docker/attest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77 Commits 1 Branch 35 Tags
v0.1.4
Commit Graph

77 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonny Stoten
6397dcede8 Check version of attest against constraints in TUF (#19) 
* Check version of attest against constraints in TUF

* Add link to semver lib constraints docs
v0.1.4 		2024-05-22 17:02:25 +01:00
Jonny Stoten
1a7897a052 Return VSA and rich errors from verification (#38) 
* Start of richer results from verification

* Pull out VSA code from signing

* Expose attestation signing fns

* Add VSA test

* Notes for policy result

* Require separate policy for VSA creation

* Load test signing key from tests

* Return rich object from policy

* Add result object schema and fix tests

* Ensure example test runs

* Remove data.yaml files from mock policies

* Don't run example - TUF policy isn't compatible

* Add attestation to manifests for all subjects

* Ensure adding attestation doesn't touch statements

* Don't export sign function

* Remove attestations from VerificationResult

* Change bool to Outcome enum in result

* Use outputLayout directly

* Make clearer that Outcome strings are for VSA

* Return multiple SLSA levels from policy

* Fix unmarshalling of policy-id (#39)

* Rename function

* Rename policy.VerificationResult -> policy.Result

* Re-add test for canonical input

---------

Co-authored-by: James Carnegie <james.carnegie@docker.com>
Co-authored-by: James Carnegie <kipz@users.noreply.github.com>
 2024-05-22 14:49:23 +01:00
James Carnegie
745eea09e8 Fix image detection based on platform (#33) 2024-05-20 09:37:53 +01:00
dependabot[bot]
84d7903c46 feat(deps): bump github.com/containerd/containerd from 1.7.16 to 1.7.17 (#35) 2024-05-17 17:19:30 +00:00
dependabot[bot]
7234e29829 feat(deps): bump github.com/package-url/packageurl-go (#36) 2024-05-17 17:14:13 +00:00
Joel Kamp
b46f544f0c Merge pull request #34 from docker/dependabot/go_modules/github.com/aws/aws-sdk-go-v2/config-1.27.15 
feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.14 to 1.27.15
 2024-05-17 12:13:31 -05:00
dependabot[bot]
85d7b34e18 feat(deps): bump github.com/aws/aws-sdk-go-v2/config 
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.27.14 to 1.27.15.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.14...config/v1.27.15)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-05-17 17:07:46 +00:00
Joel Kamp
c416c11e10 Merge pull request #37 from docker/fix-is-canonical-policy 
fix: canonical policy
 2024-05-17 09:34:27 -05:00
mrjoelkamp
0020ece3b4 fix: canonical policy 2024-05-17 09:29:06 -05:00
James Carnegie
ec1c994f04 Use id/policy-id in mapping.yaml (#32) 2024-05-16 15:34:19 +01:00
James Carnegie
6ebf042966 Upgrade some deps to fix vulnerabilities (#31) 2024-05-16 15:22:30 +01:00
James Carnegie
a86c8c1209 Use policy files from mapping.yaml (#30) 
* Use policy files from mapping.yaml

* Rename location to root in mapping.yaml

* Remove location/root
 2024-05-16 14:49:57 +01:00
dependabot[bot]
dd621e2a13 feat(deps): bump github.com/aws/aws-sdk-go-v2/config (#29) 2024-05-16 13:12:49 +00:00
Joel Kamp
b05523e7ea Merge pull request #28 from docker/fix-missing-download-dir 
fix: no such directory error
 2024-05-15 18:06:19 -05:00
mrjoelkamp
eddb277d7e feat: add tuf download target tests 2024-05-15 16:22:35 -05:00
mrjoelkamp
a103e0e9d7 revert: query 2024-05-15 15:23:22 -05:00
mrjoelkamp
249cf5bcf3 fix: query 2024-05-15 15:21:54 -05:00
mrjoelkamp
33a1996b2b fix: no such directory error 2024-05-15 14:47:20 -05:00
Joel Kamp
1b24098027 Merge pull request #27 from docker/revert-forked-go-tuf 
revert: go-tuf fork
 2024-05-13 10:02:53 -05:00
mrjoelkamp
64f3c9b149 revert: go-tuf fork 2024-05-13 09:48:04 -05:00
dependabot[bot]
3ee718ee67 feat(deps): bump github.com/aws/aws-sdk-go-v2/config (#26) 
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.27.12 to 1.27.13.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.12...config/v1.27.13)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-13 09:54:32 +01:00
dependabot[bot]
06947cf992 feat(deps): bump github.com/aws/aws-sdk-go-v2/config (#21) 
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.27.11 to 1.27.12.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.11...config/v1.27.12)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-10 12:15:15 +01:00
dependabot[bot]
4648680a75 feat(deps): bump github.com/testcontainers/testcontainers-go/modules/registry (#24) 
Bumps [github.com/testcontainers/testcontainers-go/modules/registry](https://github.com/testcontainers/testcontainers-go) from 0.30.0 to 0.31.0.
- [Release notes](https://github.com/testcontainers/testcontainers-go/releases)
- [Commits](https://github.com/testcontainers/testcontainers-go/compare/v0.30.0...v0.31.0)

---
updated-dependencies:
- dependency-name: github.com/testcontainers/testcontainers-go/modules/registry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-10 12:14:52 +01:00
Jonny Stoten
17902c4eb8 Merge pull request #20 from docker/small-tidies 
Small tidies
 2024-05-08 15:54:31 +01:00
Jonny Stoten
bd6d130e17 Don't use builtin print function 2024-05-08 13:12:40 +01:00
Jonny Stoten
bd849d9b43 Simplify some string concats 2024-05-08 13:09:25 +01:00
Jonny Stoten
8d45522fe8 Use assert.NoError for nil checks on errors 2024-05-08 13:09:25 +01:00
Jonny Stoten
da22f71207 Use maps.Clone from stdlib 2024-05-08 13:09:25 +01:00
Jonny Stoten
c69a9586c5 Remove string contains func (it's in the stdlib) 2024-05-08 13:09:25 +01:00
Jonny Stoten
e3d02ab2e1 Simplify and rename hash functions 2024-05-08 13:09:25 +01:00
Jonny Stoten
d5b059043f Merge pull request #18 from docker/docs--update-examples-in-README.md 
docs: update examples in README.md
 2024-05-08 13:04:56 +01:00
mrjoelkamp
54996b3c0b docs: pr comments 2024-05-02 16:07:04 -05:00
Joel Kamp
4566ea56b3 Update pkg/attest/example_verify_test.go 
Co-authored-by: David Dooling <141646279+whalelines@users.noreply.github.com>
 2024-05-02 15:57:27 -05:00
Joel Kamp
20dd9da7c0 Update pkg/attest/example_verify_test.go 
Co-authored-by: David Dooling <141646279+whalelines@users.noreply.github.com>
 2024-05-02 15:57:19 -05:00
Joel Kamp
3aa738b246 Update pkg/tuf/example_registry_test.go 
Co-authored-by: David Dooling <141646279+whalelines@users.noreply.github.com>
 2024-05-02 15:57:11 -05:00
Joel Kamp
c99f90cbbf docs: update examples in README.md 2024-05-02 13:49:14 -05:00
mrjoelkamp
3701942bf1 docs: update examples in README.md 2024-05-02 13:35:57 -05:00
James Carnegie
0cadeefe6f Fix query and tests (#17) 2024-05-02 16:03:59 +01:00
James Carnegie
bc7139deaa Move policy mock for external use (#16) 2024-05-02 14:46:21 +01:00
James Carnegie
b461c7f8d8 Revert "revert: rego evaluator result" (#15) 
This reverts commit 0126ba9a0b.
 2024-05-02 11:36:29 +01:00
Joel Kamp
f6245405ee Merge pull request #13 from docker/feat--add-attest-sign/verify 
feat: add attest sign/verify
v0.1.3 		2024-04-30 16:29:09 -05:00
mrjoelkamp
3e0086e7e2 docs: prioritize verification over signing 2024-04-30 16:09:45 -05:00
mrjoelkamp
34fcb0ca6d chore: rename SignIndexAttestations to just Sign 2024-04-30 15:55:21 -05:00
mrjoelkamp
6b8c5b56bc fix: default to v1.ImageIndex for *mutate.index support 2024-04-30 15:46:55 -05:00
mrjoelkamp
8cbdf6d4de docs: update README.md 2024-04-30 15:45:36 -05:00
mrjoelkamp
0126ba9a0b revert: rego evaluator result 2024-04-30 13:13:30 -05:00
mrjoelkamp
80f72a0059 refactor: SignIndexAttestations 2024-04-30 12:23:07 -05:00
mrjoelkamp
94d7f99c3c refactor: remove evelopeStyle 2024-04-30 09:34:36 -05:00
James Carnegie
90393ea6fd Return results from rego evaluation (#14) 2024-04-30 15:32:52 +01:00
mrjoelkamp
fb1a43acfd feat: add attest sign/verify 2024-04-29 16:17:58 -05:00