Add CycloneDX predicate

This commit adds CycloneDX as a recognized predicate type Signed-off-by: Adolfo García Veytia (Puerco) <[email protected]>
in-toto · Jun 8, 2022 · 4a7af4e · 4a7af4e
1 parent 07976bf
commit 4a7af4e
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/in_toto/model.go b/in_toto/model.go
@@ -79,6 +79,8 @@ const (
 	// The SPDX mandates 'spdxVersion' field, so predicate type can omit
 	// version.
 	PredicateSPDX = "https://spdx.dev/Document"
+	// PredicateCycloneDX represents a CycloneDX SBOM
+	PredicateCycloneDX = "https://cyclonedx.org/schema"
 	// PredicateLinkV1 represents an in-toto 0.9 link.
 	PredicateLinkV1 = "https://in-toto.io/Link/v1"
 )
@@ -1008,6 +1010,16 @@ type SPDXStatement struct {
 	Predicate interface{} `json:"predicate"`
 }
 
+/*
+CycloneDXStatement defines a cyclonedx sbom in the predicate. It is not
+currently serialized just as its SPDX counterpart. It is an empty
+interface, like the generic Statement.
+*/
+type CycloneDXStatement struct {
+	StatementHeader
+	Predicate interface{} `json:"predicate"`
+}
+
 /*
 DSSESigner provides signature generation and validation based on the SSL
 Signing Spec: https://github.com/secure-systems-lab/signing-spec