Documentation
¶
Index ¶
- func EnvelopeFromBytes(payload []byte) (env *dsselib.Envelope, err error)
- func FindSigningCertificate(ctx context.Context, uuids []string, dssePayload dsselib.Envelope, ...) (*x509.Certificate, error)
- func GetRekorEntries(rClient *client.Rekor, artifactHash string) ([]string, error)
- func VerifyProvenance(env *dsselib.Envelope, expectedHash string) error
- func VerifyWorkflowIdentity(id *WorkflowIdentity, source string) error
- type WorkflowIdentity
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func FindSigningCertificate ¶
func FindSigningCertificate(ctx context.Context, uuids []string, dssePayload dsselib.Envelope, rClient *client.Rekor) (*x509.Certificate, error)
FindSigningCertificate finds and verifies a matching signing certificate from a list of Rekor entry UUIDs.
func GetRekorEntries ¶
GetRekorEntries finds all entry UUIDs by the digest of the artifact binary.
func VerifyWorkflowIdentity ¶
func VerifyWorkflowIdentity(id *WorkflowIdentity, source string) error
VerifyWorkflowIdentity verifies the signing certificate information
Types ¶
type WorkflowIdentity ¶
type WorkflowIdentity struct {
// The caller repository
CallerRepository string `json:"caller"`
// The commit SHA where the workflow was triggered
CallerHash string `json:"commit"`
// Current workflow (reuseable workflow) ref
JobWobWorkflowRef string `json:"job_workflow_ref"`
// Trigger
Trigger string `json:"trigger"`
// Issuer
Issuer string `json:"issuer"`
}
func GetWorkflowInfoFromCertificate ¶
func GetWorkflowInfoFromCertificate(cert *x509.Certificate) (*WorkflowIdentity, error)
GetWorkflowFromCertificate gets the workflow identity from the Fulcio authenticated content.
Source Files
Click to show internal directories.
Click to hide internal directories.