From 9710cb8cd0b252e04e417c7e720e6a3b709a1159 Mon Sep 17 00:00:00 2001 From: John Kjell Date: Sat, 15 Jun 2024 14:25:43 -0500 Subject: [PATCH] Add vex attestor to imports and generate schema Signed-off-by: John Kjell --- imports.go | 1 + schemagen/vex.json | 202 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 203 insertions(+) create mode 100644 schemagen/vex.json diff --git a/imports.go b/imports.go index 3edfafc0..c3222730 100644 --- a/imports.go +++ b/imports.go @@ -34,6 +34,7 @@ import ( _ "github.com/in-toto/go-witness/attestation/sarif" _ "github.com/in-toto/go-witness/attestation/sbom" _ "github.com/in-toto/go-witness/attestation/slsa" + _ "github.com/in-toto/go-witness/attestation/vex" // signer providers _ "github.com/in-toto/go-witness/signer/file" diff --git a/schemagen/vex.json b/schemagen/vex.json new file mode 100644 index 00000000..37c81bdb --- /dev/null +++ b/schemagen/vex.json @@ -0,0 +1,202 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "vexDocument": { + "$ref": "#/$defs/VEX" + }, + "reportFileName": { + "type": "string" + }, + "reportDigestSet": { + "$ref": "#/$defs/DigestSet" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "vexDocument" + ] + }, + "DigestSet": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "Product": { + "properties": { + "@id": { + "type": "string" + }, + "hashes": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "identifiers": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "supplier": { + "type": "string" + }, + "subcomponents": { + "items": { + "$ref": "#/$defs/Subcomponent" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Statement": { + "properties": { + "@id": { + "type": "string" + }, + "vulnerability": { + "$ref": "#/$defs/Vulnerability" + }, + "timestamp": { + "type": "string", + "format": "date-time" + }, + "last_updated": { + "type": "string", + "format": "date-time" + }, + "products": { + "items": { + "$ref": "#/$defs/Product" + }, + "type": "array" + }, + "status": { + "type": "string" + }, + "status_notes": { + "type": "string" + }, + "justification": { + "type": "string" + }, + "impact_statement": { + "type": "string" + }, + "action_statement": { + "type": "string" + }, + "action_statement_timestamp": { + "type": "string", + "format": "date-time" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "status" + ] + }, + "Subcomponent": { + "properties": { + "@id": { + "type": "string" + }, + "hashes": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "identifiers": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "supplier": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object" + }, + "VEX": { + "properties": { + "@context": { + "type": "string" + }, + "@id": { + "type": "string" + }, + "author": { + "type": "string" + }, + "role": { + "type": "string" + }, + "timestamp": { + "type": "string", + "format": "date-time" + }, + "last_updated": { + "type": "string", + "format": "date-time" + }, + "version": { + "type": "integer" + }, + "tooling": { + "type": "string" + }, + "supplier": { + "type": "string" + }, + "statements": { + "items": { + "$ref": "#/$defs/Statement" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "@context", + "@id", + "author", + "timestamp", + "version", + "statements" + ] + }, + "Vulnerability": { + "properties": { + "@id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "description": { + "type": "string" + }, + "aliases": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object" + } + } +} \ No newline at end of file