From a453d89080fae99357b0fe89845e89a27d7036e8 Mon Sep 17 00:00:00 2001 From: Stefano Pentassuglia Date: Wed, 4 Feb 2026 16:44:29 +0100 Subject: [PATCH 1/3] Update SLSA v1 schema _type value The schema and validation logic now accept both the new v1 statement type (https://in-toto.io/Statement/v1) and the legacy v0.1 type to maintain backward compatibility with Tekton Chains bug while supporting the latest in-toto specification. Co-Authored-By: Claude Sonnet 4.5 Ref: https://github.com/tektoncd/chains/issues/920 Ref: https://issues.redhat.com/browse/EC-1633 --- go.mod | 71 ++++---- go.sum | 159 ++++++++---------- .../slsa_provenance_v1_test.snap | 33 ++++ internal/attestation/slsa_provenance_v1.go | 3 +- .../attestation/slsa_provenance_v1_test.go | 57 ++++++- .../slsa_provenance_v1_test.snap | 4 +- pkg/schema/slsa_provenance_v1.json | 6 +- 7 files changed, 190 insertions(+), 143 deletions(-) diff --git a/go.mod b/go.mod index 2c1aa1053..8b3cc0aeb 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/google/go-containerregistry v0.20.7 github.com/google/safearchive v0.0.0-20241025131057-f7ce9d7b6f9c github.com/hako/durafmt v0.0.0-20210608085754-5c1018a4e16b - github.com/in-toto/in-toto-golang v0.9.0 + github.com/in-toto/in-toto-golang v0.10.0 github.com/jstemmer/go-junit-report/v2 v2.1.0 github.com/konflux-ci/application-api v0.0.0-20240812090716-e7eb2ecfb409 github.com/leanovate/gopter v0.2.11 @@ -30,7 +30,7 @@ require ( github.com/package-url/packageurl-go v0.1.3 github.com/qri-io/jsonpointer v0.1.1 github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 - github.com/secure-systems-lab/go-securesystemslib v0.9.0 + github.com/secure-systems-lab/go-securesystemslib v0.10.0 github.com/sigstore/cosign/v2 v2.4.1 github.com/sigstore/rekor v1.3.6 github.com/sigstore/sigstore v1.8.9 @@ -38,8 +38,8 @@ require ( github.com/smarty/cproxy/v2 v2.1.1 github.com/spdx/tools-golang v0.5.5 github.com/spf13/afero v1.14.0 - github.com/spf13/cobra v1.9.1 - github.com/spf13/pflag v1.0.7 + github.com/spf13/cobra v1.10.2 + github.com/spf13/pflag v1.0.10 github.com/spf13/viper v1.20.1 github.com/stretchr/testify v1.11.1 github.com/stuart-warren/yamlfmt v0.2.0 @@ -48,8 +48,8 @@ require ( github.com/testcontainers/testcontainers-go/modules/registry v0.34.0 golang.org/x/benchmarks v0.0.0-20241115175113-a2b48b605b42 golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 - golang.org/x/net v0.44.0 - golang.org/x/sync v0.17.0 + golang.org/x/net v0.49.0 + golang.org/x/sync v0.19.0 k8s.io/apiextensions-apiserver v0.34.2 k8s.io/apimachinery v0.34.2 k8s.io/client-go v0.34.2 @@ -63,10 +63,9 @@ require ( replace github.com/google/go-containerregistry => github.com/conforma/go-containerregistry v0.20.7-0.20250703195040-6f40a3734728 require ( - github.com/cucumber/godog v0.15.1 github.com/go-openapi/runtime v0.28.0 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 - golang.org/x/text v0.29.0 + golang.org/x/text v0.33.0 gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.34.2 ) @@ -76,7 +75,7 @@ require ( cloud.google.com/go v0.116.0 // indirect cloud.google.com/go/auth v0.13.0 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.6 // indirect - cloud.google.com/go/compute/metadata v0.7.0 // indirect + cloud.google.com/go/compute/metadata v0.9.0 // indirect cloud.google.com/go/iam v1.2.2 // indirect cloud.google.com/go/monitoring v1.21.2 // indirect cloud.google.com/go/storage v1.49.0 // indirect @@ -96,7 +95,7 @@ require ( github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect github.com/BurntSushi/toml v1.5.0 // indirect - github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.29.0 // indirect + github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.30.0 // indirect github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.48.1 // indirect github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.48.1 // indirect github.com/KeisukeYamashita/go-vcl v0.4.0 // indirect @@ -157,7 +156,7 @@ require ( github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect github.com/clbanning/mxj/v2 v2.7.0 // indirect github.com/cloudflare/circl v1.4.0 // indirect - github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443 // indirect + github.com/cncf/xds/go v0.0.0-20251022180443-0feb69152e9f // indirect github.com/cockroachdb/apd/v3 v3.2.1 // indirect github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect github.com/containerd/containerd/v2 v2.2.0 // indirect @@ -170,8 +169,6 @@ require ( github.com/coreos/go-oidc/v3 v3.11.0 // indirect github.com/cpuguy83/dockercfg v0.3.2 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect - github.com/cucumber/gherkin/go/v26 v26.2.0 // indirect - github.com/cucumber/messages/go/v21 v21.0.1 // indirect github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f // indirect github.com/cyphar/filepath-securejoin v0.4.1 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect @@ -189,7 +186,7 @@ require ( github.com/dustin/go-humanize v1.0.1 // indirect github.com/emicklei/go-restful/v3 v3.13.0 // indirect github.com/emirpasic/gods v1.18.1 // indirect - github.com/envoyproxy/go-control-plane/envoy v1.32.4 // indirect + github.com/envoyproxy/go-control-plane/envoy v1.35.0 // indirect github.com/envoyproxy/protoc-gen-validate v1.2.1 // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect @@ -203,7 +200,7 @@ require ( github.com/go-git/go-billy/v5 v5.6.2 // indirect github.com/go-ini/ini v1.67.0 // indirect github.com/go-jose/go-jose/v3 v3.0.4 // indirect - github.com/go-jose/go-jose/v4 v4.1.2 // indirect + github.com/go-jose/go-jose/v4 v4.1.3 // indirect github.com/go-kit/log v0.2.1 // indirect github.com/go-logfmt/logfmt v0.6.0 // indirect github.com/go-logr/stdr v1.2.2 // indirect @@ -218,7 +215,6 @@ require ( github.com/go-openapi/validate v0.24.0 // indirect github.com/go-viper/mapstructure/v2 v2.3.0 // indirect github.com/gobwas/glob v0.2.3 // indirect - github.com/gofrs/uuid v4.3.1+incompatible // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.5.2 // indirect github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect @@ -240,15 +236,13 @@ require ( github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-getter v1.8.1 // indirect - github.com/hashicorp/go-immutable-radix v1.3.1 // indirect - github.com/hashicorp/go-memdb v1.3.4 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-retryablehttp v0.7.7 // indirect github.com/hashicorp/go-safetemp v1.0.0 // indirect github.com/hashicorp/go-version v1.7.0 // indirect - github.com/hashicorp/golang-lru v1.0.2 // indirect github.com/hashicorp/hcl v1.0.1-vault-5 // indirect github.com/hashicorp/hcl/v2 v2.23.0 // indirect + github.com/in-toto/attestation v1.1.2 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 // indirect @@ -322,7 +316,7 @@ require ( github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect github.com/sourcegraph/conc v0.3.0 // indirect github.com/spf13/cast v1.7.1 // indirect - github.com/spiffe/go-spiffe/v2 v2.5.0 // indirect + github.com/spiffe/go-spiffe/v2 v2.6.0 // indirect github.com/stoewer/go-strcase v1.3.0 // indirect github.com/stretchr/objx v0.5.2 // indirect github.com/subosito/gotenv v1.6.0 // indirect @@ -352,42 +346,41 @@ require ( github.com/yashtewari/glob-intersection v0.2.0 // indirect github.com/yusufpapurcu/wmi v1.2.3 // indirect github.com/zclconf/go-cty v1.16.2 // indirect - github.com/zeebo/errs v1.4.0 // indirect go.mongodb.org/mongo-driver v1.16.1 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/auto/sdk v1.1.0 // indirect - go.opentelemetry.io/contrib/detectors/gcp v1.36.0 // indirect + go.opentelemetry.io/auto/sdk v1.2.1 // indirect + go.opentelemetry.io/contrib/detectors/gcp v1.38.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect - go.opentelemetry.io/otel v1.37.0 // indirect + go.opentelemetry.io/otel v1.38.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.36.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.36.0 // indirect - go.opentelemetry.io/otel/metric v1.37.0 // indirect - go.opentelemetry.io/otel/sdk v1.37.0 // indirect - go.opentelemetry.io/otel/sdk/metric v1.37.0 // indirect - go.opentelemetry.io/otel/trace v1.37.0 // indirect - go.opentelemetry.io/proto/otlp v1.6.0 // indirect + go.opentelemetry.io/otel/metric v1.38.0 // indirect + go.opentelemetry.io/otel/sdk v1.38.0 // indirect + go.opentelemetry.io/otel/sdk/metric v1.38.0 // indirect + go.opentelemetry.io/otel/trace v1.38.0 // indirect + go.opentelemetry.io/proto/otlp v1.7.0 // indirect go.step.sm/crypto v0.51.2 // indirect go.uber.org/automaxprocs v1.6.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect go.yaml.in/yaml/v2 v2.4.2 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/crypto v0.42.0 // indirect - golang.org/x/mod v0.29.0 // indirect - golang.org/x/oauth2 v0.30.0 // indirect - golang.org/x/sys v0.37.0 // indirect - golang.org/x/term v0.35.0 // indirect + golang.org/x/crypto v0.47.0 // indirect + golang.org/x/mod v0.31.0 // indirect + golang.org/x/oauth2 v0.32.0 // indirect + golang.org/x/sys v0.40.0 // indirect + golang.org/x/term v0.39.0 // indirect golang.org/x/time v0.14.0 // indirect - golang.org/x/tools v0.37.0 // indirect + golang.org/x/tools v0.40.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/api v0.215.0 // indirect google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250804133106-a7a43d27e69b // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250804133106-a7a43d27e69b // indirect - google.golang.org/grpc v1.76.0 // indirect - google.golang.org/protobuf v1.36.10 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20251029180050-ab9386a59fda // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20260203192932-546029d2fa20 // indirect + google.golang.org/grpc v1.78.0 // indirect + google.golang.org/protobuf v1.36.11 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/go.sum b/go.sum index ae3e58061..2a4ad144b 100644 --- a/go.sum +++ b/go.sum @@ -32,8 +32,8 @@ cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvf cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/compute/metadata v0.7.0 h1:PBWF+iiAerVNe8UCHxdOt6eHLVc3ydFeOCw78U8ytSU= -cloud.google.com/go/compute/metadata v0.7.0/go.mod h1:j5MvL9PprKL39t166CoB1uVHfQMs4tFQZZcKwksXUjo= +cloud.google.com/go/compute/metadata v0.9.0 h1:pDUj4QMoPejqq20dK0Pg2N4yG9zIkYGdBtwLoEkH9Zs= +cloud.google.com/go/compute/metadata v0.9.0/go.mod h1:E0bWwX5wTnLPedCKqk3pJmVgCBSM6qQI1yTBdEb3C10= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= @@ -123,8 +123,8 @@ github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/CycloneDX/cyclonedx-go v0.9.2 h1:688QHn2X/5nRezKe2ueIVCt+NRqf7fl3AVQk+vaFcIo= github.com/CycloneDX/cyclonedx-go v0.9.2/go.mod h1:vcK6pKgO1WanCdd61qx4bFnSsDJQ6SbM2ZuMIgq86Jg= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.29.0 h1:UQUsRi8WTzhZntp5313l+CHIAT95ojUI2lpP/ExlZa4= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.29.0/go.mod h1:Cz6ft6Dkn3Et6l2v2a9/RpN7epQ1GtDlO6lj8bEcOvw= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.30.0 h1:sBEjpZlNHzK1voKq9695PJSX2o5NEXl7/OL3coiIY0c= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.30.0/go.mod h1:P4WPRUkOhJC13W//jWpyfJNDAIpvRbAUIYLX/4jtlE0= github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.48.1 h1:UQ0AhxogsIRZDkElkblfnwjc3IaltCm2HUMvezQaL7s= github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.48.1/go.mod h1:jyqM3eLpJ3IbIFDTKVz2rF9T/xWGW0rIriGwnz8l9Tk= github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.48.1 h1:oTX4vsorBZo/Zdum6OKPA4o7544hm6smoRv1QjpTwGo= @@ -336,8 +336,8 @@ github.com/cloudflare/circl v1.4.0/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443 h1:aQ3y1lwWyqYPiWZThqv1aFbZMiM9vblcSArJRf2Irls= -github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= +github.com/cncf/xds/go v0.0.0-20251022180443-0feb69152e9f h1:Y8xYupdHxryycyPlc9Y+bSQAYZnetRJ70VMVKm5CKI0= +github.com/cncf/xds/go v0.0.0-20251022180443-0feb69152e9f/go.mod h1:HlzOvOjVBOfTGSRXRyY0OiCS/3J1akRGQQpRO/7zyF4= github.com/cockroachdb/apd/v3 v3.2.1 h1:U+8j7t0axsIgvQUqthuNm82HIrYXodOV2iWLWtEaIwg= github.com/cockroachdb/apd/v3 v3.2.1/go.mod h1:klXJcjp+FffLTHlhIG69tezTDvdP065naDsHzKhYSqc= github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb h1:EDmT6Q9Zs+SbUoc7Ik9EfrFqcylYqgPZ9ANSbTAntnE= @@ -379,20 +379,12 @@ github.com/cpuguy83/dockercfg v0.3.2 h1:DlJTyZGBDlXqUZ2Dk2Q3xHs/FtnooJJVaad2S9GK github.com/cpuguy83/dockercfg v0.3.2/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc= github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= github.com/cpuguy83/go-md2man/v2 v2.0.7 h1:zbFlGlXEAKlwXpmvle3d8Oe3YnkKIK4xSRTd3sHPnBo= github.com/cpuguy83/go-md2man/v2 v2.0.7/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= -github.com/cucumber/gherkin/go/v26 v26.2.0 h1:EgIjePLWiPeslwIWmNQ3XHcypPsWAHoMCz/YEBKP4GI= -github.com/cucumber/gherkin/go/v26 v26.2.0/go.mod h1:t2GAPnB8maCT4lkHL99BDCVNzCh1d7dBhCLt150Nr/0= -github.com/cucumber/godog v0.15.1 h1:rb/6oHDdvVZKS66hrhpjFQFHjthFSrQBCOI1LwshNTI= -github.com/cucumber/godog v0.15.1/go.mod h1:qju+SQDewOljHuq9NSM66s0xEhogx0q30flfxL4WUk8= -github.com/cucumber/messages/go/v21 v21.0.1 h1:wzA0LxwjlWQYZd32VTlAVDTkW6inOFmSM+RuOwHZiMI= -github.com/cucumber/messages/go/v21 v21.0.1/go.mod h1:zheH/2HS9JLVFukdrsPWoPdmUtmYQAQPLk7w5vWsk5s= -github.com/cucumber/messages/go/v22 v22.0.0/go.mod h1:aZipXTKc0JnjCsXrJnuZpWhtay93k7Rn3Dee7iyPJjs= github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f h1:eHnXnuK47UlSTOQexbzxAZfekVz6i+LKRdj1CU5DPaM= github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw= github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s= @@ -426,8 +418,6 @@ github.com/docker/cli v28.2.2+incompatible h1:qzx5BNUDFqlvyq4AHzdNB7gSyVTmU4cgsy github.com/docker/cli v28.2.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v28.2.2+incompatible h1:CjwRSksz8Yo4+RmQ339Dp/D2tGO5JxwYeqtMOEe0LDw= -github.com/docker/docker v28.2.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v28.3.3+incompatible h1:Dypm25kh4rmk49v1eiVbsAtpAsYURjYkaKubwuBdxEI= github.com/docker/docker v28.3.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.9.3 h1:gAm/VtF9wgqJMoxzT3Gj5p4AqIjCBS4wrsOh9yRqcz8= @@ -454,10 +444,10 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.13.4 h1:zEqyPVyku6IvWCFwux4x9RxkLOMUL+1vC9xUFv5l2/M= -github.com/envoyproxy/go-control-plane v0.13.4/go.mod h1:kDfuBlDVsSj2MjrLEtRWtHlsWIFcGyB2RMO44Dc5GZA= -github.com/envoyproxy/go-control-plane/envoy v1.32.4 h1:jb83lalDRZSpPWW2Z7Mck/8kXZ5CQAFYVjQcdVIr83A= -github.com/envoyproxy/go-control-plane/envoy v1.32.4/go.mod h1:Gzjc5k8JcJswLjAx1Zm+wSYE20UrLtt7JZMWiWQXQEw= +github.com/envoyproxy/go-control-plane v0.13.5-0.20251024222203-75eaa193e329 h1:K+fnvUM0VZ7ZFJf0n4L/BRlnsb9pL/GuDG6FqaH+PwM= +github.com/envoyproxy/go-control-plane v0.13.5-0.20251024222203-75eaa193e329/go.mod h1:Alz8LEClvR7xKsrq3qzoc4N0guvVNSS8KmSChGYr9hs= +github.com/envoyproxy/go-control-plane/envoy v1.35.0 h1:ixjkELDE+ru6idPxcHLj8LBVc2bFP7iBytj353BoHUo= +github.com/envoyproxy/go-control-plane/envoy v1.35.0/go.mod h1:09qwbGVuSWWAyN5t/b3iyVfz5+z8QWGrzkoqm/8SbEs= github.com/envoyproxy/go-control-plane/ratelimit v0.1.0 h1:/G9QYbddjL25KvtKTv3an9lx6VBE2cnb8wp1vEGNYGI= github.com/envoyproxy/go-control-plane/ratelimit v0.1.0/go.mod h1:Wk+tMFAFbCXaJPzVVHnPgRKdUdwW/KdbRt94AzgRee4= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= @@ -514,8 +504,8 @@ github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A= github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-jose/go-jose/v3 v3.0.4 h1:Wp5HA7bLQcKnf6YYao/4kpRpVMp/yf6+pJKV8WFSaNY= github.com/go-jose/go-jose/v3 v3.0.4/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= -github.com/go-jose/go-jose/v4 v4.1.2 h1:TK/7NqRQZfgAh+Td8AlsrvtPoUyiHh0LqVvokh+1vHI= -github.com/go-jose/go-jose/v4 v4.1.2/go.mod h1:22cg9HWM1pOlnRiY+9cQYJ9XHmya1bYW8OeDM6Ku6Oo= +github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs= +github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= @@ -576,9 +566,6 @@ github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godoctor/godoctor v0.0.0-20181123222458-69df17f3a6f6/go.mod h1:+tyhT8jBF8E0XvdlSXOSL7Iko7DlNiongHq3q+wcsPs= -github.com/gofrs/uuid v4.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= -github.com/gofrs/uuid v4.3.1+incompatible h1:0/KbAdpx3UXAx1kEOWHJeOkpbgRFGHVgv+CFIY7dBJI= -github.com/gofrs/uuid v4.3.1+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= @@ -727,11 +714,6 @@ github.com/hashicorp/go-getter v1.8.1/go.mod h1:2mndIb0CxmdA4Vdc9KcsaAQ/NpADl76u github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-immutable-radix v1.3.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc= -github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-memdb v1.3.4 h1:XSL3NR682X/cVk2IeV0d70N4DZ9ljI885xAEU8IoK3c= -github.com/hashicorp/go-memdb v1.3.4/go.mod h1:uBTr1oQbtuMgd1SSGoR8YV27eT3sBHbYiNm53bMpgSg= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= @@ -753,14 +735,11 @@ github.com/hashicorp/go-sockaddr v1.0.5/go.mod h1:uoUUmtwU7n9Dv3O4SNLeFvg0SxQ3ly github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-uuid v1.0.2 h1:cfejS+Tpcp13yd5nYHWDI6qVCny6wyX2Mt5SGur2IGE= -github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY= github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c= github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= @@ -779,10 +758,10 @@ github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef/go.mod h1:lADxMC39cJ github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/in-toto/attestation v1.1.0 h1:oRWzfmZPDSctChD0VaQV7MJrywKOzyNrtpENQFq//2Q= -github.com/in-toto/attestation v1.1.0/go.mod h1:DB59ytd3z7cIHgXxwpSX2SABrU6WJUKg/grpdgHVgVs= -github.com/in-toto/in-toto-golang v0.9.0 h1:tHny7ac4KgtsfrG6ybU8gVOZux2H8jN05AXJ9EBM1XU= -github.com/in-toto/in-toto-golang v0.9.0/go.mod h1:xsBVrVsHNsB61++S6Dy2vWosKhuA3lUTQd+eF9HdeMo= +github.com/in-toto/attestation v1.1.2 h1:MBFn6lsMq6dptQZJBhalXTcWMb/aJy3V+GX3VYj/V1E= +github.com/in-toto/attestation v1.1.2/go.mod h1:gYFddHMZj3DiQ0b62ltNi1Vj5rC879bTmBbrv9CRHpM= +github.com/in-toto/in-toto-golang v0.10.0 h1:+s2eZQSK3WmWfYV85qXVSBfqgawi/5L02MaqA4o/tpM= +github.com/in-toto/in-toto-golang v0.10.0/go.mod h1:wjT4RiyFlLWCmLUJjwB8oZcjaq7HA390aMJcD3xXgmg= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= @@ -831,7 +810,6 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxv github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= @@ -1068,8 +1046,8 @@ github.com/sassoftware/relic v7.2.1+incompatible/go.mod h1:CWfAxv73/iLZ17rbyhIEq github.com/sassoftware/relic/v7 v7.6.2 h1:rS44Lbv9G9eXsukknS4mSjIAuuX+lMq/FnStgmZlUv4= github.com/sassoftware/relic/v7 v7.6.2/go.mod h1:kjmP0IBVkJZ6gXeAu35/KCEfca//+PKM6vTAsyDPY+k= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= -github.com/secure-systems-lab/go-securesystemslib v0.9.0 h1:rf1HIbL64nUpEIZnjLZ3mcNEL9NBPB0iuVjyxvq3LZc= -github.com/secure-systems-lab/go-securesystemslib v0.9.0/go.mod h1:DVHKMcZ+V4/woA/peqr+L0joiRXbPpQ042GgJckkFgw= +github.com/secure-systems-lab/go-securesystemslib v0.10.0 h1:l+H5ErcW0PAehBNrBxoGv1jjNpGYdZ9RcheFkB2WI14= +github.com/secure-systems-lab/go-securesystemslib v0.10.0/go.mod h1:MRKONWmRoFzPNQ9USRF9i1mc7MvAVvF1LlW8X5VWDvk= github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c= github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= @@ -1151,22 +1129,21 @@ github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y= github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk= -github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= -github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo= -github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0= +github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU= +github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/pflag v1.0.7 h1:vN6T9TfwStFPFM5XzjsvmzZkLuaLX+HS+0SeFLRgU6M= -github.com/spf13/pflag v1.0.7/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= +github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns= github.com/spf13/viper v1.20.1 h1:ZMi+z/lvLyPSCoNtFCpqjy0S4kPbirhpTMwl8BkW9X4= github.com/spf13/viper v1.20.1/go.mod h1:P9Mdzt1zoHIG8m2eZQinpiBjo6kCmZSKBClNNqjJvu4= -github.com/spiffe/go-spiffe/v2 v2.5.0 h1:N2I01KCUkv1FAjZXJMwh95KK1ZIQLYbPfhaxw8WS0hE= -github.com/spiffe/go-spiffe/v2 v2.5.0/go.mod h1:P+NxobPc6wXhVtINNtFjNWGBTreew1GBUCwT2wPmb7g= +github.com/spiffe/go-spiffe/v2 v2.6.0 h1:l+DolpxNWYgruGQVV0xsfeya3CsC7m8iBzDnMpsbLuo= +github.com/spiffe/go-spiffe/v2 v2.6.0/go.mod h1:gm2SeUoMZEtpnzPNs2Csc0D/gX33k1xIx7lEzqblHEs= github.com/stoewer/go-strcase v1.3.0 h1:g0eASXYtp+yvN9fK8sH94oCIk0fau9uV1/ZdJ0AVEzs= github.com/stoewer/go-strcase v1.3.0/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -1292,8 +1269,6 @@ github.com/zclconf/go-cty v1.16.2 h1:LAJSwc3v81IRBZyUVQDUdZ7hs3SYs9jv0eZJDWHD/70 github.com/zclconf/go-cty v1.16.2/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6ZMSMNJFMOjqrGHynW3DIBuR2H9j0ug+Mo= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM= -github.com/zeebo/errs v1.4.0 h1:XNdoD/RRMKP7HD0UhJnIzUy74ISdGGxURlYG8HSWSfM= -github.com/zeebo/errs v1.4.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4= go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= go.etcd.io/etcd/api/v3 v3.6.4 h1:7F6N7toCKcV72QmoUKa23yYLiiljMrT4xCeBL9BmXdo= go.etcd.io/etcd/api/v3 v3.6.4/go.mod h1:eFhhvfR8Px1P6SEuLT600v+vrhdDTdcfMzmnxVXXSbk= @@ -1314,16 +1289,16 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= -go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/contrib/detectors/gcp v1.36.0 h1:F7q2tNlCaHY9nMKHR6XH9/qkp8FktLnIcy6jJNyOCQw= -go.opentelemetry.io/contrib/detectors/gcp v1.36.0/go.mod h1:IbBN8uAIIx734PTonTPxAxnjc2pQTxWNkwfstZ+6H2k= +go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= +go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= +go.opentelemetry.io/contrib/detectors/gcp v1.38.0 h1:ZoYbqX7OaA/TAikspPl3ozPI6iY6LiIY9I8cUfm+pJs= +go.opentelemetry.io/contrib/detectors/gcp v1.38.0/go.mod h1:SU+iU7nu5ud4oCb3LQOhIZ3nRLj6FNVrKgtflbaf2ts= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 h1:x7wzEgXfnzJcHDwStJT+mxOz4etr2EcexjqhBvmoakw= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0/go.mod h1:rg+RlpR5dKwaS95IyyZqj5Wd4E13lk/msnTS0Xl9lJM= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 h1:F7Jx+6hwnZ41NSFTO5q4LYDtJRXBf2PD0rNBkeB/lus= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0/go.mod h1:UHB22Z8QsdRDrnAtX4PntOl36ajSxcdUMt1sF7Y6E7Q= -go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ= -go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I= +go.opentelemetry.io/otel v1.38.0 h1:RkfdswUDRimDg0m2Az18RKOsnI8UDzppJAtj01/Ymk8= +go.opentelemetry.io/otel v1.38.0/go.mod h1:zcmtmQ1+YmQM9wrNsTGV/q/uyusom3P8RxwExxkZhjM= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.36.0 h1:dNzwXjZKpMpE2JhmO+9HsPl42NIXFIFSUSSs0fiqra0= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.36.0/go.mod h1:90PoxvaEB5n6AOdZvi+yWJQoE95U8Dhhw2bSyRqnTD0= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0 h1:JgtbA0xkWHnTmYk7YusopJFX6uleBmAuZ8n05NEh8nQ= @@ -1332,16 +1307,16 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.36.0 h1:nRVXX go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.36.0/go.mod h1:r49hO7CgrxY9Voaj3Xe8pANWtr0Oq916d0XAmOoCZAQ= go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0 h1:WDdP9acbMYjbKIyJUhTvtzj601sVJOqgWdUxSdR/Ysc= go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0/go.mod h1:BLbf7zbNIONBLPwvFnwNHGj4zge8uTCM/UPIVW1Mq2I= -go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE= -go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E= -go.opentelemetry.io/otel/sdk v1.37.0 h1:ItB0QUqnjesGRvNcmAcU0LyvkVyGJ2xftD29bWdDvKI= -go.opentelemetry.io/otel/sdk v1.37.0/go.mod h1:VredYzxUvuo2q3WRcDnKDjbdvmO0sCzOvVAiY+yUkAg= -go.opentelemetry.io/otel/sdk/metric v1.37.0 h1:90lI228XrB9jCMuSdA0673aubgRobVZFhbjxHHspCPc= -go.opentelemetry.io/otel/sdk/metric v1.37.0/go.mod h1:cNen4ZWfiD37l5NhS+Keb5RXVWZWpRE+9WyVCpbo5ps= -go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4= -go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0= -go.opentelemetry.io/proto/otlp v1.6.0 h1:jQjP+AQyTf+Fe7OKj/MfkDrmK4MNVtw2NpXsf9fefDI= -go.opentelemetry.io/proto/otlp v1.6.0/go.mod h1:cicgGehlFuNdgZkcALOCh3VE6K/u2tAjzlRhDwmVpZc= +go.opentelemetry.io/otel/metric v1.38.0 h1:Kl6lzIYGAh5M159u9NgiRkmoMKjvbsKtYRwgfrA6WpA= +go.opentelemetry.io/otel/metric v1.38.0/go.mod h1:kB5n/QoRM8YwmUahxvI3bO34eVtQf2i4utNVLr9gEmI= +go.opentelemetry.io/otel/sdk v1.38.0 h1:l48sr5YbNf2hpCUj/FoGhW9yDkl+Ma+LrVl8qaM5b+E= +go.opentelemetry.io/otel/sdk v1.38.0/go.mod h1:ghmNdGlVemJI3+ZB5iDEuk4bWA3GkTpW+DOoZMYBVVg= +go.opentelemetry.io/otel/sdk/metric v1.38.0 h1:aSH66iL0aZqo//xXzQLYozmWrXxyFkBJ6qT5wthqPoM= +go.opentelemetry.io/otel/sdk/metric v1.38.0/go.mod h1:dg9PBnW9XdQ1Hd6ZnRz689CbtrUp0wMMs9iPcgT9EZA= +go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJrmcNLE= +go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs= +go.opentelemetry.io/proto/otlp v1.7.0 h1:jX1VolD6nHuFzOYso2E73H85i92Mv8JQYk0K9vz09os= +go.opentelemetry.io/proto/otlp v1.7.0/go.mod h1:fSKjH6YJ7HDlwzltzyMj036AJ3ejJLCgCSHGj4efDDo= go.step.sm/crypto v0.51.2 h1:5EiCGIMg7IvQTGmJrwRosbXeprtT80OhoS/PJarg60o= go.step.sm/crypto v0.51.2/go.mod h1:QK7czLjN2k+uqVp5CHXxJbhc70kVRSP+0CQF3zsR5M0= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= @@ -1384,8 +1359,8 @@ golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58 golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI= -golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8= +golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8= +golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -1426,8 +1401,8 @@ golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA= -golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w= +golang.org/x/mod v0.31.0 h1:HaW9xtz0+kOcWKwli0ZXy79Ix+UW/vOfmWI5QVd2tgI= +golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1481,8 +1456,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= -golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I= -golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY= +golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o= +golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1497,8 +1472,8 @@ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= -golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= -golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= +golang.org/x/oauth2 v0.32.0 h1:jsCblLleRMDrxMN29H3z/k1KliIvpLgCkE6R8FXXNgY= +golang.org/x/oauth2 v0.32.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1514,8 +1489,8 @@ golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug= -golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= +golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1594,8 +1569,8 @@ golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ= -golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ= +golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= @@ -1604,8 +1579,8 @@ golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= -golang.org/x/term v0.35.0 h1:bZBVKBudEyhRcajGcNc3jIfWPqV4y/Kt2XcoigOWtDQ= -golang.org/x/term v0.35.0/go.mod h1:TPGtkTLesOwf2DE8CgVYiZinHAOuy5AYUYT1lENIZnA= +golang.org/x/term v0.39.0 h1:RclSuaJf32jOqZz74CkPA9qFuVTX7vhLlpfj/IGWlqY= +golang.org/x/term v0.39.0/go.mod h1:yxzUCTP/U+FzoxfdKmLaA0RV1WgE0VY7hXBwKtY/4ww= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1619,8 +1594,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk= -golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4= +golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE= +golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1685,8 +1660,8 @@ golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= -golang.org/x/tools v0.37.0 h1:DVSRzp7FwePZW356yEAChSdNcQo6Nsp+fex1SUW09lE= -golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w= +golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA= +golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1772,10 +1747,10 @@ google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaE google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD4Q5w+vfEnPvPpuTwedCNVohYJfNk= google.golang.org/genproto v0.0.0-20241118233622-e639e219e697/go.mod h1:JJrvXBWRZaFMxBufik1a4RpFw4HhgVtBBWQeQgUj2cc= -google.golang.org/genproto/googleapis/api v0.0.0-20250804133106-a7a43d27e69b h1:ULiyYQ0FdsJhwwZUwbaXpZF5yUE3h+RA+gxvBu37ucc= -google.golang.org/genproto/googleapis/api v0.0.0-20250804133106-a7a43d27e69b/go.mod h1:oDOGiMSXHL4sDTJvFvIB9nRQCGdLP1o/iVaqQK8zB+M= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250804133106-a7a43d27e69b h1:zPKJod4w6F1+nRGDI9ubnXYhU9NSWoFAijkHkUXeTK8= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250804133106-a7a43d27e69b/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= +google.golang.org/genproto/googleapis/api v0.0.0-20251029180050-ab9386a59fda h1:+2XxjfsAu6vqFxwGBRcHiMaDCuZiqXGDUDVWVtrFAnE= +google.golang.org/genproto/googleapis/api v0.0.0-20251029180050-ab9386a59fda/go.mod h1:fDMmzKV90WSg1NbozdqrE64fkuTv6mlq2zxo9ad+3yo= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260203192932-546029d2fa20 h1:Jr5R2J6F6qWyzINc+4AM8t5pfUz6beZpHp678GNrMbE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260203192932-546029d2fa20/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1796,8 +1771,8 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.76.0 h1:UnVkv1+uMLYXoIz6o7chp59WfQUYA2ex/BXQ9rHZu7A= -google.golang.org/grpc v1.76.0/go.mod h1:Ju12QI8M6iQJtbcsV+awF5a4hfJMLi4X0JLo94ULZ6c= +google.golang.org/grpc v1.78.0 h1:K1XZG/yGDJnzMdd/uZHAkVqJE+xIDOcmdSFZkBUicNc= +google.golang.org/grpc v1.78.0/go.mod h1:I47qjTo4OKbMkjA/aOOwxDIiPSBofUtQUI5EfpWvW7U= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -1812,8 +1787,8 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= -google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= +google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= +google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/internal/attestation/__snapshots__/slsa_provenance_v1_test.snap b/internal/attestation/__snapshots__/slsa_provenance_v1_test.snap index e245eaa75..c1386fee3 100755 --- a/internal/attestation/__snapshots__/slsa_provenance_v1_test.snap +++ b/internal/attestation/__snapshots__/slsa_provenance_v1_test.snap @@ -100,3 +100,36 @@ https://in-toto.io/Statement/v0.1 "type": "https://in-toto.io/Statement/v0.1" } --- + +[TestSLSAProvenanceFromSignatureV1/valid_with_v1_statement_type - 1] +https://in-toto.io/Statement/v0.1 +[]signature.EntitySignature{ + { + KeyID: "6add046e38418d021a562c6a8633d5eca7379595", + Signature: "sig-1", + Certificate: "-----BEGIN CERTIFICATE-----\nMIIG2TCCBl+gAwIBAgIUdtQgx3Mj6A3T0X7Oh8bS1nNABTEwCgYIKoZIzj0EAwMw\nNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRl\ncm1lZGlhdGUwHhcNMjMwNjA3MDMxNDEyWhcNMjMwNjA3MDMyNDEyWjAAMFkwEwYH\nKoZIzj0CAQYIKoZIzj0DAQcDQgAEz6tsPZHx7njElmbGbMYxKiYneuofINbOE8Tg\n1gkyQcckWyu1xA/Fs0O1SpPkn/KJYLJ3J5ziqgd1EguuCqK3Z6OCBX4wggV6MA4G\nA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUat0E\nbjhBjQIaVixqhjPV7Kc3lZUwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4Y\nZD8waAYDVR0RAQH/BF4wXIZaaHR0cHM6Ly9naXRodWIuY29tL2NoYWluZ3VhcmQt\naW1hZ2VzL2ltYWdlcy8uZ2l0aHViL3dvcmtmbG93cy9yZWxlYXNlLnlhbWxAcmVm\ncy9oZWFkcy9tYWluMDkGCisGAQQBg78wAQEEK2h0dHBzOi8vdG9rZW4uYWN0aW9u\ncy5naXRodWJ1c2VyY29udGVudC5jb20wEgYKKwYBBAGDvzABAgQEcHVzaDA2Bgor\nBgEEAYO/MAEDBChlMWRjZGY3MGJlMzI2YTQ5NDI5NTc1NDYyMmZlMzQ2MzE2MDA1\nMzFhMCwGCisGAQQBg78wAQQEHi5naXRodWIvd29ya2Zsb3dzL3JlbGVhc2UueWFt\nbDAmBgorBgEEAYO/MAEFBBhjaGFpbmd1YXJkLWltYWdlcy9pbWFnZXMwHQYKKwYB\nBAGDvzABBgQPcmVmcy9oZWFkcy9tYWluMDsGCisGAQQBg78wAQgELQwraHR0cHM6\nLy90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbTBqBgorBgEEAYO/\nMAEJBFwMWmh0dHBzOi8vZ2l0aHViLmNvbS9jaGFpbmd1YXJkLWltYWdlcy9pbWFn\nZXMvLmdpdGh1Yi93b3JrZmxvd3MvcmVsZWFzZS55YW1sQHJlZnMvaGVhZHMvbWFp\nbjA4BgorBgEEAYO/MAEKBCoMKGUxZGNkZjcwYmUzMjZhNDk0Mjk1NzU0NjIyZmUz\nNDYzMTYwMDUzMWEwHQYKKwYBBAGDvzABCwQPDA1naXRodWItaG9zdGVkMDsGCisG\nAQQBg78wAQwELQwraHR0cHM6Ly9naXRodWIuY29tL2NoYWluZ3VhcmQtaW1hZ2Vz\nL2ltYWdlczA4BgorBgEEAYO/MAENBCoMKGUxZGNkZjcwYmUzMjZhNDk0Mjk1NzU0\nNjIyZmUzNDYzMTYwMDUzMWEwHwYKKwYBBAGDvzABDgQRDA9yZWZzL2hlYWRzL21h\naW4wGQYKKwYBBAGDvzABDwQLDAk1NjM1MTA5NTIwNAYKKwYBBAGDvzABEAQmDCRo\ndHRwczovL2dpdGh1Yi5jb20vY2hhaW5ndWFyZC1pbWFnZXMwGQYKKwYBBAGDvzAB\nEQQLDAkxMTMxOTg1NDUwagYKKwYBBAGDvzABEgRcDFpodHRwczovL2dpdGh1Yi5j\nb20vY2hhaW5ndWFyZC1pbWFnZXMvaW1hZ2VzLy5naXRodWIvd29ya2Zsb3dzL3Jl\nbGVhc2UueWFtbEByZWZzL2hlYWRzL21haW4wOAYKKwYBBAGDvzABEwQqDChlMWRj\nZGY3MGJlMzI2YTQ5NDI5NTc1NDYyMmZlMzQ2MzE2MDA1MzFhMBQGCisGAQQBg78w\nARQEBgwEcHVzaDBeBgorBgEEAYO/MAEVBFAMTmh0dHBzOi8vZ2l0aHViLmNvbS9j\naGFpbmd1YXJkLWltYWdlcy9pbWFnZXMvYWN0aW9ucy9ydW5zLzUxOTU1MDc2MzYv\nYXR0ZW1wdHMvMTCBigYKKwYBBAHWeQIEAgR8BHoAeAB2AN09MGrGxxEyYxkeHJln\nNwKiSl643jyt/4eKcoAvKe6OAAABiJPZADAAAAQDAEcwRQIgdHXB0QGS/GWkBnY1\nAZXSwb6/tbnnaVeWzde3t0fkkRMCIQC0bwdhWep548Cp4LzBPgGD0eioadqQdJHe\nXtVXBkD1dDAKBggqhkjOPQQDAwNoADBlAjBPpXDUSaAk5D6T1Eaqh+TRSQXr6rqV\nYxAJb/NgDbq8tTVLKustJDu2V9TQcpSzuKICMQDt0EAHmTISmKC8H3dciTrySh2l\nuS2rfl+L2AFS6DxAmVTBR3dlbrxQsUxshBWyH5s=\n-----END CERTIFICATE-----\n", + Chain: {"-----BEGIN CERTIFICATE-----\nMIICGjCCAaGgAwIBAgIUALnViVfnU0brJasmRkHrn/UnfaQwCgYIKoZIzj0EAwMw\nKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0y\nMjA0MTMyMDA2MTVaFw0zMTEwMDUxMzU2NThaMDcxFTATBgNVBAoTDHNpZ3N0b3Jl\nLmRldjEeMBwGA1UEAxMVc2lnc3RvcmUtaW50ZXJtZWRpYXRlMHYwEAYHKoZIzj0C\nAQYFK4EEACIDYgAE8RVS/ysH+NOvuDZyPIZtilgUF9NlarYpAd9HP1vBBH1U5CV7\n7LSS7s0ZiH4nE7Hv7ptS6LvvR/STk798LVgMzLlJ4HeIfF3tHSaexLcYpSASr1kS\n0N/RgBJz/9jWCiXno3sweTAOBgNVHQ8BAf8EBAMCAQYwEwYDVR0lBAwwCgYIKwYB\nBQUHAwMwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU39Ppz1YkEZb5qNjp\nKFWixi4YZD8wHwYDVR0jBBgwFoAUWMAeX5FFpWapesyQoZMi0CrFxfowCgYIKoZI\nzj0EAwMDZwAwZAIwPCsQK4DYiZYDPIaDi5HFKnfxXx6ASSVmERfsynYBiX2X6SJR\nnZU84/9DZdnFvvxmAjBOt6QpBlc4J/0DxvkTCqpclvziL6BCCPnjdlIB3Pu3BxsP\nmygUY7Ii2zbdCdliiow=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIB9zCCAXygAwIBAgIUALZNAPFdxHPwjeDloDwyYChAO/4wCgYIKoZIzj0EAwMw\nKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0y\nMTEwMDcxMzU2NTlaFw0zMTEwMDUxMzU2NThaMCoxFTATBgNVBAoTDHNpZ3N0b3Jl\nLmRldjERMA8GA1UEAxMIc2lnc3RvcmUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAT7\nXeFT4rb3PQGwS4IajtLk3/OlnpgangaBclYpsYBr5i+4ynB07ceb3LP0OIOZdxex\nX69c5iVuyJRQ+Hz05yi+UF3uBWAlHpiS5sh0+H2GHE7SXrk1EC5m1Tr19L9gg92j\nYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRY\nwB5fkUWlZql6zJChkyLQKsXF+jAfBgNVHSMEGDAWgBRYwB5fkUWlZql6zJChkyLQ\nKsXF+jAKBggqhkjOPQQDAwNpADBmAjEAj1nHeXZp+13NWBNa+EDsDP8G1WWg1tCM\nWP/WHPqpaVo0jhsweNFZgSs0eE7wYI4qAjEA2WB9ot98sIkoF3vZYdd3/VtWB5b9\nTNMea7Ix/stJ5TfcLLeABLE4BNJOsQ4vnBHJ\n-----END CERTIFICATE-----\n"}, + Metadata: {"Fulcio Build Config Digest":"e1dcdf70be326a494295754622fe34631600531a", "Fulcio Build Config URI":"https://github.com/chainguard-images/images/.github/workflows/release.yaml@refs/heads/main", "Fulcio Build Signer Digest":"e1dcdf70be326a494295754622fe34631600531a", "Fulcio Build Signer URI":"https://github.com/chainguard-images/images/.github/workflows/release.yaml@refs/heads/main", "Fulcio Build Trigger":"push", "Fulcio GitHub Workflow Name":".github/workflows/release.yaml", "Fulcio GitHub Workflow Ref":"refs/heads/main", "Fulcio GitHub Workflow Repository":"chainguard-images/images", "Fulcio GitHub Workflow SHA":"e1dcdf70be326a494295754622fe34631600531a", "Fulcio GitHub Workflow Trigger":"push", "Fulcio Issuer":"https://token.actions.githubusercontent.com", "Fulcio Issuer (V2)":"https://token.actions.githubusercontent.com", "Fulcio Run Invocation URI":"https://github.com/chainguard-images/images/actions/runs/5195507636/attempts/1", "Fulcio Runner Environment":"github-hosted", "Fulcio Source Repository Digest":"e1dcdf70be326a494295754622fe34631600531a", "Fulcio Source Repository Identifier":"563510952", "Fulcio Source Repository Owner Identifier":"113198545", "Fulcio Source Repository Owner URI":"https://github.com/chainguard-images", "Fulcio Source Repository Ref":"refs/heads/main", "Fulcio Source Repository URI":"https://github.com/chainguard-images/images", "Issuer":"CN=sigstore-intermediate,O=sigstore.dev", "Not After":"2023-06-07T03:24:12Z", "Not Before":"2023-06-07T03:14:12Z", "Serial Number":"76d420c77323e80dd3d17ece87c6d2d673400531", "Subject Alternative Name":"URIs:https://github.com/chainguard-images/images/.github/workflows/release.yaml@refs/heads/main"}, + }, + { + KeyID: "6add046e38418d021a562c6a8633d5eca7379595", + Signature: "sig-2", + Certificate: "-----BEGIN CERTIFICATE-----\nMIIG2TCCBl+gAwIBAgIUdtQgx3Mj6A3T0X7Oh8bS1nNABTEwCgYIKoZIzj0EAwMw\nNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRl\ncm1lZGlhdGUwHhcNMjMwNjA3MDMxNDEyWhcNMjMwNjA3MDMyNDEyWjAAMFkwEwYH\nKoZIzj0CAQYIKoZIzj0DAQcDQgAEz6tsPZHx7njElmbGbMYxKiYneuofINbOE8Tg\n1gkyQcckWyu1xA/Fs0O1SpPkn/KJYLJ3J5ziqgd1EguuCqK3Z6OCBX4wggV6MA4G\nA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUat0E\nbjhBjQIaVixqhjPV7Kc3lZUwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4Y\nZD8waAYDVR0RAQH/BF4wXIZaaHR0cHM6Ly9naXRodWIuY29tL2NoYWluZ3VhcmQt\naW1hZ2VzL2ltYWdlcy8uZ2l0aHViL3dvcmtmbG93cy9yZWxlYXNlLnlhbWxAcmVm\ncy9oZWFkcy9tYWluMDkGCisGAQQBg78wAQEEK2h0dHBzOi8vdG9rZW4uYWN0aW9u\ncy5naXRodWJ1c2VyY29udGVudC5jb20wEgYKKwYBBAGDvzABAgQEcHVzaDA2Bgor\nBgEEAYO/MAEDBChlMWRjZGY3MGJlMzI2YTQ5NDI5NTc1NDYyMmZlMzQ2MzE2MDA1\nMzFhMCwGCisGAQQBg78wAQQEHi5naXRodWIvd29ya2Zsb3dzL3JlbGVhc2UueWFt\nbDAmBgorBgEEAYO/MAEFBBhjaGFpbmd1YXJkLWltYWdlcy9pbWFnZXMwHQYKKwYB\nBAGDvzABBgQPcmVmcy9oZWFkcy9tYWluMDsGCisGAQQBg78wAQgELQwraHR0cHM6\nLy90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbTBqBgorBgEEAYO/\nMAEJBFwMWmh0dHBzOi8vZ2l0aHViLmNvbS9jaGFpbmd1YXJkLWltYWdlcy9pbWFn\nZXMvLmdpdGh1Yi93b3JrZmxvd3MvcmVsZWFzZS55YW1sQHJlZnMvaGVhZHMvbWFp\nbjA4BgorBgEEAYO/MAEKBCoMKGUxZGNkZjcwYmUzMjZhNDk0Mjk1NzU0NjIyZmUz\nNDYzMTYwMDUzMWEwHQYKKwYBBAGDvzABCwQPDA1naXRodWItaG9zdGVkMDsGCisG\nAQQBg78wAQwELQwraHR0cHM6Ly9naXRodWIuY29tL2NoYWluZ3VhcmQtaW1hZ2Vz\nL2ltYWdlczA4BgorBgEEAYO/MAENBCoMKGUxZGNkZjcwYmUzMjZhNDk0Mjk1NzU0\nNjIyZmUzNDYzMTYwMDUzMWEwHwYKKwYBBAGDvzABDgQRDA9yZWZzL2hlYWRzL21h\naW4wGQYKKwYBBAGDvzABDwQLDAk1NjM1MTA5NTIwNAYKKwYBBAGDvzABEAQmDCRo\ndHRwczovL2dpdGh1Yi5jb20vY2hhaW5ndWFyZC1pbWFnZXMwGQYKKwYBBAGDvzAB\nEQQLDAkxMTMxOTg1NDUwagYKKwYBBAGDvzABEgRcDFpodHRwczovL2dpdGh1Yi5j\nb20vY2hhaW5ndWFyZC1pbWFnZXMvaW1hZ2VzLy5naXRodWIvd29ya2Zsb3dzL3Jl\nbGVhc2UueWFtbEByZWZzL2hlYWRzL21haW4wOAYKKwYBBAGDvzABEwQqDChlMWRj\nZGY3MGJlMzI2YTQ5NDI5NTc1NDYyMmZlMzQ2MzE2MDA1MzFhMBQGCisGAQQBg78w\nARQEBgwEcHVzaDBeBgorBgEEAYO/MAEVBFAMTmh0dHBzOi8vZ2l0aHViLmNvbS9j\naGFpbmd1YXJkLWltYWdlcy9pbWFnZXMvYWN0aW9ucy9ydW5zLzUxOTU1MDc2MzYv\nYXR0ZW1wdHMvMTCBigYKKwYBBAHWeQIEAgR8BHoAeAB2AN09MGrGxxEyYxkeHJln\nNwKiSl643jyt/4eKcoAvKe6OAAABiJPZADAAAAQDAEcwRQIgdHXB0QGS/GWkBnY1\nAZXSwb6/tbnnaVeWzde3t0fkkRMCIQC0bwdhWep548Cp4LzBPgGD0eioadqQdJHe\nXtVXBkD1dDAKBggqhkjOPQQDAwNoADBlAjBPpXDUSaAk5D6T1Eaqh+TRSQXr6rqV\nYxAJb/NgDbq8tTVLKustJDu2V9TQcpSzuKICMQDt0EAHmTISmKC8H3dciTrySh2l\nuS2rfl+L2AFS6DxAmVTBR3dlbrxQsUxshBWyH5s=\n-----END CERTIFICATE-----\n", + Chain: {"-----BEGIN CERTIFICATE-----\nMIICGjCCAaGgAwIBAgIUALnViVfnU0brJasmRkHrn/UnfaQwCgYIKoZIzj0EAwMw\nKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0y\nMjA0MTMyMDA2MTVaFw0zMTEwMDUxMzU2NThaMDcxFTATBgNVBAoTDHNpZ3N0b3Jl\nLmRldjEeMBwGA1UEAxMVc2lnc3RvcmUtaW50ZXJtZWRpYXRlMHYwEAYHKoZIzj0C\nAQYFK4EEACIDYgAE8RVS/ysH+NOvuDZyPIZtilgUF9NlarYpAd9HP1vBBH1U5CV7\n7LSS7s0ZiH4nE7Hv7ptS6LvvR/STk798LVgMzLlJ4HeIfF3tHSaexLcYpSASr1kS\n0N/RgBJz/9jWCiXno3sweTAOBgNVHQ8BAf8EBAMCAQYwEwYDVR0lBAwwCgYIKwYB\nBQUHAwMwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU39Ppz1YkEZb5qNjp\nKFWixi4YZD8wHwYDVR0jBBgwFoAUWMAeX5FFpWapesyQoZMi0CrFxfowCgYIKoZI\nzj0EAwMDZwAwZAIwPCsQK4DYiZYDPIaDi5HFKnfxXx6ASSVmERfsynYBiX2X6SJR\nnZU84/9DZdnFvvxmAjBOt6QpBlc4J/0DxvkTCqpclvziL6BCCPnjdlIB3Pu3BxsP\nmygUY7Ii2zbdCdliiow=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIB9zCCAXygAwIBAgIUALZNAPFdxHPwjeDloDwyYChAO/4wCgYIKoZIzj0EAwMw\nKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0y\nMTEwMDcxMzU2NTlaFw0zMTEwMDUxMzU2NThaMCoxFTATBgNVBAoTDHNpZ3N0b3Jl\nLmRldjERMA8GA1UEAxMIc2lnc3RvcmUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAT7\nXeFT4rb3PQGwS4IajtLk3/OlnpgangaBclYpsYBr5i+4ynB07ceb3LP0OIOZdxex\nX69c5iVuyJRQ+Hz05yi+UF3uBWAlHpiS5sh0+H2GHE7SXrk1EC5m1Tr19L9gg92j\nYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRY\nwB5fkUWlZql6zJChkyLQKsXF+jAfBgNVHSMEGDAWgBRYwB5fkUWlZql6zJChkyLQ\nKsXF+jAKBggqhkjOPQQDAwNpADBmAjEAj1nHeXZp+13NWBNa+EDsDP8G1WWg1tCM\nWP/WHPqpaVo0jhsweNFZgSs0eE7wYI4qAjEA2WB9ot98sIkoF3vZYdd3/VtWB5b9\nTNMea7Ix/stJ5TfcLLeABLE4BNJOsQ4vnBHJ\n-----END CERTIFICATE-----\n"}, + Metadata: {"Fulcio Build Config Digest":"e1dcdf70be326a494295754622fe34631600531a", "Fulcio Build Config URI":"https://github.com/chainguard-images/images/.github/workflows/release.yaml@refs/heads/main", "Fulcio Build Signer Digest":"e1dcdf70be326a494295754622fe34631600531a", "Fulcio Build Signer URI":"https://github.com/chainguard-images/images/.github/workflows/release.yaml@refs/heads/main", "Fulcio Build Trigger":"push", "Fulcio GitHub Workflow Name":".github/workflows/release.yaml", "Fulcio GitHub Workflow Ref":"refs/heads/main", "Fulcio GitHub Workflow Repository":"chainguard-images/images", "Fulcio GitHub Workflow SHA":"e1dcdf70be326a494295754622fe34631600531a", "Fulcio GitHub Workflow Trigger":"push", "Fulcio Issuer":"https://token.actions.githubusercontent.com", "Fulcio Issuer (V2)":"https://token.actions.githubusercontent.com", "Fulcio Run Invocation URI":"https://github.com/chainguard-images/images/actions/runs/5195507636/attempts/1", "Fulcio Runner Environment":"github-hosted", "Fulcio Source Repository Digest":"e1dcdf70be326a494295754622fe34631600531a", "Fulcio Source Repository Identifier":"563510952", "Fulcio Source Repository Owner Identifier":"113198545", "Fulcio Source Repository Owner URI":"https://github.com/chainguard-images", "Fulcio Source Repository Ref":"refs/heads/main", "Fulcio Source Repository URI":"https://github.com/chainguard-images/images", "Issuer":"CN=sigstore-intermediate,O=sigstore.dev", "Not After":"2023-06-07T03:24:12Z", "Not Before":"2023-06-07T03:14:12Z", "Serial Number":"76d420c77323e80dd3d17ece87c6d2d673400531", "Subject Alternative Name":"URIs:https://github.com/chainguard-images/images/.github/workflows/release.yaml@refs/heads/main"}, + }, +} +--- + +[TestSLSAProvenanceFromSignatureV1/backward_compatibility_with_v0.1_statement_type - 1] +https://in-toto.io/Statement/v0.1 +[]signature.EntitySignature{ + { + KeyID: "6add046e38418d021a562c6a8633d5eca7379595", + Signature: "sig-1", + Certificate: "-----BEGIN CERTIFICATE-----\nMIIG2TCCBl+gAwIBAgIUdtQgx3Mj6A3T0X7Oh8bS1nNABTEwCgYIKoZIzj0EAwMw\nNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRl\ncm1lZGlhdGUwHhcNMjMwNjA3MDMxNDEyWhcNMjMwNjA3MDMyNDEyWjAAMFkwEwYH\nKoZIzj0CAQYIKoZIzj0DAQcDQgAEz6tsPZHx7njElmbGbMYxKiYneuofINbOE8Tg\n1gkyQcckWyu1xA/Fs0O1SpPkn/KJYLJ3J5ziqgd1EguuCqK3Z6OCBX4wggV6MA4G\nA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUat0E\nbjhBjQIaVixqhjPV7Kc3lZUwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4Y\nZD8waAYDVR0RAQH/BF4wXIZaaHR0cHM6Ly9naXRodWIuY29tL2NoYWluZ3VhcmQt\naW1hZ2VzL2ltYWdlcy8uZ2l0aHViL3dvcmtmbG93cy9yZWxlYXNlLnlhbWxAcmVm\ncy9oZWFkcy9tYWluMDkGCisGAQQBg78wAQEEK2h0dHBzOi8vdG9rZW4uYWN0aW9u\ncy5naXRodWJ1c2VyY29udGVudC5jb20wEgYKKwYBBAGDvzABAgQEcHVzaDA2Bgor\nBgEEAYO/MAEDBChlMWRjZGY3MGJlMzI2YTQ5NDI5NTc1NDYyMmZlMzQ2MzE2MDA1\nMzFhMCwGCisGAQQBg78wAQQEHi5naXRodWIvd29ya2Zsb3dzL3JlbGVhc2UueWFt\nbDAmBgorBgEEAYO/MAEFBBhjaGFpbmd1YXJkLWltYWdlcy9pbWFnZXMwHQYKKwYB\nBAGDvzABBgQPcmVmcy9oZWFkcy9tYWluMDsGCisGAQQBg78wAQgELQwraHR0cHM6\nLy90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbTBqBgorBgEEAYO/\nMAEJBFwMWmh0dHBzOi8vZ2l0aHViLmNvbS9jaGFpbmd1YXJkLWltYWdlcy9pbWFn\nZXMvLmdpdGh1Yi93b3JrZmxvd3MvcmVsZWFzZS55YW1sQHJlZnMvaGVhZHMvbWFp\nbjA4BgorBgEEAYO/MAEKBCoMKGUxZGNkZjcwYmUzMjZhNDk0Mjk1NzU0NjIyZmUz\nNDYzMTYwMDUzMWEwHQYKKwYBBAGDvzABCwQPDA1naXRodWItaG9zdGVkMDsGCisG\nAQQBg78wAQwELQwraHR0cHM6Ly9naXRodWIuY29tL2NoYWluZ3VhcmQtaW1hZ2Vz\nL2ltYWdlczA4BgorBgEEAYO/MAENBCoMKGUxZGNkZjcwYmUzMjZhNDk0Mjk1NzU0\nNjIyZmUzNDYzMTYwMDUzMWEwHwYKKwYBBAGDvzABDgQRDA9yZWZzL2hlYWRzL21h\naW4wGQYKKwYBBAGDvzABDwQLDAk1NjM1MTA5NTIwNAYKKwYBBAGDvzABEAQmDCRo\ndHRwczovL2dpdGh1Yi5jb20vY2hhaW5ndWFyZC1pbWFnZXMwGQYKKwYBBAGDvzAB\nEQQLDAkxMTMxOTg1NDUwagYKKwYBBAGDvzABEgRcDFpodHRwczovL2dpdGh1Yi5j\nb20vY2hhaW5ndWFyZC1pbWFnZXMvaW1hZ2VzLy5naXRodWIvd29ya2Zsb3dzL3Jl\nbGVhc2UueWFtbEByZWZzL2hlYWRzL21haW4wOAYKKwYBBAGDvzABEwQqDChlMWRj\nZGY3MGJlMzI2YTQ5NDI5NTc1NDYyMmZlMzQ2MzE2MDA1MzFhMBQGCisGAQQBg78w\nARQEBgwEcHVzaDBeBgorBgEEAYO/MAEVBFAMTmh0dHBzOi8vZ2l0aHViLmNvbS9j\naGFpbmd1YXJkLWltYWdlcy9pbWFnZXMvYWN0aW9ucy9ydW5zLzUxOTU1MDc2MzYv\nYXR0ZW1wdHMvMTCBigYKKwYBBAHWeQIEAgR8BHoAeAB2AN09MGrGxxEyYxkeHJln\nNwKiSl643jyt/4eKcoAvKe6OAAABiJPZADAAAAQDAEcwRQIgdHXB0QGS/GWkBnY1\nAZXSwb6/tbnnaVeWzde3t0fkkRMCIQC0bwdhWep548Cp4LzBPgGD0eioadqQdJHe\nXtVXBkD1dDAKBggqhkjOPQQDAwNoADBlAjBPpXDUSaAk5D6T1Eaqh+TRSQXr6rqV\nYxAJb/NgDbq8tTVLKustJDu2V9TQcpSzuKICMQDt0EAHmTISmKC8H3dciTrySh2l\nuS2rfl+L2AFS6DxAmVTBR3dlbrxQsUxshBWyH5s=\n-----END CERTIFICATE-----\n", + Chain: {"-----BEGIN CERTIFICATE-----\nMIICGjCCAaGgAwIBAgIUALnViVfnU0brJasmRkHrn/UnfaQwCgYIKoZIzj0EAwMw\nKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0y\nMjA0MTMyMDA2MTVaFw0zMTEwMDUxMzU2NThaMDcxFTATBgNVBAoTDHNpZ3N0b3Jl\nLmRldjEeMBwGA1UEAxMVc2lnc3RvcmUtaW50ZXJtZWRpYXRlMHYwEAYHKoZIzj0C\nAQYFK4EEACIDYgAE8RVS/ysH+NOvuDZyPIZtilgUF9NlarYpAd9HP1vBBH1U5CV7\n7LSS7s0ZiH4nE7Hv7ptS6LvvR/STk798LVgMzLlJ4HeIfF3tHSaexLcYpSASr1kS\n0N/RgBJz/9jWCiXno3sweTAOBgNVHQ8BAf8EBAMCAQYwEwYDVR0lBAwwCgYIKwYB\nBQUHAwMwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU39Ppz1YkEZb5qNjp\nKFWixi4YZD8wHwYDVR0jBBgwFoAUWMAeX5FFpWapesyQoZMi0CrFxfowCgYIKoZI\nzj0EAwMDZwAwZAIwPCsQK4DYiZYDPIaDi5HFKnfxXx6ASSVmERfsynYBiX2X6SJR\nnZU84/9DZdnFvvxmAjBOt6QpBlc4J/0DxvkTCqpclvziL6BCCPnjdlIB3Pu3BxsP\nmygUY7Ii2zbdCdliiow=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIB9zCCAXygAwIBAgIUALZNAPFdxHPwjeDloDwyYChAO/4wCgYIKoZIzj0EAwMw\nKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0y\nMTEwMDcxMzU2NTlaFw0zMTEwMDUxMzU2NThaMCoxFTATBgNVBAoTDHNpZ3N0b3Jl\nLmRldjERMA8GA1UEAxMIc2lnc3RvcmUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAT7\nXeFT4rb3PQGwS4IajtLk3/OlnpgangaBclYpsYBr5i+4ynB07ceb3LP0OIOZdxex\nX69c5iVuyJRQ+Hz05yi+UF3uBWAlHpiS5sh0+H2GHE7SXrk1EC5m1Tr19L9gg92j\nYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRY\nwB5fkUWlZql6zJChkyLQKsXF+jAfBgNVHSMEGDAWgBRYwB5fkUWlZql6zJChkyLQ\nKsXF+jAKBggqhkjOPQQDAwNpADBmAjEAj1nHeXZp+13NWBNa+EDsDP8G1WWg1tCM\nWP/WHPqpaVo0jhsweNFZgSs0eE7wYI4qAjEA2WB9ot98sIkoF3vZYdd3/VtWB5b9\nTNMea7Ix/stJ5TfcLLeABLE4BNJOsQ4vnBHJ\n-----END CERTIFICATE-----\n"}, + Metadata: {"Fulcio Build Config Digest":"e1dcdf70be326a494295754622fe34631600531a", "Fulcio Build Config URI":"https://github.com/chainguard-images/images/.github/workflows/release.yaml@refs/heads/main", "Fulcio Build Signer Digest":"e1dcdf70be326a494295754622fe34631600531a", "Fulcio Build Signer URI":"https://github.com/chainguard-images/images/.github/workflows/release.yaml@refs/heads/main", "Fulcio Build Trigger":"push", "Fulcio GitHub Workflow Name":".github/workflows/release.yaml", "Fulcio GitHub Workflow Ref":"refs/heads/main", "Fulcio GitHub Workflow Repository":"chainguard-images/images", "Fulcio GitHub Workflow SHA":"e1dcdf70be326a494295754622fe34631600531a", "Fulcio GitHub Workflow Trigger":"push", "Fulcio Issuer":"https://token.actions.githubusercontent.com", "Fulcio Issuer (V2)":"https://token.actions.githubusercontent.com", "Fulcio Run Invocation URI":"https://github.com/chainguard-images/images/actions/runs/5195507636/attempts/1", "Fulcio Runner Environment":"github-hosted", "Fulcio Source Repository Digest":"e1dcdf70be326a494295754622fe34631600531a", "Fulcio Source Repository Identifier":"563510952", "Fulcio Source Repository Owner Identifier":"113198545", "Fulcio Source Repository Owner URI":"https://github.com/chainguard-images", "Fulcio Source Repository Ref":"refs/heads/main", "Fulcio Source Repository URI":"https://github.com/chainguard-images/images", "Issuer":"CN=sigstore-intermediate,O=sigstore.dev", "Not After":"2023-06-07T03:24:12Z", "Not Before":"2023-06-07T03:14:12Z", "Serial Number":"76d420c77323e80dd3d17ece87c6d2d673400531", "Subject Alternative Name":"URIs:https://github.com/chainguard-images/images/.github/workflows/release.yaml@refs/heads/main"}, + }, +} +--- diff --git a/internal/attestation/slsa_provenance_v1.go b/internal/attestation/slsa_provenance_v1.go index 39c20b7e5..07d40a08c 100644 --- a/internal/attestation/slsa_provenance_v1.go +++ b/internal/attestation/slsa_provenance_v1.go @@ -52,7 +52,8 @@ func SLSAProvenanceFromSignatureV1(sig oci.Signature) (Attestation, error) { return nil, fmt.Errorf("malformed attestation data: %w", err) } - if statement.Type != in_toto.StatementInTotoV01 { + if statement.Type != in_toto.StatementInTotoV1 && + statement.Type != in_toto.StatementInTotoV01 { // StatementInTotoV01 is needed to deal with this tekton chains bug: https://github.com/tektoncd/chains/issues/920 return nil, fmt.Errorf("unsupported attestation type: %s", statement.Type) } diff --git a/internal/attestation/slsa_provenance_v1_test.go b/internal/attestation/slsa_provenance_v1_test.go index 3e9a4b8d7..6ec3efc75 100644 --- a/internal/attestation/slsa_provenance_v1_test.go +++ b/internal/attestation/slsa_provenance_v1_test.go @@ -113,7 +113,7 @@ func TestSLSAProvenanceFromSignatureV1(t *testing.T) { setup: func(l *mockSignature) { sig1 := `{"keyid": "key-id-1", "sig": "sig-1"}` payload := encode(`{{ - "_type": "https://in-toto.io/Statement/v0.1", + "_type": "https://in-toto.io/Statement/v1", "predicateType":"https://slsa.dev/provenance/v1", "predicate":{"buildDefinition":{"buildType":"https://my.build.type","externalParameters":{}},"runDetails":{"builder":{"id":"https://my.builder"}}} } }`) @@ -129,7 +129,7 @@ func TestSLSAProvenanceFromSignatureV1(t *testing.T) { setup: func(l *mockSignature) { sig1 := `{"keyid": "key-id-1", "sig": "sig-1"}` payload := encode(`{ - "_type": "https://in-toto.io/Statement/v0.1", + "_type": "https://in-toto.io/Statement/v1", "predicateType":"kaboom" }`) l.On("MediaType").Return(types.MediaType(ct.DssePayloadType), nil) @@ -143,7 +143,7 @@ func TestSLSAProvenanceFromSignatureV1(t *testing.T) { name: "schema validation fails - missing subject", setup: func(l *mockSignature) { payload := encode(`{ - "_type": "https://in-toto.io/Statement/v0.1", + "_type": "https://in-toto.io/Statement/v1", "predicateType": "https://slsa.dev/provenance/v1", "predicate": { "buildDefinition": { @@ -167,7 +167,7 @@ func TestSLSAProvenanceFromSignatureV1(t *testing.T) { name: "schema validation fails - missing buildDefinition", setup: func(l *mockSignature) { payload := encode(`{ - "_type": "https://in-toto.io/Statement/v0.1", + "_type": "https://in-toto.io/Statement/v1", "subject": [{"name": "example.com/test", "digest": {"sha256": "abc123"}}], "predicateType": "https://slsa.dev/provenance/v1", "predicate": { @@ -187,7 +187,7 @@ func TestSLSAProvenanceFromSignatureV1(t *testing.T) { { name: "cannot create entity signature", data: `{ - "_type": "https://in-toto.io/Statement/v0.1", + "_type": "https://in-toto.io/Statement/v1", "subject": [{"name": "example.com/test", "digest": {"sha256": "abc123"}}], "predicateType": "https://slsa.dev/provenance/v1", "predicate": { @@ -202,7 +202,7 @@ func TestSLSAProvenanceFromSignatureV1(t *testing.T) { }`, setup: func(l *mockSignature) { payload := encode(`{ - "_type": "https://in-toto.io/Statement/v0.1", + "_type": "https://in-toto.io/Statement/v1", "subject": [{"name": "example.com/test", "digest": {"sha256": "abc123"}}], "predicateType": "https://slsa.dev/provenance/v1", "predicate": { @@ -224,7 +224,7 @@ func TestSLSAProvenanceFromSignatureV1(t *testing.T) { { name: "valid with signature from payload", data: `{ - "_type": "https://in-toto.io/Statement/v0.1", + "_type": "https://in-toto.io/Statement/v1", "subject": [{"name": "example.com/test", "digest": {"sha256": "abc123"}}], "predicateType": "https://slsa.dev/provenance/v1", "predicate": { @@ -241,7 +241,7 @@ func TestSLSAProvenanceFromSignatureV1(t *testing.T) { sig1 := `{"keyid": "key-id-1", "sig": "sig-1"}` sig2 := `{"keyid": "key-id-2", "sig": "sig-2"}` payload := encode(`{ - "_type": "https://in-toto.io/Statement/v0.1", + "_type": "https://in-toto.io/Statement/v1", "subject": [{"name": "example.com/test", "digest": {"sha256": "abc123"}}], "predicateType": "https://slsa.dev/provenance/v1", "predicate": { @@ -263,6 +263,47 @@ func TestSLSAProvenanceFromSignatureV1(t *testing.T) { l.On("Chain").Return(signature.ParseSigstoreChainCert(), nil) }, }, + { + name: "backward compatibility with v0.1 statement type", + data: `{ + "_type": "https://in-toto.io/Statement/v0.1", + "subject": [{"name": "example.com/test", "digest": {"sha256": "abc123"}}], + "predicateType": "https://slsa.dev/provenance/v1", + "predicate": { + "buildDefinition": { + "buildType": "https://my.build.type", + "externalParameters": {} + }, + "runDetails": { + "builder": {"id": "https://my.builder"} + } + } + }`, + setup: func(l *mockSignature) { + sig1 := `{"keyid": "key-id-1", "sig": "sig-1"}` + payload := encode(`{ + "_type": "https://in-toto.io/Statement/v0.1", + "subject": [{"name": "example.com/test", "digest": {"sha256": "abc123"}}], + "predicateType": "https://slsa.dev/provenance/v1", + "predicate": { + "buildDefinition": { + "buildType": "https://my.build.type", + "externalParameters": {} + }, + "runDetails": { + "builder": {"id": "https://my.builder"} + } + } + }`) + l.On("MediaType").Return(types.MediaType(ct.DssePayloadType), nil) + l.On("Uncompressed").Return(buffy( + fmt.Sprintf(`{"payload": "%s", "signatures": [%s]}`, payload, sig1), + ), nil) + l.On("Base64Signature").Return("", nil) + l.On("Cert").Return(signature.ParseChainguardReleaseCert(), nil) + l.On("Chain").Return(signature.ParseSigstoreChainCert(), nil) + }, + }, } for _, c := range cases { diff --git a/pkg/schema/__snapshots__/slsa_provenance_v1_test.snap b/pkg/schema/__snapshots__/slsa_provenance_v1_test.snap index 75ecc51dd..c930c67c4 100755 --- a/pkg/schema/__snapshots__/slsa_provenance_v1_test.snap +++ b/pkg/schema/__snapshots__/slsa_provenance_v1_test.snap @@ -6,12 +6,12 @@ [TestV1TypeMustBeInToto/case_1 - 1] [I#] [S#] doesn't validate with https://slsa.dev/provenance/v1# - [I#/_type] [S#/properties/_type/const] value must be "https://in-toto.io/Statement/v0.1" + [I#/_type] [S#/properties/_type/enum] value must be one of "https://in-toto.io/Statement/v1", "https://in-toto.io/Statement/v0.1" --- [TestV1TypeMustBeInToto/case_2 - 1] [I#] [S#] doesn't validate with https://slsa.dev/provenance/v1# - [I#/_type] [S#/properties/_type/const] value must be "https://in-toto.io/Statement/v0.1" + [I#/_type] [S#/properties/_type/enum] value must be one of "https://in-toto.io/Statement/v1", "https://in-toto.io/Statement/v0.1" --- [TestV1TypeMustBeInToto/case_3 - 1] diff --git a/pkg/schema/slsa_provenance_v1.json b/pkg/schema/slsa_provenance_v1.json index 6ee4c13b5..0de1ab4f8 100644 --- a/pkg/schema/slsa_provenance_v1.json +++ b/pkg/schema/slsa_provenance_v1.json @@ -69,7 +69,11 @@ "type": "object", "properties": { "_type": { - "const": "https://in-toto.io/Statement/v0.1" + "enum": [ + "https://in-toto.io/Statement/v1", + "https://in-toto.io/Statement/v0.1" + ], + "$comment": "v0.1 is needed to deal with this tekton chains bug: https://github.com/tektoncd/chains/issues/920" }, "subject": { "type": "array", From c992e7d9ab1f3041e4e29282e4cb9b843db532eb Mon Sep 17 00:00:00 2001 From: Stefano Pentassuglia Date: Wed, 4 Feb 2026 17:51:34 +0100 Subject: [PATCH 2/3] Fix linting issue --- cmd/inspect/inspect_policy_test.go | 2 +- go.mod | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/inspect/inspect_policy_test.go b/cmd/inspect/inspect_policy_test.go index 4c24cbf77..aa0d7673f 100644 --- a/cmd/inspect/inspect_policy_test.go +++ b/cmd/inspect/inspect_policy_test.go @@ -20,6 +20,7 @@ package inspect import ( "bytes" + "context" "fmt" "testing" @@ -29,7 +30,6 @@ import ( "github.com/spf13/cobra" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" - "golang.org/x/net/context" "github.com/conforma/cli/cmd/root" "github.com/conforma/cli/internal/policy/source" diff --git a/go.mod b/go.mod index 8b3cc0aeb..c257fb8fb 100644 --- a/go.mod +++ b/go.mod @@ -48,7 +48,7 @@ require ( github.com/testcontainers/testcontainers-go/modules/registry v0.34.0 golang.org/x/benchmarks v0.0.0-20241115175113-a2b48b605b42 golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 - golang.org/x/net v0.49.0 + golang.org/x/net v0.49.0 // indirect golang.org/x/sync v0.19.0 k8s.io/apiextensions-apiserver v0.34.2 k8s.io/apimachinery v0.34.2 From 011438a42467af721e2f85fd0b0e0056c29981da Mon Sep 17 00:00:00 2001 From: Stefano Pentassuglia Date: Wed, 4 Feb 2026 17:53:57 +0100 Subject: [PATCH 3/3] Ignore deprecation warnings from in_toto lib Ref: https://issues.redhat.com/browse/EC-1648 Dealing with these deprecations requires a major refactoring, which doesn't fit in this PR. For this reason, let's ignore all of the warnings for now, and deal with them in a later moment. --- internal/applicationsnapshot/attestation.go | 4 ++ .../applicationsnapshot/attestation_test.go | 12 +++++- internal/attestation/attestation.go | 4 ++ internal/attestation/attestation_test.go | 17 +++++++- internal/attestation/slsa_provenance_02.go | 1 + .../attestation/slsa_provenance_02_test.go | 9 ++++ internal/attestation/slsa_provenance_v1.go | 3 ++ .../attestation/slsa_provenance_v1_test.go | 31 +++++++++++++- .../application_snapshot_image_test.go | 41 ++++++++++++++++++- internal/image/fake.go | 2 + internal/image/fake_test.go | 9 ++++ internal/image/validate_test.go | 10 +++++ internal/validate/report_test.go | 2 + 13 files changed, 139 insertions(+), 6 deletions(-) diff --git a/internal/applicationsnapshot/attestation.go b/internal/applicationsnapshot/attestation.go index ebdfea471..29f7df182 100644 --- a/internal/applicationsnapshot/attestation.go +++ b/internal/applicationsnapshot/attestation.go @@ -64,13 +64,17 @@ func (r *Report) renderAttestations() ([]byte, error) { return bytes.Join(byts, []byte{'\n'}), nil } +//nolint:staticcheck func (r *Report) attestations() ([]in_toto.Statement, error) { + //nolint:staticcheck var statements []in_toto.Statement for _, c := range r.Components { for _, a := range c.Attestations { + //nolint:staticcheck var statement in_toto.Statement err := json.Unmarshal(a.Statement, &statement) if err != nil { + //nolint:staticcheck return []in_toto.Statement{}, nil } statements = append(statements, statement) diff --git a/internal/applicationsnapshot/attestation_test.go b/internal/applicationsnapshot/attestation_test.go index 9bca0e9b4..48f420ef9 100644 --- a/internal/applicationsnapshot/attestation_test.go +++ b/internal/applicationsnapshot/attestation_test.go @@ -126,11 +126,14 @@ func TestAttestationReport(t *testing.T) { } func TestAttestations(t *testing.T) { + //nolint:staticcheck statement := in_toto.Statement{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ Type: "my-type", PredicateType: "my-predicate-type", - Subject: []in_toto.Subject{}, + //nolint:staticcheck + Subject: []in_toto.Subject{}, }, } data, err := json.Marshal(statement) @@ -155,6 +158,7 @@ func TestAttestations(t *testing.T) { report := Report{Components: components} att, err := report.attestations() assert.NoError(t, err) + //nolint:staticcheck assert.Equal(t, []in_toto.Statement{statement}, att) } @@ -164,7 +168,9 @@ func att(data string) AttestationResult { } } +//nolint:staticcheck type provenance struct { + //nolint:staticcheck statement in_toto.Statement data []byte signatures []signature.EntitySignature @@ -186,6 +192,7 @@ func (p provenance) Statement() []byte { return p.data } +//nolint:staticcheck func (p provenance) Subject() []in_toto.Subject { return p.statement.Subject } @@ -204,6 +211,7 @@ func (s slsaProvenance) Statement() []byte { return s.data } +//nolint:staticcheck func (s slsaProvenance) Subject() []in_toto.Subject { return s.statement.Subject } @@ -222,7 +230,9 @@ func (s slsaProvenance) PredicateBuildType() string { } func TestNewAttestationResultWithProvenanceOnly(t *testing.T) { + //nolint:staticcheck p := provenance{ + //nolint:staticcheck statement: in_toto.Statement{}, data: []byte("some data"), signatures: []signature.EntitySignature{{KeyID: "key1"}}, diff --git a/internal/attestation/attestation.go b/internal/attestation/attestation.go index 9d14857ba..3688c3626 100644 --- a/internal/attestation/attestation.go +++ b/internal/attestation/attestation.go @@ -38,6 +38,7 @@ type Attestation interface { PredicateType() string Statement() []byte Signatures() []signature.EntitySignature + //nolint:staticcheck Subject() []in_toto.Subject } @@ -128,6 +129,7 @@ func ProvenanceFromSignature(sig oci.Signature) (Attestation, error) { return nil, err } + //nolint:staticcheck var statement in_toto.Statement if err := json.Unmarshal(embedded, &statement); err != nil { return nil, fmt.Errorf("malformed attestation data: %w", err) @@ -142,6 +144,7 @@ func ProvenanceFromSignature(sig oci.Signature) (Attestation, error) { } type provenance struct { + //nolint:staticcheck statement in_toto.Statement data []byte signatures []signature.EntitySignature @@ -163,6 +166,7 @@ func (p provenance) Signatures() []signature.EntitySignature { return p.signatures } +//nolint:staticcheck func (p provenance) Subject() []in_toto.Subject { return p.statement.Subject } diff --git a/internal/attestation/attestation_test.go b/internal/attestation/attestation_test.go index 9a7b4b2c7..e221acc0e 100644 --- a/internal/attestation/attestation_test.go +++ b/internal/attestation/attestation_test.go @@ -221,12 +221,14 @@ func TestProvenance_Signatures(t *testing.T) { } func TestProvenance_Subject(t *testing.T) { + //nolint:staticcheck mockSubject1 := in_toto.Subject{ Name: "subject1", Digest: map[string]string{ "sha256": "digest1", }, } + //nolint:staticcheck mockSubject2 := in_toto.Subject{ Name: "subject2", Digest: map[string]string{ @@ -235,35 +237,46 @@ func TestProvenance_Subject(t *testing.T) { } tests := []struct { - name string + name string + //nolint:staticcheck statement in_toto.Statement - expected []in_toto.Subject + //nolint:staticcheck + expected []in_toto.Subject }{ { name: "returns single subject", + //nolint:staticcheck statement: in_toto.Statement{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ Subject: []in_toto.Subject{mockSubject1}, }, }, + //nolint:staticcheck expected: []in_toto.Subject{mockSubject1}, }, { name: "returns multiple subjects", + //nolint:staticcheck statement: in_toto.Statement{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ Subject: []in_toto.Subject{mockSubject1, mockSubject2}, }, }, + //nolint:staticcheck expected: []in_toto.Subject{mockSubject1, mockSubject2}, }, { name: "returns empty slice when no subjects", + //nolint:staticcheck statement: in_toto.Statement{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ Subject: []in_toto.Subject{}, }, }, + //nolint:staticcheck expected: []in_toto.Subject{}, }, } diff --git a/internal/attestation/slsa_provenance_02.go b/internal/attestation/slsa_provenance_02.go index 773e679eb..a9f529ff0 100644 --- a/internal/attestation/slsa_provenance_02.go +++ b/internal/attestation/slsa_provenance_02.go @@ -103,6 +103,7 @@ func (a slsaProvenance) Signatures() []signature.EntitySignature { return a.signatures } +//nolint:staticcheck func (a slsaProvenance) Subject() []in_toto.Subject { return a.statement.Subject } diff --git a/internal/attestation/slsa_provenance_02_test.go b/internal/attestation/slsa_provenance_02_test.go index 04f0112c7..8dbf1a3d4 100644 --- a/internal/attestation/slsa_provenance_02_test.go +++ b/internal/attestation/slsa_provenance_02_test.go @@ -377,12 +377,14 @@ func buffy(data string) io.ReadCloser { } func TestSLSAProvenance_Subject(t *testing.T) { + //nolint:staticcheck mockSubject1 := in_toto.Subject{ Name: "registry.io/example/image@sha256:abc123", Digest: map[string]string{ "sha256": "abc123def456", }, } + //nolint:staticcheck mockSubject2 := in_toto.Subject{ Name: "registry.io/example/artifact@sha256:def456", Digest: map[string]string{ @@ -394,34 +396,41 @@ func TestSLSAProvenance_Subject(t *testing.T) { tests := []struct { name string statement in_toto.ProvenanceStatementSLSA02 + //nolint:staticcheck expected []in_toto.Subject wantPanic bool }{ { name: "returns single subject successfully", statement: in_toto.ProvenanceStatementSLSA02{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ Subject: []in_toto.Subject{mockSubject1}, }, }, + //nolint:staticcheck expected: []in_toto.Subject{mockSubject1}, }, { name: "returns multiple subjects successfully", statement: in_toto.ProvenanceStatementSLSA02{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ Subject: []in_toto.Subject{mockSubject1, mockSubject2}, }, }, + //nolint:staticcheck expected: []in_toto.Subject{mockSubject1, mockSubject2}, }, { name: "returns empty slice when no subjects", + //nolint:staticcheck statement: in_toto.ProvenanceStatementSLSA02{ StatementHeader: in_toto.StatementHeader{ Subject: []in_toto.Subject{}, }, }, + //nolint:staticcheck expected: []in_toto.Subject{}, }, } diff --git a/internal/attestation/slsa_provenance_v1.go b/internal/attestation/slsa_provenance_v1.go index 07d40a08c..46b197540 100644 --- a/internal/attestation/slsa_provenance_v1.go +++ b/internal/attestation/slsa_provenance_v1.go @@ -47,6 +47,7 @@ func SLSAProvenanceFromSignatureV1(sig oci.Signature) (Attestation, error) { return nil, err } + //nolint:staticcheck var statement in_toto.ProvenanceStatementSLSA1 if err := json.Unmarshal(embedded, &statement); err != nil { return nil, fmt.Errorf("malformed attestation data: %w", err) @@ -77,6 +78,7 @@ func SLSAProvenanceFromSignatureV1(sig oci.Signature) (Attestation, error) { return slsaProvenanceV1{statement: statement, data: embedded, signatures: signatures}, nil } +//nolint:staticcheck type slsaProvenanceV1 struct { statement in_toto.ProvenanceStatementSLSA1 data []byte @@ -104,6 +106,7 @@ func (a slsaProvenanceV1) Signatures() []signature.EntitySignature { return a.signatures } +//nolint:staticcheck func (a slsaProvenanceV1) Subject() []in_toto.Subject { return a.statement.Subject } diff --git a/internal/attestation/slsa_provenance_v1_test.go b/internal/attestation/slsa_provenance_v1_test.go index 6ec3efc75..dcc919c53 100644 --- a/internal/attestation/slsa_provenance_v1_test.go +++ b/internal/attestation/slsa_provenance_v1_test.go @@ -335,12 +335,14 @@ func TestSLSAProvenanceFromSignatureV1(t *testing.T) { } func TestSLSAProvenanceV1_Subject(t *testing.T) { + //nolint:staticcheck mockSubject1 := in_toto.Subject{ Name: "registry.io/example/image@sha256:abc123", Digest: map[string]string{ "sha256": "abc123def456", }, } + //nolint:staticcheck mockSubject2 := in_toto.Subject{ Name: "registry.io/example/artifact@sha256:def456", Digest: map[string]string{ @@ -350,36 +352,50 @@ func TestSLSAProvenanceV1_Subject(t *testing.T) { } tests := []struct { - name string + name string + //nolint:staticcheck statement in_toto.ProvenanceStatementSLSA1 + //nolint:staticcheck expected []in_toto.Subject wantPanic bool }{ { name: "returns single subject successfully", + //nolint:staticcheck statement: in_toto.ProvenanceStatementSLSA1{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ + //nolint:staticcheck Subject: []in_toto.Subject{mockSubject1}, }, }, + //nolint:staticcheck expected: []in_toto.Subject{mockSubject1}, }, { name: "returns multiple subjects successfully", + //nolint:staticcheck statement: in_toto.ProvenanceStatementSLSA1{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ + //nolint:staticcheck Subject: []in_toto.Subject{mockSubject1, mockSubject2}, }, }, + //nolint:staticcheck expected: []in_toto.Subject{mockSubject1, mockSubject2}, }, { name: "returns empty slice when no subjects", + //nolint:staticcheck statement: in_toto.ProvenanceStatementSLSA1{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ + //nolint:staticcheck Subject: []in_toto.Subject{}, }, }, + //nolint:staticcheck expected: []in_toto.Subject{}, }, } @@ -410,8 +426,11 @@ func TestSLSAProvenanceV1_Subject(t *testing.T) { } func TestSLSAProvenanceV1_Type(t *testing.T) { + //nolint:staticcheck slsa := slsaProvenanceV1{ + //nolint:staticcheck statement: in_toto.ProvenanceStatementSLSA1{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ Type: in_toto.StatementInTotoV01, PredicateType: PredicateSLSAProvenanceV1, @@ -424,8 +443,11 @@ func TestSLSAProvenanceV1_Type(t *testing.T) { } func TestSLSAProvenanceV1_PredicateType(t *testing.T) { + //nolint:staticcheck slsa := slsaProvenanceV1{ + //nolint:staticcheck statement: in_toto.ProvenanceStatementSLSA1{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ Type: in_toto.StatementInTotoV01, PredicateType: PredicateSLSAProvenanceV1, @@ -454,18 +476,25 @@ func TestSLSAProvenanceV1_PredicateBuildType(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { + //nolint:staticcheck slsa := slsaProvenanceV1{ + //nolint:staticcheck statement: in_toto.ProvenanceStatementSLSA1{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ Type: in_toto.StatementInTotoV01, PredicateType: PredicateSLSAProvenanceV1, }, + //nolint:staticcheck Predicate: v1.ProvenancePredicate{ + //nolint:staticcheck BuildDefinition: v1.ProvenanceBuildDefinition{ BuildType: tt.buildType, ExternalParameters: map[string]interface{}{}, }, + //nolint:staticcheck RunDetails: v1.ProvenanceRunDetails{ + //nolint:staticcheck Builder: v1.Builder{ ID: "https://my.builder", }, diff --git a/internal/evaluation_target/application_snapshot_image/application_snapshot_image_test.go b/internal/evaluation_target/application_snapshot_image/application_snapshot_image_test.go index 6615209d4..66ed1e833 100644 --- a/internal/evaluation_target/application_snapshot_image/application_snapshot_image_test.go +++ b/internal/evaluation_target/application_snapshot_image/application_snapshot_image_test.go @@ -91,7 +91,9 @@ func (f fakeAtt) Digest() map[string]string { return map[string]string{} } +//nolint:staticcheck func (f fakeAtt) Subject() []in_toto.Subject { + //nolint:staticcheck return []in_toto.Subject{} } @@ -100,6 +102,7 @@ type opts func(*fakeAtt) func createSimpleAttestation(statement *in_toto.ProvenanceStatementSLSA02, o ...opts) attestation.Attestation { if statement == nil { statement = &in_toto.ProvenanceStatementSLSA02{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ Type: in_toto.StatementInTotoV01, PredicateType: v02.PredicateSLSAProvenance, @@ -367,9 +370,11 @@ func TestSyntaxValidationWithoutAttestations(t *testing.T) { // but I wasn't able to figure it out.) func TestSyntaxValidation(t *testing.T) { valid := createSimpleAttestation(&in_toto.ProvenanceStatementSLSA02{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ Type: in_toto.StatementInTotoV01, PredicateType: v02.PredicateSLSAProvenance, + //nolint:staticcheck Subject: []in_toto.Subject{ { Name: "hello", @@ -388,6 +393,7 @@ func TestSyntaxValidation(t *testing.T) { }) invalid := createSimpleAttestation(&in_toto.ProvenanceStatementSLSA02{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ Type: in_toto.StatementInTotoV01, PredicateType: v02.PredicateSLSAProvenance, @@ -605,15 +611,19 @@ func TestValidateAttestationSignatureClaims(t *testing.T) { assert.NotNil(t, claimVerifier) cases := []struct { - name string + name string + //nolint:staticcheck statement in_toto.Statement digest v1.Hash err error }{ { name: "happy day", + //nolint:staticcheck statement: in_toto.Statement{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ + //nolint:staticcheck Subject: []in_toto.Subject{ { Digest: map[string]string{ @@ -627,8 +637,11 @@ func TestValidateAttestationSignatureClaims(t *testing.T) { }, { name: "happy day - multiple digests", + //nolint:staticcheck statement: in_toto.Statement{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ + //nolint:staticcheck Subject: []in_toto.Subject{ { Digest: map[string]string{ @@ -643,8 +656,11 @@ func TestValidateAttestationSignatureClaims(t *testing.T) { }, { name: "no digests", + //nolint:staticcheck statement: in_toto.Statement{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ + //nolint:staticcheck Subject: []in_toto.Subject{}, }, }, @@ -653,8 +669,11 @@ func TestValidateAttestationSignatureClaims(t *testing.T) { }, { name: "mismatched digests", + //nolint:staticcheck statement: in_toto.Statement{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ + //nolint:staticcheck Subject: []in_toto.Subject{ { Digest: map[string]string{ @@ -668,7 +687,8 @@ func TestValidateAttestationSignatureClaims(t *testing.T) { err: errors.New("no matching subject digest found"), }, { - name: "empty statement", + name: "empty statement", + //nolint:staticcheck statement: in_toto.Statement{}, digest: v1.Hash{Algorithm: "sha256", Hex: "dabbad00"}, err: errors.New("no matching subject digest found"), @@ -930,9 +950,11 @@ func TestValidateAttestationSignature(t *testing.T) { // Create valid SLSA v0.2 statement slsaV02Statement := in_toto.ProvenanceStatementSLSA02{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ Type: in_toto.StatementInTotoV01, PredicateType: v02.PredicateSLSAProvenance, + //nolint:staticcheck Subject: []in_toto.Subject{ { Name: "test-image", @@ -951,6 +973,7 @@ func TestValidateAttestationSignature(t *testing.T) { } // Create valid SLSA v1.0 statement + //nolint:staticcheck slsaV1Statement := in_toto.ProvenanceStatementSLSA1{ StatementHeader: in_toto.StatementHeader{ Type: in_toto.StatementInTotoV01, @@ -964,12 +987,16 @@ func TestValidateAttestationSignature(t *testing.T) { }, }, }, + //nolint:staticcheck Predicate: slsav1.ProvenancePredicate{ + //nolint:staticcheck BuildDefinition: slsav1.ProvenanceBuildDefinition{ BuildType: "https://tekton.dev/attestations/chains/pipelinerun@v2", ExternalParameters: json.RawMessage(`{}`), }, + //nolint:staticcheck RunDetails: slsav1.ProvenanceRunDetails{ + //nolint:staticcheck Builder: slsav1.Builder{ ID: "https://tekton.dev/chains/v2", }, @@ -978,10 +1005,13 @@ func TestValidateAttestationSignature(t *testing.T) { } // Create valid SPDX statement + //nolint:staticcheck spdxStatement := in_toto.Statement{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ Type: in_toto.StatementInTotoV01, PredicateType: "https://spdx.dev/Document", + //nolint:staticcheck Subject: []in_toto.Subject{ { Name: "test-image", @@ -995,6 +1025,7 @@ func TestValidateAttestationSignature(t *testing.T) { } // Create statement with unknown predicate type + //nolint:staticcheck unknownStatement := in_toto.Statement{ StatementHeader: in_toto.StatementHeader{ Type: in_toto.StatementInTotoV01, @@ -1013,6 +1044,7 @@ func TestValidateAttestationSignature(t *testing.T) { // Create invalid SLSA v0.2 statement (missing builder ID) invalidSLSAV02Statement := in_toto.ProvenanceStatementSLSA02{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ Type: in_toto.StatementInTotoV01, PredicateType: v02.PredicateSLSAProvenance, @@ -1034,6 +1066,7 @@ func TestValidateAttestationSignature(t *testing.T) { } // Create invalid SLSA v1.0 statement (missing required fields) + //nolint:staticcheck invalidSLSAV1Statement := in_toto.ProvenanceStatementSLSA1{ StatementHeader: in_toto.StatementHeader{ Type: in_toto.StatementInTotoV01, @@ -1047,12 +1080,16 @@ func TestValidateAttestationSignature(t *testing.T) { }, }, }, + //nolint:staticcheck Predicate: slsav1.ProvenancePredicate{ + //nolint:staticcheck BuildDefinition: slsav1.ProvenanceBuildDefinition{ BuildType: "https://tekton.dev/attestations/chains/pipelinerun@v2", ExternalParameters: json.RawMessage(`{}`), }, + //nolint:staticcheck RunDetails: slsav1.ProvenanceRunDetails{ + //nolint:staticcheck Builder: slsav1.Builder{ ID: "invalid-not-a-uri", }, diff --git a/internal/image/fake.go b/internal/image/fake.go index f58bc66b8..1d038be17 100644 --- a/internal/image/fake.go +++ b/internal/image/fake.go @@ -49,6 +49,8 @@ func (f fakeAtt) Signatures() []signature.EntitySignature { return []signature.EntitySignature{} } +//nolint:staticcheck func (f fakeAtt) Subject() []in_toto.Subject { + //nolint:staticcheck return []in_toto.Subject{} } diff --git a/internal/image/fake_test.go b/internal/image/fake_test.go index 2cd78a979..9e4c740ac 100644 --- a/internal/image/fake_test.go +++ b/internal/image/fake_test.go @@ -41,6 +41,7 @@ func TestFakeAttStatement(t *testing.T) { { name: "empty statement", statement: in_toto.ProvenanceStatementSLSA02{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ Type: in_toto.StatementInTotoV01, PredicateType: v02.PredicateSLSAProvenance, @@ -51,9 +52,11 @@ func TestFakeAttStatement(t *testing.T) { { name: "statement with subject", statement: in_toto.ProvenanceStatementSLSA02{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ Type: in_toto.StatementInTotoV01, PredicateType: v02.PredicateSLSAProvenance, + //nolint:staticcheck Subject: []in_toto.Subject{ { Name: "example.com/repo:tag", @@ -67,6 +70,7 @@ func TestFakeAttStatement(t *testing.T) { { name: "statement with predicate", statement: in_toto.ProvenanceStatementSLSA02{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ Type: in_toto.StatementInTotoV01, PredicateType: v02.PredicateSLSAProvenance, @@ -83,9 +87,11 @@ func TestFakeAttStatement(t *testing.T) { { name: "complete statement with all fields", statement: in_toto.ProvenanceStatementSLSA02{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ Type: in_toto.StatementInTotoV01, PredicateType: v02.PredicateSLSAProvenance, + //nolint:staticcheck Subject: []in_toto.Subject{ { Name: "example.com/repo:latest", @@ -116,6 +122,7 @@ func TestFakeAttStatement(t *testing.T) { { name: "statement with multiple subjects", statement: in_toto.ProvenanceStatementSLSA02{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ Type: in_toto.StatementInTotoV01, PredicateType: v02.PredicateSLSAProvenance, @@ -136,6 +143,7 @@ func TestFakeAttStatement(t *testing.T) { { name: "statement with complex build config", statement: in_toto.ProvenanceStatementSLSA02{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ Type: in_toto.StatementInTotoV01, PredicateType: v02.PredicateSLSAProvenance, @@ -227,6 +235,7 @@ func TestFakeAttGetterMethods(t *testing.T) { t.Run("Subject", func(t *testing.T) { got := fake.Subject() + //nolint:staticcheck want := []in_toto.Subject{} assert.Equal(t, want, got, "Subject() should return expected value") assert.NotNil(t, got, "Subject() should not return nil") diff --git a/internal/image/validate_test.go b/internal/image/validate_test.go index 301db2742..79e89d5a7 100644 --- a/internal/image/validate_test.go +++ b/internal/image/validate_test.go @@ -177,6 +177,7 @@ func TestDetermineAttestationTime(t *testing.T) { time2 := time.Date(2010, 11, 12, 13, 14, 15, 16, time.UTC) att1 := fakeAtt{ statement: in_toto.ProvenanceStatementSLSA02{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ PredicateType: v02.PredicateSLSAProvenance, }, @@ -189,6 +190,7 @@ func TestDetermineAttestationTime(t *testing.T) { } att2 := fakeAtt{ statement: in_toto.ProvenanceStatementSLSA02{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ PredicateType: v02.PredicateSLSAProvenance, }, @@ -201,6 +203,7 @@ func TestDetermineAttestationTime(t *testing.T) { } att3 := fakeAtt{ statement: in_toto.ProvenanceStatementSLSA02{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ PredicateType: v02.PredicateSLSAProvenance, }, @@ -231,6 +234,7 @@ func TestDetermineAttestationTime(t *testing.T) { } } +//nolint:staticcheck func sign(statement *in_toto.Statement) oci.Signature { statementJson, err := json.Marshal(statement) if err != nil { @@ -248,20 +252,26 @@ func sign(statement *in_toto.Statement) oci.Signature { return signature } +//nolint:staticcheck var validSignature = sign(&in_toto.Statement{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ Type: in_toto.StatementInTotoV01, PredicateType: v02.PredicateSLSAProvenance, + //nolint:staticcheck Subject: []in_toto.Subject{ {Name: imageRegistry, Digest: common.DigestSet{"sha256": imageDigest}}, }, }, }) +//nolint:staticcheck var validAttestation = sign(&in_toto.Statement{ + //nolint:staticcheck StatementHeader: in_toto.StatementHeader{ Type: in_toto.StatementInTotoV01, PredicateType: v02.PredicateSLSAProvenance, + //nolint:staticcheck Subject: []in_toto.Subject{ {Name: imageRegistry, Digest: common.DigestSet{"sha256": imageDigest}}, }, diff --git a/internal/validate/report_test.go b/internal/validate/report_test.go index c21ad62f6..2d89e27a2 100644 --- a/internal/validate/report_test.go +++ b/internal/validate/report_test.go @@ -779,6 +779,8 @@ func (m *mockAttestation) Signatures() []signature.EntitySignature { return []signature.EntitySignature{} } +//nolint:staticcheck func (m *mockAttestation) Subject() []in_toto.Subject { + //nolint:staticcheck return []in_toto.Subject{} }