Documentation ¶
Overview ¶
Package verification provides a function for verifying a SLSA provenance file.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ProvenanceIRVerifier ¶
type ProvenanceIRVerifier struct { Got *model.ProvenanceIR Want *ReferenceValues }
ProvenanceIRVerifier verifies a provenance against a given reference, by verifying all non-empty fields in got using fields in the reference values. Empty fields will not be verified.
func (*ProvenanceIRVerifier) Verify ¶
func (v *ProvenanceIRVerifier) Verify() error
Verify verifies an instance of ProvenanceIRVerifier by comparing its Got and Want fields. Verify checks fields, which (i) are set in Got, i.e., GotHasX is true, and (ii) are set in Want.
type ReferenceValues ¶
type ReferenceValues struct { // Allow list of binary digests. BinarySHA256Digests []string `toml:"binary_sha256_digests"` // If true, expect that the provenance has a non-empty build command. WantBuildCmds bool `toml:"want_build_cmds"` // Allow list of builder image digests that are trusted for building the binary. BuilderImageSHA256Digests []string `toml:"builder_image_sha256_digests"` // The URI of the repo holding the resources the binary is built from. RepoURI string `toml:"repo_uri"` // Allow list of builders trusted to build the binary. TrustedBuilders []string `toml:"trusted_builders"` }
ReferenceValues specify expected values to verify provenances against.
func LoadReferenceValuesFromFile ¶
func LoadReferenceValuesFromFile(path string) (*ReferenceValues, error)
LoadReferenceValuesFromFile loads reference values from a toml file in the given path and returns an instance of ReferenceValues.