chore: clean up

Signed-off-by: Nathan Nguyen <nathan.nguyen@oracle.com>
oracle · Jan 8, 2024 · 6795c74 · 6795c74
1 parent d19c841
commit 6795c74
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/src/macaron/vsa/vsa.py b/src/macaron/vsa/vsa.py
@@ -51,20 +51,32 @@ class VsaPredicate(TypedDict):
     https://slsa.dev/spec/v1.0/verification_summary#schema.
     """
 
+    #: Identity of the verifier, as a tool carrying out the verification.
     verifier: Verifier
+
+    #: The timestamp when the verification occurred.
+    #: The field has the type
+    # `Timestamp <https://github.com/in-toto/attestation/blob/main/spec/v1/field_types.md#Timestamp>`_.
     timeVerified: str  # noqa: N815
 
     #: URI that identifies the resource associated with the software component being verified.
+    #: This field has the type
+    #: `ResourceURI <https://github.com/in-toto/attestation/blob/main/spec/v1/field_types.md#ResourceURI>`_.
     #: Currently, this has the same value as the subject of the VSA, i.e. the PURL of
     #: the software component being verified against.
     resourceUri: str  # noqa: N815
 
     #: The policy that the subject software component was verified against.
-    #: The value of this field has the type
+    #: This field has the type
     #: `ResourceDescriptor <https://github.com/in-toto/attestation/blob/main/spec/v1/resource_descriptor.md>`_.
     policy: dict[str, Any]
 
+    #: The verification result.
     verificationResult: VerificationResult  # noqa: N815
+
+    #: According to SLSA, this field "indicates the highest level of each track verified
+    #: for the artifact (and not its dependencies), or ``FAILED`` if policy verification failed".
+    #: We currently leave this list empty.
     verifiedLevels: list  # noqa: N815