Skip to content

Instantly share code, notes, and snippets.

@MarkLodato

MarkLodato/provenance.pull_request.json

Created October 19, 2021 18:56
Show Gist options
  • Save MarkLodato/59a7ee285a783d9d460d676935a982fb to your computer and use it in GitHub Desktop.
Save MarkLodato/59a7ee285a783d9d460d676935a982fb to your computer and use it in GitHub Desktop.
Download ZIP
Example provenance for `yaml/pyyaml`. Context: https://github.com/slsa-framework/slsa/issues/188
Raw
provenance.pull_request.json
{
"_type": "https://in-toto.io/Statement/v0.1",
"subject": [
{
"name": "dist/PyYAML-6.0-cp310-cp310-macosx_10_9_x86_64.whl",
"digest": {
"sha256": "3335d8653eff7ad35fbd29f3573810d525a4b641eacc59b43922c413062d63cc"
}
},
{
"name": "dist/PyYAML-6.0-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
"digest": {
"sha256": "96374158c5de895f8f46c4a0d6eecf6d208ed3c439f2b87f03bb5b927180b712"
}
},
{
"name": "dist/PyYAML-6.0-cp310-cp310-win32.whl",
"digest": {
"sha256": "8a2cece61f6211e84053a73bc0e621bff31fdc5bc39d3e294e7e662c94583e86"
}
},
{
"name": "dist/PyYAML-6.0-cp310-cp310-win_amd64.whl",
"digest": {
"sha256": "5294e54df80a6e0c3c9ad6fb75cb0a1fa7291504dce5de706647464c2835d188"
}
},
{
"name": "dist/PyYAML-6.0-cp36-cp36m-macosx_10_9_x86_64.whl",
"digest": {
"sha256": "597253a22e8164fed069257810cc95481d0f206ae6a63a5893102d42707a943a"
}
},
{
"name": "dist/PyYAML-6.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
"digest": {
"sha256": "36aabe194ae7fbdf105704819bd49127543336d702e866aa32f2a96cda61e224"
}
},
{
"name": "dist/PyYAML-6.0-cp36-cp36m-win32.whl",
"digest": {
"sha256": "3379fa51bacb3f27774465b3549381a7eb2a678e83e66e9044c7978daaeb3907"
}
},
{
"name": "dist/PyYAML-6.0-cp36-cp36m-win_amd64.whl",
"digest": {
"sha256": "7a5a44bdef1fd5a175c6fc04b72ba6662087bfb0faba9ab2c23de24a93455f66"
}
},
{
"name": "dist/PyYAML-6.0.tar.gz",
"digest": {
"sha256": "bdd05eb935697792371c5f76d4eb662d82cecf061579f77a6ecd7aa4b4e69470"
}
}
],
"predicateType": "https://slsa.dev/provenance/v0.1",
"predicate": {
"builder": {
"id": "https://attestations.github.com/actions-workflow/unknown-runner@v1"
},
"recipe": {
"type": "https://slsa.github.com/workflow@v1",
"definedInMaterial": 0,
"entryPoint": ".github/workflows/ci.yaml"
},
"metadata": {
"buildInvocationId": "https://github.com/yaml/pyyaml/actions/runs/1358829841",
"buildStartedOn": "2021-10-19T11:06:52Z",
"buildFinishedOn": "2021-10-19T11:09:16Z",
"completeness": {
"arguments": false,
"environment": false,
"materials": false
}
},
"materials": [
{
"uri": "git+https://github.com/hugovk/pyyaml@test-3.10-final",
"digest": {
"sha1": "b82f5d9b98c1dc08bf76f0e4a2c9e723e75c914e"
}
}
]
}
}
Raw
provenance.push.json
{
"_type": "https://in-toto.io/Statement/v0.1",
"subject": [
{
"name": "dist/PyYAML-6.0-cp310-cp310-macosx_10_9_x86_64.whl",
"digest": {
"sha256": "5db00d871c65831431ade8b949929d41ef46f9d80aaedd674dad0b0b956b954a"
}
},
{
"name": "dist/PyYAML-6.0-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
"digest": {
"sha256": "0fffdee4c4ace4e1a5eae3dc1c30b1cb7b61a9d269fe68ea7ffd2faa428b14bf"
}
},
{
"name": "dist/PyYAML-6.0-cp310-cp310-win32.whl",
"digest": {
"sha256": "2bdca30ba1b5aacc5987dcc7ff6a8dbb58e68583986e5e74bf6c2c5c8dbf7dc5"
}
},
{
"name": "dist/PyYAML-6.0-cp310-cp310-win_amd64.whl",
"digest": {
"sha256": "b2ba0bdbc9d43cc309e5a135f767e686a7dba25f3ad5d34d1bd755417a97c644"
}
},
{
"name": "dist/PyYAML-6.0-cp36-cp36m-macosx_10_9_x86_64.whl",
"digest": {
"sha256": "6d8be0c13648cdff0834fd35199889e18a486a09cd06879e28ba9a1762437a6e"
}
},
{
"name": "dist/PyYAML-6.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
"digest": {
"sha256": "d0de5ea218239f4b6d01ad21928af07daeade42dcda1c7876ef5063ee9abc994"
}
},
{
"name": "dist/PyYAML-6.0-cp36-cp36m-win32.whl",
"digest": {
"sha256": "81937686056329bf257578c04c50bdfed7ce913b008db1a9952af85cd17f14f2"
}
},
{
"name": "dist/PyYAML-6.0-cp36-cp36m-win_amd64.whl",
"digest": {
"sha256": "9f9e74a539d840f0fae79c21318fe3d87384381084fa13eab5f8a68f7a863de3"
}
},
{
"name": "dist/PyYAML-6.0.tar.gz",
"digest": {
"sha256": "0edf39e7cd650dd80a494e131b1205e8d8fc7c8e3ec0c0790ff1e70636309055"
}
}
],
"predicateType": "https://slsa.dev/provenance/v0.1",
"predicate": {
"builder": {
"id": "https://attestations.github.com/actions-workflow/unknown-runner@v1"
},
"recipe": {
"type": "https://slsa.github.com/workflow@v1",
"definedInMaterial": 0,
"entryPoint": ".github/workflows/ci.yaml"
},
"metadata": {
"buildInvocationId": "https://github.com/yaml/pyyaml/actions/runs/1338927218",
"buildStartedOn": "2021-10-13T19:18:52Z",
"buildFinishedOn": "2021-10-13T19:23:27Z",
"completeness": {
"arguments": false,
"environment": false,
"materials": false
}
},
"materials": [
{
"uri": "git+https://github.com/yaml/pyyaml@release/6.0",
"digest": {
"sha1": "8cdff2c80573b8be8e8ad28929264a913a63aa33"
}
}
]
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment