Proto commits in in-toto/attestation

These 44 commits are when the Protocol Buffers files have changed:

2025-03-21

Commit:	52e4ea8
Author:	Paul Joseph	2025-03-21 12:46:25 +0530
Committer:	Paul Joseph	2025-03-21 14:40:32 +0530

add slsa provenance predicate v0.1 v0.2 Signed-off-by: Paul Joseph <k.paul.joseph@gmail.com>

The documentation is generated from this commit.

2025-01-23

Commit:	808ca43
Author:	Parth Patel	2025-01-23 08:33:45 -0500
Committer:	GitHub	2025-01-23 08:33:45 -0500

Merge pull request #417 from kpauljoseph/in-toto-v0.2-provenance add slsa provenance predicate v0.2 protobuf

Commit:	6e0b70a
Author:	Parth Patel	2025-01-23 07:59:47 -0500
Committer:	GitHub	2025-01-23 07:59:47 -0500

Merge pull request #434 from puerco/vulnsv02-proto VulnsV2: Add missing invocation to protos and spec

2025-01-21

Commit:	72054e5
Author:	Adolfo García Veytia (Puerco)	2025-01-21 15:41:35 -0600
Committer:	Adolfo García Veytia (Puerco)	2025-01-21 15:43:04 -0600

Fix inconsistencies in vulnsv2 proto vs spec This commit renames the scanner database field (to db) and the scanner_metadata field (to just metadata) to match the vulns02 spec. Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>

2025-01-20

Commit:	4a4ddf5
Author:	Paul Joseph	2024-11-29 15:23:20 +0530
Committer:	Paul Joseph	2025-01-20 14:23:52 +0530

add slsa provenance predicate v0.2 Signed-off-by: Paul Joseph <k.paul.joseph@gmail.com>

2025-01-16

Commit:	abb6190
Author:	Aditya Sirish A Yelgundhalli	2025-01-16 10:58:18 -0500

vsa: Make verifiedLevels field repeated to match spec The specification requires the verifiedLevels field to be a list of string values rather than a single string. Signed-off-by: Aditya Sirish A Yelgundhalli <ayelgundhall@bloomberg.net>

2024-10-19

Commit:	297a7fc
Author:	hectorj2f	2024-10-19 08:18:40 +0200
Committer:	hectorj2f	2024-10-19 08:23:46 +0200

keep v0.1 spec around Signed-off-by: hectorj2f <hector@chainguard.dev>

2024-10-17

Commit:	1e238a8
Author:	hectorj2f	2024-10-17 10:46:36 +0200
Committer:	hectorj2f	2024-10-17 10:54:06 +0200

fix typos Signed-off-by: hectorj2f <hector@chainguard.dev>

2024-10-13

Commit:	bd07c01
Author:	hectorj2f	2024-10-13 22:11:25 +0200

rename to use vulns and avoid ambiguous types Signed-off-by: hectorj2f <hector@chainguard.dev>

Commit:	78d0e86
Author:	hectorj2f	2024-09-26 00:06:33 +0200
Committer:	hectorj2f	2024-10-13 21:48:59 +0200

address reviewer comments Signed-off-by: hectorj2f <hector@chainguard.dev>

Commit:	513ee51
Author:	hectorj2f	2024-08-07 08:42:31 +0200
Committer:	hectorj2f	2024-10-13 21:48:48 +0200

add repeated type to fields Signed-off-by: hectorj2f <hector@chainguard.dev>

Commit:	f09dee4
Author:	hectorj2f	2024-04-08 10:12:26 +0200
Committer:	hectorj2f	2024-10-13 21:48:40 +0200

add protobuf objects for vuln predicate type Signed-off-by: hectorj2f <hector@chainguard.dev>

2024-10-02

Commit:	e8c8774
Author:	Tom Hennen	2024-10-02 13:31:02 -0400
Committer:	GitHub	2024-10-02 13:31:02 -0400

Merge pull request #375 from mdeicas/main Add the reference predicate

2024-09-12

Commit:	1d34f0a
Author:	Ben Turner	2024-09-10 16:40:44 +1000
Committer:	Ben Turner	2024-09-12 14:18:39 +1000

Update link to SLSA framework proto file Update the comment to point to the updated location of the v1.0 provenance proto file in the SLSA framework repository This file was moved to a new location in the repository last month as part of https://github.com/slsa-framework/slsa/pull/939/files#diff-0d74b135d4a3da2b4ed73c88a4566d07e465dd6aee46f46f45e0ffbb7c232128 Signed-off-by: Ben Turner <ben.turner@pobox.com>

2024-08-01

Commit:	d63c878
Author:	Marco Deicas	2024-08-01 19:45:40 +0000
Committer:	Marco Deicas	2024-08-01 20:00:19 +0000

Add reference predicate proto definition Signed-off-by: Marco Deicas <mdeicas@google.com>

2024-02-05

Commit:	3e26e49
Author:	Zach Steindler	2024-02-05 15:13:00 -0500
Committer:	GitHub	2024-02-05 12:13:00 -0800

Add Release Attestation (#319) * Adding proposed release attestation * Make name field explicitly a filename as it would appear on disk * fix typo * Clarify immutability, subject, and purl parsing * Soften registry requirements, add security clarification, and add releaseId * Adding proto definition, clarifying language, adding links, reflowing text * Adjusting spec to use jsonc * Reformat Fields for linter; put version back at v0.1 * Add migration example * fix formatting * fix typos * Clarify UUID generation; add container image example * Update spec/predicates/release.md Signed-off-by: Zach Steindler <steiza@github.com> Co-authored-by: Marcela Melara <marcela.melara@intel.com>

2023-12-12

Commit:	474f261
Author:	Parth Patel	2023-12-12 13:13:19 -0500
Committer:	GitHub	2023-12-12 13:13:19 -0500

create vsa v1 proto and corresponding generated code (#302) Signed-off-by: pxp928 <parth.psu@gmail.com>

2023-07-05

Commit:	2eae997
Author:	Marcela Melara	2023-07-05 16:15:59 -0700
Committer:	Marcela Melara	2023-07-05 16:46:20 -0700

Define annotations field type in ResourceDescriptor proto as Struct Signed-off-by: Marcela Melara <marcela.melara@intel.com>

2023-06-29

Commit:	7aefca3
Author:	Joshua Lock	2023-06-29 17:09:26 +0100
Committer:	GitHub	2023-06-29 17:09:26 +0100

Merge pull request #257 from joshuagl/joshuagl/proto-field-case Use lower_camel_case consistently for fields in protobuf definitions

2023-06-27

Commit:	93687d4
Author:	Joshua Lock	2023-06-27 12:24:20 +0100
Committer:	Joshua Lock	2023-06-27 12:33:10 +0100

fix(proto): fix resource descriptor field names Convert from lowerCamelCase to lower_snake_case. This is the protobuf convention and recommended by the style guide: https://protobuf.dev/programming-guides/style/#message-field-names Signed-off-by: Joshua Lock <joshua.lock@uk.verizon.com>

Commit:	5cebcc8
Author:	Joshua Lock	2023-06-27 12:24:07 +0100
Committer:	Joshua Lock	2023-06-27 12:32:32 +0100

fix(proto): fix statement field names Convert from lowerCamelCase to lower_snake_case. This is the protobuf convention and recommended by the style guide: https://protobuf.dev/programming-guides/style/#message-field-names Signed-off-by: Joshua Lock <joshua.lock@uk.verizon.com>

Commit:	6dcab7f
Author:	Joshua Lock	2023-06-27 12:23:30 +0100
Committer:	Joshua Lock	2023-06-27 12:31:59 +0100

fix(proto): fix VSA field names Convert from lowerCamelCase to lower_snake_case. This is the protobuf convention and recommended by the style guide: https://protobuf.dev/programming-guides/style/#message-field-names Signed-off-by: Joshua Lock <joshua.lock@uk.verizon.com>

2023-06-16

Commit:	a31f523
Author:	Joshua Lock	2023-06-16 17:08:59 +0100

Change annotations fields in ResourceDecriptor from objects to values This change expands support from objects to all JSON values. This allows maximum flexibility for producers and better matches the implicit reading of the spec many, including the SLSA project, had. Fixes: #242 Signed-off-by: Joshua Lock <joshua.lock@uk.verizon.com>

2023-06-05

Commit:	bd8c0c7
Author:	Marcela Melara	2023-06-05 10:36:57 -0700
Committer:	GitHub	2023-06-05 10:36:57 -0700

Merge branch 'main' into add-scai-protos

2023-06-02

Commit:	df58e24
Author:	Marcela Melara	2023-05-12 15:43:55 -0700
Committer:	Marcela Melara	2023-06-02 12:58:52 -0700

Update the SLSA provenance predicate to v1 Signed-off-by: Marcela Melara <marcela.melara@intel.com>

2023-05-30

Commit:	f59e32f
Author:	Marcela Melara	2023-03-27 17:38:46 -0700
Committer:	Marcela Melara	2023-05-30 08:18:06 -0700

Add SCAI protobuf definition Signed-off-by: Marcela Melara <marcela.melara@intel.com>

2023-05-26

Commit:	d6090c0
Author:	Aditya Sirish	2023-05-25 19:49:53 -0400
Committer:	Aditya Sirish	2023-05-26 17:35:06 -0400

Add test result proto Also makes title of the predicate singular Signed-off-by: Aditya Sirish <aditya@saky.in>

2023-05-08

Commit:	f37f9f4
Author:	Aditya Sirish	2023-05-03 16:46:16 -0400
Committer:	Aditya Sirish	2023-05-08 10:41:26 -0400

Use ResourceDescriptor for statement subjects Update proto definitions, docs/validation etc to reflect this change. Signed-off-by: Aditya Sirish <aditya@saky.in>

2023-05-05

Commit:	b68f899
Author:	Aditya Sirish	2022-12-22 13:33:17 -0500
Committer:	Aditya Sirish	2023-05-05 15:41:24 -0400

Define v0.3 of the link predicate Updates materials to use list of ResourceDescriptor objects, introduces a protobuf definition for the link predicate. Also adds predicate field definitions alongside pointer to in-toto specification. Signed-off-by: Aditya Sirish <aditya@saky.in>

2023-04-27

Commit:	9294e52
Author:	Aditya Sirish	2023-04-25 13:02:24 -0400
Committer:	Aditya Sirish	2023-04-27 12:54:57 -0400

Add Java bindings Signed-off-by: Aditya Sirish <aditya@saky.in>

2023-04-26

Commit:	eb548b4
Author:	Aditya Sirish	2023-04-26 15:07:34 -0400

Fix VSA dir structure and package name Signed-off-by: Aditya Sirish <aditya@saky.in>

2023-04-11

Commit:	ca0748f
Author:	Marcela Melara	2023-03-29 10:07:21 -0700
Committer:	Marcela Melara	2023-04-11 14:17:09 -0700

Update documentation; update package directory structure and names Signed-off-by: Marcela Melara <marcela.melara@intel.com> Add versioned subdirectory to vsa predicate proto Signed-off-by: Marcela Melara <marcela.melara@intel.com> Remove minor version from protos directory structure; update go package name Signed-off-by: Marcela Melara <marcela.melara@intel.com> Add disclaimer to documentation about protos stability pre v1.1; add how to Signed-off-by: Marcela Melara <marcela.melara@intel.com> Update directory structure and imports Signed-off-by: Marcela Melara <marcela.melara@intel.com>

Commit:	e9bf2b6
Author:	Marcela Melara	2023-03-28 18:02:57 -0700
Committer:	Marcela Melara	2023-04-11 14:15:44 -0700

Move protos to their own directory for more consistency between bindings packages Signed-off-by: Marcela Melara <marcela.melara@intel.com>

2023-03-21

Commit:	b21f99d
Author:	Tom Hennen	2023-03-21 17:42:19 -0400

Package proto io.intoto -> io.in_toto Signed-off-by: Tom Hennen <tomhennen@google.com>

Commit:	e61b310
Author:	Tom Hennen	2023-03-21 14:21:54 -0400

Proto packages should be io.intoto... Signed-off-by: Tom Hennen <tomhennen@google.com>

2023-03-18

Commit:	e99cc7e
Author:	Tom Hennen	2023-03-18 12:47:31 -0400
Committer:	Tom Hennen	2023-03-18 13:15:27 -0400

Add proto and example for ResourceDescriptor Also updates go protos. We're supposed to create these anytime we update protos. It looks like the vsa one was supposed to move when we put it in a subfolder, but we missed it. Moving it now. Signed-off-by: Tom Hennen <tomhennen@google.com>

2023-03-17

Commit:	16f7176
Author:	Tom Hennen	2023-03-17 17:40:04 -0400
Committer:	Tom Hennen	2023-03-17 17:43:28 -0400

v1.0-draft -> v1.0 refs #130 Signed-off-by: Tom Hennen <tomhennen@google.com>

2023-03-07

Commit:	61d535b
Author:	Tom Hennen	2023-03-07 12:05:07 -0500

Remove .0 from the _type uri Any minor changes should be backwards compatible so there's no need to identify type in the statement and it could actually be harmful. Leaving it as is in docs and such because the text could change with point releases. refs #130 Signed-off-by: Tom Hennen <tomhennen@google.com>

2023-02-14

Commit:	7992d17
Author:	Tom Hennen	2023-02-14 14:15:37 -0500

Add protobuf for Statements and SLSA's VSA (as an example). This includes an example program that uses the protos written in Go, as well as the Go code generated from those protos ([as is standard practice for Go](https://go.dev/doc/articles/go_command#:~:text=and%20then%20check%20those%20generated%20source%20files%20into%20your%20repository)). refs #130 Signed-off-by: Tom Hennen <tomhennen@google.com>

2021-04-20

Commit:	f8ae54a
Author:	Mark Lodato	2021-04-16 22:20:06 -0400
Committer:	Mark Lodato	2021-04-20 10:00:59 -0400

Better document schema; remove proto files.

This commit does not contain any .proto files.

2021-04-12

Commit:	9c61d18
Author:	Mark Lodato	2021-04-12 16:29:42 -0400
Committer:	Mark Lodato	2021-04-12 17:42:44 -0400

Merge branch 'ite-6' of ITE This imports the history of [ITE-6] into the new attestation repo. Commit IDs have changed from the ITE repo because the history only includes ITE-6. Original commit 410d15599f034ce30166c65ef5986e309759b706 maps to the parent commit, efdc8704a3219b6ca7f4cd1f63cb62f2c84a3fae. [ITE-6]: https://github.com/in-toto/ITE/pull/15

2021-04-08

Commit:	3afb80a
Author:	Mark Lodato	2021-04-08 10:07:56 -0400

Refactor Envelope and Statement wording and URI. Most importantly, use "Statement" in the type URI instead of "Attestation".

Commit:	a1da0d9
Author:	Mark Lodato	2021-04-08 09:45:23 -0400
Committer:	Mark Lodato	2021-04-08 09:46:28 -0400

Make subject.name required. This simplifies the model to allow consumers to rely on its existence.

2021-04-06

Commit:	be8fa95
Author:	Mark Lodato	2021-04-06 12:45:57 -0400
Committer:	Mark Lodato	2021-04-06 12:48:26 -0400

Refactor to make layering more distinct. - Reference SLSA. - Split into a distinct `predicateType` + `predicate` based on the SLSA attestation model. - Convert `subject` and `materials` to lists of objects, rather than maps from URI to DigestSet, so that (1) we can more naturally extend with more fields, such as media type, and (2) to allow easier indexing. - Add a proto definition of the Statement layer. - Move the curl example to README (no need for a duplicate YAML file.) - Switch to lowerCamelCase, which is already used by signing-spec.