namespace static

grafeas.v1beta1.build

Source: index.js:51

Property

KeyType

Abstract types

Build
BuildSignature
Details

Property

static

KeyType  number

Public key formats

Properties

Name Type Optional Description

KEY_TYPE_UNSPECIFIED

 

 

KeyType is not set.

PGP_ASCII_ARMORED

 

 

PGP ASCII Armored public key.

PKIX_PEM

 

 

PKIX PEM public key.

Abstract types

static

Build

Note holding the version of the provider's builder and the signature of the provenance message in linked BuildDetails.

Properties

Name Type Optional Description

builderVersion

string

 

Version of the builder which produced this Note.

signature

Object

 

Signature of the build in Occurrences pointing to the Note containing this BuilderDetails.

This object should have the same structure as BuildSignature
See also

grafeas.v1beta1.build.Build definition in proto format

static

BuildSignature

Message encapsulating the signature of the verified build.

Properties

Name Type Optional Description

publicKey

string

 

Public key of the builder which can be used to verify that the related findings are valid and unchanged. If key_type is empty, this defaults to PEM encoded public keys.

This field may be empty if key_id references an external key.

For Cloud Container Builder based signatures, this is a PEM encoded public key. To verify the Cloud Container Builder signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes from BuildDetails are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature: openssl sha256 -verify public.pem -signature signature.bin signed.bin

signature

Buffer

 

Signature of the related BuildProvenance. In JSON, this is base-64 encoded.

keyId

string

 

An ID for the key used to sign. This could be either an Id for the key stored in public_key (such as the Id or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).

keyType

number

 

The type of the key, either stored in public_key or referenced in key_id

The number should be among the values of KeyType
See also

grafeas.v1beta1.build.BuildSignature definition in proto format

static

Details

Details of a build occurrence.

Properties

Name Type Optional Description

provenance

Object

 

The actual provenance for the build.

This object should have the same structure as BuildProvenance

provenanceBytes

string

 

Serialized JSON representation of the provenance, used in generating the BuildSignature in the corresponding Result. After verifying the signature, provenance_bytes can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification.

The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes.
See also

grafeas.v1beta1.build.Details definition in proto format