Skip to content

Instantly share code, notes, and snippets.

@johnfosborneiii
Last active March 14, 2023 16:49
Show Gist options
  • Save johnfosborneiii/3d397043c87ed2c9f03d2f0af096e884 to your computer and use it in GitHub Desktop.
Save johnfosborneiii/3d397043c87ed2c9f03d2f0af096e884 to your computer and use it in GitHub Desktop.
import (
"encoding/json"
)
#Predicate: {
Data: string
Timestamp: string
}
#ExternalRefs: {
referenceLocator: string
referenceLocator: !~ "(.*)(libcrypto3|libssl3)[@|:]3.0.[0-6]{1}(.*)"
...
}
predicate: #Predicate & {
Data: string
Data: #ExternalRefs.referenceLocator
}
apiVersion: policy.sigstore.dev/v1beta1
kind: ClusterImagePolicy
metadata:
name: vuln-cve-2022-xxxx-openssl
spec:
images:
- glob: "gcr.io/image-scans/*"
authorities:
- name: keyless
keyless:
url: "https://fulcio.sigstore.dev"
identities:
- issuer: "https://accounts.google.com"
subjectRegExp: ".+@chainguard.dev$"
attestations:
- name: must-have-spdx
predicateType: spdx
policy:
type: cue
data: |
#Predicate: {
Data: string
Timestamp: string
}
#ExternalRefs: {
referenceLocator: string
referenceLocator: !~ "(.*)(libcrypto3|libssl3)[@|:]3.0.[0-6]{1}(.*)"
...
}
predicate: #Predicate & {
Data: string
Data: #ExternalRefs.referenceLocator
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment