1*d5c09012SAndroid Build Coastguard Worker// Copyright 2019 The Grafeas Authors. All rights reserved. 2*d5c09012SAndroid Build Coastguard Worker// 3*d5c09012SAndroid Build Coastguard Worker// Licensed under the Apache License, Version 2.0 (the "License"); 4*d5c09012SAndroid Build Coastguard Worker// you may not use this file except in compliance with the License. 5*d5c09012SAndroid Build Coastguard Worker// You may obtain a copy of the License at 6*d5c09012SAndroid Build Coastguard Worker// 7*d5c09012SAndroid Build Coastguard Worker// http://www.apache.org/licenses/LICENSE-2.0 8*d5c09012SAndroid Build Coastguard Worker// 9*d5c09012SAndroid Build Coastguard Worker// Unless required by applicable law or agreed to in writing, software 10*d5c09012SAndroid Build Coastguard Worker// distributed under the License is distributed on an "AS IS" BASIS, 11*d5c09012SAndroid Build Coastguard Worker// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*d5c09012SAndroid Build Coastguard Worker// See the License for the specific language governing permissions and 13*d5c09012SAndroid Build Coastguard Worker// limitations under the License. 14*d5c09012SAndroid Build Coastguard Worker 15*d5c09012SAndroid Build Coastguard Workersyntax = "proto3"; 16*d5c09012SAndroid Build Coastguard Worker 17*d5c09012SAndroid Build Coastguard Workerpackage grafeas.v1; 18*d5c09012SAndroid Build Coastguard Worker 19*d5c09012SAndroid Build Coastguard Workerimport "grafeas/v1/intoto_provenance.proto"; 20*d5c09012SAndroid Build Coastguard Workerimport "grafeas/v1/intoto_statement.proto"; 21*d5c09012SAndroid Build Coastguard Workerimport "grafeas/v1/provenance.proto"; 22*d5c09012SAndroid Build Coastguard Worker 23*d5c09012SAndroid Build Coastguard Workeroption go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas"; 24*d5c09012SAndroid Build Coastguard Workeroption java_multiple_files = true; 25*d5c09012SAndroid Build Coastguard Workeroption java_package = "io.grafeas.v1"; 26*d5c09012SAndroid Build Coastguard Workeroption objc_class_prefix = "GRA"; 27*d5c09012SAndroid Build Coastguard Worker 28*d5c09012SAndroid Build Coastguard Worker// Note holding the version of the provider's builder and the signature of the 29*d5c09012SAndroid Build Coastguard Worker// provenance message in the build details occurrence. 30*d5c09012SAndroid Build Coastguard Workermessage BuildNote { 31*d5c09012SAndroid Build Coastguard Worker // Required. Immutable. Version of the builder which produced this build. 32*d5c09012SAndroid Build Coastguard Worker string builder_version = 1; 33*d5c09012SAndroid Build Coastguard Worker} 34*d5c09012SAndroid Build Coastguard Worker 35*d5c09012SAndroid Build Coastguard Worker// Details of a build occurrence. 36*d5c09012SAndroid Build Coastguard Workermessage BuildOccurrence { 37*d5c09012SAndroid Build Coastguard Worker // The actual provenance for the build. 38*d5c09012SAndroid Build Coastguard Worker grafeas.v1.BuildProvenance provenance = 1; 39*d5c09012SAndroid Build Coastguard Worker 40*d5c09012SAndroid Build Coastguard Worker // Serialized JSON representation of the provenance, used in generating the 41*d5c09012SAndroid Build Coastguard Worker // build signature in the corresponding build note. After verifying the 42*d5c09012SAndroid Build Coastguard Worker // signature, `provenance_bytes` can be unmarshalled and compared to the 43*d5c09012SAndroid Build Coastguard Worker // provenance to confirm that it is unchanged. A base64-encoded string 44*d5c09012SAndroid Build Coastguard Worker // representation of the provenance bytes is used for the signature in order 45*d5c09012SAndroid Build Coastguard Worker // to interoperate with openssl which expects this format for signature 46*d5c09012SAndroid Build Coastguard Worker // verification. 47*d5c09012SAndroid Build Coastguard Worker // 48*d5c09012SAndroid Build Coastguard Worker // The serialized form is captured both to avoid ambiguity in how the 49*d5c09012SAndroid Build Coastguard Worker // provenance is marshalled to json as well to prevent incompatibilities with 50*d5c09012SAndroid Build Coastguard Worker // future changes. 51*d5c09012SAndroid Build Coastguard Worker string provenance_bytes = 2; 52*d5c09012SAndroid Build Coastguard Worker 53*d5c09012SAndroid Build Coastguard Worker // Deprecated. See InTotoStatement for the replacement. 54*d5c09012SAndroid Build Coastguard Worker // In-toto Provenance representation as defined in spec. 55*d5c09012SAndroid Build Coastguard Worker InTotoProvenance intoto_provenance = 3; 56*d5c09012SAndroid Build Coastguard Worker 57*d5c09012SAndroid Build Coastguard Worker // In-toto Statement representation as defined in spec. 58*d5c09012SAndroid Build Coastguard Worker // The intoto_statement can contain any type of provenance. The serialized 59*d5c09012SAndroid Build Coastguard Worker // payload of the statement can be stored and signed in the Occurrence's 60*d5c09012SAndroid Build Coastguard Worker // envelope. 61*d5c09012SAndroid Build Coastguard Worker InTotoStatement intoto_statement = 4; 62*d5c09012SAndroid Build Coastguard Worker 63*d5c09012SAndroid Build Coastguard Worker // In-Toto Slsa Provenance V1 represents a slsa provenance meeting the slsa 64*d5c09012SAndroid Build Coastguard Worker // spec, wrapped in an in-toto statement. This allows for direct 65*d5c09012SAndroid Build Coastguard Worker // jsonification of a to-spec in-toto slsa statement with a to-spec 66*d5c09012SAndroid Build Coastguard Worker // slsa provenance. 67*d5c09012SAndroid Build Coastguard Worker InTotoSlsaProvenanceV1 in_toto_slsa_provenance_v1 = 5; 68*d5c09012SAndroid Build Coastguard Worker} 69