1// Copyright 2021 The Grafeas Authors. All rights reserved. 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package grafeas.v1; 18 19import "grafeas/v1/intoto_provenance.proto"; 20import "grafeas/v1/slsa_provenance.proto"; 21import "grafeas/v1/slsa_provenance_zero_two.proto"; 22 23option go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas"; 24option java_multiple_files = true; 25option java_package = "io.grafeas.v1"; 26option objc_class_prefix = "GRA"; 27option java_outer_classname = "InTotoStatementProto"; 28 29// Spec defined at 30// https://github.com/in-toto/attestation/tree/main/spec#statement The 31// serialized InTotoStatement will be stored as Envelope.payload. 32// Envelope.payloadType is always "application/vnd.in-toto+json". 33message InTotoStatement { 34 // Always `https://in-toto.io/Statement/v0.1`. 35 string type = 1 [json_name = "_type"]; 36 repeated Subject subject = 2; 37 // `https://slsa.dev/provenance/v0.1` for SlsaProvenance. 38 string predicate_type = 3; 39 oneof predicate { 40 InTotoProvenance provenance = 4; 41 SlsaProvenance slsa_provenance = 5; 42 SlsaProvenanceZeroTwo slsa_provenance_zero_two = 6; 43 } 44} 45message Subject { 46 string name = 1; 47 // `"<ALGORITHM>": "<HEX_VALUE>"` 48 // Algorithms can be e.g. sha256, sha512 49 // See 50 // https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet 51 map<string, string> digest = 2; 52} 53