-
Notifications
You must be signed in to change notification settings - Fork 139
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Philip Harrison <[email protected]>
- Loading branch information
Showing
1 changed file
with
23 additions
and
24 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -97,64 +97,63 @@ the git ref that the workflow run was based upon. | |
| This specifies the username identity in the OtherName Subject Alternative Name, as | ||
| defined by [RFC5280 4.2.1.6](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6). | ||
|
|
||
| ### 1.3.6.1.4.1.57264.1.8 | Build Signer URI | ||
|
|
||
| ### 1.3.6.1.4.1.57264.1.8 | Source Repository URI | ||
| Reference to specific build instructions that are responsible for signing. SHOULD be fully qualified. MAY be the same as Build Config URI. Build Signer URI is also included in the Subject Alternative Name. | ||
|
|
||
| For example a reusable workflow ref in GitHub Actions or a Circle CI Orb name/version. For example: `https://github.com/slsa-framework/slsa-github-generator/.github/workflows/[email protected]`. | ||
|
|
||
| ### 1.3.6.1.4.1.57264.1.9 | Build Signer Digest | ||
|
|
||
| Immutable reference to the specific version of the build instructions that is responsible for signing. For example: `abc123` git commit SHA. | ||
|
|
||
| ### 1.3.6.1.4.1.57264.1.10 | Runner Environment | ||
|
|
||
| Runner Environment specifying whether the build took place in platform-hosted cloud infrastructure or customer/self-hosted infrastructure. For example: `[platform]-hosted` and `self-hosted`. | ||
|
|
||
| ### 1.3.6.1.4.1.57264.1.11 | Source Repository URI | ||
|
|
||
| Source repository URL that the build was based on. SHOULD be fully qualified. For example: `https://example.com/owner/repository`. | ||
|
|
||
| ### 1.3.6.1.4.1.57264.1.9 | Source Repository Digest | ||
| ### 1.3.6.1.4.1.57264.1.12 | Source Repository Digest | ||
|
|
||
| Immutable reference to a specific version of the source code that the build | ||
| was based upon. For example: `abc123` git commit SHA. | ||
|
|
||
| ### 1.3.6.1.4.1.57264.1.10 | Source Repository Ref | ||
| ### 1.3.6.1.4.1.57264.1.13 | Source Repository Ref | ||
|
|
||
| Source Repository Ref that the build run was based upon. For example: `refs/head/main` git branch or tag. | ||
|
|
||
| ### 1.3.6.1.4.1.57264.1.11 | Source Repository Identifier | ||
| ### 1.3.6.1.4.1.57264.1.14 | Source Repository Identifier | ||
|
|
||
| Immutable identifier for the source repository the workflow was based upon. MAY be empty if the Source Repository URI is immutable. For example: `1234` if using a primary key. | ||
|
|
||
| ### 1.3.6.1.4.1.57264.1.12 | Source Repository Owner URI | ||
| ### 1.3.6.1.4.1.57264.1.15 | Source Repository Owner URI | ||
|
|
||
| Source repository owner URL of the owner of the source repository that the build was based | ||
| on. SHOULD be fully qualified. MAY be empty if there is no Source Repository Owner. For example: `https://example.com/owner` | ||
|
|
||
| ### 1.3.6.1.4.1.57264.1.13 | Source Repository Owner Identifier | ||
| ### 1.3.6.1.4.1.57264.1.16 | Source Repository Owner Identifier | ||
|
|
||
| Immutable identifier for the owner of the source repository that the workflow was based upon. MAY be empty if there is no Source Repository Owner or Source Repository Owner URI is immutable. For example: `5678` if using a primary key. | ||
|
|
||
| ### 1.3.6.1.4.1.57264.1.14 | Build Config URI | ||
| ### 1.3.6.1.4.1.57264.1.17 | Build Config URI | ||
|
|
||
| Build Config URL to the top-level/initiating build instructions. SHOULD be fully qualified. For example: `https://example.com/owner/repository/build-config.yml`. | ||
|
|
||
| ### 1.3.6.1.4.1.57264.1.15 | Build Config Digest | ||
| ### 1.3.6.1.4.1.57264.1.18 | Build Config Digest | ||
|
|
||
| Immutable reference to the specific version of the top-level/initiating build | ||
| instructions. For example: `abc123` git commit SHA. | ||
|
|
||
| ### 1.3.6.1.4.1.57264.1.16 | Build Signer URI | ||
|
|
||
| Reference to specific build instructions that are responsible for signing. SHOULD be fully qualified. MAY be the same as Build Config URI. Build Signer URI is also included in the Subject Alternative Name. | ||
|
|
||
| For example a reusable workflow ref in GitHub Actions or a Circle CI Orb name/version. For example: `https://github.com/slsa-framework/slsa-github-generator/.github/workflows/[email protected]`. | ||
|
|
||
| ### 1.3.6.1.4.1.57264.1.17 | Build Signer Digest | ||
|
|
||
| Immutable reference to the specific version of the build instructions that is responsible for signing. For example: `abc123` git commit SHA. | ||
|
|
||
| ### 1.3.6.1.4.1.57264.1.18 | Build Trigger | ||
| ### 1.3.6.1.4.1.57264.1.19 | Build Trigger | ||
|
|
||
| Event or action that initiated the build. For example: `push`. | ||
|
|
||
| ### 1.3.6.1.4.1.57264.1.19 | Run Invocation URI | ||
| ### 1.3.6.1.4.1.57264.1.20 | Run Invocation URI | ||
|
|
||
| Run Invocation URL to uniquely identify the build execution. SHOULD be fully qualified. For example: `https://github.com/example/repository/actions/runs/1536140711/attempts/1`. | ||
|
|
||
| ### 1.3.6.1.4.1.57264.1.20 | Runner Environment | ||
|
|
||
| Runner Environment specifying whether the build took place in platform-hosted cloud infrastructure or customer/self-hosted infrastructure. For example: `[platform]-hosted` and `self-hosted`. | ||
|
|
||
| ## 1.3.6.1.4.1.57264.2 | Policy OID for Sigstore Timestamp Authority | ||
|
|
||
| Not used by Fulcio. This specifies the policy OID for the [timestamp authority](https://github.com/sigstore/timestamp-authority) | ||
|
|
||