package grafeas.v1beta1.build

Get desktop application:
View/edit binary Protocol Buffers messages

Note holding the version of the provider's builder and the signature of the provenance message in linked BuildDetails.

Used in: Note

• string builder_version = 1

  Version of the builder which produced this Note.

• optional BuildSignature signature = 2

  Signature of the build in Occurrences pointing to the Note containing this `BuilderDetails`.

Message encapsulating the signature of the verified build.

Used in: Build

• string public_key = 1

  Public key of the builder which can be used to verify that the related findings are valid and unchanged. If `key_type` is empty, this defaults to PEM encoded public keys. This field may be empty if `key_id` references an external key. For Cloud Container Builder based signatures, this is a PEM encoded public key. To verify the Cloud Container Builder signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes from `BuildDetails` are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature: `openssl sha256 -verify public.pem -signature signature.bin signed.bin`

• bytes signature = 2

  Signature of the related `BuildProvenance`. In JSON, this is base-64 encoded.

• string key_id = 3

  An ID for the key used to sign. This could be either an Id for the key stored in `public_key` (such as the Id or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).

• BuildSignature.KeyType key_type = 4

  The type of the key, either stored in `public_key` or referenced in `key_id`

Public key formats

Used in: BuildSignature

• KEY_TYPE_UNSPECIFIED = 0

  `KeyType` is not set.

• PGP_ASCII_ARMORED = 1

  `PGP ASCII Armored` public key.

• PKIX_PEM = 2

  `PKIX PEM` public key.

Details of a build occurrence.

Used in: Occurrence

• optional provenance.BuildProvenance provenance = 1

  The actual provenance for the build.

• string provenance_bytes = 2

  Serialized JSON representation of the provenance, used in generating the `BuildSignature` in the corresponding Result. After verifying the signature, `provenance_bytes` can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification. The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes.