build

.v1beta1. build

Source:

Members

(static) KeyType :number

Public key formats

Properties:
Name Type Description
KEY_TYPE_UNSPECIFIED number

KeyType is not set.
PGP_ASCII_ARMORED number

PGP ASCII Armored public key.
PKIX_PEM number

PKIX PEM public key.
Source:

Type Definitions

Build

Note holding the version of the provider's builder and the signature of the provenance message in linked BuildDetails.

Properties:
Name Type Description
builderVersion string

Version of the builder which produced this Note.
signature Object

Signature of the build in Occurrences pointing to the Note containing this BuilderDetails.

This object should have the same structure as BuildSignature
Source:
See:

BuildSignature

Message encapsulating the signature of the verified build.

Properties:
Name Type Description
publicKey string

Public key of the builder which can be used to verify that the related findings are valid and unchanged. If key_type is empty, this defaults to PEM encoded public keys.

This field may be empty if key_id references an external key.

For Cloud Container Builder based signatures, this is a PEM encoded public key. To verify the Cloud Container Builder signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes from BuildDetails are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature: openssl sha256 -verify public.pem -signature signature.bin signed.bin
signature Buffer

Signature of the related BuildProvenance. In JSON, this is base-64 encoded.
keyId string

An ID for the key used to sign. This could be either an Id for the key stored in public_key (such as the Id or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).
keyType number

The type of the key, either stored in public_key or referenced in key_id

The number should be among the values of KeyType
Source:
See:

Details

Details of a build occurrence.

Properties:
Name Type Description
provenance Object

The actual provenance for the build.

This object should have the same structure as BuildProvenance
provenanceBytes string

Serialized JSON representation of the provenance, used in generating the BuildSignature in the corresponding Result. After verifying the signature, provenance_bytes can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification.

The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes.
Source:
See: