docker/attest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
94 Commits 1 Branch 35 Tags
c02e6286008171debee989b53b46efb41f86c658
Commit Graph

52 Commits

Author SHA1 Message Date
mrjoelkamp
c02e628600 fix: mkdir perms 2024-06-14 15:23:25 -05:00
mrjoelkamp
83dfd746b9 fix: update output dir permissions 2024-06-14 11:11:48 -05:00
mrjoelkamp
845fe93c11 refactor: remove any; split into functions 2024-06-14 10:04:18 -05:00
mrjoelkamp
c154613c52 refactor: use interface value 2024-06-14 10:03:39 -05:00
James Carnegie
e44390d2bc Don't use pointers for image interfaces (#51) 
* Don't use pointers for image interfaces

* Also for oci layout

* Remove default case
 2024-06-14 10:28:14 +01:00
James Carnegie
8ba9656645 Add support for OCI Referrers and fallback (#50) 
* Add support for OCI Referrers and fallback
 2024-06-13 16:10:41 +01:00
James Carnegie
4be882aeb0 Handle errors from Go in Rego. Support for skipping TL (#47) 
* Make TL logging/verification optional

* Return errors from go-lang fns

* Update pkg/policy/rego.go

Co-authored-by: Jonny Stoten <jonny@jonnystoten.com>

* Update pkg/attestation/sign.go

Co-authored-by: Joel Kamp <joel.kamp@docker.com>

* Move public key marshelling until later

* Simplify logSignature and pass down opts

---------

Co-authored-by: Jonny Stoten <jonny@jonnystoten.com>
Co-authored-by: Joel Kamp <joel.kamp@docker.com>
 2024-06-06 09:59:32 +01:00
James Carnegie
c8c148c70a Expose ParsePlatform (#45) 2024-05-31 11:02:14 +01:00
James Carnegie
a334599635 *Breaking* Parse platform earlier (#43) 
* *Breaking* Parse platform earlier

* Use constructors and hide fields to avoid confusion
 2024-05-30 17:38:58 +01:00
James Carnegie
2ae5606c92 Add support for selecting a policy by ID (#41) 2024-05-28 15:17:37 +01:00
Jonny Stoten
6397dcede8 Check version of attest against constraints in TUF (#19) 
* Check version of attest against constraints in TUF

* Add link to semver lib constraints docs
 2024-05-22 17:02:25 +01:00
Jonny Stoten
1a7897a052 Return VSA and rich errors from verification (#38) 
* Start of richer results from verification

* Pull out VSA code from signing

* Expose attestation signing fns

* Add VSA test

* Notes for policy result

* Require separate policy for VSA creation

* Load test signing key from tests

* Return rich object from policy

* Add result object schema and fix tests

* Ensure example test runs

* Remove data.yaml files from mock policies

* Don't run example - TUF policy isn't compatible

* Add attestation to manifests for all subjects

* Ensure adding attestation doesn't touch statements

* Don't export sign function

* Remove attestations from VerificationResult

* Change bool to Outcome enum in result

* Use outputLayout directly

* Make clearer that Outcome strings are for VSA

* Return multiple SLSA levels from policy

* Fix unmarshalling of policy-id (#39)

* Rename function

* Rename policy.VerificationResult -> policy.Result

* Re-add test for canonical input

---------

Co-authored-by: James Carnegie <james.carnegie@docker.com>
Co-authored-by: James Carnegie <kipz@users.noreply.github.com>
 2024-05-22 14:49:23 +01:00
James Carnegie
745eea09e8 Fix image detection based on platform (#33) 2024-05-20 09:37:53 +01:00
mrjoelkamp
0020ece3b4 fix: canonical policy 2024-05-17 09:29:06 -05:00
James Carnegie
ec1c994f04 Use id/policy-id in mapping.yaml (#32) 2024-05-16 15:34:19 +01:00
James Carnegie
a86c8c1209 Use policy files from mapping.yaml (#30) 
* Use policy files from mapping.yaml

* Rename location to root in mapping.yaml

* Remove location/root
 2024-05-16 14:49:57 +01:00
mrjoelkamp
eddb277d7e feat: add tuf download target tests 2024-05-15 16:22:35 -05:00
mrjoelkamp
a103e0e9d7 revert: query 2024-05-15 15:23:22 -05:00
mrjoelkamp
249cf5bcf3 fix: query 2024-05-15 15:21:54 -05:00
mrjoelkamp
33a1996b2b fix: no such directory error 2024-05-15 14:47:20 -05:00
Jonny Stoten
bd6d130e17 Don't use builtin print function 2024-05-08 13:12:40 +01:00
Jonny Stoten
bd849d9b43 Simplify some string concats 2024-05-08 13:09:25 +01:00
Jonny Stoten
8d45522fe8 Use assert.NoError for nil checks on errors 2024-05-08 13:09:25 +01:00
Jonny Stoten
da22f71207 Use maps.Clone from stdlib 2024-05-08 13:09:25 +01:00
Jonny Stoten
c69a9586c5 Remove string contains func (it's in the stdlib) 2024-05-08 13:09:25 +01:00
Jonny Stoten
e3d02ab2e1 Simplify and rename hash functions 2024-05-08 13:09:25 +01:00
mrjoelkamp
54996b3c0b docs: pr comments 2024-05-02 16:07:04 -05:00
Joel Kamp
4566ea56b3 Update pkg/attest/example_verify_test.go 
Co-authored-by: David Dooling <141646279+whalelines@users.noreply.github.com>
 2024-05-02 15:57:27 -05:00
Joel Kamp
20dd9da7c0 Update pkg/attest/example_verify_test.go 
Co-authored-by: David Dooling <141646279+whalelines@users.noreply.github.com>
 2024-05-02 15:57:19 -05:00
Joel Kamp
3aa738b246 Update pkg/tuf/example_registry_test.go 
Co-authored-by: David Dooling <141646279+whalelines@users.noreply.github.com>
 2024-05-02 15:57:11 -05:00
Joel Kamp
c99f90cbbf docs: update examples in README.md 2024-05-02 13:49:14 -05:00
mrjoelkamp
3701942bf1 docs: update examples in README.md 2024-05-02 13:35:57 -05:00
James Carnegie
0cadeefe6f Fix query and tests (#17) 2024-05-02 16:03:59 +01:00
James Carnegie
bc7139deaa Move policy mock for external use (#16) 2024-05-02 14:46:21 +01:00
James Carnegie
b461c7f8d8 Revert "revert: rego evaluator result" (#15) 
This reverts commit 0126ba9a0b.
 2024-05-02 11:36:29 +01:00
mrjoelkamp
34fcb0ca6d chore: rename SignIndexAttestations to just Sign 2024-04-30 15:55:21 -05:00
mrjoelkamp
6b8c5b56bc fix: default to v1.ImageIndex for *mutate.index support 2024-04-30 15:46:55 -05:00
mrjoelkamp
0126ba9a0b revert: rego evaluator result 2024-04-30 13:13:30 -05:00
mrjoelkamp
80f72a0059 refactor: SignIndexAttestations 2024-04-30 12:23:07 -05:00
mrjoelkamp
94d7f99c3c refactor: remove evelopeStyle 2024-04-30 09:34:36 -05:00
James Carnegie
90393ea6fd Return results from rego evaluation (#14) 2024-04-30 15:32:52 +01:00
mrjoelkamp
fb1a43acfd feat: add attest sign/verify 2024-04-29 16:17:58 -05:00
mrjoelkamp
20fc372988 docs: update README.md 2024-04-29 14:11:58 -05:00
mrjoelkamp
b16511d6e4 feat: add attest sign/verify 2024-04-29 12:55:19 -05:00
mrjoelkamp
f8f40807bc feat: pr comments 2024-04-22 14:16:45 -05:00
mrjoelkamp
1b2f80d4c5 refactor: export oci 2024-04-22 12:51:10 -05:00
mrjoelkamp
bf2dff9f66 revert: add exported constants 2024-04-22 12:50:52 -05:00
mrjoelkamp
1813ab8a7a feat: add exported constants 2024-04-22 12:47:14 -05:00
mrjoelkamp
a3422b5331 feat: add policy, oci, attestation 2024-04-22 12:38:56 -05:00
mrjoelkamp
345a71b4df fix: move GetMockTL to tlog/mock.go 2024-04-19 10:24:25 -05:00