1// Copyright 2021 The Grafeas Authors. All rights reserved. 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package grafeas.v1; 18 19import "google/protobuf/struct.proto"; 20import "google/protobuf/timestamp.proto"; 21 22option go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas"; 23option java_multiple_files = true; 24option java_package = "io.grafeas.v1"; 25option objc_class_prefix = "GRA"; 26option java_outer_classname = "SlsaProvenanceZeroTwoProto"; 27 28message SlsaProvenanceZeroTwo { 29 // See full explanation of fields at slsa.dev/provenance/v0.2. 30 31 // Identifies the entity that executed the recipe, which is trusted to have 32 // correctly performed the operation and populated this provenance. 33 message SlsaBuilder { 34 string id = 1; 35 } 36 37 // The collection of artifacts that influenced the build including sources, 38 // dependencies, build tools, base images, and so on. 39 message SlsaMaterial { 40 string uri = 1; 41 map<string, string> digest = 2; 42 } 43 44 // Identifies the event that kicked off the build. 45 message SlsaInvocation { 46 SlsaConfigSource config_source = 1; 47 google.protobuf.Struct parameters = 2; 48 google.protobuf.Struct environment = 3; 49 } 50 51 // Describes where the config file that kicked off the build came from. 52 // This is effectively a pointer to the source where buildConfig came from. 53 message SlsaConfigSource { 54 string uri = 1; 55 map<string, string> digest = 2; 56 string entry_point = 3; 57 } 58 59 // Other properties of the build. 60 message SlsaMetadata { 61 string build_invocation_id = 1; 62 google.protobuf.Timestamp build_started_on = 2; 63 google.protobuf.Timestamp build_finished_on = 3; 64 SlsaCompleteness completeness = 4; 65 bool reproducible = 5; 66 } 67 68 // Indicates that the builder claims certain fields in this message to be 69 // complete. 70 message SlsaCompleteness { 71 bool parameters = 1; 72 bool environment = 2; 73 bool materials = 3; 74 } 75 76 SlsaBuilder builder = 1; 77 string build_type = 2; 78 SlsaInvocation invocation = 3; 79 google.protobuf.Struct build_config = 4; 80 SlsaMetadata metadata = 5; 81 repeated SlsaMaterial materials = 6; 82} 83