chore: Update attestors and commands documentation.

Signed-off-by: Matthias Glastra <matglas.git@gmail.com>
in-toto · Feb 17, 2025 · ebc3f07 · ebc3f07
1 parent 9a3e894
commit ebc3f07
Show file tree

Hide file tree

Showing 9 changed files with 106 additions and 2 deletions.
diff --git a/docs/attestors/git.json b/docs/attestors/git.json
@@ -142,3 +142,4 @@
     }
   }
 }
+
diff --git a/docs/attestors/git.md b/docs/attestors/git.md
@@ -8,7 +8,6 @@ Both staged and unstaged states are recorded.
 The attestor returns the SHA1 ([Secure Hash Algorithm 1](https://en.wikipedia.org/wiki/SHA-1)) git commit hash as a subject.
 
 ## Schema
-
 ```json
 {
   "$schema": "https://json-schema.org/draft/2020-12/schema",

diff --git a/docs/attestors/jenkins.md b/docs/attestors/jenkins.md
@@ -4,7 +4,6 @@ The [Jenkins](https://www.jenkins.io/) Attestor records information about the Je
 Witness was run.
 
 ## Schema
-
 ```json
 {
   "$schema": "https://json-schema.org/draft/2020-12/schema",

diff --git a/docs/attestors/lockfiles.json b/docs/attestors/lockfiles.json
@@ -0,0 +1,48 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$ref": "#/$defs/Attestor",
+  "$defs": {
+    "Attestor": {
+      "properties": {
+        "lockfiles": {
+          "items": {
+            "$ref": "#/$defs/LockfileInfo"
+          },
+          "type": "array"
+        }
+      },
+      "additionalProperties": false,
+      "type": "object",
+      "required": [
+        "lockfiles"
+      ]
+    },
+    "DigestSet": {
+      "additionalProperties": {
+        "type": "string"
+      },
+      "type": "object"
+    },
+    "LockfileInfo": {
+      "properties": {
+        "filename": {
+          "type": "string"
+        },
+        "content": {
+          "type": "string"
+        },
+        "digest": {
+          "$ref": "#/$defs/DigestSet"
+        }
+      },
+      "additionalProperties": false,
+      "type": "object",
+      "required": [
+        "filename",
+        "content",
+        "digest"
+      ]
+    }
+  }
+}
+
diff --git a/docs/attestors/lockfiles.md b/docs/attestors/lockfiles.md
@@ -0,0 +1,50 @@
+## Schema
+```json
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$ref": "#/$defs/Attestor",
+  "$defs": {
+    "Attestor": {
+      "properties": {
+        "lockfiles": {
+          "items": {
+            "$ref": "#/$defs/LockfileInfo"
+          },
+          "type": "array"
+        }
+      },
+      "additionalProperties": false,
+      "type": "object",
+      "required": [
+        "lockfiles"
+      ]
+    },
+    "DigestSet": {
+      "additionalProperties": {
+        "type": "string"
+      },
+      "type": "object"
+    },
+    "LockfileInfo": {
+      "properties": {
+        "filename": {
+          "type": "string"
+        },
+        "content": {
+          "type": "string"
+        },
+        "digest": {
+          "$ref": "#/$defs/DigestSet"
+        }
+      },
+      "additionalProperties": false,
+      "type": "object",
+      "required": [
+        "filename",
+        "content",
+        "digest"
+      ]
+    }
+  }
+}
+```
diff --git a/docs/attestors/omnitrail.json b/docs/attestors/omnitrail.json
@@ -143,3 +143,4 @@
     }
   }
 }
+
diff --git a/docs/attestors/sbom.json b/docs/attestors/sbom.json
@@ -15,3 +15,4 @@
     }
   }
 }
+
diff --git a/docs/attestors/vex.json b/docs/attestors/vex.json
@@ -200,3 +200,4 @@
     }
   }
 }
+
diff --git a/docs/commands.md b/docs/commands.md
@@ -52,6 +52,10 @@ witness run [cmd] [flags]
       --attestor-slsa-export                          Export the SLSA provenance predicate in its own attestation
       --dirhash-glob strings                          Dirhash glob can be used to collapse material and product hashes on matching directory matches.
       --enable-archivista                             Use Archivista to store or retrieve attestations
+      --env-add-sensitive-key strings                 Add keys or globs (e.g. '*TEXT') to the list of sensitive environment keys.
+      --env-disable-default-sensitive-vars            Disable the default list of sensitive vars and only use the items mentioned by --add-sensitive-key.
+      --env-exclude-sensitive-key strings             Exclude specific keys from the list of sensitive environment keys. Note: This does not support globs.
+      --env-filter-sensitive-vars                     Switch from obfuscate to filtering variables which removes them from the output completely.
       --hashes strings                                Hashes selected for digest calculation. Defaults to SHA256 (default [sha256])
   -h, --help                                          help for run
   -o, --outfile string                                File to write signed data to
-Original file line number
+Diff line change
@@ Expand Up / @@ -8,7 +8,6 @@ Both staged and unstaged states are recorded. @@
     The attestor returns the SHA1 ([Secure Hash Algorithm 1](https://en.wikipedia.org/wiki/SHA-1)) git commit hash as a subject.
     ## Schema
     ```json
     {
       "$schema": "https://json-schema.org/draft/2020-12/schema",
@@ Expand Down @@