Skip to content

Commit

Permalink
chore(deps): CycloneDX PredicateType changed to use in-toto-golang (#…
Browse files Browse the repository at this point in the history
…2067)

Signed-off-by: masahiro331 <[email protected]>
  • Loading branch information
masahiro331 authored Jul 14, 2022
1 parent 30fdd54 commit 6128269
Show file tree
Hide file tree
Showing 5 changed files with 6 additions and 14 deletions.
2 changes: 1 addition & 1 deletion cmd/cosign/cli/options/predicate.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ var PredicateTypeMap = map[string]string{
PredicateSLSA: slsa.PredicateSLSAProvenance,
PredicateSPDX: in_toto.PredicateSPDX,
PredicateSPDXJSON: in_toto.PredicateSPDX,
PredicateCycloneDX: attestation.PredicateCycloneDX,
PredicateCycloneDX: in_toto.PredicateCycloneDX,
PredicateLink: in_toto.PredicateLinkV1,
PredicateVuln: attestation.CosignVulnProvenanceV01,
}
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ require (
github.com/hashicorp/hcl v1.0.0
github.com/hashicorp/vault/sdk v0.5.2
github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87
github.com/in-toto/in-toto-golang v0.3.4-0.20211211042327-af1f9fb822bf
github.com/in-toto/in-toto-golang v0.3.4-0.20220709202702-fa494aaa0add
github.com/kelseyhightower/envconfig v1.4.0
github.com/letsencrypt/boulder v0.0.0-20220331220046-b23ab962616e
github.com/manifoldco/promptui v0.9.0
Expand Down
3 changes: 2 additions & 1 deletion go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -1383,8 +1383,9 @@ github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH
github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
github.com/in-toto/in-toto-golang v0.3.4-0.20211211042327-af1f9fb822bf h1:FU8tuL4IWx/Hq55AO4+13AZn3Kd6uk3Z44OCIZ9coTw=
github.com/in-toto/in-toto-golang v0.3.4-0.20211211042327-af1f9fb822bf/go.mod h1:twl9XmClqj6/h/HANQQYaJZVKPPW/Mz53bd2t6UXGQA=
github.com/in-toto/in-toto-golang v0.3.4-0.20220709202702-fa494aaa0add h1:DAh7mHiRT7wc6kKepYdCpH16ElPciMPQWJaJ7H3l/ng=
github.com/in-toto/in-toto-golang v0.3.4-0.20220709202702-fa494aaa0add/go.mod h1:DQI8vlV6h6qSY/tCOoYKtxjWrkyiNpJ3WTV/WoBllmQ=
github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo=
Expand Down
11 changes: 1 addition & 10 deletions pkg/cosign/attestation/attestation.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,6 @@ const (

// CosignVulnProvenanceV01 specifies the type of VulnerabilityScan Predicate
CosignVulnProvenanceV01 = "cosign.sigstore.dev/attestation/vuln/v1"

// PredicateCycloneDX represents a SBOM using the CycloneDX standard.
PredicateCycloneDX = "https://cyclonedx.org/schema"
)

// CosignPredicate specifies the format of the Custom Predicate.
Expand All @@ -61,12 +58,6 @@ type CosignVulnStatement struct {
Predicate CosignVulnPredicate `json:"predicate"`
}

// TODO: upstream to in-toto
type CycloneDXStatement struct {
in_toto.StatementHeader
Predicate interface{} `json:"predicate"`
}

type Invocation struct {
Parameters interface{} `json:"parameters"`
URI string `json:"uri"`
Expand Down Expand Up @@ -262,7 +253,7 @@ func generateCycloneDXStatement(rawPayload []byte, digest string, repo string) (
return nil, err
}
return in_toto.SPDXStatement{
StatementHeader: generateStatementHeader(digest, repo, PredicateCycloneDX),
StatementHeader: generateStatementHeader(digest, repo, in_toto.PredicateCycloneDX),
Predicate: CosignPredicate{
Data: data,
},
Expand Down
2 changes: 1 addition & 1 deletion pkg/policy/attestation.go
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ func AttestationToPayloadJSON(ctx context.Context, predicateType string, verifie
return nil, fmt.Errorf("marshaling SPDXStatement: %w", err)
}
case options.PredicateCycloneDX:
var cyclonedxStatement attestation.CycloneDXStatement
var cyclonedxStatement in_toto.CycloneDXStatement
if err := json.Unmarshal(decodedPayload, &cyclonedxStatement); err != nil {
return nil, fmt.Errorf("unmarshaling CycloneDXStatement: %w", err)
}
Expand Down

0 comments on commit 6128269

Please sign in to comment.