diff --git a/README.md b/README.md index 9e6f2fa..a1a5edd 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,7 @@ illustrative purposes, and should not be used in production. [in-toto Attestation Framework]: https://github.com/in-toto/attestation/tree/main/spec [intro doc]: docs/intro.md -[KubeCon + CloudNativeCon NA '23]: docs/kccncna2023.md +[KubeCon + CloudNativeCon NA '23]: kccncna2023-demo/README.md [usage doc]: docs/usage.md [SCAI specification]: https://github.com/in-toto/attestation/blob/main/spec/predicates/scai.md [SCAI spec doc]: https://arxiv.org/pdf/2210.05813.pdf diff --git a/docs/kccncna2023.md b/kccncna2023-demo/README.md similarity index 100% rename from docs/kccncna2023.md rename to kccncna2023-demo/README.md diff --git a/kccncna2023-demo/attestations/build.e060fc8d.json b/kccncna2023-demo/attestations/build.e060fc8d.json new file mode 100644 index 0000000..8f2aee9 --- /dev/null +++ b/kccncna2023-demo/attestations/build.e060fc8d.json @@ -0,0 +1 @@ +{"payloadType":"application/vnd.in-toto+json","payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsInN1YmplY3QiOlt7Im5hbWUiOiJwZG9fY2xpZW50X3dhd2FrYSIsImRpZ2VzdCI6eyJzaGEyNTYiOiIwMmMxY2E0Mjc0YTM0NmE3M2QwZTMyOTBmNzhlMWJjOGQ1Y2UxNjNkMWY0OGY1YWZkNTU5MTI3MmFiOWI0NTAwIn19XSwicHJlZGljYXRlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvc2xzYS1naXRodWItZ2VuZXJhdG9yLy5naXRodWIvd29ya2Zsb3dzL2dlbmVyYXRvcl9nZW5lcmljX3Nsc2EzLnltbEByZWZzL3RhZ3MvdjEuNy4wIn0sImJ1aWxkVHlwZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9zbHNhLWdpdGh1Yi1nZW5lcmF0b3IvZ2VuZXJpY0B2MSIsImludm9jYXRpb24iOnsiY29uZmlnU291cmNlIjp7InVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb20vbWFyY2VsYW1lbGFyYS9wcml2YXRlLWRhdGEtb2JqZWN0c0ByZWZzL2hlYWRzL2ludG90by1rY2NuY25hMjAyMy1kZW1vIiwiZGlnZXN0Ijp7InNoYTEiOiJmMzJhNTJkNTllMWRlMWJjYmU3ZjY1NzFkM2FhOWExZWE3MTlhMjhhIn0sImVudHJ5UG9pbnQiOiIuZ2l0aHViL3dvcmtmbG93cy9pbnRvdG8ta2NjbmNuYTIwMjMtZGVtby55bWwifSwicGFyYW1ldGVycyI6e30sImVudmlyb25tZW50Ijp7ImdpdGh1Yl9hY3RvciI6Im1hcmNlbGFtZWxhcmEiLCJnaXRodWJfYWN0b3JfaWQiOiI5Mzc5Nzg5OCIsImdpdGh1Yl9iYXNlX3JlZiI6IiIsImdpdGh1Yl9ldmVudF9uYW1lIjoicHVzaCIsImdpdGh1Yl9ldmVudF9wYXlsb2FkIjp7ImFmdGVyIjoiZjMyYTUyZDU5ZTFkZTFiY2JlN2Y2NTcxZDNhYTlhMWVhNzE5YTI4YSIsImJhc2VfcmVmIjoicmVmcy9oZWFkcy9rdWJlY29uTkEyMy1pbnRvdG8tZGVtbyIsImJlZm9yZSI6IjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAiLCJjb21taXRzIjpbXSwiY29tcGFyZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9tYXJjZWxhbWVsYXJhL3ByaXZhdGUtZGF0YS1vYmplY3RzL2NvbXBhcmUvaW50b3RvLWtjY25jbmEyMDIzLWRlbW8iLCJjcmVhdGVkIjp0cnVlLCJkZWxldGVkIjpmYWxzZSwiZm9yY2VkIjpmYWxzZSwiaGVhZF9jb21taXQiOnsiYXV0aG9yIjp7ImVtYWlsIjoibWFyY2VsYS5tZWxhcmFAaW50ZWwuY29tIiwibmFtZSI6Ik1hcmNlbGEgTWVsYXJhIiwidXNlcm5hbWUiOiJtYXJjZWxhbWVsYXJhIn0sImNvbW1pdHRlciI6eyJlbWFpbCI6Im1hcmNlbGEubWVsYXJhQGludGVsLmNvbSIsIm5hbWUiOiJNYXJjZWxhIE1lbGFyYSIsInVzZXJuYW1lIjoibWFyY2VsYW1lbGFyYSJ9LCJkaXN0aW5jdCI6dHJ1ZSwiaWQiOiJmMzJhNTJkNTllMWRlMWJjYmU3ZjY1NzFkM2FhOWExZWE3MTlhMjhhIiwibWVzc2FnZSI6IkFkZCBLdWJlQ29uIE5BICcyMyBkZW1vIGJ1aWxkIHdvcmtmbG93XG5cblNpZ25lZC1vZmYtYnk6IE1hcmNlbGEgTWVsYXJhIFx1MDAzY21hcmNlbGEubWVsYXJhQGludGVsLmNvbVx1MDAzZSIsInRpbWVzdGFtcCI6IjIwMjMtMTEtMDJUMTA6MTQ6MjAtMDc6MDAiLCJ0cmVlX2lkIjoiYjk0ODljNTZmZWJlOTE0ZGEzYzkwY2Y5ZDE0YjJlZWRhMWVjNTY1MyIsInVybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9tYXJjZWxhbWVsYXJhL3ByaXZhdGUtZGF0YS1vYmplY3RzL2NvbW1pdC9mMzJhNTJkNTllMWRlMWJjYmU3ZjY1NzFkM2FhOWExZWE3MTlhMjhhIn0sInB1c2hlciI6eyJlbWFpbCI6Im1hcmNlbGEubWVsYXJhQGludGVsLmNvbSIsIm5hbWUiOiJtYXJjZWxhbWVsYXJhIn0sInJlZiI6InJlZnMvaGVhZHMvaW50b3RvLWtjY25jbmEyMDIzLWRlbW8iLCJyZXBvc2l0b3J5Ijp7ImFsbG93X2ZvcmtpbmciOnRydWUsImFyY2hpdmVfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9tYXJjZWxhbWVsYXJhL3ByaXZhdGUtZGF0YS1vYmplY3RzL3thcmNoaXZlX2Zvcm1hdH17L3JlZn0iLCJhcmNoaXZlZCI6ZmFsc2UsImFzc2lnbmVlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL21hcmNlbGFtZWxhcmEvcHJpdmF0ZS1kYXRhLW9iamVjdHMvYXNzaWduZWVzey91c2VyfSIsImJsb2JzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbWFyY2VsYW1lbGFyYS9wcml2YXRlLWRhdGEtb2JqZWN0cy9naXQvYmxvYnN7L3NoYX0iLCJicmFuY2hlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL21hcmNlbGFtZWxhcmEvcHJpdmF0ZS1kYXRhLW9iamVjdHMvYnJhbmNoZXN7L2JyYW5jaH0iLCJjbG9uZV91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vbWFyY2VsYW1lbGFyYS9wcml2YXRlLWRhdGEtb2JqZWN0cy5naXQiLCJjb2xsYWJvcmF0b3JzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbWFyY2VsYW1lbGFyYS9wcml2YXRlLWRhdGEtb2JqZWN0cy9jb2xsYWJvcmF0b3Jzey9jb2xsYWJvcmF0b3J9IiwiY29tbWVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9tYXJjZWxhbWVsYXJhL3ByaXZhdGUtZGF0YS1vYmplY3RzL2NvbW1lbnRzey9udW1iZXJ9IiwiY29tbWl0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL21hcmNlbGFtZWxhcmEvcHJpdmF0ZS1kYXRhLW9iamVjdHMvY29tbWl0c3svc2hhfSIsImNvbXBhcmVfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9tYXJjZWxhbWVsYXJhL3ByaXZhdGUtZGF0YS1vYmplY3RzL2NvbXBhcmUve2Jhc2V9Li4ue2hlYWR9IiwiY29udGVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9tYXJjZWxhbWVsYXJhL3ByaXZhdGUtZGF0YS1vYmplY3RzL2NvbnRlbnRzL3srcGF0aH0iLCJjb250cmlidXRvcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9tYXJjZWxhbWVsYXJhL3ByaXZhdGUtZGF0YS1vYmplY3RzL2NvbnRyaWJ1dG9ycyIsImNyZWF0ZWRfYXQiOjE1ODAxNTg1MzQsImRlZmF1bHRfYnJhbmNoIjoibWFpbiIsImRlcGxveW1lbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbWFyY2VsYW1lbGFyYS9wcml2YXRlLWRhdGEtb2JqZWN0cy9kZXBsb3ltZW50cyIsImRlc2NyaXB0aW9uIjoiVGhlIFByaXZhdGUgRGF0YSBPYmplY3RzIGxhYiBwcm92aWRlcyB0ZWNobm9sb2d5IGZvciBjb25maWRlbnRpYWxpdHktcHJlc2VydmluZywgb2ZmLWNoYWluIHNtYXJ0IGNvbnRyYWN0cy4iLCJkaXNhYmxlZCI6ZmFsc2UsImRvd25sb2Fkc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL21hcmNlbGFtZWxhcmEvcHJpdmF0ZS1kYXRhLW9iamVjdHMvZG93bmxvYWRzIiwiZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbWFyY2VsYW1lbGFyYS9wcml2YXRlLWRhdGEtb2JqZWN0cy9ldmVudHMiLCJmb3JrIjp0cnVlLCJmb3JrcyI6MSwiZm9ya3NfY291bnQiOjEsImZvcmtzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbWFyY2VsYW1lbGFyYS9wcml2YXRlLWRhdGEtb2JqZWN0cy9mb3JrcyIsImZ1bGxfbmFtZSI6Im1hcmNlbGFtZWxhcmEvcHJpdmF0ZS1kYXRhLW9iamVjdHMiLCJnaXRfY29tbWl0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL21hcmNlbGFtZWxhcmEvcHJpdmF0ZS1kYXRhLW9iamVjdHMvZ2l0L2NvbW1pdHN7L3NoYX0iLCJnaXRfcmVmc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL21hcmNlbGFtZWxhcmEvcHJpdmF0ZS1kYXRhLW9iamVjdHMvZ2l0L3JlZnN7L3NoYX0iLCJnaXRfdGFnc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL21hcmNlbGFtZWxhcmEvcHJpdmF0ZS1kYXRhLW9iamVjdHMvZ2l0L3RhZ3N7L3NoYX0iLCJnaXRfdXJsIjoiZ2l0Oi8vZ2l0aHViLmNvbS9tYXJjZWxhbWVsYXJhL3ByaXZhdGUtZGF0YS1vYmplY3RzLmdpdCIsImhhc19kaXNjdXNzaW9ucyI6ZmFsc2UsImhhc19kb3dubG9hZHMiOnRydWUsImhhc19pc3N1ZXMiOmZhbHNlLCJoYXNfcGFnZXMiOmZhbHNlLCJoYXNfcHJvamVjdHMiOnRydWUsImhhc193aWtpIjp0cnVlLCJob21lcGFnZSI6bnVsbCwiaG9va3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9tYXJjZWxhbWVsYXJhL3ByaXZhdGUtZGF0YS1vYmplY3RzL2hvb2tzIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vbWFyY2VsYW1lbGFyYS9wcml2YXRlLWRhdGEtb2JqZWN0cyIsImlkIjoyMzY1OTI5MDgsImlzX3RlbXBsYXRlIjpmYWxzZSwiaXNzdWVfY29tbWVudF91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL21hcmNlbGFtZWxhcmEvcHJpdmF0ZS1kYXRhLW9iamVjdHMvaXNzdWVzL2NvbW1lbnRzey9udW1iZXJ9IiwiaXNzdWVfZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbWFyY2VsYW1lbGFyYS9wcml2YXRlLWRhdGEtb2JqZWN0cy9pc3N1ZXMvZXZlbnRzey9udW1iZXJ9IiwiaXNzdWVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbWFyY2VsYW1lbGFyYS9wcml2YXRlLWRhdGEtb2JqZWN0cy9pc3N1ZXN7L251bWJlcn0iLCJrZXlzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbWFyY2VsYW1lbGFyYS9wcml2YXRlLWRhdGEtb2JqZWN0cy9rZXlzey9rZXlfaWR9IiwibGFiZWxzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbWFyY2VsYW1lbGFyYS9wcml2YXRlLWRhdGEtb2JqZWN0cy9sYWJlbHN7L25hbWV9IiwibGFuZ3VhZ2UiOiJDKysiLCJsYW5ndWFnZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9tYXJjZWxhbWVsYXJhL3ByaXZhdGUtZGF0YS1vYmplY3RzL2xhbmd1YWdlcyIsImxpY2Vuc2UiOnsia2V5IjoiYXBhY2hlLTIuMCIsIm5hbWUiOiJBcGFjaGUgTGljZW5zZSAyLjAiLCJub2RlX2lkIjoiTURjNlRHbGpaVzV6WlRJPSIsInNwZHhfaWQiOiJBcGFjaGUtMi4wIiwidXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9saWNlbnNlcy9hcGFjaGUtMi4wIn0sIm1hc3Rlcl9icmFuY2giOiJtYWluIiwibWVyZ2VzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbWFyY2VsYW1lbGFyYS9wcml2YXRlLWRhdGEtb2JqZWN0cy9tZXJnZXMiLCJtaWxlc3RvbmVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbWFyY2VsYW1lbGFyYS9wcml2YXRlLWRhdGEtb2JqZWN0cy9taWxlc3RvbmVzey9udW1iZXJ9IiwibWlycm9yX3VybCI6bnVsbCwibmFtZSI6InByaXZhdGUtZGF0YS1vYmplY3RzIiwibm9kZV9pZCI6Ik1ERXdPbEpsY0c5emFYUnZjbmt5TXpZMU9USTVNRGc9Iiwibm90aWZpY2F0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL21hcmNlbGFtZWxhcmEvcHJpdmF0ZS1kYXRhLW9iamVjdHMvbm90aWZpY2F0aW9uc3s/c2luY2UsYWxsLHBhcnRpY2lwYXRpbmd9Iiwib3Blbl9pc3N1ZXMiOjAsIm9wZW5faXNzdWVzX2NvdW50IjowLCJvd25lciI6eyJhdmF0YXJfdXJsIjoiaHR0cHM6Ly9hdmF0YXJzLmdpdGh1YnVzZXJjb250ZW50LmNvbS91LzkzNzk3ODk4P3Y9NCIsImVtYWlsIjoibWFyY2VsYS5tZWxhcmFAaW50ZWwuY29tIiwiZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbWFyY2VsYW1lbGFyYS9ldmVudHN7L3ByaXZhY3l9IiwiZm9sbG93ZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbWFyY2VsYW1lbGFyYS9mb2xsb3dlcnMiLCJmb2xsb3dpbmdfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9tYXJjZWxhbWVsYXJhL2ZvbGxvd2luZ3svb3RoZXJfdXNlcn0iLCJnaXN0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL21hcmNlbGFtZWxhcmEvZ2lzdHN7L2dpc3RfaWR9IiwiZ3JhdmF0YXJfaWQiOiIiLCJodG1sX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9tYXJjZWxhbWVsYXJhIiwiaWQiOjkzNzk3ODk4LCJsb2dpbiI6Im1hcmNlbGFtZWxhcmEiLCJuYW1lIjoibWFyY2VsYW1lbGFyYSIsIm5vZGVfaWQiOiJVX2tnRE9CWmMtQ2ciLCJvcmdhbml6YXRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbWFyY2VsYW1lbGFyYS9vcmdzIiwicmVjZWl2ZWRfZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbWFyY2VsYW1lbGFyYS9yZWNlaXZlZF9ldmVudHMiLCJyZXBvc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL21hcmNlbGFtZWxhcmEvcmVwb3MiLCJzaXRlX2FkbWluIjpmYWxzZSwic3RhcnJlZF91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL21hcmNlbGFtZWxhcmEvc3RhcnJlZHsvb3duZXJ9ey9yZXBvfSIsInN1YnNjcmlwdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9tYXJjZWxhbWVsYXJhL3N1YnNjcmlwdGlvbnMiLCJ0eXBlIjoiVXNlciIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbWFyY2VsYW1lbGFyYSJ9LCJwcml2YXRlIjpmYWxzZSwicHVsbHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9tYXJjZWxhbWVsYXJhL3ByaXZhdGUtZGF0YS1vYmplY3RzL3B1bGxzey9udW1iZXJ9IiwicHVzaGVkX2F0IjoxNjk4OTQ1NTQ1LCJyZWxlYXNlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL21hcmNlbGFtZWxhcmEvcHJpdmF0ZS1kYXRhLW9iamVjdHMvcmVsZWFzZXN7L2lkfSIsInNpemUiOjM0ODAsInNzaF91cmwiOiJnaXRAZ2l0aHViLmNvbTptYXJjZWxhbWVsYXJhL3ByaXZhdGUtZGF0YS1vYmplY3RzLmdpdCIsInN0YXJnYXplcnMiOjAsInN0YXJnYXplcnNfY291bnQiOjAsInN0YXJnYXplcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9tYXJjZWxhbWVsYXJhL3ByaXZhdGUtZGF0YS1vYmplY3RzL3N0YXJnYXplcnMiLCJzdGF0dXNlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL21hcmNlbGFtZWxhcmEvcHJpdmF0ZS1kYXRhLW9iamVjdHMvc3RhdHVzZXMve3NoYX0iLCJzdWJzY3JpYmVyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL21hcmNlbGFtZWxhcmEvcHJpdmF0ZS1kYXRhLW9iamVjdHMvc3Vic2NyaWJlcnMiLCJzdWJzY3JpcHRpb25fdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9tYXJjZWxhbWVsYXJhL3ByaXZhdGUtZGF0YS1vYmplY3RzL3N1YnNjcmlwdGlvbiIsInN2bl91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vbWFyY2VsYW1lbGFyYS9wcml2YXRlLWRhdGEtb2JqZWN0cyIsInRhZ3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9tYXJjZWxhbWVsYXJhL3ByaXZhdGUtZGF0YS1vYmplY3RzL3RhZ3MiLCJ0ZWFtc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL21hcmNlbGFtZWxhcmEvcHJpdmF0ZS1kYXRhLW9iamVjdHMvdGVhbXMiLCJ0b3BpY3MiOltdLCJ0cmVlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL21hcmNlbGFtZWxhcmEvcHJpdmF0ZS1kYXRhLW9iamVjdHMvZ2l0L3RyZWVzey9zaGF9IiwidXBkYXRlZF9hdCI6IjIwMjItMDEtMTFUMDE6MDQ6MzRaIiwidXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL21hcmNlbGFtZWxhcmEvcHJpdmF0ZS1kYXRhLW9iamVjdHMiLCJ2aXNpYmlsaXR5IjoicHVibGljIiwid2F0Y2hlcnMiOjAsIndhdGNoZXJzX2NvdW50IjowLCJ3ZWJfY29tbWl0X3NpZ25vZmZfcmVxdWlyZWQiOmZhbHNlfSwic2VuZGVyIjp7ImF2YXRhcl91cmwiOiJodHRwczovL2F2YXRhcnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3UvOTM3OTc4OTg/dj00IiwiZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbWFyY2VsYW1lbGFyYS9ldmVudHN7L3ByaXZhY3l9IiwiZm9sbG93ZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbWFyY2VsYW1lbGFyYS9mb2xsb3dlcnMiLCJmb2xsb3dpbmdfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9tYXJjZWxhbWVsYXJhL2ZvbGxvd2luZ3svb3RoZXJfdXNlcn0iLCJnaXN0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL21hcmNlbGFtZWxhcmEvZ2lzdHN7L2dpc3RfaWR9IiwiZ3JhdmF0YXJfaWQiOiIiLCJodG1sX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9tYXJjZWxhbWVsYXJhIiwiaWQiOjkzNzk3ODk4LCJsb2dpbiI6Im1hcmNlbGFtZWxhcmEiLCJub2RlX2lkIjoiVV9rZ0RPQlpjLUNnIiwib3JnYW5pemF0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL21hcmNlbGFtZWxhcmEvb3JncyIsInJlY2VpdmVkX2V2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL21hcmNlbGFtZWxhcmEvcmVjZWl2ZWRfZXZlbnRzIiwicmVwb3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9tYXJjZWxhbWVsYXJhL3JlcG9zIiwic2l0ZV9hZG1pbiI6ZmFsc2UsInN0YXJyZWRfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9tYXJjZWxhbWVsYXJhL3N0YXJyZWR7L293bmVyfXsvcmVwb30iLCJzdWJzY3JpcHRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbWFyY2VsYW1lbGFyYS9zdWJzY3JpcHRpb25zIiwidHlwZSI6IlVzZXIiLCJ1cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL21hcmNlbGFtZWxhcmEifX0sImdpdGh1Yl9oZWFkX3JlZiI6IiIsImdpdGh1Yl9yZWYiOiJyZWZzL2hlYWRzL2ludG90by1rY2NuY25hMjAyMy1kZW1vIiwiZ2l0aHViX3JlZl90eXBlIjoiYnJhbmNoIiwiZ2l0aHViX3JlcG9zaXRvcnlfaWQiOiIyMzY1OTI5MDgiLCJnaXRodWJfcmVwb3NpdG9yeV9vd25lciI6Im1hcmNlbGFtZWxhcmEiLCJnaXRodWJfcmVwb3NpdG9yeV9vd25lcl9pZCI6IjkzNzk3ODk4IiwiZ2l0aHViX3J1bl9hdHRlbXB0IjoiMSIsImdpdGh1Yl9ydW5faWQiOiI2NzM2MDUxMzQ5IiwiZ2l0aHViX3J1bl9udW1iZXIiOiIyIiwiZ2l0aHViX3NoYTEiOiJmMzJhNTJkNTllMWRlMWJjYmU3ZjY1NzFkM2FhOWExZWE3MTlhMjhhIn19LCJtZXRhZGF0YSI6eyJidWlsZEludm9jYXRpb25JRCI6IjY3MzYwNTEzNDktMSIsImNvbXBsZXRlbmVzcyI6eyJwYXJhbWV0ZXJzIjp0cnVlLCJlbnZpcm9ubWVudCI6ZmFsc2UsIm1hdGVyaWFscyI6ZmFsc2V9LCJyZXByb2R1Y2libGUiOmZhbHNlfSwibWF0ZXJpYWxzIjpbeyJ1cmkiOiJnaXQraHR0cHM6Ly9naXRodWIuY29tL21hcmNlbGFtZWxhcmEvcHJpdmF0ZS1kYXRhLW9iamVjdHNAcmVmcy9oZWFkcy9pbnRvdG8ta2NjbmNuYTIwMjMtZGVtbyIsImRpZ2VzdCI6eyJzaGExIjoiZjMyYTUyZDU5ZTFkZTFiY2JlN2Y2NTcxZDNhYTlhMWVhNzE5YTI4YSJ9fV19fQ==","signatures":[{"keyid":"","sig":"MEQCIByuHkfkBkK5VwGWxNXi6mDZ8uQINXYdchAqOhxJVu8rAiAZDNbKKWv5k73pINPluH/OYXGVyHJhcJ84GJQfLquK2Q==","cert":"-----BEGIN CERTIFICATE-----\nMIIHuDCCBz6gAwIBAgIUEjL+iKMGHDZx40JCEI4XmLPIOjwwCgYIKoZIzj0EAwMw\nNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRl\ncm1lZGlhdGUwHhcNMjMxMTAyMTczOTQ3WhcNMjMxMTAyMTc0OTQ3WjAAMFkwEwYH\nKoZIzj0CAQYIKoZIzj0DAQcDQgAEid/NZhyCdtz+W1WsJU/ECeWPY+WfKVVGm/yH\nOeOyF4teaUO8Ivwuk+tInihuNFXqARe6wz5FR4UmZekQjpXlLaOCBl0wggZZMA4G\nA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUu5vW\nz4Dh2uVQp3ywiFymVTGEKEYwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4Y\nZD8wgYQGA1UdEQEB/wR6MHiGdmh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1l\nd29yay9zbHNhLWdpdGh1Yi1nZW5lcmF0b3IvLmdpdGh1Yi93b3JrZmxvd3MvZ2Vu\nZXJhdG9yX2dlbmVyaWNfc2xzYTMueW1sQHJlZnMvdGFncy92MS43LjAwOQYKKwYB\nBAGDvzABAQQraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50\nLmNvbTASBgorBgEEAYO/MAECBARwdXNoMDYGCisGAQQBg78wAQMEKGYzMmE1MmQ1\nOWUxZGUxYmNiZTdmNjU3MWQzYWE5YTFlYTcxOWEyOGEwTAYKKwYBBAGDvzABBAQ+\nUHJpdmF0ZSBEYXRhIE9iamVjdHMgKFBETykgYnVpbGQgd2l0aCBTVyBzdXBwbHkg\nY2hhaW4gbWV0YWRhdGEwMAYKKwYBBAGDvzABBQQibWFyY2VsYW1lbGFyYS9wcml2\nYXRlLWRhdGEtb2JqZWN0czAwBgorBgEEAYO/MAEGBCJyZWZzL2hlYWRzL2ludG90\nby1rY2NuY25hMjAyMy1kZW1vMDsGCisGAQQBg78wAQgELQwraHR0cHM6Ly90b2tl\nbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbTCBhgYKKwYBBAGDvzABCQR4\nDHZodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvc2xzYS1naXRodWIt\nZ2VuZXJhdG9yLy5naXRodWIvd29ya2Zsb3dzL2dlbmVyYXRvcl9nZW5lcmljX3Ns\nc2EzLnltbEByZWZzL3RhZ3MvdjEuNy4wMDgGCisGAQQBg78wAQoEKgwoZTU1Yjc2\nY2U0MjEwODJkZmE0YjM0YTZhYzNjNWU1OWRlMGYzYmI1ODAdBgorBgEEAYO/MAEL\nBA8MDWdpdGh1Yi1ob3N0ZWQwRQYKKwYBBAGDvzABDAQ3DDVodHRwczovL2dpdGh1\nYi5jb20vbWFyY2VsYW1lbGFyYS9wcml2YXRlLWRhdGEtb2JqZWN0czA4BgorBgEE\nAYO/MAENBCoMKGYzMmE1MmQ1OWUxZGUxYmNiZTdmNjU3MWQzYWE5YTFlYTcxOWEy\nOGEwMgYKKwYBBAGDvzABDgQkDCJyZWZzL2hlYWRzL2ludG90by1rY2NuY25hMjAy\nMy1kZW1vMBkGCisGAQQBg78wAQ8ECwwJMjM2NTkyOTA4MDAGCisGAQQBg78wARAE\nIgwgaHR0cHM6Ly9naXRodWIuY29tL21hcmNlbGFtZWxhcmEwGAYKKwYBBAGDvzAB\nEQQKDAg5Mzc5Nzg5ODCBmAYKKwYBBAGDvzABEgSBiQyBhmh0dHBzOi8vZ2l0aHVi\nLmNvbS9tYXJjZWxhbWVsYXJhL3ByaXZhdGUtZGF0YS1vYmplY3RzLy5naXRodWIv\nd29ya2Zsb3dzL2ludG90by1rY2NuY25hMjAyMy1kZW1vLnltbEByZWZzL2hlYWRz\nL2ludG90by1rY2NuY25hMjAyMy1kZW1vMDgGCisGAQQBg78wARMEKgwoZjMyYTUy\nZDU5ZTFkZTFiY2JlN2Y2NTcxZDNhYTlhMWVhNzE5YTI4YTAUBgorBgEEAYO/MAEU\nBAYMBHB1c2gwaAYKKwYBBAGDvzABFQRaDFhodHRwczovL2dpdGh1Yi5jb20vbWFy\nY2VsYW1lbGFyYS9wcml2YXRlLWRhdGEtb2JqZWN0cy9hY3Rpb25zL3J1bnMvNjcz\nNjA1MTM0OS9hdHRlbXB0cy8xMBYGCisGAQQBg78wARYECAwGcHVibGljMIGJBgor\nBgEEAdZ5AgQCBHsEeQB3AHUA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p\n7o4AAAGLkR6n2wAABAMARjBEAiAhDbI+6lM6YdPOT+nTdPmWcR2vdLnzsXaamtSO\nnSwxIQIgPnwdA67rLTX0wM6cBVcxBm9oQn42tgCO4XpekkImjfcwCgYIKoZIzj0E\nAwMDaAAwZQIwSirI2MYX96zWUQEhYFCwBsWfZ0FSVxbpW5i2d8jI7NJPbQC4Rxo/\naJMsKAD1UDD9AjEA/0Z4kErsI82eYxd9A+zfGrFKpKk5QoqiLGgSKVh4SdL6Khfv\n5O0s2Z1BwoAsyHTJ\n-----END CERTIFICATE-----\n"}]} \ No newline at end of file diff --git a/kccncna2023-demo/attestations/evidence-collection.keyid.json b/kccncna2023-demo/attestations/evidence-collection.keyid.json new file mode 100644 index 0000000..a9e5bb9 --- /dev/null +++ b/kccncna2023-demo/attestations/evidence-collection.keyid.json @@ -0,0 +1 @@ +{"payloadType":"application/vnd.in-toto","payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjEiLCAic3ViamVjdCI6W3sibmFtZSI6InBkb19jbGllbnRfd2F3YWthIiwgInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9tYXJjZWxhbWVsYXJhL3ByaXZhdGUtZGF0YS1vYmplY3RzL2NvbW1pdC80ZTA3YWZiYjM3ZTI0ZDUyODRjMjE2M2YzNjAzZDM3NGEwOTI2ODkwIiwgImRpZ2VzdCI6eyJzaGEyNTYiOiI5NTRmNjBjNWRlM2YzYjljMjFiOTExOGUyNWJlYzc5M2M0ZGU5MTZhYTMyYWYxNDBhY2M1NTAxZGIxODlkYjdiIn19XSwgInByZWRpY2F0ZVR5cGUiOiJodHRwczovL2luLXRvdG8uaW8vYXR0ZXN0YXRpb24vc2NhaS9hdHRyaWJ1dGUtcmVwb3J0L3YwLjIiLCAicHJlZGljYXRlIjp7ImF0dHJpYnV0ZXMiOlt7ImF0dHJpYnV0ZSI6Ikhhc1NCT00iLCAiZXZpZGVuY2UiOnsiZGlnZXN0Ijp7InNoYTI1NiI6IjkxZmI3ZWU4ODA3NzUyMGRmNGZiMjU2YzVkMDI5ZmYyYTE4ZWZmNzY3NGZhNWU1NDA0ZDJmZGY0ZGZkNDEzMmQifSwgImRvd25sb2FkTG9jYXRpb24iOiJodHRwczovL2dpdGh1Yi5jb20vbWFyY2VsYW1lbGFyYS9wcml2YXRlLWRhdGEtb2JqZWN0cy9hY3Rpb25zL3J1bnMvNjc0MDE4NTE4OSIsICJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi9qc29uIiwgIm5hbWUiOiJwZG9fY2xpZW50X3dhd2FrYS5zcGR4Lmpzb24ifX0sIHsiYXR0cmlidXRlIjoiSGFzU0xTQSIsICJldmlkZW5jZSI6eyJkaWdlc3QiOnsic2hhMjU2IjoiYTljMGVhYjFiYTA0M2U1YTUyOTAzYWRjMzNlYzAyNDFkZTIyMjhmZGVlOGQyNmZkMTJhNTAyNWRmOGE1ZjNiNiJ9LCAiZG93bmxvYWRMb2NhdGlvbiI6Imh0dHBzOi8vZ2l0aHViLmNvbS9tYXJjZWxhbWVsYXJhL3ByaXZhdGUtZGF0YS1vYmplY3RzL2FjdGlvbnMvcnVucy82NzQwMTg1MTg5IiwgIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5pbi10b3RvLnByb3ZlbmFuY2UrZHNzZSIsICJuYW1lIjoicGRvX2NsaWVudF93YXdha2Euc2xzYS5pbnRvdG8uanNvbmwifX0sIHsiYXR0cmlidXRlIjoiTm9uSGVybWV0aWNCdWlsZCIsICJldmlkZW5jZSI6eyJkaWdlc3QiOnsic2hhMjU2IjoiZTkxNTY2YTM0ZWYxNzFlYTYyMDRkODc3NmIyMzQ5ZDVhOTZlMTA4MzNjYjY5MDViYjhiZWY3NDY5YTVhMzM0OCJ9LCAiZG93bmxvYWRMb2NhdGlvbiI6Imh0dHBzOi8vZ2l0aHViLmNvbS9tYXJjZWxhbWVsYXJhL3ByaXZhdGUtZGF0YS1vYmplY3RzL2FjdGlvbnMvcnVucy82NzQwMTg1MTg5IiwgIm1lZGlhVHlwZSI6InRleHQvcGxhaW4iLCAibmFtZSI6InN0cmFjZS5sb2cifX1dfX0=","signatures":[{"keyid":"","sig":"MEUCIQC6gF+QEE0Df7z520y4LLWC7xjNaYMIJL40h4sl/4otqgIgHfwfQsnqsWkM+rQqOV3PZXAt9NZFdUIbmILJqC0t9TM="}]} diff --git a/kccncna2023-demo/attestations/evidence-collection.scai.json b/kccncna2023-demo/attestations/evidence-collection.scai.json new file mode 100644 index 0000000..047453d --- /dev/null +++ b/kccncna2023-demo/attestations/evidence-collection.scai.json @@ -0,0 +1,50 @@ +{ + "_type": "https://in-toto.io/Statement/v1", + "subject": [ + { + "name": "pdo_client_wawaka", + "uri": "https://github.com/marcelamelara/private-data-objects/commit/4e07afbb37e24d5284c2163f3603d374a0926890", + "digest": { + "sha256": "954f60c5de3f3b9c21b9118e25bec793c4de916aa32af140acc5501db189db7b" + } + } + ], + "predicateType": "https://in-toto.io/attestation/scai/attribute-report/v0.2", + "predicate": { + "attributes": [ + { + "attribute": "HasSBOM", + "evidence": { + "digest": { + "sha256": "91fb7ee88077520df4fb256c5d029ff2a18eff7674fa5e5404d2fdf4dfd4132d" + }, + "downloadLocation": "https://github.com/marcelamelara/private-data-objects/actions/runs/6740185189", + "mediaType": "application/json", + "name": "pdo_client_wawaka.spdx.json" + } + }, + { + "attribute": "HasSLSA", + "evidence": { + "digest": { + "sha256": "a9c0eab1ba043e5a52903adc33ec0241de2228fdee8d26fd12a5025df8a5f3b6" + }, + "downloadLocation": "https://github.com/marcelamelara/private-data-objects/actions/runs/6740185189", + "mediaType": "application/vnd.in-toto.provenance+dsse", + "name": "pdo_client_wawaka.slsa.intoto.jsonl" + } + }, + { + "attribute": "NonHermeticBuild", + "evidence": { + "digest": { + "sha256": "e91566a34ef171ea6204d8776b2349d5a96e10833cb6905bb8bef7469a5a3348" + }, + "downloadLocation": "https://github.com/marcelamelara/private-data-objects/actions/runs/6740185189", + "mediaType": "text/plain", + "name": "strace.log" + } + } + ] + } +} diff --git a/docs/images/intoto-kccncna2023-demo.png b/kccncna2023-demo/images/intoto-kccncna2023-demo.png similarity index 100% rename from docs/images/intoto-kccncna2023-demo.png rename to kccncna2023-demo/images/intoto-kccncna2023-demo.png diff --git a/kccncna2023-demo/tlog-entries/pdo_client_wawaka.provenance.json b/kccncna2023-demo/tlog-entries/pdo_client_wawaka.provenance.json new file mode 100644 index 0000000..4537691 --- /dev/null +++ b/kccncna2023-demo/tlog-entries/pdo_client_wawaka.provenance.json @@ -0,0 +1,21 @@ +LogID: c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d +Attestation: {"_type":"https://in-toto.io/Statement/v0.1","predicateType":"https://slsa.dev/provenance/v0.2","subject":[{"name":"pdo_client_wawaka","digest":{"sha256":"954f60c5de3f3b9c21b9118e25bec793c4de916aa32af140acc5501db189db7b"}}],"predicate":{"builder":{"id":"https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v1.7.0"},"buildType":"https://github.com/slsa-framework/slsa-github-generator/generic@v1","invocation":{"configSource":{"uri":"git+https://github.com/marcelamelara/private-data-objects@refs/heads/intoto-kccncna2023-demo","digest":{"sha1":"4e07afbb37e24d5284c2163f3603d374a0926890"},"entryPoint":".github/workflows/intoto-kccncna2023-demo.yml"},"parameters":{},"environment":{"github_actor":"marcelamelara","github_actor_id":"93797898","github_base_ref":"","github_event_name":"push","github_event_payload":{"after":"4e07afbb37e24d5284c2163f3603d374a0926890","base_ref":null,"before":"1b6e9168a1653126b5d7ddd5624c09ae28bfa8b0","commits":[{"author":{"email":"marcela.melara@intel.com","name":"Marcela Melara","username":"marcelamelara"},"committer":{"email":"marcela.melara@intel.com","name":"Marcela Melara","username":"marcelamelara"},"distinct":true,"id":"4e07afbb37e24d5284c2163f3603d374a0926890","message":"Fix signed attestation name\n\nSigned-off-by: Marcela Melara \u003cmarcela.melara@intel.com\u003e","timestamp":"2023-11-02T18:27:32-07:00","tree_id":"9f8903f7017d1ee513f0c420664c209f74fa4cba","url":"https://github.com/marcelamelara/private-data-objects/commit/4e07afbb37e24d5284c2163f3603d374a0926890"}],"compare":"https://github.com/marcelamelara/private-data-objects/compare/1b6e9168a165...4e07afbb37e2","created":false,"deleted":false,"forced":false,"head_commit":{"author":{"email":"marcela.melara@intel.com","name":"Marcela Melara","username":"marcelamelara"},"committer":{"email":"marcela.melara@intel.com","name":"Marcela Melara","username":"marcelamelara"},"distinct":true,"id":"4e07afbb37e24d5284c2163f3603d374a0926890","message":"Fix signed attestation name\n\nSigned-off-by: Marcela Melara \u003cmarcela.melara@intel.com\u003e","timestamp":"2023-11-02T18:27:32-07:00","tree_id":"9f8903f7017d1ee513f0c420664c209f74fa4cba","url":"https://github.com/marcelamelara/private-data-objects/commit/4e07afbb37e24d5284c2163f3603d374a0926890"},"pusher":{"email":"marcela.melara@intel.com","name":"marcelamelara"},"ref":"refs/heads/intoto-kccncna2023-demo","repository":{"allow_forking":true,"archive_url":"https://api.github.com/repos/marcelamelara/private-data-objects/{archive_format}{/ref}","archived":false,"assignees_url":"https://api.github.com/repos/marcelamelara/private-data-objects/assignees{/user}","blobs_url":"https://api.github.com/repos/marcelamelara/private-data-objects/git/blobs{/sha}","branches_url":"https://api.github.com/repos/marcelamelara/private-data-objects/branches{/branch}","clone_url":"https://github.com/marcelamelara/private-data-objects.git","collaborators_url":"https://api.github.com/repos/marcelamelara/private-data-objects/collaborators{/collaborator}","comments_url":"https://api.github.com/repos/marcelamelara/private-data-objects/comments{/number}","commits_url":"https://api.github.com/repos/marcelamelara/private-data-objects/commits{/sha}","compare_url":"https://api.github.com/repos/marcelamelara/private-data-objects/compare/{base}...{head}","contents_url":"https://api.github.com/repos/marcelamelara/private-data-objects/contents/{+path}","contributors_url":"https://api.github.com/repos/marcelamelara/private-data-objects/contributors","created_at":1580158534,"default_branch":"main","deployments_url":"https://api.github.com/repos/marcelamelara/private-data-objects/deployments","description":"The Private Data Objects lab provides technology for confidentiality-preserving, off-chain smart contracts.","disabled":false,"downloads_url":"https://api.github.com/repos/marcelamelara/private-data-objects/downloads","events_url":"https://api.github.com/repos/marcelamelara/private-data-objects/events","fork":true,"forks":1,"forks_count":1,"forks_url":"https://api.github.com/repos/marcelamelara/private-data-objects/forks","full_name":"marcelamelara/private-data-objects","git_commits_url":"https://api.github.com/repos/marcelamelara/private-data-objects/git/commits{/sha}","git_refs_url":"https://api.github.com/repos/marcelamelara/private-data-objects/git/refs{/sha}","git_tags_url":"https://api.github.com/repos/marcelamelara/private-data-objects/git/tags{/sha}","git_url":"git://github.com/marcelamelara/private-data-objects.git","has_discussions":false,"has_downloads":true,"has_issues":false,"has_pages":false,"has_projects":true,"has_wiki":true,"homepage":null,"hooks_url":"https://api.github.com/repos/marcelamelara/private-data-objects/hooks","html_url":"https://github.com/marcelamelara/private-data-objects","id":236592908,"is_template":false,"issue_comment_url":"https://api.github.com/repos/marcelamelara/private-data-objects/issues/comments{/number}","issue_events_url":"https://api.github.com/repos/marcelamelara/private-data-objects/issues/events{/number}","issues_url":"https://api.github.com/repos/marcelamelara/private-data-objects/issues{/number}","keys_url":"https://api.github.com/repos/marcelamelara/private-data-objects/keys{/key_id}","labels_url":"https://api.github.com/repos/marcelamelara/private-data-objects/labels{/name}","language":"C++","languages_url":"https://api.github.com/repos/marcelamelara/private-data-objects/languages","license":{"key":"apache-2.0","name":"Apache License 2.0","node_id":"MDc6TGljZW5zZTI=","spdx_id":"Apache-2.0","url":"https://api.github.com/licenses/apache-2.0"},"master_branch":"main","merges_url":"https://api.github.com/repos/marcelamelara/private-data-objects/merges","milestones_url":"https://api.github.com/repos/marcelamelara/private-data-objects/milestones{/number}","mirror_url":null,"name":"private-data-objects","node_id":"MDEwOlJlcG9zaXRvcnkyMzY1OTI5MDg=","notifications_url":"https://api.github.com/repos/marcelamelara/private-data-objects/notifications{?since,all,participating}","open_issues":0,"open_issues_count":0,"owner":{"avatar_url":"https://avatars.githubusercontent.com/u/93797898?v=4","email":"marcela.melara@intel.com","events_url":"https://api.github.com/users/marcelamelara/events{/privacy}","followers_url":"https://api.github.com/users/marcelamelara/followers","following_url":"https://api.github.com/users/marcelamelara/following{/other_user}","gists_url":"https://api.github.com/users/marcelamelara/gists{/gist_id}","gravatar_id":"","html_url":"https://github.com/marcelamelara","id":93797898,"login":"marcelamelara","name":"marcelamelara","node_id":"U_kgDOBZc-Cg","organizations_url":"https://api.github.com/users/marcelamelara/orgs","received_events_url":"https://api.github.com/users/marcelamelara/received_events","repos_url":"https://api.github.com/users/marcelamelara/repos","site_admin":false,"starred_url":"https://api.github.com/users/marcelamelara/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/marcelamelara/subscriptions","type":"User","url":"https://api.github.com/users/marcelamelara"},"private":false,"pulls_url":"https://api.github.com/repos/marcelamelara/private-data-objects/pulls{/number}","pushed_at":1698974855,"releases_url":"https://api.github.com/repos/marcelamelara/private-data-objects/releases{/id}","size":3479,"ssh_url":"git@github.com:marcelamelara/private-data-objects.git","stargazers":0,"stargazers_count":0,"stargazers_url":"https://api.github.com/repos/marcelamelara/private-data-objects/stargazers","statuses_url":"https://api.github.com/repos/marcelamelara/private-data-objects/statuses/{sha}","subscribers_url":"https://api.github.com/repos/marcelamelara/private-data-objects/subscribers","subscription_url":"https://api.github.com/repos/marcelamelara/private-data-objects/subscription","svn_url":"https://github.com/marcelamelara/private-data-objects","tags_url":"https://api.github.com/repos/marcelamelara/private-data-objects/tags","teams_url":"https://api.github.com/repos/marcelamelara/private-data-objects/teams","topics":[],"trees_url":"https://api.github.com/repos/marcelamelara/private-data-objects/git/trees{/sha}","updated_at":"2022-01-11T01:04:34Z","url":"https://github.com/marcelamelara/private-data-objects","visibility":"public","watchers":0,"watchers_count":0,"web_commit_signoff_required":false},"sender":{"avatar_url":"https://avatars.githubusercontent.com/u/93797898?v=4","events_url":"https://api.github.com/users/marcelamelara/events{/privacy}","followers_url":"https://api.github.com/users/marcelamelara/followers","following_url":"https://api.github.com/users/marcelamelara/following{/other_user}","gists_url":"https://api.github.com/users/marcelamelara/gists{/gist_id}","gravatar_id":"","html_url":"https://github.com/marcelamelara","id":93797898,"login":"marcelamelara","node_id":"U_kgDOBZc-Cg","organizations_url":"https://api.github.com/users/marcelamelara/orgs","received_events_url":"https://api.github.com/users/marcelamelara/received_events","repos_url":"https://api.github.com/users/marcelamelara/repos","site_admin":false,"starred_url":"https://api.github.com/users/marcelamelara/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/marcelamelara/subscriptions","type":"User","url":"https://api.github.com/users/marcelamelara"}},"github_head_ref":"","github_ref":"refs/heads/intoto-kccncna2023-demo","github_ref_type":"branch","github_repository_id":"236592908","github_repository_owner":"marcelamelara","github_repository_owner_id":"93797898","github_run_attempt":"1","github_run_id":"6740185189","github_run_number":"5","github_sha1":"4e07afbb37e24d5284c2163f3603d374a0926890"}},"metadata":{"buildInvocationID":"6740185189-1","completeness":{"parameters":true,"environment":false,"materials":false},"reproducible":false},"materials":[{"uri":"git+https://github.com/marcelamelara/private-data-objects@refs/heads/intoto-kccncna2023-demo","digest":{"sha1":"4e07afbb37e24d5284c2163f3603d374a0926890"}}]}} +Index: 47212639 +IntegratedTime: 2023-11-03T01:47:24Z +UUID: 24296fb24b8ad77ac67df9169ecdd6759b6894daeeafeb95e5398ad34e50418a1e94c6ae9cf7e7d0 +Body: { + "IntotoObj": { + "content": { + "hash": { + "algorithm": "sha256", + "value": "a9c0eab1ba043e5a52903adc33ec0241de2228fdee8d26fd12a5025df8a5f3b6" + }, + "payloadHash": { + "algorithm": "sha256", + "value": "75d64033e57a6d1d0f6abbfae527e56cc3741ce0d020946baa7d04520b572c3a" + } + }, + "publicKey": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUh1VENDQnorZ0F3SUJBZ0lVWkUySkJhaGxWTUQ0QTFScjBHMXpIZlZXMWE0d0NnWUlLb1pJemowRUF3TXcKTnpFVk1CTUdBMVVFQ2hNTWMybG5jM1J2Y21VdVpHVjJNUjR3SEFZRFZRUURFeFZ6YVdkemRHOXlaUzFwYm5SbApjbTFsWkdsaGRHVXdIaGNOTWpNeE1UQXpNREUwTnpJMFdoY05Nak14TVRBek1ERTFOekkwV2pBQU1Ga3dFd1lICktvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVKTEcwcFl5eG5GT3N5SXVhM1NaWFl0dVVDbitrQWpYM2Exa3cKYzVBUk9rL1JHQkxXeE5GSytXQUliR2hrekFDeXZuQ3lpNXFIbER0TUkrY0QzWFZOT3FPQ0JsNHdnZ1phTUE0RwpBMVVkRHdFQi93UUVBd0lIZ0RBVEJnTlZIU1VFRERBS0JnZ3JCZ0VGQlFjREF6QWRCZ05WSFE0RUZnUVUxYWlnCjB5NlQrblJiS0hwZ1dDTGtZOGxJSW00d0h3WURWUjBqQkJnd0ZvQVUzOVBwejFZa0VaYjVxTmpwS0ZXaXhpNFkKWkQ4d2dZUUdBMVVkRVFFQi93UjZNSGlHZG1oMGRIQnpPaTh2WjJsMGFIVmlMbU52YlM5emJITmhMV1p5WVcxbApkMjl5YXk5emJITmhMV2RwZEdoMVlpMW5aVzVsY21GMGIzSXZMbWRwZEdoMVlpOTNiM0pyWm14dmQzTXZaMlZ1ClpYSmhkRzl5WDJkbGJtVnlhV05mYzJ4ellUTXVlVzFzUUhKbFpuTXZkR0ZuY3k5Mk1TNDNMakF3T1FZS0t3WUIKQkFHRHZ6QUJBUVFyYUhSMGNITTZMeTkwYjJ0bGJpNWhZM1JwYjI1ekxtZHBkR2gxWW5WelpYSmpiMjUwWlc1MApMbU52YlRBU0Jnb3JCZ0VFQVlPL01BRUNCQVJ3ZFhOb01EWUdDaXNHQVFRQmc3OHdBUU1FS0RSbE1EZGhabUppCk16ZGxNalJrTlRJNE5HTXlNVFl6WmpNMk1ETmtNemMwWVRBNU1qWTRPVEF3VEFZS0t3WUJCQUdEdnpBQkJBUSsKVUhKcGRtRjBaU0JFWVhSaElFOWlhbVZqZEhNZ0tGQkVUeWtnWW5WcGJHUWdkMmwwYUNCVFZ5QnpkWEJ3YkhrZwpZMmhoYVc0Z2JXVjBZV1JoZEdFd01BWUtLd1lCQkFHRHZ6QUJCUVFpYldGeVkyVnNZVzFsYkdGeVlTOXdjbWwyCllYUmxMV1JoZEdFdGIySnFaV04wY3pBd0Jnb3JCZ0VFQVlPL01BRUdCQ0p5WldaekwyaGxZV1J6TDJsdWRHOTAKYnkxclkyTnVZMjVoTWpBeU15MWtaVzF2TURzR0Npc0dBUVFCZzc4d0FRZ0VMUXdyYUhSMGNITTZMeTkwYjJ0bApiaTVoWTNScGIyNXpMbWRwZEdoMVluVnpaWEpqYjI1MFpXNTBMbU52YlRDQmhnWUtLd1lCQkFHRHZ6QUJDUVI0CkRIWm9kSFJ3Y3pvdkwyZHBkR2gxWWk1amIyMHZjMnh6WVMxbWNtRnRaWGR2Y21zdmMyeHpZUzFuYVhSb2RXSXQKWjJWdVpYSmhkRzl5THk1bmFYUm9kV0l2ZDI5eWEyWnNiM2R6TDJkbGJtVnlZWFJ2Y2w5blpXNWxjbWxqWDNOcwpjMkV6TG5sdGJFQnlaV1p6TDNSaFozTXZkakV1Tnk0d01EZ0dDaXNHQVFRQmc3OHdBUW9FS2d3b1pUVTFZamMyClkyVTBNakV3T0RKa1ptRTBZak0wWVRaaFl6TmpOV1UxT1dSbE1HWXpZbUkxT0RBZEJnb3JCZ0VFQVlPL01BRUwKQkE4TURXZHBkR2gxWWkxb2IzTjBaV1F3UlFZS0t3WUJCQUdEdnpBQkRBUTNERFZvZEhSd2N6b3ZMMmRwZEdoMQpZaTVqYjIwdmJXRnlZMlZzWVcxbGJHRnlZUzl3Y21sMllYUmxMV1JoZEdFdGIySnFaV04wY3pBNEJnb3JCZ0VFCkFZTy9NQUVOQkNvTUtEUmxNRGRoWm1KaU16ZGxNalJrTlRJNE5HTXlNVFl6WmpNMk1ETmtNemMwWVRBNU1qWTQKT1RBd01nWUtLd1lCQkFHRHZ6QUJEZ1FrRENKeVpXWnpMMmhsWVdSekwybHVkRzkwYnkxclkyTnVZMjVoTWpBeQpNeTFrWlcxdk1Ca0dDaXNHQVFRQmc3OHdBUThFQ3d3Sk1qTTJOVGt5T1RBNE1EQUdDaXNHQVFRQmc3OHdBUkFFCklnd2dhSFIwY0hNNkx5OW5hWFJvZFdJdVkyOXRMMjFoY21ObGJHRnRaV3hoY21Fd0dBWUtLd1lCQkFHRHZ6QUIKRVFRS0RBZzVNemM1TnpnNU9EQ0JtQVlLS3dZQkJBR0R2ekFCRWdTQmlReUJobWgwZEhCek9pOHZaMmwwYUhWaQpMbU52YlM5dFlYSmpaV3hoYldWc1lYSmhMM0J5YVhaaGRHVXRaR0YwWVMxdlltcGxZM1J6THk1bmFYUm9kV0l2CmQyOXlhMlpzYjNkekwybHVkRzkwYnkxclkyTnVZMjVoTWpBeU15MWtaVzF2TG5sdGJFQnlaV1p6TDJobFlXUnoKTDJsdWRHOTBieTFyWTJOdVkyNWhNakF5TXkxa1pXMXZNRGdHQ2lzR0FRUUJnNzh3QVJNRUtnd29OR1V3TjJGbQpZbUl6TjJVeU5HUTFNamcwWXpJeE5qTm1Nell3TTJRek56UmhNRGt5TmpnNU1EQVVCZ29yQmdFRUFZTy9NQUVVCkJBWU1CSEIxYzJnd2FBWUtLd1lCQkFHRHZ6QUJGUVJhREZob2RIUndjem92TDJkcGRHaDFZaTVqYjIwdmJXRnkKWTJWc1lXMWxiR0Z5WVM5d2NtbDJZWFJsTFdSaGRHRXRiMkpxWldOMGN5OWhZM1JwYjI1ekwzSjFibk12TmpjMApNREU0TlRFNE9TOWhkSFJsYlhCMGN5OHhNQllHQ2lzR0FRUUJnNzh3QVJZRUNBd0djSFZpYkdsak1JR0tCZ29yCkJnRUVBZFo1QWdRQ0JId0VlZ0I0QUhZQTNUMHdhc2JIRVRKakdSNGNtV2MzQXFKS1hyamVQSzMvaDRweWdDOHAKN280QUFBR0xrdDBWcndBQUJBTUFSekJGQWlCR20yLzNZbDhTZ2VqR0p4V0tneTNZV21rcXhCY3l4a3dxdExMSgpjUGIxWkFJaEFMLzM1Tm1GbklNWVpSak04RGRHckQ3Y1FqSFJIbFlVOXBkRHIzcWh6REo3TUFvR0NDcUdTTTQ5CkJBTURBMmdBTUdVQ01RQ1htVWFzUWRXVUVRTzcweCtnZUlneFNyaXd5KzRMSUZMVUN5b1MyM205MDBBTlpLK0QKV2RDTXo4aUhjWlN4ZGhzQ01HVUtFU3BUbGFCcWhwVzV5b0RtbVB2b1FQU3FSRVlsazQzTHEyS1BJU3ZzSkE1WAo2RWNqWE0veHYyTGpnUXRHc3c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" + } +} + diff --git a/kccncna2023-demo/tlog-entries/pdo_client_wawaka.scai.json b/kccncna2023-demo/tlog-entries/pdo_client_wawaka.scai.json new file mode 100644 index 0000000..565ced6 --- /dev/null +++ b/kccncna2023-demo/tlog-entries/pdo_client_wawaka.scai.json @@ -0,0 +1,21 @@ +LogID: c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d +Attestation: {"_type":"https://in-toto.io/Statement/v1", "subject":[{"name":"pdo_client_wawaka", "uri":"https://github.com/marcelamelara/private-data-objects/commit/4e07afbb37e24d5284c2163f3603d374a0926890", "digest":{"sha256":"954f60c5de3f3b9c21b9118e25bec793c4de916aa32af140acc5501db189db7b"}}], "predicateType":"https://in-toto.io/attestation/scai/attribute-report/v0.2", "predicate":{"attributes":[{"attribute":"HasSBOM", "evidence":{"digest":{"sha256":"91fb7ee88077520df4fb256c5d029ff2a18eff7674fa5e5404d2fdf4dfd4132d"}, "downloadLocation":"https://github.com/marcelamelara/private-data-objects/actions/runs/6740185189", "mediaType":"application/json", "name":"pdo_client_wawaka.spdx.json"}}, {"attribute":"HasSLSA", "evidence":{"digest":{"sha256":"a9c0eab1ba043e5a52903adc33ec0241de2228fdee8d26fd12a5025df8a5f3b6"}, "downloadLocation":"https://github.com/marcelamelara/private-data-objects/actions/runs/6740185189", "mediaType":"application/vnd.in-toto.provenance+dsse", "name":"pdo_client_wawaka.slsa.intoto.jsonl"}}, {"attribute":"NonHermeticBuild", "evidence":{"digest":{"sha256":"e91566a34ef171ea6204d8776b2349d5a96e10833cb6905bb8bef7469a5a3348"}, "downloadLocation":"https://github.com/marcelamelara/private-data-objects/actions/runs/6740185189", "mediaType":"text/plain", "name":"strace.log"}}]}} +Index: 47431571 +IntegratedTime: 2023-11-03T23:39:36Z +UUID: 24296fb24b8ad77ab2803f68cbf3f73ef6d4c4a0dce5b13e0d86db9f9548fd77de522002a8a8c97c +Body: { + "IntotoObj": { + "content": { + "hash": { + "algorithm": "sha256", + "value": "82e1c9e17eb3d3e4176b1e7c14a866199cac81b4554987ab603c342a113d43b8" + }, + "payloadHash": { + "algorithm": "sha256", + "value": "fc500f2816b3b1711e4f3772fa0c8a03edfe449bb58761a7d1844fa3bb1a65ed" + } + }, + "publicKey": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUgzekNDQjJTZ0F3SUJBZ0lVUmV6K01WTTZVQXJwYmRGYW0rOWhRb1NBWmM0d0NnWUlLb1pJemowRUF3TXcKTnpFVk1CTUdBMVVFQ2hNTWMybG5jM1J2Y21VdVpHVjJNUjR3SEFZRFZRUURFeFZ6YVdkemRHOXlaUzFwYm5SbApjbTFsWkdsaGRHVXdIaGNOTWpNeE1UQXpNak16T1RNMldoY05Nak14TVRBek1qTTBPVE0yV2pBQU1Ga3dFd1lICktvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVvbHlEeWF5Zjd6d2QyS2xXNVpCdDFOYkRGSjRnVFFRUkd2MnAKUWwreldGL3VQakhrMk1MOXhJOGVCcVA1VDRYN3F6NDBqTURRU0ErR3crQjY0QnN3U3FPQ0JvTXdnZ1ovTUE0RwpBMVVkRHdFQi93UUVBd0lIZ0RBVEJnTlZIU1VFRERBS0JnZ3JCZ0VGQlFjREF6QWRCZ05WSFE0RUZnUVVuR0RxCmdxNWgranlCNGdHTnZHeDRVc2lYeU44d0h3WURWUjBqQkJnd0ZvQVUzOVBwejFZa0VaYjVxTmpwS0ZXaXhpNFkKWkQ4d2daY0dBMVVkRVFFQi93U0JqRENCaVlhQmhtaDBkSEJ6T2k4dloybDBhSFZpTG1OdmJTOXRZWEpqWld4aApiV1ZzWVhKaEwzQnlhWFpoZEdVdFpHRjBZUzF2WW1wbFkzUnpMeTVuYVhSb2RXSXZkMjl5YTJac2IzZHpMMmx1CmRHOTBieTFyWTJOdVkyNWhNakF5TXkxa1pXMXZMbmx0YkVCeVpXWnpMMmhsWVdSekwybHVkRzkwYnkxclkyTnUKWTI1aE1qQXlNeTFrWlcxdk1Ea0dDaXNHQVFRQmc3OHdBUUVFSzJoMGRIQnpPaTh2ZEc5clpXNHVZV04wYVc5dQpjeTVuYVhSb2RXSjFjMlZ5WTI5dWRHVnVkQzVqYjIwd0VnWUtLd1lCQkFHRHZ6QUJBZ1FFY0hWemFEQTJCZ29yCkJnRUVBWU8vTUFFREJDZzBaVEEzWVdaaVlqTTNaVEkwWkRVeU9EUmpNakUyTTJZek5qQXpaRE0zTkdFd09USTIKT0Rrd01Fd0dDaXNHQVFRQmc3OHdBUVFFUGxCeWFYWmhkR1VnUkdGMFlTQlBZbXBsWTNSeklDaFFSRThwSUdKMQphV3hrSUhkcGRHZ2dVMWNnYzNWd2NHeDVJR05vWVdsdUlHMWxkR0ZrWVhSaE1EQUdDaXNHQVFRQmc3OHdBUVVFCkltMWhjbU5sYkdGdFpXeGhjbUV2Y0hKcGRtRjBaUzFrWVhSaExXOWlhbVZqZEhNd01BWUtLd1lCQkFHRHZ6QUIKQmdRaWNtVm1jeTlvWldGa2N5OXBiblJ2ZEc4dGEyTmpibU51WVRJd01qTXRaR1Z0YnpBN0Jnb3JCZ0VFQVlPLwpNQUVJQkMwTUsyaDBkSEJ6T2k4dmRHOXJaVzR1WVdOMGFXOXVjeTVuYVhSb2RXSjFjMlZ5WTI5dWRHVnVkQzVqCmIyMHdnWmdHQ2lzR0FRUUJnNzh3QVFrRWdZa01nWVpvZEhSd2N6b3ZMMmRwZEdoMVlpNWpiMjB2YldGeVkyVnMKWVcxbGJHRnlZUzl3Y21sMllYUmxMV1JoZEdFdGIySnFaV04wY3k4dVoybDBhSFZpTDNkdmNtdG1iRzkzY3k5cApiblJ2ZEc4dGEyTmpibU51WVRJd01qTXRaR1Z0Ynk1NWJXeEFjbVZtY3k5b1pXRmtjeTlwYm5SdmRHOHRhMk5qCmJtTnVZVEl3TWpNdFpHVnRiekE0QmdvckJnRUVBWU8vTUFFS0JDb01LRFJsTURkaFptSmlNemRsTWpSa05USTQKTkdNeU1UWXpaak0yTUROa016YzBZVEE1TWpZNE9UQXdIUVlLS3dZQkJBR0R2ekFCQ3dRUERBMW5hWFJvZFdJdAphRzl6ZEdWa01FVUdDaXNHQVFRQmc3OHdBUXdFTnd3MWFIUjBjSE02THk5bmFYUm9kV0l1WTI5dEwyMWhjbU5sCmJHRnRaV3hoY21FdmNISnBkbUYwWlMxa1lYUmhMVzlpYW1WamRITXdPQVlLS3dZQkJBR0R2ekFCRFFRcURDZzAKWlRBM1lXWmlZak0zWlRJMFpEVXlPRFJqTWpFMk0yWXpOakF6WkRNM05HRXdPVEkyT0Rrd01ESUdDaXNHQVFRQgpnNzh3QVE0RUpBd2ljbVZtY3k5b1pXRmtjeTlwYm5SdmRHOHRhMk5qYm1OdVlUSXdNak10WkdWdGJ6QVpCZ29yCkJnRUVBWU8vTUFFUEJBc01DVEl6TmpVNU1qa3dPREF3QmdvckJnRUVBWU8vTUFFUUJDSU1JR2gwZEhCek9pOHYKWjJsMGFIVmlMbU52YlM5dFlYSmpaV3hoYldWc1lYSmhNQmdHQ2lzR0FRUUJnNzh3QVJFRUNnd0lPVE0zT1RjNApPVGd3Z1pnR0Npc0dBUVFCZzc4d0FSSUVnWWtNZ1lab2RIUndjem92TDJkcGRHaDFZaTVqYjIwdmJXRnlZMlZzCllXMWxiR0Z5WVM5d2NtbDJZWFJsTFdSaGRHRXRiMkpxWldOMGN5OHVaMmwwYUhWaUwzZHZjbXRtYkc5M2N5OXAKYm5SdmRHOHRhMk5qYm1OdVlUSXdNak10WkdWdGJ5NTViV3hBY21WbWN5OW9aV0ZrY3k5cGJuUnZkRzh0YTJOagpibU51WVRJd01qTXRaR1Z0YnpBNEJnb3JCZ0VFQVlPL01BRVRCQ29NS0RSbE1EZGhabUppTXpkbE1qUmtOVEk0Ck5HTXlNVFl6WmpNMk1ETmtNemMwWVRBNU1qWTRPVEF3RkFZS0t3WUJCQUdEdnpBQkZBUUdEQVJ3ZFhOb01HZ0cKQ2lzR0FRUUJnNzh3QVJVRVdneFlhSFIwY0hNNkx5OW5hWFJvZFdJdVkyOXRMMjFoY21ObGJHRnRaV3hoY21FdgpjSEpwZG1GMFpTMWtZWFJoTFc5aWFtVmpkSE12WVdOMGFXOXVjeTl5ZFc1ekx6WTNOREF4T0RVeE9Ea3ZZWFIwClpXMXdkSE12TWpBV0Jnb3JCZ0VFQVlPL01BRVdCQWdNQm5CMVlteHBZekNCaWdZS0t3WUJCQUhXZVFJRUFnUjgKQkhvQWVBQjJBTjA5TUdyR3h4RXlZeGtlSEpsbk53S2lTbDY0M2p5dC80ZUtjb0F2S2U2T0FBQUJpNWVPYjRnQQpBQVFEQUVjd1JRSWdLRkdGRDYzQUVNWWJaUnlUcmhCclFBd2UrK3BXMGRGLzFPSnhFUkVraUZRQ0lRQ1RnNHo4CmxKOU05N2d3eEhDTXFWYVlBSFlwcy9yY2FqemxBQnh4NFNwdGNEQUtCZ2dxaGtqT1BRUURBd05wQURCbUFqRUEKb3k1Z2JXY1pxQmtRNXBDSzZTNGQxaDRZZ3NUdER5Sk52RkhzNWRhMHF3enU2N0Q5bURTZ21PUFBabElCc0xJKwpBakVBdkp4RXMrY2I2VDR4OSs5ajBaOEg4bjM5ekVQa0VsOFZncHE2a2NOUWJRUDAvcXd3SnFla09Wb1ZaYytqCk1OUUcKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=" + } +} + diff --git a/kccncna2023-demo/verification-flow.sh b/kccncna2023-demo/verification-flow.sh new file mode 100755 index 0000000..7e10ec0 --- /dev/null +++ b/kccncna2023-demo/verification-flow.sh @@ -0,0 +1,19 @@ +printf "in-toto KubeCon + CloudNativeCon NA 2023 demo (verification flow only)\n\n" + +# From: https://github.com/marcelamelara/private-data-objects/actions/runs/6740185189/job/18354917647 +SLSA_UUID="24296fb24b8ad77ac67df9169ecdd6759b6894daeeafeb95e5398ad34e50418a1e94c6ae9cf7e7d0" + +# From: https://github.com/marcelamelara/private-data-objects/actions/runs/6740185189/job/18354917925 +SCAI_UUID="24296fb24b8ad77ab2803f68cbf3f73ef6d4c4a0dce5b13e0d86db9f9548fd77de522002a8a8c97c" + +printf "Retrieving transparency log entries from Rekor\n\n" +rekor-cli get --uuid $SLSA_UUID > tlog-entries/pdo_client_wawaka.provenance.json +rekor-cli get --uuid $SCAI_UUID > tlog-entries/pdo_client_wawaka.scai.json + +printf "Obtaining public keys Rekor log entries\n\n" +scai-gen rekor tlog-entries/pdo_client_wawaka.provenance.json > functionaries/slsa.cert.pem +#scai-gen rekor tlog-entries/pdo_client_wawaka.scai.json > functionaries/scai.cert.pem + +printf "Obtaining functionary info\n\n" +in-toto-golang key layout functionaries/slsa.cert.pem > functionaries/slsa.func +#in-toto-golang key layout functionaries/scai.cert.pem > functionaries/scai.func diff --git a/scai-gen/cmd/rekor.go b/scai-gen/cmd/rekor.go new file mode 100644 index 0000000..452347f --- /dev/null +++ b/scai-gen/cmd/rekor.go @@ -0,0 +1,59 @@ +// adapted from https://github.com/slsa-framework/slsa-github-generator/blob/main/signing/sigstore/fulcio.go +// and https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/attest.go +package cmd + +import ( + "bufio" + "encoding/base64" + "fmt" + "os" + "strings" + + "github.com/spf13/cobra" +) + +var rekorCmd = &cobra.Command{ + Use: "rekor", + Args: cobra.ExactArgs(1), + Short: "Parses a Rekor log entry to extract info needed to verify signed in-toto Attestations", + RunE: parseRekorEntry, +} + +func parseRekorEntry(cmd *cobra.Command, args []string) error { + fmt.Println("EXPERIMENTAL FEATURE. DO NOT USE IN PRODUCTION.") + + entryFile := args[0] + readFile, err := os.Open(entryFile) + if err != nil { + return fmt.Errorf("error reading file: %w", err) + } + + fileScanner := bufio.NewScanner(readFile) + fileScanner.Split(bufio.ScanLines) + var fileLines [][]byte + + for fileScanner.Scan() { + fileLines = append(fileLines, fileScanner.Bytes()) + } + + readFile.Close() + + for _, line := range fileLines { + lineStr := string(line) + if strings.Contains(lineStr, "publicKey") { + pkB64Raw := strings.TrimPrefix(lineStr, " \"publicKey\": ") + pkB64 := strings.Trim(pkB64Raw, "\"") + + pkPem, err := base64.StdEncoding.DecodeString(pkB64) + if err != nil { + return fmt.Errorf("error decoding base64-encoded public key: %w", err) + } + + // lazy + fmt.Println(string(pkPem)) + return nil + } + } + + return nil +} diff --git a/scai-gen/cmd/root.go b/scai-gen/cmd/root.go index f606a75..bc04bd4 100644 --- a/scai-gen/cmd/root.go +++ b/scai-gen/cmd/root.go @@ -23,6 +23,7 @@ func init() { rootCmd.AddCommand(reportCmd) rootCmd.AddCommand(checkCmd) rootCmd.AddCommand(sigstoreCmd) + rootCmd.AddCommand(rekorCmd) } // Execute adds all child commands to the root command and sets flags appropriately.