diff --git a/cmd/attestors.go b/cmd/attestors.go
index 91c4590e..cc3e9e35 100644
--- a/cmd/attestors.go
+++ b/cmd/attestors.go
@@ -15,7 +15,9 @@
package cmd
import (
+ "bytes"
"context"
+ "encoding/json"
"fmt"
"os"
@@ -27,21 +29,48 @@ import (
func AttestorsCmd() *cobra.Command {
cmd := &cobra.Command{
- Use: "attestors",
+ Use: "attestors",
+ Short: "Get information about available attestors",
+ Long: "Get information about all the available attestors in Witness",
+ }
+
+ cmd.AddCommand(SchemaCmd())
+ cmd.AddCommand(ListCmd())
+
+ return cmd
+}
+
+func ListCmd() *cobra.Command {
+ cmd := &cobra.Command{
+ Use: "list",
Short: "List all available attestors",
Long: "Lists all the available attestors in Witness with supporting information",
SilenceErrors: true,
SilenceUsage: true,
DisableAutoGenTag: true,
RunE: func(cmd *cobra.Command, args []string) error {
- return runAttestors(cmd.Context())
+ return runList(cmd.Context())
},
}
+ return cmd
+}
+func SchemaCmd() *cobra.Command {
+ cmd := &cobra.Command{
+ Use: "schema",
+ Short: "Show the JSON schema of a specific attestor",
+ Long: "Print the JSON schema of the predicate that the specified attestor generates",
+ SilenceErrors: true,
+ SilenceUsage: true,
+ DisableAutoGenTag: true,
+ RunE: func(cmd *cobra.Command, args []string) error {
+ return runSchema(cmd.Context(), args)
+ },
+ }
return cmd
}
-func runAttestors(ctx context.Context) error {
+func runList(ctx context.Context) error {
items := [][]string{}
entries := attestation.RegistrationEntries()
for _, entry := range entries {
@@ -73,3 +102,33 @@ func runAttestors(ctx context.Context) error {
return nil
}
+
+func runSchema(ctx context.Context, args []string) error {
+ if len(args) == 0 {
+ return fmt.Errorf("You must specify an attestor to view the schema of. Use 'witness attestors' for a list of available attestors.")
+ } else if len(args) > 1 {
+ return fmt.Errorf("You can only get one attestor schema at a time.")
+ }
+
+ attestor, err := attestation.GetAttestor(args[0])
+ if err != nil {
+ return fmt.Errorf("Error getting attestor: %w", err)
+ }
+
+ schema := attestor.Schema()
+ schemaJson, err := schema.MarshalJSON()
+ if err != nil {
+ return fmt.Errorf("Error marshalling JSON schema: %w", err)
+ }
+
+ var indented bytes.Buffer
+ err = json.Indent(&indented, schemaJson, "", " ")
+ if err != nil {
+ fmt.Println("Error marshalling JSON schema:", err)
+ os.Exit(1)
+ }
+
+ fmt.Print(indented.String())
+
+ return nil
+}
diff --git a/docgen/docs.go b/docgen/docs.go
index 2e1fc4e7..80a1c0a1 100644
--- a/docgen/docs.go
+++ b/docgen/docs.go
@@ -16,12 +16,18 @@ package main
import (
"bytes"
+ "encoding/json"
"flag"
"fmt"
+ "log"
"os"
+ "strings"
"github.com/in-toto/witness/cmd"
"github.com/spf13/cobra/doc"
+
+ _ "github.com/in-toto/go-witness"
+ "github.com/in-toto/go-witness/attestation"
)
var directory string
@@ -32,6 +38,7 @@ func init() {
}
func main() {
+ log.Println("Generating CLI Reference documentation")
mdContent := "# Witness CLI Reference\n\nThis is the reference for the Witness command line tool, generated by [Cobra](https://cobra.dev/).\n\n"
// Generate markdown content for all commands
for _, command := range cmd.New().Commands() {
@@ -55,4 +62,64 @@ func main() {
fmt.Println("Error writing to file:", err)
os.Exit(1)
}
+
+ log.Println("Documentation generated successfully")
+
+ entries := attestation.RegistrationEntries()
+ for _, entry := range entries {
+ att := entry.Factory()
+ schema := att.Schema()
+ schemaJson, err := schema.MarshalJSON()
+ if err != nil {
+ fmt.Println("Error marshalling JSON schema:", err)
+ os.Exit(1)
+ }
+
+ var indented bytes.Buffer
+ err = json.Indent(&indented, schemaJson, "", " ")
+ if err != nil {
+ fmt.Println("Error marshalling JSON schema:", err)
+ os.Exit(1)
+ }
+
+ schemaContent := "## Schema" + "\n```json\n" + indented.String() + "```\n"
+ err = os.WriteFile(fmt.Sprintf("%s/attestors/%s.json", directory, att.Name()), []byte(indented.String()+"\n "), 0644)
+ if err != nil {
+ fmt.Println("Error writing to file:", err)
+ os.Exit(1)
+ }
+ log.Printf("Schema for %s written to %s/attestors/%s.json\n", att.Name(), directory, att.Name())
+ f, err := os.ReadFile(fmt.Sprintf("%s/attestors/%s.md", directory, att.Name()))
+ if err != nil {
+ fmt.Println("Error reading file:", err)
+ os.Exit(1)
+ }
+
+ // Find the index of "## Schema" string
+ index := strings.Index(string(f), "## Schema")
+ if index == -1 {
+ f = append(f, schemaContent...)
+
+ err = os.WriteFile(fmt.Sprintf("%s/attestors/%s.md", directory, att.Name()), f, 0644)
+ if err != nil {
+ fmt.Println("Error writing to file:", err)
+ os.Exit(1)
+ }
+ continue
+ }
+
+ // Truncate the content to remove everything after "## Schema"
+ f = f[:index]
+
+ f = append(f, schemaContent...)
+
+ err = os.WriteFile(fmt.Sprintf("%s/attestors/%s.md", directory, att.Name()), f, 0644)
+ if err != nil {
+ fmt.Println("Error writing to file:", err)
+ os.Exit(1)
+ }
+
+ log.Printf("Schema for %s written to %s/attestors/%s.md\n", att.Name(), directory, att.Name())
+
+ }
}
diff --git a/docgen/verify.sh b/docgen/verify.sh
index 8943a1e9..0d7874e7 100755
--- a/docgen/verify.sh
+++ b/docgen/verify.sh
@@ -20,6 +20,10 @@ set -e
tmpdir=$(mktemp -d)
tmpdir2=$(mktemp -d)
cp docs/commands.md "$tmpdir2/"
+mkdir "$tmpdir2/attestors"
+mkdir "$tmpdir/attestors"
+cp docs/attestors/* "$tmpdir2/attestors/"
+cp docs/attestors/*.md "$tmpdir/attestors/"
go run ./docgen --dir "$tmpdir"
echo "###########################################"
echo "If diffs are found, run: make docgen"
diff --git a/docs/attestors/aws-iid.md b/docs/attestors/aws-iid.md
deleted file mode 100644
index f3cc447f..00000000
--- a/docs/attestors/aws-iid.md
+++ /dev/null
@@ -1,16 +0,0 @@
-# AWS Instance Identity Attestor
-
-The AWS (Amazon Web Services) Instance Identity Attestor communicates with the AWS Instance Metadata to collect
-information about the AWS instance Witness on which executing. The document signature is
-verified with the AWS RSA public certificate available [here](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/verify-signature.html).
-This verification method currently does not work for the Hong Kong, Bahrain, Cape Town, Milan, China, or
-GovCloud regions.
-
-## Subjects
-
-| Subject | Description |
-| ------- | ----------- |
-| `instanceid` | The ID of the AWS instance where Witness was executed |
-| `accountid` | ID of the account that owns the AWS instance |
-| `imageid` | ID of the AMI ([Amazon Machine Image](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html)) the instance was running at time of execution |
-| `privateip` | IP address of the instance at time of execution |
diff --git a/docs/attestors/aws.json b/docs/attestors/aws.json
new file mode 100644
index 00000000..2c3987b6
--- /dev/null
+++ b/docs/attestors/aws.json
@@ -0,0 +1,97 @@
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/Attestor",
+ "$defs": {
+ "Attestor": {
+ "properties": {
+ "devpayProductCodes": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "marketplaceProductCodes": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "availabilityZone": {
+ "type": "string"
+ },
+ "privateIp": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ },
+ "region": {
+ "type": "string"
+ },
+ "instanceId": {
+ "type": "string"
+ },
+ "billingProducts": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "instanceType": {
+ "type": "string"
+ },
+ "accountId": {
+ "type": "string"
+ },
+ "pendingTime": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "imageId": {
+ "type": "string"
+ },
+ "kernelId": {
+ "type": "string"
+ },
+ "ramdiskId": {
+ "type": "string"
+ },
+ "architecture": {
+ "type": "string"
+ },
+ "rawiid": {
+ "type": "string"
+ },
+ "rawsig": {
+ "type": "string"
+ },
+ "publickey": {
+ "type": "string"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "devpayProductCodes",
+ "marketplaceProductCodes",
+ "availabilityZone",
+ "privateIp",
+ "version",
+ "region",
+ "instanceId",
+ "billingProducts",
+ "instanceType",
+ "accountId",
+ "pendingTime",
+ "imageId",
+ "kernelId",
+ "ramdiskId",
+ "architecture",
+ "rawiid",
+ "rawsig",
+ "publickey"
+ ]
+ }
+ }
+}
+
\ No newline at end of file
diff --git a/docs/attestors/aws.md b/docs/attestors/aws.md
new file mode 100644
index 00000000..92e4e873
--- /dev/null
+++ b/docs/attestors/aws.md
@@ -0,0 +1,115 @@
+# AWS Instance Identity Attestor
+
+The AWS (Amazon Web Services) Instance Identity Attestor communicates with the AWS Instance Metadata to collect
+information about the AWS instance Witness on which executing. The document signature is
+verified with the AWS RSA public certificate available [here](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/verify-signature.html).
+This verification method currently does not work for the Hong Kong, Bahrain, Cape Town, Milan, China, or
+GovCloud regions.
+
+## Subjects
+
+| Subject | Description |
+| ------- | ----------- |
+| `instanceid` | The ID of the AWS instance where Witness was executed |
+| `accountid` | ID of the account that owns the AWS instance |
+| `imageid` | ID of the AMI ([Amazon Machine Image](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html)) the instance was running at time of execution |
+| `privateip` | IP address of the instance at time of execution |
+
+## Schema
+```json
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/Attestor",
+ "$defs": {
+ "Attestor": {
+ "properties": {
+ "devpayProductCodes": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "marketplaceProductCodes": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "availabilityZone": {
+ "type": "string"
+ },
+ "privateIp": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ },
+ "region": {
+ "type": "string"
+ },
+ "instanceId": {
+ "type": "string"
+ },
+ "billingProducts": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "instanceType": {
+ "type": "string"
+ },
+ "accountId": {
+ "type": "string"
+ },
+ "pendingTime": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "imageId": {
+ "type": "string"
+ },
+ "kernelId": {
+ "type": "string"
+ },
+ "ramdiskId": {
+ "type": "string"
+ },
+ "architecture": {
+ "type": "string"
+ },
+ "rawiid": {
+ "type": "string"
+ },
+ "rawsig": {
+ "type": "string"
+ },
+ "publickey": {
+ "type": "string"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "devpayProductCodes",
+ "marketplaceProductCodes",
+ "availabilityZone",
+ "privateIp",
+ "version",
+ "region",
+ "instanceId",
+ "billingProducts",
+ "instanceType",
+ "accountId",
+ "pendingTime",
+ "imageId",
+ "kernelId",
+ "ramdiskId",
+ "architecture",
+ "rawiid",
+ "rawsig",
+ "publickey"
+ ]
+ }
+ }
+}```
diff --git a/docs/attestors/command-run.json b/docs/attestors/command-run.json
new file mode 100644
index 00000000..665fb032
--- /dev/null
+++ b/docs/attestors/command-run.json
@@ -0,0 +1,87 @@
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/CommandRun",
+ "$defs": {
+ "CommandRun": {
+ "properties": {
+ "cmd": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "stdout": {
+ "type": "string"
+ },
+ "stderr": {
+ "type": "string"
+ },
+ "exitcode": {
+ "type": "integer"
+ },
+ "processes": {
+ "items": {
+ "$ref": "#/$defs/ProcessInfo"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "cmd",
+ "exitcode"
+ ]
+ },
+ "DigestSet": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object"
+ },
+ "ProcessInfo": {
+ "properties": {
+ "program": {
+ "type": "string"
+ },
+ "processid": {
+ "type": "integer"
+ },
+ "parentpid": {
+ "type": "integer"
+ },
+ "programdigest": {
+ "$ref": "#/$defs/DigestSet"
+ },
+ "comm": {
+ "type": "string"
+ },
+ "cmdline": {
+ "type": "string"
+ },
+ "exedigest": {
+ "$ref": "#/$defs/DigestSet"
+ },
+ "openedfiles": {
+ "additionalProperties": {
+ "$ref": "#/$defs/DigestSet"
+ },
+ "type": "object"
+ },
+ "environ": {
+ "type": "string"
+ },
+ "specbypassisvuln": {
+ "type": "boolean"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "processid",
+ "parentpid"
+ ]
+ }
+ }
+}
+
\ No newline at end of file
diff --git a/docs/attestors/command-run.md b/docs/attestors/command-run.md
new file mode 100644
index 00000000..8f76500e
--- /dev/null
+++ b/docs/attestors/command-run.md
@@ -0,0 +1,97 @@
+# Command Attestor
+
+The Command Attestor collects information about a command that TestifySec Witness executes and observes.
+The command arguments, exit code, stdout, and stderr will be collected and added to the attestation.
+
+Witness can optionally trace the command which will record all subprocesses started by the parent process
+as well as all files opened by all processes. Please note that tracing is currently supported only on
+Linux operating systems and is considered experimental.
+
+## Schema
+```json
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/CommandRun",
+ "$defs": {
+ "CommandRun": {
+ "properties": {
+ "cmd": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "stdout": {
+ "type": "string"
+ },
+ "stderr": {
+ "type": "string"
+ },
+ "exitcode": {
+ "type": "integer"
+ },
+ "processes": {
+ "items": {
+ "$ref": "#/$defs/ProcessInfo"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "cmd",
+ "exitcode"
+ ]
+ },
+ "DigestSet": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object"
+ },
+ "ProcessInfo": {
+ "properties": {
+ "program": {
+ "type": "string"
+ },
+ "processid": {
+ "type": "integer"
+ },
+ "parentpid": {
+ "type": "integer"
+ },
+ "programdigest": {
+ "$ref": "#/$defs/DigestSet"
+ },
+ "comm": {
+ "type": "string"
+ },
+ "cmdline": {
+ "type": "string"
+ },
+ "exedigest": {
+ "$ref": "#/$defs/DigestSet"
+ },
+ "openedfiles": {
+ "additionalProperties": {
+ "$ref": "#/$defs/DigestSet"
+ },
+ "type": "object"
+ },
+ "environ": {
+ "type": "string"
+ },
+ "specbypassisvuln": {
+ "type": "boolean"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "processid",
+ "parentpid"
+ ]
+ }
+ }
+}```
diff --git a/docs/attestors/commandrun.md b/docs/attestors/commandrun.md
deleted file mode 100644
index 57547417..00000000
--- a/docs/attestors/commandrun.md
+++ /dev/null
@@ -1,8 +0,0 @@
-# Command Attestor
-
-The Command Attestor collects information about a command that TestifySec Witness executes and observes.
-The command arguments, exit code, stdout, and stderr will be collected and added to the attestation.
-
-Witness can optionally trace the command which will record all subprocesses started by the parent process
-as well as all files opened by all processes. Please note that tracing is currently supported only on
-Linux operating systems and is considered experimental.
diff --git a/docs/attestors/environment.json b/docs/attestors/environment.json
new file mode 100644
index 00000000..f7dd135f
--- /dev/null
+++ b/docs/attestors/environment.json
@@ -0,0 +1,33 @@
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/Attestor",
+ "$defs": {
+ "Attestor": {
+ "properties": {
+ "os": {
+ "type": "string"
+ },
+ "hostname": {
+ "type": "string"
+ },
+ "username": {
+ "type": "string"
+ },
+ "variables": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "os",
+ "hostname",
+ "username"
+ ]
+ }
+ }
+}
+
\ No newline at end of file
diff --git a/docs/attestors/environment.md b/docs/attestors/environment.md
index 1743071b..30503db7 100644
--- a/docs/attestors/environment.md
+++ b/docs/attestors/environment.md
@@ -3,3 +3,38 @@
The Environment Attestor records the OS, hostname, username, and all environment variables set
by TestifySec Witness at execution time. Currently there is no means to block specific environment variables
so take care to not leak secrets stored in environment variables.
+
+## Schema
+```json
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/Attestor",
+ "$defs": {
+ "Attestor": {
+ "properties": {
+ "os": {
+ "type": "string"
+ },
+ "hostname": {
+ "type": "string"
+ },
+ "username": {
+ "type": "string"
+ },
+ "variables": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "os",
+ "hostname",
+ "username"
+ ]
+ }
+ }
+}```
diff --git a/docs/attestors/gcp-iit.json b/docs/attestors/gcp-iit.json
new file mode 100644
index 00000000..5e277278
--- /dev/null
+++ b/docs/attestors/gcp-iit.json
@@ -0,0 +1,559 @@
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/Attestor",
+ "$defs": {
+ "Attestor": {
+ "properties": {
+ "jwt": {
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/Attestor",
+ "$defs": {
+ "Attestor": {
+ "properties": {
+ "claims": {
+ "type": "object"
+ },
+ "verifiedBy": {
+ "$ref": "#/$defs/VerificationInfo"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "claims"
+ ]
+ },
+ "AttributeTypeAndValue": {
+ "properties": {
+ "Type": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "Value": true
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Type",
+ "Value"
+ ]
+ },
+ "Certificate": {
+ "properties": {
+ "Raw": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawTBSCertificate": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawSubjectPublicKeyInfo": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawSubject": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawIssuer": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "Signature": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "SignatureAlgorithm": {
+ "type": "integer"
+ },
+ "PublicKeyAlgorithm": {
+ "type": "integer"
+ },
+ "PublicKey": true,
+ "Version": {
+ "type": "integer"
+ },
+ "SerialNumber": {
+ "$ref": "#/$defs/Int"
+ },
+ "Issuer": {
+ "$ref": "#/$defs/Name"
+ },
+ "Subject": {
+ "$ref": "#/$defs/Name"
+ },
+ "NotBefore": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "NotAfter": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "KeyUsage": {
+ "type": "integer"
+ },
+ "Extensions": {
+ "items": {
+ "$ref": "#/$defs/Extension"
+ },
+ "type": "array"
+ },
+ "ExtraExtensions": {
+ "items": {
+ "$ref": "#/$defs/Extension"
+ },
+ "type": "array"
+ },
+ "UnhandledCriticalExtensions": {
+ "items": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "type": "array"
+ },
+ "ExtKeyUsage": {
+ "items": {
+ "type": "integer"
+ },
+ "type": "array"
+ },
+ "UnknownExtKeyUsage": {
+ "items": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "type": "array"
+ },
+ "BasicConstraintsValid": {
+ "type": "boolean"
+ },
+ "IsCA": {
+ "type": "boolean"
+ },
+ "MaxPathLen": {
+ "type": "integer"
+ },
+ "MaxPathLenZero": {
+ "type": "boolean"
+ },
+ "SubjectKeyId": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "AuthorityKeyId": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "OCSPServer": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "IssuingCertificateURL": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "DNSNames": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "EmailAddresses": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "IPAddresses": {
+ "items": {
+ "type": "string",
+ "format": "ipv4"
+ },
+ "type": "array"
+ },
+ "URIs": {
+ "items": {
+ "type": "string",
+ "format": "uri"
+ },
+ "type": "array"
+ },
+ "PermittedDNSDomainsCritical": {
+ "type": "boolean"
+ },
+ "PermittedDNSDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "ExcludedDNSDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PermittedIPRanges": {
+ "items": {
+ "$ref": "#/$defs/IPNet"
+ },
+ "type": "array"
+ },
+ "ExcludedIPRanges": {
+ "items": {
+ "$ref": "#/$defs/IPNet"
+ },
+ "type": "array"
+ },
+ "PermittedEmailAddresses": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "ExcludedEmailAddresses": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PermittedURIDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "ExcludedURIDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "CRLDistributionPoints": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PolicyIdentifiers": {
+ "items": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "type": "array"
+ },
+ "Policies": {
+ "items": {
+ "$ref": "#/$defs/OID"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Raw",
+ "RawTBSCertificate",
+ "RawSubjectPublicKeyInfo",
+ "RawSubject",
+ "RawIssuer",
+ "Signature",
+ "SignatureAlgorithm",
+ "PublicKeyAlgorithm",
+ "PublicKey",
+ "Version",
+ "SerialNumber",
+ "Issuer",
+ "Subject",
+ "NotBefore",
+ "NotAfter",
+ "KeyUsage",
+ "Extensions",
+ "ExtraExtensions",
+ "UnhandledCriticalExtensions",
+ "ExtKeyUsage",
+ "UnknownExtKeyUsage",
+ "BasicConstraintsValid",
+ "IsCA",
+ "MaxPathLen",
+ "MaxPathLenZero",
+ "SubjectKeyId",
+ "AuthorityKeyId",
+ "OCSPServer",
+ "IssuingCertificateURL",
+ "DNSNames",
+ "EmailAddresses",
+ "IPAddresses",
+ "URIs",
+ "PermittedDNSDomainsCritical",
+ "PermittedDNSDomains",
+ "ExcludedDNSDomains",
+ "PermittedIPRanges",
+ "ExcludedIPRanges",
+ "PermittedEmailAddresses",
+ "ExcludedEmailAddresses",
+ "PermittedURIDomains",
+ "ExcludedURIDomains",
+ "CRLDistributionPoints",
+ "PolicyIdentifiers",
+ "Policies"
+ ]
+ },
+ "Extension": {
+ "properties": {
+ "Id": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "Critical": {
+ "type": "boolean"
+ },
+ "Value": {
+ "type": "string",
+ "contentEncoding": "base64"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Id",
+ "Critical",
+ "Value"
+ ]
+ },
+ "IPMask": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "IPNet": {
+ "properties": {
+ "IP": {
+ "type": "string",
+ "format": "ipv4"
+ },
+ "Mask": {
+ "$ref": "#/$defs/IPMask"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "IP",
+ "Mask"
+ ]
+ },
+ "Int": {
+ "properties": {},
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "JSONWebKey": {
+ "properties": {
+ "Key": true,
+ "KeyID": {
+ "type": "string"
+ },
+ "Algorithm": {
+ "type": "string"
+ },
+ "Use": {
+ "type": "string"
+ },
+ "Certificates": {
+ "items": {
+ "$ref": "#/$defs/Certificate"
+ },
+ "type": "array"
+ },
+ "CertificatesURL": {
+ "type": "string",
+ "format": "uri"
+ },
+ "CertificateThumbprintSHA1": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "CertificateThumbprintSHA256": {
+ "type": "string",
+ "contentEncoding": "base64"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Key",
+ "KeyID",
+ "Algorithm",
+ "Use",
+ "Certificates",
+ "CertificatesURL",
+ "CertificateThumbprintSHA1",
+ "CertificateThumbprintSHA256"
+ ]
+ },
+ "Name": {
+ "properties": {
+ "Country": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "Organization": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "OrganizationalUnit": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "Locality": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "Province": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "StreetAddress": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PostalCode": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "SerialNumber": {
+ "type": "string"
+ },
+ "CommonName": {
+ "type": "string"
+ },
+ "Names": {
+ "items": {
+ "$ref": "#/$defs/AttributeTypeAndValue"
+ },
+ "type": "array"
+ },
+ "ExtraNames": {
+ "items": {
+ "$ref": "#/$defs/AttributeTypeAndValue"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Country",
+ "Organization",
+ "OrganizationalUnit",
+ "Locality",
+ "Province",
+ "StreetAddress",
+ "PostalCode",
+ "SerialNumber",
+ "CommonName",
+ "Names",
+ "ExtraNames"
+ ]
+ },
+ "OID": {
+ "properties": {},
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "ObjectIdentifier": {
+ "items": {
+ "type": "integer"
+ },
+ "type": "array"
+ },
+ "VerificationInfo": {
+ "properties": {
+ "jwksUrl": {
+ "type": "string"
+ },
+ "jwk": {
+ "$ref": "#/$defs/JSONWebKey"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "jwksUrl",
+ "jwk"
+ ]
+ }
+ }
+ },
+ "project_id": {
+ "type": "string"
+ },
+ "project_number": {
+ "type": "string"
+ },
+ "zone": {
+ "type": "string"
+ },
+ "instance_id": {
+ "type": "string"
+ },
+ "instance_hostname": {
+ "type": "string"
+ },
+ "instance_creation_timestamp": {
+ "type": "string"
+ },
+ "instance_confidentiality": {
+ "type": "string"
+ },
+ "licence_id": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "cluster_name": {
+ "type": "string"
+ },
+ "cluster_uid": {
+ "type": "string"
+ },
+ "cluster_location": {
+ "type": "string"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "jwt",
+ "project_id",
+ "project_number",
+ "zone",
+ "instance_id",
+ "instance_hostname",
+ "instance_creation_timestamp",
+ "instance_confidentiality",
+ "licence_id",
+ "cluster_name",
+ "cluster_uid",
+ "cluster_location"
+ ]
+ }
+ }
+}
+
\ No newline at end of file
diff --git a/docs/attestors/gcp-iit.md b/docs/attestors/gcp-iit.md
index 51c217af..ba228bc3 100644
--- a/docs/attestors/gcp-iit.md
+++ b/docs/attestors/gcp-iit.md
@@ -13,3 +13,564 @@ against Google's JWKS ([JSON Web Key Set](https://auth0.com/docs/secure/tokens/j
| `projectid` | The ID of the project to which the instance belonged |
| `projectnumber` | Number of the project to which the instance belonged |
| `clusteruid` | UID of the cluster if the execution environment was a [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine) (GKE) cluster |
+
+## Schema
+```json
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/Attestor",
+ "$defs": {
+ "Attestor": {
+ "properties": {
+ "jwt": {
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/Attestor",
+ "$defs": {
+ "Attestor": {
+ "properties": {
+ "claims": {
+ "type": "object"
+ },
+ "verifiedBy": {
+ "$ref": "#/$defs/VerificationInfo"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "claims"
+ ]
+ },
+ "AttributeTypeAndValue": {
+ "properties": {
+ "Type": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "Value": true
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Type",
+ "Value"
+ ]
+ },
+ "Certificate": {
+ "properties": {
+ "Raw": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawTBSCertificate": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawSubjectPublicKeyInfo": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawSubject": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawIssuer": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "Signature": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "SignatureAlgorithm": {
+ "type": "integer"
+ },
+ "PublicKeyAlgorithm": {
+ "type": "integer"
+ },
+ "PublicKey": true,
+ "Version": {
+ "type": "integer"
+ },
+ "SerialNumber": {
+ "$ref": "#/$defs/Int"
+ },
+ "Issuer": {
+ "$ref": "#/$defs/Name"
+ },
+ "Subject": {
+ "$ref": "#/$defs/Name"
+ },
+ "NotBefore": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "NotAfter": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "KeyUsage": {
+ "type": "integer"
+ },
+ "Extensions": {
+ "items": {
+ "$ref": "#/$defs/Extension"
+ },
+ "type": "array"
+ },
+ "ExtraExtensions": {
+ "items": {
+ "$ref": "#/$defs/Extension"
+ },
+ "type": "array"
+ },
+ "UnhandledCriticalExtensions": {
+ "items": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "type": "array"
+ },
+ "ExtKeyUsage": {
+ "items": {
+ "type": "integer"
+ },
+ "type": "array"
+ },
+ "UnknownExtKeyUsage": {
+ "items": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "type": "array"
+ },
+ "BasicConstraintsValid": {
+ "type": "boolean"
+ },
+ "IsCA": {
+ "type": "boolean"
+ },
+ "MaxPathLen": {
+ "type": "integer"
+ },
+ "MaxPathLenZero": {
+ "type": "boolean"
+ },
+ "SubjectKeyId": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "AuthorityKeyId": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "OCSPServer": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "IssuingCertificateURL": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "DNSNames": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "EmailAddresses": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "IPAddresses": {
+ "items": {
+ "type": "string",
+ "format": "ipv4"
+ },
+ "type": "array"
+ },
+ "URIs": {
+ "items": {
+ "type": "string",
+ "format": "uri"
+ },
+ "type": "array"
+ },
+ "PermittedDNSDomainsCritical": {
+ "type": "boolean"
+ },
+ "PermittedDNSDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "ExcludedDNSDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PermittedIPRanges": {
+ "items": {
+ "$ref": "#/$defs/IPNet"
+ },
+ "type": "array"
+ },
+ "ExcludedIPRanges": {
+ "items": {
+ "$ref": "#/$defs/IPNet"
+ },
+ "type": "array"
+ },
+ "PermittedEmailAddresses": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "ExcludedEmailAddresses": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PermittedURIDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "ExcludedURIDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "CRLDistributionPoints": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PolicyIdentifiers": {
+ "items": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "type": "array"
+ },
+ "Policies": {
+ "items": {
+ "$ref": "#/$defs/OID"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Raw",
+ "RawTBSCertificate",
+ "RawSubjectPublicKeyInfo",
+ "RawSubject",
+ "RawIssuer",
+ "Signature",
+ "SignatureAlgorithm",
+ "PublicKeyAlgorithm",
+ "PublicKey",
+ "Version",
+ "SerialNumber",
+ "Issuer",
+ "Subject",
+ "NotBefore",
+ "NotAfter",
+ "KeyUsage",
+ "Extensions",
+ "ExtraExtensions",
+ "UnhandledCriticalExtensions",
+ "ExtKeyUsage",
+ "UnknownExtKeyUsage",
+ "BasicConstraintsValid",
+ "IsCA",
+ "MaxPathLen",
+ "MaxPathLenZero",
+ "SubjectKeyId",
+ "AuthorityKeyId",
+ "OCSPServer",
+ "IssuingCertificateURL",
+ "DNSNames",
+ "EmailAddresses",
+ "IPAddresses",
+ "URIs",
+ "PermittedDNSDomainsCritical",
+ "PermittedDNSDomains",
+ "ExcludedDNSDomains",
+ "PermittedIPRanges",
+ "ExcludedIPRanges",
+ "PermittedEmailAddresses",
+ "ExcludedEmailAddresses",
+ "PermittedURIDomains",
+ "ExcludedURIDomains",
+ "CRLDistributionPoints",
+ "PolicyIdentifiers",
+ "Policies"
+ ]
+ },
+ "Extension": {
+ "properties": {
+ "Id": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "Critical": {
+ "type": "boolean"
+ },
+ "Value": {
+ "type": "string",
+ "contentEncoding": "base64"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Id",
+ "Critical",
+ "Value"
+ ]
+ },
+ "IPMask": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "IPNet": {
+ "properties": {
+ "IP": {
+ "type": "string",
+ "format": "ipv4"
+ },
+ "Mask": {
+ "$ref": "#/$defs/IPMask"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "IP",
+ "Mask"
+ ]
+ },
+ "Int": {
+ "properties": {},
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "JSONWebKey": {
+ "properties": {
+ "Key": true,
+ "KeyID": {
+ "type": "string"
+ },
+ "Algorithm": {
+ "type": "string"
+ },
+ "Use": {
+ "type": "string"
+ },
+ "Certificates": {
+ "items": {
+ "$ref": "#/$defs/Certificate"
+ },
+ "type": "array"
+ },
+ "CertificatesURL": {
+ "type": "string",
+ "format": "uri"
+ },
+ "CertificateThumbprintSHA1": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "CertificateThumbprintSHA256": {
+ "type": "string",
+ "contentEncoding": "base64"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Key",
+ "KeyID",
+ "Algorithm",
+ "Use",
+ "Certificates",
+ "CertificatesURL",
+ "CertificateThumbprintSHA1",
+ "CertificateThumbprintSHA256"
+ ]
+ },
+ "Name": {
+ "properties": {
+ "Country": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "Organization": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "OrganizationalUnit": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "Locality": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "Province": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "StreetAddress": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PostalCode": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "SerialNumber": {
+ "type": "string"
+ },
+ "CommonName": {
+ "type": "string"
+ },
+ "Names": {
+ "items": {
+ "$ref": "#/$defs/AttributeTypeAndValue"
+ },
+ "type": "array"
+ },
+ "ExtraNames": {
+ "items": {
+ "$ref": "#/$defs/AttributeTypeAndValue"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Country",
+ "Organization",
+ "OrganizationalUnit",
+ "Locality",
+ "Province",
+ "StreetAddress",
+ "PostalCode",
+ "SerialNumber",
+ "CommonName",
+ "Names",
+ "ExtraNames"
+ ]
+ },
+ "OID": {
+ "properties": {},
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "ObjectIdentifier": {
+ "items": {
+ "type": "integer"
+ },
+ "type": "array"
+ },
+ "VerificationInfo": {
+ "properties": {
+ "jwksUrl": {
+ "type": "string"
+ },
+ "jwk": {
+ "$ref": "#/$defs/JSONWebKey"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "jwksUrl",
+ "jwk"
+ ]
+ }
+ }
+ },
+ "project_id": {
+ "type": "string"
+ },
+ "project_number": {
+ "type": "string"
+ },
+ "zone": {
+ "type": "string"
+ },
+ "instance_id": {
+ "type": "string"
+ },
+ "instance_hostname": {
+ "type": "string"
+ },
+ "instance_creation_timestamp": {
+ "type": "string"
+ },
+ "instance_confidentiality": {
+ "type": "string"
+ },
+ "licence_id": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "cluster_name": {
+ "type": "string"
+ },
+ "cluster_uid": {
+ "type": "string"
+ },
+ "cluster_location": {
+ "type": "string"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "jwt",
+ "project_id",
+ "project_number",
+ "zone",
+ "instance_id",
+ "instance_hostname",
+ "instance_creation_timestamp",
+ "instance_confidentiality",
+ "licence_id",
+ "cluster_name",
+ "cluster_uid",
+ "cluster_location"
+ ]
+ }
+ }
+}```
diff --git a/docs/attestors/git.json b/docs/attestors/git.json
new file mode 100644
index 00000000..ae8acfc4
--- /dev/null
+++ b/docs/attestors/git.json
@@ -0,0 +1,132 @@
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/Attestor",
+ "$defs": {
+ "Attestor": {
+ "properties": {
+ "commithash": {
+ "type": "string"
+ },
+ "author": {
+ "type": "string"
+ },
+ "authoremail": {
+ "type": "string"
+ },
+ "committername": {
+ "type": "string"
+ },
+ "committeremail": {
+ "type": "string"
+ },
+ "commitdate": {
+ "type": "string"
+ },
+ "commitmessage": {
+ "type": "string"
+ },
+ "status": {
+ "additionalProperties": {
+ "$ref": "#/$defs/Status"
+ },
+ "type": "object"
+ },
+ "commitdigest": {
+ "$ref": "#/$defs/DigestSet"
+ },
+ "signature": {
+ "type": "string"
+ },
+ "parenthashes": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "treehash": {
+ "type": "string"
+ },
+ "refs": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "remotes": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "tags": {
+ "items": {
+ "$ref": "#/$defs/Tag"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "commithash",
+ "author",
+ "authoremail",
+ "committername",
+ "committeremail",
+ "commitdate",
+ "commitmessage"
+ ]
+ },
+ "DigestSet": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object"
+ },
+ "Status": {
+ "properties": {
+ "staging": {
+ "type": "string"
+ },
+ "worktree": {
+ "type": "string"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Tag": {
+ "properties": {
+ "name": {
+ "type": "string"
+ },
+ "taggername": {
+ "type": "string"
+ },
+ "taggeremail": {
+ "type": "string"
+ },
+ "when": {
+ "type": "string"
+ },
+ "pgpsignature": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "name",
+ "taggername",
+ "taggeremail",
+ "when",
+ "pgpsignature",
+ "message"
+ ]
+ }
+ }
+}
+
\ No newline at end of file
diff --git a/docs/attestors/git.md b/docs/attestors/git.md
index 636e1bd4..af5922b2 100644
--- a/docs/attestors/git.md
+++ b/docs/attestors/git.md
@@ -7,3 +7,137 @@ Both staged and unstaged states are recorded.
## Subjects
The attestor returns the SHA1 ([Secure Hash Algorithm 1](https://en.wikipedia.org/wiki/SHA-1)) git commit hash as a subject.
+
+## Schema
+```json
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/Attestor",
+ "$defs": {
+ "Attestor": {
+ "properties": {
+ "commithash": {
+ "type": "string"
+ },
+ "author": {
+ "type": "string"
+ },
+ "authoremail": {
+ "type": "string"
+ },
+ "committername": {
+ "type": "string"
+ },
+ "committeremail": {
+ "type": "string"
+ },
+ "commitdate": {
+ "type": "string"
+ },
+ "commitmessage": {
+ "type": "string"
+ },
+ "status": {
+ "additionalProperties": {
+ "$ref": "#/$defs/Status"
+ },
+ "type": "object"
+ },
+ "commitdigest": {
+ "$ref": "#/$defs/DigestSet"
+ },
+ "signature": {
+ "type": "string"
+ },
+ "parenthashes": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "treehash": {
+ "type": "string"
+ },
+ "refs": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "remotes": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "tags": {
+ "items": {
+ "$ref": "#/$defs/Tag"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "commithash",
+ "author",
+ "authoremail",
+ "committername",
+ "committeremail",
+ "commitdate",
+ "commitmessage"
+ ]
+ },
+ "DigestSet": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object"
+ },
+ "Status": {
+ "properties": {
+ "staging": {
+ "type": "string"
+ },
+ "worktree": {
+ "type": "string"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Tag": {
+ "properties": {
+ "name": {
+ "type": "string"
+ },
+ "taggername": {
+ "type": "string"
+ },
+ "taggeremail": {
+ "type": "string"
+ },
+ "when": {
+ "type": "string"
+ },
+ "pgpsignature": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "name",
+ "taggername",
+ "taggeremail",
+ "when",
+ "pgpsignature",
+ "message"
+ ]
+ }
+ }
+}```
diff --git a/docs/attestors/github.json b/docs/attestors/github.json
new file mode 100644
index 00000000..2c21a352
--- /dev/null
+++ b/docs/attestors/github.json
@@ -0,0 +1,551 @@
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/Attestor",
+ "$defs": {
+ "Attestor": {
+ "properties": {
+ "jwt": {
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/Attestor",
+ "$defs": {
+ "Attestor": {
+ "properties": {
+ "claims": {
+ "type": "object"
+ },
+ "verifiedBy": {
+ "$ref": "#/$defs/VerificationInfo"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "claims"
+ ]
+ },
+ "AttributeTypeAndValue": {
+ "properties": {
+ "Type": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "Value": true
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Type",
+ "Value"
+ ]
+ },
+ "Certificate": {
+ "properties": {
+ "Raw": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawTBSCertificate": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawSubjectPublicKeyInfo": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawSubject": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawIssuer": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "Signature": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "SignatureAlgorithm": {
+ "type": "integer"
+ },
+ "PublicKeyAlgorithm": {
+ "type": "integer"
+ },
+ "PublicKey": true,
+ "Version": {
+ "type": "integer"
+ },
+ "SerialNumber": {
+ "$ref": "#/$defs/Int"
+ },
+ "Issuer": {
+ "$ref": "#/$defs/Name"
+ },
+ "Subject": {
+ "$ref": "#/$defs/Name"
+ },
+ "NotBefore": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "NotAfter": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "KeyUsage": {
+ "type": "integer"
+ },
+ "Extensions": {
+ "items": {
+ "$ref": "#/$defs/Extension"
+ },
+ "type": "array"
+ },
+ "ExtraExtensions": {
+ "items": {
+ "$ref": "#/$defs/Extension"
+ },
+ "type": "array"
+ },
+ "UnhandledCriticalExtensions": {
+ "items": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "type": "array"
+ },
+ "ExtKeyUsage": {
+ "items": {
+ "type": "integer"
+ },
+ "type": "array"
+ },
+ "UnknownExtKeyUsage": {
+ "items": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "type": "array"
+ },
+ "BasicConstraintsValid": {
+ "type": "boolean"
+ },
+ "IsCA": {
+ "type": "boolean"
+ },
+ "MaxPathLen": {
+ "type": "integer"
+ },
+ "MaxPathLenZero": {
+ "type": "boolean"
+ },
+ "SubjectKeyId": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "AuthorityKeyId": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "OCSPServer": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "IssuingCertificateURL": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "DNSNames": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "EmailAddresses": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "IPAddresses": {
+ "items": {
+ "type": "string",
+ "format": "ipv4"
+ },
+ "type": "array"
+ },
+ "URIs": {
+ "items": {
+ "type": "string",
+ "format": "uri"
+ },
+ "type": "array"
+ },
+ "PermittedDNSDomainsCritical": {
+ "type": "boolean"
+ },
+ "PermittedDNSDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "ExcludedDNSDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PermittedIPRanges": {
+ "items": {
+ "$ref": "#/$defs/IPNet"
+ },
+ "type": "array"
+ },
+ "ExcludedIPRanges": {
+ "items": {
+ "$ref": "#/$defs/IPNet"
+ },
+ "type": "array"
+ },
+ "PermittedEmailAddresses": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "ExcludedEmailAddresses": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PermittedURIDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "ExcludedURIDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "CRLDistributionPoints": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PolicyIdentifiers": {
+ "items": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "type": "array"
+ },
+ "Policies": {
+ "items": {
+ "$ref": "#/$defs/OID"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Raw",
+ "RawTBSCertificate",
+ "RawSubjectPublicKeyInfo",
+ "RawSubject",
+ "RawIssuer",
+ "Signature",
+ "SignatureAlgorithm",
+ "PublicKeyAlgorithm",
+ "PublicKey",
+ "Version",
+ "SerialNumber",
+ "Issuer",
+ "Subject",
+ "NotBefore",
+ "NotAfter",
+ "KeyUsage",
+ "Extensions",
+ "ExtraExtensions",
+ "UnhandledCriticalExtensions",
+ "ExtKeyUsage",
+ "UnknownExtKeyUsage",
+ "BasicConstraintsValid",
+ "IsCA",
+ "MaxPathLen",
+ "MaxPathLenZero",
+ "SubjectKeyId",
+ "AuthorityKeyId",
+ "OCSPServer",
+ "IssuingCertificateURL",
+ "DNSNames",
+ "EmailAddresses",
+ "IPAddresses",
+ "URIs",
+ "PermittedDNSDomainsCritical",
+ "PermittedDNSDomains",
+ "ExcludedDNSDomains",
+ "PermittedIPRanges",
+ "ExcludedIPRanges",
+ "PermittedEmailAddresses",
+ "ExcludedEmailAddresses",
+ "PermittedURIDomains",
+ "ExcludedURIDomains",
+ "CRLDistributionPoints",
+ "PolicyIdentifiers",
+ "Policies"
+ ]
+ },
+ "Extension": {
+ "properties": {
+ "Id": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "Critical": {
+ "type": "boolean"
+ },
+ "Value": {
+ "type": "string",
+ "contentEncoding": "base64"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Id",
+ "Critical",
+ "Value"
+ ]
+ },
+ "IPMask": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "IPNet": {
+ "properties": {
+ "IP": {
+ "type": "string",
+ "format": "ipv4"
+ },
+ "Mask": {
+ "$ref": "#/$defs/IPMask"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "IP",
+ "Mask"
+ ]
+ },
+ "Int": {
+ "properties": {},
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "JSONWebKey": {
+ "properties": {
+ "Key": true,
+ "KeyID": {
+ "type": "string"
+ },
+ "Algorithm": {
+ "type": "string"
+ },
+ "Use": {
+ "type": "string"
+ },
+ "Certificates": {
+ "items": {
+ "$ref": "#/$defs/Certificate"
+ },
+ "type": "array"
+ },
+ "CertificatesURL": {
+ "type": "string",
+ "format": "uri"
+ },
+ "CertificateThumbprintSHA1": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "CertificateThumbprintSHA256": {
+ "type": "string",
+ "contentEncoding": "base64"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Key",
+ "KeyID",
+ "Algorithm",
+ "Use",
+ "Certificates",
+ "CertificatesURL",
+ "CertificateThumbprintSHA1",
+ "CertificateThumbprintSHA256"
+ ]
+ },
+ "Name": {
+ "properties": {
+ "Country": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "Organization": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "OrganizationalUnit": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "Locality": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "Province": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "StreetAddress": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PostalCode": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "SerialNumber": {
+ "type": "string"
+ },
+ "CommonName": {
+ "type": "string"
+ },
+ "Names": {
+ "items": {
+ "$ref": "#/$defs/AttributeTypeAndValue"
+ },
+ "type": "array"
+ },
+ "ExtraNames": {
+ "items": {
+ "$ref": "#/$defs/AttributeTypeAndValue"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Country",
+ "Organization",
+ "OrganizationalUnit",
+ "Locality",
+ "Province",
+ "StreetAddress",
+ "PostalCode",
+ "SerialNumber",
+ "CommonName",
+ "Names",
+ "ExtraNames"
+ ]
+ },
+ "OID": {
+ "properties": {},
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "ObjectIdentifier": {
+ "items": {
+ "type": "integer"
+ },
+ "type": "array"
+ },
+ "VerificationInfo": {
+ "properties": {
+ "jwksUrl": {
+ "type": "string"
+ },
+ "jwk": {
+ "$ref": "#/$defs/JSONWebKey"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "jwksUrl",
+ "jwk"
+ ]
+ }
+ }
+ },
+ "ciconfigpath": {
+ "type": "string"
+ },
+ "pipelineid": {
+ "type": "string"
+ },
+ "pipelinename": {
+ "type": "string"
+ },
+ "pipelineurl": {
+ "type": "string"
+ },
+ "projecturl": {
+ "type": "string"
+ },
+ "runnerid": {
+ "type": "string"
+ },
+ "cihost": {
+ "type": "string"
+ },
+ "ciserverurl": {
+ "type": "string"
+ },
+ "runnerarch": {
+ "type": "string"
+ },
+ "runneros": {
+ "type": "string"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "ciconfigpath",
+ "pipelineid",
+ "pipelinename",
+ "pipelineurl",
+ "projecturl",
+ "runnerid",
+ "cihost",
+ "ciserverurl",
+ "runnerarch",
+ "runneros"
+ ]
+ }
+ }
+}
+
\ No newline at end of file
diff --git a/docs/attestors/github.md b/docs/attestors/github.md
new file mode 100644
index 00000000..1da80a3b
--- /dev/null
+++ b/docs/attestors/github.md
@@ -0,0 +1,563 @@
+# Github Attestor
+
+The [Github](https://github.com/about) Attestor records information about the [GitHub Actions](https://docs.github.com/en/actions) workflow execution in which Witness was run. Witness verifies the JWT ([JSON Web Token](https://en.wikipedia.org/wiki/JSON_Web_Token)) provided by the token service (configured with the `ACTIONS_ID_TOKEN_REQUEST_URL` environment variable) against the Github's JWKS ([JSON Web Key Set](https://auth0.com/docs/secure/tokens/json-web-tokens/json-web-key-sets)) to ensure authenticity at execution time.
+
+## Subjects
+
+| Subject | Description |
+| ------- | ----------- |
+| `pipelineurl` | URL of the CI/CD pipeline to which this job belonged |
+| `projecturl` | URL of the project that owns the CI/CD pipeline and job |
+
+## Schema
+```json
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/Attestor",
+ "$defs": {
+ "Attestor": {
+ "properties": {
+ "jwt": {
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/Attestor",
+ "$defs": {
+ "Attestor": {
+ "properties": {
+ "claims": {
+ "type": "object"
+ },
+ "verifiedBy": {
+ "$ref": "#/$defs/VerificationInfo"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "claims"
+ ]
+ },
+ "AttributeTypeAndValue": {
+ "properties": {
+ "Type": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "Value": true
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Type",
+ "Value"
+ ]
+ },
+ "Certificate": {
+ "properties": {
+ "Raw": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawTBSCertificate": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawSubjectPublicKeyInfo": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawSubject": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawIssuer": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "Signature": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "SignatureAlgorithm": {
+ "type": "integer"
+ },
+ "PublicKeyAlgorithm": {
+ "type": "integer"
+ },
+ "PublicKey": true,
+ "Version": {
+ "type": "integer"
+ },
+ "SerialNumber": {
+ "$ref": "#/$defs/Int"
+ },
+ "Issuer": {
+ "$ref": "#/$defs/Name"
+ },
+ "Subject": {
+ "$ref": "#/$defs/Name"
+ },
+ "NotBefore": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "NotAfter": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "KeyUsage": {
+ "type": "integer"
+ },
+ "Extensions": {
+ "items": {
+ "$ref": "#/$defs/Extension"
+ },
+ "type": "array"
+ },
+ "ExtraExtensions": {
+ "items": {
+ "$ref": "#/$defs/Extension"
+ },
+ "type": "array"
+ },
+ "UnhandledCriticalExtensions": {
+ "items": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "type": "array"
+ },
+ "ExtKeyUsage": {
+ "items": {
+ "type": "integer"
+ },
+ "type": "array"
+ },
+ "UnknownExtKeyUsage": {
+ "items": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "type": "array"
+ },
+ "BasicConstraintsValid": {
+ "type": "boolean"
+ },
+ "IsCA": {
+ "type": "boolean"
+ },
+ "MaxPathLen": {
+ "type": "integer"
+ },
+ "MaxPathLenZero": {
+ "type": "boolean"
+ },
+ "SubjectKeyId": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "AuthorityKeyId": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "OCSPServer": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "IssuingCertificateURL": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "DNSNames": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "EmailAddresses": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "IPAddresses": {
+ "items": {
+ "type": "string",
+ "format": "ipv4"
+ },
+ "type": "array"
+ },
+ "URIs": {
+ "items": {
+ "type": "string",
+ "format": "uri"
+ },
+ "type": "array"
+ },
+ "PermittedDNSDomainsCritical": {
+ "type": "boolean"
+ },
+ "PermittedDNSDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "ExcludedDNSDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PermittedIPRanges": {
+ "items": {
+ "$ref": "#/$defs/IPNet"
+ },
+ "type": "array"
+ },
+ "ExcludedIPRanges": {
+ "items": {
+ "$ref": "#/$defs/IPNet"
+ },
+ "type": "array"
+ },
+ "PermittedEmailAddresses": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "ExcludedEmailAddresses": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PermittedURIDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "ExcludedURIDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "CRLDistributionPoints": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PolicyIdentifiers": {
+ "items": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "type": "array"
+ },
+ "Policies": {
+ "items": {
+ "$ref": "#/$defs/OID"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Raw",
+ "RawTBSCertificate",
+ "RawSubjectPublicKeyInfo",
+ "RawSubject",
+ "RawIssuer",
+ "Signature",
+ "SignatureAlgorithm",
+ "PublicKeyAlgorithm",
+ "PublicKey",
+ "Version",
+ "SerialNumber",
+ "Issuer",
+ "Subject",
+ "NotBefore",
+ "NotAfter",
+ "KeyUsage",
+ "Extensions",
+ "ExtraExtensions",
+ "UnhandledCriticalExtensions",
+ "ExtKeyUsage",
+ "UnknownExtKeyUsage",
+ "BasicConstraintsValid",
+ "IsCA",
+ "MaxPathLen",
+ "MaxPathLenZero",
+ "SubjectKeyId",
+ "AuthorityKeyId",
+ "OCSPServer",
+ "IssuingCertificateURL",
+ "DNSNames",
+ "EmailAddresses",
+ "IPAddresses",
+ "URIs",
+ "PermittedDNSDomainsCritical",
+ "PermittedDNSDomains",
+ "ExcludedDNSDomains",
+ "PermittedIPRanges",
+ "ExcludedIPRanges",
+ "PermittedEmailAddresses",
+ "ExcludedEmailAddresses",
+ "PermittedURIDomains",
+ "ExcludedURIDomains",
+ "CRLDistributionPoints",
+ "PolicyIdentifiers",
+ "Policies"
+ ]
+ },
+ "Extension": {
+ "properties": {
+ "Id": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "Critical": {
+ "type": "boolean"
+ },
+ "Value": {
+ "type": "string",
+ "contentEncoding": "base64"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Id",
+ "Critical",
+ "Value"
+ ]
+ },
+ "IPMask": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "IPNet": {
+ "properties": {
+ "IP": {
+ "type": "string",
+ "format": "ipv4"
+ },
+ "Mask": {
+ "$ref": "#/$defs/IPMask"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "IP",
+ "Mask"
+ ]
+ },
+ "Int": {
+ "properties": {},
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "JSONWebKey": {
+ "properties": {
+ "Key": true,
+ "KeyID": {
+ "type": "string"
+ },
+ "Algorithm": {
+ "type": "string"
+ },
+ "Use": {
+ "type": "string"
+ },
+ "Certificates": {
+ "items": {
+ "$ref": "#/$defs/Certificate"
+ },
+ "type": "array"
+ },
+ "CertificatesURL": {
+ "type": "string",
+ "format": "uri"
+ },
+ "CertificateThumbprintSHA1": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "CertificateThumbprintSHA256": {
+ "type": "string",
+ "contentEncoding": "base64"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Key",
+ "KeyID",
+ "Algorithm",
+ "Use",
+ "Certificates",
+ "CertificatesURL",
+ "CertificateThumbprintSHA1",
+ "CertificateThumbprintSHA256"
+ ]
+ },
+ "Name": {
+ "properties": {
+ "Country": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "Organization": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "OrganizationalUnit": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "Locality": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "Province": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "StreetAddress": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PostalCode": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "SerialNumber": {
+ "type": "string"
+ },
+ "CommonName": {
+ "type": "string"
+ },
+ "Names": {
+ "items": {
+ "$ref": "#/$defs/AttributeTypeAndValue"
+ },
+ "type": "array"
+ },
+ "ExtraNames": {
+ "items": {
+ "$ref": "#/$defs/AttributeTypeAndValue"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Country",
+ "Organization",
+ "OrganizationalUnit",
+ "Locality",
+ "Province",
+ "StreetAddress",
+ "PostalCode",
+ "SerialNumber",
+ "CommonName",
+ "Names",
+ "ExtraNames"
+ ]
+ },
+ "OID": {
+ "properties": {},
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "ObjectIdentifier": {
+ "items": {
+ "type": "integer"
+ },
+ "type": "array"
+ },
+ "VerificationInfo": {
+ "properties": {
+ "jwksUrl": {
+ "type": "string"
+ },
+ "jwk": {
+ "$ref": "#/$defs/JSONWebKey"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "jwksUrl",
+ "jwk"
+ ]
+ }
+ }
+ },
+ "ciconfigpath": {
+ "type": "string"
+ },
+ "pipelineid": {
+ "type": "string"
+ },
+ "pipelinename": {
+ "type": "string"
+ },
+ "pipelineurl": {
+ "type": "string"
+ },
+ "projecturl": {
+ "type": "string"
+ },
+ "runnerid": {
+ "type": "string"
+ },
+ "cihost": {
+ "type": "string"
+ },
+ "ciserverurl": {
+ "type": "string"
+ },
+ "runnerarch": {
+ "type": "string"
+ },
+ "runneros": {
+ "type": "string"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "ciconfigpath",
+ "pipelineid",
+ "pipelinename",
+ "pipelineurl",
+ "projecturl",
+ "runnerid",
+ "cihost",
+ "ciserverurl",
+ "runnerarch",
+ "runneros"
+ ]
+ }
+ }
+}```
diff --git a/docs/attestors/gitlab.json b/docs/attestors/gitlab.json
new file mode 100644
index 00000000..373bb3c4
--- /dev/null
+++ b/docs/attestors/gitlab.json
@@ -0,0 +1,563 @@
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/Attestor",
+ "$defs": {
+ "Attestor": {
+ "properties": {
+ "jwt": {
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/Attestor",
+ "$defs": {
+ "Attestor": {
+ "properties": {
+ "claims": {
+ "type": "object"
+ },
+ "verifiedBy": {
+ "$ref": "#/$defs/VerificationInfo"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "claims"
+ ]
+ },
+ "AttributeTypeAndValue": {
+ "properties": {
+ "Type": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "Value": true
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Type",
+ "Value"
+ ]
+ },
+ "Certificate": {
+ "properties": {
+ "Raw": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawTBSCertificate": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawSubjectPublicKeyInfo": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawSubject": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawIssuer": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "Signature": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "SignatureAlgorithm": {
+ "type": "integer"
+ },
+ "PublicKeyAlgorithm": {
+ "type": "integer"
+ },
+ "PublicKey": true,
+ "Version": {
+ "type": "integer"
+ },
+ "SerialNumber": {
+ "$ref": "#/$defs/Int"
+ },
+ "Issuer": {
+ "$ref": "#/$defs/Name"
+ },
+ "Subject": {
+ "$ref": "#/$defs/Name"
+ },
+ "NotBefore": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "NotAfter": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "KeyUsage": {
+ "type": "integer"
+ },
+ "Extensions": {
+ "items": {
+ "$ref": "#/$defs/Extension"
+ },
+ "type": "array"
+ },
+ "ExtraExtensions": {
+ "items": {
+ "$ref": "#/$defs/Extension"
+ },
+ "type": "array"
+ },
+ "UnhandledCriticalExtensions": {
+ "items": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "type": "array"
+ },
+ "ExtKeyUsage": {
+ "items": {
+ "type": "integer"
+ },
+ "type": "array"
+ },
+ "UnknownExtKeyUsage": {
+ "items": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "type": "array"
+ },
+ "BasicConstraintsValid": {
+ "type": "boolean"
+ },
+ "IsCA": {
+ "type": "boolean"
+ },
+ "MaxPathLen": {
+ "type": "integer"
+ },
+ "MaxPathLenZero": {
+ "type": "boolean"
+ },
+ "SubjectKeyId": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "AuthorityKeyId": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "OCSPServer": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "IssuingCertificateURL": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "DNSNames": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "EmailAddresses": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "IPAddresses": {
+ "items": {
+ "type": "string",
+ "format": "ipv4"
+ },
+ "type": "array"
+ },
+ "URIs": {
+ "items": {
+ "type": "string",
+ "format": "uri"
+ },
+ "type": "array"
+ },
+ "PermittedDNSDomainsCritical": {
+ "type": "boolean"
+ },
+ "PermittedDNSDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "ExcludedDNSDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PermittedIPRanges": {
+ "items": {
+ "$ref": "#/$defs/IPNet"
+ },
+ "type": "array"
+ },
+ "ExcludedIPRanges": {
+ "items": {
+ "$ref": "#/$defs/IPNet"
+ },
+ "type": "array"
+ },
+ "PermittedEmailAddresses": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "ExcludedEmailAddresses": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PermittedURIDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "ExcludedURIDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "CRLDistributionPoints": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PolicyIdentifiers": {
+ "items": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "type": "array"
+ },
+ "Policies": {
+ "items": {
+ "$ref": "#/$defs/OID"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Raw",
+ "RawTBSCertificate",
+ "RawSubjectPublicKeyInfo",
+ "RawSubject",
+ "RawIssuer",
+ "Signature",
+ "SignatureAlgorithm",
+ "PublicKeyAlgorithm",
+ "PublicKey",
+ "Version",
+ "SerialNumber",
+ "Issuer",
+ "Subject",
+ "NotBefore",
+ "NotAfter",
+ "KeyUsage",
+ "Extensions",
+ "ExtraExtensions",
+ "UnhandledCriticalExtensions",
+ "ExtKeyUsage",
+ "UnknownExtKeyUsage",
+ "BasicConstraintsValid",
+ "IsCA",
+ "MaxPathLen",
+ "MaxPathLenZero",
+ "SubjectKeyId",
+ "AuthorityKeyId",
+ "OCSPServer",
+ "IssuingCertificateURL",
+ "DNSNames",
+ "EmailAddresses",
+ "IPAddresses",
+ "URIs",
+ "PermittedDNSDomainsCritical",
+ "PermittedDNSDomains",
+ "ExcludedDNSDomains",
+ "PermittedIPRanges",
+ "ExcludedIPRanges",
+ "PermittedEmailAddresses",
+ "ExcludedEmailAddresses",
+ "PermittedURIDomains",
+ "ExcludedURIDomains",
+ "CRLDistributionPoints",
+ "PolicyIdentifiers",
+ "Policies"
+ ]
+ },
+ "Extension": {
+ "properties": {
+ "Id": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "Critical": {
+ "type": "boolean"
+ },
+ "Value": {
+ "type": "string",
+ "contentEncoding": "base64"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Id",
+ "Critical",
+ "Value"
+ ]
+ },
+ "IPMask": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "IPNet": {
+ "properties": {
+ "IP": {
+ "type": "string",
+ "format": "ipv4"
+ },
+ "Mask": {
+ "$ref": "#/$defs/IPMask"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "IP",
+ "Mask"
+ ]
+ },
+ "Int": {
+ "properties": {},
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "JSONWebKey": {
+ "properties": {
+ "Key": true,
+ "KeyID": {
+ "type": "string"
+ },
+ "Algorithm": {
+ "type": "string"
+ },
+ "Use": {
+ "type": "string"
+ },
+ "Certificates": {
+ "items": {
+ "$ref": "#/$defs/Certificate"
+ },
+ "type": "array"
+ },
+ "CertificatesURL": {
+ "type": "string",
+ "format": "uri"
+ },
+ "CertificateThumbprintSHA1": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "CertificateThumbprintSHA256": {
+ "type": "string",
+ "contentEncoding": "base64"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Key",
+ "KeyID",
+ "Algorithm",
+ "Use",
+ "Certificates",
+ "CertificatesURL",
+ "CertificateThumbprintSHA1",
+ "CertificateThumbprintSHA256"
+ ]
+ },
+ "Name": {
+ "properties": {
+ "Country": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "Organization": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "OrganizationalUnit": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "Locality": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "Province": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "StreetAddress": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PostalCode": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "SerialNumber": {
+ "type": "string"
+ },
+ "CommonName": {
+ "type": "string"
+ },
+ "Names": {
+ "items": {
+ "$ref": "#/$defs/AttributeTypeAndValue"
+ },
+ "type": "array"
+ },
+ "ExtraNames": {
+ "items": {
+ "$ref": "#/$defs/AttributeTypeAndValue"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Country",
+ "Organization",
+ "OrganizationalUnit",
+ "Locality",
+ "Province",
+ "StreetAddress",
+ "PostalCode",
+ "SerialNumber",
+ "CommonName",
+ "Names",
+ "ExtraNames"
+ ]
+ },
+ "OID": {
+ "properties": {},
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "ObjectIdentifier": {
+ "items": {
+ "type": "integer"
+ },
+ "type": "array"
+ },
+ "VerificationInfo": {
+ "properties": {
+ "jwksUrl": {
+ "type": "string"
+ },
+ "jwk": {
+ "$ref": "#/$defs/JSONWebKey"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "jwksUrl",
+ "jwk"
+ ]
+ }
+ }
+ },
+ "ciconfigpath": {
+ "type": "string"
+ },
+ "jobid": {
+ "type": "string"
+ },
+ "jobimage": {
+ "type": "string"
+ },
+ "jobname": {
+ "type": "string"
+ },
+ "jobstage": {
+ "type": "string"
+ },
+ "joburl": {
+ "type": "string"
+ },
+ "pipelineid": {
+ "type": "string"
+ },
+ "pipelineurl": {
+ "type": "string"
+ },
+ "projectid": {
+ "type": "string"
+ },
+ "projecturl": {
+ "type": "string"
+ },
+ "runnerid": {
+ "type": "string"
+ },
+ "cihost": {
+ "type": "string"
+ },
+ "ciserverurl": {
+ "type": "string"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "ciconfigpath",
+ "jobid",
+ "jobimage",
+ "jobname",
+ "jobstage",
+ "joburl",
+ "pipelineid",
+ "pipelineurl",
+ "projectid",
+ "projecturl",
+ "runnerid",
+ "cihost",
+ "ciserverurl"
+ ]
+ }
+ }
+}
+
\ No newline at end of file
diff --git a/docs/attestors/gitlab.md b/docs/attestors/gitlab.md
index a183cc25..f6c289e7 100644
--- a/docs/attestors/gitlab.md
+++ b/docs/attestors/gitlab.md
@@ -11,3 +11,568 @@ instance's JWKS ([JSON Web Key Set](https://auth0.com/docs/secure/tokens/json-we
| `pipelineurl` | URL of the CI/CD pipeline to which this job belonged |
| `joburl` | URL of the CI/CD job that this attestor describes |
| `projecturl` | URL of the project that owns the CI/CD pipeline and job |
+
+## Schema
+```json
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/Attestor",
+ "$defs": {
+ "Attestor": {
+ "properties": {
+ "jwt": {
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/Attestor",
+ "$defs": {
+ "Attestor": {
+ "properties": {
+ "claims": {
+ "type": "object"
+ },
+ "verifiedBy": {
+ "$ref": "#/$defs/VerificationInfo"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "claims"
+ ]
+ },
+ "AttributeTypeAndValue": {
+ "properties": {
+ "Type": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "Value": true
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Type",
+ "Value"
+ ]
+ },
+ "Certificate": {
+ "properties": {
+ "Raw": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawTBSCertificate": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawSubjectPublicKeyInfo": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawSubject": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawIssuer": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "Signature": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "SignatureAlgorithm": {
+ "type": "integer"
+ },
+ "PublicKeyAlgorithm": {
+ "type": "integer"
+ },
+ "PublicKey": true,
+ "Version": {
+ "type": "integer"
+ },
+ "SerialNumber": {
+ "$ref": "#/$defs/Int"
+ },
+ "Issuer": {
+ "$ref": "#/$defs/Name"
+ },
+ "Subject": {
+ "$ref": "#/$defs/Name"
+ },
+ "NotBefore": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "NotAfter": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "KeyUsage": {
+ "type": "integer"
+ },
+ "Extensions": {
+ "items": {
+ "$ref": "#/$defs/Extension"
+ },
+ "type": "array"
+ },
+ "ExtraExtensions": {
+ "items": {
+ "$ref": "#/$defs/Extension"
+ },
+ "type": "array"
+ },
+ "UnhandledCriticalExtensions": {
+ "items": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "type": "array"
+ },
+ "ExtKeyUsage": {
+ "items": {
+ "type": "integer"
+ },
+ "type": "array"
+ },
+ "UnknownExtKeyUsage": {
+ "items": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "type": "array"
+ },
+ "BasicConstraintsValid": {
+ "type": "boolean"
+ },
+ "IsCA": {
+ "type": "boolean"
+ },
+ "MaxPathLen": {
+ "type": "integer"
+ },
+ "MaxPathLenZero": {
+ "type": "boolean"
+ },
+ "SubjectKeyId": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "AuthorityKeyId": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "OCSPServer": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "IssuingCertificateURL": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "DNSNames": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "EmailAddresses": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "IPAddresses": {
+ "items": {
+ "type": "string",
+ "format": "ipv4"
+ },
+ "type": "array"
+ },
+ "URIs": {
+ "items": {
+ "type": "string",
+ "format": "uri"
+ },
+ "type": "array"
+ },
+ "PermittedDNSDomainsCritical": {
+ "type": "boolean"
+ },
+ "PermittedDNSDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "ExcludedDNSDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PermittedIPRanges": {
+ "items": {
+ "$ref": "#/$defs/IPNet"
+ },
+ "type": "array"
+ },
+ "ExcludedIPRanges": {
+ "items": {
+ "$ref": "#/$defs/IPNet"
+ },
+ "type": "array"
+ },
+ "PermittedEmailAddresses": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "ExcludedEmailAddresses": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PermittedURIDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "ExcludedURIDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "CRLDistributionPoints": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PolicyIdentifiers": {
+ "items": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "type": "array"
+ },
+ "Policies": {
+ "items": {
+ "$ref": "#/$defs/OID"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Raw",
+ "RawTBSCertificate",
+ "RawSubjectPublicKeyInfo",
+ "RawSubject",
+ "RawIssuer",
+ "Signature",
+ "SignatureAlgorithm",
+ "PublicKeyAlgorithm",
+ "PublicKey",
+ "Version",
+ "SerialNumber",
+ "Issuer",
+ "Subject",
+ "NotBefore",
+ "NotAfter",
+ "KeyUsage",
+ "Extensions",
+ "ExtraExtensions",
+ "UnhandledCriticalExtensions",
+ "ExtKeyUsage",
+ "UnknownExtKeyUsage",
+ "BasicConstraintsValid",
+ "IsCA",
+ "MaxPathLen",
+ "MaxPathLenZero",
+ "SubjectKeyId",
+ "AuthorityKeyId",
+ "OCSPServer",
+ "IssuingCertificateURL",
+ "DNSNames",
+ "EmailAddresses",
+ "IPAddresses",
+ "URIs",
+ "PermittedDNSDomainsCritical",
+ "PermittedDNSDomains",
+ "ExcludedDNSDomains",
+ "PermittedIPRanges",
+ "ExcludedIPRanges",
+ "PermittedEmailAddresses",
+ "ExcludedEmailAddresses",
+ "PermittedURIDomains",
+ "ExcludedURIDomains",
+ "CRLDistributionPoints",
+ "PolicyIdentifiers",
+ "Policies"
+ ]
+ },
+ "Extension": {
+ "properties": {
+ "Id": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "Critical": {
+ "type": "boolean"
+ },
+ "Value": {
+ "type": "string",
+ "contentEncoding": "base64"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Id",
+ "Critical",
+ "Value"
+ ]
+ },
+ "IPMask": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "IPNet": {
+ "properties": {
+ "IP": {
+ "type": "string",
+ "format": "ipv4"
+ },
+ "Mask": {
+ "$ref": "#/$defs/IPMask"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "IP",
+ "Mask"
+ ]
+ },
+ "Int": {
+ "properties": {},
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "JSONWebKey": {
+ "properties": {
+ "Key": true,
+ "KeyID": {
+ "type": "string"
+ },
+ "Algorithm": {
+ "type": "string"
+ },
+ "Use": {
+ "type": "string"
+ },
+ "Certificates": {
+ "items": {
+ "$ref": "#/$defs/Certificate"
+ },
+ "type": "array"
+ },
+ "CertificatesURL": {
+ "type": "string",
+ "format": "uri"
+ },
+ "CertificateThumbprintSHA1": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "CertificateThumbprintSHA256": {
+ "type": "string",
+ "contentEncoding": "base64"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Key",
+ "KeyID",
+ "Algorithm",
+ "Use",
+ "Certificates",
+ "CertificatesURL",
+ "CertificateThumbprintSHA1",
+ "CertificateThumbprintSHA256"
+ ]
+ },
+ "Name": {
+ "properties": {
+ "Country": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "Organization": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "OrganizationalUnit": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "Locality": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "Province": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "StreetAddress": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PostalCode": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "SerialNumber": {
+ "type": "string"
+ },
+ "CommonName": {
+ "type": "string"
+ },
+ "Names": {
+ "items": {
+ "$ref": "#/$defs/AttributeTypeAndValue"
+ },
+ "type": "array"
+ },
+ "ExtraNames": {
+ "items": {
+ "$ref": "#/$defs/AttributeTypeAndValue"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Country",
+ "Organization",
+ "OrganizationalUnit",
+ "Locality",
+ "Province",
+ "StreetAddress",
+ "PostalCode",
+ "SerialNumber",
+ "CommonName",
+ "Names",
+ "ExtraNames"
+ ]
+ },
+ "OID": {
+ "properties": {},
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "ObjectIdentifier": {
+ "items": {
+ "type": "integer"
+ },
+ "type": "array"
+ },
+ "VerificationInfo": {
+ "properties": {
+ "jwksUrl": {
+ "type": "string"
+ },
+ "jwk": {
+ "$ref": "#/$defs/JSONWebKey"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "jwksUrl",
+ "jwk"
+ ]
+ }
+ }
+ },
+ "ciconfigpath": {
+ "type": "string"
+ },
+ "jobid": {
+ "type": "string"
+ },
+ "jobimage": {
+ "type": "string"
+ },
+ "jobname": {
+ "type": "string"
+ },
+ "jobstage": {
+ "type": "string"
+ },
+ "joburl": {
+ "type": "string"
+ },
+ "pipelineid": {
+ "type": "string"
+ },
+ "pipelineurl": {
+ "type": "string"
+ },
+ "projectid": {
+ "type": "string"
+ },
+ "projecturl": {
+ "type": "string"
+ },
+ "runnerid": {
+ "type": "string"
+ },
+ "cihost": {
+ "type": "string"
+ },
+ "ciserverurl": {
+ "type": "string"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "ciconfigpath",
+ "jobid",
+ "jobimage",
+ "jobname",
+ "jobstage",
+ "joburl",
+ "pipelineid",
+ "pipelineurl",
+ "projectid",
+ "projecturl",
+ "runnerid",
+ "cihost",
+ "ciserverurl"
+ ]
+ }
+ }
+}```
diff --git a/docs/attestors/json.jsx b/docs/attestors/json.jsx
new file mode 100644
index 00000000..d08d7592
--- /dev/null
+++ b/docs/attestors/json.jsx
@@ -0,0 +1,24 @@
+import React, { useState, useEffect } from 'react';
+
+const JSONRenderer = ({ url }) => {
+ const [jsonData, setJsonData] = useState(null);
+
+ useEffect(() => {
+ fetch(url)
+ .then(response => response.json())
+ .then(data => setJsonData(data))
+ .catch(error => console.error('Error fetching JSON:', error));
+ }, [url]);
+
+ if (!jsonData) {
+ return Loading JSON data...
;
+ }
+
+ return (
+
+ {JSON.stringify(jsonData, null, 2)}
+
+ );
+};
+
+export default JSONRenderer;
diff --git a/docs/attestors/jwt.json b/docs/attestors/jwt.json
new file mode 100644
index 00000000..0f8a9e79
--- /dev/null
+++ b/docs/attestors/jwt.json
@@ -0,0 +1,497 @@
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/Attestor",
+ "$defs": {
+ "Attestor": {
+ "properties": {
+ "claims": {
+ "type": "object"
+ },
+ "verifiedBy": {
+ "$ref": "#/$defs/VerificationInfo"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "claims"
+ ]
+ },
+ "AttributeTypeAndValue": {
+ "properties": {
+ "Type": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "Value": true
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Type",
+ "Value"
+ ]
+ },
+ "Certificate": {
+ "properties": {
+ "Raw": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawTBSCertificate": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawSubjectPublicKeyInfo": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawSubject": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawIssuer": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "Signature": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "SignatureAlgorithm": {
+ "type": "integer"
+ },
+ "PublicKeyAlgorithm": {
+ "type": "integer"
+ },
+ "PublicKey": true,
+ "Version": {
+ "type": "integer"
+ },
+ "SerialNumber": {
+ "$ref": "#/$defs/Int"
+ },
+ "Issuer": {
+ "$ref": "#/$defs/Name"
+ },
+ "Subject": {
+ "$ref": "#/$defs/Name"
+ },
+ "NotBefore": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "NotAfter": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "KeyUsage": {
+ "type": "integer"
+ },
+ "Extensions": {
+ "items": {
+ "$ref": "#/$defs/Extension"
+ },
+ "type": "array"
+ },
+ "ExtraExtensions": {
+ "items": {
+ "$ref": "#/$defs/Extension"
+ },
+ "type": "array"
+ },
+ "UnhandledCriticalExtensions": {
+ "items": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "type": "array"
+ },
+ "ExtKeyUsage": {
+ "items": {
+ "type": "integer"
+ },
+ "type": "array"
+ },
+ "UnknownExtKeyUsage": {
+ "items": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "type": "array"
+ },
+ "BasicConstraintsValid": {
+ "type": "boolean"
+ },
+ "IsCA": {
+ "type": "boolean"
+ },
+ "MaxPathLen": {
+ "type": "integer"
+ },
+ "MaxPathLenZero": {
+ "type": "boolean"
+ },
+ "SubjectKeyId": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "AuthorityKeyId": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "OCSPServer": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "IssuingCertificateURL": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "DNSNames": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "EmailAddresses": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "IPAddresses": {
+ "items": {
+ "type": "string",
+ "format": "ipv4"
+ },
+ "type": "array"
+ },
+ "URIs": {
+ "items": {
+ "type": "string",
+ "format": "uri"
+ },
+ "type": "array"
+ },
+ "PermittedDNSDomainsCritical": {
+ "type": "boolean"
+ },
+ "PermittedDNSDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "ExcludedDNSDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PermittedIPRanges": {
+ "items": {
+ "$ref": "#/$defs/IPNet"
+ },
+ "type": "array"
+ },
+ "ExcludedIPRanges": {
+ "items": {
+ "$ref": "#/$defs/IPNet"
+ },
+ "type": "array"
+ },
+ "PermittedEmailAddresses": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "ExcludedEmailAddresses": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PermittedURIDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "ExcludedURIDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "CRLDistributionPoints": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PolicyIdentifiers": {
+ "items": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "type": "array"
+ },
+ "Policies": {
+ "items": {
+ "$ref": "#/$defs/OID"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Raw",
+ "RawTBSCertificate",
+ "RawSubjectPublicKeyInfo",
+ "RawSubject",
+ "RawIssuer",
+ "Signature",
+ "SignatureAlgorithm",
+ "PublicKeyAlgorithm",
+ "PublicKey",
+ "Version",
+ "SerialNumber",
+ "Issuer",
+ "Subject",
+ "NotBefore",
+ "NotAfter",
+ "KeyUsage",
+ "Extensions",
+ "ExtraExtensions",
+ "UnhandledCriticalExtensions",
+ "ExtKeyUsage",
+ "UnknownExtKeyUsage",
+ "BasicConstraintsValid",
+ "IsCA",
+ "MaxPathLen",
+ "MaxPathLenZero",
+ "SubjectKeyId",
+ "AuthorityKeyId",
+ "OCSPServer",
+ "IssuingCertificateURL",
+ "DNSNames",
+ "EmailAddresses",
+ "IPAddresses",
+ "URIs",
+ "PermittedDNSDomainsCritical",
+ "PermittedDNSDomains",
+ "ExcludedDNSDomains",
+ "PermittedIPRanges",
+ "ExcludedIPRanges",
+ "PermittedEmailAddresses",
+ "ExcludedEmailAddresses",
+ "PermittedURIDomains",
+ "ExcludedURIDomains",
+ "CRLDistributionPoints",
+ "PolicyIdentifiers",
+ "Policies"
+ ]
+ },
+ "Extension": {
+ "properties": {
+ "Id": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "Critical": {
+ "type": "boolean"
+ },
+ "Value": {
+ "type": "string",
+ "contentEncoding": "base64"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Id",
+ "Critical",
+ "Value"
+ ]
+ },
+ "IPMask": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "IPNet": {
+ "properties": {
+ "IP": {
+ "type": "string",
+ "format": "ipv4"
+ },
+ "Mask": {
+ "$ref": "#/$defs/IPMask"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "IP",
+ "Mask"
+ ]
+ },
+ "Int": {
+ "properties": {},
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "JSONWebKey": {
+ "properties": {
+ "Key": true,
+ "KeyID": {
+ "type": "string"
+ },
+ "Algorithm": {
+ "type": "string"
+ },
+ "Use": {
+ "type": "string"
+ },
+ "Certificates": {
+ "items": {
+ "$ref": "#/$defs/Certificate"
+ },
+ "type": "array"
+ },
+ "CertificatesURL": {
+ "type": "string",
+ "format": "uri"
+ },
+ "CertificateThumbprintSHA1": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "CertificateThumbprintSHA256": {
+ "type": "string",
+ "contentEncoding": "base64"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Key",
+ "KeyID",
+ "Algorithm",
+ "Use",
+ "Certificates",
+ "CertificatesURL",
+ "CertificateThumbprintSHA1",
+ "CertificateThumbprintSHA256"
+ ]
+ },
+ "Name": {
+ "properties": {
+ "Country": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "Organization": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "OrganizationalUnit": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "Locality": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "Province": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "StreetAddress": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PostalCode": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "SerialNumber": {
+ "type": "string"
+ },
+ "CommonName": {
+ "type": "string"
+ },
+ "Names": {
+ "items": {
+ "$ref": "#/$defs/AttributeTypeAndValue"
+ },
+ "type": "array"
+ },
+ "ExtraNames": {
+ "items": {
+ "$ref": "#/$defs/AttributeTypeAndValue"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Country",
+ "Organization",
+ "OrganizationalUnit",
+ "Locality",
+ "Province",
+ "StreetAddress",
+ "PostalCode",
+ "SerialNumber",
+ "CommonName",
+ "Names",
+ "ExtraNames"
+ ]
+ },
+ "OID": {
+ "properties": {},
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "ObjectIdentifier": {
+ "items": {
+ "type": "integer"
+ },
+ "type": "array"
+ },
+ "VerificationInfo": {
+ "properties": {
+ "jwksUrl": {
+ "type": "string"
+ },
+ "jwk": {
+ "$ref": "#/$defs/JSONWebKey"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "jwksUrl",
+ "jwk"
+ ]
+ }
+ }
+}
+
\ No newline at end of file
diff --git a/docs/attestors/jwt.md b/docs/attestors/jwt.md
index 992ae9f3..c14e0604 100644
--- a/docs/attestors/jwt.md
+++ b/docs/attestors/jwt.md
@@ -2,3 +2,502 @@
The JWT ([JSON Web Token](https://en.wikipedia.org/wiki/JSON_Web_Token)) Attestor verifies a JWT against a JWKS ([JSON Web Key Set](https://auth0.com/docs/secure/tokens/json-web-tokens/json-web-key-sets)) and records information about the
claims of the JWT. The JWK that was used to verify the JWT is also recorded.
+
+## Schema
+```json
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/Attestor",
+ "$defs": {
+ "Attestor": {
+ "properties": {
+ "claims": {
+ "type": "object"
+ },
+ "verifiedBy": {
+ "$ref": "#/$defs/VerificationInfo"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "claims"
+ ]
+ },
+ "AttributeTypeAndValue": {
+ "properties": {
+ "Type": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "Value": true
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Type",
+ "Value"
+ ]
+ },
+ "Certificate": {
+ "properties": {
+ "Raw": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawTBSCertificate": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawSubjectPublicKeyInfo": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawSubject": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "RawIssuer": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "Signature": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "SignatureAlgorithm": {
+ "type": "integer"
+ },
+ "PublicKeyAlgorithm": {
+ "type": "integer"
+ },
+ "PublicKey": true,
+ "Version": {
+ "type": "integer"
+ },
+ "SerialNumber": {
+ "$ref": "#/$defs/Int"
+ },
+ "Issuer": {
+ "$ref": "#/$defs/Name"
+ },
+ "Subject": {
+ "$ref": "#/$defs/Name"
+ },
+ "NotBefore": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "NotAfter": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "KeyUsage": {
+ "type": "integer"
+ },
+ "Extensions": {
+ "items": {
+ "$ref": "#/$defs/Extension"
+ },
+ "type": "array"
+ },
+ "ExtraExtensions": {
+ "items": {
+ "$ref": "#/$defs/Extension"
+ },
+ "type": "array"
+ },
+ "UnhandledCriticalExtensions": {
+ "items": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "type": "array"
+ },
+ "ExtKeyUsage": {
+ "items": {
+ "type": "integer"
+ },
+ "type": "array"
+ },
+ "UnknownExtKeyUsage": {
+ "items": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "type": "array"
+ },
+ "BasicConstraintsValid": {
+ "type": "boolean"
+ },
+ "IsCA": {
+ "type": "boolean"
+ },
+ "MaxPathLen": {
+ "type": "integer"
+ },
+ "MaxPathLenZero": {
+ "type": "boolean"
+ },
+ "SubjectKeyId": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "AuthorityKeyId": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "OCSPServer": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "IssuingCertificateURL": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "DNSNames": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "EmailAddresses": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "IPAddresses": {
+ "items": {
+ "type": "string",
+ "format": "ipv4"
+ },
+ "type": "array"
+ },
+ "URIs": {
+ "items": {
+ "type": "string",
+ "format": "uri"
+ },
+ "type": "array"
+ },
+ "PermittedDNSDomainsCritical": {
+ "type": "boolean"
+ },
+ "PermittedDNSDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "ExcludedDNSDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PermittedIPRanges": {
+ "items": {
+ "$ref": "#/$defs/IPNet"
+ },
+ "type": "array"
+ },
+ "ExcludedIPRanges": {
+ "items": {
+ "$ref": "#/$defs/IPNet"
+ },
+ "type": "array"
+ },
+ "PermittedEmailAddresses": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "ExcludedEmailAddresses": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PermittedURIDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "ExcludedURIDomains": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "CRLDistributionPoints": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PolicyIdentifiers": {
+ "items": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "type": "array"
+ },
+ "Policies": {
+ "items": {
+ "$ref": "#/$defs/OID"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Raw",
+ "RawTBSCertificate",
+ "RawSubjectPublicKeyInfo",
+ "RawSubject",
+ "RawIssuer",
+ "Signature",
+ "SignatureAlgorithm",
+ "PublicKeyAlgorithm",
+ "PublicKey",
+ "Version",
+ "SerialNumber",
+ "Issuer",
+ "Subject",
+ "NotBefore",
+ "NotAfter",
+ "KeyUsage",
+ "Extensions",
+ "ExtraExtensions",
+ "UnhandledCriticalExtensions",
+ "ExtKeyUsage",
+ "UnknownExtKeyUsage",
+ "BasicConstraintsValid",
+ "IsCA",
+ "MaxPathLen",
+ "MaxPathLenZero",
+ "SubjectKeyId",
+ "AuthorityKeyId",
+ "OCSPServer",
+ "IssuingCertificateURL",
+ "DNSNames",
+ "EmailAddresses",
+ "IPAddresses",
+ "URIs",
+ "PermittedDNSDomainsCritical",
+ "PermittedDNSDomains",
+ "ExcludedDNSDomains",
+ "PermittedIPRanges",
+ "ExcludedIPRanges",
+ "PermittedEmailAddresses",
+ "ExcludedEmailAddresses",
+ "PermittedURIDomains",
+ "ExcludedURIDomains",
+ "CRLDistributionPoints",
+ "PolicyIdentifiers",
+ "Policies"
+ ]
+ },
+ "Extension": {
+ "properties": {
+ "Id": {
+ "$ref": "#/$defs/ObjectIdentifier"
+ },
+ "Critical": {
+ "type": "boolean"
+ },
+ "Value": {
+ "type": "string",
+ "contentEncoding": "base64"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Id",
+ "Critical",
+ "Value"
+ ]
+ },
+ "IPMask": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "IPNet": {
+ "properties": {
+ "IP": {
+ "type": "string",
+ "format": "ipv4"
+ },
+ "Mask": {
+ "$ref": "#/$defs/IPMask"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "IP",
+ "Mask"
+ ]
+ },
+ "Int": {
+ "properties": {},
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "JSONWebKey": {
+ "properties": {
+ "Key": true,
+ "KeyID": {
+ "type": "string"
+ },
+ "Algorithm": {
+ "type": "string"
+ },
+ "Use": {
+ "type": "string"
+ },
+ "Certificates": {
+ "items": {
+ "$ref": "#/$defs/Certificate"
+ },
+ "type": "array"
+ },
+ "CertificatesURL": {
+ "type": "string",
+ "format": "uri"
+ },
+ "CertificateThumbprintSHA1": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "CertificateThumbprintSHA256": {
+ "type": "string",
+ "contentEncoding": "base64"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Key",
+ "KeyID",
+ "Algorithm",
+ "Use",
+ "Certificates",
+ "CertificatesURL",
+ "CertificateThumbprintSHA1",
+ "CertificateThumbprintSHA256"
+ ]
+ },
+ "Name": {
+ "properties": {
+ "Country": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "Organization": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "OrganizationalUnit": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "Locality": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "Province": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "StreetAddress": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "PostalCode": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "SerialNumber": {
+ "type": "string"
+ },
+ "CommonName": {
+ "type": "string"
+ },
+ "Names": {
+ "items": {
+ "$ref": "#/$defs/AttributeTypeAndValue"
+ },
+ "type": "array"
+ },
+ "ExtraNames": {
+ "items": {
+ "$ref": "#/$defs/AttributeTypeAndValue"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Country",
+ "Organization",
+ "OrganizationalUnit",
+ "Locality",
+ "Province",
+ "StreetAddress",
+ "PostalCode",
+ "SerialNumber",
+ "CommonName",
+ "Names",
+ "ExtraNames"
+ ]
+ },
+ "OID": {
+ "properties": {},
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "ObjectIdentifier": {
+ "items": {
+ "type": "integer"
+ },
+ "type": "array"
+ },
+ "VerificationInfo": {
+ "properties": {
+ "jwksUrl": {
+ "type": "string"
+ },
+ "jwk": {
+ "$ref": "#/$defs/JSONWebKey"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "jwksUrl",
+ "jwk"
+ ]
+ }
+ }
+}```
diff --git a/docs/attestors/link.json b/docs/attestors/link.json
new file mode 100644
index 00000000..2279bd21
--- /dev/null
+++ b/docs/attestors/link.json
@@ -0,0 +1,88 @@
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$id": "https://github.com/in-toto/attestation/go/predicates/link/v0/link",
+ "$ref": "#/$defs/Link",
+ "$defs": {
+ "Link": {
+ "properties": {
+ "name": {
+ "type": "string"
+ },
+ "command": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "materials": {
+ "items": {
+ "$ref": "#/$defs/ResourceDescriptor"
+ },
+ "type": "array"
+ },
+ "byproducts": {
+ "$ref": "#/$defs/Struct"
+ },
+ "environment": {
+ "$ref": "#/$defs/Struct"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "ResourceDescriptor": {
+ "properties": {
+ "name": {
+ "type": "string"
+ },
+ "uri": {
+ "type": "string"
+ },
+ "digest": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object"
+ },
+ "content": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "download_location": {
+ "type": "string"
+ },
+ "media_type": {
+ "type": "string"
+ },
+ "annotations": {
+ "$ref": "#/$defs/Struct"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Struct": {
+ "properties": {
+ "fields": {
+ "additionalProperties": {
+ "$ref": "#/$defs/Value"
+ },
+ "type": "object"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Value": {
+ "properties": {
+ "Kind": true
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Kind"
+ ]
+ }
+ }
+}
+
\ No newline at end of file
diff --git a/docs/attestors/link.md b/docs/attestors/link.md
new file mode 100644
index 00000000..9ed13e23
--- /dev/null
+++ b/docs/attestors/link.md
@@ -0,0 +1,93 @@
+# Link Attestor
+
+The Link Attestor generates an [in-toto Link attestation](https://in-toto.readthedocs.io/en/latest/in-toto-spec.html#link) for the step that it is invoked on.
+
+## Schema
+```json
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$id": "https://github.com/in-toto/attestation/go/predicates/link/v0/link",
+ "$ref": "#/$defs/Link",
+ "$defs": {
+ "Link": {
+ "properties": {
+ "name": {
+ "type": "string"
+ },
+ "command": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "materials": {
+ "items": {
+ "$ref": "#/$defs/ResourceDescriptor"
+ },
+ "type": "array"
+ },
+ "byproducts": {
+ "$ref": "#/$defs/Struct"
+ },
+ "environment": {
+ "$ref": "#/$defs/Struct"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "ResourceDescriptor": {
+ "properties": {
+ "name": {
+ "type": "string"
+ },
+ "uri": {
+ "type": "string"
+ },
+ "digest": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object"
+ },
+ "content": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "download_location": {
+ "type": "string"
+ },
+ "media_type": {
+ "type": "string"
+ },
+ "annotations": {
+ "$ref": "#/$defs/Struct"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Struct": {
+ "properties": {
+ "fields": {
+ "additionalProperties": {
+ "$ref": "#/$defs/Value"
+ },
+ "type": "object"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Value": {
+ "properties": {
+ "Kind": true
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Kind"
+ ]
+ }
+ }
+}```
diff --git a/docs/attestors/material.json b/docs/attestors/material.json
new file mode 100644
index 00000000..5edcff17
--- /dev/null
+++ b/docs/attestors/material.json
@@ -0,0 +1,25 @@
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$defs": {
+ "DigestSet": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object"
+ }
+ },
+ "properties": {
+ "Materials": {
+ "additionalProperties": {
+ "$ref": "#/$defs/DigestSet"
+ },
+ "type": "object"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Materials"
+ ]
+}
+
\ No newline at end of file
diff --git a/docs/attestors/material.md b/docs/attestors/material.md
index bf165a27..be2abddf 100644
--- a/docs/attestors/material.md
+++ b/docs/attestors/material.md
@@ -3,3 +3,30 @@
The Material Attestor records the digests of all files in the working directory of TestifySec Witness
at exection time, but before any command is run. This recording provides information about the state
of all files before any changes are made by a command.
+
+## Schema
+```json
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$defs": {
+ "DigestSet": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object"
+ }
+ },
+ "properties": {
+ "Materials": {
+ "additionalProperties": {
+ "$ref": "#/$defs/DigestSet"
+ },
+ "type": "object"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Materials"
+ ]
+}```
diff --git a/docs/attestors/maven.json b/docs/attestors/maven.json
new file mode 100644
index 00000000..fe041001
--- /dev/null
+++ b/docs/attestors/maven.json
@@ -0,0 +1,62 @@
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/Attestor",
+ "$defs": {
+ "Attestor": {
+ "properties": {
+ "groupid": {
+ "type": "string"
+ },
+ "artifactid": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ },
+ "projectname": {
+ "type": "string"
+ },
+ "dependencies": {
+ "items": {
+ "$ref": "#/$defs/MavenDependency"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "groupid",
+ "artifactid",
+ "version",
+ "projectname",
+ "dependencies"
+ ]
+ },
+ "MavenDependency": {
+ "properties": {
+ "groupid": {
+ "type": "string"
+ },
+ "artifactid": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ },
+ "scope": {
+ "type": "string"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "groupid",
+ "artifactid",
+ "version",
+ "scope"
+ ]
+ }
+ }
+}
+
\ No newline at end of file
diff --git a/docs/attestors/maven.md b/docs/attestors/maven.md
index 1fb48210..43018732 100644
--- a/docs/attestors/maven.md
+++ b/docs/attestors/maven.md
@@ -8,3 +8,67 @@ The [Maven](https://maven.apache.org/) Attestor records project and dependency i
| ------- | ----------- |
| `project:group/artifact@version` | The group, artifact, and version of the project to which the pom.xml belongs |
| `dependency:group/artifact@version` | The group, artifact, and verion of each dependency in the pom.xml |
+
+## Schema
+```json
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/Attestor",
+ "$defs": {
+ "Attestor": {
+ "properties": {
+ "groupid": {
+ "type": "string"
+ },
+ "artifactid": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ },
+ "projectname": {
+ "type": "string"
+ },
+ "dependencies": {
+ "items": {
+ "$ref": "#/$defs/MavenDependency"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "groupid",
+ "artifactid",
+ "version",
+ "projectname",
+ "dependencies"
+ ]
+ },
+ "MavenDependency": {
+ "properties": {
+ "groupid": {
+ "type": "string"
+ },
+ "artifactid": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ },
+ "scope": {
+ "type": "string"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "groupid",
+ "artifactid",
+ "version",
+ "scope"
+ ]
+ }
+ }
+}```
diff --git a/docs/attestors/oci.json b/docs/attestors/oci.json
new file mode 100644
index 00000000..17f56a0b
--- /dev/null
+++ b/docs/attestors/oci.json
@@ -0,0 +1,85 @@
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/Attestor",
+ "$defs": {
+ "Attestor": {
+ "properties": {
+ "tardigest": {
+ "$ref": "#/$defs/DigestSet"
+ },
+ "manifest": {
+ "items": {
+ "$ref": "#/$defs/Manifest"
+ },
+ "type": "array"
+ },
+ "imagetags": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "diffids": {
+ "items": {
+ "$ref": "#/$defs/DigestSet"
+ },
+ "type": "array"
+ },
+ "imageid": {
+ "$ref": "#/$defs/DigestSet"
+ },
+ "manifestraw": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "manifestdigest": {
+ "$ref": "#/$defs/DigestSet"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "tardigest",
+ "manifest",
+ "imagetags",
+ "diffids",
+ "imageid",
+ "manifestraw",
+ "manifestdigest"
+ ]
+ },
+ "DigestSet": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object"
+ },
+ "Manifest": {
+ "properties": {
+ "Config": {
+ "type": "string"
+ },
+ "RepoTags": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "Layers": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Config",
+ "RepoTags",
+ "Layers"
+ ]
+ }
+ }
+}
+
\ No newline at end of file
diff --git a/docs/attestors/oci.md b/docs/attestors/oci.md
index 51898cbf..0c70c096 100644
--- a/docs/attestors/oci.md
+++ b/docs/attestors/oci.md
@@ -11,3 +11,90 @@ attestation.
| `tardigest` | Digest of the tarred image |
| `imageid` | ID of the image |
| `layerdiffid` | Layer diff IDs of the image |
+
+## Schema
+```json
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/Attestor",
+ "$defs": {
+ "Attestor": {
+ "properties": {
+ "tardigest": {
+ "$ref": "#/$defs/DigestSet"
+ },
+ "manifest": {
+ "items": {
+ "$ref": "#/$defs/Manifest"
+ },
+ "type": "array"
+ },
+ "imagetags": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "diffids": {
+ "items": {
+ "$ref": "#/$defs/DigestSet"
+ },
+ "type": "array"
+ },
+ "imageid": {
+ "$ref": "#/$defs/DigestSet"
+ },
+ "manifestraw": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "manifestdigest": {
+ "$ref": "#/$defs/DigestSet"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "tardigest",
+ "manifest",
+ "imagetags",
+ "diffids",
+ "imageid",
+ "manifestraw",
+ "manifestdigest"
+ ]
+ },
+ "DigestSet": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object"
+ },
+ "Manifest": {
+ "properties": {
+ "Config": {
+ "type": "string"
+ },
+ "RepoTags": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "Layers": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Config",
+ "RepoTags",
+ "Layers"
+ ]
+ }
+ }
+}```
diff --git a/docs/attestors/policyverify.json b/docs/attestors/policyverify.json
new file mode 100644
index 00000000..45cdcd35
--- /dev/null
+++ b/docs/attestors/policyverify.json
@@ -0,0 +1,73 @@
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/Attestor",
+ "$defs": {
+ "Attestor": {
+ "properties": {
+ "verifier": {
+ "$ref": "#/$defs/Verifier"
+ },
+ "timeVerified": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "policy": {
+ "$ref": "#/$defs/ResourceDescriptor"
+ },
+ "inputAttestations": {
+ "items": {
+ "$ref": "#/$defs/ResourceDescriptor"
+ },
+ "type": "array"
+ },
+ "verificationResult": {
+ "type": "string"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "verifier",
+ "timeVerified",
+ "policy",
+ "inputAttestations",
+ "verificationResult"
+ ]
+ },
+ "DigestSet": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object"
+ },
+ "ResourceDescriptor": {
+ "properties": {
+ "uri": {
+ "type": "string"
+ },
+ "digest": {
+ "$ref": "#/$defs/DigestSet"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "uri",
+ "digest"
+ ]
+ },
+ "Verifier": {
+ "properties": {
+ "id": {
+ "type": "string"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "id"
+ ]
+ }
+ }
+}
+
\ No newline at end of file
diff --git a/docs/attestors/policyverify.md b/docs/attestors/policyverify.md
new file mode 100644
index 00000000..b22b65f5
--- /dev/null
+++ b/docs/attestors/policyverify.md
@@ -0,0 +1,80 @@
+# Policy Verify (Verification Summary) Attestor
+
+The Policy Verify Attestor generates a [verification summary attestation](https://slsa.dev/spec/v1.0/verification_summary) for `witness verify` invocations, providing information about the verification that took place.
+
+**NOTE:** This attestor cannot be used during `witness run` (e.g., `witness run --attestors policyverify`).
+
+## Schema
+```json
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/Attestor",
+ "$defs": {
+ "Attestor": {
+ "properties": {
+ "verifier": {
+ "$ref": "#/$defs/Verifier"
+ },
+ "timeVerified": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "policy": {
+ "$ref": "#/$defs/ResourceDescriptor"
+ },
+ "inputAttestations": {
+ "items": {
+ "$ref": "#/$defs/ResourceDescriptor"
+ },
+ "type": "array"
+ },
+ "verificationResult": {
+ "type": "string"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "verifier",
+ "timeVerified",
+ "policy",
+ "inputAttestations",
+ "verificationResult"
+ ]
+ },
+ "DigestSet": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object"
+ },
+ "ResourceDescriptor": {
+ "properties": {
+ "uri": {
+ "type": "string"
+ },
+ "digest": {
+ "$ref": "#/$defs/DigestSet"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "uri",
+ "digest"
+ ]
+ },
+ "Verifier": {
+ "properties": {
+ "id": {
+ "type": "string"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "id"
+ ]
+ }
+ }
+}```
diff --git a/docs/attestors/product.json b/docs/attestors/product.json
new file mode 100644
index 00000000..8a3b18f9
--- /dev/null
+++ b/docs/attestors/product.json
@@ -0,0 +1,41 @@
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$defs": {
+ "DigestSet": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object"
+ },
+ "Product": {
+ "properties": {
+ "mime_type": {
+ "type": "string"
+ },
+ "digest": {
+ "$ref": "#/$defs/DigestSet"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "mime_type",
+ "digest"
+ ]
+ }
+ },
+ "properties": {
+ "Products": {
+ "additionalProperties": {
+ "$ref": "#/$defs/Product"
+ },
+ "type": "object"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Products"
+ ]
+}
+
\ No newline at end of file
diff --git a/docs/attestors/product.md b/docs/attestors/product.md
index e3fd59a5..afb4acd2 100644
--- a/docs/attestors/product.md
+++ b/docs/attestors/product.md
@@ -6,3 +6,45 @@ products in the command. Digests and MIME types of any changed or created files
## Subjects
All subjects are reported as subjects.
+## Schema
+```json
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$defs": {
+ "DigestSet": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object"
+ },
+ "Product": {
+ "properties": {
+ "mime_type": {
+ "type": "string"
+ },
+ "digest": {
+ "$ref": "#/$defs/DigestSet"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "mime_type",
+ "digest"
+ ]
+ }
+ },
+ "properties": {
+ "Products": {
+ "additionalProperties": {
+ "$ref": "#/$defs/Product"
+ },
+ "type": "object"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Products"
+ ]
+}```
diff --git a/docs/attestors/sarif.json b/docs/attestors/sarif.json
new file mode 100644
index 00000000..d44409de
--- /dev/null
+++ b/docs/attestors/sarif.json
@@ -0,0 +1,786 @@
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/Attestor",
+ "$defs": {
+ "Address": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "index": {
+ "type": "integer"
+ },
+ "absoluteAddress": {
+ "type": "integer"
+ },
+ "relativeAddress": {
+ "type": "integer"
+ },
+ "offsetFromParent": {
+ "type": "integer"
+ },
+ "length": {
+ "type": "integer"
+ },
+ "name": {
+ "type": "string"
+ },
+ "fullyQualifiedName": {
+ "type": "string"
+ },
+ "kind": {
+ "type": "string"
+ },
+ "parentIndex": {
+ "type": "integer"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Artifact": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "location": {
+ "$ref": "#/$defs/ArtifactLocation"
+ },
+ "parentIndex": {
+ "type": "integer"
+ },
+ "offset": {
+ "type": "integer"
+ },
+ "length": {
+ "type": "integer"
+ },
+ "roles": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "mimeType": {
+ "type": "string"
+ },
+ "contents": {
+ "$ref": "#/$defs/ArtifactContent"
+ },
+ "encoding": {
+ "type": "string"
+ },
+ "sourceLanguage": {
+ "type": "string"
+ },
+ "hashes": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object"
+ },
+ "lastModifiedTimeUtc": {
+ "type": "string"
+ },
+ "description": {
+ "$ref": "#/$defs/Message"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "length"
+ ]
+ },
+ "ArtifactChange": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "artifactLocation": {
+ "$ref": "#/$defs/ArtifactLocation"
+ },
+ "replacements": {
+ "items": {
+ "$ref": "#/$defs/Replacement"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "artifactLocation",
+ "replacements"
+ ]
+ },
+ "ArtifactContent": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "text": {
+ "type": "string"
+ },
+ "binary": {
+ "type": "string"
+ },
+ "rendered": {
+ "$ref": "#/$defs/MultiformatMessageString"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "ArtifactLocation": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "uri": {
+ "type": "string"
+ },
+ "uriBaseId": {
+ "type": "string"
+ },
+ "index": {
+ "type": "integer"
+ },
+ "description": {
+ "$ref": "#/$defs/Message"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Attestor": {
+ "properties": {
+ "report": {
+ "$ref": "#/$defs/Report"
+ },
+ "reportFileName": {
+ "type": "string"
+ },
+ "reportDigestSet": {
+ "$ref": "#/$defs/DigestSet"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "report",
+ "reportFileName",
+ "reportDigestSet"
+ ]
+ },
+ "DigestSet": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object"
+ },
+ "Fix": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "description": {
+ "$ref": "#/$defs/Message"
+ },
+ "artifactChanges": {
+ "items": {
+ "$ref": "#/$defs/ArtifactChange"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "artifactChanges"
+ ]
+ },
+ "Invocation": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "startTimeUtc": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "endTimeUtc": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "executionSuccessful": {
+ "type": "boolean"
+ },
+ "workingDirectory": {
+ "$ref": "#/$defs/ArtifactLocation"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "executionSuccessful"
+ ]
+ },
+ "Location": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "id": {
+ "type": "integer"
+ },
+ "physicalLocation": {
+ "$ref": "#/$defs/PhysicalLocation"
+ },
+ "logicalLocations": {
+ "items": {
+ "$ref": "#/$defs/LogicalLocation"
+ },
+ "type": "array"
+ },
+ "message": {
+ "$ref": "#/$defs/Message"
+ },
+ "annotations": {
+ "items": {
+ "$ref": "#/$defs/Region"
+ },
+ "type": "array"
+ },
+ "relationships": {
+ "items": {
+ "$ref": "#/$defs/LocationRelationship"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "LocationRelationship": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "target": {
+ "type": "integer"
+ },
+ "kinds": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "description": {
+ "$ref": "#/$defs/Message"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "target"
+ ]
+ },
+ "LogicalLocation": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "index": {
+ "type": "integer"
+ },
+ "name": {
+ "type": "string"
+ },
+ "fullyQualifiedName": {
+ "type": "string"
+ },
+ "decoratedName": {
+ "type": "string"
+ },
+ "kind": {
+ "type": "string"
+ },
+ "parentIndex": {
+ "type": "integer"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Message": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "text": {
+ "type": "string"
+ },
+ "markdown": {
+ "type": "string"
+ },
+ "id": {
+ "type": "string"
+ },
+ "arguments": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "MultiformatMessageString": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "text": {
+ "type": "string"
+ },
+ "markdown": {
+ "type": "string"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "PhysicalLocation": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "artifactLocation": {
+ "$ref": "#/$defs/ArtifactLocation"
+ },
+ "region": {
+ "$ref": "#/$defs/Region"
+ },
+ "contextRegion": {
+ "$ref": "#/$defs/Region"
+ },
+ "address": {
+ "$ref": "#/$defs/Address"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Properties": {
+ "type": "object"
+ },
+ "PropertyBag": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Region": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "startLine": {
+ "type": "integer"
+ },
+ "startColumn": {
+ "type": "integer"
+ },
+ "endLine": {
+ "type": "integer"
+ },
+ "endColumn": {
+ "type": "integer"
+ },
+ "charOffset": {
+ "type": "integer"
+ },
+ "charLength": {
+ "type": "integer"
+ },
+ "byteOffset": {
+ "type": "integer"
+ },
+ "byteLength": {
+ "type": "integer"
+ },
+ "snippet": {
+ "$ref": "#/$defs/ArtifactContent"
+ },
+ "message": {
+ "$ref": "#/$defs/Message"
+ },
+ "sourceLanguage": {
+ "type": "string"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Replacement": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "deletedRegion": {
+ "$ref": "#/$defs/Region"
+ },
+ "insertedContent": {
+ "$ref": "#/$defs/ArtifactContent"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "deletedRegion"
+ ]
+ },
+ "Report": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "version": {
+ "type": "string"
+ },
+ "$schema": {
+ "type": "string"
+ },
+ "runs": {
+ "items": {
+ "$ref": "#/$defs/Run"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "version",
+ "$schema",
+ "runs"
+ ]
+ },
+ "ReportingConfiguration": {
+ "properties": {
+ "enabled": {
+ "type": "boolean"
+ },
+ "level": true,
+ "parameters": {
+ "$ref": "#/$defs/PropertyBag"
+ },
+ "properties": {
+ "$ref": "#/$defs/PropertyBag"
+ },
+ "rank": {
+ "type": "number"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "ReportingDescriptor": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "id": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "shortDescription": {
+ "$ref": "#/$defs/MultiformatMessageString"
+ },
+ "fullDescription": {
+ "$ref": "#/$defs/MultiformatMessageString"
+ },
+ "defaultConfiguration": {
+ "$ref": "#/$defs/ReportingConfiguration"
+ },
+ "helpUri": {
+ "type": "string"
+ },
+ "help": {
+ "$ref": "#/$defs/MultiformatMessageString"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "id",
+ "shortDescription"
+ ]
+ },
+ "ReportingDescriptorReference": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "id": {
+ "type": "string"
+ },
+ "index": {
+ "type": "integer"
+ },
+ "guid": {
+ "type": "string"
+ },
+ "toolComponent": {
+ "$ref": "#/$defs/ToolComponentReference"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Result": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "guid": {
+ "type": "string"
+ },
+ "correlationGuid": {
+ "type": "string"
+ },
+ "ruleId": {
+ "type": "string"
+ },
+ "ruleIndex": {
+ "type": "integer"
+ },
+ "rule": {
+ "$ref": "#/$defs/ReportingDescriptorReference"
+ },
+ "taxa": {
+ "items": {
+ "$ref": "#/$defs/ReportingDescriptorReference"
+ },
+ "type": "array"
+ },
+ "kind": {
+ "type": "string"
+ },
+ "level": {
+ "type": "string"
+ },
+ "message": {
+ "$ref": "#/$defs/Message"
+ },
+ "locations": {
+ "items": {
+ "$ref": "#/$defs/Location"
+ },
+ "type": "array"
+ },
+ "analysisTarget": {
+ "$ref": "#/$defs/ArtifactLocation"
+ },
+ "fingerprints": {
+ "type": "object"
+ },
+ "partialFingerprints": {
+ "type": "object"
+ },
+ "relatedLocations": {
+ "items": {
+ "$ref": "#/$defs/Location"
+ },
+ "type": "array"
+ },
+ "suppressions": {
+ "items": {
+ "$ref": "#/$defs/Suppression"
+ },
+ "type": "array"
+ },
+ "baselineState": {
+ "type": "string"
+ },
+ "rank": {
+ "type": "number"
+ },
+ "workItemUris": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "hostedViewerUri": {
+ "type": "string"
+ },
+ "fixes": {
+ "items": {
+ "$ref": "#/$defs/Fix"
+ },
+ "type": "array"
+ },
+ "occurrenceCount": {
+ "type": "integer"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "message"
+ ]
+ },
+ "Run": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "tool": {
+ "$ref": "#/$defs/Tool"
+ },
+ "invocations": {
+ "items": {
+ "$ref": "#/$defs/Invocation"
+ },
+ "type": "array"
+ },
+ "artifacts": {
+ "items": {
+ "$ref": "#/$defs/Artifact"
+ },
+ "type": "array"
+ },
+ "results": {
+ "items": {
+ "$ref": "#/$defs/Result"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "tool",
+ "results"
+ ]
+ },
+ "Suppression": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "kind": {
+ "type": "string"
+ },
+ "status": {
+ "type": "string"
+ },
+ "location": {
+ "$ref": "#/$defs/Location"
+ },
+ "guid": {
+ "type": "string"
+ },
+ "justification": {
+ "type": "string"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "kind",
+ "status",
+ "location",
+ "guid",
+ "justification"
+ ]
+ },
+ "Tool": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "driver": {
+ "$ref": "#/$defs/ToolComponent"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "driver"
+ ]
+ },
+ "ToolComponent": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ },
+ "informationUri": {
+ "type": "string"
+ },
+ "notifications": {
+ "items": {
+ "$ref": "#/$defs/ReportingDescriptor"
+ },
+ "type": "array"
+ },
+ "rules": {
+ "items": {
+ "$ref": "#/$defs/ReportingDescriptor"
+ },
+ "type": "array"
+ },
+ "taxa": {
+ "items": {
+ "$ref": "#/$defs/ReportingDescriptor"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "name",
+ "informationUri"
+ ]
+ },
+ "ToolComponentReference": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "name": {
+ "type": "string"
+ },
+ "index": {
+ "type": "integer"
+ },
+ "guid": {
+ "type": "string"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "name",
+ "index",
+ "guid"
+ ]
+ }
+ }
+}
+
\ No newline at end of file
diff --git a/docs/attestors/sarif.md b/docs/attestors/sarif.md
new file mode 100644
index 00000000..75216656
--- /dev/null
+++ b/docs/attestors/sarif.md
@@ -0,0 +1,791 @@
+# Sarif Attestor
+
+The Sarif attestor records the contents of any [products](./product.md) that are valid [SARIF](https://sarifweb.azurewebsites.net/) files. The SARIF file is parsed and the contents are recorded in the attestation.
+
+## Schema
+```json
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$ref": "#/$defs/Attestor",
+ "$defs": {
+ "Address": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "index": {
+ "type": "integer"
+ },
+ "absoluteAddress": {
+ "type": "integer"
+ },
+ "relativeAddress": {
+ "type": "integer"
+ },
+ "offsetFromParent": {
+ "type": "integer"
+ },
+ "length": {
+ "type": "integer"
+ },
+ "name": {
+ "type": "string"
+ },
+ "fullyQualifiedName": {
+ "type": "string"
+ },
+ "kind": {
+ "type": "string"
+ },
+ "parentIndex": {
+ "type": "integer"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Artifact": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "location": {
+ "$ref": "#/$defs/ArtifactLocation"
+ },
+ "parentIndex": {
+ "type": "integer"
+ },
+ "offset": {
+ "type": "integer"
+ },
+ "length": {
+ "type": "integer"
+ },
+ "roles": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "mimeType": {
+ "type": "string"
+ },
+ "contents": {
+ "$ref": "#/$defs/ArtifactContent"
+ },
+ "encoding": {
+ "type": "string"
+ },
+ "sourceLanguage": {
+ "type": "string"
+ },
+ "hashes": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object"
+ },
+ "lastModifiedTimeUtc": {
+ "type": "string"
+ },
+ "description": {
+ "$ref": "#/$defs/Message"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "length"
+ ]
+ },
+ "ArtifactChange": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "artifactLocation": {
+ "$ref": "#/$defs/ArtifactLocation"
+ },
+ "replacements": {
+ "items": {
+ "$ref": "#/$defs/Replacement"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "artifactLocation",
+ "replacements"
+ ]
+ },
+ "ArtifactContent": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "text": {
+ "type": "string"
+ },
+ "binary": {
+ "type": "string"
+ },
+ "rendered": {
+ "$ref": "#/$defs/MultiformatMessageString"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "ArtifactLocation": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "uri": {
+ "type": "string"
+ },
+ "uriBaseId": {
+ "type": "string"
+ },
+ "index": {
+ "type": "integer"
+ },
+ "description": {
+ "$ref": "#/$defs/Message"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Attestor": {
+ "properties": {
+ "report": {
+ "$ref": "#/$defs/Report"
+ },
+ "reportFileName": {
+ "type": "string"
+ },
+ "reportDigestSet": {
+ "$ref": "#/$defs/DigestSet"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "report",
+ "reportFileName",
+ "reportDigestSet"
+ ]
+ },
+ "DigestSet": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object"
+ },
+ "Fix": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "description": {
+ "$ref": "#/$defs/Message"
+ },
+ "artifactChanges": {
+ "items": {
+ "$ref": "#/$defs/ArtifactChange"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "artifactChanges"
+ ]
+ },
+ "Invocation": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "startTimeUtc": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "endTimeUtc": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "executionSuccessful": {
+ "type": "boolean"
+ },
+ "workingDirectory": {
+ "$ref": "#/$defs/ArtifactLocation"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "executionSuccessful"
+ ]
+ },
+ "Location": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "id": {
+ "type": "integer"
+ },
+ "physicalLocation": {
+ "$ref": "#/$defs/PhysicalLocation"
+ },
+ "logicalLocations": {
+ "items": {
+ "$ref": "#/$defs/LogicalLocation"
+ },
+ "type": "array"
+ },
+ "message": {
+ "$ref": "#/$defs/Message"
+ },
+ "annotations": {
+ "items": {
+ "$ref": "#/$defs/Region"
+ },
+ "type": "array"
+ },
+ "relationships": {
+ "items": {
+ "$ref": "#/$defs/LocationRelationship"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "LocationRelationship": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "target": {
+ "type": "integer"
+ },
+ "kinds": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "description": {
+ "$ref": "#/$defs/Message"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "target"
+ ]
+ },
+ "LogicalLocation": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "index": {
+ "type": "integer"
+ },
+ "name": {
+ "type": "string"
+ },
+ "fullyQualifiedName": {
+ "type": "string"
+ },
+ "decoratedName": {
+ "type": "string"
+ },
+ "kind": {
+ "type": "string"
+ },
+ "parentIndex": {
+ "type": "integer"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Message": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "text": {
+ "type": "string"
+ },
+ "markdown": {
+ "type": "string"
+ },
+ "id": {
+ "type": "string"
+ },
+ "arguments": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "MultiformatMessageString": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "text": {
+ "type": "string"
+ },
+ "markdown": {
+ "type": "string"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "PhysicalLocation": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "artifactLocation": {
+ "$ref": "#/$defs/ArtifactLocation"
+ },
+ "region": {
+ "$ref": "#/$defs/Region"
+ },
+ "contextRegion": {
+ "$ref": "#/$defs/Region"
+ },
+ "address": {
+ "$ref": "#/$defs/Address"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Properties": {
+ "type": "object"
+ },
+ "PropertyBag": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Region": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "startLine": {
+ "type": "integer"
+ },
+ "startColumn": {
+ "type": "integer"
+ },
+ "endLine": {
+ "type": "integer"
+ },
+ "endColumn": {
+ "type": "integer"
+ },
+ "charOffset": {
+ "type": "integer"
+ },
+ "charLength": {
+ "type": "integer"
+ },
+ "byteOffset": {
+ "type": "integer"
+ },
+ "byteLength": {
+ "type": "integer"
+ },
+ "snippet": {
+ "$ref": "#/$defs/ArtifactContent"
+ },
+ "message": {
+ "$ref": "#/$defs/Message"
+ },
+ "sourceLanguage": {
+ "type": "string"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Replacement": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "deletedRegion": {
+ "$ref": "#/$defs/Region"
+ },
+ "insertedContent": {
+ "$ref": "#/$defs/ArtifactContent"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "deletedRegion"
+ ]
+ },
+ "Report": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "version": {
+ "type": "string"
+ },
+ "$schema": {
+ "type": "string"
+ },
+ "runs": {
+ "items": {
+ "$ref": "#/$defs/Run"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "version",
+ "$schema",
+ "runs"
+ ]
+ },
+ "ReportingConfiguration": {
+ "properties": {
+ "enabled": {
+ "type": "boolean"
+ },
+ "level": true,
+ "parameters": {
+ "$ref": "#/$defs/PropertyBag"
+ },
+ "properties": {
+ "$ref": "#/$defs/PropertyBag"
+ },
+ "rank": {
+ "type": "number"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "ReportingDescriptor": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "id": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "shortDescription": {
+ "$ref": "#/$defs/MultiformatMessageString"
+ },
+ "fullDescription": {
+ "$ref": "#/$defs/MultiformatMessageString"
+ },
+ "defaultConfiguration": {
+ "$ref": "#/$defs/ReportingConfiguration"
+ },
+ "helpUri": {
+ "type": "string"
+ },
+ "help": {
+ "$ref": "#/$defs/MultiformatMessageString"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "id",
+ "shortDescription"
+ ]
+ },
+ "ReportingDescriptorReference": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "id": {
+ "type": "string"
+ },
+ "index": {
+ "type": "integer"
+ },
+ "guid": {
+ "type": "string"
+ },
+ "toolComponent": {
+ "$ref": "#/$defs/ToolComponentReference"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Result": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "guid": {
+ "type": "string"
+ },
+ "correlationGuid": {
+ "type": "string"
+ },
+ "ruleId": {
+ "type": "string"
+ },
+ "ruleIndex": {
+ "type": "integer"
+ },
+ "rule": {
+ "$ref": "#/$defs/ReportingDescriptorReference"
+ },
+ "taxa": {
+ "items": {
+ "$ref": "#/$defs/ReportingDescriptorReference"
+ },
+ "type": "array"
+ },
+ "kind": {
+ "type": "string"
+ },
+ "level": {
+ "type": "string"
+ },
+ "message": {
+ "$ref": "#/$defs/Message"
+ },
+ "locations": {
+ "items": {
+ "$ref": "#/$defs/Location"
+ },
+ "type": "array"
+ },
+ "analysisTarget": {
+ "$ref": "#/$defs/ArtifactLocation"
+ },
+ "fingerprints": {
+ "type": "object"
+ },
+ "partialFingerprints": {
+ "type": "object"
+ },
+ "relatedLocations": {
+ "items": {
+ "$ref": "#/$defs/Location"
+ },
+ "type": "array"
+ },
+ "suppressions": {
+ "items": {
+ "$ref": "#/$defs/Suppression"
+ },
+ "type": "array"
+ },
+ "baselineState": {
+ "type": "string"
+ },
+ "rank": {
+ "type": "number"
+ },
+ "workItemUris": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "hostedViewerUri": {
+ "type": "string"
+ },
+ "fixes": {
+ "items": {
+ "$ref": "#/$defs/Fix"
+ },
+ "type": "array"
+ },
+ "occurrenceCount": {
+ "type": "integer"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "message"
+ ]
+ },
+ "Run": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "tool": {
+ "$ref": "#/$defs/Tool"
+ },
+ "invocations": {
+ "items": {
+ "$ref": "#/$defs/Invocation"
+ },
+ "type": "array"
+ },
+ "artifacts": {
+ "items": {
+ "$ref": "#/$defs/Artifact"
+ },
+ "type": "array"
+ },
+ "results": {
+ "items": {
+ "$ref": "#/$defs/Result"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "tool",
+ "results"
+ ]
+ },
+ "Suppression": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "kind": {
+ "type": "string"
+ },
+ "status": {
+ "type": "string"
+ },
+ "location": {
+ "$ref": "#/$defs/Location"
+ },
+ "guid": {
+ "type": "string"
+ },
+ "justification": {
+ "type": "string"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "kind",
+ "status",
+ "location",
+ "guid",
+ "justification"
+ ]
+ },
+ "Tool": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "driver": {
+ "$ref": "#/$defs/ToolComponent"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "driver"
+ ]
+ },
+ "ToolComponent": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ },
+ "informationUri": {
+ "type": "string"
+ },
+ "notifications": {
+ "items": {
+ "$ref": "#/$defs/ReportingDescriptor"
+ },
+ "type": "array"
+ },
+ "rules": {
+ "items": {
+ "$ref": "#/$defs/ReportingDescriptor"
+ },
+ "type": "array"
+ },
+ "taxa": {
+ "items": {
+ "$ref": "#/$defs/ReportingDescriptor"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "name",
+ "informationUri"
+ ]
+ },
+ "ToolComponentReference": {
+ "properties": {
+ "properties": {
+ "$ref": "#/$defs/Properties"
+ },
+ "name": {
+ "type": "string"
+ },
+ "index": {
+ "type": "integer"
+ },
+ "guid": {
+ "type": "string"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "name",
+ "index",
+ "guid"
+ ]
+ }
+ }
+}```
diff --git a/docs/attestors/slsa.json b/docs/attestors/slsa.json
new file mode 100644
index 00000000..f9900612
--- /dev/null
+++ b/docs/attestors/slsa.json
@@ -0,0 +1,160 @@
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$id": "https://github.com/in-toto/attestation/go/predicates/provenance/v1/provenance",
+ "$ref": "#/$defs/Provenance",
+ "$defs": {
+ "BuildDefinition": {
+ "properties": {
+ "build_type": {
+ "type": "string"
+ },
+ "external_parameters": {
+ "$ref": "#/$defs/Struct"
+ },
+ "internal_parameters": {
+ "$ref": "#/$defs/Struct"
+ },
+ "resolved_dependencies": {
+ "items": {
+ "$ref": "#/$defs/ResourceDescriptor"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "BuildMetadata": {
+ "properties": {
+ "invocation_id": {
+ "type": "string"
+ },
+ "started_on": {
+ "$ref": "#/$defs/Timestamp"
+ },
+ "finished_on": {
+ "$ref": "#/$defs/Timestamp"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Builder": {
+ "properties": {
+ "id": {
+ "type": "string"
+ },
+ "version": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object"
+ },
+ "builder_dependencies": {
+ "items": {
+ "$ref": "#/$defs/ResourceDescriptor"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Provenance": {
+ "properties": {
+ "build_definition": {
+ "$ref": "#/$defs/BuildDefinition"
+ },
+ "run_details": {
+ "$ref": "#/$defs/RunDetails"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "ResourceDescriptor": {
+ "properties": {
+ "name": {
+ "type": "string"
+ },
+ "uri": {
+ "type": "string"
+ },
+ "digest": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object"
+ },
+ "content": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "download_location": {
+ "type": "string"
+ },
+ "media_type": {
+ "type": "string"
+ },
+ "annotations": {
+ "$ref": "#/$defs/Struct"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "RunDetails": {
+ "properties": {
+ "builder": {
+ "$ref": "#/$defs/Builder"
+ },
+ "metadata": {
+ "$ref": "#/$defs/BuildMetadata"
+ },
+ "byproducts": {
+ "items": {
+ "$ref": "#/$defs/ResourceDescriptor"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Struct": {
+ "properties": {
+ "fields": {
+ "additionalProperties": {
+ "$ref": "#/$defs/Value"
+ },
+ "type": "object"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Timestamp": {
+ "properties": {
+ "seconds": {
+ "type": "integer"
+ },
+ "nanos": {
+ "type": "integer"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Value": {
+ "properties": {
+ "Kind": true
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Kind"
+ ]
+ }
+ }
+}
+
\ No newline at end of file
diff --git a/docs/attestors/slsa.md b/docs/attestors/slsa.md
new file mode 100644
index 00000000..7e60b36b
--- /dev/null
+++ b/docs/attestors/slsa.md
@@ -0,0 +1,165 @@
+# SLSA Attestor
+
+The SLSA Attestor generates a [SLSA Provenance](https://slsa.dev/spec/v1.0/provenance) attestation for the step that it is invoked on.
+
+## Schema
+```json
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$id": "https://github.com/in-toto/attestation/go/predicates/provenance/v1/provenance",
+ "$ref": "#/$defs/Provenance",
+ "$defs": {
+ "BuildDefinition": {
+ "properties": {
+ "build_type": {
+ "type": "string"
+ },
+ "external_parameters": {
+ "$ref": "#/$defs/Struct"
+ },
+ "internal_parameters": {
+ "$ref": "#/$defs/Struct"
+ },
+ "resolved_dependencies": {
+ "items": {
+ "$ref": "#/$defs/ResourceDescriptor"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "BuildMetadata": {
+ "properties": {
+ "invocation_id": {
+ "type": "string"
+ },
+ "started_on": {
+ "$ref": "#/$defs/Timestamp"
+ },
+ "finished_on": {
+ "$ref": "#/$defs/Timestamp"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Builder": {
+ "properties": {
+ "id": {
+ "type": "string"
+ },
+ "version": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object"
+ },
+ "builder_dependencies": {
+ "items": {
+ "$ref": "#/$defs/ResourceDescriptor"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Provenance": {
+ "properties": {
+ "build_definition": {
+ "$ref": "#/$defs/BuildDefinition"
+ },
+ "run_details": {
+ "$ref": "#/$defs/RunDetails"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "ResourceDescriptor": {
+ "properties": {
+ "name": {
+ "type": "string"
+ },
+ "uri": {
+ "type": "string"
+ },
+ "digest": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object"
+ },
+ "content": {
+ "type": "string",
+ "contentEncoding": "base64"
+ },
+ "download_location": {
+ "type": "string"
+ },
+ "media_type": {
+ "type": "string"
+ },
+ "annotations": {
+ "$ref": "#/$defs/Struct"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "RunDetails": {
+ "properties": {
+ "builder": {
+ "$ref": "#/$defs/Builder"
+ },
+ "metadata": {
+ "$ref": "#/$defs/BuildMetadata"
+ },
+ "byproducts": {
+ "items": {
+ "$ref": "#/$defs/ResourceDescriptor"
+ },
+ "type": "array"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Struct": {
+ "properties": {
+ "fields": {
+ "additionalProperties": {
+ "$ref": "#/$defs/Value"
+ },
+ "type": "object"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Timestamp": {
+ "properties": {
+ "seconds": {
+ "type": "integer"
+ },
+ "nanos": {
+ "type": "integer"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
+ "Value": {
+ "properties": {
+ "Kind": true
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "required": [
+ "Kind"
+ ]
+ }
+ }
+}```
diff --git a/docs/commands.md b/docs/commands.md
index 1f204b8d..c44cbc32 100644
--- a/docs/commands.md
+++ b/docs/commands.md
@@ -4,15 +4,11 @@ This is the reference for the Witness command line tool, generated by [Cobra](ht
## witness attestors
-List all available attestors
+Get information about available attestors
### Synopsis
-Lists all the available attestors in Witness with supporting information
-
-```
-witness attestors [flags]
-```
+Get information about all the available attestors in Witness
### Options
@@ -30,6 +26,8 @@ witness attestors [flags]
### SEE ALSO
* [witness](witness.md) - Collect and verify attestations about your build environments
+* [witness attestors list](witness_attestors_list.md) - List all available attestors
+* [witness attestors schema](witness_attestors_schema.md) - Show the JSON schema of a specific attestor
## witness run
diff --git a/go.mod b/go.mod
index 4af7873b..4beff78e 100644
--- a/go.mod
+++ b/go.mod
@@ -5,7 +5,7 @@ go 1.22.0
toolchain go1.22.2
require (
- github.com/in-toto/go-witness v0.3.2-0.20240509152614-87975b4168e0
+ github.com/in-toto/go-witness v0.3.2-0.20240510181827-f346f85d8c53
github.com/olekukonko/tablewriter v0.0.5
github.com/sirupsen/logrus v1.9.3
github.com/spf13/cobra v1.8.0
@@ -53,7 +53,9 @@ require (
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 // indirect
github.com/aws/smithy-go v1.20.2 // indirect
+ github.com/bahlo/generic-list-go v0.2.0 // indirect
github.com/beorn7/perks v1.0.1 // indirect
+ github.com/buger/jsonparser v1.1.1 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/cloudflare/circl v1.3.7 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect
@@ -89,12 +91,14 @@ require (
github.com/in-toto/archivista v0.4.0 // indirect
github.com/in-toto/attestation v1.0.1 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
+ github.com/invopop/jsonschema v0.12.0 // indirect
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
github.com/jellydator/ttlcache/v3 v3.2.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/kevinburke/ssh_config v1.2.0 // indirect
github.com/letsencrypt/boulder v0.0.0-20240226214708-a97e074b5a3e // indirect
github.com/magiconair/properties v1.8.7 // indirect
+ github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mattn/go-runewidth v0.0.9 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
@@ -126,6 +130,7 @@ require (
github.com/subosito/gotenv v1.6.0 // indirect
github.com/tchap/go-patricia/v2 v2.3.1 // indirect
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
+ github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect
github.com/xanzy/ssh-agent v0.3.3 // indirect
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
diff --git a/go.sum b/go.sum
index 3259eb9f..4421380d 100644
--- a/go.sum
+++ b/go.sum
@@ -64,8 +64,12 @@ github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 h1:cwIxeBttqPN3qkaAjcEcsh8NYr8n
github.com/aws/aws-sdk-go-v2/service/sts v1.28.6/go.mod h1:FZf1/nKNEkHdGGJP/cI2MoIMquumuRK6ol3QQJNDxmw=
github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q=
github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
+github.com/bahlo/generic-list-go v0.2.0 h1:5sz/EEAK+ls5wF+NeqDpk5+iNdMDXrh3z3nPnH1Wvgk=
+github.com/bahlo/generic-list-go v0.2.0/go.mod h1:2KvAjgMlE5NNynlg/5iLrrCCZ2+5xWbdbCW3pNTGyYg=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs=
+github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HVHpXvjfy0Dy7g6fuA=
github.com/bytecodealliance/wasmtime-go/v3 v3.0.2/go.mod h1:RnUjnIXxEJcL6BgCvNyzCCRzZcxCgsZCi+RNlvYor5Q=
@@ -210,10 +214,12 @@ github.com/in-toto/archivista v0.4.0 h1:5g79iqmyXblnnwuD+768lrEbeoE0V5H7URYJFnr0
github.com/in-toto/archivista v0.4.0/go.mod h1:HgqAu7az0Ql0Jf844Paf0Ji5PdUMKxO5JIBh4hOjMs8=
github.com/in-toto/attestation v1.0.1 h1:DgX1XuBkryTpj1Piq8AiMK3CMfEcec3Qv6+Ku+uI3WY=
github.com/in-toto/attestation v1.0.1/go.mod h1:hCR5COCuENh5+VfojEkJnt7caOymbEgvyZdKifD6pOw=
-github.com/in-toto/go-witness v0.3.2-0.20240509152614-87975b4168e0 h1:8HhlzOFtPbF0dwHbR/IkJqMfMJb7U9oeNk+K1NCz4+Y=
-github.com/in-toto/go-witness v0.3.2-0.20240509152614-87975b4168e0/go.mod h1:inBxgdAup1od08yUYWEMdGVOIRy3hnPVRCkKrtBArTg=
+github.com/in-toto/go-witness v0.3.2-0.20240510181827-f346f85d8c53 h1:fzbV4Bs6iwsriN15ju3wbx62TQhp7lYCZ2UdpmfKFS8=
+github.com/in-toto/go-witness v0.3.2-0.20240510181827-f346f85d8c53/go.mod h1:c5GaQylUaNE7qbFXZy8Oc3j8Zou+iGyAaWwqGQzOlS0=
github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/invopop/jsonschema v0.12.0 h1:6ovsNSuvn9wEQVOyc72aycBMVQFKz7cPdMJn10CvzRI=
+github.com/invopop/jsonschema v0.12.0/go.mod h1:ffZ5Km5SWWRAIN6wbDXItl95euhFz2uON45H2qjYt+0=
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
github.com/jellydator/ttlcache/v3 v3.2.0 h1:6lqVJ8X3ZaUwvzENqPAobDsXNExfUJd61u++uW8a3LE=
@@ -224,6 +230,7 @@ github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGw
github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs=
github.com/jmhodges/clock v1.2.0/go.mod h1:qKjhA7x7u/lQpPB1XAqX1b1lCI/w3/fNuYpI/ZjLynI=
+github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
@@ -243,6 +250,8 @@ github.com/letsencrypt/boulder v0.0.0-20240226214708-a97e074b5a3e h1:0YcEneR01Ff
github.com/letsencrypt/boulder v0.0.0-20240226214708-a97e074b5a3e/go.mod h1:qY5wBgmaPwKkhGd2gNWZcoJBe9c76gsHm4OTc/N12+g=
github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
+github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
+github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0=
@@ -350,6 +359,8 @@ github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs=
github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
+github.com/wk8/go-ordered-map/v2 v2.1.8 h1:5h/BUHu93oj4gIdvHHHGsScSTMijfx5PeYkE/fJgbpc=
+github.com/wk8/go-ordered-map/v2 v2.1.8/go.mod h1:5nJHM5DyteebpVlHnWMV0rPz6Zp7+xBAnxjb1X5vnTw=
github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=