1*d5c09012SAndroid Build Coastguard Worker// Copyright 2021 The Grafeas Authors. All rights reserved. 2*d5c09012SAndroid Build Coastguard Worker// 3*d5c09012SAndroid Build Coastguard Worker// Licensed under the Apache License, Version 2.0 (the "License"); 4*d5c09012SAndroid Build Coastguard Worker// you may not use this file except in compliance with the License. 5*d5c09012SAndroid Build Coastguard Worker// You may obtain a copy of the License at 6*d5c09012SAndroid Build Coastguard Worker// 7*d5c09012SAndroid Build Coastguard Worker// http://www.apache.org/licenses/LICENSE-2.0 8*d5c09012SAndroid Build Coastguard Worker// 9*d5c09012SAndroid Build Coastguard Worker// Unless required by applicable law or agreed to in writing, software 10*d5c09012SAndroid Build Coastguard Worker// distributed under the License is distributed on an "AS IS" BASIS, 11*d5c09012SAndroid Build Coastguard Worker// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*d5c09012SAndroid Build Coastguard Worker// See the License for the specific language governing permissions and 13*d5c09012SAndroid Build Coastguard Worker// limitations under the License. 14*d5c09012SAndroid Build Coastguard Worker 15*d5c09012SAndroid Build Coastguard Workersyntax = "proto3"; 16*d5c09012SAndroid Build Coastguard Worker 17*d5c09012SAndroid Build Coastguard Workerpackage grafeas.v1; 18*d5c09012SAndroid Build Coastguard Worker 19*d5c09012SAndroid Build Coastguard Workerimport "google/protobuf/struct.proto"; 20*d5c09012SAndroid Build Coastguard Workerimport "google/protobuf/timestamp.proto"; 21*d5c09012SAndroid Build Coastguard Workerimport "grafeas/v1/intoto_provenance.proto"; 22*d5c09012SAndroid Build Coastguard Workerimport "grafeas/v1/slsa_provenance.proto"; 23*d5c09012SAndroid Build Coastguard Workerimport "grafeas/v1/slsa_provenance_zero_two.proto"; 24*d5c09012SAndroid Build Coastguard Worker 25*d5c09012SAndroid Build Coastguard Workeroption go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas"; 26*d5c09012SAndroid Build Coastguard Workeroption java_multiple_files = true; 27*d5c09012SAndroid Build Coastguard Workeroption java_package = "io.grafeas.v1"; 28*d5c09012SAndroid Build Coastguard Workeroption objc_class_prefix = "GRA"; 29*d5c09012SAndroid Build Coastguard Workeroption java_outer_classname = "InTotoStatementProto"; 30*d5c09012SAndroid Build Coastguard Worker 31*d5c09012SAndroid Build Coastguard Worker// Spec defined at 32*d5c09012SAndroid Build Coastguard Worker// https://github.com/in-toto/attestation/tree/main/spec#statement The 33*d5c09012SAndroid Build Coastguard Worker// serialized InTotoStatement will be stored as Envelope.payload. 34*d5c09012SAndroid Build Coastguard Worker// Envelope.payloadType is always "application/vnd.in-toto+json". 35*d5c09012SAndroid Build Coastguard Workermessage InTotoStatement { 36*d5c09012SAndroid Build Coastguard Worker // Always `https://in-toto.io/Statement/v0.1`. 37*d5c09012SAndroid Build Coastguard Worker string type = 1 [json_name = "_type"]; 38*d5c09012SAndroid Build Coastguard Worker repeated Subject subject = 2; 39*d5c09012SAndroid Build Coastguard Worker // `https://slsa.dev/provenance/v0.1` for SlsaProvenance. 40*d5c09012SAndroid Build Coastguard Worker string predicate_type = 3; 41*d5c09012SAndroid Build Coastguard Worker oneof predicate { 42*d5c09012SAndroid Build Coastguard Worker InTotoProvenance provenance = 4; 43*d5c09012SAndroid Build Coastguard Worker SlsaProvenance slsa_provenance = 5; 44*d5c09012SAndroid Build Coastguard Worker SlsaProvenanceZeroTwo slsa_provenance_zero_two = 6; 45*d5c09012SAndroid Build Coastguard Worker } 46*d5c09012SAndroid Build Coastguard Worker} 47*d5c09012SAndroid Build Coastguard Workermessage Subject { 48*d5c09012SAndroid Build Coastguard Worker string name = 1; 49*d5c09012SAndroid Build Coastguard Worker // `"<ALGORITHM>": "<HEX_VALUE>"` 50*d5c09012SAndroid Build Coastguard Worker // Algorithms can be e.g. sha256, sha512 51*d5c09012SAndroid Build Coastguard Worker // See 52*d5c09012SAndroid Build Coastguard Worker // https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet 53*d5c09012SAndroid Build Coastguard Worker map<string, string> digest = 2; 54*d5c09012SAndroid Build Coastguard Worker} 55*d5c09012SAndroid Build Coastguard Worker 56*d5c09012SAndroid Build Coastguard Workermessage InTotoSlsaProvenanceV1 { 57*d5c09012SAndroid Build Coastguard Worker // InToto spec defined at 58*d5c09012SAndroid Build Coastguard Worker // https://github.com/in-toto/attestation/tree/main/spec#statement 59*d5c09012SAndroid Build Coastguard Worker string type = 1 [json_name = "_type"]; 60*d5c09012SAndroid Build Coastguard Worker repeated Subject subject = 2; 61*d5c09012SAndroid Build Coastguard Worker string predicate_type = 3; 62*d5c09012SAndroid Build Coastguard Worker SlsaProvenanceV1 predicate = 4; 63*d5c09012SAndroid Build Coastguard Worker 64*d5c09012SAndroid Build Coastguard Worker // Keep in sync with schema at 65*d5c09012SAndroid Build Coastguard Worker // https://github.com/slsa-framework/slsa/blob/main/docs/provenance/schema/v1/provenance.proto 66*d5c09012SAndroid Build Coastguard Worker // Builder renamed to ProvenanceBuilder because of Java conflicts. 67*d5c09012SAndroid Build Coastguard Worker message SlsaProvenanceV1 { 68*d5c09012SAndroid Build Coastguard Worker BuildDefinition build_definition = 1; 69*d5c09012SAndroid Build Coastguard Worker RunDetails run_details = 2; 70*d5c09012SAndroid Build Coastguard Worker } 71*d5c09012SAndroid Build Coastguard Worker 72*d5c09012SAndroid Build Coastguard Worker message BuildDefinition { 73*d5c09012SAndroid Build Coastguard Worker string build_type = 1; 74*d5c09012SAndroid Build Coastguard Worker google.protobuf.Struct external_parameters = 2; 75*d5c09012SAndroid Build Coastguard Worker google.protobuf.Struct internal_parameters = 3; 76*d5c09012SAndroid Build Coastguard Worker repeated ResourceDescriptor resolved_dependencies = 4; 77*d5c09012SAndroid Build Coastguard Worker } 78*d5c09012SAndroid Build Coastguard Worker 79*d5c09012SAndroid Build Coastguard Worker message ResourceDescriptor { 80*d5c09012SAndroid Build Coastguard Worker string name = 1; 81*d5c09012SAndroid Build Coastguard Worker string uri = 2; 82*d5c09012SAndroid Build Coastguard Worker map<string, string> digest = 3; 83*d5c09012SAndroid Build Coastguard Worker bytes content = 4; 84*d5c09012SAndroid Build Coastguard Worker string download_location = 5; 85*d5c09012SAndroid Build Coastguard Worker string media_type = 6; 86*d5c09012SAndroid Build Coastguard Worker map<string, google.protobuf.Value> annotations = 7; 87*d5c09012SAndroid Build Coastguard Worker } 88*d5c09012SAndroid Build Coastguard Worker 89*d5c09012SAndroid Build Coastguard Worker message RunDetails { 90*d5c09012SAndroid Build Coastguard Worker ProvenanceBuilder builder = 1; 91*d5c09012SAndroid Build Coastguard Worker BuildMetadata metadata = 2; 92*d5c09012SAndroid Build Coastguard Worker repeated ResourceDescriptor byproducts = 3; 93*d5c09012SAndroid Build Coastguard Worker } 94*d5c09012SAndroid Build Coastguard Worker 95*d5c09012SAndroid Build Coastguard Worker message ProvenanceBuilder { 96*d5c09012SAndroid Build Coastguard Worker string id = 1; 97*d5c09012SAndroid Build Coastguard Worker map<string, string> version = 2; 98*d5c09012SAndroid Build Coastguard Worker repeated ResourceDescriptor builder_dependencies = 3; 99*d5c09012SAndroid Build Coastguard Worker } 100*d5c09012SAndroid Build Coastguard Worker 101*d5c09012SAndroid Build Coastguard Worker message BuildMetadata { 102*d5c09012SAndroid Build Coastguard Worker string invocation_id = 1; 103*d5c09012SAndroid Build Coastguard Worker google.protobuf.Timestamp started_on = 2; 104*d5c09012SAndroid Build Coastguard Worker google.protobuf.Timestamp finished_on = 3; 105*d5c09012SAndroid Build Coastguard Worker } 106*d5c09012SAndroid Build Coastguard Worker} 107