From 4a7af4ea1174176483d9bd61f093cd0f232481fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20Garc=C3=ADa=20Veytia=20=28Puerco=29?= Date: Wed, 8 Jun 2022 13:02:19 -0500 Subject: [PATCH] Add CycloneDX predicate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit adds CycloneDX as a recognized predicate type Signed-off-by: Adolfo GarcĂ­a Veytia (Puerco) --- in_toto/model.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/in_toto/model.go b/in_toto/model.go index 9a5fa433..25e12c03 100644 --- a/in_toto/model.go +++ b/in_toto/model.go @@ -79,6 +79,8 @@ const ( // The SPDX mandates 'spdxVersion' field, so predicate type can omit // version. PredicateSPDX = "https://spdx.dev/Document" + // PredicateCycloneDX represents a CycloneDX SBOM + PredicateCycloneDX = "https://cyclonedx.org/schema" // PredicateLinkV1 represents an in-toto 0.9 link. PredicateLinkV1 = "https://in-toto.io/Link/v1" ) @@ -1008,6 +1010,16 @@ type SPDXStatement struct { Predicate interface{} `json:"predicate"` } +/* +CycloneDXStatement defines a cyclonedx sbom in the predicate. It is not +currently serialized just as its SPDX counterpart. It is an empty +interface, like the generic Statement. +*/ +type CycloneDXStatement struct { + StatementHeader + Predicate interface{} `json:"predicate"` +} + /* DSSESigner provides signature generation and validation based on the SSL Signing Spec: https://github.com/secure-systems-lab/signing-spec