Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update v1.md #860

Merged
merged 1 commit into from
May 16, 2023
Merged

Update v1.md #860

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Update v1.md 
Fix dead links to in-toto attestation spec.

Fixes #859.

Signed-off-by: kpk47 <1079282+kpk47@users.noreply.github.com>
  • Loading branch information
@kpk47
kpk47 authored May 15, 2023
commit c550a44bb3022e7614f86dfe0cf32ee237db84b1
18 changes: 9 additions & 9 deletions docs/provenance/v1.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,7 @@ REQUIRED for SLSA Build L1: `buildType`, `externalParameters`
<tr><th>Field<th>Type<th>Description

<tr id="buildType"><td><code>buildType</code>
<td>string (<a href="https://github.com/in-toto/attestation/blob/main/spec/v1.0/field_types.md#typeuri">TypeURI</a>)<td>
<td>string (<a href="https://github.com/in-toto/attestation/blob/main/spec/v1/field_types.md#typeuri">TypeURI</a>)<td>

Identifies the template for how to perform the build and interpret the
parameters and dependencies.
Expand Down Expand Up @@ -198,7 +198,7 @@ parameters because the build platform is already trusted, and in many cases it i
not practical to do so.

<tr id="resolvedDependencies"><td><code>resolvedDependencies</code>
<td>array (<a href="https://github.com/in-toto/attestation/blob/main/spec/v1.0/resource_descriptor.md">ResourceDescriptor</a>)<td>
<td>array (<a href="https://github.com/in-toto/attestation/blob/main/spec/v1/resource_descriptor.md">ResourceDescriptor</a>)<td>

Unordered collection of artifacts needed at build time. Completeness is best
effort, at least through SLSA Build L3. For example, if the build script
Expand Down Expand Up @@ -306,7 +306,7 @@ have correctly performed the operation and populated this provenance.
Metadata about this particular execution of the build.

<tr id="byproducts"><td><code>byproducts</code>
<td>array (<a href="https://github.com/in-toto/attestation/blob/main/spec/v1.0/resource_descriptor.md">ResourceDescriptor</a>)<td>
<td>array (<a href="https://github.com/in-toto/attestation/blob/main/spec/v1/resource_descriptor.md">ResourceDescriptor</a>)<td>

Additional artifacts generated during the build that are not considered
the "output" of the build but that might be needed during debugging or
Expand All @@ -329,7 +329,7 @@ REQUIRED for SLSA Build L1: `id`
<tr><th>Field<th>Type<th>Description

<tr id="builder.id"><td><code>id</code>
<td>string (<a href="https://github.com/in-toto/attestation/blob/main/spec/v1.0/field_types.md#typeuri">TypeURI</a>)<td>
<td>string (<a href="https://github.com/in-toto/attestation/blob/main/spec/v1/field_types.md#typeuri">TypeURI</a>)<td>

URI indicating the transitive closure of the trusted build platform. This is
[intended](/spec/v1.0/verifying-artifacts#step-1-check-slsa-build-level)
Expand All @@ -350,7 +350,7 @@ The `builder.id` URI SHOULD resolve to documentation explaining:
- The interpretation of any extension fields.

<tr id="builderDependencies"><td><code>builderDependencies</code>
<td>array (<a href="https://github.com/in-toto/attestation/blob/main/spec/v1.0/resource_descriptor.md">ResourceDescriptor</a>)<td>
<td>array (<a href="https://github.com/in-toto/attestation/blob/main/spec/v1/resource_descriptor.md">ResourceDescriptor</a>)<td>

Dependencies used by the orchestrator that are not run within the workload
and that do not affect the build, but might affect the provenance generation
Expand Down Expand Up @@ -407,12 +407,12 @@ defined by `builder.id`; by default it is treated as opaque and case-sensitive.
The value SHOULD be globally unique.

<tr id="startedOn"><td><code>startedOn</code>
<td>string (<a href="https://github.com/in-toto/attestation/blob/main/spec/v1.0/field_types.md#timestamp">Timestamp</a>)<td>
<td>string (<a href="https://github.com/in-toto/attestation/blob/main/spec/v1/field_types.md#timestamp">Timestamp</a>)<td>

The timestamp of when the build started.

<tr id="finishedOn"><td><code>finishedOn</code>
<td>string (<a href="https://github.com/in-toto/attestation/blob/main/spec/v1.0/field_types.md#timestamp">Timestamp</a>)<td>
<td>string (<a href="https://github.com/in-toto/attestation/blob/main/spec/v1/field_types.md#timestamp">Timestamp</a>)<td>

The timestamp of when the build completed.

Expand Down Expand Up @@ -576,9 +576,9 @@ Renamed to "slsa.dev/provenance".

Initial version, named "in-toto.io/Provenance"

[Statement]: https://github.com/in-toto/attestation/blob/main/spec/v1.0/statement.md
[Statement]: https://github.com/in-toto/attestation/blob/main/spec/v1/statement.md
[in-toto attestation]: https://github.com/in-toto/attestation
[parsing rules]: https://github.com/in-toto/attestation/blob/main/spec/v1.0/README.md#parsing-rules
[parsing rules]: https://github.com/in-toto/attestation/blob/main/spec/v1/README.md#parsing-rules
[purl]: https://github.com/package-url/purl-spec
[threats]: /spec/v1.0/threats
[trusted]: /spec/v1.0/principles#trust-platforms-verify-artifacts