": "gitoid:blob:sha1:23e856f5deeb7f564afc22f2beed54449c2d3afb", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "e0549964e93897b519bd8e333c037e51fff0f88ba13e086a331592bf801fa1d0" + }, + ".git/hooks/post-update.sample": { + "gitoid:sha1": "gitoid:blob:sha1:ec17ec1939b7c3e86b7cb6c0c4de6b0818a7e75e", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "81765af2daef323061dcbc5e61fc16481cb74b3bac9ad8a174b186523586f6c5" + }, + ".git/hooks/pre-applypatch.sample": { + "gitoid:sha1": "gitoid:blob:sha1:4142082bcb939bbc17985a69ba748491ac6b62a5", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "e15c5b469ea3e0a695bea6f2c82bcf8e62821074939ddd85b77e0007ff165475" + }, + ".git/hooks/pre-commit.sample": { + "gitoid:sha1": "gitoid:blob:sha1:e144712c85c055bcf3248ab342592b440a477062", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "f9af7d95eb1231ecf2eba9770fedfa8d4797a12b02d7240e98d568201251244a" + }, + ".git/hooks/pre-merge-commit.sample": { + "gitoid:sha1": "gitoid:blob:sha1:399eab1924e39da570b389b0bef1ca713b3b05c3", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "d3825a70337940ebbd0a5c072984e13245920cdf8898bd225c8d27a6dfc9cb53" + }, + ".git/hooks/pre-push.sample": { + "gitoid:sha1": "gitoid:blob:sha1:4ce688d32b7532862767345f2b991ae856f7d4a8", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "ecce9c7e04d3f5dd9d8ada81753dd1d549a9634b26770042b58dda00217d086a" + }, + ".git/hooks/pre-rebase.sample": { + "gitoid:sha1": "gitoid:blob:sha1:6cbef5c370d8c3486ca85423dd70440c5e0a2aa2", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "4febce867790052338076f4e66cc47efb14879d18097d1d61c8261859eaaa7b3" + }, + ".git/hooks/pre-receive.sample": { + "gitoid:sha1": "gitoid:blob:sha1:a1fd29ec14823d8bc4a8d1a2cfe35451580f5118", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "a4c3d2b9c7bb3fd8d1441c31bd4ee71a595d66b44fcf49ddb310252320169989" + }, + ".git/hooks/prepare-commit-msg.sample": { + "gitoid:sha1": "gitoid:blob:sha1:10fa14c5ab0134436e2ae435138bf921eb477c60", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "e9ddcaa4189fddd25ed97fc8c789eca7b6ca16390b2392ae3276f0c8e1aa4619" + }, + ".git/hooks/push-to-checkout.sample": { + "gitoid:sha1": "gitoid:blob:sha1:af5a0c0018b5e9c04b56ac52f21b4d28f48d99ea", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "a53d0741798b287c6dd7afa64aee473f305e65d3f49463bb9d7408ec3b12bf5f" + }, + ".git/hooks/sendemail-validate.sample": { + "gitoid:sha1": "gitoid:blob:sha1:640bcf874dc0bef6d128d09ed4881f0616395ed8", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "44ebfc923dc5466bc009602f0ecf067b9c65459abfe8868ddc49b78e6ced7a92" + }, + ".git/hooks/update.sample": { + "gitoid:sha1": "gitoid:blob:sha1:c4d426bc6ee9430ee7813263ce6d5da7ec78c3c6", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "8d5f2fa83e103cf08b57eaa67521df9194f45cbdbcb37da52ad586097a14d106" + }, + ".git/index": { + "gitoid:sha1": "gitoid:blob:sha1:1d49a6074a5eec150606a91cddb049c07c396132", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "997bedb343e9abca09009f7691cb5ff0f9c682532f9d3091ae453ddb366f32d2" + }, + ".git/info/exclude": { + "gitoid:sha1": "gitoid:blob:sha1:a5196d1be8fb59edf8062bef36d3a602e0812139", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "6671fe83b7a07c8932ee89164d1f2793b2318058eb8b98dc5c06ee0a5a3b0ec1" + }, + ".git/logs/HEAD": { + "gitoid:sha1": "gitoid:blob:sha1:63022be528151d6f191063e79a46fba860cfc566", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "3cdd88c0b0eb49277cbd6ab2375d0adc4a23bad64aaed379d7dc16097d33eac3" + }, + ".git/logs/refs/heads/main": { + "gitoid:sha1": "gitoid:blob:sha1:fd0eb13b6eb32c5688854019d23ec222661d1a06", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "4570ee00a2d012bc3b046dc186b07af2fde6e5040de1d52df865636a9ebc6f97" + }, + ".git/logs/refs/remotes/origin/main": { + "gitoid:sha1": "gitoid:blob:sha1:cc94a5535addbf092b3d1fa265b74fea4afce5e0", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "c439466c0a00a4de4097cfed356c5530d806ad45f3a22698264d2fa03d113b0f" + }, + ".git/objects/14/eb34bd575ae1a2ef903b14c9f9ab896f526919": { + "gitoid:sha1": "gitoid:blob:sha1:47d8c3c455e3f197a8a71abf5acc59c45388b502", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "52233b949f40c55fa59f05a61231652e79d278efe3c12741ab67b6f3e703cce4" + }, + ".git/objects/1a/4c74da674303313999d8b622c2e2f3788bc76e": { + "gitoid:sha1": "gitoid:blob:sha1:d1b9586ea594169380514bd9e3a847f353ed02e3", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "89f6fb91726bdf86b874e6f2eb95fcc747ef8a7441a0c924764a395d107fd3e4" + }, + ".git/objects/24/7d2dd54ff9763b1236422f96ab2c98c936b24c": { + "gitoid:sha1": "gitoid:blob:sha1:e0dac48d6663be7f5037277dd29ddad7b4a73a98", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "aa765dac81a80cb5e567bf6ce9825463d908b92e64c6ed7f447d929f5cd728a0" + }, + ".git/objects/26/1eeb9e9f8b2b4b0d119366dda99c6fd7d35c64": { + "gitoid:sha1": "gitoid:blob:sha1:6ed1f5281b67954a753b7502afacb6e2b8d014e5", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "72e9c36b6c0617f163a591a78ed16af1d620883d2062410f9a59767e8494174f" + }, + ".git/objects/2f/eb386394779ddefb7f4055a4af9c2c8b964a94": { + "gitoid:sha1": "gitoid:blob:sha1:f25e8bb02868db95dc09bf2834a254383c81fc20", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "1f69b2588e38cb65c982f1e74d4311a6fbe6e7b0f005dcb8e218ebd89e82b9bb" + }, + ".git/objects/3b/f94393f028576e25c7ef232cd627bad08008c7": { + "gitoid:sha1": "gitoid:blob:sha1:527395523c786e160bf45f5e8c6c302a12c26866", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "f47a679a676b7c8a8ebdf4b1790d75addbb1e11e973f5c9232160e914c26163f" + }, + ".git/objects/54/47bd853eb2e7220dc4f36682972654b93e63ac": { + "gitoid:sha1": "gitoid:blob:sha1:f3bcf78df48a9bb8ba29edb1948045ef42864910", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "b70812f67e88490251f193f29ced7ce59098ec41503c1b42a76743083342f45a" + }, + ".git/objects/6e/66712fdfbc39e7d37b6b438c936469ef5034aa": { + "gitoid:sha1": "gitoid:blob:sha1:6e3a827d1b2745bf9da20a22349c72dc24da927c", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "5c3c7d79476a3bb8f34a3acae0bd7011d8dff1787723de2451070e876a4baa6d" + }, + ".git/objects/76/bd1c8891bc32403df1f02276a0e019b517a523": { + "gitoid:sha1": "gitoid:blob:sha1:3b49cb63843ef22fbb3f74711c0c5e6a0b554af7", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "6cd6127b7e8ddbbe00fc68f5d5de2af902688009b84341a25619c91062bf6c05" + }, + ".git/objects/76/ccaba52069677c0cd94f478ec57816058df80e": { + "gitoid:sha1": "gitoid:blob:sha1:a9b24d859e7ac7130c06888611ad45b02cf4406a", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "4338b911baf69733b8af0115ea008a235b8720e8523e0e54976b22daddefcc28" + }, + ".git/objects/7a/a99833000f306c0c71a8adbbdd9dbf0e034b37": { + "gitoid:sha1": "gitoid:blob:sha1:0cbe8fbafa541ba01563fe3046f114c03e27d501", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "e76849e2579c008e8091a37beb074d0a6fcaf66f1f913d90e68be67c3bb5c671" + }, + ".git/objects/a2/5ce89f3dd9ae7d313024cd5eb4c56054da596e": { + "gitoid:sha1": "gitoid:blob:sha1:1ad6cf1888280cfd685f429f6ffaaa10793df8f5", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "70e39e0c54052c5d94513297d6658d64626769b6a58631225ca6068b7a1baaba" + }, + ".git/objects/a4/a0f9412f3397b19bc3041779312e7018781b4b": { + "gitoid:sha1": "gitoid:blob:sha1:3202a6a5b4b4823144373216217262e3038dfea8", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "aa6af0e3f0ff5a7cf58b1fd5f2aecaead8f1ef866f537d4b5cedc4618a2e7969" + }, + ".git/objects/a5/aa07a3390431aa5533f08a01b48d9349e6d81d": { + "gitoid:sha1": "gitoid:blob:sha1:97b49f4da9d7a6fae38b92f60269794a85ed1be0", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "a31564ebb26c59f42ac904cfc61317d9995d886f4f4b4329a28eda8c3a99a45e" + }, + ".git/objects/b0/8bff3b3cbc449306d8726cb37821ab12c49f59": { + "gitoid:sha1": "gitoid:blob:sha1:3618875b581c6b288752c47497dd4d1a0815095b", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "401ac67217142e06978f47b1dd045893a976a0bf25ee62955d72be44a4f89d24" + }, + ".git/objects/b7/243e25b256e48478443fc91fab8d3e8d9f1ff3": { + "gitoid:sha1": "gitoid:blob:sha1:1ef6e7eeb387b49a5cb0bab544442b0702750371", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "036f08256fe8c294fd7285f87927361c52992fc227c57732c9623b42becdaa30" + }, + ".git/objects/c0/1c1e085561fd32217f3ca833fe198fd556c99b": { + "gitoid:sha1": "gitoid:blob:sha1:5456d4b6d4a245518044b0638139f950794362e0", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "becd9862d48c4f4d59cfa081b2fa769050d202d8d1696ff34d11707ad3a90ee8" + }, + ".git/objects/cd/885540dacd0d810116d13918c59b6acf253b3e": { + "gitoid:sha1": "gitoid:blob:sha1:8bdd5341fb2ccfbe12ac3e1ab0a4fea204ead010", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "3fdaeec6a87b7cd98882cb5e8df2ac49a172915940818af62eada64de045ec7a" + }, + ".git/objects/ec/9839a6e4015dace85fbe8d3ef6f285028c0a5f": { + "gitoid:sha1": "gitoid:blob:sha1:3a5c859f45077a57f357705616607472d9468843", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "63e517b67be6720ecb0a3eaab02bbbc6c5cb77156d24378fb5ccd0afd9091247" + }, + ".git/refs/heads/main": { + "gitoid:sha1": "gitoid:blob:sha1:d95e35cd6b3febd3dd6249dbadcc06ec2be2efcd", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "13f094c2c9178117bd1722af96bd4ad89ce500f0f8f74979282d0e69284eed79" + }, + ".git/refs/remotes/origin/main": { + "gitoid:sha1": "gitoid:blob:sha1:d95e35cd6b3febd3dd6249dbadcc06ec2be2efcd", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "13f094c2c9178117bd1722af96bd4ad89ce500f0f8f74979282d0e69284eed79" + }, + ".git/shallow": { + "gitoid:sha1": "gitoid:blob:sha1:d95e35cd6b3febd3dd6249dbadcc06ec2be2efcd", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "13f094c2c9178117bd1722af96bd4ad89ce500f0f8f74979282d0e69284eed79" + }, + ".github/dependabot.yml": { + "gitoid:sha1": "gitoid:blob:sha1:cd885540dacd0d810116d13918c59b6acf253b3e", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "a69cb3493f5830285607bae1bebd52a50f0b03dbe6f6a23f8376007fcaaf2499" + }, + ".github/workflows/pipeline.yml": { + "gitoid:sha1": "gitoid:blob:sha1:2feb386394779ddefb7f4055a4af9c2c8b964a94", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "7069ea5ecb54f8a4f5d6bc7f3d8343ee5aa2cf7d53f20d92bad285148f17918a" + }, + ".github/workflows/witness.yml": { + "gitoid:sha1": "gitoid:blob:sha1:b08bff3b3cbc449306d8726cb37821ab12c49f59", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "c0f9798324baccb3f5892cb60a7a8c710ed66aedfd7fa5faf7909c65ffc63582" + }, + ".gitignore": { + "gitoid:sha1": "gitoid:blob:sha1:b7243e25b256e48478443fc91fab8d3e8d9f1ff3", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "67757a4c2cceb21cb7e4f652bd14048e1c0c1cd9d40365312886e48ddf9b4264" + }, + "Dockerfile": { + "gitoid:sha1": "gitoid:blob:sha1:a4a0f9412f3397b19bc3041779312e7018781b4b", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "8c81e2a00f2b6c19ae6a4bf7e337af51d9cc744afdd54264ecc207ee3a83b62f" + }, + "LICENSE": { + "gitoid:sha1": "gitoid:blob:sha1:261eeb9e9f8b2b4b0d119366dda99c6fd7d35c64", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4" + }, + "Makefile": { + "gitoid:sha1": "gitoid:blob:sha1:a25ce89f3dd9ae7d313024cd5eb4c56054da596e", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "6b9477762d8b2595ab2e4f0a59c258d422f9f11a14052c157c37167a3de3b9aa" + }, + "README.md": { + "gitoid:sha1": "gitoid:blob:sha1:ec9839a6e4015dace85fbe8d3ef6f285028c0a5f", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "9f0cf5c8dfc9987e0b015038858511e1064baf57d5b880157445ef62a17df862" + }, + "go.mod": { + "gitoid:sha1": "gitoid:blob:sha1:a5aa07a3390431aa5533f08a01b48d9349e6d81d", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "0ef8a960f5984bb77cc072f30d1836e4b6983a11931dc2ee211a6b175c4ba324" + }, + "go.sum": { + "gitoid:sha1": "gitoid:blob:sha1:6e66712fdfbc39e7d37b6b438c936469ef5034aa", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "5aad055ee2fa47935a04b1fabe563211ae6b9f213001cac8a58dea2a5fe35cdc" + }, + "main.go": { + "gitoid:sha1": "gitoid:blob:sha1:c01c1e085561fd32217f3ca833fe198fd556c99b", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "60aeb5c9f1edf7f28033f0daafa6dbe053c9ac1012ea11a1f5ca2cbb87a4c308" + }, + "main_test.go": { + "gitoid:sha1": "gitoid:blob:sha1:247d2dd54ff9763b1236422f96ab2c98c936b24c", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "826f215de4de661ba24545430a2ede1c829830567e4d20f40fc0e613b3c76e83" + }, + "policy-signed.json": { + "gitoid:sha1": "gitoid:blob:sha1:1a4c74da674303313999d8b622c2e2f3788bc76e", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "6501f6bce15bdf623fc33c57a8721c0f9a6a299cac3846d67c94090136f8ddb0" + }, + "policy.json": { + "gitoid:sha1": "gitoid:blob:sha1:3bf94393f028576e25c7ef232cd627bad08008c7", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "5909bf1c8f232bdd935ad006d386346870259c60e092eaf56dbdee11ed8c7986" + }, + "swfpublic.pem": { + "gitoid:sha1": "gitoid:blob:sha1:76ccaba52069677c0cd94f478ec57816058df80e", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "6516d0812cb5a0d01f7f014f88e04c5d4c2d89a64e788a12950ba950fb43ef45" + } + }, + "starttime": "2024-02-12T23:28:39.942801551Z", + "endtime": "2024-02-12T23:28:39.947405769Z" + }, + { + "type": "https://witness.dev/attestations/command-run/v0.1", + "attestation": { + "cmd": [ + "/bin/sh", + "-c", + "go build -o bin/software main.go" + ], + "exitcode": 0 + }, + "starttime": "2024-02-12T23:28:39.947442027Z", + "endtime": "2024-02-12T23:28:44.193317493Z" + }, + { + "type": "https://witness.dev/attestations/product/v0.1", + "attestation": { + "bin/software": { + "mime_type": "application/octet-stream", + "digest": { + "gitoid:sha1": "gitoid:blob:sha1:ecec04ee443297a6c0de34992c013dd3c0ad259f", + "gitoid:sha256": "gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813", + "sha256": "cc467e71acc4ceb44ecef92d495e754853f57a3bed7dec89cf938194666a4675" + } + } + }, + "starttime": "2024-02-12T23:28:44.193367657Z", + "endtime": "2024-02-12T23:28:44.209442829Z" + } + ] + } +} diff --git a/test-data-witness-raw/key b/test-data-witness-raw/key new file mode 100644 index 0000000..5105a7d --- /dev/null +++ b/test-data-witness-raw/key @@ -0,0 +1 @@ +{"keytype": "ed25519", "scheme": "ed25519", "keyid": "fe1c6281c5ff13e35286cc67e5a1fb3e6575b840a6c39ca4267d3805eb17288a", "keyid_hash_algorithms": ["sha256", "sha512"], "keyval": {"public": "7345b83c121ea0d9ffc3b38d69958718b8435e8cb0552f889d695586693e1b89", "private": "9970d681b616f811318d3e48e50fa564a991f450a170bd89488188bcde19c56e"}} \ No newline at end of file diff --git a/test-data-witness-raw/key.pub b/test-data-witness-raw/key.pub new file mode 100644 index 0000000..583dced --- /dev/null +++ b/test-data-witness-raw/key.pub @@ -0,0 +1 @@ +{"keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": ["sha256", "sha512"], "keyval": {"public": "7345b83c121ea0d9ffc3b38d69958718b8435e8cb0552f889d695586693e1b89"}} \ No newline at end of file diff --git a/test-data-witness/build.fe1c6281.json b/test-data-witness/build.fe1c6281.json new file mode 100644 index 0000000..bda3ce0 --- /dev/null +++ b/test-data-witness/build.fe1c6281.json @@ -0,0 +1 @@ +{"payloadType":"application/vnd.in-toto+json","payload":"","signatures":[{"keyid":"fe1c6281c5ff13e35286cc67e5a1fb3e6575b840a6c39ca4267d3805eb17288a","sig":"t+iQcPvXqUym+TNv13draQFCUBVKpqfAZU8cKbGaOwbj1RX7NdN3RA14ZbkdA3xx6PKGA9vrsWjUQ86qr2ZDBw=="}]} \ No newline at end of file diff --git a/verifier/models.go b/verifier/models.go index d8bb9eb..bf4c7d4 100644 --- a/verifier/models.go +++ b/verifier/models.go @@ -26,19 +26,20 @@ type Constraint struct { Debug string `yaml:"debug"` } -type ExpectedStepPredicates struct { - PredicateType string `yaml:"predicateType"` +type ExpectedAttestorConstraints struct { + AttestorType string `yaml:"attestorType"` ExpectedAttributes []Constraint `yaml:"expectedAttributes"` - Functionaries []string `yaml:"functionaries"` - Threshold int `yaml:"threshold"` } type Step struct { - Name string `yaml:"name"` - Command string `yaml:"command"` - ExpectedMaterials []string `yaml:"expectedMaterials"` - ExpectedProducts []string `yaml:"expectedProducts"` - ExpectedPredicates []ExpectedStepPredicates `yaml:"expectedPredicates"` + Name string `yaml:"name"` + Functionaries []string `yaml:"functionaries"` + Threshold int `yaml:"threshold"` + ExpectedPredicateType string `yaml:"expectedPredicateType"` + ExpectedMaterials []string `yaml:"expectedMaterials"` + ExpectedProducts []string `yaml:"expectedProducts"` + ExpectedAttributes []Constraint `yaml:"expectedAttributes"` + ExpectedAttestors []ExpectedAttestorConstraints `yaml:"expectedAttestors"` } type ExpectedSubjectPredicates struct { @@ -85,6 +86,5 @@ func LoadLayout(path string) (*Layout, error) { } type AttestationIdentifier struct { - PredicateType string - Functionary string + Functionary string } diff --git a/verifier/rules.go b/verifier/rules.go index a968ea4..0e94c64 100644 --- a/verifier/rules.go +++ b/verifier/rules.go @@ -12,13 +12,14 @@ import ( linkPredicatev0 "github.com/in-toto/attestation/go/predicates/link/v0" provenancePredicatev1 "github.com/in-toto/attestation/go/predicates/provenance/v1" attestationv1 "github.com/in-toto/attestation/go/v1" + witnessattestation "github.com/in-toto/go-witness/attestation" "github.com/in-toto/in-toto-golang/in_toto" provenancePredicatev02 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2" log "github.com/sirupsen/logrus" "google.golang.org/protobuf/encoding/protojson" ) -func applyArtifactRules(statement *attestationv1.Statement, materialRules []string, productRules []string, claims map[string]map[AttestationIdentifier]*attestationv1.Statement) error { +func applyArtifactRules(statement *attestationv1.Statement, materialRules []string, productRules []string, claims map[string]map[string]*attestationv1.Statement) error { materialsList, productsList, err := getMaterialsAndProducts(statement) if err != nil { return err @@ -81,7 +82,7 @@ func applyArtifactRules(statement *attestationv1.Statement, materialRules []stri materialsPaths = materialsPaths.Difference(consumed) } - // I've separated these out on purpose right now + // adityasaky: I've separated these out on purpose right now log.Infof("Applying product rules...") for _, r := range productRules { log.Infof("Evaluating rule `%s`...", r) @@ -216,12 +217,51 @@ func getMaterialsAndProducts(statement *attestationv1.Statement) ([]*attestation return materials, statement.Subject, nil + case witnessattestation.CollectionType: + collectionBytes, err := json.Marshal(statement.Predicate) + if err != nil { + return nil, nil, err + } + + collection := &witnessattestation.Collection{} + if err := json.Unmarshal(collectionBytes, collection); err != nil { + return nil, nil, err + } + + collectionMaterials := collection.Materials() + materials := make([]*attestationv1.ResourceDescriptor, 0, len(collectionMaterials)) + for name, digestObj := range collectionMaterials { + digest, err := digestObj.ToNameMap() + if err != nil { + return nil, nil, err + } + materials = append(materials, &attestationv1.ResourceDescriptor{ + Name: name, + Digest: digest, + }) + } + + collectionProducts := collection.Subjects() + products := make([]*attestationv1.ResourceDescriptor, 0, len(collectionProducts)) + for name, digestObj := range collectionProducts { + digest, err := digestObj.ToNameMap() + if err != nil { + return nil, nil, err + } + products = append(products, &attestationv1.ResourceDescriptor{ + Name: name, + Digest: digest, + }) + } + + return materials, products, nil + default: return statement.Subject, nil, nil } } -func applyMatchRule(rule map[string]string, srcArtifacts map[string]*attestationv1.ResourceDescriptor, queue in_toto.Set, claims map[string]map[AttestationIdentifier]*attestationv1.Statement) in_toto.Set { +func applyMatchRule(rule map[string]string, srcArtifacts map[string]*attestationv1.ResourceDescriptor, queue in_toto.Set, claims map[string]map[string]*attestationv1.Statement) in_toto.Set { consumed := in_toto.NewSet() dstClaims, ok := claims[rule["dstName"]] @@ -303,7 +343,7 @@ func applyMatchRule(rule map[string]string, srcArtifacts map[string]*attestation return consumed } -func getDestinationArtifacts(dstClaims map[AttestationIdentifier]*attestationv1.Statement) (map[string]*attestationv1.ResourceDescriptor, map[string]*attestationv1.ResourceDescriptor, error) { +func getDestinationArtifacts(dstClaims map[string]*attestationv1.Statement) (map[string]*attestationv1.ResourceDescriptor, map[string]*attestationv1.ResourceDescriptor, error) { materials := map[string]*attestationv1.ResourceDescriptor{} products := map[string]*attestationv1.ResourceDescriptor{} diff --git a/verifier/verifier.go b/verifier/verifier.go index 9636d3b..f2bf39c 100644 --- a/verifier/verifier.go +++ b/verifier/verifier.go @@ -2,6 +2,7 @@ package verifier import ( "context" + "encoding/json" "errors" "fmt" "regexp" @@ -11,10 +12,31 @@ import ( "github.com/google/cel-go/cel" "github.com/google/cel-go/interpreter" attestationv1 "github.com/in-toto/attestation/go/v1" + witnessattestation "github.com/in-toto/go-witness/attestation" "github.com/secure-systems-lab/go-securesystemslib/dsse" "github.com/secure-systems-lab/go-securesystemslib/signerverifier" log "github.com/sirupsen/logrus" "google.golang.org/protobuf/encoding/protojson" + + // attestors + _ "github.com/in-toto/go-witness/attestation/aws-iid" + _ "github.com/in-toto/go-witness/attestation/commandrun" + _ "github.com/in-toto/go-witness/attestation/environment" + _ "github.com/in-toto/go-witness/attestation/gcp-iit" + _ "github.com/in-toto/go-witness/attestation/git" + _ "github.com/in-toto/go-witness/attestation/github" + _ "github.com/in-toto/go-witness/attestation/gitlab" + _ "github.com/in-toto/go-witness/attestation/jwt" + _ "github.com/in-toto/go-witness/attestation/link" + _ "github.com/in-toto/go-witness/attestation/material" + _ "github.com/in-toto/go-witness/attestation/maven" + _ "github.com/in-toto/go-witness/attestation/oci" + _ "github.com/in-toto/go-witness/attestation/policyverify" + _ "github.com/in-toto/go-witness/attestation/product" + _ "github.com/in-toto/go-witness/attestation/sarif" + _ "github.com/in-toto/go-witness/attestation/sbom" + _ "github.com/in-toto/go-witness/attestation/slsa" + _ "github.com/in-toto/go-witness/attestation/vex" ) func Verify(layout *Layout, attestations map[string]*dsse.Envelope, parameters map[string]string) error { @@ -39,7 +61,7 @@ func Verify(layout *Layout, attestations map[string]*dsse.Envelope, parameters m } log.Info("Fetching verifiers...") - verifiers, err := getVerifiers(layout.Functionaries) + verifiers, err := getEnvelopeVerifiers(layout.Functionaries) if err != nil { return err } @@ -50,11 +72,13 @@ func Verify(layout *Layout, attestations map[string]*dsse.Envelope, parameters m log.Info("Done.") log.Info("Loading attestations as claims...") - claims := map[string]map[AttestationIdentifier]*attestationv1.Statement{} + claims := map[string]map[string]*attestationv1.Statement{} for attestationName, env := range attestations { + log.Infof("Loading %s...", attestationName) + stepName := getStepName(attestationName) if claims[stepName] == nil { - claims[stepName] = map[AttestationIdentifier]*attestationv1.Statement{} + claims[stepName] = map[string]*attestationv1.Statement{} } acceptedKeys, err := envVerifier.Verify(context.Background(), env) @@ -75,18 +99,20 @@ func Verify(layout *Layout, attestations map[string]*dsse.Envelope, parameters m continue } + log.Infof("Verified signature for %s", attestationName) + sb, err := env.DecodeB64Payload() if err != nil { - return err + return fmt.Errorf("unable to decode base64-encoded payload: %w", err) } statement := &attestationv1.Statement{} if err := protojson.Unmarshal(sb, statement); err != nil { - return err + return fmt.Errorf("unable to load statement payload: %w", err) } for _, ak := range acceptedKeys { - claims[stepName][AttestationIdentifier{Functionary: ak.KeyID, PredicateType: statement.PredicateType}] = statement + claims[stepName][ak.KeyID] = statement } } log.Info("Done.") @@ -102,48 +128,103 @@ func Verify(layout *Layout, attestations map[string]*dsse.Envelope, parameters m return fmt.Errorf("no claims found for step %s", step.Name) } - for _, expectedPredicate := range step.ExpectedPredicates { - if expectedPredicate.Threshold == 0 { - expectedPredicate.Threshold = 1 + if step.Threshold == 0 { + step.Threshold = 1 + } + + trustedStatements := getPredicates(stepStatements, step.Functionaries) + if len(trustedStatements) < step.Threshold { + return fmt.Errorf("threshold not met for step %s", step.Name) + } + + // TODO: reduce statements if they're identical to avoid checking all of + // them + // See in-toto 1.0 + + acceptedPredicates := 0 + failedChecks := []error{} + for functionary, statement := range trustedStatements { + log.Infof("Verifying claim for step '%s' of type '%s' by '%s'...", step.Name, step.ExpectedPredicateType, functionary) + failed := false + + // Check the predicate type matches the expected value in the layout + if step.ExpectedPredicateType != statement.PredicateType { + failed = true + failedChecks = append(failedChecks, fmt.Errorf("for step %s, statement with unexpected predicate type %s found", step.Name, statement.PredicateType)) } - matchedPredicates := getPredicates(stepStatements, expectedPredicate.PredicateType, expectedPredicate.Functionaries) - if len(matchedPredicates) < expectedPredicate.Threshold { - return fmt.Errorf("threshold not met for step %s", step.Name) + // Check materials and products + if err := applyArtifactRules(statement, step.ExpectedMaterials, step.ExpectedProducts, claims); err != nil { + failed = true + failedChecks = append(failedChecks, fmt.Errorf("for step %s, claim by %s failed artifact rules: %w", step.Name, functionary, err)) } - failedChecks := []error{} - acceptedPredicates := 0 - for functionary, statement := range matchedPredicates { - log.Infof("Verifying claim for step '%s' of type '%s' by '%s'...", step.Name, expectedPredicate.PredicateType, functionary) - failed := false + input, err := getActivation(statement) + if err != nil { + return err + } - if err := applyArtifactRules(statement, step.ExpectedMaterials, step.ExpectedProducts, claims); err != nil { - failed = true - failedChecks = append(failedChecks, fmt.Errorf("for step %s, claim by %s failed artifact rules: %w", step.Name, functionary, err)) - } + // Check attribute rules + if err := applyAttributeRules(env, input, step.ExpectedAttributes); err != nil { + failed = true + failedChecks = append(failedChecks, fmt.Errorf("for step %s, claim by %s failed attribute rules: %w", step.Name, functionary, err)) + } - input, err := getActivation(statement) + // Examine collector claims in attestation collection + if step.ExpectedPredicateType == witnessattestation.CollectionType { + log.Infof("Verifying attestors for collection of step '%s'", step.Name) + collectionBytes, err := json.Marshal(statement.Predicate) if err != nil { return err } - if err := applyAttributeRules(env, input, expectedPredicate.ExpectedAttributes); err != nil { - failed = true - failedChecks = append(failedChecks, fmt.Errorf("for step %s, claim by %s failed attribute rules: %w", step.Name, functionary, err)) + collection := &witnessattestation.Collection{} + if err := json.Unmarshal(collectionBytes, collection); err != nil { + return err + } + log.Infof("Unmarshaled collection for step '%s'", step.Name) + + // TODO: assumes only one of each attestor type + subAttestors := make(map[string]witnessattestation.CollectionAttestation, len(collection.Attestations)) + for _, subAttestor := range collection.Attestations { + subAttestors[subAttestor.Type] = subAttestor } - if failed { - log.Infof("Claim for step %s of type %s by %s failed.", step.Name, expectedPredicate.PredicateType, functionary) - } else { - acceptedPredicates += 1 - log.Info("Done.") + env, err := getCollectionCELEnv() + if err != nil { + return err + } + + for _, attestorConstraint := range step.ExpectedAttestors { + attestor, ok := subAttestors[attestorConstraint.AttestorType] + if !ok { + failed = true + failedChecks = append(failedChecks, fmt.Errorf("for step %s, attestor of type %s not found in collection", step.Name, attestorConstraint.AttestorType)) + continue + } + + input, err := getCollectionActivation(&attestor) + if err != nil { + return err + } + + if err := applyAttributeRules(env, input, attestorConstraint.ExpectedAttributes); err != nil { + failed = true + failedChecks = append(failedChecks, fmt.Errorf("for step %s, claim by %s failed attribute rules for attestor %s: %w", step.Name, functionary, attestorConstraint.AttestorType, err)) + } } } - if acceptedPredicates < expectedPredicate.Threshold { - return errors.Join(failedChecks...) + + if failed { + log.Infof("Claim for step %s of type %s by %s failed.", step.Name, step.ExpectedPredicateType, functionary) + } else { + acceptedPredicates += 1 + log.Info("Done.") } } + if acceptedPredicates < step.Threshold { + return errors.Join(failedChecks...) + } } log.Info("Verification successful!") @@ -151,7 +232,7 @@ func Verify(layout *Layout, attestations map[string]*dsse.Envelope, parameters m return nil } -func getVerifiers(publicKeys map[string]Functionary) ([]dsse.Verifier, error) { +func getEnvelopeVerifiers(publicKeys map[string]Functionary) ([]dsse.Verifier, error) { verifiers := []dsse.Verifier{} for _, key := range publicKeys { @@ -194,11 +275,11 @@ func getVerifiers(publicKeys map[string]Functionary) ([]dsse.Verifier, error) { return verifiers, nil } -func getPredicates(statements map[AttestationIdentifier]*attestationv1.Statement, predicateType string, functionaries []string) map[string]*attestationv1.Statement { +func getPredicates(statements map[string]*attestationv1.Statement, functionaries []string) map[string]*attestationv1.Statement { matchedPredicates := map[string]*attestationv1.Statement{} for _, keyID := range functionaries { - statement, ok := statements[AttestationIdentifier{PredicateType: predicateType, Functionary: keyID}] + statement, ok := statements[keyID] if ok { matchedPredicates[keyID] = statement } @@ -216,6 +297,15 @@ func getCELEnv() (*cel.Env, error) { ) } +func getCollectionCELEnv() (*cel.Env, error) { + return cel.NewEnv( + // cel.Variable("type", cel.StringType), + cel.Variable("attestation", cel.ObjectType("google.protobuf.Struct")), + cel.Variable("startTime", cel.TimestampType), + cel.Variable("endTime", cel.TimestampType), + ) +} + func getActivation(statement *attestationv1.Statement) (interpreter.Activation, error) { return interpreter.NewActivation(map[string]any{ "type": statement.Type, @@ -225,6 +315,23 @@ func getActivation(statement *attestationv1.Statement) (interpreter.Activation, }) } +func getCollectionActivation(collection *witnessattestation.CollectionAttestation) (interpreter.Activation, error) { + attestationBytes, err := json.Marshal(collection.Attestation) + if err != nil { + return nil, err + } + attestation := map[string]any{} + if err := json.Unmarshal(attestationBytes, &attestation); err != nil { + return nil, err + } + + return interpreter.NewActivation(map[string]any{ + "attestation": attestation, + "startTime": collection.StartTime, + "endTime": collection.EndTime, + }) +} + func getStepName(name string) string { nameS := strings.Split(name, ".") nameS = nameS[:len(nameS)-1] @@ -260,9 +367,18 @@ func substituteParameters(layout *Layout, parameters map[string]string) (*Layout step.ExpectedProducts[i] = replace(replacer, productRule) } - for _, predicateType := range step.ExpectedPredicates { - for i, attributeRule := range predicateType.ExpectedAttributes { - predicateType.ExpectedAttributes[i] = Constraint{ + for i, attributeRule := range step.ExpectedAttributes { + step.ExpectedAttributes[i] = Constraint{ + Rule: replace(replacer, attributeRule.Rule), + AllowIfNoClaim: attributeRule.AllowIfNoClaim, + Warn: attributeRule.Warn, + Debug: replace(replacer, attributeRule.Debug), + } + } + + for _, attestorConstraint := range step.ExpectedAttestors { + for j, attributeRule := range attestorConstraint.ExpectedAttributes { + attestorConstraint.ExpectedAttributes[j] = Constraint{ Rule: replace(replacer, attributeRule.Rule), AllowIfNoClaim: attributeRule.AllowIfNoClaim, Warn: attributeRule.Warn,