Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

in-toto Attestation Framework Output #6208

Open
Forrin opened this issue Apr 24, 2024 · 2 comments · May be fixed by #6488
Open

in-toto Attestation Framework Output #6208

Forrin opened this issue Apr 24, 2024 · 2 comments · May be fixed by #6488
Labels
contribution requested This is a great feature idea, but we will need a contribution to get it added to Checkov. enhancement New feature or request outputs

Comments

@Forrin
Copy link

Forrin commented Apr 24, 2024

Describe the issue

We're using Checkov and interested in a different output format. We'd like the data to follow the in-toto Attestation Specification. In-toto has a vulnerability predicate type that can be seen here; https://github.com/in-toto/attestation/blob/main/spec/predicates/vuln.md

The full in-toto Attestation spec can be seen here; https://github.com/in-toto/attestation/tree/main/spec

This format is used for signed metadata related to more than just security scans. It's useful for analyzing what occurred during a software pipeline.

The in-toto tooling is under the CNCF, which is part of the Linux Foundation.

Trivy supports this output, so adding it to Checkov would be a great addition. We have some dev resources that can assist with this, most likely.
@Forrin Forrin added the outputs label Apr 24, 2024
@tsmithv11 tsmithv11 added contribution requested This is a great feature idea, but we will need a contribution to get it added to Checkov. enhancement New feature or request labels Apr 25, 2024
@ChanochShayner ChanochShayner linked a pull request Jun 27, 2024 that will close this issue
Open
7 tasks
@ChanochShayner
Copy link
Contributor

Hey @Forrin
We have a contribution PR for this - #6488
Do you want to take a look?
Thanks.

@Forrin
Copy link
Author

Forrin commented Jul 18, 2024

Hey @Forrin We have a contribution PR for this - #6488 Do you want to take a look? Thanks.

Sure, I'll take a look in a bit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
contribution requested This is a great feature idea, but we will need a contribution to get it added to Checkov. enhancement New feature or request outputs
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(general): In toto output format SaraWeinberg1234/checkov
3 participants
@Forrin @tsmithv11 @ChanochShayner