Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add proto definition for vuln predicate type #345

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Add proto definition for vuln predicate type #345

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
cd455a3
add protobuf objects for vuln predicate type
hectorj2f Apr 8, 2024
21daf07
add repeated type to fields
hectorj2f Aug 7, 2024
4b14106
README: add some documentation about vulnerabilities
hectorj2f Aug 7, 2024
84e529c
address reviewer comments
hectorj2f Sep 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions protos/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ predicates have protobuf definitions:
artifact.
- [SCAI]: Evidence-based assertions about software artifact and supply
chain attributes.
- [VULN]: Describes how to store the results of scanners when detecting vulnerabilities in a software artifact.
chain attributes.
- [Test Result]: Expresses the result of a test run in the software supply
chain.

Expand Down Expand Up @@ -50,6 +52,7 @@ testing the supported language bindings.
[SCAI]: in_toto_attestation/predicates/scai/
[SLSA Provenance]: in_toto_attestation/predicates/provenance/
[SLSA Verification Summary]: in_toto_attestation/predicates/vsa/
[VULN]: in_toto_attestation/predicates/vuln/
[in-toto Link]: in_toto_attestation/predicates/link/
[Test Result]: in_toto_attestation/predicates/test_result/
[documentation]: ../docs/protos.md
Expand Down
50 changes: 50 additions & 0 deletions protos/in_toto_attestation/predicates/vuln/v1/vuln.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
syntax = "proto3";

package in_toto_attestation.predicates.vuln.v1;

import "google/protobuf/struct.proto";
import "google/protobuf/timestamp.proto";

option go_package = "github.com/in-toto/attestation/go/predicates/vuln/v1";
hectorj2f marked this conversation as resolved.
Show resolved Hide resolved
option java_package = "io.github.intoto.attestation.predicates.vuln.v1";

// Validation of all fields is left to the users of this proto.
message Vuln {
Scanner scanner = 1;
ScanMetadata scan_metadata = 2;
}

message Scanner {
string uri = 1;
string version = 2;
hectorj2f marked this conversation as resolved.
Show resolved Hide resolved
VulnDatabase database = 3;
Result result = 4;
hectorj2f marked this conversation as resolved.
Show resolved Hide resolved
}

message VulnDatabase {
optional string uri = 1;
optional string version = 2;
google.protobuf.Timestamp last_update = 3;
}

message Result {
repeated Vulnerability vulnerabilities = 3;
hectorj2f marked this conversation as resolved.
Show resolved Hide resolved
}

message Vulnerability {
string id = 1;
repeated Severity severity = 2;
hectorj2f marked this conversation as resolved.
Show resolved Hide resolved

message Severity {
string method = 1;
string score = 2;
}

repeated google.protobuf.Struct annotations = 3;
}

message ScanMetadata {
google.protobuf.Timestamp scan_started_on = 1;
google.protobuf.Timestamp scan_finished_on = 2;
}