Skip to content

Instantly share code, notes, and snippets.

@joshuagl

joshuagl/sample-in-toto-statement-v1.json

Last active May 16, 2022 10:57
Show Gist options
  • Save joshuagl/b0a8cbc0ff7fa138c312d48c9b0c8504 to your computer and use it in GitHub Desktop.
Save joshuagl/b0a8cbc0ff7fa138c312d48c9b0c8504 to your computer and use it in GitHub Desktop.
Download ZIP
Sample of the statement portion of an in-toto attestation generated using slsa-github-generator's slsa level 2 workflow
Raw
sample-in-toto-statement-v1.json
{
"_type": "https://in-toto.io/Statement/v0.1",
"predicateType": "https://slsa.dev/provenance/v0.2",
"subject": [
{
"name": "dist/tuf-1.1.0.tar.gz",
"digest": {
"sha256": "f4cb914be55b0e7db3328adb45a56cf63f30b099550dd63707f7ceea8ca463dd"
}
},
{
"name": "dist/tuf-1.1.0-py3-none-any.whl",
"digest": {
"sha256": "3f7f52edc7988e46dfa6f8a0e54d4c26a0ab8054b45b2e7bd81d29bec1b890ac"
}
}
],
"predicate": {
"builder": {
"id": "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/slsa2_provenance.yml@refs/heads/main"
},
"buildType": "https://github.com/slsa-framework/slsa-github-generator@v1",
"invocation": {
"configSource": {
"uri": "git+https://github.com/joshuagl/tuf@refs/heads/develop",
"digest": {
"sha1": "95db316dad278a3367f3f8c2ac5c86143caca707"
},
"entryPoint": "SLSA Provenance"
},
"parameters": {},
"environment": {
"github_actor": "joshuagl",
"github_base_ref": "",
"github_event_name": "workflow_dispatch",
"github_event_payload": {
"inputs": null,
"ref": "refs/heads/develop",
"repository": {
"allow_forking": true,
"archive_url": "https://api.github.com/repos/joshuagl/tuf/{archive_format}{/ref}",
"archived": false,
"assignees_url": "https://api.github.com/repos/joshuagl/tuf/assignees{/user}",
"blobs_url": "https://api.github.com/repos/joshuagl/tuf/git/blobs{/sha}",
"branches_url": "https://api.github.com/repos/joshuagl/tuf/branches{/branch}",
"clone_url": "https://github.com/joshuagl/tuf.git",
"collaborators_url": "https://api.github.com/repos/joshuagl/tuf/collaborators{/collaborator}",
"comments_url": "https://api.github.com/repos/joshuagl/tuf/comments{/number}",
"commits_url": "https://api.github.com/repos/joshuagl/tuf/commits{/sha}",
"compare_url": "https://api.github.com/repos/joshuagl/tuf/compare/{base}...{head}",
"contents_url": "https://api.github.com/repos/joshuagl/tuf/contents/{+path}",
"contributors_url": "https://api.github.com/repos/joshuagl/tuf/contributors",
"created_at": "2019-09-13T11:19:52Z",
"default_branch": "develop",
"deployments_url": "https://api.github.com/repos/joshuagl/tuf/deployments",
"description": "A framework for securing software update systems",
"disabled": false,
"downloads_url": "https://api.github.com/repos/joshuagl/tuf/downloads",
"events_url": "https://api.github.com/repos/joshuagl/tuf/events",
"fork": true,
"forks": 0,
"forks_count": 0,
"forks_url": "https://api.github.com/repos/joshuagl/tuf/forks",
"full_name": "joshuagl/tuf",
"git_commits_url": "https://api.github.com/repos/joshuagl/tuf/git/commits{/sha}",
"git_refs_url": "https://api.github.com/repos/joshuagl/tuf/git/refs{/sha}",
"git_tags_url": "https://api.github.com/repos/joshuagl/tuf/git/tags{/sha}",
"git_url": "git://github.com/joshuagl/tuf.git",
"has_downloads": true,
"has_issues": false,
"has_pages": false,
"has_projects": true,
"has_wiki": true,
"homepage": "https://theupdateframework.com/",
"hooks_url": "https://api.github.com/repos/joshuagl/tuf/hooks",
"html_url": "https://github.com/joshuagl/tuf",
"id": 208249887,
"is_template": false,
"issue_comment_url": "https://api.github.com/repos/joshuagl/tuf/issues/comments{/number}",
"issue_events_url": "https://api.github.com/repos/joshuagl/tuf/issues/events{/number}",
"issues_url": "https://api.github.com/repos/joshuagl/tuf/issues{/number}",
"keys_url": "https://api.github.com/repos/joshuagl/tuf/keys{/key_id}",
"labels_url": "https://api.github.com/repos/joshuagl/tuf/labels{/name}",
"language": "Python",
"languages_url": "https://api.github.com/repos/joshuagl/tuf/languages",
"license": {
"key": "other",
"name": "Other",
"node_id": "MDc6TGljZW5zZTA=",
"spdx_id": "NOASSERTION",
"url": null
},
"merges_url": "https://api.github.com/repos/joshuagl/tuf/merges",
"milestones_url": "https://api.github.com/repos/joshuagl/tuf/milestones{/number}",
"mirror_url": null,
"name": "tuf",
"node_id": "MDEwOlJlcG9zaXRvcnkyMDgyNDk4ODc=",
"notifications_url": "https://api.github.com/repos/joshuagl/tuf/notifications{?since,all,participating}",
"open_issues": 3,
"open_issues_count": 3,
"owner": {
"avatar_url": "https://avatars.githubusercontent.com/u/13888612?v=4",
"events_url": "https://api.github.com/users/joshuagl/events{/privacy}",
"followers_url": "https://api.github.com/users/joshuagl/followers",
"following_url": "https://api.github.com/users/joshuagl/following{/other_user}",
"gists_url": "https://api.github.com/users/joshuagl/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/joshuagl",
"id": 13888612,
"login": "joshuagl",
"node_id": "MDQ6VXNlcjEzODg4NjEy",
"organizations_url": "https://api.github.com/users/joshuagl/orgs",
"received_events_url": "https://api.github.com/users/joshuagl/received_events",
"repos_url": "https://api.github.com/users/joshuagl/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/joshuagl/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/joshuagl/subscriptions",
"type": "User",
"url": "https://api.github.com/users/joshuagl"
},
"private": false,
"pulls_url": "https://api.github.com/repos/joshuagl/tuf/pulls{/number}",
"pushed_at": "2022-05-16T10:48:11Z",
"releases_url": "https://api.github.com/repos/joshuagl/tuf/releases{/id}",
"size": 16679,
"ssh_url": "git@github.com:joshuagl/tuf.git",
"stargazers_count": 0,
"stargazers_url": "https://api.github.com/repos/joshuagl/tuf/stargazers",
"statuses_url": "https://api.github.com/repos/joshuagl/tuf/statuses/{sha}",
"subscribers_url": "https://api.github.com/repos/joshuagl/tuf/subscribers",
"subscription_url": "https://api.github.com/repos/joshuagl/tuf/subscription",
"svn_url": "https://github.com/joshuagl/tuf",
"tags_url": "https://api.github.com/repos/joshuagl/tuf/tags",
"teams_url": "https://api.github.com/repos/joshuagl/tuf/teams",
"topics": [],
"trees_url": "https://api.github.com/repos/joshuagl/tuf/git/trees{/sha}",
"updated_at": "2022-05-10T11:04:22Z",
"url": "https://api.github.com/repos/joshuagl/tuf",
"visibility": "public",
"watchers": 0,
"watchers_count": 0
},
"sender": {
"avatar_url": "https://avatars.githubusercontent.com/u/13888612?v=4",
"events_url": "https://api.github.com/users/joshuagl/events{/privacy}",
"followers_url": "https://api.github.com/users/joshuagl/followers",
"following_url": "https://api.github.com/users/joshuagl/following{/other_user}",
"gists_url": "https://api.github.com/users/joshuagl/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/joshuagl",
"id": 13888612,
"login": "joshuagl",
"node_id": "MDQ6VXNlcjEzODg4NjEy",
"organizations_url": "https://api.github.com/users/joshuagl/orgs",
"received_events_url": "https://api.github.com/users/joshuagl/received_events",
"repos_url": "https://api.github.com/users/joshuagl/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/joshuagl/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/joshuagl/subscriptions",
"type": "User",
"url": "https://api.github.com/users/joshuagl"
},
"workflow": ".github/workflows/slsa-provenance.yml"
},
"github_head_ref": "",
"github_ref": "refs/heads/develop",
"github_ref_type": "branch",
"github_run_attempt": "1",
"github_run_id": "2331385347",
"github_run_number": "15",
"github_sha1": "95db316dad278a3367f3f8c2ac5c86143caca707"
}
},
"metadata": {
"buildInvocationID": "2331385347-1",
"completeness": {
"parameters": true,
"environment": false,
"materials": false
},
"reproducible": false
},
"materials": [
{
"uri": "git+https://github.com/joshuagl/tuf@refs/heads/develop",
"digest": {
"sha1": "95db316dad278a3367f3f8c2ac5c86143caca707"
}
}
]
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment