diff --git a/scripts/dev_scripts/integration_tests.sh b/scripts/dev_scripts/integration_tests.sh index 8ad4eaf83..e2fd9d789 100755 --- a/scripts/dev_scripts/integration_tests.sh +++ b/scripts/dev_scripts/integration_tests.sh @@ -7,13 +7,14 @@ WORKSPACE=$1 HOMEDIR=$2 RESOURCES=$WORKSPACE/src/macaron/resources -COMPARE_DEPS=$WORKSPACE/tests/dependency_analyzer/compare_dependencies.py -COMPARE_JSON_OUT=$WORKSPACE/tests/e2e/compare_e2e_result.py COMPARE_POLICIES=$WORKSPACE/tests/policy_engine/compare_policy_reports.py COMPARE_VSA=$WORKSPACE/tests/vsa/compare_vsa.py TEST_REPO_FINDER=$WORKSPACE/tests/e2e/repo_finder/repo_finder.py TEST_COMMIT_FINDER=$WORKSPACE/tests/e2e/repo_finder/commit_finder.py +DB=$WORKSPACE/output/macaron.db RUN_MACARON="python -m macaron -o $WORKSPACE/output" +ANALYZE="analyze" +RUN_POLICY="python -m macaron verify-policy" RESULT_CODE=0 UPDATE=0 @@ -24,6 +25,11 @@ if [ $# -eq 3 ] && [ "$3" == "--update" ] ; then COMPARE_VSA="$COMPARE_VSA --update" fi +function run_macaron_clean() { + rm $DB + $RUN_MACARON "$@" +} + function check_or_update_expected_output() { if [ $UPDATE -eq 1 ] ; then # Perform update of expected results. @@ -60,7 +66,6 @@ if [[ "$NO_NPM" == "TRUE" ]]; then fi NO_NPM_TEST=$NO_NPM - function log_fail() { printf "Error: FAILED integration test (line ${BASH_LINENO}) %s\n" $@ RESULT_CODE=1 @@ -83,167 +88,151 @@ echo -e "======================================================================= echo -e "\n----------------------------------------------------------------------------------" echo "micronaut-projects/micronaut-core: Analyzing the PURL when automatic dependency resolution is skipped." echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/purl/maven/micronaut-core/micronaut-core.json -JSON_RESULT=$WORKSPACE/output/reports/maven/io_micronaut/micronaut-core/micronaut-core.json +OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/purl/maven/micronaut-core/micronaut-core.dl DEFAULTS_FILE=$WORKSPACE/tests/e2e/defaults/micronaut-core.ini -$RUN_MACARON -dp $DEFAULTS_FILE analyze -purl pkg:maven/io.micronaut/micronaut-core@4.2.3 --skip-deps || log_fail +run_macaron_clean -dp $DEFAULTS_FILE $ANALYZE -purl pkg:maven/io.micronaut/micronaut-core@4.2.3 --skip-deps || log_fail -check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail if [[ -z "$NO_NPM_TEST" ]]; then echo -e "\n----------------------------------------------------------------------------------" echo "sigstore/mock@0.1.0: Analyzing the PURL when automatic dependency resolution is skipped." echo -e "----------------------------------------------------------------------------------\n" - JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/purl/npm/sigstore/mock/mock.json - JSON_RESULT=$WORKSPACE/output/reports/npm/_sigstore/mock/mock.json - $RUN_MACARON analyze -purl pkg:npm/@sigstore/mock@0.1.0 -rp https://github.com/sigstore/sigstore-js -b main -d ebdcfdfbdfeb9c9aeee6df53674ef230613629f5 --skip-deps || log_fail + OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/purl/npm/sigstore/mock/mock.dl + run_macaron_clean $ANALYZE -purl pkg:npm/@sigstore/mock@0.1.0 -rp https://github.com/sigstore/sigstore-js -b main -d ebdcfdfbdfeb9c9aeee6df53674ef230613629f5 --skip-deps || log_fail - check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail + $RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "semver@7.6.0: Extracting repository URL and commit from provenance while Repo Finder is disabled." echo -e "----------------------------------------------------------------------------------\n" - JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/purl/npm/semver/semver.json - JSON_RESULT=$WORKSPACE/output/reports/npm/semver/semver.json - $RUN_MACARON -dp tests/e2e/defaults/disable_repo_finder.ini analyze -purl pkg:npm/semver@7.6.0 || log_fail + OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/purl/npm/semver/semver.dl + run_macaron_clean -dp tests/e2e/defaults/disable_repo_finder.ini $ANALYZE -purl pkg:npm/semver@7.6.0 || log_fail - check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail + $RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail fi echo -e "\n----------------------------------------------------------------------------------" echo "gitlab.com/tinyMediaManager/tinyMediaManager: Analyzing the repo path and the branch name when automatic dependency resolution is skipped." echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/tinyMediaManager/tinyMediaManager.json -JSON_RESULT=$WORKSPACE/output/reports/gitlab_com/tinyMediaManager/tinyMediaManager/tinyMediaManager.json -$RUN_MACARON analyze -rp https://gitlab.com/tinyMediaManager/tinyMediaManager -b main -d cca6b67a335074eca42136556f0a321f75dc4f48 --skip-deps || log_fail +OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/tinyMediaManager/tinyMediaManager.dl +run_macaron_clean $ANALYZE -rp https://gitlab.com/tinyMediaManager/tinyMediaManager -b main -d cca6b67a335074eca42136556f0a321f75dc4f48 --skip-deps || log_fail -check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "jenkinsci/plot-plugin: Analyzing the repo path, the branch name and the commit digest when automatic dependency resolution is skipped." echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/plot-plugin/plot-plugin.json -JSON_RESULT=$WORKSPACE/output/reports/github_com/jenkinsci/plot-plugin/plot-plugin.json -$RUN_MACARON analyze -rp https://github.com/jenkinsci/plot-plugin -b master -d 55b059187e252b35ac0d6cb52268833ee1bb7380 --skip-deps || log_fail +OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/plot-plugin/plot-plugin.dl +run_macaron_clean $ANALYZE -rp https://github.com/jenkinsci/plot-plugin -b master -d 55b059187e252b35ac0d6cb52268833ee1bb7380 --skip-deps || log_fail -check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "urllib3/urllib3: Analyzing the repo path when automatic dependency resolution is skipped." echo "The CUE expectation file is provided as a single file path." echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/urllib3/urllib3.json -JSON_RESULT=$WORKSPACE/output/reports/github_com/urllib3/urllib3/urllib3.json +OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/urllib3/urllib3.dl EXPECTATION_FILE=$WORKSPACE/tests/slsa_analyzer/provenance/expectations/cue/resources/valid_expectations/urllib3_PASS.cue -$RUN_MACARON analyze -pe $EXPECTATION_FILE -rp https://github.com/urllib3/urllib3/urllib3 -b main -d 87a0ecee6e691fe5ff93cd000c0158deebef763b --skip-deps || log_fail +run_macaron_clean $ANALYZE -pe $EXPECTATION_FILE -rp https://github.com/urllib3/urllib3/urllib3 -b main -d 87a0ecee6e691fe5ff93cd000c0158deebef763b --skip-deps || log_fail -check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "urllib3/urllib3: Analyzing the repo path when automatic dependency resolution is skipped." echo "The CUE expectation file should be found via the directory path." echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/urllib3/urllib3.json -JSON_RESULT=$WORKSPACE/output/reports/github_com/urllib3/urllib3/urllib3.json +OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/urllib3/urllib3.dl EXPECTATION_DIR=$WORKSPACE/tests/slsa_analyzer/provenance/expectations/cue/resources/valid_expectations/ -$RUN_MACARON analyze -pe $EXPECTATION_DIR -rp https://github.com/urllib3/urllib3/urllib3 -b main -d 87a0ecee6e691fe5ff93cd000c0158deebef763b --skip-deps || log_fail +run_macaron_clean $ANALYZE -pe $EXPECTATION_DIR -rp https://github.com/urllib3/urllib3/urllib3 -b main -d 87a0ecee6e691fe5ff93cd000c0158deebef763b --skip-deps || log_fail -check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "timyarkov/multibuild_test: Analyzing the repo path, the branch name and the commit digest" echo "with dependency resolution using cyclonedx Gradle and Maven plugins (defaults)." echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/multibuild_test/multibuild_test.json -JSON_RESULT=$WORKSPACE/output/reports/github_com/timyarkov/multibuild_test/multibuild_test.json +OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/multibuild_test/multibuild_test.dl DEP_EXPECTED=$WORKSPACE/tests/dependency_analyzer/expected_results/cyclonedx_timyarkov_multibuild_test.json DEP_RESULT=$WORKSPACE/output/reports/github_com/timyarkov/multibuild_test/dependencies.json -$RUN_MACARON analyze -rp https://github.com/timyarkov/multibuild_test -b main -d a8b0efe24298bc81f63217aaa84776c3d48976c5 || log_fail +run_macaron_clean $ANALYZE -rp https://github.com/timyarkov/multibuild_test -b main -d a8b0efe24298bc81f63217aaa84776c3d48976c5 || log_fail check_or_update_expected_output $COMPARE_DEPS $DEP_RESULT $DEP_EXPECTED || log_fail -check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail echo "timyarkov/docker_test: Analyzing the repo path, the branch name and the commit digest" echo "when automatic dependency resolution is skipped, for a project using docker as a build tool." echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/docker_test/docker_test.json -JSON_RESULT=$WORKSPACE/output/reports/github_com/timyarkov/docker_test/docker_test.json -$RUN_MACARON analyze -rp https://github.com/timyarkov/docker_test -b main -d 404a51a2f38c4470af6b32e4e00b5318c2d7c0cc --skip-deps || log_fail +OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/docker_test/docker_test.dl +run_macaron_clean $ANALYZE -rp https://github.com/timyarkov/docker_test -b main -d 404a51a2f38c4470af6b32e4e00b5318c2d7c0cc --skip-deps || log_fail -check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "uiv-lib/uiv: Analysing the repo path, the branch name and the commit digest for an npm project," echo "skipping dependency resolution." echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/uiv/uiv.json -JSON_RESULT=$WORKSPACE/output/reports/github_com/uiv-lib/uiv/uiv.json -$RUN_MACARON analyze -rp https://github.com/uiv-lib/uiv -b dev -d 057b25b4db0913edab4cf728c306085e6fc20d49 --skip-deps || log_fail +OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/uiv/uiv.dl +run_macaron_clean $ANALYZE -rp https://github.com/uiv-lib/uiv -b dev -d 057b25b4db0913edab4cf728c306085e6fc20d49 --skip-deps || log_fail -check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "onu-ui/onu-ui: Analysing the repo path, the branch name and the commit digest for a pnpm project," echo "skipping dependency resolution." echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/onu-ui/onu-ui.json -JSON_RESULT=$WORKSPACE/output/reports/github_com/onu-ui/onu-ui/onu-ui.json -$RUN_MACARON analyze -rp https://github.com/onu-ui/onu-ui -b main -d e3f2825c3940002a920d65476116a64684b3d95e --skip-deps || log_fail +OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/onu-ui/onu-ui.dl +run_macaron_clean $ANALYZE -rp https://github.com/onu-ui/onu-ui -b main -d e3f2825c3940002a920d65476116a64684b3d95e --skip-deps || log_fail -check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "facebook/yoga: Analysing the repo path, the branch name and the commit digest for a Yarn classic" echo "project, skipping dependency resolution." echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/yoga/yoga.json -JSON_RESULT=$WORKSPACE/output/reports/github_com/facebook/yoga/yoga.json -$RUN_MACARON analyze -rp https://github.com/facebook/yoga -b main -d f8e2bc0875c145c429d0e865c9b83a40f65b3070 --skip-deps || log_fail +OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/yoga/yoga.dl +run_macaron_clean $ANALYZE -rp https://github.com/facebook/yoga -b main -d f8e2bc0875c145c429d0e865c9b83a40f65b3070 --skip-deps || log_fail -check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "wojtekmaj/react-pdf: Analysing the repo path, the branch name and the commit digest for a Yarn modern" echo "project, skipping dependency resolution." echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/react-pdf/react-pdf.json -JSON_RESULT=$WORKSPACE/output/reports/github_com/wojtekmaj/react-pdf/react-pdf.json -$RUN_MACARON analyze -rp https://github.com/wojtekmaj/react-pdf -b main -d be18436b7be827eb993b2e1e4bd9230dd835a9a3 --skip-deps || log_fail +OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/react-pdf/react-pdf.dl +run_macaron_clean $ANALYZE -rp https://github.com/wojtekmaj/react-pdf -b main -d be18436b7be827eb993b2e1e4bd9230dd835a9a3 --skip-deps || log_fail -check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "sigstore/sget: Analysing the repo path, the branch name and the" echo "commit digest for a Go project, skipping dependency resolution." echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/sget/sget.json -JSON_RESULT=$WORKSPACE/output/reports/github_com/sigstore/sget/sget.json -$RUN_MACARON analyze -rp https://github.com/sigstore/sget -b main -d 99e7b91204d391ccc76507f7079b6d2a7957489e --skip-deps || log_fail +OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/sget/sget.dl +run_macaron_clean $ANALYZE -rp https://github.com/sigstore/sget -b main -d 99e7b91204d391ccc76507f7079b6d2a7957489e --skip-deps || log_fail -check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "apache/maven: Analyzing with PURL and repository path without dependency resolution." echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/purl/maven/maven.json -JSON_RESULT=$WORKSPACE/output/reports/maven/apache/maven/maven.json -$RUN_MACARON analyze -purl pkg:maven/apache/maven -rp https://github.com/apache/maven -b master -d 3fc399318edef0d5ba593723a24fff64291d6f9b --skip-deps || log_fail +OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/purl/maven/maven.dl +run_macaron_clean $ANALYZE -purl pkg:maven/apache/maven -rp https://github.com/apache/maven -b master -d 3fc399318edef0d5ba593723a24fff64291d6f9b --skip-deps || log_fail -check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "apache/maven: Analyzing the repo path, the branch name and the commit digest with dependency resolution using cyclonedx maven plugin (default)." echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/maven/maven.json -JSON_RESULT=$WORKSPACE/output/reports/github_com/apache/maven/maven.json +OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/maven/maven.dl DEP_EXPECTED=$WORKSPACE/tests/dependency_analyzer/expected_results/cyclonedx_apache_maven.json DEP_RESULT=$WORKSPACE/output/reports/github_com/apache/maven/dependencies.json -$RUN_MACARON analyze -rp https://github.com/apache/maven -b master -d 3fc399318edef0d5ba593723a24fff64291d6f9b || log_fail +run_macaron_clean $ANALYZE -rp https://github.com/apache/maven -b master -d 3fc399318edef0d5ba593723a24fff64291d6f9b || log_fail check_or_update_expected_output $COMPARE_DEPS $DEP_RESULT $DEP_EXPECTED || log_fail -check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "apache/maven: Analyzing using a CycloneDx SBOM with target repo path" @@ -252,11 +241,10 @@ SBOM_FILE=$WORKSPACE/tests/dependency_analyzer/cyclonedx/resources/apache_maven_ DEP_EXPECTED=$WORKSPACE/tests/dependency_analyzer/expected_results/apache_maven_with_sbom_provided.json DEP_RESULT=$WORKSPACE/output/reports/github_com/apache/maven/dependencies.json -$RUN_MACARON analyze -rp https://github.com/apache/maven -b master -d 3fc399318edef0d5ba593723a24fff64291d6f9b -sbom "$SBOM_FILE" || log_fail +run_macaron_clean $ANALYZE -rp https://github.com/apache/maven -b master -d 3fc399318edef0d5ba593723a24fff64291d6f9b -sbom "$SBOM_FILE" || log_fail check_or_update_expected_output $COMPARE_DEPS $DEP_RESULT $DEP_EXPECTED || log_fail - echo -e "\n----------------------------------------------------------------------------------" echo "apache/maven: Analyzing using a CycloneDx SBOM file of a software component whose repository is not available." echo -e "----------------------------------------------------------------------------------\n" @@ -264,18 +252,17 @@ SBOM_FILE=$WORKSPACE/tests/dependency_analyzer/cyclonedx/resources/private_mirro DEP_EXPECTED=$WORKSPACE/tests/dependency_analyzer/expected_results/private_mirror_apache_maven.json DEP_RESULT=$WORKSPACE/output/reports/private-domain_com/apache/maven/dependencies.json -$RUN_MACARON analyze -purl pkg:private-domain.com/apache/maven -sbom "$SBOM_FILE" || log_fail +run_macaron_clean $ANALYZE -purl pkg:private-domain.com/apache/maven -sbom "$SBOM_FILE" || log_fail check_or_update_expected_output $COMPARE_DEPS $DEP_RESULT $DEP_EXPECTED || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "com.example/nonexistent: Analyzing purl of nonexistent artifact." echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/purl/maven/com_example_nonexistent/nonexistent.json -JSON_RESULT=$WORKSPACE/output/reports/maven/com_example/nonexistent/nonexistent.json -$RUN_MACARON analyze -purl pkg:maven/com.example/nonexistent@1.0.0 --skip-deps || log_fail +OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/purl/maven/com_example_nonexistent/nonexistent.dl +run_macaron_clean $ANALYZE -purl pkg:maven/com.example/nonexistent@1.0.0 --skip-deps || log_fail -check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail # Analyze micronaut-projects/micronaut-test. echo -e "\n==================================================================================" @@ -287,33 +274,32 @@ echo -e "\n--------------------------------------------------------------------- echo "micronaut-projects/micronaut-test: Check the resolved dependency output when automatic dependency resolution is skipped." echo -e "----------------------------------------------------------------------------------\n" DEP_EXPECTED=$WORKSPACE/tests/dependency_analyzer/expected_results/skipdep_micronaut-projects_micronaut-test.json -$RUN_MACARON analyze -c $WORKSPACE/tests/dependency_analyzer/configurations/micronaut_test_config.yaml --skip-deps || log_fail +run_macaron_clean $ANALYZE -c $WORKSPACE/tests/dependency_analyzer/configurations/micronaut_test_config.yaml --skip-deps || log_fail check_or_update_expected_output $COMPARE_DEPS $DEP_RESULT $DEP_EXPECTED || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "micronaut-projects/micronaut-test: Check the e2e output JSON file with config when automatic dependency resolution is skipped." echo -e "----------------------------------------------------------------------------------\n" -JSON_RESULT_DIR=$WORKSPACE/output/reports/github_com/micronaut-projects/micronaut-test/ -JSON_EXPECT_DIR=$WORKSPACE/tests/e2e/expected_results/micronaut-test +EXPECT_DIR=$WORKSPACE/tests/e2e/expected_results/micronaut-test declare -a COMPARE_FILES=( - "micronaut-test.json" - "caffeine.json" - "slf4j.json" + "micronaut-test.dl" + "caffeine.dl" + "slf4j.dl" ) for i in "${COMPARE_FILES[@]}" do - check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT_DIR/$i $JSON_EXPECT_DIR/$i || log_fail + $RUN_POLICY -d $DB -f $EXPECT_DIR/$i || log_fail done # TODO: uncomment the test below after resolving https://github.com/oracle/macaron/issues/60. # echo -e "\n----------------------------------------------------------------------------------" # echo "micronaut-projects/micronaut-test: Check the resolved dependency output with config for cyclonedx gradle plugin (default)." # echo -e "----------------------------------------------------------------------------------\n" -# DEP_EXPECTED=$WORKSPACE/tests/dependency_analyzer/expected_results/cyclonedx_micronaut-projects_micronaut-test.json -# $RUN_MACARON analyze -c $WORKSPACE/tests/dependency_analyzer/configurations/micronaut_test_config.yaml || log_fail +# DEP_EXPECTED=$WORKSPACE/tests/dependency_analyzer/expected_results/cyclonedx_micronaut-projects_micronaut-test.dl +# run_macaron_clean analyze -c $WORKSPACE/tests/dependency_analyzer/configurations/micronaut_test_config.yaml || log_fail # python $COMPARE_DEPS $DEP_RESULT $DEP_EXPECTED || log_fail @@ -327,34 +313,33 @@ echo -e "\n--------------------------------------------------------------------- echo "apache/maven: Check the resolved dependency output when automatic dependency resolution is skipped." echo -e "----------------------------------------------------------------------------------\n" DEP_EXPECTED=$WORKSPACE/tests/dependency_analyzer/expected_results/skipdep_apache_maven.json -$RUN_MACARON analyze -c $WORKSPACE/tests/dependency_analyzer/configurations/maven_config.yaml --skip-deps || log_fail +run_macaron_clean $ANALYZE -c $WORKSPACE/tests/dependency_analyzer/configurations/maven_config.yaml --skip-deps || log_fail check_or_update_expected_output $COMPARE_DEPS $DEP_RESULT $DEP_EXPECTED || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "apache/maven: Check the e2e output JSON file with config and no dependency analyzing." echo -e "----------------------------------------------------------------------------------\n" -JSON_RESULT_DIR=$WORKSPACE/output/reports/github_com/apache/maven -JSON_EXPECT_DIR=$WORKSPACE/tests/e2e/expected_results/maven +EXPECT_DIR=$WORKSPACE/tests/e2e/expected_results/maven declare -a COMPARE_FILES=( - "maven.json" - "guava.json" - "mockito.json" + "maven.dl" + "guava.dl" + "mockito.dl" ) -$RUN_MACARON analyze -c $WORKSPACE/tests/e2e/configurations/maven_config.yaml --skip-deps || log_fail +run_macaron_clean $ANALYZE -c $WORKSPACE/tests/e2e/configurations/maven_config.yaml --skip-deps || log_fail for i in "${COMPARE_FILES[@]}" do - check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT_DIR/$i $JSON_EXPECT_DIR/$i || log_fail + $RUN_POLICY -d $DB -f $EXPECT_DIR/$i || log_fail done echo -e "\n----------------------------------------------------------------------------------" echo "apache/maven: Check the resolved dependency output with config for cyclonedx maven plugin." echo -e "----------------------------------------------------------------------------------\n" DEP_EXPECTED=$WORKSPACE/tests/dependency_analyzer/expected_results/cyclonedx_apache_maven.json -$RUN_MACARON analyze -c $WORKSPACE/tests/dependency_analyzer/configurations/maven_config.yaml || log_fail +run_macaron_clean $ANALYZE -c $WORKSPACE/tests/dependency_analyzer/configurations/maven_config.yaml || log_fail check_or_update_expected_output $COMPARE_DEPS $DEP_RESULT $DEP_EXPECTED || log_fail @@ -369,7 +354,7 @@ declare -a INVALID_BRANCH_DIGEST=( for i in "${INVALID_BRANCH_DIGEST[@]}" do echo -e "Running with $WORKSPACE/tests/e2e/configurations/$i" - $RUN_MACARON analyze -c $WORKSPACE/tests/e2e/configurations/$i + run_macaron_clean $ANALYZE -c $WORKSPACE/tests/e2e/configurations/$i if [ $? -eq 0 ]; then echo -e "Expect non-zero status code for $WORKSPACE/test/e2e/configurations/$i but got $?." @@ -380,26 +365,24 @@ done echo -e "\n----------------------------------------------------------------------------------" echo "Test using the default template file." echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/maven/maven.json -JSON_RESULT=$WORKSPACE/output/reports/github_com/apache/maven/maven.json -$RUN_MACARON analyze -rp https://github.com/apache/maven --skip-deps -b master -d 3fc399318edef0d5ba593723a24fff64291d6f9b -g $WORKSPACE/src/macaron/output_reporter/templates/macaron.html || log_fail +OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/maven/maven.dl +run_macaron_clean $ANALYZE -rp https://github.com/apache/maven --skip-deps -b master -d 3fc399318edef0d5ba593723a24fff64291d6f9b -g $WORKSPACE/src/macaron/output_reporter/templates/macaron.html || log_fail -check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail # Analyze FasterXML/jackson-databind. echo -e "\n==================================================================================" echo "Run integration tests with configurations for FasterXML/jackson-databind..." echo -e "==================================================================================\n" -JSON_RESULT=$WORKSPACE/output/reports/maven/com_fasterxml_jackson_core/jackson-databind/jackson-databind.json echo -e "\n----------------------------------------------------------------------------------" echo "FasterXML/jackson-databind: Check the e2e output JSON file with config and no dependency analyzing." echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/jackson-databind/jackson-databind.json -$RUN_MACARON analyze -purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.14.0-rc1 --skip-deps || log_fail +OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/jackson-databind/jackson-databind.dl +run_macaron_clean $ANALYZE -purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.14.0-rc1 --skip-deps || log_fail # Original commit f0af53d085eb2aa9f7f6199846cc526068e09977 seems to be first included in version tagged commit 2.14.0-rc1. -check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail # echo -e "\n----------------------------------------------------------------------------------" # echo "FasterXML/jackson-databind: Check the resolved dependency output with config for cyclonedx maven plugin (default)." @@ -413,20 +396,18 @@ check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || echo -e "\n----------------------------------------------------------------------------------" echo "google/guava: Analyzing with PURL and repository path without dependency resolution." echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/purl/com_google_guava/guava/guava.json -JSON_RESULT=$WORKSPACE/output/reports/maven/com_google_guava/guava/guava.json -$RUN_MACARON analyze -purl pkg:maven/com.google.guava/guava@32.1.2-jre?type=jar --skip-deps || log_fail +OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/purl/com_google_guava/guava/guava.dl +run_macaron_clean $ANALYZE -purl pkg:maven/com.google.guava/guava@32.1.2-jre?type=jar --skip-deps || log_fail -check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "org.tinymediamanager/tinyMediaManager: Analyzing the purl with a version, and a provided repo with no commit." echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/purl/org_tinymediamanager/tinyMediaManager.json -JSON_RESULT=$WORKSPACE/output/reports/maven/org_tinymediamanager/tinyMediaManager/tinyMediaManager.json -$RUN_MACARON analyze -purl pkg:maven/org.tinymediamanager/tinyMediaManager@4.3.13 -rp https://gitlab.com/tinyMediaManager/tinyMediaManager --skip-deps || log_fail +OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/purl/org_tinymediamanager/tinyMediaManager.dl +run_macaron_clean $ANALYZE -purl pkg:maven/org.tinymediamanager/tinyMediaManager@4.3.13 -rp https://gitlab.com/tinyMediaManager/tinyMediaManager --skip-deps || log_fail -check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail # Running Macaron using local paths. @@ -439,59 +420,55 @@ echo "bitbucket.org/snakeyaml/snakeyaml: Analyzing a repository with un-supporte echo -e "----------------------------------------------------------------------------------\n" git clone https://bitbucket.org/snakeyaml/snakeyaml $WORKSPACE/output/local_repos/snakeyaml || log_fail DEFAULTS_FILE=$WORKSPACE/tests/e2e/defaults/bitbucket_local_repo.ini -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/snakeyaml/snakeyaml.json -JSON_RESULT=$WORKSPACE/output/reports/bitbucket_org/snakeyaml/snakeyaml/snakeyaml.json -$RUN_MACARON -dp $DEFAULTS_FILE -lr $WORKSPACE/output/local_repos analyze -rp snakeyaml -d a34989252e6f59e36a3aaf788a903b7a37a73d33 --skip-deps || log_fail +OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/snakeyaml/snakeyaml.dl +run_macaron_clean -dp $DEFAULTS_FILE -lr $WORKSPACE/output/local_repos $ANALYZE -rp snakeyaml -d a34989252e6f59e36a3aaf788a903b7a37a73d33 --skip-deps || log_fail -check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "apache/maven: Analyzing with the branch name, the commit digest and dependency resolution using cyclonedx maven plugin (default)." echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/maven/maven.json -JSON_RESULT=$WORKSPACE/output/reports/github_com/apache/maven/maven.json +OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/maven/maven.dl DEP_EXPECTED=$WORKSPACE/tests/dependency_analyzer/expected_results/cyclonedx_apache_maven.json DEP_RESULT=$WORKSPACE/output/reports/github_com/apache/maven/dependencies.json -$RUN_MACARON -lr $WORKSPACE/output/git_repos/github_com analyze -rp apache/maven -b master -d 3fc399318edef0d5ba593723a24fff64291d6f9b || log_fail +run_macaron_clean -lr $WORKSPACE/output/git_repos/github_com $ANALYZE -rp apache/maven -b master -d 3fc399318edef0d5ba593723a24fff64291d6f9b || log_fail check_or_update_expected_output $COMPARE_DEPS $DEP_RESULT $DEP_EXPECTED || log_fail -check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "apache/maven: Analyzing with local paths in configuration and without dependency resolution." echo -e "----------------------------------------------------------------------------------\n" -JSON_RESULT_DIR=$WORKSPACE/output/reports/github_com/apache/maven -JSON_EXPECT_DIR=$WORKSPACE/tests/e2e/expected_results/maven +EXPECT_DIR=$WORKSPACE/tests/e2e/expected_results/maven declare -a COMPARE_FILES=( - "maven.json" - "guava.json" - "mockito.json" + "maven.dl" + "guava.dl" + "mockito.dl" ) -$RUN_MACARON -lr $WORKSPACE/output/git_repos/github_com analyze -c $WORKSPACE/tests/e2e/configurations/maven_local_path.yaml --skip-deps || log_fail +run_macaron_clean -lr $WORKSPACE/output/git_repos/github_com $ANALYZE -c $WORKSPACE/tests/e2e/configurations/maven_local_path.yaml --skip-deps || log_fail for i in "${COMPARE_FILES[@]}" do - check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT_DIR/$i $JSON_EXPECT_DIR/$i || log_fail + $RUN_POLICY -d $DB -f $EXPECT_DIR/$i || log_fail done echo -e "\n----------------------------------------------------------------------------------" echo "apache/maven: Analyzing with local paths using local_repos_dir without dependency resolution." echo -e "----------------------------------------------------------------------------------\n" # The report files are still stored in the same location. -JSON_RESULT_DIR=$WORKSPACE/output/reports/github_com/apache/maven -JSON_EXPECT_DIR=$WORKSPACE/tests/e2e/expected_results/maven +EXPECT_DIR=$WORKSPACE/tests/e2e/expected_results/maven declare -a COMPARE_FILES=( - "maven.json" - "guava.json" - "mockito.json" + "maven.dl" + "guava.dl" + "mockito.dl" ) -$RUN_MACARON -lr $WORKSPACE/output/git_repos/github_com/ analyze -rp apache/maven -b master -d 3fc399318edef0d5ba593723a24fff64291d6f9b --skip-deps || log_fail +run_macaron_clean -lr $WORKSPACE/output/git_repos/github_com/ $ANALYZE -rp apache/maven -b master -d 3fc399318edef0d5ba593723a24fff64291d6f9b --skip-deps || log_fail for i in "${COMPARE_FILES[@]}" do - check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT_DIR/$i $JSON_EXPECT_DIR/$i || log_fail + $RUN_POLICY -d $DB -f $EXPECT_DIR/$i || log_fail done echo -e "\n----------------------------------------------------------------------------------" @@ -504,7 +481,7 @@ git clone $WORKSPACE/output/git_repos/github_com/apache/maven $WORKSPACE/output/ JSON_EXPECTED=$WORKSPACE/output/reports/local_repos/maven/maven.json HTML_EXPECTED=$WORKSPACE/output/reports/local_repos/maven/maven.html -$RUN_MACARON -lr $WORKSPACE/output/git_repos/local_repos/ analyze -rp test_repo -b master -d 3fc399318edef0d5ba593723a24fff64291d6f9b --skip-deps || log_fail +run_macaron_clean -lr $WORKSPACE/output/git_repos/local_repos/ $ANALYZE -rp test_repo -b master -d 3fc399318edef0d5ba593723a24fff64291d6f9b --skip-deps || log_fail # We don't compare the report content because the remote_path fields in the reports are nondeterministic when running # this test locally and running it in the GitHub Actions runner. We only check if the reports are generated as @@ -516,7 +493,7 @@ echo -e "\n--------------------------------------------------------------------- echo "apache/maven: test using invalid local repo path." echo -e "----------------------------------------------------------------------------------\n" # Assume that $WORKSPACE is always an absolute path. -$RUN_MACARON -lr $WORKSPACE/output/git_repos/github_com/ analyze -rp path/to/invalid/repo --skip-deps +run_macaron_clean -lr $WORKSPACE/output/git_repos/github_com/ $ANALYZE -rp path/to/invalid/repo --skip-deps if [ $? -eq 0 ]; then @@ -527,7 +504,7 @@ fi echo -e "\n----------------------------------------------------------------------------------" echo "apache/maven: test using invalid local_repos_dir." echo -e "----------------------------------------------------------------------------------\n" -$RUN_MACARON -lr $WORKSPACE/invalid_dir_should_fail analyze -rp apache/maven --skip-deps +run_macaron_clean -lr $WORKSPACE/invalid_dir_should_fail $ANALYZE -rp apache/maven --skip-deps if [ $? -eq 0 ]; then @@ -538,7 +515,7 @@ fi echo -e "\n----------------------------------------------------------------------------------" echo "apache/maven: test using a repo path outside of local_repos_dir." echo -e "----------------------------------------------------------------------------------\n" -$RUN_MACARON -lr $WORKSPACE/output/git_repos/github_com/ analyze -rp ../ --skip-deps +run_macaron_clean -lr $WORKSPACE/output/git_repos/github_com/ $ANALYZE -rp ../ --skip-deps if [ $? -eq 0 ]; then @@ -551,7 +528,7 @@ echo "Test using local repo with no commits." echo -e "----------------------------------------------------------------------------------\n" mkdir -p $WORKSPACE/output/git_repos/local_repos/empty_repo cd $WORKSPACE/output/git_repos/local_repos/empty_repo && git init && cd - -$RUN_MACARON -lr $WORKSPACE/output/git_repos/local_repos analyze -rp empty_repo --skip-deps +run_macaron_clean -lr $WORKSPACE/output/git_repos/local_repos $ANALYZE -rp empty_repo --skip-deps if [ $? -eq 0 ]; then @@ -595,7 +572,7 @@ cd "$WORKSPACE" || log_fail # When we run the analysis, because we are providing a local repo path, Macaron is not supposed to pull the # latest changes (i.e the second commit of SOURCE_REPO) into TARGET_REPO. # Therefore, this analysis is expected to fail because the commit HEAD_COMMIT_SHA does not exist in TARGET_REPO. -$RUN_MACARON -lr $WORKSPACE/output/git_repos/local_repos/ analyze -rp target -b master -d "$HEAD_COMMIT_SHA" --skip-deps +run_macaron_clean -lr $WORKSPACE/output/git_repos/local_repos/ $ANALYZE -rp target -b master -d "$HEAD_COMMIT_SHA" --skip-deps if [ $? -eq 0 ]; then @@ -610,7 +587,7 @@ rm -rf "$TARGET_REPO" echo -e "\n----------------------------------------------------------------------------------" echo "Running the analysis with all checks excluded. This test should return an error code." echo -e "----------------------------------------------------------------------------------\n" -$RUN_MACARON -dp tests/e2e/defaults/exclude_all_checks.ini analyze -rp https://github.com/apache/maven --skip-deps +run_macaron_clean -dp tests/e2e/defaults/exclude_all_checks.ini $ANALYZE -rp https://github.com/apache/maven --skip-deps if [ $? -eq 0 ]; then @@ -622,7 +599,7 @@ echo -e "\n--------------------------------------------------------------------- echo "apache/maven: test analyzing without the environment variable GITHUB_TOKEN being set." echo -e "----------------------------------------------------------------------------------\n" temp="$GITHUB_TOKEN" -GITHUB_TOKEN="" && $RUN_MACARON analyze -rp https://github.com/apache/maven --skip-deps +GITHUB_TOKEN="" && run_macaron_clean $ANALYZE -rp https://github.com/apache/maven --skip-deps if [ $? -eq 0 ]; then @@ -635,7 +612,7 @@ GITHUB_TOKEN="$temp" echo -e "\n----------------------------------------------------------------------------------" echo "apache/maven: test analyzing with invalid PURL" echo -e "----------------------------------------------------------------------------------\n" -$RUN_MACARON analyze -purl invalid-purl -rp https://github.com/apache/maven --skip-deps +run_macaron_clean $ANALYZE -purl invalid-purl -rp https://github.com/apache/maven --skip-deps if [ $? -eq 0 ]; then @@ -646,7 +623,7 @@ fi echo -e "\n----------------------------------------------------------------------------------" echo "apache/maven: test analyzing with both PURL and repository path but no branch and digest are provided." echo -e "----------------------------------------------------------------------------------\n" -$RUN_MACARON analyze -purl pkg:maven/apache/maven -rp https://github.com/apache/maven --skip-deps +run_macaron_clean $ANALYZE -purl pkg:maven/apache/maven -rp https://github.com/apache/maven --skip-deps if [ $? -eq 0 ]; then @@ -657,7 +634,7 @@ fi echo -e "\n----------------------------------------------------------------------------------" echo "Test using a custom template file that does not exist." echo -e "----------------------------------------------------------------------------------\n" -$RUN_MACARON analyze -rp https://github.com/apache/maven --skip-deps -g $WORKSPACE/should/not/exist +run_macaron_clean $ANALYZE -rp https://github.com/apache/maven --skip-deps -g $WORKSPACE/should/not/exist if [ $? -eq 0 ]; then @@ -668,7 +645,7 @@ fi echo -e "\n----------------------------------------------------------------------------------" echo "Test providing an invalid provenance file as input." echo -e "----------------------------------------------------------------------------------\n" -$RUN_MACARON analyze -rp https://github.com/apache/maven --provenance-file $WORKSPACE/golang/internal/cue_validator/resources/invalid_provenance.json --skip-deps +run_macaron_clean $ANALYZE -rp https://github.com/apache/maven --provenance-file $WORKSPACE/golang/internal/cue_validator/resources/invalid_provenance.json --skip-deps if [ $? -eq 0 ]; then @@ -678,84 +655,77 @@ fi # Testing the CUE provenance expectation verifier. echo -e "\n----------------------------------------------------------------------------------" -echo "Test verifying CUE provenance expectation for ossf/scorecard" +echo "Test verifying CUE provenance expectation for ossf/scorecard and run policy CLI" echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/scorecard/scorecard.json -JSON_RESULT=$WORKSPACE/output/reports/github/ossf/scorecard/scorecard.json +OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/scorecard/scorecard.dl DEFAULTS_FILE=$WORKSPACE/tests/e2e/defaults/scorecard.ini EXPECTATION_FILE=$WORKSPACE/tests/slsa_analyzer/provenance/expectations/cue/resources/valid_expectations/scorecard_PASS.cue -$RUN_MACARON -dp $DEFAULTS_FILE analyze -pe $EXPECTATION_FILE -purl pkg:github/ossf/scorecard@v4.13.1 --skip-deps || log_fail +run_macaron_clean -dp $DEFAULTS_FILE $ANALYZE -pe $EXPECTATION_FILE -purl pkg:github/ossf/scorecard@v4.13.1 --skip-deps || log_fail + +# Run CLI policy +POLICY_FILE=$WORKSPACE/tests/policy_engine/resources/policies/scorecard/scorecard.dl +POLICY_RESULT=$WORKSPACE/output/policy_report.json +POLICY_EXPECTED=$WORKSPACE/tests/policy_engine/expected_results/scorecard/scorecard_policy_report.json +VSA_RESULT=$WORKSPACE/output/vsa.intoto.jsonl +VSA_PAYLOAD_EXPECTED=$WORKSPACE/tests/vsa/integration/github_slsa-framework_scorecard/vsa_payload.json + +$RUN_POLICY -f $POLICY_FILE -d "$WORKSPACE/output/macaron.db" || log_fail +check_or_update_expected_output $COMPARE_POLICIES $POLICY_RESULT $POLICY_EXPECTED || log_fail +check_or_update_expected_output "$COMPARE_VSA" "$VSA_RESULT" "$VSA_PAYLOAD_EXPECTED" || log_fail -check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +# Finish verifying CUE provenance +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "Test verifying CUE provenance expectation for slsa-verifier" echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/slsa-verifier/slsa-verifier_cue_PASS.json -JSON_RESULT=$WORKSPACE/output/reports/github_com/slsa-framework/slsa-verifier/slsa-verifier.json +OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/slsa-verifier/slsa-verifier_cue_PASS.dl EXPECTATION_FILE=$WORKSPACE/tests/slsa_analyzer/provenance/expectations/cue/resources/valid_expectations/slsa_verifier_PASS.cue DEFAULTS_FILE=$WORKSPACE/tests/e2e/defaults/slsa_verifier.ini -$RUN_MACARON -dp $DEFAULTS_FILE analyze -pe $EXPECTATION_FILE -rp https://github.com/slsa-framework/slsa-verifier -b main -d fc50b662fcfeeeb0e97243554b47d9b20b14efac --skip-deps || log_fail +run_macaron_clean -dp $DEFAULTS_FILE $ANALYZE -pe $EXPECTATION_FILE -rp https://github.com/slsa-framework/slsa-verifier -b main -d fc50b662fcfeeeb0e97243554b47d9b20b14efac --skip-deps || log_fail -check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "Test verifying CUE provenance expectation for slsa-verifier with explicitly-provided provenance file" echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/slsa-verifier/slsa-verifier_explicitly_provided_cue_PASS.json -JSON_RESULT=$WORKSPACE/output/reports/github_com/slsa-framework/slsa-verifier/slsa-verifier.json +OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/slsa-verifier/slsa-verifier_explicitly_provided_cue_PASS.dl EXPECTATION_FILE=$WORKSPACE/tests/slsa_analyzer/provenance/expectations/cue/resources/valid_expectations/slsa_verifier_PASS.cue DEFAULTS_FILE=$WORKSPACE/tests/e2e/defaults/slsa_verifier.ini PROVENANCE_FILE=$WORKSPACE/tests/slsa_analyzer/provenance/resources/valid_provenances/slsa-verifier-linux-amd64.intoto.jsonl -$RUN_MACARON -dp $DEFAULTS_FILE analyze -pe $EXPECTATION_FILE -pf $PROVENANCE_FILE -rp https://github.com/slsa-framework/slsa-verifier -d 6fb4f7e2dd9c2f5d4f55fa88f6796278a7bba6d6 --skip-deps || log_fail +run_macaron_clean -dp $DEFAULTS_FILE $ANALYZE -pe $EXPECTATION_FILE -pf $PROVENANCE_FILE -rp https://github.com/slsa-framework/slsa-verifier -d 6fb4f7e2dd9c2f5d4f55fa88f6796278a7bba6d6 --skip-deps || log_fail -check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "Test verifying CUE provenance expectation for slsa-verifier with explicitly-provided provenance file as a URL link file" echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/slsa-verifier/slsa-verifier_explicitly_provided_cue_PASS.json -JSON_RESULT=$WORKSPACE/output/reports/github_com/slsa-framework/slsa-verifier/slsa-verifier.json +OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/slsa-verifier/slsa-verifier_explicitly_provided_cue_PASS.dl EXPECTATION_FILE=$WORKSPACE/tests/slsa_analyzer/provenance/expectations/cue/resources/valid_expectations/slsa_verifier_PASS.cue DEFAULTS_FILE=$WORKSPACE/tests/e2e/defaults/allow_url_link_github.ini PROVENANCE_FILE=$WORKSPACE/tests/slsa_analyzer/provenance/resources/valid_provenances/slsa-verifier-linux-amd64.intoto.jsonl -$RUN_MACARON -dp $DEFAULTS_FILE analyze -pe $EXPECTATION_FILE -pf $PROVENANCE_FILE -rp https://github.com/slsa-framework/slsa-verifier -d 6fb4f7e2dd9c2f5d4f55fa88f6796278a7bba6d6 --skip-deps || log_fail +run_macaron_clean -dp $DEFAULTS_FILE $ANALYZE -pe $EXPECTATION_FILE -pf $PROVENANCE_FILE -rp https://github.com/slsa-framework/slsa-verifier -d 6fb4f7e2dd9c2f5d4f55fa88f6796278a7bba6d6 --skip-deps || log_fail -check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "urllib3/urllib3: Analyzing the repo path when automatic dependency resolution is skipped" echo "and CUE file is provided as expectation." echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/urllib3/urllib3_cue_invalid.json -JSON_RESULT=$WORKSPACE/output/reports/github_com/urllib3/urllib3/urllib3.json +OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/urllib3/urllib3_cue_invalid.dl EXPECTATION_FILE=$WORKSPACE/tests/slsa_analyzer/provenance/expectations/cue/resources/invalid_expectations/invalid.cue -$RUN_MACARON analyze -pe $EXPECTATION_FILE -rp https://github.com/urllib3/urllib3 -b main -d 87a0ecee6e691fe5ff93cd000c0158deebef763b --skip-deps || log_fail +run_macaron_clean $ANALYZE -pe $EXPECTATION_FILE -rp https://github.com/urllib3/urllib3 -b main -d 87a0ecee6e691fe5ff93cd000c0158deebef763b --skip-deps || log_fail -check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail - -# Testing the Souffle policy engine. -echo -e "\n----------------------------------------------------------------------------------" -echo "Run policy CLI with scorecard results." -echo -e "----------------------------------------------------------------------------------\n" -RUN_POLICY="macaron verify-policy" -POLICY_FILE=$WORKSPACE/tests/policy_engine/resources/policies/scorecard/scorecard.dl -POLICY_RESULT=$WORKSPACE/output/policy_report.json -POLICY_EXPECTED=$WORKSPACE/tests/policy_engine/expected_results/scorecard/scorecard_policy_report.json -VSA_RESULT=$WORKSPACE/output/vsa.intoto.jsonl -VSA_PAYLOAD_EXPECTED=$WORKSPACE/tests/vsa/integration/github_slsa-framework_scorecard/vsa_payload.json - -$RUN_POLICY -f $POLICY_FILE -d "$WORKSPACE/output/macaron.db" || log_fail -check_or_update_expected_output $COMPARE_POLICIES $POLICY_RESULT $POLICY_EXPECTED || log_fail -check_or_update_expected_output "$COMPARE_VSA" "$VSA_RESULT" "$VSA_PAYLOAD_EXPECTED" || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "Run policy CLI with micronaut-core results to test deploy command information." echo -e "----------------------------------------------------------------------------------\n" -RUN_POLICY="macaron verify-policy" POLICY_FILE=$WORKSPACE/tests/policy_engine/resources/policies/micronaut-core/test_deploy_info.dl POLICY_RESULT=$WORKSPACE/output/policy_report.json POLICY_EXPECTED=$WORKSPACE/tests/policy_engine/expected_results/micronaut-core/test_deploy_info.json +DEFAULTS_FILE=$WORKSPACE/tests/e2e/defaults/micronaut-core.ini +$RUN_MACARON -dp $DEFAULTS_FILE analyze -purl pkg:maven/io.micronaut/micronaut-core@4.2.3 --skip-deps || log_fail $RUN_POLICY -f $POLICY_FILE -d "$WORKSPACE/output/macaron.db" || log_fail check_or_update_expected_output $COMPARE_POLICIES $POLICY_RESULT $POLICY_EXPECTED || log_fail @@ -764,7 +734,6 @@ echo -e "\n--------------------------------------------------------------------- echo "behnazh-w/example-maven-app as a local and remote repository" echo "Test the Witness and GitHub provenances as an input, Cue expectation validation, Policy CLI and VSA generation, User input vs. provenance." echo -e "----------------------------------------------------------------------------------\n" -RUN_POLICY="macaron verify-policy" POLICY_FILE=$WORKSPACE/tests/policy_engine/resources/policies/example-maven-project/policy.dl POLICY_RESULT=$WORKSPACE/output/policy_report.json POLICY_EXPECTED=$WORKSPACE/tests/policy_engine/expected_results/example-maven-project/example_maven_project_policy_report.json @@ -779,14 +748,14 @@ WITNESS_PROVENANCE_FILE=$WORKSPACE/tests/slsa_analyzer/provenance/resources/vali git clone https://github.com/behnazh-w/example-maven-app.git $WORKSPACE/output/git_repos/local_repos/example-maven-app || log_fail # Check the Witness provenance. -$RUN_MACARON analyze -pf $WITNESS_PROVENANCE_FILE -pe $WITNESS_EXPECTATION_FILE -purl pkg:maven/io.github.behnazh-w.demo/example-maven-app@1.0-SNAPSHOT?type=jar --repo-path example-maven-app --skip-deps || log_fail +run_macaron_clean $ANALYZE -pf $WITNESS_PROVENANCE_FILE -pe $WITNESS_EXPECTATION_FILE -purl pkg:maven/io.github.behnazh-w.demo/example-maven-app@1.0-SNAPSHOT?type=jar --repo-path example-maven-app --skip-deps || log_fail # Test the remote repo with GitHub provenance. GITHUB_EXPECTATION_FILE=$WORKSPACE/tests/slsa_analyzer/provenance/expectations/cue/resources/valid_expectations/github-example-maven-project.cue GITHUB_PROVENANCE_FILE=$WORKSPACE/tests/slsa_analyzer/provenance/resources/valid_provenances/github-example-maven-project.json -# Check the GitHub provenance. -$RUN_MACARON analyze -pf $GITHUB_PROVENANCE_FILE -pe $GITHUB_EXPECTATION_FILE -purl pkg:maven/io.github.behnazh-w.demo/example-maven-app@1.0?type=jar --skip-deps || log_fail +# Check the GitHub provenance (Do not clean). +$RUN_MACARON $ANALYZE -pf $GITHUB_PROVENANCE_FILE -pe $GITHUB_EXPECTATION_FILE -purl pkg:maven/io.github.behnazh-w.demo/example-maven-app@1.0?type=jar --skip-deps || log_fail # Verify the policy and VSA for all the software components generated from behnazh-w/example-maven-app repo. $RUN_POLICY -f $POLICY_FILE -d "$WORKSPACE/output/macaron.db" || log_fail @@ -795,13 +764,13 @@ check_or_update_expected_output "$COMPARE_POLICIES" "$POLICY_RESULT" "$POLICY_EX check_or_update_expected_output "$COMPARE_VSA" "$VSA_RESULT" "$VSA_PAYLOAD_EXPECTED" || log_fail # Validate user input of repo and commit vs provenance. -$RUN_MACARON analyze -pf $GITHUB_PROVENANCE_FILE -rp https://github.com/behnazh-w/example-maven-app -d 2deca75ed5dd365eaf1558a82347b1f11306135f --skip-deps || log_fail +run_macaron_clean $ANALYZE -pf $GITHUB_PROVENANCE_FILE -rp https://github.com/behnazh-w/example-maven-app -d 2deca75ed5dd365eaf1558a82347b1f11306135f --skip-deps || log_fail # Validate user input of repo and commit (via purl) vs provenance. -$RUN_MACARON analyze -pf $GITHUB_PROVENANCE_FILE -purl pkg:github/behnazh-w/example-maven-app@2deca75 --skip-deps || log_fail +run_macaron_clean $ANALYZE -pf $GITHUB_PROVENANCE_FILE -purl pkg:github/behnazh-w/example-maven-app@2deca75 --skip-deps || log_fail # Validate user input of repo and commit (via purl with tag) vs provenance. -$RUN_MACARON analyze -pf $GITHUB_PROVENANCE_FILE -purl pkg:github/behnazh-w/example-maven-app@1.0 --skip-deps || log_fail +run_macaron_clean $ANALYZE -pf $GITHUB_PROVENANCE_FILE -purl pkg:github/behnazh-w/example-maven-app@1.0 --skip-deps || log_fail # Testing the Repo Finder's remote calls. # This requires the 'packageurl' Python module diff --git a/scripts/dev_scripts/integration_tests_docker.sh b/scripts/dev_scripts/integration_tests_docker.sh index 27329e63b..d96b49f79 100755 --- a/scripts/dev_scripts/integration_tests_docker.sh +++ b/scripts/dev_scripts/integration_tests_docker.sh @@ -14,13 +14,19 @@ RUN_MACARON_SCRIPT=$2 # The scripts to compare the results of the integration tests. COMPARE_DEPS=$WORKSPACE/tests/dependency_analyzer/compare_dependencies.py -COMPARE_JSON_OUT=$WORKSPACE/tests/e2e/compare_e2e_result.py COMPARE_POLICIES=$WORKSPACE/tests/policy_engine/compare_policy_reports.py COMPARE_VSA=$WORKSPACE/tests/vsa/compare_vsa.py UNIT_TEST_SCRIPT=$WORKSPACE/scripts/dev_scripts/test_run_macaron_sh.py +RUN_POLICY="$RUN_MACARON_SCRIPT verify-policy" +DB=$WORKSPACE/output/macaron.db RESULT_CODE=0 +function run_macaron_clean() { + rm $DB + $RUN_MACARON_SCRIPT "$@" +} + function log_fail() { printf "Error: FAILED integration test (line ${BASH_LINENO}) %s\n" $@ RESULT_CODE=1 @@ -37,13 +43,12 @@ echo "with dependency resolution using cyclonedx Gradle plugin (default)." echo -e "----------------------------------------------------------------------------------\n" DEP_RESULT=$WORKSPACE/output/reports/github_com/timyarkov/multibuild_test/dependencies.json DEP_EXPECTED=$WORKSPACE/tests/dependency_analyzer/expected_results/cyclonedx_timyarkov_multibuild_test.json -JSON_RESULT=$WORKSPACE/output/reports/github_com/timyarkov/multibuild_test/multibuild_test.json -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/multibuild_test/multibuild_test.json -$RUN_MACARON_SCRIPT analyze -rp https://github.com/timyarkov/multibuild_test -b main -d a8b0efe24298bc81f63217aaa84776c3d48976c5 || log_fail +OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/multibuild_test/multibuild_test.dl +run_macaron_clean analyze -rp https://github.com/timyarkov/multibuild_test -b main -d a8b0efe24298bc81f63217aaa84776c3d48976c5 || log_fail python $COMPARE_DEPS $DEP_RESULT $DEP_EXPECTED || log_fail -python $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "apache/maven: Check the resolved dependency output with config for cyclonedx maven plugin (default)." @@ -51,35 +56,34 @@ echo -e "----------------------------------------------------------------------- DEP_RESULT=$WORKSPACE/output/reports/github_com/apache/maven/dependencies.json DEP_EXPECTED=$WORKSPACE/tests/dependency_analyzer/expected_results/cyclonedx_apache_maven.json -$RUN_MACARON_SCRIPT analyze -c $WORKSPACE/tests/dependency_analyzer/configurations/maven_config.yaml || log_fail +run_macaron_clean analyze -c $WORKSPACE/tests/dependency_analyzer/configurations/maven_config.yaml || log_fail python $COMPARE_DEPS $DEP_RESULT $DEP_EXPECTED || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "apache/maven: e2e using the local repo path, the branch name and the commit digest without dependency resolution." echo -e "----------------------------------------------------------------------------------\n" -JSON_RESULT=$WORKSPACE/output/reports/github_com/apache/maven/maven.json -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/maven/maven.json +OUTPUT_POLICY=$WORKSPACE/tests/e2e/expected_results/maven/maven.dl + +run_macaron_clean -lr $WORKSPACE/output/git_repos/github_com analyze -r apache/maven -b master -d 3fc399318edef0d5ba593723a24fff64291d6f9b --skip-deps || log_fail -$RUN_MACARON_SCRIPT -lr $WORKSPACE/output/git_repos/github_com analyze -r apache/maven -b master -d 3fc399318edef0d5ba593723a24fff64291d6f9b --skip-deps || log_fail -python $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "apache/maven: Check the e2e output JSON file with config and no dependency analyzing." echo -e "----------------------------------------------------------------------------------\n" -JSON_RESULT_DIR=$WORKSPACE/output/reports/github_com/apache/maven -JSON_EXPECT_DIR=$WORKSPACE/tests/e2e/expected_results/maven +EXPECT_DIR=$WORKSPACE/tests/e2e/expected_results/maven declare -a COMPARE_FILES=( - "maven.json" - "guava.json" - "mockito.json" + "maven.dl" + "guava.dl" + "mockito.dl" ) -$RUN_MACARON_SCRIPT analyze -c $WORKSPACE/tests/e2e/configurations/maven_config.yaml --skip-deps || log_fail +run_macaron_clean analyze -c $WORKSPACE/tests/e2e/configurations/maven_config.yaml --skip-deps || log_fail for i in "${COMPARE_FILES[@]}" do - python $COMPARE_JSON_OUT $JSON_RESULT_DIR/$i $JSON_EXPECT_DIR/$i || log_fail + $RUN_POLICY -d $DB -f $EXPECT_DIR/$i || log_fail done echo -e "\n----------------------------------------------------------------------------------" @@ -89,63 +93,47 @@ SBOM_FILE=$WORKSPACE/tests/dependency_analyzer/cyclonedx/resources/apache_maven_ DEP_EXPECTED=$WORKSPACE/tests/dependency_analyzer/expected_results/apache_maven_with_sbom_provided.json DEP_RESULT=$WORKSPACE/output/reports/github_com/apache/maven/dependencies.json -$RUN_MACARON_SCRIPT analyze -rp https://github.com/apache/maven -b master -d 3fc399318edef0d5ba593723a24fff64291d6f9b -sbom $SBOM_FILE || log_fail +run_macaron_clean analyze -rp https://github.com/apache/maven -b master -d 3fc399318edef0d5ba593723a24fff64291d6f9b -sbom $SBOM_FILE || log_fail python $COMPARE_DEPS $DEP_RESULT $DEP_EXPECTED || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "apache/maven: Analyzing with PURL and repository path without dependency resolution." echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/purl/maven/maven.json -JSON_RESULT=$WORKSPACE/output/reports/maven/apache/maven/maven.json -$RUN_MACARON_SCRIPT analyze -purl pkg:maven/apache/maven -rp https://github.com/apache/maven -b master -d 3fc399318edef0d5ba593723a24fff64291d6f9b --skip-deps || log_fail +JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/purl/maven/maven.dl +run_macaron_clean analyze -purl pkg:maven/apache/maven -rp https://github.com/apache/maven -b master -d 3fc399318edef0d5ba593723a24fff64291d6f9b --skip-deps || log_fail -python $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "urllib3/urllib3: Analyzing the repo path when automatic dependency resolution is skipped." echo "The CUE expectation file is provided as a single file path." echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/urllib3/urllib3.json -JSON_RESULT=$WORKSPACE/output/reports/github_com/urllib3/urllib3/urllib3.json +JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/urllib3/urllib3.dl EXPECTATION_FILE=$WORKSPACE/tests/slsa_analyzer/provenance/expectations/cue/resources/valid_expectations/urllib3_PASS.cue -$RUN_MACARON_SCRIPT analyze -pe $EXPECTATION_FILE -rp https://github.com/urllib3/urllib3/urllib3 -b main -d 87a0ecee6e691fe5ff93cd000c0158deebef763b --skip-deps || log_fail +run_macaron_clean analyze -pe $EXPECTATION_FILE -rp https://github.com/urllib3/urllib3/urllib3 -b main -d 87a0ecee6e691fe5ff93cd000c0158deebef763b --skip-deps || log_fail -python $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "urllib3/urllib3: Analyzing the repo path when automatic dependency resolution is skipped." echo "The CUE expectation file should be found via the directory path." echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/urllib3/urllib3.json -JSON_RESULT=$WORKSPACE/output/reports/github_com/urllib3/urllib3/urllib3.json +JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/urllib3/urllib3.dl EXPECTATION_DIR=$WORKSPACE/tests/slsa_analyzer/provenance/expectations/cue/resources/valid_expectations/ -$RUN_MACARON_SCRIPT analyze -pe $EXPECTATION_DIR -rp https://github.com/urllib3/urllib3/urllib3 -b main -d 87a0ecee6e691fe5ff93cd000c0158deebef763b --skip-deps || log_fail +run_macaron_clean analyze -pe $EXPECTATION_DIR -rp https://github.com/urllib3/urllib3/urllib3 -b main -d 87a0ecee6e691fe5ff93cd000c0158deebef763b --skip-deps || log_fail -python $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "Test verifying CUE provenance expectation for ossf/scorecard" echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/scorecard/scorecard.json -JSON_RESULT=$WORKSPACE/output/reports/github/ossf/scorecard/scorecard.json +JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/scorecard/scorecard.dl DEFAULTS_FILE=$WORKSPACE/tests/e2e/defaults/scorecard.ini EXPECTATION_FILE=$WORKSPACE/tests/slsa_analyzer/provenance/expectations/cue/resources/valid_expectations/scorecard_PASS.cue -$RUN_MACARON_SCRIPT -dp $DEFAULTS_FILE analyze -pe $EXPECTATION_FILE -purl pkg:github/ossf/scorecard@v4.13.1 --skip-deps || log_fail +run_macaron_clean -dp $DEFAULTS_FILE analyze -pe $EXPECTATION_FILE -purl pkg:github/ossf/scorecard@v4.13.1 --skip-deps || log_fail -python $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail - -echo -e "\n----------------------------------------------------------------------------------" -echo "slsa-framework/slsa-verifier: Analyzing the repo path when automatic dependency resolution is skipped" -echo "and CUE file is provided as expectation." -echo -e "----------------------------------------------------------------------------------\n" -JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/slsa-verifier/slsa-verifier_cue_PASS.json -JSON_RESULT=$WORKSPACE/output/reports/github_com/slsa-framework/slsa-verifier/slsa-verifier.json -EXPECTATION_FILE=$WORKSPACE/tests/slsa_analyzer/provenance/expectations/cue/resources/valid_expectations/slsa_verifier_PASS.cue -DEFAULTS_FILE=$WORKSPACE/tests/e2e/defaults/slsa_verifier.ini -$RUN_MACARON_SCRIPT -dp $DEFAULTS_FILE analyze -pe $EXPECTATION_FILE -rp https://github.com/slsa-framework/slsa-verifier -b main -d fc50b662fcfeeeb0e97243554b47d9b20b14efac --skip-deps || log_fail - -python $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail echo -e "\n----------------------------------------------------------------------------------" echo "Run policy CLI with scorecard results." @@ -160,11 +148,21 @@ $RUN_MACARON_SCRIPT verify-policy -f $POLICY_FILE -d "$WORKSPACE/output/macaron. python $COMPARE_POLICIES $POLICY_RESULT $POLICY_EXPECTED || log_fail python "$COMPARE_VSA" "$VSA_RESULT" "$VSA_PAYLOAD_EXPECTED" || log_fail +echo -e "\n----------------------------------------------------------------------------------" +echo "slsa-framework/slsa-verifier: Analyzing the repo path when automatic dependency resolution is skipped" +echo "and CUE file is provided as expectation." +echo -e "----------------------------------------------------------------------------------\n" +JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/slsa-verifier/slsa-verifier_cue_PASS.dl +EXPECTATION_FILE=$WORKSPACE/tests/slsa_analyzer/provenance/expectations/cue/resources/valid_expectations/slsa_verifier_PASS.cue +DEFAULTS_FILE=$WORKSPACE/tests/e2e/defaults/slsa_verifier.ini +run_macaron_clean -dp $DEFAULTS_FILE analyze -pe $EXPECTATION_FILE -rp https://github.com/slsa-framework/slsa-verifier -b main -d fc50b662fcfeeeb0e97243554b47d9b20b14efac --skip-deps || log_fail + +$RUN_POLICY -d $DB -f $OUTPUT_POLICY || log_fail + echo -e "\n----------------------------------------------------------------------------------" echo "behnazh-w/example-maven-app as a local and remote repository" echo "Test the Witness and GitHub provenances as an input, Cue expectation validation, Policy CLI and VSA generation." echo -e "----------------------------------------------------------------------------------\n" -RUN_POLICY="macaron verify-policy" POLICY_FILE=$WORKSPACE/tests/policy_engine/resources/policies/example-maven-project/policy.dl POLICY_RESULT=$WORKSPACE/output/policy_report.json POLICY_EXPECTED=$WORKSPACE/tests/policy_engine/expected_results/example-maven-project/example_maven_project_policy_report.json @@ -179,7 +177,7 @@ WITNESS_PROVENANCE_FILE=$WORKSPACE/tests/slsa_analyzer/provenance/resources/vali git clone https://github.com/behnazh-w/example-maven-app.git $WORKSPACE/output/git_repos/local_repos/example-maven-app || log_fail # Check the Witness provenance. -$RUN_MACARON_SCRIPT analyze -pf $WITNESS_PROVENANCE_FILE -pe $WITNESS_EXPECTATION_FILE -purl pkg:maven/io.github.behnazh-w.demo/example-maven-app@1.0-SNAPSHOT?type=jar --repo-path example-maven-app --skip-deps || log_fail +run_macaron_clean analyze -pf $WITNESS_PROVENANCE_FILE -pe $WITNESS_EXPECTATION_FILE -purl pkg:maven/io.github.behnazh-w.demo/example-maven-app@1.0-SNAPSHOT?type=jar --repo-path example-maven-app --skip-deps || log_fail # Test the remote repo with GitHub provenance. GITHUB_EXPECTATION_FILE=$WORKSPACE/tests/slsa_analyzer/provenance/expectations/cue/resources/valid_expectations/github-example-maven-project.cue diff --git a/src/macaron/policy_engine/prelude/helper_rules.dl b/src/macaron/policy_engine/prelude/helper_rules.dl index 0a32bbc35..c0b095066 100644 --- a/src/macaron/policy_engine/prelude/helper_rules.dl +++ b/src/macaron/policy_engine/prelude/helper_rules.dl @@ -1,4 +1,4 @@ -/* Copyright (c) 2023 - 2023, Oracle and/or its affiliates. All rights reserved. */ +/* Copyright (c) 2023 - 2024, Oracle and/or its affiliates. All rights reserved. */ /* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ /* Souffle datalog rules to assist in policy authoring */ @@ -9,6 +9,9 @@ .decl check_passed(component_id: number, check_name: symbol) check_passed(component_id, check_name) :- check_result(_, check_name, 1, component_id). +.decl check_failed(component_id: number, check_name: symbol) +check_failed(component_id, check_name) :- check_result(_, check_name, 0, component_id). + /** * Check name is valid. */ @@ -42,6 +45,12 @@ transitive_dependency(parent, dependency) :- .decl is_repo(repo_id: number, repo_complete_name: symbol, component_id: number) is_repo(repo_id, repo_complete_name, component_id) :- repository(repo_id, component_id, repo_complete_name, _, _, _, _, _, _, _, _, _, _). +/** + * Extract the id and URL from the repository relation. + */ +.decl is_repo_url(repo_id: number, url: symbol) + is_repo_url(repo_id, url) :- repository(_, repo_id, _, _, _, _, _, url, _, _, _, _, _). + /** * A convenience relation to find analyses conducted on a specific repository. diff --git a/tests/e2e/expected_results/docker_test/docker_test.dl b/tests/e2e/expected_results/docker_test/docker_test.dl new file mode 100644 index 000000000..3f521e2da --- /dev/null +++ b/tests/e2e/expected_results/docker_test/docker_test.dl @@ -0,0 +1,22 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_build_as_code_1"), + check_passed(component_id, "mcn_build_script_1"), + check_passed(component_id, "mcn_build_service_1"), + check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_infer_artifact_pipeline_1"), + check_failed(component_id, "mcn_provenance_available_1"), + check_failed(component_id, "mcn_provenance_derived_commit_1"), + check_failed(component_id, "mcn_provenance_derived_repo_1"), + check_failed(component_id, "mcn_provenance_expectation_1"), + check_failed(component_id, "mcn_provenance_level_three_1"), + check_failed(component_id, "mcn_provenance_witness_level_one_1"), + check_failed(component_id, "mcn_trusted_builder_level_three_1"), + is_repo_url(component_id, "https://github.com/timyarkov/docker_test"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:github.com/timyarkov/docker_test@404a51a2f38c4470af6b32e4e00b5318c2d7c0cc"). diff --git a/tests/e2e/expected_results/docker_test/docker_test.json b/tests/e2e/expected_results/docker_test/docker_test.json deleted file mode 100644 index fa8893dd1..000000000 --- a/tests/e2e/expected_results/docker_test/docker_test.json +++ /dev/null @@ -1,324 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-07 15:10:13", - "has_passing_check": true, - "run_checks": [ - "mcn_provenance_available_1", - "mcn_provenance_witness_level_one_1", - "mcn_build_as_code_1", - "mcn_provenance_derived_commit_1", - "mcn_provenance_level_three_1", - "mcn_version_control_system_1", - "mcn_infer_artifact_pipeline_1", - "mcn_trusted_builder_level_three_1", - "mcn_build_script_1", - "mcn_build_service_1", - "mcn_provenance_expectation_1", - "mcn_provenance_derived_repo_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_witness_level_one_1": {}, - "mcn_provenance_level_three_1": {}, - "mcn_provenance_expectation_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_build_service_1": {}, - "mcn_infer_artifact_pipeline_1": {} - } - }, - "mcn_build_script_1": {} - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:github.com/timyarkov/docker_test@404a51a2f38c4470af6b32e4e00b5318c2d7c0cc", - "local_cloned_path": "git_repos/github_com/timyarkov/docker_test", - "remote_path": "https://github.com/timyarkov/docker_test", - "branch": "main", - "commit_hash": "404a51a2f38c4470af6b32e4e00b5318c2d7c0cc", - "commit_date": "2023-08-13T16:24:13+10:00" - }, - "provenances": { - "is_inferred": true, - "content": { - "github_actions": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "subject": [], - "predicateType": "https://slsa.dev/provenance/v0.2", - "predicate": { - "builder": { - "id": "https://github.com/timyarkov/docker_test/blob/404a51a2f38c4470af6b32e4e00b5318c2d7c0cc/.github/workflows/github-actions-basic.yml" - }, - "buildType": "Custom github_actions", - "invocation": { - "configSource": { - "uri": "https://github.com/timyarkov/docker_test@refs/heads/main", - "digest": { - "sha1": "404a51a2f38c4470af6b32e4e00b5318c2d7c0cc" - }, - "entryPoint": "https://github.com/timyarkov/docker_test/blob/404a51a2f38c4470af6b32e4e00b5318c2d7c0cc/.github/workflows/github-actions-basic.yml" - }, - "parameters": {}, - "environment": {} - }, - "buildConfig": { - "jobID": "pretend-to-do-stuff", - "stepID": "", - "stepName": "Push Docker" - }, - "metadata": { - "buildInvocationId": "", - "buildStartedOn": "", - "buildFinishedOn": "", - "completeness": { - "parameters": "false", - "environment": "false", - "materials": "false" - }, - "reproducible": "false" - }, - "materials": [ - { - "uri": "", - "digest": {} - } - ] - } - } - ], - "npm Registry": [] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 8, - "PASSED": 4, - "SKIPPED": 0, - "UNKNOWN": 0 - }, - "results": [ - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "build_tool_name: docker", - "ci_service_name: github_actions", - "language: BuildLanguage.DOCKER", - "deploy_command: [\"docker\", \"push\", \"mock_proj\"]", - { - "build_trigger": "https://github.com/timyarkov/docker_test/blob/404a51a2f38c4470af6b32e4e00b5318c2d7c0cc/.github/workflows/github-actions-basic.yml" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "build_tool_name: docker", - "ci_service_name: github_actions", - "language: BuildLanguage.DOCKER", - "build_tool_command: [\"docker\", \"build\", \".\", \"-t\", \"mock_proj\", \"--file\", \"Dockerfile.final\"]", - { - "build_trigger": "https://github.com/timyarkov/docker_test/blob/404a51a2f38c4470af6b32e4e00b5318c2d7c0cc/.github/workflows/github-actions-basic.yml" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "git_repo": "https://github.com/timyarkov/docker_test" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "check_description": "Detects potential pipelines from which an artifact is published.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "check_description": "Check whether the commit came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "commit_digest: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "check_description": "Check whether the repo came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "repository_url: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "check_description": "Check whether the target has a level-1 witness provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -} diff --git a/tests/e2e/expected_results/jackson-databind/jackson-databind.dl b/tests/e2e/expected_results/jackson-databind/jackson-databind.dl new file mode 100644 index 000000000..04a317c83 --- /dev/null +++ b/tests/e2e/expected_results/jackson-databind/jackson-databind.dl @@ -0,0 +1,22 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_build_as_code_1"), + check_passed(component_id, "mcn_build_script_1"), + check_passed(component_id, "mcn_build_service_1"), + check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_infer_artifact_pipeline_1"), + check_failed(component_id, "mcn_provenance_available_1"), + check_failed(component_id, "mcn_provenance_derived_commit_1"), + check_failed(component_id, "mcn_provenance_derived_repo_1"), + check_failed(component_id, "mcn_provenance_expectation_1"), + check_failed(component_id, "mcn_provenance_level_three_1"), + check_failed(component_id, "mcn_provenance_witness_level_one_1"), + check_failed(component_id, "mcn_trusted_builder_level_three_1"), + is_repo_url(component_id, "https://github.com/FasterXML/jackson-databind"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.14.0-rc1"). diff --git a/tests/e2e/expected_results/jackson-databind/jackson-databind.json b/tests/e2e/expected_results/jackson-databind/jackson-databind.json deleted file mode 100644 index 348604529..000000000 --- a/tests/e2e/expected_results/jackson-databind/jackson-databind.json +++ /dev/null @@ -1,375 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-07 15:14:17", - "has_passing_check": true, - "run_checks": [ - "mcn_provenance_available_1", - "mcn_provenance_witness_level_one_1", - "mcn_build_as_code_1", - "mcn_provenance_derived_commit_1", - "mcn_provenance_level_three_1", - "mcn_version_control_system_1", - "mcn_infer_artifact_pipeline_1", - "mcn_trusted_builder_level_three_1", - "mcn_build_script_1", - "mcn_build_service_1", - "mcn_provenance_expectation_1", - "mcn_provenance_derived_repo_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_witness_level_one_1": {}, - "mcn_provenance_level_three_1": {}, - "mcn_provenance_expectation_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_build_service_1": {}, - "mcn_infer_artifact_pipeline_1": {} - } - }, - "mcn_build_script_1": {} - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.14.0-rc1", - "local_cloned_path": "git_repos/github_com/FasterXML/jackson-databind", - "remote_path": "https://github.com/FasterXML/jackson-databind", - "branch": null, - "commit_hash": "6e7ff14e2d850bfed2ebf8ebd6b3d71ce668cadd", - "commit_date": "2022-09-25T16:03:22-07:00" - }, - "provenances": { - "is_inferred": true, - "content": { - "github_actions": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "subject": [], - "predicateType": "https://slsa.dev/provenance/v0.2", - "predicate": { - "builder": { - "id": "https://github.com/FasterXML/jackson-databind/blob/6e7ff14e2d850bfed2ebf8ebd6b3d71ce668cadd/.github/workflows/main.yml" - }, - "buildType": "Custom github_actions", - "invocation": { - "configSource": { - "uri": "https://github.com/FasterXML/jackson-databind@refs/heads/None", - "digest": { - "sha1": "6e7ff14e2d850bfed2ebf8ebd6b3d71ce668cadd" - }, - "entryPoint": "https://github.com/FasterXML/jackson-databind/blob/6e7ff14e2d850bfed2ebf8ebd6b3d71ce668cadd/.github/workflows/main.yml" - }, - "parameters": {}, - "environment": {} - }, - "buildConfig": { - "jobID": "build", - "stepID": "", - "stepName": "Deploy snapshot" - }, - "metadata": { - "buildInvocationId": "", - "buildStartedOn": "", - "buildFinishedOn": "", - "completeness": { - "parameters": "false", - "environment": "false", - "materials": "false" - }, - "reproducible": "false" - }, - "materials": [ - { - "uri": "", - "digest": {} - } - ] - } - } - ], - "travis_ci": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "subject": [], - "predicateType": "https://slsa.dev/provenance/v0.2", - "predicate": { - "builder": { - "id": "" - }, - "buildType": "", - "invocation": { - "configSource": { - "uri": "", - "digest": { - "sha1": "" - }, - "entryPoint": "" - }, - "parameters": {}, - "environment": {} - }, - "buildConfig": { - "jobID": "", - "stepID": "" - }, - "metadata": { - "buildInvocationId": "", - "buildStartedOn": "", - "buildFinishedOn": "", - "completeness": { - "parameters": "false", - "environment": "false", - "materials": "false" - }, - "reproducible": "false" - }, - "materials": [ - { - "uri": "", - "digest": {} - } - ] - } - } - ], - "Maven Central Registry": [] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 8, - "PASSED": 4, - "SKIPPED": 0, - "UNKNOWN": 0 - }, - "results": [ - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "build_tool_name: maven", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVA", - "language_distributions: [\"temurin\"]", - "language_versions: [\"8\", \"11\"]", - "deploy_command: [\"./mvnw\", \"-B\", \"-q\", \"-ff\", \"-DskipTests\", \"-ntp\", \"source:jar\", \"deploy\"]", - { - "build_trigger": "https://github.com/FasterXML/jackson-databind/blob/6e7ff14e2d850bfed2ebf8ebd6b3d71ce668cadd/.github/workflows/main.yml", - "language_url": "https://github.com/actions/setup-java" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "build_tool_name: maven", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVA", - "language_distributions: [\"temurin\"]", - "language_versions: [\"8\", \"11\"]", - "build_tool_command: [\"./mvnw\", \"-B\", \"-ff\", \"-ntp\", \"clean\", \"verify\"]", - { - "build_trigger": "https://github.com/FasterXML/jackson-databind/blob/6e7ff14e2d850bfed2ebf8ebd6b3d71ce668cadd/.github/workflows/main.yml", - "language_url": "https://github.com/actions/setup-java" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "git_repo": "https://github.com/FasterXML/jackson-databind" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "check_description": "Detects potential pipelines from which an artifact is published.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "check_description": "Check whether the commit came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "commit_digest: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "check_description": "Check whether the repo came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "repository_url: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "check_description": "Check whether the target has a level-1 witness provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -} diff --git a/tests/e2e/expected_results/maven/guava.dl b/tests/e2e/expected_results/maven/guava.dl new file mode 100644 index 000000000..5f5927982 --- /dev/null +++ b/tests/e2e/expected_results/maven/guava.dl @@ -0,0 +1,22 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_build_as_code_1"), + check_passed(component_id, "mcn_build_script_1"), + check_passed(component_id, "mcn_build_service_1"), + check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_infer_artifact_pipeline_1"), + check_failed(component_id, "mcn_provenance_available_1"), + check_failed(component_id, "mcn_provenance_derived_commit_1"), + check_failed(component_id, "mcn_provenance_derived_repo_1"), + check_failed(component_id, "mcn_provenance_expectation_1"), + check_failed(component_id, "mcn_provenance_level_three_1"), + check_failed(component_id, "mcn_provenance_witness_level_one_1"), + check_failed(component_id, "mcn_trusted_builder_level_three_1"), + is_repo_url(component_id, "https://github.com/google/guava"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:github.com/google/guava@d8633ac8539dae52c8361f79c7a0dbd9ad6dd2c4"). diff --git a/tests/e2e/expected_results/maven/guava.json b/tests/e2e/expected_results/maven/guava.json deleted file mode 100644 index 695ec93ff..000000000 --- a/tests/e2e/expected_results/maven/guava.json +++ /dev/null @@ -1,330 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-07 15:15:48", - "has_passing_check": true, - "run_checks": [ - "mcn_provenance_available_1", - "mcn_provenance_witness_level_one_1", - "mcn_build_as_code_1", - "mcn_provenance_derived_commit_1", - "mcn_provenance_level_three_1", - "mcn_version_control_system_1", - "mcn_infer_artifact_pipeline_1", - "mcn_trusted_builder_level_three_1", - "mcn_build_script_1", - "mcn_build_service_1", - "mcn_provenance_expectation_1", - "mcn_provenance_derived_repo_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_witness_level_one_1": {}, - "mcn_provenance_level_three_1": {}, - "mcn_provenance_expectation_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_build_service_1": {}, - "mcn_infer_artifact_pipeline_1": {} - } - }, - "mcn_build_script_1": {} - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:github.com/google/guava@d8633ac8539dae52c8361f79c7a0dbd9ad6dd2c4", - "local_cloned_path": "git_repos/github_com/google/guava", - "remote_path": "https://github.com/google/guava", - "branch": "master", - "commit_hash": "d8633ac8539dae52c8361f79c7a0dbd9ad6dd2c4", - "commit_date": "2022-06-16T01:55:17-07:00" - }, - "provenances": { - "is_inferred": true, - "content": { - "github_actions": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "subject": [], - "predicateType": "https://slsa.dev/provenance/v0.2", - "predicate": { - "builder": { - "id": "https://github.com/google/guava/blob/d8633ac8539dae52c8361f79c7a0dbd9ad6dd2c4/.github/workflows/ci.yml" - }, - "buildType": "Custom github_actions", - "invocation": { - "configSource": { - "uri": "https://github.com/google/guava@refs/heads/master", - "digest": { - "sha1": "d8633ac8539dae52c8361f79c7a0dbd9ad6dd2c4" - }, - "entryPoint": "https://github.com/google/guava/blob/d8633ac8539dae52c8361f79c7a0dbd9ad6dd2c4/.github/workflows/ci.yml" - }, - "parameters": {}, - "environment": {} - }, - "buildConfig": { - "jobID": "publish_snapshot", - "stepID": "", - "stepName": "Publish" - }, - "metadata": { - "buildInvocationId": "", - "buildStartedOn": "", - "buildFinishedOn": "", - "completeness": { - "parameters": "false", - "environment": "false", - "materials": "false" - }, - "reproducible": "false" - }, - "materials": [ - { - "uri": "", - "digest": {} - } - ] - } - } - ], - "Maven Central Registry": [] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 8, - "PASSED": 4, - "SKIPPED": 0, - "UNKNOWN": 0 - }, - "results": [ - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "build_tool_name: maven", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVA", - "language_distributions: [\"zulu\"]", - "language_versions: [\"11\"]", - "deploy_command: [\"mvn\", \"clean\", \"source:jar\", \"javadoc:jar\", \"deploy\", \"-DskipTests=true\", \"\\\"$@\\\"\"]", - { - "build_trigger": "https://github.com/google/guava/blob/d8633ac8539dae52c8361f79c7a0dbd9ad6dd2c4/.github/workflows/ci.yml", - "language_url": "https://github.com/actions/setup-java" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "build_tool_name: maven", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVA", - "language_distributions: [\"zulu\"]", - "language_versions: [\"8\", \"11\"]", - "build_tool_command: [\"mvn\", \"-B\", \"-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn\", \"install\", \"-U\", \"-DskipTests=true\", \"-f\", \"$ROOT_POM\"]", - { - "build_trigger": "https://github.com/google/guava/blob/d8633ac8539dae52c8361f79c7a0dbd9ad6dd2c4/.github/workflows/ci.yml", - "language_url": "https://github.com/actions/setup-java" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "git_repo": "https://github.com/google/guava" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "check_description": "Detects potential pipelines from which an artifact is published.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "check_description": "Check whether the commit came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "commit_digest: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "check_description": "Check whether the repo came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "repository_url: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "check_description": "Check whether the target has a level-1 witness provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -} diff --git a/tests/e2e/expected_results/maven/maven.dl b/tests/e2e/expected_results/maven/maven.dl new file mode 100644 index 000000000..ef16459c9 --- /dev/null +++ b/tests/e2e/expected_results/maven/maven.dl @@ -0,0 +1,22 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_build_script_1"), + check_passed(component_id, "mcn_build_service_1"), + check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_build_as_code_1"), + check_failed(component_id, "mcn_infer_artifact_pipeline_1"), + check_failed(component_id, "mcn_provenance_available_1"), + check_failed(component_id, "mcn_provenance_derived_commit_1"), + check_failed(component_id, "mcn_provenance_derived_repo_1"), + check_failed(component_id, "mcn_provenance_expectation_1"), + check_failed(component_id, "mcn_provenance_level_three_1"), + check_failed(component_id, "mcn_provenance_witness_level_one_1"), + check_failed(component_id, "mcn_trusted_builder_level_three_1"), + is_repo_url(component_id, "https://github.com/apache/maven"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:github.com/apache/maven@3fc399318edef0d5ba593723a24fff64291d6f9b"). diff --git a/tests/e2e/expected_results/maven/maven.json b/tests/e2e/expected_results/maven/maven.json deleted file mode 100644 index ee6da7627..000000000 --- a/tests/e2e/expected_results/maven/maven.json +++ /dev/null @@ -1,375 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-07 15:15:49", - "has_passing_check": true, - "run_checks": [ - "mcn_provenance_available_1", - "mcn_provenance_witness_level_one_1", - "mcn_build_as_code_1", - "mcn_provenance_derived_commit_1", - "mcn_provenance_level_three_1", - "mcn_version_control_system_1", - "mcn_infer_artifact_pipeline_1", - "mcn_trusted_builder_level_three_1", - "mcn_build_script_1", - "mcn_build_service_1", - "mcn_provenance_expectation_1", - "mcn_provenance_derived_repo_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_expectation_1": {}, - "mcn_provenance_level_three_1": {}, - "mcn_provenance_witness_level_one_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_build_service_1": {}, - "mcn_infer_artifact_pipeline_1": {} - } - }, - "mcn_build_script_1": {} - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:github.com/apache/maven@3fc399318edef0d5ba593723a24fff64291d6f9b", - "local_cloned_path": "git_repos/github_com/apache/maven", - "remote_path": "https://github.com/apache/maven", - "branch": "master", - "commit_hash": "3fc399318edef0d5ba593723a24fff64291d6f9b", - "commit_date": "2023-10-20T21:20:23+02:00" - }, - "provenances": { - "is_inferred": true, - "content": { - "github_actions": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "subject": [], - "predicateType": "https://slsa.dev/provenance/v0.2", - "predicate": { - "builder": { - "id": "https://github.com/apache/maven/blob/3fc399318edef0d5ba593723a24fff64291d6f9b/.github/workflows/maven.yml" - }, - "buildType": "Custom github_actions", - "invocation": { - "configSource": { - "uri": "https://github.com/apache/maven@refs/heads/master", - "digest": { - "sha1": "3fc399318edef0d5ba593723a24fff64291d6f9b" - }, - "entryPoint": "https://github.com/apache/maven/blob/3fc399318edef0d5ba593723a24fff64291d6f9b/.github/workflows/maven.yml" - }, - "parameters": {}, - "environment": {} - }, - "buildConfig": { - "jobID": "", - "stepID": "", - "stepName": "" - }, - "metadata": { - "buildInvocationId": "", - "buildStartedOn": "", - "buildFinishedOn": "", - "completeness": { - "parameters": "false", - "environment": "false", - "materials": "false" - }, - "reproducible": "false" - }, - "materials": [ - { - "uri": "", - "digest": {} - } - ] - } - } - ], - "jenkins": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "subject": [], - "predicateType": "https://slsa.dev/provenance/v0.2", - "predicate": { - "builder": { - "id": "" - }, - "buildType": "", - "invocation": { - "configSource": { - "uri": "", - "digest": { - "sha1": "" - }, - "entryPoint": "" - }, - "parameters": {}, - "environment": {} - }, - "buildConfig": { - "jobID": "", - "stepID": "" - }, - "metadata": { - "buildInvocationId": "", - "buildStartedOn": "", - "buildFinishedOn": "", - "completeness": { - "parameters": "false", - "environment": "false", - "materials": "false" - }, - "reproducible": "false" - }, - "materials": [ - { - "uri": "", - "digest": {} - } - ] - } - } - ], - "Maven Central Registry": [] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 9, - "PASSED": 3, - "SKIPPED": 0, - "UNKNOWN": 0 - }, - "results": [ - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "build_tool_name: maven", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVA", - "language_distributions: [\"temurin\"]", - "language_versions: [\"11\", \"17\", \"21\"]", - "build_tool_command: [\"mvn\", \"install\", \"-e\", \"-B\", \"-V\", \"-DdistributionFileName=apache-maven\", \"-DskipTests\", \"-f\", \"maven/pom.xml\"]", - { - "build_trigger": "https://github.com/apache/maven/blob/3fc399318edef0d5ba593723a24fff64291d6f9b/.github/workflows/maven.yml", - "language_url": "https://github.com/actions/setup-java" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "build_tool_name: maven", - "ci_service_name: github_actions", - "build_command: [\"mvn\", \"install\", \"-e\", \"-B\", \"-V\", \"-DdistributionFileName=apache-maven\", \"-DskipTests\", \"-f\", \"maven/pom.xml\"]", - "language: BuildLanguage.JAVA", - "language_distributions: [\"temurin\"]", - "language_versions: [\"11\", \"17\", \"21\"]", - { - "build_trigger": "https://github.com/apache/maven/blob/3fc399318edef0d5ba593723a24fff64291d6f9b/.github/workflows/maven.yml", - "language_url": "https://github.com/actions/setup-java" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "git_repo": "https://github.com/apache/maven" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "check_description": "Detects potential pipelines from which an artifact is published.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "check_description": "Check whether the commit came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "commit_digest: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "check_description": "Check whether the repo came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "repository_url: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "check_description": "Check whether the target has a level-1 witness provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -} diff --git a/tests/e2e/expected_results/maven/mockito.dl b/tests/e2e/expected_results/maven/mockito.dl new file mode 100644 index 000000000..f754eb3e5 --- /dev/null +++ b/tests/e2e/expected_results/maven/mockito.dl @@ -0,0 +1,22 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_build_as_code_1"), + check_passed(component_id, "mcn_build_script_1"), + check_passed(component_id, "mcn_build_service_1"), + check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_infer_artifact_pipeline_1"), + check_failed(component_id, "mcn_provenance_available_1"), + check_failed(component_id, "mcn_provenance_derived_commit_1"), + check_failed(component_id, "mcn_provenance_derived_repo_1"), + check_failed(component_id, "mcn_provenance_expectation_1"), + check_failed(component_id, "mcn_provenance_level_three_1"), + check_failed(component_id, "mcn_provenance_witness_level_one_1"), + check_failed(component_id, "mcn_trusted_builder_level_three_1"), + is_repo_url(component_id, "https://github.com/mockito/mockito"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:github.com/mockito/mockito@512ee3949484e4765038a0410cd7a7f1b73cc655"). diff --git a/tests/e2e/expected_results/maven/mockito.json b/tests/e2e/expected_results/maven/mockito.json deleted file mode 100644 index a6a426b74..000000000 --- a/tests/e2e/expected_results/maven/mockito.json +++ /dev/null @@ -1,330 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-07 15:15:48", - "has_passing_check": true, - "run_checks": [ - "mcn_provenance_available_1", - "mcn_provenance_witness_level_one_1", - "mcn_build_as_code_1", - "mcn_provenance_derived_commit_1", - "mcn_provenance_level_three_1", - "mcn_version_control_system_1", - "mcn_infer_artifact_pipeline_1", - "mcn_trusted_builder_level_three_1", - "mcn_build_script_1", - "mcn_build_service_1", - "mcn_provenance_expectation_1", - "mcn_provenance_derived_repo_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_witness_level_one_1": {}, - "mcn_provenance_level_three_1": {}, - "mcn_provenance_expectation_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_build_service_1": {}, - "mcn_infer_artifact_pipeline_1": {} - } - }, - "mcn_build_script_1": {} - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:github.com/mockito/mockito@512ee3949484e4765038a0410cd7a7f1b73cc655", - "local_cloned_path": "git_repos/github_com/mockito/mockito", - "remote_path": "https://github.com/mockito/mockito", - "branch": "main", - "commit_hash": "512ee3949484e4765038a0410cd7a7f1b73cc655", - "commit_date": "2022-06-14T23:24:12+02:00" - }, - "provenances": { - "is_inferred": true, - "content": { - "github_actions": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "subject": [], - "predicateType": "https://slsa.dev/provenance/v0.2", - "predicate": { - "builder": { - "id": "https://github.com/mockito/mockito/blob/512ee3949484e4765038a0410cd7a7f1b73cc655/.github/workflows/ci.yml" - }, - "buildType": "Custom github_actions", - "invocation": { - "configSource": { - "uri": "https://github.com/mockito/mockito@refs/heads/main", - "digest": { - "sha1": "512ee3949484e4765038a0410cd7a7f1b73cc655" - }, - "entryPoint": "https://github.com/mockito/mockito/blob/512ee3949484e4765038a0410cd7a7f1b73cc655/.github/workflows/ci.yml" - }, - "parameters": {}, - "environment": {} - }, - "buildConfig": { - "jobID": "release", - "stepID": "", - "stepName": "Build and release" - }, - "metadata": { - "buildInvocationId": "", - "buildStartedOn": "", - "buildFinishedOn": "", - "completeness": { - "parameters": "false", - "environment": "false", - "materials": "false" - }, - "reproducible": "false" - }, - "materials": [ - { - "uri": "", - "digest": {} - } - ] - } - } - ], - "Maven Central Registry": [] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 8, - "PASSED": 4, - "SKIPPED": 0, - "UNKNOWN": 0 - }, - "results": [ - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "build_tool_name: gradle", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVA", - "language_distributions: [\"zulu\"]", - "language_versions: [\"11\"]", - "deploy_command: [\"./gradlew\", \"githubRelease\", \"publishToSonatype\", \"closeAndReleaseStagingRepository\", \"releaseSummary\"]", - { - "build_trigger": "https://github.com/mockito/mockito/blob/512ee3949484e4765038a0410cd7a7f1b73cc655/.github/workflows/ci.yml", - "language_url": "https://github.com/actions/setup-java" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "build_tool_name: gradle", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVA", - "language_distributions: [\"zulu\"]", - "language_versions: [\"8\", \"11\", \"17\"]", - "build_tool_command: [\"./gradlew\", \"--no-build-cache\", \"clean\", \"assemble\"]", - { - "build_trigger": "https://github.com/mockito/mockito/blob/512ee3949484e4765038a0410cd7a7f1b73cc655/.github/workflows/ci.yml", - "language_url": "https://github.com/actions/setup-java" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "git_repo": "https://github.com/mockito/mockito" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "check_description": "Detects potential pipelines from which an artifact is published.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "check_description": "Check whether the commit came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "commit_digest: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "check_description": "Check whether the repo came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "repository_url: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "check_description": "Check whether the target has a level-1 witness provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -} diff --git a/tests/e2e/expected_results/micronaut-test/caffeine.dl b/tests/e2e/expected_results/micronaut-test/caffeine.dl new file mode 100644 index 000000000..f1ed51a30 --- /dev/null +++ b/tests/e2e/expected_results/micronaut-test/caffeine.dl @@ -0,0 +1,22 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_build_as_code_1"), + check_passed(component_id, "mcn_build_script_1"), + check_passed(component_id, "mcn_build_service_1"), + check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_infer_artifact_pipeline_1"), + check_failed(component_id, "mcn_provenance_available_1"), + check_failed(component_id, "mcn_provenance_derived_commit_1"), + check_failed(component_id, "mcn_provenance_derived_repo_1"), + check_failed(component_id, "mcn_provenance_expectation_1"), + check_failed(component_id, "mcn_provenance_level_three_1"), + check_failed(component_id, "mcn_provenance_witness_level_one_1"), + check_failed(component_id, "mcn_trusted_builder_level_three_1"), + is_repo_url(component_id, "https://github.com/ben-manes/caffeine"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:github.com/ben-manes/caffeine@05a040c2478341bab8a58a02b3dc1fe14d626d72"). diff --git a/tests/e2e/expected_results/micronaut-test/caffeine.json b/tests/e2e/expected_results/micronaut-test/caffeine.json deleted file mode 100644 index 8fea54225..000000000 --- a/tests/e2e/expected_results/micronaut-test/caffeine.json +++ /dev/null @@ -1,373 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-07 15:12:39", - "has_passing_check": true, - "run_checks": [ - "mcn_provenance_available_1", - "mcn_provenance_witness_level_one_1", - "mcn_build_as_code_1", - "mcn_provenance_derived_commit_1", - "mcn_provenance_level_three_1", - "mcn_version_control_system_1", - "mcn_infer_artifact_pipeline_1", - "mcn_trusted_builder_level_three_1", - "mcn_build_script_1", - "mcn_build_service_1", - "mcn_provenance_expectation_1", - "mcn_provenance_derived_repo_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_witness_level_one_1": {}, - "mcn_provenance_expectation_1": {}, - "mcn_provenance_level_three_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_build_script_1": {}, - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_infer_artifact_pipeline_1": {}, - "mcn_build_service_1": {} - } - } - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:github.com/ben-manes/caffeine@05a040c2478341bab8a58a02b3dc1fe14d626d72", - "local_cloned_path": "git_repos/github_com/ben-manes/caffeine", - "remote_path": "https://github.com/ben-manes/caffeine", - "branch": null, - "commit_hash": "05a040c2478341bab8a58a02b3dc1fe14d626d72", - "commit_date": "2021-12-02T01:04:44-08:00" - }, - "provenances": { - "is_inferred": true, - "content": { - "github_actions": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "subject": [], - "predicateType": "https://slsa.dev/provenance/v0.2", - "predicate": { - "builder": { - "id": "https://github.com/ben-manes/caffeine/blob/05a040c2478341bab8a58a02b3dc1fe14d626d72/.github/workflows/release.yml" - }, - "buildType": "Custom github_actions", - "invocation": { - "configSource": { - "uri": "https://github.com/ben-manes/caffeine@refs/heads/None", - "digest": { - "sha1": "05a040c2478341bab8a58a02b3dc1fe14d626d72" - }, - "entryPoint": "https://github.com/ben-manes/caffeine/blob/05a040c2478341bab8a58a02b3dc1fe14d626d72/.github/workflows/release.yml" - }, - "parameters": {}, - "environment": {} - }, - "buildConfig": { - "jobID": "release", - "stepID": "", - "stepName": "Releasing" - }, - "metadata": { - "buildInvocationId": "", - "buildStartedOn": "", - "buildFinishedOn": "", - "completeness": { - "parameters": "false", - "environment": "false", - "materials": "false" - }, - "reproducible": "false" - }, - "materials": [ - { - "uri": "", - "digest": {} - } - ] - } - } - ], - "circle_ci": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "subject": [], - "predicateType": "https://slsa.dev/provenance/v0.2", - "predicate": { - "builder": { - "id": "" - }, - "buildType": "", - "invocation": { - "configSource": { - "uri": "", - "digest": { - "sha1": "" - }, - "entryPoint": "" - }, - "parameters": {}, - "environment": {} - }, - "buildConfig": { - "jobID": "", - "stepID": "" - }, - "metadata": { - "buildInvocationId": "", - "buildStartedOn": "", - "buildFinishedOn": "", - "completeness": { - "parameters": "false", - "environment": "false", - "materials": "false" - }, - "reproducible": "false" - }, - "materials": [ - { - "uri": "", - "digest": {} - } - ] - } - } - ], - "Maven Central Registry": [] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 8, - "PASSED": 4, - "SKIPPED": 0, - "UNKNOWN": 0 - }, - "results": [ - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "build_tool_name: gradle", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVA", - "language_versions: [\"8\"]", - "deploy_command: [\"./gradlew\", \"publishToSonatype\", \"closeAndReleaseSonatypeStagingRepository\", \"-Prelease\"]", - { - "build_trigger": "https://github.com/ben-manes/caffeine/blob/05a040c2478341bab8a58a02b3dc1fe14d626d72/.github/workflows/release.yml", - "language_url": "https://github.com/actions/setup-java" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "build_tool_name: gradle", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVA", - "language_versions: [\"8\", \"15\"]", - "build_tool_command: [\"./gradlew\", \"coveralls\"]", - { - "build_trigger": "https://github.com/ben-manes/caffeine/blob/05a040c2478341bab8a58a02b3dc1fe14d626d72/.github/workflows/build.yml", - "language_url": "https://github.com/actions/setup-java" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "git_repo": "https://github.com/ben-manes/caffeine" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "check_description": "Detects potential pipelines from which an artifact is published.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "check_description": "Check whether the commit came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "commit_digest: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "check_description": "Check whether the repo came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "repository_url: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "check_description": "Check whether the target has a level-1 witness provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -} diff --git a/tests/e2e/expected_results/micronaut-test/dependencies.json b/tests/e2e/expected_results/micronaut-test/dependencies.json deleted file mode 100644 index 328510099..000000000 --- a/tests/e2e/expected_results/micronaut-test/dependencies.json +++ /dev/null @@ -1 +0,0 @@ -[{"id": "slf4j", "path": "https://github.com/qos-ch/slf4j.git", "branch": "", "digest": "e9ee55cca93c2bf26f14482a9bdf961c750d2a56", "note": "", "available": "AVAILABLE"}, {"id": "caffeine", "path": "https://github.com/ben-manes/caffeine.git", "branch": "", "digest": "05a040c2478341bab8a58a02b3dc1fe14d626d72", "note": "", "available": "AVAILABLE"}] diff --git a/tests/e2e/expected_results/micronaut-test/micronaut-test-branch-commit.dl b/tests/e2e/expected_results/micronaut-test/micronaut-test-branch-commit.dl new file mode 100644 index 000000000..562443237 --- /dev/null +++ b/tests/e2e/expected_results/micronaut-test/micronaut-test-branch-commit.dl @@ -0,0 +1,19 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_build_as_code_1"), + check_passed(component_id, "mcn_build_script_1"), + check_passed(component_id, "mcn_build_service_1"), + check_passed(component_id, "mcn_provenance_available_1"), + check_passed(component_id, "mcn_provenance_level_three_1"), + check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_infer_artifact_pipeline_1"), + check_failed(component_id, "mcn_provenance_witness_level_one_1"), + check_failed(component_id, "mcn_trusted_builder_level_three_1"), + is_repo_url(component_id, "https://github.com/micronaut-projects/micronaut-test"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:github.com/micronaut-projects/micronaut-test@7679d10b4073a3b842b6c56877c35fa8cd10acff"). diff --git a/tests/e2e/expected_results/micronaut-test/micronaut-test-branch-commit.json b/tests/e2e/expected_results/micronaut-test/micronaut-test-branch-commit.json deleted file mode 100644 index 03327b0b1..000000000 --- a/tests/e2e/expected_results/micronaut-test/micronaut-test-branch-commit.json +++ /dev/null @@ -1,518 +0,0 @@ -{ - "metadata": { - "timestamps": "2023-12-22 12:47:48", - "has_passing_check": true - }, - "target": { - "info": { - "full_name": "pkg:github.com/micronaut-projects/micronaut-test@7679d10b4073a3b842b6c56877c35fa8cd10acff", - "local_cloned_path": "git_repos/github_com/micronaut-projects/micronaut-test", - "remote_path": "https://github.com/micronaut-projects/micronaut-test", - "branch": "master", - "commit_hash": "7679d10b4073a3b842b6c56877c35fa8cd10acff", - "commit_date": "2023-11-07T06:43:31+01:00" - }, - "provenances": { - "is_inferred": false, - "content": { - "github_actions": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "predicateType": "https://slsa.dev/provenance/v0.2", - "subject": [ - { - "name": "build/repo/io/micronaut/test/micronaut-test-bom/4.1.1/micronaut-test-bom-4.1.1.pom", - "digest": { - "sha256": "df0ac294009fb49a90d3b43eb6866b118d4e63f1e41f43b85ef472278835171e" - } - }, - { - "name": "build/repo/io/micronaut/test/micronaut-test-core/4.1.1/micronaut-test-core-4.1.1.jar", - "digest": { - "sha256": "374a135cd10f5dc3affb7c69129f51907260d5d09c40fe1c612a3f2967c1db82" - } - }, - { - "name": "build/repo/io/micronaut/test/micronaut-test-core/4.1.1/micronaut-test-core-4.1.1.pom", - "digest": { - "sha256": "de4735ef53a4019584c4f16cc17e476cecdd9e44efc37c3ba9c9cedeafe23e43" - } - }, - { - "name": "build/repo/io/micronaut/test/micronaut-test-junit5/4.1.1/micronaut-test-junit5-4.1.1.jar", - "digest": { - "sha256": "655a851b405ed4fa8d86927591f0860fe600458b5e311f5074096f6cfa8ac596" - } - }, - { - "name": "build/repo/io/micronaut/test/micronaut-test-junit5/4.1.1/micronaut-test-junit5-4.1.1.pom", - "digest": { - "sha256": "9210cec65c1050305497f4c7751d951964cfb1f1f60c1e21434f74d60345a487" - } - }, - { - "name": "build/repo/io/micronaut/test/micronaut-test-kotest5/4.1.1/micronaut-test-kotest5-4.1.1.jar", - "digest": { - "sha256": "b80e3b51b9a5af5ceab3c4e424069081872107d5fdd1e005811b204ea497e399" - } - }, - { - "name": "build/repo/io/micronaut/test/micronaut-test-kotest5/4.1.1/micronaut-test-kotest5-4.1.1.pom", - "digest": { - "sha256": "f9146d727be9811ff4dac12b0a96c60849cda063b51d534d2c4415766b438c45" - } - }, - { - "name": "build/repo/io/micronaut/test/micronaut-test-rest-assured/4.1.1/micronaut-test-rest-assured-4.1.1.jar", - "digest": { - "sha256": "39aaef0081f064468125446a1fab1da68e49f1af4cd396445dab6b89ec9f778c" - } - }, - { - "name": "build/repo/io/micronaut/test/micronaut-test-rest-assured/4.1.1/micronaut-test-rest-assured-4.1.1.pom", - "digest": { - "sha256": "9fc1c1f0c4824d990310234e223acba57cb7c3dbbcebbb194382989f5bd4145b" - } - }, - { - "name": "build/repo/io/micronaut/test/micronaut-test-spock/4.1.1/micronaut-test-spock-4.1.1.jar", - "digest": { - "sha256": "ba34b2238565a5d5737aabcc4e96dde1d328348b7fcbbc123c3f37cb3884c7fc" - } - }, - { - "name": "build/repo/io/micronaut/test/micronaut-test-spock/4.1.1/micronaut-test-spock-4.1.1.pom", - "digest": { - "sha256": "6ad7b0bc411fa8e0dcd3de9fb27aa8f1f23c5c946f738c607ecb873314ba86b4" - } - } - ], - "predicate": { - "builder": { - "id": "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v1.9.0" - }, - "buildType": "https://github.com/slsa-framework/slsa-github-generator/generic@v1", - "invocation": { - "configSource": { - "uri": "git+https://github.com/micronaut-projects/micronaut-test@refs/tags/v4.1.1", - "digest": { - "sha1": "0ad6b0e87e695e90ab9f0c8df28a49101cd00d70" - }, - "entryPoint": ".github/workflows/release.yml" - }, - "parameters": {}, - "environment": { - "github_actor": "sdelamo", - "github_actor_id": "864788", - "github_base_ref": "", - "github_event_name": "release", - "github_event_payload": { - "action": "published", - "organization": { - "avatar_url": "https://avatars.githubusercontent.com/u/36880643?v=4", - "description": "", - "events_url": "https://api.github.com/orgs/micronaut-projects/events", - "hooks_url": "https://api.github.com/orgs/micronaut-projects/hooks", - "id": 36880643, - "issues_url": "https://api.github.com/orgs/micronaut-projects/issues", - "login": "micronaut-projects", - "members_url": "https://api.github.com/orgs/micronaut-projects/members{/member}", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjM2ODgwNjQz", - "public_members_url": "https://api.github.com/orgs/micronaut-projects/public_members{/member}", - "repos_url": "https://api.github.com/orgs/micronaut-projects/repos", - "url": "https://api.github.com/orgs/micronaut-projects" - }, - "release": { - "assets": [], - "assets_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/releases/132296768/assets", - "author": { - "avatar_url": "https://avatars.githubusercontent.com/u/864788?v=4", - "events_url": "https://api.github.com/users/sdelamo/events{/privacy}", - "followers_url": "https://api.github.com/users/sdelamo/followers", - "following_url": "https://api.github.com/users/sdelamo/following{/other_user}", - "gists_url": "https://api.github.com/users/sdelamo/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/sdelamo", - "id": 864788, - "login": "sdelamo", - "node_id": "MDQ6VXNlcjg2NDc4OA==", - "organizations_url": "https://api.github.com/users/sdelamo/orgs", - "received_events_url": "https://api.github.com/users/sdelamo/received_events", - "repos_url": "https://api.github.com/users/sdelamo/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/sdelamo/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/sdelamo/subscriptions", - "type": "User", - "url": "https://api.github.com/users/sdelamo" - }, - "body": "\r\n\r\n## What's Changed\r\n### Improvements \u2b50\r\n* check if bean of type ResourceLoader exists by @sdelamo in https://github.com/micronaut-projects/micronaut-test/pull/906\r\n### Dependency updates \ud83d\ude80\r\n* fix(deps): update junit5 monorepo to v5.10.1 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/885\r\n* chore(deps): update graalvm/setup-graalvm action to v1.1.5 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/884\r\n\r\n\r\n**Full Changelog**: https://github.com/micronaut-projects/micronaut-test/compare/v4.1.0...v4.1.1", - "created_at": "2023-12-01T14:49:53Z", - "draft": false, - "html_url": "https://github.com/micronaut-projects/micronaut-test/releases/tag/v4.1.1", - "id": 132296768, - "mentions_count": 2, - "name": "Micronaut Test 4.1.1", - "node_id": "RE_kwDOCPx9Ys4H4rBA", - "prerelease": false, - "published_at": "2023-12-01T14:50:40Z", - "tag_name": "v4.1.1", - "tarball_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/tarball/v4.1.1", - "target_commitish": "4.1.x", - "upload_url": "https://uploads.github.com/repos/micronaut-projects/micronaut-test/releases/132296768/assets{?name,label}", - "url": "https://api.github.com/repos/micronaut-projects/micronaut-test/releases/132296768", - "zipball_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/zipball/v4.1.1" - }, - "repository": { - "allow_forking": true, - "archive_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/{archive_format}{/ref}", - "archived": false, - "assignees_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/assignees{/user}", - "blobs_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/git/blobs{/sha}", - "branches_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/branches{/branch}", - "clone_url": "https://github.com/micronaut-projects/micronaut-test.git", - "collaborators_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/collaborators{/collaborator}", - "comments_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/comments{/number}", - "commits_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/commits{/sha}", - "compare_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/compare/{base}...{head}", - "contents_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/contents/{+path}", - "contributors_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/contributors", - "created_at": "2018-09-28T16:07:55Z", - "custom_properties": {}, - "default_branch": "master", - "deployments_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/deployments", - "description": "Repository for Test Related Utilities for Micronaut", - "disabled": false, - "downloads_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/downloads", - "events_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/events", - "fork": false, - "forks": 58, - "forks_count": 58, - "forks_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/forks", - "full_name": "micronaut-projects/micronaut-test", - "git_commits_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/git/commits{/sha}", - "git_refs_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/git/refs{/sha}", - "git_tags_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/git/tags{/sha}", - "git_url": "git://github.com/micronaut-projects/micronaut-test.git", - "has_discussions": false, - "has_downloads": true, - "has_issues": true, - "has_pages": true, - "has_projects": true, - "has_wiki": true, - "homepage": "", - "hooks_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/hooks", - "html_url": "https://github.com/micronaut-projects/micronaut-test", - "id": 150764898, - "is_template": false, - "issue_comment_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/issues/comments{/number}", - "issue_events_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/issues/events{/number}", - "issues_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/issues{/number}", - "keys_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/keys{/key_id}", - "labels_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/labels{/name}", - "language": "Java", - "languages_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/languages", - "license": { - "key": "apache-2.0", - "name": "Apache License 2.0", - "node_id": "MDc6TGljZW5zZTI=", - "spdx_id": "Apache-2.0", - "url": "https://api.github.com/licenses/apache-2.0" - }, - "merges_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/merges", - "milestones_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/milestones{/number}", - "mirror_url": null, - "name": "micronaut-test", - "node_id": "MDEwOlJlcG9zaXRvcnkxNTA3NjQ4OTg=", - "notifications_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/notifications{?since,all,participating}", - "open_issues": 44, - "open_issues_count": 44, - "owner": { - "avatar_url": "https://avatars.githubusercontent.com/u/36880643?v=4", - "events_url": "https://api.github.com/users/micronaut-projects/events{/privacy}", - "followers_url": "https://api.github.com/users/micronaut-projects/followers", - "following_url": "https://api.github.com/users/micronaut-projects/following{/other_user}", - "gists_url": "https://api.github.com/users/micronaut-projects/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/micronaut-projects", - "id": 36880643, - "login": "micronaut-projects", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjM2ODgwNjQz", - "organizations_url": "https://api.github.com/users/micronaut-projects/orgs", - "received_events_url": "https://api.github.com/users/micronaut-projects/received_events", - "repos_url": "https://api.github.com/users/micronaut-projects/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/micronaut-projects/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/micronaut-projects/subscriptions", - "type": "Organization", - "url": "https://api.github.com/users/micronaut-projects" - }, - "private": false, - "pulls_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/pulls{/number}", - "pushed_at": "2023-12-01T14:50:39Z", - "releases_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/releases{/id}", - "size": 23465, - "ssh_url": "git@github.com:micronaut-projects/micronaut-test.git", - "stargazers_count": 78, - "stargazers_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/stargazers", - "statuses_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/statuses/{sha}", - "subscribers_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/subscribers", - "subscription_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/subscription", - "svn_url": "https://github.com/micronaut-projects/micronaut-test", - "tags_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/tags", - "teams_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/teams", - "topics": [], - "trees_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/git/trees{/sha}", - "updated_at": "2023-11-26T20:02:46Z", - "url": "https://api.github.com/repos/micronaut-projects/micronaut-test", - "visibility": "public", - "watchers": 78, - "watchers_count": 78, - "web_commit_signoff_required": false - }, - "sender": { - "avatar_url": "https://avatars.githubusercontent.com/u/864788?v=4", - "events_url": "https://api.github.com/users/sdelamo/events{/privacy}", - "followers_url": "https://api.github.com/users/sdelamo/followers", - "following_url": "https://api.github.com/users/sdelamo/following{/other_user}", - "gists_url": "https://api.github.com/users/sdelamo/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/sdelamo", - "id": 864788, - "login": "sdelamo", - "node_id": "MDQ6VXNlcjg2NDc4OA==", - "organizations_url": "https://api.github.com/users/sdelamo/orgs", - "received_events_url": "https://api.github.com/users/sdelamo/received_events", - "repos_url": "https://api.github.com/users/sdelamo/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/sdelamo/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/sdelamo/subscriptions", - "type": "User", - "url": "https://api.github.com/users/sdelamo" - } - }, - "github_head_ref": "", - "github_ref": "refs/tags/v4.1.1", - "github_ref_type": "tag", - "github_repository_id": "150764898", - "github_repository_owner": "micronaut-projects", - "github_repository_owner_id": "36880643", - "github_run_attempt": "1", - "github_run_id": "7061527707", - "github_run_number": "74", - "github_sha1": "0ad6b0e87e695e90ab9f0c8df28a49101cd00d70" - } - }, - "metadata": { - "buildInvocationID": "7061527707-1", - "completeness": { - "parameters": true, - "environment": false, - "materials": false - }, - "reproducible": false - }, - "materials": [ - { - "uri": "git+https://github.com/micronaut-projects/micronaut-test@refs/tags/v4.1.1", - "digest": { - "sha1": "0ad6b0e87e695e90ab9f0c8df28a49101cd00d70" - } - } - ] - } - } - ], - "Maven Central Registry": [] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 3, - "PASSED": 6, - "SKIPPED": 0, - "UNKNOWN": 1 - }, - "results": [ - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - "No expectation defined for this repository." - ], - "result_type": "UNKNOWN" - }, - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - { - "The target repository uses build tool gradle to deploy": "https://github.com/micronaut-projects/micronaut-test/blob/7679d10b4073a3b842b6c56877c35fa8cd10acff/.github/workflows/gradle.yml", - "The build is triggered by": "https://github.com/micronaut-projects/micronaut-test/blob/7679d10b4073a3b842b6c56877c35fa8cd10acff/.github/workflows/gradle.yml" - }, - "Deploy command: ['./gradlew', 'publishToSonatype', 'docs', '--no-daemon']", - "However, could not find a passing workflow run." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "Check mcn_build_script_1 is set to PASSED because mcn_build_service_1 PASSED." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "Check mcn_build_service_1 is set to PASSED because mcn_build_as_code_1 PASSED." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Found provenance in release assets:", - "https://api.github.com/repos/micronaut-projects/micronaut-test/releases/assets/138429786" - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Successfully verified level 3: ", - "verify passed : build/repo/micronaut-test-bom/4.1.1/micronaut-test-bom-4.1.1.pom,verify passed : build/repo/micronaut-test-core/4.1.1/micronaut-test-core-4.1.1.jar,verify passed : build/repo/micronaut-test-core/4.1.1/micronaut-test-core-4.1.1.pom,verify passed : build/repo/micronaut-test-junit5/4.1.1/micronaut-test-junit5-4.1.1.jar,verify passed : build/repo/micronaut-test-junit5/4.1.1/micronaut-test-junit5-4.1.1.pom,verify passed : build/repo/micronaut-test-kotest5/4.1.1/micronaut-test-kotest5-4.1.1.jar,verify passed : build/repo/micronaut-test-kotest5/4.1.1/micronaut-test-kotest5-4.1.1.pom,verify passed : build/repo/micronaut-test-rest-assured/4.1.1/micronaut-test-rest-assured-4.1.1.jar,verify passed : build/repo/micronaut-test-rest-assured/4.1.1/micronaut-test-rest-assured-4.1.1.pom,verify passed : build/repo/micronaut-test-spock/4.1.1/micronaut-test-spock-4.1.1.jar,verify passed : build/repo/micronaut-test-spock/4.1.1/micronaut-test-spock-4.1.1.pom" - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "This is a Git repository": "https://github.com/micronaut-projects/micronaut-test" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "check_description": "Detects potential pipelines from which an artifact is published.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Unable to find a publishing timestamp for the artifact." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "check_description": "Check whether the target has a level-1 witness provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Failed to discover any witness provenance." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "Could not find a trusted level 3 builder as a GitHub Actions workflow." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -} diff --git a/tests/e2e/expected_results/micronaut-test/micronaut-test.dl b/tests/e2e/expected_results/micronaut-test/micronaut-test.dl new file mode 100644 index 000000000..89eace2a1 --- /dev/null +++ b/tests/e2e/expected_results/micronaut-test/micronaut-test.dl @@ -0,0 +1,21 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_build_as_code_1"), + check_passed(component_id, "mcn_build_script_1"), + check_passed(component_id, "mcn_build_service_1"), + check_passed(component_id, "mcn_provenance_available_1"), + check_passed(component_id, "mcn_provenance_level_three_1"), + check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_infer_artifact_pipeline_1"), + check_failed(component_id, "mcn_provenance_derived_commit_1"), + check_failed(component_id, "mcn_provenance_derived_repo_1"), + check_failed(component_id, "mcn_provenance_witness_level_one_1"), + check_failed(component_id, "mcn_trusted_builder_level_three_1"), + is_repo_url(component_id, "https://github.com/micronaut-projects/micronaut-test"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:github.com/micronaut-projects/micronaut-test@7679d10b4073a3b842b6c56877c35fa8cd10acff"). diff --git a/tests/e2e/expected_results/micronaut-test/micronaut-test.json b/tests/e2e/expected_results/micronaut-test/micronaut-test.json deleted file mode 100644 index fb0ce16c7..000000000 --- a/tests/e2e/expected_results/micronaut-test/micronaut-test.json +++ /dev/null @@ -1,607 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-07 15:12:39", - "has_passing_check": true, - "run_checks": [ - "mcn_provenance_available_1", - "mcn_provenance_witness_level_one_1", - "mcn_build_as_code_1", - "mcn_provenance_derived_commit_1", - "mcn_provenance_level_three_1", - "mcn_version_control_system_1", - "mcn_infer_artifact_pipeline_1", - "mcn_trusted_builder_level_three_1", - "mcn_build_script_1", - "mcn_build_service_1", - "mcn_provenance_expectation_1", - "mcn_provenance_derived_repo_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_witness_level_one_1": {}, - "mcn_provenance_expectation_1": {}, - "mcn_provenance_level_three_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_build_script_1": {}, - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_infer_artifact_pipeline_1": {}, - "mcn_build_service_1": {} - } - } - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:github.com/micronaut-projects/micronaut-test@7679d10b4073a3b842b6c56877c35fa8cd10acff", - "local_cloned_path": "git_repos/github_com/micronaut-projects/micronaut-test", - "remote_path": "https://github.com/micronaut-projects/micronaut-test", - "branch": null, - "commit_hash": "7679d10b4073a3b842b6c56877c35fa8cd10acff", - "commit_date": "2023-11-07T06:43:31+01:00" - }, - "provenances": { - "is_inferred": false, - "content": { - "github_actions": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "predicateType": "https://slsa.dev/provenance/v0.2", - "subject": [ - { - "name": "build/repo/io/micronaut/test/micronaut-test-bom/4.3.0/micronaut-test-bom-4.3.0.pom", - "digest": { - "sha256": "901fb8c7adaf5938d7f066d44caa796a1eeadb55424c5370a16ac82c8c122501" - } - }, - { - "name": "build/repo/io/micronaut/test/micronaut-test-core/4.3.0/micronaut-test-core-4.3.0.jar", - "digest": { - "sha256": "4875038a3c7f012952217866ad8bea95241d10679881c465e71d249885d7c282" - } - }, - { - "name": "build/repo/io/micronaut/test/micronaut-test-core/4.3.0/micronaut-test-core-4.3.0.pom", - "digest": { - "sha256": "f81ebf05a0043b96103b83cd899d599373fb12ba31bbefdac73f995510d5d48e" - } - }, - { - "name": "build/repo/io/micronaut/test/micronaut-test-junit5/4.3.0/micronaut-test-junit5-4.3.0.jar", - "digest": { - "sha256": "cabca491d9af7c64931ee09d08f017b2c90547e6358f96b331215f65fe582788" - } - }, - { - "name": "build/repo/io/micronaut/test/micronaut-test-junit5/4.3.0/micronaut-test-junit5-4.3.0.pom", - "digest": { - "sha256": "dd30cade14531f235e5eef9aa4e38291b6e767833db2da338cdf41ddcec781a0" - } - }, - { - "name": "build/repo/io/micronaut/test/micronaut-test-kotest5/4.3.0/micronaut-test-kotest5-4.3.0.jar", - "digest": { - "sha256": "3e56d9d03588a83c7664a134aa0b3a71023db6fc5213b2632dc11cb88c8a0932" - } - }, - { - "name": "build/repo/io/micronaut/test/micronaut-test-kotest5/4.3.0/micronaut-test-kotest5-4.3.0.pom", - "digest": { - "sha256": "8db9148ce33e90b6c09246a78d9856a1cab4a56a65915fe551cb4dbcc988a663" - } - }, - { - "name": "build/repo/io/micronaut/test/micronaut-test-rest-assured/4.3.0/micronaut-test-rest-assured-4.3.0.jar", - "digest": { - "sha256": "fc41bcfbc1ac6818b01f695dfc3e7b668ee48778c3233221465a843aaa71b619" - } - }, - { - "name": "build/repo/io/micronaut/test/micronaut-test-rest-assured/4.3.0/micronaut-test-rest-assured-4.3.0.pom", - "digest": { - "sha256": "099b25513c7637733f63106dffa59fe7dc1f7a9ef8f047737ff227824a824e77" - } - }, - { - "name": "build/repo/io/micronaut/test/micronaut-test-spock/4.3.0/micronaut-test-spock-4.3.0.jar", - "digest": { - "sha256": "7f25e6fedb7d02c05389dacf62c6a7ea19282e2e46f9ec9bde3a56a58dab7720" - } - }, - { - "name": "build/repo/io/micronaut/test/micronaut-test-spock/4.3.0/micronaut-test-spock-4.3.0.pom", - "digest": { - "sha256": "3f6de3130f30d9867302fa397936a80b62a3768683e279777e8f7c2c2789f80d" - } - } - ], - "predicate": { - "builder": { - "id": "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v1.10.0" - }, - "buildType": "https://github.com/slsa-framework/slsa-github-generator/generic@v1", - "invocation": { - "configSource": { - "uri": "git+https://github.com/micronaut-projects/micronaut-test@refs/tags/v4.3.0", - "digest": { - "sha1": "f241676bbf3f6072d18f1efd92060f51cb1c0d9b" - }, - "entryPoint": ".github/workflows/release.yml" - }, - "parameters": {}, - "environment": { - "github_actor": "sdelamo", - "github_actor_id": "864788", - "github_base_ref": "", - "github_event_name": "release", - "github_event_payload": { - "action": "published", - "organization": { - "avatar_url": "https://avatars.githubusercontent.com/u/36880643?v=4", - "description": "", - "events_url": "https://api.github.com/orgs/micronaut-projects/events", - "hooks_url": "https://api.github.com/orgs/micronaut-projects/hooks", - "id": 36880643, - "issues_url": "https://api.github.com/orgs/micronaut-projects/issues", - "login": "micronaut-projects", - "members_url": "https://api.github.com/orgs/micronaut-projects/members{/member}", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjM2ODgwNjQz", - "public_members_url": "https://api.github.com/orgs/micronaut-projects/public_members{/member}", - "repos_url": "https://api.github.com/orgs/micronaut-projects/repos", - "url": "https://api.github.com/orgs/micronaut-projects" - }, - "release": { - "assets": [], - "assets_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/releases/150098778/assets", - "author": { - "avatar_url": "https://avatars.githubusercontent.com/u/864788?v=4", - "events_url": "https://api.github.com/users/sdelamo/events{/privacy}", - "followers_url": "https://api.github.com/users/sdelamo/followers", - "following_url": "https://api.github.com/users/sdelamo/following{/other_user}", - "gists_url": "https://api.github.com/users/sdelamo/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/sdelamo", - "id": 864788, - "login": "sdelamo", - "node_id": "MDQ6VXNlcjg2NDc4OA==", - "organizations_url": "https://api.github.com/users/sdelamo/orgs", - "received_events_url": "https://api.github.com/users/sdelamo/received_events", - "repos_url": "https://api.github.com/users/sdelamo/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/sdelamo/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/sdelamo/subscriptions", - "type": "User", - "url": "https://api.github.com/users/sdelamo" - }, - "body": "\r\n\r\n## What's Changed\r\n### Bug Fixes \ud83d\udc1e\r\n* fix: TestSqlAnnotationHandler fails if context stopped in test by @timyates in https://github.com/micronaut-projects/micronaut-test/pull/951\r\n* fix: add interceptor around parameterized features by @timyates in https://github.com/micronaut-projects/micronaut-test/pull/953\r\n### Docs \ud83d\udcd6\r\n* Mention the annotation config when misconfigured by @timyates in https://github.com/micronaut-projects/micronaut-test/pull/957\r\n* Update settingUpJUnit5.adoc by @goodnic in https://github.com/micronaut-projects/micronaut-test/pull/970\r\n### Dependency updates \ud83d\ude80\r\n\r\n#### Mock\r\n* fix(deps): update dependency io.mockk:mockk to v1.13.10 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/963\r\n#### Mockito\r\n* fix(deps): update mockito monorepo to v5.10.0 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/942\r\n* fix(deps): update mockito monorepo to v5.11.0 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/966\r\n#### JUnit 5\r\n* fix(deps): update junit5 monorepo to v5.10.2 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/944\r\n#### AssertJ\r\n* fix(deps): update dependency org.assertj:assertj-core to v3.25.3 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/934\r\n\r\n#### KoTest\r\n* fix(deps): update managed.kotest to v5.8.1 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/977\r\n#### Kotlin \r\n* fix(deps): update kotlin monorepo to v1.9.23 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/969\r\n#### Micronaut Modules\r\n\r\n##### Micronaut Core\r\n* fix(deps): update dependency io.micronaut:micronaut-core-bom to v4.3.5 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/941\r\n* fix(deps): update dependency io.micronaut:micronaut-core-bom to v4.3.7 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/956\r\n* fix(deps): update dependency io.micronaut:micronaut-core-bom to v4.3.10 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/962\r\n* fix(deps): update dependency io.micronaut:micronaut-core-bom to v4.4.0 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/980\r\n##### Micronaut Serialization\r\n* fix(deps): update dependency io.micronaut.serde:micronaut-serde-bom to v2.8.1 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/931\r\n* fix(deps): update dependency io.micronaut.serde:micronaut-serde-bom to v2.8.2 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/976\r\n* fix(deps): update dependency io.micronaut.serde:micronaut-serde-bom to v2.9.0 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/995\r\n##### Micronaut Test resources\r\n* fix(deps): update dependency io.micronaut.testresources:micronaut-test-resources-bom to v2.4.0 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/965\r\n##### Micronaut Platform\r\n* fix(deps): update dependency io.micronaut.platform:micronaut-platform to v4.3.1 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/932\r\n* fix(deps): update dependency io.micronaut.platform:micronaut-platform to v4.3.2 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/952\r\n* fix(deps): update dependency io.micronaut.platform:micronaut-platform to v4.3.5 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/961\r\n* fix(deps): update dependency io.micronaut.platform:micronaut-platform to v4.3.7 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/979\r\n##### Micronaut sql\r\n* fix(deps): update dependency io.micronaut.sql:micronaut-sql-bom to v5.5.1 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/929\r\n* fix(deps): update dependency io.micronaut.sql:micronaut-sql-bom to v5.5.2 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/985\r\n##### Micronaut hibernate-validator\r\n* fix(deps): update dependency io.micronaut.beanvalidation:micronaut-hibernate-validator to v4.2.0 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/925\r\n* fix(deps): update dependency io.micronaut.beanvalidation:micronaut-hibernate-validator to v4.2.1 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/958\r\n* fix(deps): update dependency io.micronaut.beanvalidation:micronaut-hibernate-validator to v4.3.0 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/992\r\n##### Micronaut Test\r\n* fix(deps): update dependency io.micronaut.test:micronaut-test-bom to v4.2.0 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/928\r\n* fix(deps): update dependency io.micronaut.test:micronaut-test-bom to v4.2.1 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/955\r\n\r\n##### Micronaut Spring \r\n* fix(deps): update dependency io.micronaut.spring:micronaut-spring-bom to v5.4.1 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/949\r\n* fix(deps): update dependency io.micronaut.spring:micronaut-spring-bom to v5.5.0 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/971\r\n##### Micronaut R2DBC\r\n* fix(deps): update dependency io.micronaut.r2dbc:micronaut-r2dbc-bom to v5.3.0 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/939\r\n* fix(deps): update dependency io.micronaut.r2dbc:micronaut-r2dbc-bom to v5.4.0 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/991\r\n\r\n##### Micronaut Data\r\n* fix(deps): update dependency io.micronaut.data:micronaut-data-bom to v4.6.2 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/930\r\n##### Micronaut Reactor\r\n* fix(deps): update dependency io.micronaut.reactor:micronaut-reactor-bom to v3.3.0 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/989\r\n### CI \u2699\ufe0fBuild \ud83d\udc18\r\n* chore(deps): update dependency gradle to v8.7 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/986\r\n* chore(deps): update gradle/gradle-build-action action to v3.2.0 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/993\r\n* chore(deps): update gradle/gradle-build-action action to v3.1.0 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/946\r\n\r\n\r\n### GraalVM\r\n* chore(deps): update graalvm/setup-graalvm action to v1.1.8 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/940\r\n#### Junit Report\r\n\r\n#### SLSA\r\n* chore(deps): update slsa-framework/slsa-github-generator action to v1.10.0 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/987\r\n\r\n#### Micronaut Build Plugin\r\n* chore(deps): update plugin io.micronaut.build.shared.settings to v6.6.2 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/924\r\n* chore(deps): update plugin io.micronaut.build.shared.settings to v6.6.4 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/964\r\n* chore(deps): update plugin io.micronaut.build.shared.settings to v6.7.0 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/981\r\n#### Micronaut Gradle Plugin\r\n* fix(deps): update dependency io.micronaut.library:io.micronaut.library.gradle.plugin to v4.3.2 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/945\r\n* fix(deps): update dependency io.micronaut.library:io.micronaut.library.gradle.plugin to v4.3.4 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/959\r\n* fix(deps): update dependency io.micronaut.library:io.micronaut.library.gradle.plugin to v4.3.5 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/984\r\n* fix(deps): update dependency io.micronaut.library:io.micronaut.library.gradle.plugin to v4.3.6 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/994\r\n#### SVM\r\n* fix(deps): update dependency org.graalvm.nativeimage:svm to v23.1.2 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/927\r\n\r\n### Other Changes \ud83d\udca1\r\n* Move junit libs to managed block. by @altro3 in https://github.com/micronaut-projects/micronaut-test/pull/936\r\n\r\n## New Contributors\r\n* @goodnic made their first contribution in https://github.com/micronaut-projects/micronaut-test/pull/970\r\n\r\n**Full Changelog**: https://github.com/micronaut-projects/micronaut-test/compare/v4.2.1...v4.3.0", - "created_at": "2024-04-07T07:31:30Z", - "draft": false, - "html_url": "https://github.com/micronaut-projects/micronaut-test/releases/tag/v4.3.0", - "id": 150098778, - "mentions_count": 4, - "name": "Micronaut Test 4.3.0", - "node_id": "RE_kwDOCPx9Ys4I8lNa", - "prerelease": false, - "published_at": "2024-04-07T07:36:17Z", - "tag_name": "v4.3.0", - "tarball_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/tarball/v4.3.0", - "target_commitish": "4.3.x", - "upload_url": "https://uploads.github.com/repos/micronaut-projects/micronaut-test/releases/150098778/assets{?name,label}", - "url": "https://api.github.com/repos/micronaut-projects/micronaut-test/releases/150098778", - "zipball_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/zipball/v4.3.0" - }, - "repository": { - "allow_forking": true, - "archive_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/{archive_format}{/ref}", - "archived": false, - "assignees_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/assignees{/user}", - "blobs_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/git/blobs{/sha}", - "branches_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/branches{/branch}", - "clone_url": "https://github.com/micronaut-projects/micronaut-test.git", - "collaborators_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/collaborators{/collaborator}", - "comments_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/comments{/number}", - "commits_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/commits{/sha}", - "compare_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/compare/{base}...{head}", - "contents_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/contents/{+path}", - "contributors_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/contributors", - "created_at": "2018-09-28T16:07:55Z", - "custom_properties": {}, - "default_branch": "4.3.x", - "deployments_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/deployments", - "description": "Repository for Test Related Utilities for Micronaut", - "disabled": false, - "downloads_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/downloads", - "events_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/events", - "fork": false, - "forks": 61, - "forks_count": 61, - "forks_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/forks", - "full_name": "micronaut-projects/micronaut-test", - "git_commits_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/git/commits{/sha}", - "git_refs_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/git/refs{/sha}", - "git_tags_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/git/tags{/sha}", - "git_url": "git://github.com/micronaut-projects/micronaut-test.git", - "has_discussions": false, - "has_downloads": true, - "has_issues": true, - "has_pages": true, - "has_projects": true, - "has_wiki": true, - "homepage": "", - "hooks_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/hooks", - "html_url": "https://github.com/micronaut-projects/micronaut-test", - "id": 150764898, - "is_template": false, - "issue_comment_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/issues/comments{/number}", - "issue_events_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/issues/events{/number}", - "issues_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/issues{/number}", - "keys_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/keys{/key_id}", - "labels_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/labels{/name}", - "language": "Java", - "languages_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/languages", - "license": { - "key": "apache-2.0", - "name": "Apache License 2.0", - "node_id": "MDc6TGljZW5zZTI=", - "spdx_id": "Apache-2.0", - "url": "https://api.github.com/licenses/apache-2.0" - }, - "merges_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/merges", - "milestones_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/milestones{/number}", - "mirror_url": null, - "name": "micronaut-test", - "node_id": "MDEwOlJlcG9zaXRvcnkxNTA3NjQ4OTg=", - "notifications_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/notifications{?since,all,participating}", - "open_issues": 42, - "open_issues_count": 42, - "owner": { - "avatar_url": "https://avatars.githubusercontent.com/u/36880643?v=4", - "events_url": "https://api.github.com/users/micronaut-projects/events{/privacy}", - "followers_url": "https://api.github.com/users/micronaut-projects/followers", - "following_url": "https://api.github.com/users/micronaut-projects/following{/other_user}", - "gists_url": "https://api.github.com/users/micronaut-projects/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/micronaut-projects", - "id": 36880643, - "login": "micronaut-projects", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjM2ODgwNjQz", - "organizations_url": "https://api.github.com/users/micronaut-projects/orgs", - "received_events_url": "https://api.github.com/users/micronaut-projects/received_events", - "repos_url": "https://api.github.com/users/micronaut-projects/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/micronaut-projects/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/micronaut-projects/subscriptions", - "type": "Organization", - "url": "https://api.github.com/users/micronaut-projects" - }, - "private": false, - "pulls_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/pulls{/number}", - "pushed_at": "2024-04-07T07:31:30Z", - "releases_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/releases{/id}", - "size": 23749, - "ssh_url": "git@github.com:micronaut-projects/micronaut-test.git", - "stargazers_count": 76, - "stargazers_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/stargazers", - "statuses_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/statuses/{sha}", - "subscribers_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/subscribers", - "subscription_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/subscription", - "svn_url": "https://github.com/micronaut-projects/micronaut-test", - "tags_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/tags", - "teams_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/teams", - "topics": [], - "trees_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/git/trees{/sha}", - "updated_at": "2024-03-31T14:21:35Z", - "url": "https://api.github.com/repos/micronaut-projects/micronaut-test", - "visibility": "public", - "watchers": 76, - "watchers_count": 76, - "web_commit_signoff_required": false - }, - "sender": { - "avatar_url": "https://avatars.githubusercontent.com/u/864788?v=4", - "events_url": "https://api.github.com/users/sdelamo/events{/privacy}", - "followers_url": "https://api.github.com/users/sdelamo/followers", - "following_url": "https://api.github.com/users/sdelamo/following{/other_user}", - "gists_url": "https://api.github.com/users/sdelamo/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/sdelamo", - "id": 864788, - "login": "sdelamo", - "node_id": "MDQ6VXNlcjg2NDc4OA==", - "organizations_url": "https://api.github.com/users/sdelamo/orgs", - "received_events_url": "https://api.github.com/users/sdelamo/received_events", - "repos_url": "https://api.github.com/users/sdelamo/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/sdelamo/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/sdelamo/subscriptions", - "type": "User", - "url": "https://api.github.com/users/sdelamo" - } - }, - "github_head_ref": "", - "github_ref": "refs/tags/v4.3.0", - "github_ref_type": "tag", - "github_repository_id": "150764898", - "github_repository_owner": "micronaut-projects", - "github_repository_owner_id": "36880643", - "github_run_attempt": "1", - "github_run_id": "8587137858", - "github_run_number": "77", - "github_sha1": "f241676bbf3f6072d18f1efd92060f51cb1c0d9b" - } - }, - "metadata": { - "buildInvocationID": "8587137858-1", - "completeness": { - "parameters": true, - "environment": false, - "materials": false - }, - "reproducible": false - }, - "materials": [ - { - "uri": "git+https://github.com/micronaut-projects/micronaut-test@refs/tags/v4.3.0", - "digest": { - "sha1": "f241676bbf3f6072d18f1efd92060f51cb1c0d9b" - } - } - ] - } - } - ], - "Maven Central Registry": [] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 5, - "PASSED": 6, - "SKIPPED": 0, - "UNKNOWN": 1 - }, - "results": [ - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "UNKNOWN" - }, - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "build_tool_name: gradle", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVA", - "language_distributions: [\"temurin\"]", - "language_versions: [\"17\"]", - "deploy_command: [\"./gradlew\", \"publishAllPublicationsToBuildRepository\", \"publishToSonatype\", \"closeAndReleaseSonatypeStagingRepository\"]", - { - "build_trigger": "https://github.com/micronaut-projects/micronaut-test/blob/7679d10b4073a3b842b6c56877c35fa8cd10acff/.github/workflows/release.yml", - "language_url": "https://github.com/actions/setup-java" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "build_tool_name: gradle", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVA", - "language_distributions: [\"temurin\"]", - "language_versions: [\"17\"]", - "build_tool_command: [\"./gradlew\", \"publishToSonatype\", \"closeAndReleaseSonatypeStagingRepository\"]", - { - "build_trigger": "https://github.com/micronaut-projects/micronaut-test/blob/7679d10b4073a3b842b6c56877c35fa8cd10acff/.github/workflows/central-sync.yml", - "language_url": "https://github.com/actions/setup-java" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "asset_name: multiple.intoto.jsonl", - { - "asset_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/releases/assets/160750342" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "git_repo": "https://github.com/micronaut-projects/micronaut-test" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "check_description": "Detects potential pipelines from which an artifact is published.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "check_description": "Check whether the commit came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "commit_digest: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "check_description": "Check whether the repo came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "repository_url: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "check_description": "Check whether the target has a level-1 witness provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 2, - "unique_dep_repos": 2, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 1 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 2 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 2 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 2 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [ - { - "id": "slf4j", - "description": "Analysis Completed.", - "report": "slf4j.html", - "repo_url_status": "AVAILABLE" - }, - { - "id": "caffeine", - "description": "Analysis Completed.", - "report": "caffeine.html", - "repo_url_status": "AVAILABLE" - } - ] - } -} diff --git a/tests/e2e/expected_results/micronaut-test/slf4j.dl b/tests/e2e/expected_results/micronaut-test/slf4j.dl new file mode 100644 index 000000000..e39451bae --- /dev/null +++ b/tests/e2e/expected_results/micronaut-test/slf4j.dl @@ -0,0 +1,22 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_build_script_1"), + check_passed(component_id, "mcn_build_service_1"), + check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_build_as_code_1"), + check_failed(component_id, "mcn_infer_artifact_pipeline_1"), + check_failed(component_id, "mcn_provenance_available_1"), + check_failed(component_id, "mcn_provenance_derived_commit_1"), + check_failed(component_id, "mcn_provenance_derived_repo_1"), + check_failed(component_id, "mcn_provenance_expectation_1"), + check_failed(component_id, "mcn_provenance_level_three_1"), + check_failed(component_id, "mcn_provenance_witness_level_one_1"), + check_failed(component_id, "mcn_trusted_builder_level_three_1"), + is_repo_url(component_id, "https://github.com/qos-ch/slf4j"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:github.com/qos-ch/slf4j@e9ee55cca93c2bf26f14482a9bdf961c750d2a56"). diff --git a/tests/e2e/expected_results/micronaut-test/slf4j.json b/tests/e2e/expected_results/micronaut-test/slf4j.json deleted file mode 100644 index c2945196f..000000000 --- a/tests/e2e/expected_results/micronaut-test/slf4j.json +++ /dev/null @@ -1,315 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-07 15:12:39", - "has_passing_check": true, - "run_checks": [ - "mcn_provenance_available_1", - "mcn_provenance_witness_level_one_1", - "mcn_build_as_code_1", - "mcn_provenance_derived_commit_1", - "mcn_provenance_level_three_1", - "mcn_version_control_system_1", - "mcn_infer_artifact_pipeline_1", - "mcn_trusted_builder_level_three_1", - "mcn_build_script_1", - "mcn_build_service_1", - "mcn_provenance_expectation_1", - "mcn_provenance_derived_repo_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_witness_level_one_1": {}, - "mcn_provenance_expectation_1": {}, - "mcn_provenance_level_three_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_build_script_1": {}, - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_infer_artifact_pipeline_1": {}, - "mcn_build_service_1": {} - } - } - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:github.com/qos-ch/slf4j@e9ee55cca93c2bf26f14482a9bdf961c750d2a56", - "local_cloned_path": "git_repos/github_com/qos-ch/slf4j", - "remote_path": "https://github.com/qos-ch/slf4j", - "branch": null, - "commit_hash": "e9ee55cca93c2bf26f14482a9bdf961c750d2a56", - "commit_date": "2022-02-08T14:32:21+01:00" - }, - "provenances": { - "is_inferred": true, - "content": { - "travis_ci": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "subject": [], - "predicateType": "https://slsa.dev/provenance/v0.2", - "predicate": { - "builder": { - "id": ".travis.yml" - }, - "buildType": "Custom travis_ci", - "invocation": { - "configSource": { - "uri": "https://github.com/qos-ch/slf4j@refs/heads/None", - "digest": { - "sha1": "e9ee55cca93c2bf26f14482a9bdf961c750d2a56" - }, - "entryPoint": ".travis.yml" - }, - "parameters": {}, - "environment": {} - }, - "buildConfig": { - "jobID": "", - "stepID": "", - "stepName": "" - }, - "metadata": { - "buildInvocationId": "", - "buildStartedOn": "", - "buildFinishedOn": "", - "completeness": { - "parameters": "false", - "environment": "false", - "materials": "false" - }, - "reproducible": "false" - }, - "materials": [ - { - "uri": "", - "digest": {} - } - ] - } - } - ], - "Maven Central Registry": [] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 9, - "PASSED": 3, - "SKIPPED": 0, - "UNKNOWN": 0 - }, - "results": [ - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "build_tool_name: maven", - "ci_service_name: travis_ci", - "build_command: jdk", - "language: java" - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "git_repo": "https://github.com/qos-ch/slf4j" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "check_description": "Detects potential pipelines from which an artifact is published.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "check_description": "Check whether the commit came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "commit_digest: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "check_description": "Check whether the repo came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "repository_url: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "check_description": "Check whether the target has a level-1 witness provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -} diff --git a/tests/e2e/expected_results/multibuild_test/multibuild_test.dl b/tests/e2e/expected_results/multibuild_test/multibuild_test.dl new file mode 100644 index 000000000..063825048 --- /dev/null +++ b/tests/e2e/expected_results/multibuild_test/multibuild_test.dl @@ -0,0 +1,22 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_build_as_code_1"), + check_passed(component_id, "mcn_build_script_1"), + check_passed(component_id, "mcn_build_service_1"), + check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_infer_artifact_pipeline_1"), + check_failed(component_id, "mcn_provenance_available_1"), + check_failed(component_id, "mcn_provenance_derived_commit_1"), + check_failed(component_id, "mcn_provenance_derived_repo_1"), + check_failed(component_id, "mcn_provenance_expectation_1"), + check_failed(component_id, "mcn_provenance_level_three_1"), + check_failed(component_id, "mcn_provenance_witness_level_one_1"), + check_failed(component_id, "mcn_trusted_builder_level_three_1"), + is_repo_url(component_id, "https://github.com/timyarkov/multibuild_test"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:github.com/timyarkov/multibuild_test@a8b0efe24298bc81f63217aaa84776c3d48976c5"). diff --git a/tests/e2e/expected_results/multibuild_test/multibuild_test.json b/tests/e2e/expected_results/multibuild_test/multibuild_test.json deleted file mode 100644 index f3139866b..000000000 --- a/tests/e2e/expected_results/multibuild_test/multibuild_test.json +++ /dev/null @@ -1,349 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-07 15:10:11", - "has_passing_check": true, - "run_checks": [ - "mcn_provenance_available_1", - "mcn_provenance_witness_level_one_1", - "mcn_build_as_code_1", - "mcn_provenance_derived_commit_1", - "mcn_provenance_level_three_1", - "mcn_version_control_system_1", - "mcn_infer_artifact_pipeline_1", - "mcn_trusted_builder_level_three_1", - "mcn_build_script_1", - "mcn_build_service_1", - "mcn_provenance_expectation_1", - "mcn_provenance_derived_repo_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_level_three_1": {}, - "mcn_provenance_witness_level_one_1": {}, - "mcn_provenance_expectation_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_build_script_1": {}, - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_build_service_1": {}, - "mcn_infer_artifact_pipeline_1": {} - } - } - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:github.com/timyarkov/multibuild_test@a8b0efe24298bc81f63217aaa84776c3d48976c5", - "local_cloned_path": "git_repos/github_com/timyarkov/multibuild_test", - "remote_path": "https://github.com/timyarkov/multibuild_test", - "branch": "main", - "commit_hash": "a8b0efe24298bc81f63217aaa84776c3d48976c5", - "commit_date": "2023-05-27T18:43:57+10:00" - }, - "provenances": { - "is_inferred": true, - "content": { - "github_actions": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "subject": [], - "predicateType": "https://slsa.dev/provenance/v0.2", - "predicate": { - "builder": { - "id": "https://github.com/timyarkov/multibuild_test/blob/a8b0efe24298bc81f63217aaa84776c3d48976c5/.github/workflows/github-actions-basic.yml" - }, - "buildType": "Custom github_actions", - "invocation": { - "configSource": { - "uri": "https://github.com/timyarkov/multibuild_test@refs/heads/main", - "digest": { - "sha1": "a8b0efe24298bc81f63217aaa84776c3d48976c5" - }, - "entryPoint": "https://github.com/timyarkov/multibuild_test/blob/a8b0efe24298bc81f63217aaa84776c3d48976c5/.github/workflows/github-actions-basic.yml" - }, - "parameters": {}, - "environment": {} - }, - "buildConfig": { - "jobID": "pretend-to-do-stuff", - "stepID": "", - "stepName": "Publish Gradle Project" - }, - "metadata": { - "buildInvocationId": "", - "buildStartedOn": "", - "buildFinishedOn": "", - "completeness": { - "parameters": "false", - "environment": "false", - "materials": "false" - }, - "reproducible": "false" - }, - "materials": [ - { - "uri": "", - "digest": {} - } - ] - } - } - ], - "Maven Central Registry": [] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 8, - "PASSED": 4, - "SKIPPED": 0, - "UNKNOWN": 0 - }, - "results": [ - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "build_tool_name: gradle", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVA", - "language_distributions: [\"temurin\"]", - "language_versions: [\"17\"]", - "deploy_command: [\"gradle\", \"publish\"]", - { - "build_trigger": "https://github.com/timyarkov/multibuild_test/blob/a8b0efe24298bc81f63217aaa84776c3d48976c5/.github/workflows/github-actions-basic.yml", - "language_url": "https://github.com/actions/setup-java" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "build_tool_name: gradle", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVA", - "language_distributions: [\"temurin\"]", - "language_versions: [\"17\"]", - "build_tool_command: [\"gradle\", \"publish\"]", - { - "build_trigger": "https://github.com/timyarkov/multibuild_test/blob/a8b0efe24298bc81f63217aaa84776c3d48976c5/.github/workflows/github-actions-basic.yml", - "language_url": "https://github.com/actions/setup-java" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "git_repo": "https://github.com/timyarkov/multibuild_test" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "check_description": "Detects potential pipelines from which an artifact is published.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "check_description": "Check whether the commit came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "commit_digest: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "check_description": "Check whether the repo came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "repository_url: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "check_description": "Check whether the target has a level-1 witness provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 3, - "unique_dep_repos": 2, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 2 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 2 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 1 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [ - { - "id": "org.springframework.boot:spring-boot-starter-thymeleaf", - "description": "Analysis Completed.", - "report": "spring-boot-starter-thymeleaf.html", - "repo_url_status": "AVAILABLE" - }, - { - "id": "org.springframework.boot:spring-boot-starter-web", - "description": "https://github.com/spring-projects/spring-boot is already analyzed.", - "report": "", - "repo_url_status": "DUPLICATED REPO URL" - }, - { - "id": "com.google.code.gson:gson", - "description": "Analysis Completed.", - "report": "gson.html", - "repo_url_status": "AVAILABLE" - } - ] - } -} diff --git a/tests/e2e/expected_results/onu-ui/onu-ui.dl b/tests/e2e/expected_results/onu-ui/onu-ui.dl new file mode 100644 index 000000000..37005b017 --- /dev/null +++ b/tests/e2e/expected_results/onu-ui/onu-ui.dl @@ -0,0 +1,22 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_build_as_code_1"), + check_passed(component_id, "mcn_build_script_1"), + check_passed(component_id, "mcn_build_service_1"), + check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_infer_artifact_pipeline_1"), + check_failed(component_id, "mcn_provenance_available_1"), + check_failed(component_id, "mcn_provenance_derived_commit_1"), + check_failed(component_id, "mcn_provenance_derived_repo_1"), + check_failed(component_id, "mcn_provenance_expectation_1"), + check_failed(component_id, "mcn_provenance_level_three_1"), + check_failed(component_id, "mcn_provenance_witness_level_one_1"), + check_failed(component_id, "mcn_trusted_builder_level_three_1"), + is_repo_url(component_id, "https://github.com/onu-ui/onu-ui"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:github.com/onu-ui/onu-ui@e3f2825c3940002a920d65476116a64684b3d95e"). diff --git a/tests/e2e/expected_results/onu-ui/onu-ui.json b/tests/e2e/expected_results/onu-ui/onu-ui.json deleted file mode 100644 index 8e1e826fc..000000000 --- a/tests/e2e/expected_results/onu-ui/onu-ui.json +++ /dev/null @@ -1,324 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-07 15:10:20", - "has_passing_check": true, - "run_checks": [ - "mcn_provenance_available_1", - "mcn_provenance_witness_level_one_1", - "mcn_build_as_code_1", - "mcn_provenance_derived_commit_1", - "mcn_provenance_level_three_1", - "mcn_version_control_system_1", - "mcn_infer_artifact_pipeline_1", - "mcn_trusted_builder_level_three_1", - "mcn_build_script_1", - "mcn_build_service_1", - "mcn_provenance_expectation_1", - "mcn_provenance_derived_repo_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_witness_level_one_1": {}, - "mcn_provenance_expectation_1": {}, - "mcn_provenance_level_three_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_build_script_1": {}, - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_build_service_1": {}, - "mcn_infer_artifact_pipeline_1": {} - } - } - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:github.com/onu-ui/onu-ui@e3f2825c3940002a920d65476116a64684b3d95e", - "local_cloned_path": "git_repos/github_com/onu-ui/onu-ui", - "remote_path": "https://github.com/onu-ui/onu-ui", - "branch": "main", - "commit_hash": "e3f2825c3940002a920d65476116a64684b3d95e", - "commit_date": "2023-09-29T19:41:13+08:00" - }, - "provenances": { - "is_inferred": true, - "content": { - "github_actions": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "subject": [], - "predicateType": "https://slsa.dev/provenance/v0.2", - "predicate": { - "builder": { - "id": "https://github.com/onu-ui/onu-ui/blob/e3f2825c3940002a920d65476116a64684b3d95e/.github/workflows/release.yml" - }, - "buildType": "Custom github_actions", - "invocation": { - "configSource": { - "uri": "https://github.com/onu-ui/onu-ui@refs/heads/main", - "digest": { - "sha1": "e3f2825c3940002a920d65476116a64684b3d95e" - }, - "entryPoint": "https://github.com/onu-ui/onu-ui/blob/e3f2825c3940002a920d65476116a64684b3d95e/.github/workflows/release.yml" - }, - "parameters": {}, - "environment": {} - }, - "buildConfig": { - "jobID": "release", - "stepID": "", - "stepName": "Publish to npm" - }, - "metadata": { - "buildInvocationId": "", - "buildStartedOn": "", - "buildFinishedOn": "", - "completeness": { - "parameters": "false", - "environment": "false", - "materials": "false" - }, - "reproducible": "false" - }, - "materials": [ - { - "uri": "", - "digest": {} - } - ] - } - } - ], - "npm Registry": [] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 8, - "PASSED": 4, - "SKIPPED": 0, - "UNKNOWN": 0 - }, - "results": [ - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "build_tool_name: npm", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVASCRIPT", - "deploy_command: [\"pnpm\", \"-r\", \"publish\", \"--access\", \"public\", \"--no-git-checks\"]", - { - "build_trigger": "https://github.com/onu-ui/onu-ui/blob/e3f2825c3940002a920d65476116a64684b3d95e/.github/workflows/release.yml" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "build_tool_name: npm", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVASCRIPT", - "build_tool_command: [\"pnpm\", \"install\", \"--no-frozen-lockfile\"]", - { - "build_trigger": "https://github.com/onu-ui/onu-ui/blob/e3f2825c3940002a920d65476116a64684b3d95e/.github/workflows/ci.yml" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "git_repo": "https://github.com/onu-ui/onu-ui" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "check_description": "Detects potential pipelines from which an artifact is published.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "check_description": "Check whether the commit came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "commit_digest: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "check_description": "Check whether the repo came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "repository_url: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "check_description": "Check whether the target has a level-1 witness provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -} diff --git a/tests/e2e/expected_results/plot-plugin/plot-plugin.dl b/tests/e2e/expected_results/plot-plugin/plot-plugin.dl new file mode 100644 index 000000000..a3d674888 --- /dev/null +++ b/tests/e2e/expected_results/plot-plugin/plot-plugin.dl @@ -0,0 +1,22 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_build_script_1"), + check_passed(component_id, "mcn_build_service_1"), + check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_build_as_code_1"), + check_failed(component_id, "mcn_infer_artifact_pipeline_1"), + check_failed(component_id, "mcn_provenance_available_1"), + check_failed(component_id, "mcn_provenance_derived_commit_1"), + check_failed(component_id, "mcn_provenance_derived_repo_1"), + check_failed(component_id, "mcn_provenance_expectation_1"), + check_failed(component_id, "mcn_provenance_level_three_1"), + check_failed(component_id, "mcn_provenance_witness_level_one_1"), + check_failed(component_id, "mcn_trusted_builder_level_three_1"), + is_repo_url(component_id, "https://github.com/jenkinsci/plot-plugin"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:github.com/jenkinsci/plot-plugin@55b059187e252b35ac0d6cb52268833ee1bb7380"). diff --git a/tests/e2e/expected_results/plot-plugin/plot-plugin.json b/tests/e2e/expected_results/plot-plugin/plot-plugin.json deleted file mode 100644 index 190d43dc4..000000000 --- a/tests/e2e/expected_results/plot-plugin/plot-plugin.json +++ /dev/null @@ -1,360 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-07 15:09:39", - "has_passing_check": true, - "run_checks": [ - "mcn_provenance_available_1", - "mcn_provenance_witness_level_one_1", - "mcn_build_as_code_1", - "mcn_provenance_derived_commit_1", - "mcn_provenance_level_three_1", - "mcn_version_control_system_1", - "mcn_infer_artifact_pipeline_1", - "mcn_trusted_builder_level_three_1", - "mcn_build_script_1", - "mcn_build_service_1", - "mcn_provenance_expectation_1", - "mcn_provenance_derived_repo_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_expectation_1": {}, - "mcn_provenance_level_three_1": {}, - "mcn_provenance_witness_level_one_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_infer_artifact_pipeline_1": {}, - "mcn_build_service_1": {} - } - }, - "mcn_build_script_1": {} - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:github.com/jenkinsci/plot-plugin@55b059187e252b35ac0d6cb52268833ee1bb7380", - "local_cloned_path": "git_repos/github_com/jenkinsci/plot-plugin", - "remote_path": "https://github.com/jenkinsci/plot-plugin", - "branch": "master", - "commit_hash": "55b059187e252b35ac0d6cb52268833ee1bb7380", - "commit_date": "2021-12-23T08:42:09+00:00" - }, - "provenances": { - "is_inferred": true, - "content": { - "github_actions": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "subject": [], - "predicateType": "https://slsa.dev/provenance/v0.2", - "predicate": { - "builder": { - "id": "" - }, - "buildType": "", - "invocation": { - "configSource": { - "uri": "", - "digest": { - "sha1": "" - }, - "entryPoint": "" - }, - "parameters": {}, - "environment": {} - }, - "buildConfig": { - "jobID": "", - "stepID": "" - }, - "metadata": { - "buildInvocationId": "", - "buildStartedOn": "", - "buildFinishedOn": "", - "completeness": { - "parameters": "false", - "environment": "false", - "materials": "false" - }, - "reproducible": "false" - }, - "materials": [ - { - "uri": "", - "digest": {} - } - ] - } - } - ], - "jenkins": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "subject": [], - "predicateType": "https://slsa.dev/provenance/v0.2", - "predicate": { - "builder": { - "id": "Jenkinsfile" - }, - "buildType": "Custom jenkins", - "invocation": { - "configSource": { - "uri": "https://github.com/jenkinsci/plot-plugin@refs/heads/master", - "digest": { - "sha1": "55b059187e252b35ac0d6cb52268833ee1bb7380" - }, - "entryPoint": "Jenkinsfile" - }, - "parameters": {}, - "environment": {} - }, - "buildConfig": { - "jobID": "", - "stepID": "", - "stepName": "" - }, - "metadata": { - "buildInvocationId": "", - "buildStartedOn": "", - "buildFinishedOn": "", - "completeness": { - "parameters": "false", - "environment": "false", - "materials": "false" - }, - "reproducible": "false" - }, - "materials": [ - { - "uri": "", - "digest": {} - } - ] - } - } - ], - "Maven Central Registry": [] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 9, - "PASSED": 3, - "SKIPPED": 0, - "UNKNOWN": 0 - }, - "results": [ - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "build_tool_name: maven", - "ci_service_name: jenkins", - "build_command: buildPlugin", - "language: java" - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "git_repo": "https://github.com/jenkinsci/plot-plugin" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "check_description": "Detects potential pipelines from which an artifact is published.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "check_description": "Check whether the commit came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "commit_digest: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "check_description": "Check whether the repo came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "repository_url: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "check_description": "Check whether the target has a level-1 witness provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -} diff --git a/tests/e2e/expected_results/purl/com_google_guava/guava/guava.dl b/tests/e2e/expected_results/purl/com_google_guava/guava/guava.dl new file mode 100644 index 000000000..30028fa9d --- /dev/null +++ b/tests/e2e/expected_results/purl/com_google_guava/guava/guava.dl @@ -0,0 +1,22 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_build_as_code_1"), + check_passed(component_id, "mcn_build_script_1"), + check_passed(component_id, "mcn_build_service_1"), + check_passed(component_id, "mcn_infer_artifact_pipeline_1"), + check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_provenance_available_1"), + check_failed(component_id, "mcn_provenance_derived_commit_1"), + check_failed(component_id, "mcn_provenance_derived_repo_1"), + check_failed(component_id, "mcn_provenance_expectation_1"), + check_failed(component_id, "mcn_provenance_level_three_1"), + check_failed(component_id, "mcn_provenance_witness_level_one_1"), + check_failed(component_id, "mcn_trusted_builder_level_three_1"), + is_repo_url(component_id, "https://github.com/google/guava"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:maven/com.google.guava/guava@32.1.2-jre?type=jar"). diff --git a/tests/e2e/expected_results/purl/com_google_guava/guava/guava.json b/tests/e2e/expected_results/purl/com_google_guava/guava/guava.json deleted file mode 100644 index ff99cc0c5..000000000 --- a/tests/e2e/expected_results/purl/com_google_guava/guava/guava.json +++ /dev/null @@ -1,334 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-07 15:14:23", - "has_passing_check": true, - "run_checks": [ - "mcn_provenance_available_1", - "mcn_provenance_witness_level_one_1", - "mcn_build_as_code_1", - "mcn_provenance_derived_commit_1", - "mcn_provenance_level_three_1", - "mcn_version_control_system_1", - "mcn_infer_artifact_pipeline_1", - "mcn_trusted_builder_level_three_1", - "mcn_build_script_1", - "mcn_build_service_1", - "mcn_provenance_expectation_1", - "mcn_provenance_derived_repo_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_witness_level_one_1": {}, - "mcn_provenance_expectation_1": {}, - "mcn_provenance_level_three_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_build_script_1": {}, - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_infer_artifact_pipeline_1": {}, - "mcn_build_service_1": {} - } - } - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:maven/com.google.guava/guava@32.1.2-jre?type=jar", - "local_cloned_path": "git_repos/github_com/google/guava", - "remote_path": "https://github.com/google/guava", - "branch": null, - "commit_hash": "db74bd2fdac443223d45e6fc5c66548542be1081", - "commit_date": "2023-07-31T17:01:20-04:00" - }, - "provenances": { - "is_inferred": true, - "content": { - "github_actions": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "subject": [], - "predicateType": "https://slsa.dev/provenance/v0.2", - "predicate": { - "builder": { - "id": "https://github.com/google/guava/blob/db74bd2fdac443223d45e6fc5c66548542be1081/.github/workflows/ci.yml" - }, - "buildType": "Custom github_actions", - "invocation": { - "configSource": { - "uri": "https://github.com/google/guava@refs/heads/None", - "digest": { - "sha1": "db74bd2fdac443223d45e6fc5c66548542be1081" - }, - "entryPoint": "https://github.com/google/guava/blob/db74bd2fdac443223d45e6fc5c66548542be1081/.github/workflows/ci.yml" - }, - "parameters": {}, - "environment": {} - }, - "buildConfig": { - "jobID": "publish_snapshot", - "stepID": "", - "stepName": "Publish" - }, - "metadata": { - "buildInvocationId": "", - "buildStartedOn": "", - "buildFinishedOn": "", - "completeness": { - "parameters": "false", - "environment": "false", - "materials": "false" - }, - "reproducible": "false" - }, - "materials": [ - { - "uri": "", - "digest": {} - } - ] - } - } - ], - "Maven Central Registry": [] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 7, - "PASSED": 5, - "SKIPPED": 0, - "UNKNOWN": 0 - }, - "results": [ - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "build_tool_name: maven", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVA", - "language_distributions: [\"zulu\"]", - "language_versions: [\"11\"]", - "deploy_command: [\"mvn\", \"clean\", \"source:jar\", \"javadoc:jar\", \"deploy\", \"-DskipTests=true\", \"\\\"$@\\\"\"]", - { - "build_trigger": "https://github.com/google/guava/blob/db74bd2fdac443223d45e6fc5c66548542be1081/.github/workflows/ci.yml", - "language_url": "https://github.com/actions/setup-java" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "build_tool_name: gradle", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVA", - "language_distributions: [\"zulu\"]", - "language_versions: [\"8\", \"11\", \"17\"]", - "build_tool_command: [\"./gradlew\", \"testClasspath\"]", - { - "build_trigger": "https://github.com/google/guava/blob/db74bd2fdac443223d45e6fc5c66548542be1081/.github/workflows/ci.yml", - "language_url": "https://github.com/actions/setup-java" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "check_description": "Detects potential pipelines from which an artifact is published.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "deploy_job: publish_snapshot", - "deploy_step: Publish", - { - "run_url": "https://github.com/google/guava/actions/runs/5719444145" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "git_repo": "https://github.com/google/guava" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "check_description": "Check whether the commit came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "commit_digest: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "check_description": "Check whether the repo came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "repository_url: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "check_description": "Check whether the target has a level-1 witness provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -} diff --git a/tests/e2e/expected_results/purl/maven/com_example_nonexistent/nonexistent.dl b/tests/e2e/expected_results/purl/maven/com_example_nonexistent/nonexistent.dl new file mode 100644 index 000000000..009cd2fe7 --- /dev/null +++ b/tests/e2e/expected_results/purl/maven/com_example_nonexistent/nonexistent.dl @@ -0,0 +1,22 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_failed(component_id, "mcn_build_as_code_1"), + check_failed(component_id, "mcn_build_script_1"), + check_failed(component_id, "mcn_build_service_1"), + check_failed(component_id, "mcn_infer_artifact_pipeline_1"), + check_failed(component_id, "mcn_provenance_available_1"), + check_failed(component_id, "mcn_provenance_derived_commit_1"), + check_failed(component_id, "mcn_provenance_derived_repo_1"), + check_failed(component_id, "mcn_provenance_expectation_1"), + check_failed(component_id, "mcn_provenance_level_three_1"), + check_failed(component_id, "mcn_provenance_witness_level_one_1"), + check_failed(component_id, "mcn_trusted_builder_level_three_1"), + check_failed(component_id, "mcn_version_control_system_1"), + is_repo_url(component_id, ""). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:maven/com.example/nonexistent@1.0.0"). diff --git a/tests/e2e/expected_results/purl/maven/com_example_nonexistent/nonexistent.json b/tests/e2e/expected_results/purl/maven/com_example_nonexistent/nonexistent.json deleted file mode 100644 index 1778a0f65..000000000 --- a/tests/e2e/expected_results/purl/maven/com_example_nonexistent/nonexistent.json +++ /dev/null @@ -1,262 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-07 15:12:19", - "has_passing_check": false, - "run_checks": [ - "mcn_provenance_available_1", - "mcn_provenance_witness_level_one_1", - "mcn_build_as_code_1", - "mcn_provenance_derived_commit_1", - "mcn_provenance_level_three_1", - "mcn_version_control_system_1", - "mcn_infer_artifact_pipeline_1", - "mcn_trusted_builder_level_three_1", - "mcn_build_script_1", - "mcn_build_service_1", - "mcn_provenance_expectation_1", - "mcn_provenance_derived_repo_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_witness_level_one_1": {}, - "mcn_provenance_level_three_1": {}, - "mcn_provenance_expectation_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_infer_artifact_pipeline_1": {}, - "mcn_build_service_1": {} - } - }, - "mcn_build_script_1": {} - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:maven/com.example/nonexistent@1.0.0", - "local_cloned_path": "Unable to find a repository.", - "remote_path": "", - "branch": "", - "commit_hash": "", - "commit_date": "" - }, - "provenances": { - "is_inferred": true, - "content": {} - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 12, - "PASSED": 0, - "SKIPPED": 0, - "UNKNOWN": 0 - }, - "results": [ - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "check_description": "Detects potential pipelines from which an artifact is published.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "check_description": "Check whether the commit came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "commit_digest: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "check_description": "Check whether the repo came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "repository_url: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "check_description": "Check whether the target has a level-1 witness provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -} diff --git a/tests/e2e/expected_results/purl/maven/maven.dl b/tests/e2e/expected_results/purl/maven/maven.dl new file mode 100644 index 000000000..ecc9383f6 --- /dev/null +++ b/tests/e2e/expected_results/purl/maven/maven.dl @@ -0,0 +1,22 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_build_script_1"), + check_passed(component_id, "mcn_build_service_1"), + check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_build_as_code_1"), + check_failed(component_id, "mcn_infer_artifact_pipeline_1"), + check_failed(component_id, "mcn_provenance_available_1"), + check_failed(component_id, "mcn_provenance_derived_commit_1"), + check_failed(component_id, "mcn_provenance_derived_repo_1"), + check_failed(component_id, "mcn_provenance_expectation_1"), + check_failed(component_id, "mcn_provenance_level_three_1"), + check_failed(component_id, "mcn_provenance_witness_level_one_1"), + check_failed(component_id, "mcn_trusted_builder_level_three_1"), + is_repo_url(component_id, "https://github.com/apache/maven"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:maven/apache/maven"). diff --git a/tests/e2e/expected_results/purl/maven/maven.json b/tests/e2e/expected_results/purl/maven/maven.json deleted file mode 100644 index 9b16c188e..000000000 --- a/tests/e2e/expected_results/purl/maven/maven.json +++ /dev/null @@ -1,375 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-07 15:10:31", - "has_passing_check": true, - "run_checks": [ - "mcn_provenance_available_1", - "mcn_provenance_witness_level_one_1", - "mcn_build_as_code_1", - "mcn_provenance_derived_commit_1", - "mcn_provenance_level_three_1", - "mcn_version_control_system_1", - "mcn_infer_artifact_pipeline_1", - "mcn_trusted_builder_level_three_1", - "mcn_build_script_1", - "mcn_build_service_1", - "mcn_provenance_expectation_1", - "mcn_provenance_derived_repo_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_witness_level_one_1": {}, - "mcn_provenance_level_three_1": {}, - "mcn_provenance_expectation_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_build_script_1": {}, - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_build_service_1": {}, - "mcn_infer_artifact_pipeline_1": {} - } - } - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:maven/apache/maven", - "local_cloned_path": "git_repos/github_com/apache/maven", - "remote_path": "https://github.com/apache/maven", - "branch": "master", - "commit_hash": "3fc399318edef0d5ba593723a24fff64291d6f9b", - "commit_date": "2023-10-20T21:20:23+02:00" - }, - "provenances": { - "is_inferred": true, - "content": { - "github_actions": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "subject": [], - "predicateType": "https://slsa.dev/provenance/v0.2", - "predicate": { - "builder": { - "id": "https://github.com/apache/maven/blob/3fc399318edef0d5ba593723a24fff64291d6f9b/.github/workflows/maven.yml" - }, - "buildType": "Custom github_actions", - "invocation": { - "configSource": { - "uri": "https://github.com/apache/maven@refs/heads/master", - "digest": { - "sha1": "3fc399318edef0d5ba593723a24fff64291d6f9b" - }, - "entryPoint": "https://github.com/apache/maven/blob/3fc399318edef0d5ba593723a24fff64291d6f9b/.github/workflows/maven.yml" - }, - "parameters": {}, - "environment": {} - }, - "buildConfig": { - "jobID": "", - "stepID": "", - "stepName": "" - }, - "metadata": { - "buildInvocationId": "", - "buildStartedOn": "", - "buildFinishedOn": "", - "completeness": { - "parameters": "false", - "environment": "false", - "materials": "false" - }, - "reproducible": "false" - }, - "materials": [ - { - "uri": "", - "digest": {} - } - ] - } - } - ], - "jenkins": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "subject": [], - "predicateType": "https://slsa.dev/provenance/v0.2", - "predicate": { - "builder": { - "id": "" - }, - "buildType": "", - "invocation": { - "configSource": { - "uri": "", - "digest": { - "sha1": "" - }, - "entryPoint": "" - }, - "parameters": {}, - "environment": {} - }, - "buildConfig": { - "jobID": "", - "stepID": "" - }, - "metadata": { - "buildInvocationId": "", - "buildStartedOn": "", - "buildFinishedOn": "", - "completeness": { - "parameters": "false", - "environment": "false", - "materials": "false" - }, - "reproducible": "false" - }, - "materials": [ - { - "uri": "", - "digest": {} - } - ] - } - } - ], - "Maven Central Registry": [] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 9, - "PASSED": 3, - "SKIPPED": 0, - "UNKNOWN": 0 - }, - "results": [ - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "build_tool_name: maven", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVA", - "language_distributions: [\"temurin\"]", - "language_versions: [\"11\", \"17\", \"21\"]", - "build_tool_command: [\"mvn\", \"install\", \"-e\", \"-B\", \"-V\", \"-DdistributionFileName=apache-maven\", \"-DskipTests\", \"-f\", \"maven/pom.xml\"]", - { - "build_trigger": "https://github.com/apache/maven/blob/3fc399318edef0d5ba593723a24fff64291d6f9b/.github/workflows/maven.yml", - "language_url": "https://github.com/actions/setup-java" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "build_tool_name: maven", - "ci_service_name: github_actions", - "build_command: [\"mvn\", \"install\", \"-e\", \"-B\", \"-V\", \"-DdistributionFileName=apache-maven\", \"-DskipTests\", \"-f\", \"maven/pom.xml\"]", - "language: BuildLanguage.JAVA", - "language_distributions: [\"temurin\"]", - "language_versions: [\"11\", \"17\", \"21\"]", - { - "build_trigger": "https://github.com/apache/maven/blob/3fc399318edef0d5ba593723a24fff64291d6f9b/.github/workflows/maven.yml", - "language_url": "https://github.com/actions/setup-java" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "git_repo": "https://github.com/apache/maven" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "check_description": "Detects potential pipelines from which an artifact is published.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "check_description": "Check whether the commit came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "commit_digest: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "check_description": "Check whether the repo came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "repository_url: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "check_description": "Check whether the target has a level-1 witness provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -} diff --git a/tests/e2e/expected_results/purl/maven/micronaut-core/micronaut-core.dl b/tests/e2e/expected_results/purl/maven/micronaut-core/micronaut-core.dl new file mode 100644 index 000000000..90410bdf4 --- /dev/null +++ b/tests/e2e/expected_results/purl/maven/micronaut-core/micronaut-core.dl @@ -0,0 +1,17 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_build_as_code_1"), + check_passed(component_id, "mcn_build_script_1"), + check_passed(component_id, "mcn_build_service_1"), + check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_provenance_derived_commit_1"), + check_failed(component_id, "mcn_provenance_derived_repo_1"), + check_failed(component_id, "mcn_trusted_builder_level_three_1"), + is_repo_url(component_id, "https://github.com/micronaut-projects/micronaut-core"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:maven/io.micronaut/micronaut-core@4.2.3"). diff --git a/tests/e2e/expected_results/purl/maven/micronaut-core/micronaut-core.json b/tests/e2e/expected_results/purl/maven/micronaut-core/micronaut-core.json deleted file mode 100644 index 2b9baeab4..000000000 --- a/tests/e2e/expected_results/purl/maven/micronaut-core/micronaut-core.json +++ /dev/null @@ -1,261 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-07 15:09:31", - "has_passing_check": true, - "run_checks": [ - "mcn_trusted_builder_level_three_1", - "mcn_version_control_system_1", - "mcn_provenance_derived_repo_1", - "mcn_build_service_1", - "mcn_build_script_1", - "mcn_provenance_derived_commit_1", - "mcn_build_as_code_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_expectation_1": {}, - "mcn_provenance_level_three_1": {}, - "mcn_provenance_witness_level_one_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_infer_artifact_pipeline_1": {}, - "mcn_build_service_1": {} - } - }, - "mcn_build_script_1": {} - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:maven/io.micronaut/micronaut-core@4.2.3", - "local_cloned_path": "git_repos/github_com/micronaut-projects/micronaut-core", - "remote_path": "https://github.com/micronaut-projects/micronaut-core", - "branch": null, - "commit_hash": "36dcaf0539536dce5fc753677341609ff7f273ca", - "commit_date": "2024-01-04T22:05:18+00:00" - }, - "provenances": { - "is_inferred": true, - "content": { - "github_actions": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "subject": [], - "predicateType": "https://slsa.dev/provenance/v0.2", - "predicate": { - "builder": { - "id": "https://github.com/micronaut-projects/micronaut-core/blob/36dcaf0539536dce5fc753677341609ff7f273ca/.github/workflows/release.yml" - }, - "buildType": "Custom github_actions", - "invocation": { - "configSource": { - "uri": "https://github.com/micronaut-projects/micronaut-core@refs/heads/None", - "digest": { - "sha1": "36dcaf0539536dce5fc753677341609ff7f273ca" - }, - "entryPoint": "https://github.com/micronaut-projects/micronaut-core/blob/36dcaf0539536dce5fc753677341609ff7f273ca/.github/workflows/release.yml" - }, - "parameters": {}, - "environment": {} - }, - "buildConfig": { - "jobID": "release", - "stepID": "publish", - "stepName": "Publish to Sonatype OSSRH" - }, - "metadata": { - "buildInvocationId": "", - "buildStartedOn": "", - "buildFinishedOn": "", - "completeness": { - "parameters": "false", - "environment": "false", - "materials": "false" - }, - "reproducible": "false" - }, - "materials": [ - { - "uri": "", - "digest": {} - } - ] - } - } - ], - "Maven Central Registry": [] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 3, - "PASSED": 4, - "SKIPPED": 0, - "UNKNOWN": 0 - }, - "results": [ - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "build_tool_name: gradle", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVA", - "language_distributions: [\"temurin\"]", - "language_versions: [\"17\"]", - "deploy_command: [\"./gradlew\", \"publishAllPublicationsToBuildRepository\", \"publishToSonatype\", \"closeAndReleaseSonatypeStagingRepository\"]", - { - "build_trigger": "https://github.com/micronaut-projects/micronaut-core/blob/36dcaf0539536dce5fc753677341609ff7f273ca/.github/workflows/release.yml", - "language_url": "https://github.com/actions/setup-java" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "build_tool_name: gradle", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVA", - "language_distributions: [\"temurin\"]", - "language_versions: [\"17\"]", - "build_tool_command: [\"./gradlew\", \"publishToSonatype\", \"closeAndReleaseSonatypeStagingRepository\"]", - { - "build_trigger": "https://github.com/micronaut-projects/micronaut-core/blob/36dcaf0539536dce5fc753677341609ff7f273ca/.github/workflows/central-sync.yml", - "language_url": "https://github.com/actions/setup-java" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "git_repo": "https://github.com/micronaut-projects/micronaut-core" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "check_description": "Check whether the commit came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "commit_digest: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "check_description": "Check whether the repo came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "repository_url: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -} diff --git a/tests/e2e/expected_results/purl/npm/semver/semver.dl b/tests/e2e/expected_results/purl/npm/semver/semver.dl new file mode 100644 index 000000000..eab6ab8dd --- /dev/null +++ b/tests/e2e/expected_results/purl/npm/semver/semver.dl @@ -0,0 +1,21 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_build_as_code_1"), + check_passed(component_id, "mcn_build_script_1"), + check_passed(component_id, "mcn_build_service_1"), + check_passed(component_id, "mcn_provenance_available_1"), + check_passed(component_id, "mcn_provenance_derived_commit_1"), + check_passed(component_id, "mcn_provenance_derived_repo_1"), + check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_infer_artifact_pipeline_1"), + check_failed(component_id, "mcn_provenance_level_three_1"), + check_failed(component_id, "mcn_provenance_witness_level_one_1"), + check_failed(component_id, "mcn_trusted_builder_level_three_1"), + is_repo_url(component_id, "https://github.com/npm/node-semver"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:npm/semver@7.6.0"). diff --git a/tests/e2e/expected_results/purl/npm/semver/semver.json b/tests/e2e/expected_results/purl/npm/semver/semver.json deleted file mode 100644 index 4281ffb1a..000000000 --- a/tests/e2e/expected_results/purl/npm/semver/semver.json +++ /dev/null @@ -1,324 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-07 15:27:34", - "has_passing_check": true, - "run_checks": [ - "mcn_provenance_available_1", - "mcn_provenance_witness_level_one_1", - "mcn_build_as_code_1", - "mcn_provenance_derived_commit_1", - "mcn_provenance_level_three_1", - "mcn_version_control_system_1", - "mcn_infer_artifact_pipeline_1", - "mcn_trusted_builder_level_three_1", - "mcn_build_script_1", - "mcn_build_service_1", - "mcn_provenance_expectation_1", - "mcn_provenance_derived_repo_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_witness_level_one_1": {}, - "mcn_provenance_expectation_1": {}, - "mcn_provenance_level_three_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_build_script_1": {}, - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_infer_artifact_pipeline_1": {}, - "mcn_build_service_1": {} - } - } - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:npm/semver@7.6.0", - "local_cloned_path": "git_repos/github_com/npm/node-semver", - "remote_path": "https://github.com/npm/node-semver", - "branch": null, - "commit_hash": "377f709718053a477ed717089c4403c4fec332a1", - "commit_date": "2024-02-05T09:03:38-08:00" - }, - "provenances": { - "is_inferred": true, - "content": { - "github_actions": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "subject": [], - "predicateType": "https://slsa.dev/provenance/v0.2", - "predicate": { - "builder": { - "id": "https://github.com/npm/node-semver/blob/377f709718053a477ed717089c4403c4fec332a1/.github/workflows/release-integration.yml" - }, - "buildType": "Custom github_actions", - "invocation": { - "configSource": { - "uri": "https://github.com/npm/node-semver@refs/heads/None", - "digest": { - "sha1": "377f709718053a477ed717089c4403c4fec332a1" - }, - "entryPoint": "https://github.com/npm/node-semver/blob/377f709718053a477ed717089c4403c4fec332a1/.github/workflows/release-integration.yml" - }, - "parameters": {}, - "environment": {} - }, - "buildConfig": { - "jobID": "publish", - "stepID": "", - "stepName": "Publish" - }, - "metadata": { - "buildInvocationId": "", - "buildStartedOn": "", - "buildFinishedOn": "", - "completeness": { - "parameters": "false", - "environment": "false", - "materials": "false" - }, - "reproducible": "false" - }, - "materials": [ - { - "uri": "", - "digest": {} - } - ] - } - } - ], - "npm Registry": [] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 4, - "PASSED": 7, - "SKIPPED": 0, - "UNKNOWN": 1 - }, - "results": [ - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "UNKNOWN" - }, - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "build_tool_name: npm", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVASCRIPT", - "deploy_command: [\"npm\", \"publish\", \"--provenance\", \"--tag=\\\"$1\\\"\"]", - { - "build_trigger": "https://github.com/npm/node-semver/blob/377f709718053a477ed717089c4403c4fec332a1/.github/workflows/release-integration.yml" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "build_tool_name: npm", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVASCRIPT", - "build_tool_command: [\"npm\", \"audit\", \"--audit-level=none\"]", - { - "build_trigger": "https://github.com/npm/node-semver/blob/377f709718053a477ed717089c4403c4fec332a1/.github/workflows/audit.yml" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "check_description": "Check whether the commit came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "commit_digest: The commit was found from provenance." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "check_description": "Check whether the repo came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "repository_url: The repository URL was found from provenance." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "git_repo": "https://github.com/npm/node-semver" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "check_description": "Detects potential pipelines from which an artifact is published.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "check_description": "Check whether the target has a level-1 witness provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -} diff --git a/tests/e2e/expected_results/purl/npm/sigstore/mock/mock.dl b/tests/e2e/expected_results/purl/npm/sigstore/mock/mock.dl new file mode 100644 index 000000000..c69cc32d3 --- /dev/null +++ b/tests/e2e/expected_results/purl/npm/sigstore/mock/mock.dl @@ -0,0 +1,21 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_build_as_code_1"), + check_passed(component_id, "mcn_build_script_1"), + check_passed(component_id, "mcn_build_service_1"), + check_passed(component_id, "mcn_provenance_available_1"), + check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_infer_artifact_pipeline_1"), + check_failed(component_id, "mcn_provenance_derived_commit_1"), + check_failed(component_id, "mcn_provenance_derived_repo_1"), + check_failed(component_id, "mcn_provenance_level_three_1"), + check_failed(component_id, "mcn_provenance_witness_level_one_1"), + check_failed(component_id, "mcn_trusted_builder_level_three_1"), + is_repo_url(component_id, "https://github.com/sigstore/sigstore-js"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:npm/%40sigstore/mock@0.1.0"). diff --git a/tests/e2e/expected_results/purl/npm/sigstore/mock/mock.json b/tests/e2e/expected_results/purl/npm/sigstore/mock/mock.json deleted file mode 100644 index 25369282c..000000000 --- a/tests/e2e/expected_results/purl/npm/sigstore/mock/mock.json +++ /dev/null @@ -1,384 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-07 15:27:41", - "has_passing_check": true, - "run_checks": [ - "mcn_provenance_available_1", - "mcn_provenance_witness_level_one_1", - "mcn_build_as_code_1", - "mcn_provenance_derived_commit_1", - "mcn_provenance_level_three_1", - "mcn_version_control_system_1", - "mcn_infer_artifact_pipeline_1", - "mcn_trusted_builder_level_three_1", - "mcn_build_script_1", - "mcn_build_service_1", - "mcn_provenance_expectation_1", - "mcn_provenance_derived_repo_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_witness_level_one_1": {}, - "mcn_provenance_level_three_1": {}, - "mcn_provenance_expectation_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_build_script_1": {}, - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_infer_artifact_pipeline_1": {}, - "mcn_build_service_1": {} - } - } - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:npm/%40sigstore/mock@0.1.0", - "local_cloned_path": "git_repos/github_com/sigstore/sigstore-js", - "remote_path": "https://github.com/sigstore/sigstore-js", - "branch": "main", - "commit_hash": "ebdcfdfbdfeb9c9aeee6df53674ef230613629f5", - "commit_date": "2023-06-30T09:35:26-07:00" - }, - "provenances": { - "is_inferred": false, - "content": { - "github_actions": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "subject": [], - "predicateType": "https://slsa.dev/provenance/v0.2", - "predicate": { - "builder": { - "id": "" - }, - "buildType": "", - "invocation": { - "configSource": { - "uri": "", - "digest": { - "sha1": "" - }, - "entryPoint": "" - }, - "parameters": {}, - "environment": {} - }, - "buildConfig": { - "jobID": "", - "stepID": "" - }, - "metadata": { - "buildInvocationId": "", - "buildStartedOn": "", - "buildFinishedOn": "", - "completeness": { - "parameters": "false", - "environment": "false", - "materials": "false" - }, - "reproducible": "false" - }, - "materials": [ - { - "uri": "", - "digest": {} - } - ] - } - } - ], - "npm Registry": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "subject": [ - { - "name": "pkg:npm/%40sigstore/mock@0.1.0", - "digest": { - "sha512": "2b9cd6c43c73c1f5eaf0fa2b2899f17822c49d95a3c42f545ee28c081a3e413d044e2095fe26e3d5b2a9e7337ed95371fa88e417b560893959c7710c5991b0c2" - } - } - ], - "predicateType": "https://slsa.dev/provenance/v0.2", - "predicate": { - "buildType": "https://github.com/npm/cli/gha/v2", - "builder": { - "id": "https://github.com/actions/runner" - }, - "invocation": { - "configSource": { - "uri": "git+https://github.com/sigstore/sigstore-js@refs/heads/main", - "digest": { - "sha1": "ebdcfdfbdfeb9c9aeee6df53674ef230613629f5" - }, - "entryPoint": ".github/workflows/release.yml" - }, - "parameters": {}, - "environment": { - "GITHUB_EVENT_NAME": "push", - "GITHUB_REF": "refs/heads/main", - "GITHUB_REPOSITORY": "sigstore/sigstore-js", - "GITHUB_REPOSITORY_ID": "495574555", - "GITHUB_REPOSITORY_OWNER_ID": "71096353", - "GITHUB_RUN_ATTEMPT": "1", - "GITHUB_RUN_ID": "5425054346", - "GITHUB_SHA": "ebdcfdfbdfeb9c9aeee6df53674ef230613629f5", - "GITHUB_WORKFLOW_REF": "sigstore/sigstore-js/.github/workflows/release.yml@refs/heads/main", - "GITHUB_WORKFLOW_SHA": "ebdcfdfbdfeb9c9aeee6df53674ef230613629f5" - } - }, - "metadata": { - "buildInvocationId": "5425054346-1", - "completeness": { - "parameters": false, - "environment": false, - "materials": false - }, - "reproducible": false - }, - "materials": [ - { - "uri": "git+https://github.com/sigstore/sigstore-js@refs/heads/main", - "digest": { - "sha1": "ebdcfdfbdfeb9c9aeee6df53674ef230613629f5" - } - } - ] - } - } - ] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 6, - "PASSED": 5, - "SKIPPED": 0, - "UNKNOWN": 1 - }, - "results": [ - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "UNKNOWN" - }, - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "build_tool_name: npm", - "ci_service_name: github_actions", - "language: javascript", - "deploy_command: changesets/action", - { - "build_trigger": "https://github.com/sigstore/sigstore-js/blob/ebdcfdfbdfeb9c9aeee6df53674ef230613629f5/.github/workflows/release.yml" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "build_tool_name: npm", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVASCRIPT", - "build_tool_command: [\"npm\", \"ci\"]", - { - "build_trigger": "https://github.com/sigstore/sigstore-js/blob/ebdcfdfbdfeb9c9aeee6df53674ef230613629f5/.github/workflows/ci.yml" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "asset_name: mock", - { - "asset_url": "https://registry.npmjs.org/-/npm/v1/attestations/@sigstore/mock@0.1.0" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "git_repo": "https://github.com/sigstore/sigstore-js" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "check_description": "Detects potential pipelines from which an artifact is published.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "check_description": "Check whether the commit came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "commit_digest: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "check_description": "Check whether the repo came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "repository_url: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "check_description": "Check whether the target has a level-1 witness provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -} diff --git a/tests/e2e/expected_results/purl/org_tinymediamanager/tinyMediaManager.dl b/tests/e2e/expected_results/purl/org_tinymediamanager/tinyMediaManager.dl new file mode 100644 index 000000000..11e3f4b73 --- /dev/null +++ b/tests/e2e/expected_results/purl/org_tinymediamanager/tinyMediaManager.dl @@ -0,0 +1,22 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_build_script_1"), + check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_build_as_code_1"), + check_failed(component_id, "mcn_build_service_1"), + check_failed(component_id, "mcn_infer_artifact_pipeline_1"), + check_failed(component_id, "mcn_provenance_available_1"), + check_failed(component_id, "mcn_provenance_derived_commit_1"), + check_failed(component_id, "mcn_provenance_derived_repo_1"), + check_failed(component_id, "mcn_provenance_expectation_1"), + check_failed(component_id, "mcn_provenance_level_three_1"), + check_failed(component_id, "mcn_provenance_witness_level_one_1"), + check_failed(component_id, "mcn_trusted_builder_level_three_1"), + is_repo_url(component_id, "https://gitlab.com/tinyMediaManager/tinyMediaManager"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:maven/org.tinymediamanager/tinyMediaManager@4.3.13"). diff --git a/tests/e2e/expected_results/purl/org_tinymediamanager/tinyMediaManager.json b/tests/e2e/expected_results/purl/org_tinymediamanager/tinyMediaManager.json deleted file mode 100644 index 285c1f449..000000000 --- a/tests/e2e/expected_results/purl/org_tinymediamanager/tinyMediaManager.json +++ /dev/null @@ -1,311 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-07 15:14:25", - "has_passing_check": true, - "run_checks": [ - "mcn_provenance_available_1", - "mcn_provenance_witness_level_one_1", - "mcn_build_as_code_1", - "mcn_provenance_derived_commit_1", - "mcn_provenance_level_three_1", - "mcn_version_control_system_1", - "mcn_infer_artifact_pipeline_1", - "mcn_trusted_builder_level_three_1", - "mcn_build_script_1", - "mcn_build_service_1", - "mcn_provenance_expectation_1", - "mcn_provenance_derived_repo_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_level_three_1": {}, - "mcn_provenance_expectation_1": {}, - "mcn_provenance_witness_level_one_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_build_service_1": {}, - "mcn_infer_artifact_pipeline_1": {} - } - }, - "mcn_build_script_1": {} - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:maven/org.tinymediamanager/tinyMediaManager@4.3.13", - "local_cloned_path": "git_repos/gitlab_com/tinyMediaManager/tinyMediaManager", - "remote_path": "https://gitlab.com/tinyMediaManager/tinyMediaManager", - "branch": null, - "commit_hash": "968745f6b9d592af053f0ef5610357435a0e3b5a", - "commit_date": "2023-08-19T11:27:15+00:00" - }, - "provenances": { - "is_inferred": true, - "content": { - "gitlab_ci": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "subject": [], - "predicateType": "https://slsa.dev/provenance/v0.2", - "predicate": { - "builder": { - "id": "" - }, - "buildType": "", - "invocation": { - "configSource": { - "uri": "", - "digest": { - "sha1": "" - }, - "entryPoint": "" - }, - "parameters": {}, - "environment": {} - }, - "buildConfig": { - "jobID": "", - "stepID": "" - }, - "metadata": { - "buildInvocationId": "", - "buildStartedOn": "", - "buildFinishedOn": "", - "completeness": { - "parameters": "false", - "environment": "false", - "materials": "false" - }, - "reproducible": "false" - }, - "materials": [ - { - "uri": "", - "digest": {} - } - ] - } - } - ], - "Maven Central Registry": [] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 10, - "PASSED": 2, - "SKIPPED": 0, - "UNKNOWN": 0 - }, - "results": [ - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "git_repo": "https://gitlab.com/tinyMediaManager/tinyMediaManager" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "check_description": "Detects potential pipelines from which an artifact is published.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "check_description": "Check whether the commit came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "commit_digest: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "check_description": "Check whether the repo came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "repository_url: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "check_description": "Check whether the target has a level-1 witness provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -} diff --git a/tests/e2e/expected_results/react-pdf/react-pdf.dl b/tests/e2e/expected_results/react-pdf/react-pdf.dl new file mode 100644 index 000000000..f24ebd492 --- /dev/null +++ b/tests/e2e/expected_results/react-pdf/react-pdf.dl @@ -0,0 +1,22 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_build_as_code_1"), + check_passed(component_id, "mcn_build_script_1"), + check_passed(component_id, "mcn_build_service_1"), + check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_infer_artifact_pipeline_1"), + check_failed(component_id, "mcn_provenance_available_1"), + check_failed(component_id, "mcn_provenance_derived_commit_1"), + check_failed(component_id, "mcn_provenance_derived_repo_1"), + check_failed(component_id, "mcn_provenance_expectation_1"), + check_failed(component_id, "mcn_provenance_level_three_1"), + check_failed(component_id, "mcn_provenance_witness_level_one_1"), + check_failed(component_id, "mcn_trusted_builder_level_three_1"), + is_repo_url(component_id, "https://github.com/wojtekmaj/react-pdf"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:github.com/wojtekmaj/react-pdf@be18436b7be827eb993b2e1e4bd9230dd835a9a3"). diff --git a/tests/e2e/expected_results/react-pdf/react-pdf.json b/tests/e2e/expected_results/react-pdf/react-pdf.json deleted file mode 100644 index c66a907a2..000000000 --- a/tests/e2e/expected_results/react-pdf/react-pdf.json +++ /dev/null @@ -1,324 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-07 15:10:26", - "has_passing_check": true, - "run_checks": [ - "mcn_provenance_available_1", - "mcn_provenance_witness_level_one_1", - "mcn_build_as_code_1", - "mcn_provenance_derived_commit_1", - "mcn_provenance_level_three_1", - "mcn_version_control_system_1", - "mcn_infer_artifact_pipeline_1", - "mcn_trusted_builder_level_three_1", - "mcn_build_script_1", - "mcn_build_service_1", - "mcn_provenance_expectation_1", - "mcn_provenance_derived_repo_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_witness_level_one_1": {}, - "mcn_provenance_expectation_1": {}, - "mcn_provenance_level_three_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_build_script_1": {}, - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_infer_artifact_pipeline_1": {}, - "mcn_build_service_1": {} - } - } - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:github.com/wojtekmaj/react-pdf@be18436b7be827eb993b2e1e4bd9230dd835a9a3", - "local_cloned_path": "git_repos/github_com/wojtekmaj/react-pdf", - "remote_path": "https://github.com/wojtekmaj/react-pdf", - "branch": "main", - "commit_hash": "be18436b7be827eb993b2e1e4bd9230dd835a9a3", - "commit_date": "2023-09-08T16:10:19+02:00" - }, - "provenances": { - "is_inferred": true, - "content": { - "github_actions": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "subject": [], - "predicateType": "https://slsa.dev/provenance/v0.2", - "predicate": { - "builder": { - "id": "https://github.com/wojtekmaj/react-pdf/blob/be18436b7be827eb993b2e1e4bd9230dd835a9a3/.github/workflows/publish.yml" - }, - "buildType": "Custom github_actions", - "invocation": { - "configSource": { - "uri": "https://github.com/wojtekmaj/react-pdf@refs/heads/main", - "digest": { - "sha1": "be18436b7be827eb993b2e1e4bd9230dd835a9a3" - }, - "entryPoint": "https://github.com/wojtekmaj/react-pdf/blob/be18436b7be827eb993b2e1e4bd9230dd835a9a3/.github/workflows/publish.yml" - }, - "parameters": {}, - "environment": {} - }, - "buildConfig": { - "jobID": "publish", - "stepID": "", - "stepName": "Publish with latest tag" - }, - "metadata": { - "buildInvocationId": "", - "buildStartedOn": "", - "buildFinishedOn": "", - "completeness": { - "parameters": "false", - "environment": "false", - "materials": "false" - }, - "reproducible": "false" - }, - "materials": [ - { - "uri": "", - "digest": {} - } - ] - } - } - ], - "npm Registry": [] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 8, - "PASSED": 4, - "SKIPPED": 0, - "UNKNOWN": 0 - }, - "results": [ - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "build_tool_name: yarn", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVASCRIPT", - "deploy_command: [\"yarn\", \"npm\", \"publish\", \"--tag\", \"latest\"]", - { - "build_trigger": "https://github.com/wojtekmaj/react-pdf/blob/be18436b7be827eb993b2e1e4bd9230dd835a9a3/.github/workflows/publish.yml" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "build_tool_name: yarn", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVASCRIPT", - "build_tool_command: [\"yarn\", \"--immutable\"]", - { - "build_trigger": "https://github.com/wojtekmaj/react-pdf/blob/be18436b7be827eb993b2e1e4bd9230dd835a9a3/.github/workflows/ci.yml" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "git_repo": "https://github.com/wojtekmaj/react-pdf" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "check_description": "Detects potential pipelines from which an artifact is published.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "check_description": "Check whether the commit came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "commit_digest: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "check_description": "Check whether the repo came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "repository_url: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "check_description": "Check whether the target has a level-1 witness provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -} diff --git a/tests/e2e/expected_results/scorecard/scorecard.dl b/tests/e2e/expected_results/scorecard/scorecard.dl new file mode 100644 index 000000000..a69a7335b --- /dev/null +++ b/tests/e2e/expected_results/scorecard/scorecard.dl @@ -0,0 +1,15 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_provenance_available_1"), + check_passed(component_id, "mcn_provenance_expectation_1"), + check_passed(component_id, "mcn_provenance_level_three_1"), + check_passed(component_id, "mcn_trusted_builder_level_three_1"), + check_passed(component_id, "mcn_version_control_system_1"), + is_repo_url(component_id, "https://github.com/ossf/scorecard"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:github/ossf/scorecard@v4.13.1"). diff --git a/tests/e2e/expected_results/scorecard/scorecard.json b/tests/e2e/expected_results/scorecard/scorecard.json deleted file mode 100644 index 5400357f2..000000000 --- a/tests/e2e/expected_results/scorecard/scorecard.json +++ /dev/null @@ -1,461 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-07 15:16:22", - "has_passing_check": true, - "run_checks": [ - "mcn_provenance_available_1", - "mcn_provenance_level_three_1", - "mcn_provenance_expectation_1", - "mcn_version_control_system_1", - "mcn_trusted_builder_level_three_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_expectation_1": {}, - "mcn_provenance_level_three_1": {}, - "mcn_provenance_witness_level_one_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_build_script_1": {}, - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_build_service_1": {}, - "mcn_infer_artifact_pipeline_1": {} - } - } - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:github/ossf/scorecard@v4.13.1", - "local_cloned_path": "git_repos/github_com/ossf/scorecard", - "remote_path": "https://github.com/ossf/scorecard", - "branch": null, - "commit_hash": "49c0eed3a423f00c872b5c3c9f1bbca9e8aae799", - "commit_date": "2023-10-20T14:13:08-07:00" - }, - "provenances": { - "is_inferred": false, - "content": { - "github_actions": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "predicateType": "https://slsa.dev/provenance/v0.2", - "subject": [ - { - "name": "scorecard_4.13.1_linux_amd64.tar.gz", - "digest": { - "sha256": "53aa07786f2d985d0755ff9caad4e38c0a22596708de0728c5274f84ae48f785" - } - }, - { - "name": "scorecard_4.13.1_darwin_arm64.tar.gz", - "digest": { - "sha256": "59f7599b7602cc0cc9c6ffc335fb4613b28c22801f957805db7213601818d9fc" - } - }, - { - "name": "scorecard_4.13.1_darwin_amd64.tar.gz", - "digest": { - "sha256": "6853fbb5e508f5b763a478cdc30c8b7023b7493dab2c2ec5a7d98be675775472" - } - }, - { - "name": "scorecard_4.13.1_windows_arm64.tar.gz", - "digest": { - "sha256": "8e2f9cb839f3304d8affc0c61e173c4f89ddaa4e85dd9c0b2699877948a15ee7" - } - }, - { - "name": "scorecard_4.13.1_windows_amd64.tar.gz", - "digest": { - "sha256": "b6c231cf4aa7e2e4e65d70f28867a670b8b1e66e946603ae9e197d495eed8922" - } - }, - { - "name": "scorecard_4.13.1_linux_arm64.tar.gz", - "digest": { - "sha256": "d59d75eec0e91abbe65365b866fd0f298ddb9f4bcdda207a7f650720015d0f4f" - } - } - ], - "predicate": { - "builder": { - "id": "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v1.9.0" - }, - "buildType": "https://github.com/slsa-framework/slsa-github-generator/generic@v1", - "invocation": { - "configSource": { - "uri": "git+https://github.com/ossf/scorecard@refs/tags/v4.13.1", - "digest": { - "sha1": "49c0eed3a423f00c872b5c3c9f1bbca9e8aae799" - }, - "entryPoint": ".github/workflows/goreleaser.yaml" - }, - "parameters": {}, - "environment": { - "github_actor": "spencerschrock", - "github_actor_id": "6064089", - "github_base_ref": "", - "github_event_name": "push", - "github_event_payload": { - "after": "b2413fb129deaedd2bafff0948557e79524739a0", - "base_ref": null, - "before": "0000000000000000000000000000000000000000", - "commits": [], - "compare": "https://github.com/ossf/scorecard/compare/v4.13.1", - "created": true, - "deleted": false, - "forced": false, - "head_commit": { - "author": { - "email": "martin@martincostello.com", - "name": "Martin Costello", - "username": "martincostello" - }, - "committer": { - "email": "noreply@github.com", - "name": "GitHub", - "username": "web-flow" - }, - "distinct": true, - "id": "49c0eed3a423f00c872b5c3c9f1bbca9e8aae799", - "message": ":bug: SAST detect new GitHub app slug for CodeQL (#3591)\n\n* Fix SAST no longer working for CodeQL\r\n\r\nThe app slug for CodeQL appears to have changed from `github-advanced-security` to `github-code-scanning`, causing the SAST rule to false-negative on commits.\r\n\r\nSigned-off-by: martincostello \r\n\r\n* Fix lint warning\r\n\r\nFix lint warning.\r\n\r\nSigned-off-by: martincostello \r\n\r\n---------\r\n\r\nSigned-off-by: martincostello ", - "timestamp": "2023-10-20T14:13:08-07:00", - "tree_id": "8ad5db71b5707987aa7cf7cc55b2836a3d16a3c0", - "url": "https://github.com/ossf/scorecard/commit/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799" - }, - "organization": { - "avatar_url": "https://avatars.githubusercontent.com/u/67707773?v=4", - "description": "", - "events_url": "https://api.github.com/orgs/ossf/events", - "hooks_url": "https://api.github.com/orgs/ossf/hooks", - "id": 67707773, - "issues_url": "https://api.github.com/orgs/ossf/issues", - "login": "ossf", - "members_url": "https://api.github.com/orgs/ossf/members{/member}", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjY3NzA3Nzcz", - "public_members_url": "https://api.github.com/orgs/ossf/public_members{/member}", - "repos_url": "https://api.github.com/orgs/ossf/repos", - "url": "https://api.github.com/orgs/ossf" - }, - "pusher": { - "email": "sschrock@google.com", - "name": "spencerschrock" - }, - "ref": "refs/tags/v4.13.1", - "repository": { - "allow_forking": true, - "archive_url": "https://api.github.com/repos/ossf/scorecard/{archive_format}{/ref}", - "archived": false, - "assignees_url": "https://api.github.com/repos/ossf/scorecard/assignees{/user}", - "blobs_url": "https://api.github.com/repos/ossf/scorecard/git/blobs{/sha}", - "branches_url": "https://api.github.com/repos/ossf/scorecard/branches{/branch}", - "clone_url": "https://github.com/ossf/scorecard.git", - "collaborators_url": "https://api.github.com/repos/ossf/scorecard/collaborators{/collaborator}", - "comments_url": "https://api.github.com/repos/ossf/scorecard/comments{/number}", - "commits_url": "https://api.github.com/repos/ossf/scorecard/commits{/sha}", - "compare_url": "https://api.github.com/repos/ossf/scorecard/compare/{base}...{head}", - "contents_url": "https://api.github.com/repos/ossf/scorecard/contents/{+path}", - "contributors_url": "https://api.github.com/repos/ossf/scorecard/contributors", - "created_at": 1602254907, - "default_branch": "main", - "deployments_url": "https://api.github.com/repos/ossf/scorecard/deployments", - "description": "OpenSSF Scorecard - Security health metrics for Open Source", - "disabled": false, - "downloads_url": "https://api.github.com/repos/ossf/scorecard/downloads", - "events_url": "https://api.github.com/repos/ossf/scorecard/events", - "fork": false, - "forks": 412, - "forks_count": 412, - "forks_url": "https://api.github.com/repos/ossf/scorecard/forks", - "full_name": "ossf/scorecard", - "git_commits_url": "https://api.github.com/repos/ossf/scorecard/git/commits{/sha}", - "git_refs_url": "https://api.github.com/repos/ossf/scorecard/git/refs{/sha}", - "git_tags_url": "https://api.github.com/repos/ossf/scorecard/git/tags{/sha}", - "git_url": "git://github.com/ossf/scorecard.git", - "has_discussions": true, - "has_downloads": true, - "has_issues": true, - "has_pages": false, - "has_projects": true, - "has_wiki": true, - "homepage": "https://securityscorecards.dev", - "hooks_url": "https://api.github.com/repos/ossf/scorecard/hooks", - "html_url": "https://github.com/ossf/scorecard", - "id": 302670797, - "is_template": false, - "issue_comment_url": "https://api.github.com/repos/ossf/scorecard/issues/comments{/number}", - "issue_events_url": "https://api.github.com/repos/ossf/scorecard/issues/events{/number}", - "issues_url": "https://api.github.com/repos/ossf/scorecard/issues{/number}", - "keys_url": "https://api.github.com/repos/ossf/scorecard/keys{/key_id}", - "labels_url": "https://api.github.com/repos/ossf/scorecard/labels{/name}", - "language": "Go", - "languages_url": "https://api.github.com/repos/ossf/scorecard/languages", - "license": { - "key": "apache-2.0", - "name": "Apache License 2.0", - "node_id": "MDc6TGljZW5zZTI=", - "spdx_id": "Apache-2.0", - "url": "https://api.github.com/licenses/apache-2.0" - }, - "master_branch": "main", - "merges_url": "https://api.github.com/repos/ossf/scorecard/merges", - "milestones_url": "https://api.github.com/repos/ossf/scorecard/milestones{/number}", - "mirror_url": null, - "name": "scorecard", - "node_id": "MDEwOlJlcG9zaXRvcnkzMDI2NzA3OTc=", - "notifications_url": "https://api.github.com/repos/ossf/scorecard/notifications{?since,all,participating}", - "open_issues": 373, - "open_issues_count": 373, - "organization": "ossf", - "owner": { - "avatar_url": "https://avatars.githubusercontent.com/u/67707773?v=4", - "email": null, - "events_url": "https://api.github.com/users/ossf/events{/privacy}", - "followers_url": "https://api.github.com/users/ossf/followers", - "following_url": "https://api.github.com/users/ossf/following{/other_user}", - "gists_url": "https://api.github.com/users/ossf/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/ossf", - "id": 67707773, - "login": "ossf", - "name": "ossf", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjY3NzA3Nzcz", - "organizations_url": "https://api.github.com/users/ossf/orgs", - "received_events_url": "https://api.github.com/users/ossf/received_events", - "repos_url": "https://api.github.com/users/ossf/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/ossf/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/ossf/subscriptions", - "type": "Organization", - "url": "https://api.github.com/users/ossf" - }, - "private": false, - "pulls_url": "https://api.github.com/repos/ossf/scorecard/pulls{/number}", - "pushed_at": 1697837700, - "releases_url": "https://api.github.com/repos/ossf/scorecard/releases{/id}", - "size": 151342, - "ssh_url": "git@github.com:ossf/scorecard.git", - "stargazers": 3743, - "stargazers_count": 3743, - "stargazers_url": "https://api.github.com/repos/ossf/scorecard/stargazers", - "statuses_url": "https://api.github.com/repos/ossf/scorecard/statuses/{sha}", - "subscribers_url": "https://api.github.com/repos/ossf/scorecard/subscribers", - "subscription_url": "https://api.github.com/repos/ossf/scorecard/subscription", - "svn_url": "https://github.com/ossf/scorecard", - "tags_url": "https://api.github.com/repos/ossf/scorecard/tags", - "teams_url": "https://api.github.com/repos/ossf/scorecard/teams", - "topics": [ - "openssf-scorecard", - "scorecard" - ], - "trees_url": "https://api.github.com/repos/ossf/scorecard/git/trees{/sha}", - "updated_at": "2023-10-20T08:57:02Z", - "url": "https://github.com/ossf/scorecard", - "visibility": "public", - "watchers": 3743, - "watchers_count": 3743, - "web_commit_signoff_required": true - }, - "sender": { - "avatar_url": "https://avatars.githubusercontent.com/u/6064089?v=4", - "events_url": "https://api.github.com/users/spencerschrock/events{/privacy}", - "followers_url": "https://api.github.com/users/spencerschrock/followers", - "following_url": "https://api.github.com/users/spencerschrock/following{/other_user}", - "gists_url": "https://api.github.com/users/spencerschrock/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/spencerschrock", - "id": 6064089, - "login": "spencerschrock", - "node_id": "MDQ6VXNlcjYwNjQwODk=", - "organizations_url": "https://api.github.com/users/spencerschrock/orgs", - "received_events_url": "https://api.github.com/users/spencerschrock/received_events", - "repos_url": "https://api.github.com/users/spencerschrock/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/spencerschrock/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/spencerschrock/subscriptions", - "type": "User", - "url": "https://api.github.com/users/spencerschrock" - } - }, - "github_head_ref": "", - "github_ref": "refs/tags/v4.13.1", - "github_ref_type": "tag", - "github_repository_id": "302670797", - "github_repository_owner": "ossf", - "github_repository_owner_id": "67707773", - "github_run_attempt": "1", - "github_run_id": "6592927372", - "github_run_number": "50", - "github_sha1": "49c0eed3a423f00c872b5c3c9f1bbca9e8aae799" - } - }, - "metadata": { - "buildInvocationID": "6592927372-1", - "completeness": { - "parameters": true, - "environment": false, - "materials": false - }, - "reproducible": false - }, - "materials": [ - { - "uri": "git+https://github.com/ossf/scorecard@refs/tags/v4.13.1", - "digest": { - "sha1": "49c0eed3a423f00c872b5c3c9f1bbca9e8aae799" - } - } - ] - } - } - ] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 0, - "PASSED": 5, - "SKIPPED": 0, - "UNKNOWN": 0 - }, - "results": [ - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "asset_name: multiple.intoto.jsonl", - { - "asset_url": "https://api.github.com/repos/ossf/scorecard/releases/assets/131611370" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - { - "asset_url": "https://api.github.com/repos/ossf/scorecard/releases/assets/131611370" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "build_tool_name: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.9.0", - "ci_service_name: github_actions", - { - "build_trigger": "https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/.github/workflows/slsa-goreleaser.yml" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "git_repo": "https://github.com/ossf/scorecard" - } - ], - "result_type": "PASSED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -} diff --git a/tests/e2e/expected_results/sget/sget.dl b/tests/e2e/expected_results/sget/sget.dl new file mode 100644 index 000000000..f440feefe --- /dev/null +++ b/tests/e2e/expected_results/sget/sget.dl @@ -0,0 +1,22 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_build_as_code_1"), + check_passed(component_id, "mcn_build_script_1"), + check_passed(component_id, "mcn_build_service_1"), + check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_infer_artifact_pipeline_1"), + check_failed(component_id, "mcn_provenance_available_1"), + check_failed(component_id, "mcn_provenance_derived_commit_1"), + check_failed(component_id, "mcn_provenance_derived_repo_1"), + check_failed(component_id, "mcn_provenance_expectation_1"), + check_failed(component_id, "mcn_provenance_level_three_1"), + check_failed(component_id, "mcn_provenance_witness_level_one_1"), + check_failed(component_id, "mcn_trusted_builder_level_three_1"), + is_repo_url(component_id, "https://github.com/sigstore/sget"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:github.com/sigstore/sget@99e7b91204d391ccc76507f7079b6d2a7957489e"). diff --git a/tests/e2e/expected_results/sget/sget.json b/tests/e2e/expected_results/sget/sget.json deleted file mode 100644 index 7b6865f8f..000000000 --- a/tests/e2e/expected_results/sget/sget.json +++ /dev/null @@ -1,323 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-07 15:10:28", - "has_passing_check": true, - "run_checks": [ - "mcn_provenance_available_1", - "mcn_provenance_witness_level_one_1", - "mcn_build_as_code_1", - "mcn_provenance_derived_commit_1", - "mcn_provenance_level_three_1", - "mcn_version_control_system_1", - "mcn_infer_artifact_pipeline_1", - "mcn_trusted_builder_level_three_1", - "mcn_build_script_1", - "mcn_build_service_1", - "mcn_provenance_expectation_1", - "mcn_provenance_derived_repo_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_expectation_1": {}, - "mcn_provenance_level_three_1": {}, - "mcn_provenance_witness_level_one_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_build_script_1": {}, - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_infer_artifact_pipeline_1": {}, - "mcn_build_service_1": {} - } - } - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:github.com/sigstore/sget@99e7b91204d391ccc76507f7079b6d2a7957489e", - "local_cloned_path": "git_repos/github_com/sigstore/sget", - "remote_path": "https://github.com/sigstore/sget", - "branch": "main", - "commit_hash": "99e7b91204d391ccc76507f7079b6d2a7957489e", - "commit_date": "2023-03-13T16:27:11+01:00" - }, - "provenances": { - "is_inferred": true, - "content": { - "github_actions": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "subject": [], - "predicateType": "https://slsa.dev/provenance/v0.2", - "predicate": { - "builder": { - "id": "https://github.com/sigstore/sget/blob/99e7b91204d391ccc76507f7079b6d2a7957489e/.github/workflows/release.yml" - }, - "buildType": "Custom github_actions", - "invocation": { - "configSource": { - "uri": "https://github.com/sigstore/sget@refs/heads/main", - "digest": { - "sha1": "99e7b91204d391ccc76507f7079b6d2a7957489e" - }, - "entryPoint": "https://github.com/sigstore/sget/blob/99e7b91204d391ccc76507f7079b6d2a7957489e/.github/workflows/release.yml" - }, - "parameters": {}, - "environment": {} - }, - "buildConfig": { - "jobID": "release", - "stepID": "", - "stepName": "" - }, - "metadata": { - "buildInvocationId": "", - "buildStartedOn": "", - "buildFinishedOn": "", - "completeness": { - "parameters": "false", - "environment": "false", - "materials": "false" - }, - "reproducible": "false" - }, - "materials": [ - { - "uri": "", - "digest": {} - } - ] - } - } - ] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 8, - "PASSED": 4, - "SKIPPED": 0, - "UNKNOWN": 0 - }, - "results": [ - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "build_tool_name: go", - "ci_service_name: github_actions", - "language: go", - "deploy_command: goreleaser/goreleaser-action", - { - "build_trigger": "https://github.com/sigstore/sget/blob/99e7b91204d391ccc76507f7079b6d2a7957489e/.github/workflows/release.yml" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "build_tool_name: go", - "ci_service_name: github_actions", - "language: BuildLanguage.GO", - "build_tool_command: [\"go\", \"build\", \"./...\"]", - { - "build_trigger": "https://github.com/sigstore/sget/blob/99e7b91204d391ccc76507f7079b6d2a7957489e/.github/workflows/build.yaml" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "git_repo": "https://github.com/sigstore/sget" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "check_description": "Detects potential pipelines from which an artifact is published.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "check_description": "Check whether the commit came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "commit_digest: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "check_description": "Check whether the repo came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "repository_url: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "check_description": "Check whether the target has a level-1 witness provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -} diff --git a/tests/e2e/expected_results/slsa-verifier/slsa-verifier_cue_PASS.dl b/tests/e2e/expected_results/slsa-verifier/slsa-verifier_cue_PASS.dl new file mode 100644 index 000000000..e27522f1a --- /dev/null +++ b/tests/e2e/expected_results/slsa-verifier/slsa-verifier_cue_PASS.dl @@ -0,0 +1,21 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_build_as_code_1"), + check_passed(component_id, "mcn_build_script_1"), + check_passed(component_id, "mcn_build_service_1"), + check_passed(component_id, "mcn_provenance_available_1"), + check_passed(component_id, "mcn_provenance_expectation_1"), + check_passed(component_id, "mcn_trusted_builder_level_three_1"), + check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_infer_artifact_pipeline_1"), + check_failed(component_id, "mcn_provenance_derived_commit_1"), + check_failed(component_id, "mcn_provenance_derived_repo_1"), + check_failed(component_id, "mcn_provenance_witness_level_one_1"), + is_repo_url(component_id, "https://github.com/slsa-framework/slsa-verifier"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:github.com/slsa-framework/slsa-verifier@fc50b662fcfeeeb0e97243554b47d9b20b14efac"). diff --git a/tests/e2e/expected_results/slsa-verifier/slsa-verifier_cue_PASS.json b/tests/e2e/expected_results/slsa-verifier/slsa-verifier_cue_PASS.json deleted file mode 100644 index c433cbdc3..000000000 --- a/tests/e2e/expected_results/slsa-verifier/slsa-verifier_cue_PASS.json +++ /dev/null @@ -1,2008 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-07 15:16:35", - "has_passing_check": true, - "run_checks": [ - "mcn_provenance_witness_level_one_1", - "mcn_version_control_system_1", - "mcn_build_script_1", - "mcn_build_service_1", - "mcn_provenance_derived_commit_1", - "mcn_provenance_expectation_1", - "mcn_infer_artifact_pipeline_1", - "mcn_provenance_derived_repo_1", - "mcn_build_as_code_1", - "mcn_trusted_builder_level_three_1", - "mcn_provenance_available_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_level_three_1": {}, - "mcn_provenance_witness_level_one_1": {}, - "mcn_provenance_expectation_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_build_script_1": {}, - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_build_service_1": {}, - "mcn_infer_artifact_pipeline_1": {} - } - } - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:github.com/slsa-framework/slsa-verifier@fc50b662fcfeeeb0e97243554b47d9b20b14efac", - "local_cloned_path": "git_repos/github_com/slsa-framework/slsa-verifier", - "remote_path": "https://github.com/slsa-framework/slsa-verifier", - "branch": "main", - "commit_hash": "fc50b662fcfeeeb0e97243554b47d9b20b14efac", - "commit_date": "2022-10-04T01:00:02+00:00" - }, - "provenances": { - "is_inferred": false, - "content": { - "github_actions": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "predicateType": "https://slsa.dev/provenance/v0.2", - "subject": [ - { - "name": "slsa-verifier-darwin-amd64", - "digest": { - "sha256": "6246ff80cbd3d272bf843d72d1562cafb7c59b45b5b555fbee92df90547b4256" - } - } - ], - "predicate": { - "builder": { - "id": "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@refs/tags/v1.10.0" - }, - "buildType": "https://github.com/slsa-framework/slsa-github-generator/go@v1", - "invocation": { - "configSource": { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.5.1", - "digest": { - "sha1": "eb7007070baa04976cb9e25a0d8034f8db030a86" - }, - "entryPoint": ".github/workflows/release.yml" - }, - "parameters": {}, - "environment": { - "arch": "X64", - "github_actor": "laurentsimon", - "github_actor_id": "64505099", - "github_base_ref": "", - "github_event_name": "push", - "github_event_payload": { - "after": "eb7007070baa04976cb9e25a0d8034f8db030a86", - "base_ref": "refs/heads/main", - "before": "0000000000000000000000000000000000000000", - "commits": [], - "compare": "https://github.com/slsa-framework/slsa-verifier/compare/v2.5.1", - "created": true, - "deleted": false, - "enterprise": { - "avatar_url": "https://avatars.githubusercontent.com/b/102459?v=4", - "created_at": "2023-12-08T05:54:26Z", - "description": "Open Source Security Foundation (OpenSSF)", - "html_url": "https://github.com/enterprises/openssf", - "id": 102459, - "name": "Open Source Security Foundation", - "node_id": "E_kgDOAAGQOw", - "slug": "openssf", - "updated_at": "2024-01-06T00:47:02Z", - "website_url": "https://openssf.org/" - }, - "forced": false, - "head_commit": { - "author": { - "email": "64505099+laurentsimon@users.noreply.github.com", - "name": "laurentsimon", - "username": "laurentsimon" - }, - "committer": { - "email": "noreply@github.com", - "name": "GitHub", - "username": "web-flow" - }, - "distinct": true, - "id": "eb7007070baa04976cb9e25a0d8034f8db030a86", - "message": "feat: Update verifier version in GHA installer (#747)\n\nThis is part of the release tests in\r\nhttps://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md#dry-run\r\nto verify that the Action installer works.\r\n\r\nA follow up PR will be sent prior to release to update to `v2.5.0`\r\n\r\n---------\r\n\r\nSigned-off-by: laurentsimon ", - "timestamp": "2024-03-25T14:54:53Z", - "tree_id": "821166b47987861864888c07fde313b8be8ffc4c", - "url": "https://github.com/slsa-framework/slsa-verifier/commit/eb7007070baa04976cb9e25a0d8034f8db030a86" - }, - "organization": { - "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", - "description": "Supply-chain Levels for Software Artifacts", - "events_url": "https://api.github.com/orgs/slsa-framework/events", - "hooks_url": "https://api.github.com/orgs/slsa-framework/hooks", - "id": 80431187, - "issues_url": "https://api.github.com/orgs/slsa-framework/issues", - "login": "slsa-framework", - "members_url": "https://api.github.com/orgs/slsa-framework/members{/member}", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjgwNDMxMTg3", - "public_members_url": "https://api.github.com/orgs/slsa-framework/public_members{/member}", - "repos_url": "https://api.github.com/orgs/slsa-framework/repos", - "url": "https://api.github.com/orgs/slsa-framework" - }, - "pusher": { - "email": "64505099+laurentsimon@users.noreply.github.com", - "name": "laurentsimon" - }, - "ref": "refs/tags/v2.5.1", - "repository": { - "allow_forking": true, - "archive_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/{archive_format}{/ref}", - "archived": false, - "assignees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/assignees{/user}", - "blobs_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/blobs{/sha}", - "branches_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/branches{/branch}", - "clone_url": "https://github.com/slsa-framework/slsa-verifier.git", - "collaborators_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/collaborators{/collaborator}", - "comments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/comments{/number}", - "commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/commits{/sha}", - "compare_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/compare/{base}...{head}", - "contents_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contents/{+path}", - "contributors_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contributors", - "created_at": 1648242107, - "custom_properties": {}, - "default_branch": "main", - "deployments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/deployments", - "description": "Verify provenance from SLSA compliant builders", - "disabled": false, - "downloads_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/downloads", - "events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/events", - "fork": false, - "forks": 40, - "forks_count": 40, - "forks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/forks", - "full_name": "slsa-framework/slsa-verifier", - "git_commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/commits{/sha}", - "git_refs_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/refs{/sha}", - "git_tags_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/tags{/sha}", - "git_url": "git://github.com/slsa-framework/slsa-verifier.git", - "has_discussions": false, - "has_downloads": true, - "has_issues": true, - "has_pages": false, - "has_projects": true, - "has_wiki": true, - "homepage": "", - "hooks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/hooks", - "html_url": "https://github.com/slsa-framework/slsa-verifier", - "id": 474162642, - "is_template": false, - "issue_comment_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues/comments{/number}", - "issue_events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues/events{/number}", - "issues_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues{/number}", - "keys_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/keys{/key_id}", - "labels_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/labels{/name}", - "language": "Go", - "languages_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/languages", - "license": { - "key": "apache-2.0", - "name": "Apache License 2.0", - "node_id": "MDc6TGljZW5zZTI=", - "spdx_id": "Apache-2.0", - "url": "https://api.github.com/licenses/apache-2.0" - }, - "master_branch": "main", - "merges_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/merges", - "milestones_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/milestones{/number}", - "mirror_url": null, - "name": "slsa-verifier", - "node_id": "R_kgDOHEMl0g", - "notifications_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/notifications{?since,all,participating}", - "open_issues": 129, - "open_issues_count": 129, - "organization": "slsa-framework", - "owner": { - "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", - "email": null, - "events_url": "https://api.github.com/users/slsa-framework/events{/privacy}", - "followers_url": "https://api.github.com/users/slsa-framework/followers", - "following_url": "https://api.github.com/users/slsa-framework/following{/other_user}", - "gists_url": "https://api.github.com/users/slsa-framework/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/slsa-framework", - "id": 80431187, - "login": "slsa-framework", - "name": "slsa-framework", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjgwNDMxMTg3", - "organizations_url": "https://api.github.com/users/slsa-framework/orgs", - "received_events_url": "https://api.github.com/users/slsa-framework/received_events", - "repos_url": "https://api.github.com/users/slsa-framework/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/slsa-framework/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/slsa-framework/subscriptions", - "type": "Organization", - "url": "https://api.github.com/users/slsa-framework" - }, - "private": false, - "pulls_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/pulls{/number}", - "pushed_at": 1711379651, - "releases_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/releases{/id}", - "size": 91684, - "ssh_url": "git@github.com:slsa-framework/slsa-verifier.git", - "stargazers": 198, - "stargazers_count": 198, - "stargazers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/stargazers", - "statuses_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/statuses/{sha}", - "subscribers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscribers", - "subscription_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscription", - "svn_url": "https://github.com/slsa-framework/slsa-verifier", - "tags_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/tags", - "teams_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/teams", - "topics": [], - "trees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/trees{/sha}", - "updated_at": "2024-03-12T15:03:34Z", - "url": "https://github.com/slsa-framework/slsa-verifier", - "visibility": "public", - "watchers": 198, - "watchers_count": 198, - "web_commit_signoff_required": true - }, - "sender": { - "avatar_url": "https://avatars.githubusercontent.com/u/64505099?v=4", - "events_url": "https://api.github.com/users/laurentsimon/events{/privacy}", - "followers_url": "https://api.github.com/users/laurentsimon/followers", - "following_url": "https://api.github.com/users/laurentsimon/following{/other_user}", - "gists_url": "https://api.github.com/users/laurentsimon/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/laurentsimon", - "id": 64505099, - "login": "laurentsimon", - "node_id": "MDQ6VXNlcjY0NTA1MDk5", - "organizations_url": "https://api.github.com/users/laurentsimon/orgs", - "received_events_url": "https://api.github.com/users/laurentsimon/received_events", - "repos_url": "https://api.github.com/users/laurentsimon/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/laurentsimon/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/laurentsimon/subscriptions", - "type": "User", - "url": "https://api.github.com/users/laurentsimon" - } - }, - "github_head_ref": "", - "github_ref": "refs/tags/v2.5.1", - "github_ref_type": "tag", - "github_repository_id": "474162642", - "github_repository_owner": "slsa-framework", - "github_repository_owner_id": "80431187", - "github_run_attempt": "1", - "github_run_id": "8422431506", - "github_run_number": "655", - "github_sha1": "eb7007070baa04976cb9e25a0d8034f8db030a86", - "os": "ubuntu22" - } - }, - "buildConfig": { - "steps": [ - { - "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", - "command": [ - "/opt/hostedtoolcache/go/1.21.8/x64/bin/go", - "mod", - "vendor" - ], - "env": null - }, - { - "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", - "command": [ - "/opt/hostedtoolcache/go/1.21.8/x64/bin/go", - "build", - "-mod=vendor", - "-trimpath", - "-tags=netgo", - "-ldflags=-X sigs.k8s.io/release-utils/version.gitVersion=2.5.1", - "-o", - "slsa-verifier-darwin-amd64" - ], - "env": [ - "GOOS=darwin", - "GOARCH=amd64", - "CGO_ENABLED=0", - "GO111MODULE=on" - ] - } - ], - "version": 1 - }, - "metadata": { - "buildInvocationID": "8422431506-1", - "completeness": { - "parameters": true, - "environment": false, - "materials": false - }, - "reproducible": false - }, - "materials": [ - { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.5.1", - "digest": { - "sha1": "eb7007070baa04976cb9e25a0d8034f8db030a86" - } - }, - { - "uri": "https://github.com/actions/virtual-environments/releases/tag/ubuntu22/20240317.1.0" - } - ] - } - }, - { - "_type": "https://in-toto.io/Statement/v0.1", - "predicateType": "https://slsa.dev/provenance/v0.2", - "subject": [ - { - "name": "slsa-verifier-darwin-arm64", - "digest": { - "sha256": "a4da3c85025f31f8a6de09c8261ec1c0793299fd82bc225c9608b0413083354f" - } - } - ], - "predicate": { - "builder": { - "id": "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@refs/tags/v1.10.0" - }, - "buildType": "https://github.com/slsa-framework/slsa-github-generator/go@v1", - "invocation": { - "configSource": { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.5.1", - "digest": { - "sha1": "eb7007070baa04976cb9e25a0d8034f8db030a86" - }, - "entryPoint": ".github/workflows/release.yml" - }, - "parameters": {}, - "environment": { - "arch": "X64", - "github_actor": "laurentsimon", - "github_actor_id": "64505099", - "github_base_ref": "", - "github_event_name": "push", - "github_event_payload": { - "after": "eb7007070baa04976cb9e25a0d8034f8db030a86", - "base_ref": "refs/heads/main", - "before": "0000000000000000000000000000000000000000", - "commits": [], - "compare": "https://github.com/slsa-framework/slsa-verifier/compare/v2.5.1", - "created": true, - "deleted": false, - "enterprise": { - "avatar_url": "https://avatars.githubusercontent.com/b/102459?v=4", - "created_at": "2023-12-08T05:54:26Z", - "description": "Open Source Security Foundation (OpenSSF)", - "html_url": "https://github.com/enterprises/openssf", - "id": 102459, - "name": "Open Source Security Foundation", - "node_id": "E_kgDOAAGQOw", - "slug": "openssf", - "updated_at": "2024-01-06T00:47:02Z", - "website_url": "https://openssf.org/" - }, - "forced": false, - "head_commit": { - "author": { - "email": "64505099+laurentsimon@users.noreply.github.com", - "name": "laurentsimon", - "username": "laurentsimon" - }, - "committer": { - "email": "noreply@github.com", - "name": "GitHub", - "username": "web-flow" - }, - "distinct": true, - "id": "eb7007070baa04976cb9e25a0d8034f8db030a86", - "message": "feat: Update verifier version in GHA installer (#747)\n\nThis is part of the release tests in\r\nhttps://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md#dry-run\r\nto verify that the Action installer works.\r\n\r\nA follow up PR will be sent prior to release to update to `v2.5.0`\r\n\r\n---------\r\n\r\nSigned-off-by: laurentsimon ", - "timestamp": "2024-03-25T14:54:53Z", - "tree_id": "821166b47987861864888c07fde313b8be8ffc4c", - "url": "https://github.com/slsa-framework/slsa-verifier/commit/eb7007070baa04976cb9e25a0d8034f8db030a86" - }, - "organization": { - "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", - "description": "Supply-chain Levels for Software Artifacts", - "events_url": "https://api.github.com/orgs/slsa-framework/events", - "hooks_url": "https://api.github.com/orgs/slsa-framework/hooks", - "id": 80431187, - "issues_url": "https://api.github.com/orgs/slsa-framework/issues", - "login": "slsa-framework", - "members_url": "https://api.github.com/orgs/slsa-framework/members{/member}", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjgwNDMxMTg3", - "public_members_url": "https://api.github.com/orgs/slsa-framework/public_members{/member}", - "repos_url": "https://api.github.com/orgs/slsa-framework/repos", - "url": "https://api.github.com/orgs/slsa-framework" - }, - "pusher": { - "email": "64505099+laurentsimon@users.noreply.github.com", - "name": "laurentsimon" - }, - "ref": "refs/tags/v2.5.1", - "repository": { - "allow_forking": true, - "archive_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/{archive_format}{/ref}", - "archived": false, - "assignees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/assignees{/user}", - "blobs_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/blobs{/sha}", - "branches_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/branches{/branch}", - "clone_url": "https://github.com/slsa-framework/slsa-verifier.git", - "collaborators_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/collaborators{/collaborator}", - "comments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/comments{/number}", - "commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/commits{/sha}", - "compare_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/compare/{base}...{head}", - "contents_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contents/{+path}", - "contributors_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contributors", - "created_at": 1648242107, - "custom_properties": {}, - "default_branch": "main", - "deployments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/deployments", - "description": "Verify provenance from SLSA compliant builders", - "disabled": false, - "downloads_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/downloads", - "events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/events", - "fork": false, - "forks": 40, - "forks_count": 40, - "forks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/forks", - "full_name": "slsa-framework/slsa-verifier", - "git_commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/commits{/sha}", - "git_refs_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/refs{/sha}", - "git_tags_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/tags{/sha}", - "git_url": "git://github.com/slsa-framework/slsa-verifier.git", - "has_discussions": false, - "has_downloads": true, - "has_issues": true, - "has_pages": false, - "has_projects": true, - "has_wiki": true, - "homepage": "", - "hooks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/hooks", - "html_url": "https://github.com/slsa-framework/slsa-verifier", - "id": 474162642, - "is_template": false, - "issue_comment_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues/comments{/number}", - "issue_events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues/events{/number}", - "issues_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues{/number}", - "keys_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/keys{/key_id}", - "labels_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/labels{/name}", - "language": "Go", - "languages_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/languages", - "license": { - "key": "apache-2.0", - "name": "Apache License 2.0", - "node_id": "MDc6TGljZW5zZTI=", - "spdx_id": "Apache-2.0", - "url": "https://api.github.com/licenses/apache-2.0" - }, - "master_branch": "main", - "merges_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/merges", - "milestones_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/milestones{/number}", - "mirror_url": null, - "name": "slsa-verifier", - "node_id": "R_kgDOHEMl0g", - "notifications_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/notifications{?since,all,participating}", - "open_issues": 129, - "open_issues_count": 129, - "organization": "slsa-framework", - "owner": { - "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", - "email": null, - "events_url": "https://api.github.com/users/slsa-framework/events{/privacy}", - "followers_url": "https://api.github.com/users/slsa-framework/followers", - "following_url": "https://api.github.com/users/slsa-framework/following{/other_user}", - "gists_url": "https://api.github.com/users/slsa-framework/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/slsa-framework", - "id": 80431187, - "login": "slsa-framework", - "name": "slsa-framework", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjgwNDMxMTg3", - "organizations_url": "https://api.github.com/users/slsa-framework/orgs", - "received_events_url": "https://api.github.com/users/slsa-framework/received_events", - "repos_url": "https://api.github.com/users/slsa-framework/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/slsa-framework/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/slsa-framework/subscriptions", - "type": "Organization", - "url": "https://api.github.com/users/slsa-framework" - }, - "private": false, - "pulls_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/pulls{/number}", - "pushed_at": 1711379651, - "releases_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/releases{/id}", - "size": 91684, - "ssh_url": "git@github.com:slsa-framework/slsa-verifier.git", - "stargazers": 198, - "stargazers_count": 198, - "stargazers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/stargazers", - "statuses_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/statuses/{sha}", - "subscribers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscribers", - "subscription_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscription", - "svn_url": "https://github.com/slsa-framework/slsa-verifier", - "tags_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/tags", - "teams_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/teams", - "topics": [], - "trees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/trees{/sha}", - "updated_at": "2024-03-12T15:03:34Z", - "url": "https://github.com/slsa-framework/slsa-verifier", - "visibility": "public", - "watchers": 198, - "watchers_count": 198, - "web_commit_signoff_required": true - }, - "sender": { - "avatar_url": "https://avatars.githubusercontent.com/u/64505099?v=4", - "events_url": "https://api.github.com/users/laurentsimon/events{/privacy}", - "followers_url": "https://api.github.com/users/laurentsimon/followers", - "following_url": "https://api.github.com/users/laurentsimon/following{/other_user}", - "gists_url": "https://api.github.com/users/laurentsimon/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/laurentsimon", - "id": 64505099, - "login": "laurentsimon", - "node_id": "MDQ6VXNlcjY0NTA1MDk5", - "organizations_url": "https://api.github.com/users/laurentsimon/orgs", - "received_events_url": "https://api.github.com/users/laurentsimon/received_events", - "repos_url": "https://api.github.com/users/laurentsimon/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/laurentsimon/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/laurentsimon/subscriptions", - "type": "User", - "url": "https://api.github.com/users/laurentsimon" - } - }, - "github_head_ref": "", - "github_ref": "refs/tags/v2.5.1", - "github_ref_type": "tag", - "github_repository_id": "474162642", - "github_repository_owner": "slsa-framework", - "github_repository_owner_id": "80431187", - "github_run_attempt": "1", - "github_run_id": "8422431506", - "github_run_number": "655", - "github_sha1": "eb7007070baa04976cb9e25a0d8034f8db030a86", - "os": "ubuntu22" - } - }, - "buildConfig": { - "steps": [ - { - "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", - "command": [ - "/opt/hostedtoolcache/go/1.21.8/x64/bin/go", - "mod", - "vendor" - ], - "env": null - }, - { - "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", - "command": [ - "/opt/hostedtoolcache/go/1.21.8/x64/bin/go", - "build", - "-mod=vendor", - "-trimpath", - "-tags=netgo", - "-ldflags=-X sigs.k8s.io/release-utils/version.gitVersion=2.5.1", - "-o", - "slsa-verifier-darwin-arm64" - ], - "env": [ - "GOOS=darwin", - "GOARCH=arm64", - "GO111MODULE=on", - "CGO_ENABLED=0" - ] - } - ], - "version": 1 - }, - "metadata": { - "buildInvocationID": "8422431506-1", - "completeness": { - "parameters": true, - "environment": false, - "materials": false - }, - "reproducible": false - }, - "materials": [ - { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.5.1", - "digest": { - "sha1": "eb7007070baa04976cb9e25a0d8034f8db030a86" - } - }, - { - "uri": "https://github.com/actions/virtual-environments/releases/tag/ubuntu22/20240317.1.0" - } - ] - } - }, - { - "_type": "https://in-toto.io/Statement/v0.1", - "predicateType": "https://slsa.dev/provenance/v0.2", - "subject": [ - { - "name": "slsa-verifier-linux-amd64", - "digest": { - "sha256": "54e4f40bf120bce1cef1ff123fef3456e8c526f315c47e22ed6acfe02a06b9a8" - } - } - ], - "predicate": { - "builder": { - "id": "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@refs/tags/v1.10.0" - }, - "buildType": "https://github.com/slsa-framework/slsa-github-generator/go@v1", - "invocation": { - "configSource": { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.5.1", - "digest": { - "sha1": "eb7007070baa04976cb9e25a0d8034f8db030a86" - }, - "entryPoint": ".github/workflows/release.yml" - }, - "parameters": {}, - "environment": { - "arch": "X64", - "github_actor": "laurentsimon", - "github_actor_id": "64505099", - "github_base_ref": "", - "github_event_name": "push", - "github_event_payload": { - "after": "eb7007070baa04976cb9e25a0d8034f8db030a86", - "base_ref": "refs/heads/main", - "before": "0000000000000000000000000000000000000000", - "commits": [], - "compare": "https://github.com/slsa-framework/slsa-verifier/compare/v2.5.1", - "created": true, - "deleted": false, - "enterprise": { - "avatar_url": "https://avatars.githubusercontent.com/b/102459?v=4", - "created_at": "2023-12-08T05:54:26Z", - "description": "Open Source Security Foundation (OpenSSF)", - "html_url": "https://github.com/enterprises/openssf", - "id": 102459, - "name": "Open Source Security Foundation", - "node_id": "E_kgDOAAGQOw", - "slug": "openssf", - "updated_at": "2024-01-06T00:47:02Z", - "website_url": "https://openssf.org/" - }, - "forced": false, - "head_commit": { - "author": { - "email": "64505099+laurentsimon@users.noreply.github.com", - "name": "laurentsimon", - "username": "laurentsimon" - }, - "committer": { - "email": "noreply@github.com", - "name": "GitHub", - "username": "web-flow" - }, - "distinct": true, - "id": "eb7007070baa04976cb9e25a0d8034f8db030a86", - "message": "feat: Update verifier version in GHA installer (#747)\n\nThis is part of the release tests in\r\nhttps://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md#dry-run\r\nto verify that the Action installer works.\r\n\r\nA follow up PR will be sent prior to release to update to `v2.5.0`\r\n\r\n---------\r\n\r\nSigned-off-by: laurentsimon ", - "timestamp": "2024-03-25T14:54:53Z", - "tree_id": "821166b47987861864888c07fde313b8be8ffc4c", - "url": "https://github.com/slsa-framework/slsa-verifier/commit/eb7007070baa04976cb9e25a0d8034f8db030a86" - }, - "organization": { - "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", - "description": "Supply-chain Levels for Software Artifacts", - "events_url": "https://api.github.com/orgs/slsa-framework/events", - "hooks_url": "https://api.github.com/orgs/slsa-framework/hooks", - "id": 80431187, - "issues_url": "https://api.github.com/orgs/slsa-framework/issues", - "login": "slsa-framework", - "members_url": "https://api.github.com/orgs/slsa-framework/members{/member}", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjgwNDMxMTg3", - "public_members_url": "https://api.github.com/orgs/slsa-framework/public_members{/member}", - "repos_url": "https://api.github.com/orgs/slsa-framework/repos", - "url": "https://api.github.com/orgs/slsa-framework" - }, - "pusher": { - "email": "64505099+laurentsimon@users.noreply.github.com", - "name": "laurentsimon" - }, - "ref": "refs/tags/v2.5.1", - "repository": { - "allow_forking": true, - "archive_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/{archive_format}{/ref}", - "archived": false, - "assignees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/assignees{/user}", - "blobs_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/blobs{/sha}", - "branches_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/branches{/branch}", - "clone_url": "https://github.com/slsa-framework/slsa-verifier.git", - "collaborators_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/collaborators{/collaborator}", - "comments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/comments{/number}", - "commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/commits{/sha}", - "compare_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/compare/{base}...{head}", - "contents_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contents/{+path}", - "contributors_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contributors", - "created_at": 1648242107, - "custom_properties": {}, - "default_branch": "main", - "deployments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/deployments", - "description": "Verify provenance from SLSA compliant builders", - "disabled": false, - "downloads_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/downloads", - "events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/events", - "fork": false, - "forks": 40, - "forks_count": 40, - "forks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/forks", - "full_name": "slsa-framework/slsa-verifier", - "git_commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/commits{/sha}", - "git_refs_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/refs{/sha}", - "git_tags_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/tags{/sha}", - "git_url": "git://github.com/slsa-framework/slsa-verifier.git", - "has_discussions": false, - "has_downloads": true, - "has_issues": true, - "has_pages": false, - "has_projects": true, - "has_wiki": true, - "homepage": "", - "hooks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/hooks", - "html_url": "https://github.com/slsa-framework/slsa-verifier", - "id": 474162642, - "is_template": false, - "issue_comment_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues/comments{/number}", - "issue_events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues/events{/number}", - "issues_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues{/number}", - "keys_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/keys{/key_id}", - "labels_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/labels{/name}", - "language": "Go", - "languages_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/languages", - "license": { - "key": "apache-2.0", - "name": "Apache License 2.0", - "node_id": "MDc6TGljZW5zZTI=", - "spdx_id": "Apache-2.0", - "url": "https://api.github.com/licenses/apache-2.0" - }, - "master_branch": "main", - "merges_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/merges", - "milestones_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/milestones{/number}", - "mirror_url": null, - "name": "slsa-verifier", - "node_id": "R_kgDOHEMl0g", - "notifications_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/notifications{?since,all,participating}", - "open_issues": 129, - "open_issues_count": 129, - "organization": "slsa-framework", - "owner": { - "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", - "email": null, - "events_url": "https://api.github.com/users/slsa-framework/events{/privacy}", - "followers_url": "https://api.github.com/users/slsa-framework/followers", - "following_url": "https://api.github.com/users/slsa-framework/following{/other_user}", - "gists_url": "https://api.github.com/users/slsa-framework/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/slsa-framework", - "id": 80431187, - "login": "slsa-framework", - "name": "slsa-framework", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjgwNDMxMTg3", - "organizations_url": "https://api.github.com/users/slsa-framework/orgs", - "received_events_url": "https://api.github.com/users/slsa-framework/received_events", - "repos_url": "https://api.github.com/users/slsa-framework/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/slsa-framework/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/slsa-framework/subscriptions", - "type": "Organization", - "url": "https://api.github.com/users/slsa-framework" - }, - "private": false, - "pulls_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/pulls{/number}", - "pushed_at": 1711379651, - "releases_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/releases{/id}", - "size": 91684, - "ssh_url": "git@github.com:slsa-framework/slsa-verifier.git", - "stargazers": 198, - "stargazers_count": 198, - "stargazers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/stargazers", - "statuses_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/statuses/{sha}", - "subscribers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscribers", - "subscription_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscription", - "svn_url": "https://github.com/slsa-framework/slsa-verifier", - "tags_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/tags", - "teams_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/teams", - "topics": [], - "trees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/trees{/sha}", - "updated_at": "2024-03-12T15:03:34Z", - "url": "https://github.com/slsa-framework/slsa-verifier", - "visibility": "public", - "watchers": 198, - "watchers_count": 198, - "web_commit_signoff_required": true - }, - "sender": { - "avatar_url": "https://avatars.githubusercontent.com/u/64505099?v=4", - "events_url": "https://api.github.com/users/laurentsimon/events{/privacy}", - "followers_url": "https://api.github.com/users/laurentsimon/followers", - "following_url": "https://api.github.com/users/laurentsimon/following{/other_user}", - "gists_url": "https://api.github.com/users/laurentsimon/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/laurentsimon", - "id": 64505099, - "login": "laurentsimon", - "node_id": "MDQ6VXNlcjY0NTA1MDk5", - "organizations_url": "https://api.github.com/users/laurentsimon/orgs", - "received_events_url": "https://api.github.com/users/laurentsimon/received_events", - "repos_url": "https://api.github.com/users/laurentsimon/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/laurentsimon/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/laurentsimon/subscriptions", - "type": "User", - "url": "https://api.github.com/users/laurentsimon" - } - }, - "github_head_ref": "", - "github_ref": "refs/tags/v2.5.1", - "github_ref_type": "tag", - "github_repository_id": "474162642", - "github_repository_owner": "slsa-framework", - "github_repository_owner_id": "80431187", - "github_run_attempt": "1", - "github_run_id": "8422431506", - "github_run_number": "655", - "github_sha1": "eb7007070baa04976cb9e25a0d8034f8db030a86", - "os": "ubuntu22" - } - }, - "buildConfig": { - "steps": [ - { - "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", - "command": [ - "/opt/hostedtoolcache/go/1.21.8/x64/bin/go", - "mod", - "vendor" - ], - "env": null - }, - { - "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", - "command": [ - "/opt/hostedtoolcache/go/1.21.8/x64/bin/go", - "build", - "-mod=vendor", - "-trimpath", - "-tags=netgo", - "-ldflags=-X sigs.k8s.io/release-utils/version.gitVersion=2.5.1", - "-o", - "slsa-verifier-linux-amd64" - ], - "env": [ - "GOOS=linux", - "GOARCH=amd64", - "GO111MODULE=on", - "CGO_ENABLED=0" - ] - } - ], - "version": 1 - }, - "metadata": { - "buildInvocationID": "8422431506-1", - "completeness": { - "parameters": true, - "environment": false, - "materials": false - }, - "reproducible": false - }, - "materials": [ - { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.5.1", - "digest": { - "sha1": "eb7007070baa04976cb9e25a0d8034f8db030a86" - } - }, - { - "uri": "https://github.com/actions/virtual-environments/releases/tag/ubuntu22/20240317.1.0" - } - ] - } - }, - { - "_type": "https://in-toto.io/Statement/v0.1", - "predicateType": "https://slsa.dev/provenance/v0.2", - "subject": [ - { - "name": "slsa-verifier-linux-arm64", - "digest": { - "sha256": "5dd8a396c285c4d0d66dcb4eff82c12cd388049106aacd4f2552546f85100064" - } - } - ], - "predicate": { - "builder": { - "id": "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@refs/tags/v1.10.0" - }, - "buildType": "https://github.com/slsa-framework/slsa-github-generator/go@v1", - "invocation": { - "configSource": { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.5.1", - "digest": { - "sha1": "eb7007070baa04976cb9e25a0d8034f8db030a86" - }, - "entryPoint": ".github/workflows/release.yml" - }, - "parameters": {}, - "environment": { - "arch": "X64", - "github_actor": "laurentsimon", - "github_actor_id": "64505099", - "github_base_ref": "", - "github_event_name": "push", - "github_event_payload": { - "after": "eb7007070baa04976cb9e25a0d8034f8db030a86", - "base_ref": "refs/heads/main", - "before": "0000000000000000000000000000000000000000", - "commits": [], - "compare": "https://github.com/slsa-framework/slsa-verifier/compare/v2.5.1", - "created": true, - "deleted": false, - "enterprise": { - "avatar_url": "https://avatars.githubusercontent.com/b/102459?v=4", - "created_at": "2023-12-08T05:54:26Z", - "description": "Open Source Security Foundation (OpenSSF)", - "html_url": "https://github.com/enterprises/openssf", - "id": 102459, - "name": "Open Source Security Foundation", - "node_id": "E_kgDOAAGQOw", - "slug": "openssf", - "updated_at": "2024-01-06T00:47:02Z", - "website_url": "https://openssf.org/" - }, - "forced": false, - "head_commit": { - "author": { - "email": "64505099+laurentsimon@users.noreply.github.com", - "name": "laurentsimon", - "username": "laurentsimon" - }, - "committer": { - "email": "noreply@github.com", - "name": "GitHub", - "username": "web-flow" - }, - "distinct": true, - "id": "eb7007070baa04976cb9e25a0d8034f8db030a86", - "message": "feat: Update verifier version in GHA installer (#747)\n\nThis is part of the release tests in\r\nhttps://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md#dry-run\r\nto verify that the Action installer works.\r\n\r\nA follow up PR will be sent prior to release to update to `v2.5.0`\r\n\r\n---------\r\n\r\nSigned-off-by: laurentsimon ", - "timestamp": "2024-03-25T14:54:53Z", - "tree_id": "821166b47987861864888c07fde313b8be8ffc4c", - "url": "https://github.com/slsa-framework/slsa-verifier/commit/eb7007070baa04976cb9e25a0d8034f8db030a86" - }, - "organization": { - "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", - "description": "Supply-chain Levels for Software Artifacts", - "events_url": "https://api.github.com/orgs/slsa-framework/events", - "hooks_url": "https://api.github.com/orgs/slsa-framework/hooks", - "id": 80431187, - "issues_url": "https://api.github.com/orgs/slsa-framework/issues", - "login": "slsa-framework", - "members_url": "https://api.github.com/orgs/slsa-framework/members{/member}", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjgwNDMxMTg3", - "public_members_url": "https://api.github.com/orgs/slsa-framework/public_members{/member}", - "repos_url": "https://api.github.com/orgs/slsa-framework/repos", - "url": "https://api.github.com/orgs/slsa-framework" - }, - "pusher": { - "email": "64505099+laurentsimon@users.noreply.github.com", - "name": "laurentsimon" - }, - "ref": "refs/tags/v2.5.1", - "repository": { - "allow_forking": true, - "archive_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/{archive_format}{/ref}", - "archived": false, - "assignees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/assignees{/user}", - "blobs_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/blobs{/sha}", - "branches_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/branches{/branch}", - "clone_url": "https://github.com/slsa-framework/slsa-verifier.git", - "collaborators_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/collaborators{/collaborator}", - "comments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/comments{/number}", - "commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/commits{/sha}", - "compare_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/compare/{base}...{head}", - "contents_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contents/{+path}", - "contributors_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contributors", - "created_at": 1648242107, - "custom_properties": {}, - "default_branch": "main", - "deployments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/deployments", - "description": "Verify provenance from SLSA compliant builders", - "disabled": false, - "downloads_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/downloads", - "events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/events", - "fork": false, - "forks": 40, - "forks_count": 40, - "forks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/forks", - "full_name": "slsa-framework/slsa-verifier", - "git_commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/commits{/sha}", - "git_refs_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/refs{/sha}", - "git_tags_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/tags{/sha}", - "git_url": "git://github.com/slsa-framework/slsa-verifier.git", - "has_discussions": false, - "has_downloads": true, - "has_issues": true, - "has_pages": false, - "has_projects": true, - "has_wiki": true, - "homepage": "", - "hooks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/hooks", - "html_url": "https://github.com/slsa-framework/slsa-verifier", - "id": 474162642, - "is_template": false, - "issue_comment_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues/comments{/number}", - "issue_events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues/events{/number}", - "issues_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues{/number}", - "keys_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/keys{/key_id}", - "labels_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/labels{/name}", - "language": "Go", - "languages_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/languages", - "license": { - "key": "apache-2.0", - "name": "Apache License 2.0", - "node_id": "MDc6TGljZW5zZTI=", - "spdx_id": "Apache-2.0", - "url": "https://api.github.com/licenses/apache-2.0" - }, - "master_branch": "main", - "merges_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/merges", - "milestones_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/milestones{/number}", - "mirror_url": null, - "name": "slsa-verifier", - "node_id": "R_kgDOHEMl0g", - "notifications_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/notifications{?since,all,participating}", - "open_issues": 129, - "open_issues_count": 129, - "organization": "slsa-framework", - "owner": { - "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", - "email": null, - "events_url": "https://api.github.com/users/slsa-framework/events{/privacy}", - "followers_url": "https://api.github.com/users/slsa-framework/followers", - "following_url": "https://api.github.com/users/slsa-framework/following{/other_user}", - "gists_url": "https://api.github.com/users/slsa-framework/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/slsa-framework", - "id": 80431187, - "login": "slsa-framework", - "name": "slsa-framework", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjgwNDMxMTg3", - "organizations_url": "https://api.github.com/users/slsa-framework/orgs", - "received_events_url": "https://api.github.com/users/slsa-framework/received_events", - "repos_url": "https://api.github.com/users/slsa-framework/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/slsa-framework/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/slsa-framework/subscriptions", - "type": "Organization", - "url": "https://api.github.com/users/slsa-framework" - }, - "private": false, - "pulls_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/pulls{/number}", - "pushed_at": 1711379651, - "releases_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/releases{/id}", - "size": 91684, - "ssh_url": "git@github.com:slsa-framework/slsa-verifier.git", - "stargazers": 198, - "stargazers_count": 198, - "stargazers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/stargazers", - "statuses_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/statuses/{sha}", - "subscribers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscribers", - "subscription_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscription", - "svn_url": "https://github.com/slsa-framework/slsa-verifier", - "tags_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/tags", - "teams_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/teams", - "topics": [], - "trees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/trees{/sha}", - "updated_at": "2024-03-12T15:03:34Z", - "url": "https://github.com/slsa-framework/slsa-verifier", - "visibility": "public", - "watchers": 198, - "watchers_count": 198, - "web_commit_signoff_required": true - }, - "sender": { - "avatar_url": "https://avatars.githubusercontent.com/u/64505099?v=4", - "events_url": "https://api.github.com/users/laurentsimon/events{/privacy}", - "followers_url": "https://api.github.com/users/laurentsimon/followers", - "following_url": "https://api.github.com/users/laurentsimon/following{/other_user}", - "gists_url": "https://api.github.com/users/laurentsimon/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/laurentsimon", - "id": 64505099, - "login": "laurentsimon", - "node_id": "MDQ6VXNlcjY0NTA1MDk5", - "organizations_url": "https://api.github.com/users/laurentsimon/orgs", - "received_events_url": "https://api.github.com/users/laurentsimon/received_events", - "repos_url": "https://api.github.com/users/laurentsimon/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/laurentsimon/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/laurentsimon/subscriptions", - "type": "User", - "url": "https://api.github.com/users/laurentsimon" - } - }, - "github_head_ref": "", - "github_ref": "refs/tags/v2.5.1", - "github_ref_type": "tag", - "github_repository_id": "474162642", - "github_repository_owner": "slsa-framework", - "github_repository_owner_id": "80431187", - "github_run_attempt": "1", - "github_run_id": "8422431506", - "github_run_number": "655", - "github_sha1": "eb7007070baa04976cb9e25a0d8034f8db030a86", - "os": "ubuntu22" - } - }, - "buildConfig": { - "steps": [ - { - "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", - "command": [ - "/opt/hostedtoolcache/go/1.21.8/x64/bin/go", - "mod", - "vendor" - ], - "env": null - }, - { - "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", - "command": [ - "/opt/hostedtoolcache/go/1.21.8/x64/bin/go", - "build", - "-mod=vendor", - "-trimpath", - "-tags=netgo", - "-ldflags=-X sigs.k8s.io/release-utils/version.gitVersion=2.5.1", - "-o", - "slsa-verifier-linux-arm64" - ], - "env": [ - "GOOS=linux", - "GOARCH=arm64", - "GO111MODULE=on", - "CGO_ENABLED=0" - ] - } - ], - "version": 1 - }, - "metadata": { - "buildInvocationID": "8422431506-1", - "completeness": { - "parameters": true, - "environment": false, - "materials": false - }, - "reproducible": false - }, - "materials": [ - { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.5.1", - "digest": { - "sha1": "eb7007070baa04976cb9e25a0d8034f8db030a86" - } - }, - { - "uri": "https://github.com/actions/virtual-environments/releases/tag/ubuntu22/20240317.1.0" - } - ] - } - }, - { - "_type": "https://in-toto.io/Statement/v0.1", - "predicateType": "https://slsa.dev/provenance/v0.2", - "subject": [ - { - "name": "slsa-verifier-windows-amd64.exe", - "digest": { - "sha256": "e635c8f27d9a485cae3c9846550511fef78ed2b57902ef62ad49d37e1df22e98" - } - } - ], - "predicate": { - "builder": { - "id": "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@refs/tags/v1.10.0" - }, - "buildType": "https://github.com/slsa-framework/slsa-github-generator/go@v1", - "invocation": { - "configSource": { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.5.1", - "digest": { - "sha1": "eb7007070baa04976cb9e25a0d8034f8db030a86" - }, - "entryPoint": ".github/workflows/release.yml" - }, - "parameters": {}, - "environment": { - "arch": "X64", - "github_actor": "laurentsimon", - "github_actor_id": "64505099", - "github_base_ref": "", - "github_event_name": "push", - "github_event_payload": { - "after": "eb7007070baa04976cb9e25a0d8034f8db030a86", - "base_ref": "refs/heads/main", - "before": "0000000000000000000000000000000000000000", - "commits": [], - "compare": "https://github.com/slsa-framework/slsa-verifier/compare/v2.5.1", - "created": true, - "deleted": false, - "enterprise": { - "avatar_url": "https://avatars.githubusercontent.com/b/102459?v=4", - "created_at": "2023-12-08T05:54:26Z", - "description": "Open Source Security Foundation (OpenSSF)", - "html_url": "https://github.com/enterprises/openssf", - "id": 102459, - "name": "Open Source Security Foundation", - "node_id": "E_kgDOAAGQOw", - "slug": "openssf", - "updated_at": "2024-01-06T00:47:02Z", - "website_url": "https://openssf.org/" - }, - "forced": false, - "head_commit": { - "author": { - "email": "64505099+laurentsimon@users.noreply.github.com", - "name": "laurentsimon", - "username": "laurentsimon" - }, - "committer": { - "email": "noreply@github.com", - "name": "GitHub", - "username": "web-flow" - }, - "distinct": true, - "id": "eb7007070baa04976cb9e25a0d8034f8db030a86", - "message": "feat: Update verifier version in GHA installer (#747)\n\nThis is part of the release tests in\r\nhttps://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md#dry-run\r\nto verify that the Action installer works.\r\n\r\nA follow up PR will be sent prior to release to update to `v2.5.0`\r\n\r\n---------\r\n\r\nSigned-off-by: laurentsimon ", - "timestamp": "2024-03-25T14:54:53Z", - "tree_id": "821166b47987861864888c07fde313b8be8ffc4c", - "url": "https://github.com/slsa-framework/slsa-verifier/commit/eb7007070baa04976cb9e25a0d8034f8db030a86" - }, - "organization": { - "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", - "description": "Supply-chain Levels for Software Artifacts", - "events_url": "https://api.github.com/orgs/slsa-framework/events", - "hooks_url": "https://api.github.com/orgs/slsa-framework/hooks", - "id": 80431187, - "issues_url": "https://api.github.com/orgs/slsa-framework/issues", - "login": "slsa-framework", - "members_url": "https://api.github.com/orgs/slsa-framework/members{/member}", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjgwNDMxMTg3", - "public_members_url": "https://api.github.com/orgs/slsa-framework/public_members{/member}", - "repos_url": "https://api.github.com/orgs/slsa-framework/repos", - "url": "https://api.github.com/orgs/slsa-framework" - }, - "pusher": { - "email": "64505099+laurentsimon@users.noreply.github.com", - "name": "laurentsimon" - }, - "ref": "refs/tags/v2.5.1", - "repository": { - "allow_forking": true, - "archive_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/{archive_format}{/ref}", - "archived": false, - "assignees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/assignees{/user}", - "blobs_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/blobs{/sha}", - "branches_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/branches{/branch}", - "clone_url": "https://github.com/slsa-framework/slsa-verifier.git", - "collaborators_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/collaborators{/collaborator}", - "comments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/comments{/number}", - "commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/commits{/sha}", - "compare_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/compare/{base}...{head}", - "contents_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contents/{+path}", - "contributors_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contributors", - "created_at": 1648242107, - "custom_properties": {}, - "default_branch": "main", - "deployments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/deployments", - "description": "Verify provenance from SLSA compliant builders", - "disabled": false, - "downloads_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/downloads", - "events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/events", - "fork": false, - "forks": 40, - "forks_count": 40, - "forks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/forks", - "full_name": "slsa-framework/slsa-verifier", - "git_commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/commits{/sha}", - "git_refs_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/refs{/sha}", - "git_tags_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/tags{/sha}", - "git_url": "git://github.com/slsa-framework/slsa-verifier.git", - "has_discussions": false, - "has_downloads": true, - "has_issues": true, - "has_pages": false, - "has_projects": true, - "has_wiki": true, - "homepage": "", - "hooks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/hooks", - "html_url": "https://github.com/slsa-framework/slsa-verifier", - "id": 474162642, - "is_template": false, - "issue_comment_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues/comments{/number}", - "issue_events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues/events{/number}", - "issues_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues{/number}", - "keys_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/keys{/key_id}", - "labels_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/labels{/name}", - "language": "Go", - "languages_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/languages", - "license": { - "key": "apache-2.0", - "name": "Apache License 2.0", - "node_id": "MDc6TGljZW5zZTI=", - "spdx_id": "Apache-2.0", - "url": "https://api.github.com/licenses/apache-2.0" - }, - "master_branch": "main", - "merges_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/merges", - "milestones_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/milestones{/number}", - "mirror_url": null, - "name": "slsa-verifier", - "node_id": "R_kgDOHEMl0g", - "notifications_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/notifications{?since,all,participating}", - "open_issues": 129, - "open_issues_count": 129, - "organization": "slsa-framework", - "owner": { - "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", - "email": null, - "events_url": "https://api.github.com/users/slsa-framework/events{/privacy}", - "followers_url": "https://api.github.com/users/slsa-framework/followers", - "following_url": "https://api.github.com/users/slsa-framework/following{/other_user}", - "gists_url": "https://api.github.com/users/slsa-framework/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/slsa-framework", - "id": 80431187, - "login": "slsa-framework", - "name": "slsa-framework", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjgwNDMxMTg3", - "organizations_url": "https://api.github.com/users/slsa-framework/orgs", - "received_events_url": "https://api.github.com/users/slsa-framework/received_events", - "repos_url": "https://api.github.com/users/slsa-framework/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/slsa-framework/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/slsa-framework/subscriptions", - "type": "Organization", - "url": "https://api.github.com/users/slsa-framework" - }, - "private": false, - "pulls_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/pulls{/number}", - "pushed_at": 1711379651, - "releases_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/releases{/id}", - "size": 91684, - "ssh_url": "git@github.com:slsa-framework/slsa-verifier.git", - "stargazers": 198, - "stargazers_count": 198, - "stargazers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/stargazers", - "statuses_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/statuses/{sha}", - "subscribers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscribers", - "subscription_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscription", - "svn_url": "https://github.com/slsa-framework/slsa-verifier", - "tags_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/tags", - "teams_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/teams", - "topics": [], - "trees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/trees{/sha}", - "updated_at": "2024-03-12T15:03:34Z", - "url": "https://github.com/slsa-framework/slsa-verifier", - "visibility": "public", - "watchers": 198, - "watchers_count": 198, - "web_commit_signoff_required": true - }, - "sender": { - "avatar_url": "https://avatars.githubusercontent.com/u/64505099?v=4", - "events_url": "https://api.github.com/users/laurentsimon/events{/privacy}", - "followers_url": "https://api.github.com/users/laurentsimon/followers", - "following_url": "https://api.github.com/users/laurentsimon/following{/other_user}", - "gists_url": "https://api.github.com/users/laurentsimon/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/laurentsimon", - "id": 64505099, - "login": "laurentsimon", - "node_id": "MDQ6VXNlcjY0NTA1MDk5", - "organizations_url": "https://api.github.com/users/laurentsimon/orgs", - "received_events_url": "https://api.github.com/users/laurentsimon/received_events", - "repos_url": "https://api.github.com/users/laurentsimon/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/laurentsimon/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/laurentsimon/subscriptions", - "type": "User", - "url": "https://api.github.com/users/laurentsimon" - } - }, - "github_head_ref": "", - "github_ref": "refs/tags/v2.5.1", - "github_ref_type": "tag", - "github_repository_id": "474162642", - "github_repository_owner": "slsa-framework", - "github_repository_owner_id": "80431187", - "github_run_attempt": "1", - "github_run_id": "8422431506", - "github_run_number": "655", - "github_sha1": "eb7007070baa04976cb9e25a0d8034f8db030a86", - "os": "ubuntu22" - } - }, - "buildConfig": { - "steps": [ - { - "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", - "command": [ - "/opt/hostedtoolcache/go/1.21.8/x64/bin/go", - "mod", - "vendor" - ], - "env": null - }, - { - "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", - "command": [ - "/opt/hostedtoolcache/go/1.21.8/x64/bin/go", - "build", - "-mod=vendor", - "-trimpath", - "-tags=netgo", - "-ldflags=-X sigs.k8s.io/release-utils/version.gitVersion=2.5.1", - "-o", - "slsa-verifier-windows-amd64.exe" - ], - "env": [ - "GOOS=windows", - "GOARCH=amd64", - "GO111MODULE=on", - "CGO_ENABLED=0" - ] - } - ], - "version": 1 - }, - "metadata": { - "buildInvocationID": "8422431506-1", - "completeness": { - "parameters": true, - "environment": false, - "materials": false - }, - "reproducible": false - }, - "materials": [ - { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.5.1", - "digest": { - "sha1": "eb7007070baa04976cb9e25a0d8034f8db030a86" - } - }, - { - "uri": "https://github.com/actions/virtual-environments/releases/tag/ubuntu22/20240317.1.0" - } - ] - } - }, - { - "_type": "https://in-toto.io/Statement/v0.1", - "predicateType": "https://slsa.dev/provenance/v0.2", - "subject": [ - { - "name": "slsa-verifier-windows-arm64.exe", - "digest": { - "sha256": "9b08bc2ba25a84e06ecfeecdcabc7e8339da15d272cfd647aa7e3f7f09cb55d5" - } - } - ], - "predicate": { - "builder": { - "id": "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@refs/tags/v1.10.0" - }, - "buildType": "https://github.com/slsa-framework/slsa-github-generator/go@v1", - "invocation": { - "configSource": { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.5.1", - "digest": { - "sha1": "eb7007070baa04976cb9e25a0d8034f8db030a86" - }, - "entryPoint": ".github/workflows/release.yml" - }, - "parameters": {}, - "environment": { - "arch": "X64", - "github_actor": "laurentsimon", - "github_actor_id": "64505099", - "github_base_ref": "", - "github_event_name": "push", - "github_event_payload": { - "after": "eb7007070baa04976cb9e25a0d8034f8db030a86", - "base_ref": "refs/heads/main", - "before": "0000000000000000000000000000000000000000", - "commits": [], - "compare": "https://github.com/slsa-framework/slsa-verifier/compare/v2.5.1", - "created": true, - "deleted": false, - "enterprise": { - "avatar_url": "https://avatars.githubusercontent.com/b/102459?v=4", - "created_at": "2023-12-08T05:54:26Z", - "description": "Open Source Security Foundation (OpenSSF)", - "html_url": "https://github.com/enterprises/openssf", - "id": 102459, - "name": "Open Source Security Foundation", - "node_id": "E_kgDOAAGQOw", - "slug": "openssf", - "updated_at": "2024-01-06T00:47:02Z", - "website_url": "https://openssf.org/" - }, - "forced": false, - "head_commit": { - "author": { - "email": "64505099+laurentsimon@users.noreply.github.com", - "name": "laurentsimon", - "username": "laurentsimon" - }, - "committer": { - "email": "noreply@github.com", - "name": "GitHub", - "username": "web-flow" - }, - "distinct": true, - "id": "eb7007070baa04976cb9e25a0d8034f8db030a86", - "message": "feat: Update verifier version in GHA installer (#747)\n\nThis is part of the release tests in\r\nhttps://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md#dry-run\r\nto verify that the Action installer works.\r\n\r\nA follow up PR will be sent prior to release to update to `v2.5.0`\r\n\r\n---------\r\n\r\nSigned-off-by: laurentsimon ", - "timestamp": "2024-03-25T14:54:53Z", - "tree_id": "821166b47987861864888c07fde313b8be8ffc4c", - "url": "https://github.com/slsa-framework/slsa-verifier/commit/eb7007070baa04976cb9e25a0d8034f8db030a86" - }, - "organization": { - "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", - "description": "Supply-chain Levels for Software Artifacts", - "events_url": "https://api.github.com/orgs/slsa-framework/events", - "hooks_url": "https://api.github.com/orgs/slsa-framework/hooks", - "id": 80431187, - "issues_url": "https://api.github.com/orgs/slsa-framework/issues", - "login": "slsa-framework", - "members_url": "https://api.github.com/orgs/slsa-framework/members{/member}", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjgwNDMxMTg3", - "public_members_url": "https://api.github.com/orgs/slsa-framework/public_members{/member}", - "repos_url": "https://api.github.com/orgs/slsa-framework/repos", - "url": "https://api.github.com/orgs/slsa-framework" - }, - "pusher": { - "email": "64505099+laurentsimon@users.noreply.github.com", - "name": "laurentsimon" - }, - "ref": "refs/tags/v2.5.1", - "repository": { - "allow_forking": true, - "archive_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/{archive_format}{/ref}", - "archived": false, - "assignees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/assignees{/user}", - "blobs_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/blobs{/sha}", - "branches_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/branches{/branch}", - "clone_url": "https://github.com/slsa-framework/slsa-verifier.git", - "collaborators_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/collaborators{/collaborator}", - "comments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/comments{/number}", - "commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/commits{/sha}", - "compare_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/compare/{base}...{head}", - "contents_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contents/{+path}", - "contributors_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contributors", - "created_at": 1648242107, - "custom_properties": {}, - "default_branch": "main", - "deployments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/deployments", - "description": "Verify provenance from SLSA compliant builders", - "disabled": false, - "downloads_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/downloads", - "events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/events", - "fork": false, - "forks": 40, - "forks_count": 40, - "forks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/forks", - "full_name": "slsa-framework/slsa-verifier", - "git_commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/commits{/sha}", - "git_refs_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/refs{/sha}", - "git_tags_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/tags{/sha}", - "git_url": "git://github.com/slsa-framework/slsa-verifier.git", - "has_discussions": false, - "has_downloads": true, - "has_issues": true, - "has_pages": false, - "has_projects": true, - "has_wiki": true, - "homepage": "", - "hooks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/hooks", - "html_url": "https://github.com/slsa-framework/slsa-verifier", - "id": 474162642, - "is_template": false, - "issue_comment_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues/comments{/number}", - "issue_events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues/events{/number}", - "issues_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues{/number}", - "keys_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/keys{/key_id}", - "labels_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/labels{/name}", - "language": "Go", - "languages_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/languages", - "license": { - "key": "apache-2.0", - "name": "Apache License 2.0", - "node_id": "MDc6TGljZW5zZTI=", - "spdx_id": "Apache-2.0", - "url": "https://api.github.com/licenses/apache-2.0" - }, - "master_branch": "main", - "merges_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/merges", - "milestones_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/milestones{/number}", - "mirror_url": null, - "name": "slsa-verifier", - "node_id": "R_kgDOHEMl0g", - "notifications_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/notifications{?since,all,participating}", - "open_issues": 129, - "open_issues_count": 129, - "organization": "slsa-framework", - "owner": { - "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", - "email": null, - "events_url": "https://api.github.com/users/slsa-framework/events{/privacy}", - "followers_url": "https://api.github.com/users/slsa-framework/followers", - "following_url": "https://api.github.com/users/slsa-framework/following{/other_user}", - "gists_url": "https://api.github.com/users/slsa-framework/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/slsa-framework", - "id": 80431187, - "login": "slsa-framework", - "name": "slsa-framework", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjgwNDMxMTg3", - "organizations_url": "https://api.github.com/users/slsa-framework/orgs", - "received_events_url": "https://api.github.com/users/slsa-framework/received_events", - "repos_url": "https://api.github.com/users/slsa-framework/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/slsa-framework/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/slsa-framework/subscriptions", - "type": "Organization", - "url": "https://api.github.com/users/slsa-framework" - }, - "private": false, - "pulls_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/pulls{/number}", - "pushed_at": 1711379651, - "releases_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/releases{/id}", - "size": 91684, - "ssh_url": "git@github.com:slsa-framework/slsa-verifier.git", - "stargazers": 198, - "stargazers_count": 198, - "stargazers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/stargazers", - "statuses_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/statuses/{sha}", - "subscribers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscribers", - "subscription_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscription", - "svn_url": "https://github.com/slsa-framework/slsa-verifier", - "tags_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/tags", - "teams_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/teams", - "topics": [], - "trees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/trees{/sha}", - "updated_at": "2024-03-12T15:03:34Z", - "url": "https://github.com/slsa-framework/slsa-verifier", - "visibility": "public", - "watchers": 198, - "watchers_count": 198, - "web_commit_signoff_required": true - }, - "sender": { - "avatar_url": "https://avatars.githubusercontent.com/u/64505099?v=4", - "events_url": "https://api.github.com/users/laurentsimon/events{/privacy}", - "followers_url": "https://api.github.com/users/laurentsimon/followers", - "following_url": "https://api.github.com/users/laurentsimon/following{/other_user}", - "gists_url": "https://api.github.com/users/laurentsimon/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/laurentsimon", - "id": 64505099, - "login": "laurentsimon", - "node_id": "MDQ6VXNlcjY0NTA1MDk5", - "organizations_url": "https://api.github.com/users/laurentsimon/orgs", - "received_events_url": "https://api.github.com/users/laurentsimon/received_events", - "repos_url": "https://api.github.com/users/laurentsimon/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/laurentsimon/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/laurentsimon/subscriptions", - "type": "User", - "url": "https://api.github.com/users/laurentsimon" - } - }, - "github_head_ref": "", - "github_ref": "refs/tags/v2.5.1", - "github_ref_type": "tag", - "github_repository_id": "474162642", - "github_repository_owner": "slsa-framework", - "github_repository_owner_id": "80431187", - "github_run_attempt": "1", - "github_run_id": "8422431506", - "github_run_number": "655", - "github_sha1": "eb7007070baa04976cb9e25a0d8034f8db030a86", - "os": "ubuntu22" - } - }, - "buildConfig": { - "steps": [ - { - "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", - "command": [ - "/opt/hostedtoolcache/go/1.21.8/x64/bin/go", - "mod", - "vendor" - ], - "env": null - }, - { - "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", - "command": [ - "/opt/hostedtoolcache/go/1.21.8/x64/bin/go", - "build", - "-mod=vendor", - "-trimpath", - "-tags=netgo", - "-ldflags=-X sigs.k8s.io/release-utils/version.gitVersion=2.5.1", - "-o", - "slsa-verifier-windows-arm64.exe" - ], - "env": [ - "GOOS=windows", - "GOARCH=arm64", - "GO111MODULE=on", - "CGO_ENABLED=0" - ] - } - ], - "version": 1 - }, - "metadata": { - "buildInvocationID": "8422431506-1", - "completeness": { - "parameters": true, - "environment": false, - "materials": false - }, - "reproducible": false - }, - "materials": [ - { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.5.1", - "digest": { - "sha1": "eb7007070baa04976cb9e25a0d8034f8db030a86" - } - }, - { - "uri": "https://github.com/actions/virtual-environments/releases/tag/ubuntu22/20240317.1.0" - } - ] - } - } - ], - "npm Registry": [] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 4, - "PASSED": 7, - "SKIPPED": 0, - "UNKNOWN": 0 - }, - "results": [ - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "build_tool_name: go", - "ci_service_name: github_actions", - "language: BuildLanguage.GO", - "build_tool_command: [\"go\", \"build\", \"-mod=vendor\", \"-o\", \"service\", \"./cli/experimental/service/\"]", - { - "build_trigger": "https://github.com/slsa-framework/slsa-verifier/blob/fc50b662fcfeeeb0e97243554b47d9b20b14efac/.github/workflows/pre-submit.cli.yml" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "asset_name: slsa-verifier-darwin-amd64.intoto.jsonl", - { - "asset_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/releases/assets/158521660" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - { - "asset_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/releases/assets/158521660" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "build_tool_name: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.2.0", - "ci_service_name: github_actions", - { - "build_trigger": "https://github.com/slsa-framework/slsa-verifier/blob/fc50b662fcfeeeb0e97243554b47d9b20b14efac/.github/workflows/release.yml" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "git_repo": "https://github.com/slsa-framework/slsa-verifier" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "check_description": "Detects potential pipelines from which an artifact is published.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "check_description": "Check whether the commit came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "commit_digest: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "check_description": "Check whether the repo came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "repository_url: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "check_description": "Check whether the target has a level-1 witness provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -} diff --git a/tests/e2e/expected_results/slsa-verifier/slsa-verifier_explicitly_provided_cue_PASS.dl b/tests/e2e/expected_results/slsa-verifier/slsa-verifier_explicitly_provided_cue_PASS.dl new file mode 100644 index 000000000..253100908 --- /dev/null +++ b/tests/e2e/expected_results/slsa-verifier/slsa-verifier_explicitly_provided_cue_PASS.dl @@ -0,0 +1,21 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_build_as_code_1"), + check_passed(component_id, "mcn_build_script_1"), + check_passed(component_id, "mcn_build_service_1"), + check_passed(component_id, "mcn_provenance_available_1"), + check_passed(component_id, "mcn_provenance_derived_commit_1"), + check_passed(component_id, "mcn_provenance_derived_repo_1"), + check_passed(component_id, "mcn_provenance_expectation_1"), + check_passed(component_id, "mcn_trusted_builder_level_three_1"), + check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_infer_artifact_pipeline_1"), + check_failed(component_id, "mcn_provenance_witness_level_one_1"), + is_repo_url(component_id, "https://github.com/slsa-framework/slsa-verifier"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:github.com/slsa-framework/slsa-verifier@6fb4f7e2dd9c2f5d4f55fa88f6796278a7bba6d6"). diff --git a/tests/e2e/expected_results/slsa-verifier/slsa-verifier_explicitly_provided_cue_PASS.json b/tests/e2e/expected_results/slsa-verifier/slsa-verifier_explicitly_provided_cue_PASS.json deleted file mode 100644 index ef30c99f9..000000000 --- a/tests/e2e/expected_results/slsa-verifier/slsa-verifier_explicitly_provided_cue_PASS.json +++ /dev/null @@ -1,305 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-14 13:23:14", - "has_passing_check": true, - "run_checks": [ - "mcn_provenance_witness_level_one_1", - "mcn_provenance_derived_repo_1", - "mcn_build_as_code_1", - "mcn_provenance_available_1", - "mcn_version_control_system_1", - "mcn_provenance_expectation_1", - "mcn_trusted_builder_level_three_1", - "mcn_infer_artifact_pipeline_1", - "mcn_provenance_derived_commit_1", - "mcn_build_script_1", - "mcn_build_service_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_level_three_1": {}, - "mcn_provenance_witness_level_one_1": {}, - "mcn_provenance_expectation_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_infer_artifact_pipeline_1": {}, - "mcn_build_service_1": {} - } - }, - "mcn_build_script_1": {} - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:github.com/slsa-framework/slsa-verifier@6fb4f7e2dd9c2f5d4f55fa88f6796278a7bba6d6", - "local_cloned_path": "git_repos/github_com/slsa-framework/slsa-verifier", - "remote_path": "https://github.com/slsa-framework/slsa-verifier", - "branch": null, - "commit_hash": "6fb4f7e2dd9c2f5d4f55fa88f6796278a7bba6d6", - "commit_date": "2022-08-25T11:37:20-05:00" - }, - "provenances": { - "is_inferred": false, - "content": { - "github_actions": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "subject": [], - "predicateType": "https://slsa.dev/provenance/v0.2", - "predicate": { - "builder": { - "id": "" - }, - "buildType": "", - "invocation": { - "configSource": { - "uri": "", - "digest": { - "sha1": "" - }, - "entryPoint": "" - }, - "parameters": {}, - "environment": {} - }, - "buildConfig": { - "jobID": "", - "stepID": "" - }, - "metadata": { - "buildInvocationId": "", - "buildStartedOn": "", - "buildFinishedOn": "", - "completeness": { - "parameters": "false", - "environment": "false", - "materials": "false" - }, - "reproducible": "false" - }, - "materials": [ - { - "uri": "", - "digest": {} - } - ] - } - } - ] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 2, - "PASSED": 9, - "SKIPPED": 0, - "UNKNOWN": 0 - }, - "results": [ - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "build_tool_name: go", - "ci_service_name: github_actions", - "language: BuildLanguage.GO", - "build_tool_command: [\"go\", \"build\", \"-mod=vendor\"]", - { - "build_trigger": "https://github.com/slsa-framework/slsa-verifier/blob/6fb4f7e2dd9c2f5d4f55fa88f6796278a7bba6d6/.github/workflows/pre-submit.yml" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "check_description": "Check whether the commit came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "commit_info: The commit digest was found from provenance." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "check_description": "Check whether the repo came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "repository_info: The repository URL was found from provenance." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "build_tool_name: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.2.0", - "ci_service_name: github_actions", - { - "build_trigger": "https://github.com/slsa-framework/slsa-verifier/blob/6fb4f7e2dd9c2f5d4f55fa88f6796278a7bba6d6/.github/workflows/release.yml" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "git_repo": "https://github.com/slsa-framework/slsa-verifier" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "check_description": "Detects potential pipelines from which an artifact is published.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "check_description": "Check whether the target has a level-1 witness provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -} diff --git a/tests/e2e/expected_results/slsa-verifier/slsa-verifier_yml_invalid.json b/tests/e2e/expected_results/slsa-verifier/slsa-verifier_yml_invalid.json deleted file mode 100644 index 024ec0d3b..000000000 --- a/tests/e2e/expected_results/slsa-verifier/slsa-verifier_yml_invalid.json +++ /dev/null @@ -1,1843 +0,0 @@ -{ - "metadata": { - "timestamps": "2023-05-03 09:03:09" - }, - "target": { - "info": { - "full_name": "slsa-framework/slsa-verifier", - "local_cloned_path": "git_repos/github_com/slsa-framework/slsa-verifier", - "remote_path": "https://github.com/slsa-framework/slsa-verifier", - "branch": "main", - "commit_hash": "fc50b662fcfeeeb0e97243554b47d9b20b14efac", - "commit_date": "2022-10-04T01:00:02+00:00" - }, - "provenances": { - "is_inferred": false, - "content": { - "github_actions": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "predicateType": "https://slsa.dev/provenance/v0.2", - "subject": [ - { - "name": "slsa-verifier-darwin-amd64", - "digest": { - "sha256": "f9acf6384d1dc1cac8888f574e7a4bbd3ef8bbab48c3c105840918a35ade3e15" - } - } - ], - "predicate": { - "builder": { - "id": "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@refs/tags/v1.5.0" - }, - "buildType": "https://github.com/slsa-framework/slsa-github-generator/go@v1", - "invocation": { - "configSource": { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.2.0", - "digest": { - "sha1": "623cf20a23f3360549eafac6efe1a158960f15f9" - }, - "entryPoint": ".github/workflows/release.yml" - }, - "parameters": {}, - "environment": { - "arch": "X64", - "github_actor": "ianlewis", - "github_actor_id": "49289", - "github_base_ref": "", - "github_event_name": "push", - "github_event_payload": { - "after": "623cf20a23f3360549eafac6efe1a158960f15f9", - "base_ref": "refs/heads/main", - "before": "0000000000000000000000000000000000000000", - "commits": [], - "compare": "https://github.com/slsa-framework/slsa-verifier/compare/v2.2.0", - "created": true, - "deleted": false, - "forced": false, - "head_commit": { - "author": { - "email": "bot@renovateapp.com", - "name": "Mend Renovate", - "username": "renovate-bot" - }, - "committer": { - "email": "noreply@github.com", - "name": "GitHub", - "username": "web-flow" - }, - "distinct": true, - "id": "623cf20a23f3360549eafac6efe1a158960f15f9", - "message": "fix(deps): update npm (#535)\n\n* fix(deps): update npm\r\n\r\n---------\r\n\r\nSigned-off-by: Renovate Bot \r\nSigned-off-by: Ian Lewis \r\nCo-authored-by: Ian Lewis ", - "timestamp": "2023-04-11T13:41:24+09:00", - "tree_id": "1967185901c606931285cc613ba5da60c8ac843b", - "url": "https://github.com/slsa-framework/slsa-verifier/commit/623cf20a23f3360549eafac6efe1a158960f15f9" - }, - "organization": { - "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", - "description": "Supply-chain Levels for Software Artifacts", - "events_url": "https://api.github.com/orgs/slsa-framework/events", - "hooks_url": "https://api.github.com/orgs/slsa-framework/hooks", - "id": 80431187, - "issues_url": "https://api.github.com/orgs/slsa-framework/issues", - "login": "slsa-framework", - "members_url": "https://api.github.com/orgs/slsa-framework/members{/member}", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjgwNDMxMTg3", - "public_members_url": "https://api.github.com/orgs/slsa-framework/public_members{/member}", - "repos_url": "https://api.github.com/orgs/slsa-framework/repos", - "url": "https://api.github.com/orgs/slsa-framework" - }, - "pusher": { - "email": "ianlewis@google.com", - "name": "ianlewis" - }, - "ref": "refs/tags/v2.2.0", - "repository": { - "allow_forking": true, - "archive_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/{archive_format}{/ref}", - "archived": false, - "assignees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/assignees{/user}", - "blobs_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/blobs{/sha}", - "branches_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/branches{/branch}", - "clone_url": "https://github.com/slsa-framework/slsa-verifier.git", - "collaborators_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/collaborators{/collaborator}", - "comments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/comments{/number}", - "commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/commits{/sha}", - "compare_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/compare/{base}...{head}", - "contents_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contents/{+path}", - "contributors_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contributors", - "created_at": 1648242107, - "default_branch": "main", - "deployments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/deployments", - "description": "Verify provenance from SLSA compliant builders", - "disabled": false, - "downloads_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/downloads", - "events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/events", - "fork": false, - "forks": 31, - "forks_count": 31, - "forks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/forks", - "full_name": "slsa-framework/slsa-verifier", - "git_commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/commits{/sha}", - "git_refs_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/refs{/sha}", - "git_tags_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/tags{/sha}", - "git_url": "git://github.com/slsa-framework/slsa-verifier.git", - "has_discussions": false, - "has_downloads": true, - "has_issues": true, - "has_pages": false, - "has_projects": true, - "has_wiki": true, - "homepage": "", - "hooks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/hooks", - "html_url": "https://github.com/slsa-framework/slsa-verifier", - "id": 474162642, - "is_template": false, - "issue_comment_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues/comments{/number}", - "issue_events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues/events{/number}", - "issues_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues{/number}", - "keys_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/keys{/key_id}", - "labels_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/labels{/name}", - "language": "Go", - "languages_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/languages", - "license": { - "key": "apache-2.0", - "name": "Apache License 2.0", - "node_id": "MDc6TGljZW5zZTI=", - "spdx_id": "Apache-2.0", - "url": "https://api.github.com/licenses/apache-2.0" - }, - "master_branch": "main", - "merges_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/merges", - "milestones_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/milestones{/number}", - "mirror_url": null, - "name": "slsa-verifier", - "node_id": "R_kgDOHEMl0g", - "notifications_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/notifications{?since,all,participating}", - "open_issues": 95, - "open_issues_count": 95, - "organization": "slsa-framework", - "owner": { - "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", - "email": null, - "events_url": "https://api.github.com/users/slsa-framework/events{/privacy}", - "followers_url": "https://api.github.com/users/slsa-framework/followers", - "following_url": "https://api.github.com/users/slsa-framework/following{/other_user}", - "gists_url": "https://api.github.com/users/slsa-framework/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/slsa-framework", - "id": 80431187, - "login": "slsa-framework", - "name": "slsa-framework", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjgwNDMxMTg3", - "organizations_url": "https://api.github.com/users/slsa-framework/orgs", - "received_events_url": "https://api.github.com/users/slsa-framework/received_events", - "repos_url": "https://api.github.com/users/slsa-framework/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/slsa-framework/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/slsa-framework/subscriptions", - "type": "Organization", - "url": "https://api.github.com/users/slsa-framework" - }, - "private": false, - "pulls_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/pulls{/number}", - "pushed_at": 1681288221, - "releases_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/releases{/id}", - "size": 80560, - "ssh_url": "git@github.com:slsa-framework/slsa-verifier.git", - "stargazers": 92, - "stargazers_count": 92, - "stargazers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/stargazers", - "statuses_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/statuses/{sha}", - "subscribers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscribers", - "subscription_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscription", - "svn_url": "https://github.com/slsa-framework/slsa-verifier", - "tags_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/tags", - "teams_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/teams", - "topics": [], - "trees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/trees{/sha}", - "updated_at": "2023-04-11T16:08:11Z", - "url": "https://github.com/slsa-framework/slsa-verifier", - "visibility": "public", - "watchers": 92, - "watchers_count": 92, - "web_commit_signoff_required": true - }, - "sender": { - "avatar_url": "https://avatars.githubusercontent.com/u/49289?v=4", - "events_url": "https://api.github.com/users/ianlewis/events{/privacy}", - "followers_url": "https://api.github.com/users/ianlewis/followers", - "following_url": "https://api.github.com/users/ianlewis/following{/other_user}", - "gists_url": "https://api.github.com/users/ianlewis/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/ianlewis", - "id": 49289, - "login": "ianlewis", - "node_id": "MDQ6VXNlcjQ5Mjg5", - "organizations_url": "https://api.github.com/users/ianlewis/orgs", - "received_events_url": "https://api.github.com/users/ianlewis/received_events", - "repos_url": "https://api.github.com/users/ianlewis/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/ianlewis/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/ianlewis/subscriptions", - "type": "User", - "url": "https://api.github.com/users/ianlewis" - } - }, - "github_head_ref": "", - "github_ref": "refs/tags/v2.2.0", - "github_ref_type": "tag", - "github_repository_id": "474162642", - "github_repository_owner": "slsa-framework", - "github_repository_owner_id": "80431187", - "github_run_attempt": "1", - "github_run_id": "4676255666", - "github_run_number": "290", - "github_sha1": "623cf20a23f3360549eafac6efe1a158960f15f9", - "os": "ubuntu22" - } - }, - "buildConfig": { - "steps": [ - { - "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", - "command": [ - "/opt/hostedtoolcache/go/1.18.10/x64/bin/go", - "mod", - "vendor" - ], - "env": null - }, - { - "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", - "command": [ - "/opt/hostedtoolcache/go/1.18.10/x64/bin/go", - "build", - "-mod=vendor", - "-trimpath", - "-tags=netgo", - "-ldflags=-X sigs.k8s.io/release-utils/version.gitVersion=2.2.0", - "-o", - "slsa-verifier-darwin-amd64" - ], - "env": [ - "GOOS=darwin", - "GOARCH=amd64", - "GO111MODULE=on", - "CGO_ENABLED=0" - ] - } - ], - "version": 1 - }, - "metadata": { - "buildInvocationID": "4676255666-1", - "completeness": { - "parameters": true, - "environment": false, - "materials": false - }, - "reproducible": false - }, - "materials": [ - { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.2.0", - "digest": { - "sha1": "623cf20a23f3360549eafac6efe1a158960f15f9" - } - }, - { - "uri": "https://github.com/actions/virtual-environments/releases/tag/ubuntu22/20230402.1" - } - ] - } - }, - { - "_type": "https://in-toto.io/Statement/v0.1", - "predicateType": "https://slsa.dev/provenance/v0.2", - "subject": [ - { - "name": "slsa-verifier-darwin-arm64", - "digest": { - "sha256": "7e55f2065828bf0771e302a2a0f859c5a12d742b34b97c05d43e6a0cfc8fecf3" - } - } - ], - "predicate": { - "builder": { - "id": "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@refs/tags/v1.5.0" - }, - "buildType": "https://github.com/slsa-framework/slsa-github-generator/go@v1", - "invocation": { - "configSource": { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.2.0", - "digest": { - "sha1": "623cf20a23f3360549eafac6efe1a158960f15f9" - }, - "entryPoint": ".github/workflows/release.yml" - }, - "parameters": {}, - "environment": { - "arch": "X64", - "github_actor": "ianlewis", - "github_actor_id": "49289", - "github_base_ref": "", - "github_event_name": "push", - "github_event_payload": { - "after": "623cf20a23f3360549eafac6efe1a158960f15f9", - "base_ref": "refs/heads/main", - "before": "0000000000000000000000000000000000000000", - "commits": [], - "compare": "https://github.com/slsa-framework/slsa-verifier/compare/v2.2.0", - "created": true, - "deleted": false, - "forced": false, - "head_commit": { - "author": { - "email": "bot@renovateapp.com", - "name": "Mend Renovate", - "username": "renovate-bot" - }, - "committer": { - "email": "noreply@github.com", - "name": "GitHub", - "username": "web-flow" - }, - "distinct": true, - "id": "623cf20a23f3360549eafac6efe1a158960f15f9", - "message": "fix(deps): update npm (#535)\n\n* fix(deps): update npm\r\n\r\n---------\r\n\r\nSigned-off-by: Renovate Bot \r\nSigned-off-by: Ian Lewis \r\nCo-authored-by: Ian Lewis ", - "timestamp": "2023-04-11T13:41:24+09:00", - "tree_id": "1967185901c606931285cc613ba5da60c8ac843b", - "url": "https://github.com/slsa-framework/slsa-verifier/commit/623cf20a23f3360549eafac6efe1a158960f15f9" - }, - "organization": { - "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", - "description": "Supply-chain Levels for Software Artifacts", - "events_url": "https://api.github.com/orgs/slsa-framework/events", - "hooks_url": "https://api.github.com/orgs/slsa-framework/hooks", - "id": 80431187, - "issues_url": "https://api.github.com/orgs/slsa-framework/issues", - "login": "slsa-framework", - "members_url": "https://api.github.com/orgs/slsa-framework/members{/member}", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjgwNDMxMTg3", - "public_members_url": "https://api.github.com/orgs/slsa-framework/public_members{/member}", - "repos_url": "https://api.github.com/orgs/slsa-framework/repos", - "url": "https://api.github.com/orgs/slsa-framework" - }, - "pusher": { - "email": "ianlewis@google.com", - "name": "ianlewis" - }, - "ref": "refs/tags/v2.2.0", - "repository": { - "allow_forking": true, - "archive_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/{archive_format}{/ref}", - "archived": false, - "assignees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/assignees{/user}", - "blobs_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/blobs{/sha}", - "branches_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/branches{/branch}", - "clone_url": "https://github.com/slsa-framework/slsa-verifier.git", - "collaborators_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/collaborators{/collaborator}", - "comments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/comments{/number}", - "commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/commits{/sha}", - "compare_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/compare/{base}...{head}", - "contents_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contents/{+path}", - "contributors_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contributors", - "created_at": 1648242107, - "default_branch": "main", - "deployments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/deployments", - "description": "Verify provenance from SLSA compliant builders", - "disabled": false, - "downloads_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/downloads", - "events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/events", - "fork": false, - "forks": 31, - "forks_count": 31, - "forks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/forks", - "full_name": "slsa-framework/slsa-verifier", - "git_commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/commits{/sha}", - "git_refs_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/refs{/sha}", - "git_tags_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/tags{/sha}", - "git_url": "git://github.com/slsa-framework/slsa-verifier.git", - "has_discussions": false, - "has_downloads": true, - "has_issues": true, - "has_pages": false, - "has_projects": true, - "has_wiki": true, - "homepage": "", - "hooks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/hooks", - "html_url": "https://github.com/slsa-framework/slsa-verifier", - "id": 474162642, - "is_template": false, - "issue_comment_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues/comments{/number}", - "issue_events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues/events{/number}", - "issues_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues{/number}", - "keys_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/keys{/key_id}", - "labels_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/labels{/name}", - "language": "Go", - "languages_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/languages", - "license": { - "key": "apache-2.0", - "name": "Apache License 2.0", - "node_id": "MDc6TGljZW5zZTI=", - "spdx_id": "Apache-2.0", - "url": "https://api.github.com/licenses/apache-2.0" - }, - "master_branch": "main", - "merges_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/merges", - "milestones_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/milestones{/number}", - "mirror_url": null, - "name": "slsa-verifier", - "node_id": "R_kgDOHEMl0g", - "notifications_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/notifications{?since,all,participating}", - "open_issues": 95, - "open_issues_count": 95, - "organization": "slsa-framework", - "owner": { - "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", - "email": null, - "events_url": "https://api.github.com/users/slsa-framework/events{/privacy}", - "followers_url": "https://api.github.com/users/slsa-framework/followers", - "following_url": "https://api.github.com/users/slsa-framework/following{/other_user}", - "gists_url": "https://api.github.com/users/slsa-framework/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/slsa-framework", - "id": 80431187, - "login": "slsa-framework", - "name": "slsa-framework", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjgwNDMxMTg3", - "organizations_url": "https://api.github.com/users/slsa-framework/orgs", - "received_events_url": "https://api.github.com/users/slsa-framework/received_events", - "repos_url": "https://api.github.com/users/slsa-framework/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/slsa-framework/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/slsa-framework/subscriptions", - "type": "Organization", - "url": "https://api.github.com/users/slsa-framework" - }, - "private": false, - "pulls_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/pulls{/number}", - "pushed_at": 1681288221, - "releases_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/releases{/id}", - "size": 80560, - "ssh_url": "git@github.com:slsa-framework/slsa-verifier.git", - "stargazers": 92, - "stargazers_count": 92, - "stargazers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/stargazers", - "statuses_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/statuses/{sha}", - "subscribers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscribers", - "subscription_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscription", - "svn_url": "https://github.com/slsa-framework/slsa-verifier", - "tags_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/tags", - "teams_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/teams", - "topics": [], - "trees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/trees{/sha}", - "updated_at": "2023-04-11T16:08:11Z", - "url": "https://github.com/slsa-framework/slsa-verifier", - "visibility": "public", - "watchers": 92, - "watchers_count": 92, - "web_commit_signoff_required": true - }, - "sender": { - "avatar_url": "https://avatars.githubusercontent.com/u/49289?v=4", - "events_url": "https://api.github.com/users/ianlewis/events{/privacy}", - "followers_url": "https://api.github.com/users/ianlewis/followers", - "following_url": "https://api.github.com/users/ianlewis/following{/other_user}", - "gists_url": "https://api.github.com/users/ianlewis/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/ianlewis", - "id": 49289, - "login": "ianlewis", - "node_id": "MDQ6VXNlcjQ5Mjg5", - "organizations_url": "https://api.github.com/users/ianlewis/orgs", - "received_events_url": "https://api.github.com/users/ianlewis/received_events", - "repos_url": "https://api.github.com/users/ianlewis/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/ianlewis/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/ianlewis/subscriptions", - "type": "User", - "url": "https://api.github.com/users/ianlewis" - } - }, - "github_head_ref": "", - "github_ref": "refs/tags/v2.2.0", - "github_ref_type": "tag", - "github_repository_id": "474162642", - "github_repository_owner": "slsa-framework", - "github_repository_owner_id": "80431187", - "github_run_attempt": "1", - "github_run_id": "4676255666", - "github_run_number": "290", - "github_sha1": "623cf20a23f3360549eafac6efe1a158960f15f9", - "os": "ubuntu22" - } - }, - "buildConfig": { - "steps": [ - { - "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", - "command": [ - "/opt/hostedtoolcache/go/1.18.10/x64/bin/go", - "mod", - "vendor" - ], - "env": null - }, - { - "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", - "command": [ - "/opt/hostedtoolcache/go/1.18.10/x64/bin/go", - "build", - "-mod=vendor", - "-trimpath", - "-tags=netgo", - "-ldflags=-X sigs.k8s.io/release-utils/version.gitVersion=2.2.0", - "-o", - "slsa-verifier-darwin-arm64" - ], - "env": [ - "GOOS=darwin", - "GOARCH=arm64", - "GO111MODULE=on", - "CGO_ENABLED=0" - ] - } - ], - "version": 1 - }, - "metadata": { - "buildInvocationID": "4676255666-1", - "completeness": { - "parameters": true, - "environment": false, - "materials": false - }, - "reproducible": false - }, - "materials": [ - { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.2.0", - "digest": { - "sha1": "623cf20a23f3360549eafac6efe1a158960f15f9" - } - }, - { - "uri": "https://github.com/actions/virtual-environments/releases/tag/ubuntu22/20230402.1" - } - ] - } - }, - { - "_type": "https://in-toto.io/Statement/v0.1", - "predicateType": "https://slsa.dev/provenance/v0.2", - "subject": [ - { - "name": "slsa-verifier-linux-amd64", - "digest": { - "sha256": "8aaf12ce7691ca203c2ab000cbbc68140112acb3d08c4d338c06eb125dfd6b10" - } - } - ], - "predicate": { - "builder": { - "id": "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@refs/tags/v1.5.0" - }, - "buildType": "https://github.com/slsa-framework/slsa-github-generator/go@v1", - "invocation": { - "configSource": { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.2.0", - "digest": { - "sha1": "623cf20a23f3360549eafac6efe1a158960f15f9" - }, - "entryPoint": ".github/workflows/release.yml" - }, - "parameters": {}, - "environment": { - "arch": "X64", - "github_actor": "ianlewis", - "github_actor_id": "49289", - "github_base_ref": "", - "github_event_name": "push", - "github_event_payload": { - "after": "623cf20a23f3360549eafac6efe1a158960f15f9", - "base_ref": "refs/heads/main", - "before": "0000000000000000000000000000000000000000", - "commits": [], - "compare": "https://github.com/slsa-framework/slsa-verifier/compare/v2.2.0", - "created": true, - "deleted": false, - "forced": false, - "head_commit": { - "author": { - "email": "bot@renovateapp.com", - "name": "Mend Renovate", - "username": "renovate-bot" - }, - "committer": { - "email": "noreply@github.com", - "name": "GitHub", - "username": "web-flow" - }, - "distinct": true, - "id": "623cf20a23f3360549eafac6efe1a158960f15f9", - "message": "fix(deps): update npm (#535)\n\n* fix(deps): update npm\r\n\r\n---------\r\n\r\nSigned-off-by: Renovate Bot \r\nSigned-off-by: Ian Lewis \r\nCo-authored-by: Ian Lewis ", - "timestamp": "2023-04-11T13:41:24+09:00", - "tree_id": "1967185901c606931285cc613ba5da60c8ac843b", - "url": "https://github.com/slsa-framework/slsa-verifier/commit/623cf20a23f3360549eafac6efe1a158960f15f9" - }, - "organization": { - "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", - "description": "Supply-chain Levels for Software Artifacts", - "events_url": "https://api.github.com/orgs/slsa-framework/events", - "hooks_url": "https://api.github.com/orgs/slsa-framework/hooks", - "id": 80431187, - "issues_url": "https://api.github.com/orgs/slsa-framework/issues", - "login": "slsa-framework", - "members_url": "https://api.github.com/orgs/slsa-framework/members{/member}", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjgwNDMxMTg3", - "public_members_url": "https://api.github.com/orgs/slsa-framework/public_members{/member}", - "repos_url": "https://api.github.com/orgs/slsa-framework/repos", - "url": "https://api.github.com/orgs/slsa-framework" - }, - "pusher": { - "email": "ianlewis@google.com", - "name": "ianlewis" - }, - "ref": "refs/tags/v2.2.0", - "repository": { - "allow_forking": true, - "archive_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/{archive_format}{/ref}", - "archived": false, - "assignees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/assignees{/user}", - "blobs_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/blobs{/sha}", - "branches_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/branches{/branch}", - "clone_url": "https://github.com/slsa-framework/slsa-verifier.git", - "collaborators_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/collaborators{/collaborator}", - "comments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/comments{/number}", - "commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/commits{/sha}", - "compare_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/compare/{base}...{head}", - "contents_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contents/{+path}", - "contributors_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contributors", - "created_at": 1648242107, - "default_branch": "main", - "deployments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/deployments", - "description": "Verify provenance from SLSA compliant builders", - "disabled": false, - "downloads_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/downloads", - "events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/events", - "fork": false, - "forks": 31, - "forks_count": 31, - "forks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/forks", - "full_name": "slsa-framework/slsa-verifier", - "git_commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/commits{/sha}", - "git_refs_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/refs{/sha}", - "git_tags_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/tags{/sha}", - "git_url": "git://github.com/slsa-framework/slsa-verifier.git", - "has_discussions": false, - "has_downloads": true, - "has_issues": true, - "has_pages": false, - "has_projects": true, - "has_wiki": true, - "homepage": "", - "hooks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/hooks", - "html_url": "https://github.com/slsa-framework/slsa-verifier", - "id": 474162642, - "is_template": false, - "issue_comment_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues/comments{/number}", - "issue_events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues/events{/number}", - "issues_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues{/number}", - "keys_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/keys{/key_id}", - "labels_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/labels{/name}", - "language": "Go", - "languages_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/languages", - "license": { - "key": "apache-2.0", - "name": "Apache License 2.0", - "node_id": "MDc6TGljZW5zZTI=", - "spdx_id": "Apache-2.0", - "url": "https://api.github.com/licenses/apache-2.0" - }, - "master_branch": "main", - "merges_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/merges", - "milestones_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/milestones{/number}", - "mirror_url": null, - "name": "slsa-verifier", - "node_id": "R_kgDOHEMl0g", - "notifications_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/notifications{?since,all,participating}", - "open_issues": 95, - "open_issues_count": 95, - "organization": "slsa-framework", - "owner": { - "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", - "email": null, - "events_url": "https://api.github.com/users/slsa-framework/events{/privacy}", - "followers_url": "https://api.github.com/users/slsa-framework/followers", - "following_url": "https://api.github.com/users/slsa-framework/following{/other_user}", - "gists_url": "https://api.github.com/users/slsa-framework/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/slsa-framework", - "id": 80431187, - "login": "slsa-framework", - "name": "slsa-framework", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjgwNDMxMTg3", - "organizations_url": "https://api.github.com/users/slsa-framework/orgs", - "received_events_url": "https://api.github.com/users/slsa-framework/received_events", - "repos_url": "https://api.github.com/users/slsa-framework/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/slsa-framework/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/slsa-framework/subscriptions", - "type": "Organization", - "url": "https://api.github.com/users/slsa-framework" - }, - "private": false, - "pulls_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/pulls{/number}", - "pushed_at": 1681288221, - "releases_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/releases{/id}", - "size": 80560, - "ssh_url": "git@github.com:slsa-framework/slsa-verifier.git", - "stargazers": 92, - "stargazers_count": 92, - "stargazers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/stargazers", - "statuses_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/statuses/{sha}", - "subscribers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscribers", - "subscription_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscription", - "svn_url": "https://github.com/slsa-framework/slsa-verifier", - "tags_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/tags", - "teams_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/teams", - "topics": [], - "trees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/trees{/sha}", - "updated_at": "2023-04-11T16:08:11Z", - "url": "https://github.com/slsa-framework/slsa-verifier", - "visibility": "public", - "watchers": 92, - "watchers_count": 92, - "web_commit_signoff_required": true - }, - "sender": { - "avatar_url": "https://avatars.githubusercontent.com/u/49289?v=4", - "events_url": "https://api.github.com/users/ianlewis/events{/privacy}", - "followers_url": "https://api.github.com/users/ianlewis/followers", - "following_url": "https://api.github.com/users/ianlewis/following{/other_user}", - "gists_url": "https://api.github.com/users/ianlewis/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/ianlewis", - "id": 49289, - "login": "ianlewis", - "node_id": "MDQ6VXNlcjQ5Mjg5", - "organizations_url": "https://api.github.com/users/ianlewis/orgs", - "received_events_url": "https://api.github.com/users/ianlewis/received_events", - "repos_url": "https://api.github.com/users/ianlewis/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/ianlewis/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/ianlewis/subscriptions", - "type": "User", - "url": "https://api.github.com/users/ianlewis" - } - }, - "github_head_ref": "", - "github_ref": "refs/tags/v2.2.0", - "github_ref_type": "tag", - "github_repository_id": "474162642", - "github_repository_owner": "slsa-framework", - "github_repository_owner_id": "80431187", - "github_run_attempt": "1", - "github_run_id": "4676255666", - "github_run_number": "290", - "github_sha1": "623cf20a23f3360549eafac6efe1a158960f15f9", - "os": "ubuntu22" - } - }, - "buildConfig": { - "steps": [ - { - "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", - "command": [ - "/opt/hostedtoolcache/go/1.18.10/x64/bin/go", - "mod", - "vendor" - ], - "env": null - }, - { - "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", - "command": [ - "/opt/hostedtoolcache/go/1.18.10/x64/bin/go", - "build", - "-mod=vendor", - "-trimpath", - "-tags=netgo", - "-ldflags=-X sigs.k8s.io/release-utils/version.gitVersion=2.2.0", - "-o", - "slsa-verifier-linux-amd64" - ], - "env": [ - "GOOS=linux", - "GOARCH=amd64", - "GO111MODULE=on", - "CGO_ENABLED=0" - ] - } - ], - "version": 1 - }, - "metadata": { - "buildInvocationID": "4676255666-1", - "completeness": { - "parameters": true, - "environment": false, - "materials": false - }, - "reproducible": false - }, - "materials": [ - { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.2.0", - "digest": { - "sha1": "623cf20a23f3360549eafac6efe1a158960f15f9" - } - }, - { - "uri": "https://github.com/actions/virtual-environments/releases/tag/ubuntu22/20230402.1" - } - ] - } - }, - { - "_type": "https://in-toto.io/Statement/v0.1", - "predicateType": "https://slsa.dev/provenance/v0.2", - "subject": [ - { - "name": "slsa-verifier-linux-arm64", - "digest": { - "sha256": "2cfd1b5dfd32104909532354204680cd3d7579a59db276ccfef6f7dcc1bab981" - } - } - ], - "predicate": { - "builder": { - "id": "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@refs/tags/v1.5.0" - }, - "buildType": "https://github.com/slsa-framework/slsa-github-generator/go@v1", - "invocation": { - "configSource": { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.2.0", - "digest": { - "sha1": "623cf20a23f3360549eafac6efe1a158960f15f9" - }, - "entryPoint": ".github/workflows/release.yml" - }, - "parameters": {}, - "environment": { - "arch": "X64", - "github_actor": "ianlewis", - "github_actor_id": "49289", - "github_base_ref": "", - "github_event_name": "push", - "github_event_payload": { - "after": "623cf20a23f3360549eafac6efe1a158960f15f9", - "base_ref": "refs/heads/main", - "before": "0000000000000000000000000000000000000000", - "commits": [], - "compare": "https://github.com/slsa-framework/slsa-verifier/compare/v2.2.0", - "created": true, - "deleted": false, - "forced": false, - "head_commit": { - "author": { - "email": "bot@renovateapp.com", - "name": "Mend Renovate", - "username": "renovate-bot" - }, - "committer": { - "email": "noreply@github.com", - "name": "GitHub", - "username": "web-flow" - }, - "distinct": true, - "id": "623cf20a23f3360549eafac6efe1a158960f15f9", - "message": "fix(deps): update npm (#535)\n\n* fix(deps): update npm\r\n\r\n---------\r\n\r\nSigned-off-by: Renovate Bot \r\nSigned-off-by: Ian Lewis \r\nCo-authored-by: Ian Lewis ", - "timestamp": "2023-04-11T13:41:24+09:00", - "tree_id": "1967185901c606931285cc613ba5da60c8ac843b", - "url": "https://github.com/slsa-framework/slsa-verifier/commit/623cf20a23f3360549eafac6efe1a158960f15f9" - }, - "organization": { - "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", - "description": "Supply-chain Levels for Software Artifacts", - "events_url": "https://api.github.com/orgs/slsa-framework/events", - "hooks_url": "https://api.github.com/orgs/slsa-framework/hooks", - "id": 80431187, - "issues_url": "https://api.github.com/orgs/slsa-framework/issues", - "login": "slsa-framework", - "members_url": "https://api.github.com/orgs/slsa-framework/members{/member}", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjgwNDMxMTg3", - "public_members_url": "https://api.github.com/orgs/slsa-framework/public_members{/member}", - "repos_url": "https://api.github.com/orgs/slsa-framework/repos", - "url": "https://api.github.com/orgs/slsa-framework" - }, - "pusher": { - "email": "ianlewis@google.com", - "name": "ianlewis" - }, - "ref": "refs/tags/v2.2.0", - "repository": { - "allow_forking": true, - "archive_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/{archive_format}{/ref}", - "archived": false, - "assignees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/assignees{/user}", - "blobs_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/blobs{/sha}", - "branches_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/branches{/branch}", - "clone_url": "https://github.com/slsa-framework/slsa-verifier.git", - "collaborators_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/collaborators{/collaborator}", - "comments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/comments{/number}", - "commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/commits{/sha}", - "compare_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/compare/{base}...{head}", - "contents_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contents/{+path}", - "contributors_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contributors", - "created_at": 1648242107, - "default_branch": "main", - "deployments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/deployments", - "description": "Verify provenance from SLSA compliant builders", - "disabled": false, - "downloads_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/downloads", - "events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/events", - "fork": false, - "forks": 31, - "forks_count": 31, - "forks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/forks", - "full_name": "slsa-framework/slsa-verifier", - "git_commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/commits{/sha}", - "git_refs_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/refs{/sha}", - "git_tags_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/tags{/sha}", - "git_url": "git://github.com/slsa-framework/slsa-verifier.git", - "has_discussions": false, - "has_downloads": true, - "has_issues": true, - "has_pages": false, - "has_projects": true, - "has_wiki": true, - "homepage": "", - "hooks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/hooks", - "html_url": "https://github.com/slsa-framework/slsa-verifier", - "id": 474162642, - "is_template": false, - "issue_comment_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues/comments{/number}", - "issue_events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues/events{/number}", - "issues_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues{/number}", - "keys_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/keys{/key_id}", - "labels_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/labels{/name}", - "language": "Go", - "languages_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/languages", - "license": { - "key": "apache-2.0", - "name": "Apache License 2.0", - "node_id": "MDc6TGljZW5zZTI=", - "spdx_id": "Apache-2.0", - "url": "https://api.github.com/licenses/apache-2.0" - }, - "master_branch": "main", - "merges_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/merges", - "milestones_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/milestones{/number}", - "mirror_url": null, - "name": "slsa-verifier", - "node_id": "R_kgDOHEMl0g", - "notifications_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/notifications{?since,all,participating}", - "open_issues": 95, - "open_issues_count": 95, - "organization": "slsa-framework", - "owner": { - "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", - "email": null, - "events_url": "https://api.github.com/users/slsa-framework/events{/privacy}", - "followers_url": "https://api.github.com/users/slsa-framework/followers", - "following_url": "https://api.github.com/users/slsa-framework/following{/other_user}", - "gists_url": "https://api.github.com/users/slsa-framework/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/slsa-framework", - "id": 80431187, - "login": "slsa-framework", - "name": "slsa-framework", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjgwNDMxMTg3", - "organizations_url": "https://api.github.com/users/slsa-framework/orgs", - "received_events_url": "https://api.github.com/users/slsa-framework/received_events", - "repos_url": "https://api.github.com/users/slsa-framework/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/slsa-framework/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/slsa-framework/subscriptions", - "type": "Organization", - "url": "https://api.github.com/users/slsa-framework" - }, - "private": false, - "pulls_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/pulls{/number}", - "pushed_at": 1681288221, - "releases_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/releases{/id}", - "size": 80560, - "ssh_url": "git@github.com:slsa-framework/slsa-verifier.git", - "stargazers": 92, - "stargazers_count": 92, - "stargazers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/stargazers", - "statuses_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/statuses/{sha}", - "subscribers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscribers", - "subscription_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscription", - "svn_url": "https://github.com/slsa-framework/slsa-verifier", - "tags_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/tags", - "teams_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/teams", - "topics": [], - "trees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/trees{/sha}", - "updated_at": "2023-04-11T16:08:11Z", - "url": "https://github.com/slsa-framework/slsa-verifier", - "visibility": "public", - "watchers": 92, - "watchers_count": 92, - "web_commit_signoff_required": true - }, - "sender": { - "avatar_url": "https://avatars.githubusercontent.com/u/49289?v=4", - "events_url": "https://api.github.com/users/ianlewis/events{/privacy}", - "followers_url": "https://api.github.com/users/ianlewis/followers", - "following_url": "https://api.github.com/users/ianlewis/following{/other_user}", - "gists_url": "https://api.github.com/users/ianlewis/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/ianlewis", - "id": 49289, - "login": "ianlewis", - "node_id": "MDQ6VXNlcjQ5Mjg5", - "organizations_url": "https://api.github.com/users/ianlewis/orgs", - "received_events_url": "https://api.github.com/users/ianlewis/received_events", - "repos_url": "https://api.github.com/users/ianlewis/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/ianlewis/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/ianlewis/subscriptions", - "type": "User", - "url": "https://api.github.com/users/ianlewis" - } - }, - "github_head_ref": "", - "github_ref": "refs/tags/v2.2.0", - "github_ref_type": "tag", - "github_repository_id": "474162642", - "github_repository_owner": "slsa-framework", - "github_repository_owner_id": "80431187", - "github_run_attempt": "1", - "github_run_id": "4676255666", - "github_run_number": "290", - "github_sha1": "623cf20a23f3360549eafac6efe1a158960f15f9", - "os": "ubuntu22" - } - }, - "buildConfig": { - "steps": [ - { - "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", - "command": [ - "/opt/hostedtoolcache/go/1.18.10/x64/bin/go", - "mod", - "vendor" - ], - "env": null - }, - { - "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", - "command": [ - "/opt/hostedtoolcache/go/1.18.10/x64/bin/go", - "build", - "-mod=vendor", - "-trimpath", - "-tags=netgo", - "-ldflags=-X sigs.k8s.io/release-utils/version.gitVersion=2.2.0", - "-o", - "slsa-verifier-linux-arm64" - ], - "env": [ - "GOOS=linux", - "GOARCH=arm64", - "GO111MODULE=on", - "CGO_ENABLED=0" - ] - } - ], - "version": 1 - }, - "metadata": { - "buildInvocationID": "4676255666-1", - "completeness": { - "parameters": true, - "environment": false, - "materials": false - }, - "reproducible": false - }, - "materials": [ - { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.2.0", - "digest": { - "sha1": "623cf20a23f3360549eafac6efe1a158960f15f9" - } - }, - { - "uri": "https://github.com/actions/virtual-environments/releases/tag/ubuntu22/20230409.1" - } - ] - } - }, - { - "_type": "https://in-toto.io/Statement/v0.1", - "predicateType": "https://slsa.dev/provenance/v0.2", - "subject": [ - { - "name": "slsa-verifier-windows-amd64.exe", - "digest": { - "sha256": "4db8f2199dae3c29dcd9ddfdbd032722f376eb6cdef08c047aceae05c542262e" - } - } - ], - "predicate": { - "builder": { - "id": "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@refs/tags/v1.5.0" - }, - "buildType": "https://github.com/slsa-framework/slsa-github-generator/go@v1", - "invocation": { - "configSource": { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.2.0", - "digest": { - "sha1": "623cf20a23f3360549eafac6efe1a158960f15f9" - }, - "entryPoint": ".github/workflows/release.yml" - }, - "parameters": {}, - "environment": { - "arch": "X64", - "github_actor": "ianlewis", - "github_actor_id": "49289", - "github_base_ref": "", - "github_event_name": "push", - "github_event_payload": { - "after": "623cf20a23f3360549eafac6efe1a158960f15f9", - "base_ref": "refs/heads/main", - "before": "0000000000000000000000000000000000000000", - "commits": [], - "compare": "https://github.com/slsa-framework/slsa-verifier/compare/v2.2.0", - "created": true, - "deleted": false, - "forced": false, - "head_commit": { - "author": { - "email": "bot@renovateapp.com", - "name": "Mend Renovate", - "username": "renovate-bot" - }, - "committer": { - "email": "noreply@github.com", - "name": "GitHub", - "username": "web-flow" - }, - "distinct": true, - "id": "623cf20a23f3360549eafac6efe1a158960f15f9", - "message": "fix(deps): update npm (#535)\n\n* fix(deps): update npm\r\n\r\n---------\r\n\r\nSigned-off-by: Renovate Bot \r\nSigned-off-by: Ian Lewis \r\nCo-authored-by: Ian Lewis ", - "timestamp": "2023-04-11T13:41:24+09:00", - "tree_id": "1967185901c606931285cc613ba5da60c8ac843b", - "url": "https://github.com/slsa-framework/slsa-verifier/commit/623cf20a23f3360549eafac6efe1a158960f15f9" - }, - "organization": { - "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", - "description": "Supply-chain Levels for Software Artifacts", - "events_url": "https://api.github.com/orgs/slsa-framework/events", - "hooks_url": "https://api.github.com/orgs/slsa-framework/hooks", - "id": 80431187, - "issues_url": "https://api.github.com/orgs/slsa-framework/issues", - "login": "slsa-framework", - "members_url": "https://api.github.com/orgs/slsa-framework/members{/member}", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjgwNDMxMTg3", - "public_members_url": "https://api.github.com/orgs/slsa-framework/public_members{/member}", - "repos_url": "https://api.github.com/orgs/slsa-framework/repos", - "url": "https://api.github.com/orgs/slsa-framework" - }, - "pusher": { - "email": "ianlewis@google.com", - "name": "ianlewis" - }, - "ref": "refs/tags/v2.2.0", - "repository": { - "allow_forking": true, - "archive_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/{archive_format}{/ref}", - "archived": false, - "assignees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/assignees{/user}", - "blobs_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/blobs{/sha}", - "branches_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/branches{/branch}", - "clone_url": "https://github.com/slsa-framework/slsa-verifier.git", - "collaborators_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/collaborators{/collaborator}", - "comments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/comments{/number}", - "commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/commits{/sha}", - "compare_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/compare/{base}...{head}", - "contents_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contents/{+path}", - "contributors_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contributors", - "created_at": 1648242107, - "default_branch": "main", - "deployments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/deployments", - "description": "Verify provenance from SLSA compliant builders", - "disabled": false, - "downloads_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/downloads", - "events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/events", - "fork": false, - "forks": 31, - "forks_count": 31, - "forks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/forks", - "full_name": "slsa-framework/slsa-verifier", - "git_commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/commits{/sha}", - "git_refs_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/refs{/sha}", - "git_tags_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/tags{/sha}", - "git_url": "git://github.com/slsa-framework/slsa-verifier.git", - "has_discussions": false, - "has_downloads": true, - "has_issues": true, - "has_pages": false, - "has_projects": true, - "has_wiki": true, - "homepage": "", - "hooks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/hooks", - "html_url": "https://github.com/slsa-framework/slsa-verifier", - "id": 474162642, - "is_template": false, - "issue_comment_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues/comments{/number}", - "issue_events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues/events{/number}", - "issues_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues{/number}", - "keys_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/keys{/key_id}", - "labels_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/labels{/name}", - "language": "Go", - "languages_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/languages", - "license": { - "key": "apache-2.0", - "name": "Apache License 2.0", - "node_id": "MDc6TGljZW5zZTI=", - "spdx_id": "Apache-2.0", - "url": "https://api.github.com/licenses/apache-2.0" - }, - "master_branch": "main", - "merges_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/merges", - "milestones_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/milestones{/number}", - "mirror_url": null, - "name": "slsa-verifier", - "node_id": "R_kgDOHEMl0g", - "notifications_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/notifications{?since,all,participating}", - "open_issues": 95, - "open_issues_count": 95, - "organization": "slsa-framework", - "owner": { - "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", - "email": null, - "events_url": "https://api.github.com/users/slsa-framework/events{/privacy}", - "followers_url": "https://api.github.com/users/slsa-framework/followers", - "following_url": "https://api.github.com/users/slsa-framework/following{/other_user}", - "gists_url": "https://api.github.com/users/slsa-framework/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/slsa-framework", - "id": 80431187, - "login": "slsa-framework", - "name": "slsa-framework", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjgwNDMxMTg3", - "organizations_url": "https://api.github.com/users/slsa-framework/orgs", - "received_events_url": "https://api.github.com/users/slsa-framework/received_events", - "repos_url": "https://api.github.com/users/slsa-framework/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/slsa-framework/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/slsa-framework/subscriptions", - "type": "Organization", - "url": "https://api.github.com/users/slsa-framework" - }, - "private": false, - "pulls_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/pulls{/number}", - "pushed_at": 1681288221, - "releases_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/releases{/id}", - "size": 80560, - "ssh_url": "git@github.com:slsa-framework/slsa-verifier.git", - "stargazers": 92, - "stargazers_count": 92, - "stargazers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/stargazers", - "statuses_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/statuses/{sha}", - "subscribers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscribers", - "subscription_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscription", - "svn_url": "https://github.com/slsa-framework/slsa-verifier", - "tags_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/tags", - "teams_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/teams", - "topics": [], - "trees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/trees{/sha}", - "updated_at": "2023-04-11T16:08:11Z", - "url": "https://github.com/slsa-framework/slsa-verifier", - "visibility": "public", - "watchers": 92, - "watchers_count": 92, - "web_commit_signoff_required": true - }, - "sender": { - "avatar_url": "https://avatars.githubusercontent.com/u/49289?v=4", - "events_url": "https://api.github.com/users/ianlewis/events{/privacy}", - "followers_url": "https://api.github.com/users/ianlewis/followers", - "following_url": "https://api.github.com/users/ianlewis/following{/other_user}", - "gists_url": "https://api.github.com/users/ianlewis/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/ianlewis", - "id": 49289, - "login": "ianlewis", - "node_id": "MDQ6VXNlcjQ5Mjg5", - "organizations_url": "https://api.github.com/users/ianlewis/orgs", - "received_events_url": "https://api.github.com/users/ianlewis/received_events", - "repos_url": "https://api.github.com/users/ianlewis/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/ianlewis/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/ianlewis/subscriptions", - "type": "User", - "url": "https://api.github.com/users/ianlewis" - } - }, - "github_head_ref": "", - "github_ref": "refs/tags/v2.2.0", - "github_ref_type": "tag", - "github_repository_id": "474162642", - "github_repository_owner": "slsa-framework", - "github_repository_owner_id": "80431187", - "github_run_attempt": "1", - "github_run_id": "4676255666", - "github_run_number": "290", - "github_sha1": "623cf20a23f3360549eafac6efe1a158960f15f9", - "os": "ubuntu22" - } - }, - "buildConfig": { - "steps": [ - { - "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", - "command": [ - "/opt/hostedtoolcache/go/1.18.10/x64/bin/go", - "mod", - "vendor" - ], - "env": null - }, - { - "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", - "command": [ - "/opt/hostedtoolcache/go/1.18.10/x64/bin/go", - "build", - "-mod=vendor", - "-trimpath", - "-tags=netgo", - "-ldflags=-X sigs.k8s.io/release-utils/version.gitVersion=2.2.0", - "-o", - "slsa-verifier-windows-amd64.exe" - ], - "env": [ - "GOOS=windows", - "GOARCH=amd64", - "GO111MODULE=on", - "CGO_ENABLED=0" - ] - } - ], - "version": 1 - }, - "metadata": { - "buildInvocationID": "4676255666-1", - "completeness": { - "parameters": true, - "environment": false, - "materials": false - }, - "reproducible": false - }, - "materials": [ - { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.2.0", - "digest": { - "sha1": "623cf20a23f3360549eafac6efe1a158960f15f9" - } - }, - { - "uri": "https://github.com/actions/virtual-environments/releases/tag/ubuntu22/20230402.1" - } - ] - } - }, - { - "_type": "https://in-toto.io/Statement/v0.1", - "predicateType": "https://slsa.dev/provenance/v0.2", - "subject": [ - { - "name": "slsa-verifier-windows-arm64.exe", - "digest": { - "sha256": "d9eacf659da72e33033201b6686282259dbe2ec5fd270b075aa0160bd093f2e1" - } - } - ], - "predicate": { - "builder": { - "id": "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@refs/tags/v1.5.0" - }, - "buildType": "https://github.com/slsa-framework/slsa-github-generator/go@v1", - "invocation": { - "configSource": { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.2.0", - "digest": { - "sha1": "623cf20a23f3360549eafac6efe1a158960f15f9" - }, - "entryPoint": ".github/workflows/release.yml" - }, - "parameters": {}, - "environment": { - "arch": "X64", - "github_actor": "ianlewis", - "github_actor_id": "49289", - "github_base_ref": "", - "github_event_name": "push", - "github_event_payload": { - "after": "623cf20a23f3360549eafac6efe1a158960f15f9", - "base_ref": "refs/heads/main", - "before": "0000000000000000000000000000000000000000", - "commits": [], - "compare": "https://github.com/slsa-framework/slsa-verifier/compare/v2.2.0", - "created": true, - "deleted": false, - "forced": false, - "head_commit": { - "author": { - "email": "bot@renovateapp.com", - "name": "Mend Renovate", - "username": "renovate-bot" - }, - "committer": { - "email": "noreply@github.com", - "name": "GitHub", - "username": "web-flow" - }, - "distinct": true, - "id": "623cf20a23f3360549eafac6efe1a158960f15f9", - "message": "fix(deps): update npm (#535)\n\n* fix(deps): update npm\r\n\r\n---------\r\n\r\nSigned-off-by: Renovate Bot \r\nSigned-off-by: Ian Lewis \r\nCo-authored-by: Ian Lewis ", - "timestamp": "2023-04-11T13:41:24+09:00", - "tree_id": "1967185901c606931285cc613ba5da60c8ac843b", - "url": "https://github.com/slsa-framework/slsa-verifier/commit/623cf20a23f3360549eafac6efe1a158960f15f9" - }, - "organization": { - "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", - "description": "Supply-chain Levels for Software Artifacts", - "events_url": "https://api.github.com/orgs/slsa-framework/events", - "hooks_url": "https://api.github.com/orgs/slsa-framework/hooks", - "id": 80431187, - "issues_url": "https://api.github.com/orgs/slsa-framework/issues", - "login": "slsa-framework", - "members_url": "https://api.github.com/orgs/slsa-framework/members{/member}", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjgwNDMxMTg3", - "public_members_url": "https://api.github.com/orgs/slsa-framework/public_members{/member}", - "repos_url": "https://api.github.com/orgs/slsa-framework/repos", - "url": "https://api.github.com/orgs/slsa-framework" - }, - "pusher": { - "email": "ianlewis@google.com", - "name": "ianlewis" - }, - "ref": "refs/tags/v2.2.0", - "repository": { - "allow_forking": true, - "archive_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/{archive_format}{/ref}", - "archived": false, - "assignees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/assignees{/user}", - "blobs_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/blobs{/sha}", - "branches_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/branches{/branch}", - "clone_url": "https://github.com/slsa-framework/slsa-verifier.git", - "collaborators_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/collaborators{/collaborator}", - "comments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/comments{/number}", - "commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/commits{/sha}", - "compare_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/compare/{base}...{head}", - "contents_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contents/{+path}", - "contributors_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contributors", - "created_at": 1648242107, - "default_branch": "main", - "deployments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/deployments", - "description": "Verify provenance from SLSA compliant builders", - "disabled": false, - "downloads_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/downloads", - "events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/events", - "fork": false, - "forks": 31, - "forks_count": 31, - "forks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/forks", - "full_name": "slsa-framework/slsa-verifier", - "git_commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/commits{/sha}", - "git_refs_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/refs{/sha}", - "git_tags_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/tags{/sha}", - "git_url": "git://github.com/slsa-framework/slsa-verifier.git", - "has_discussions": false, - "has_downloads": true, - "has_issues": true, - "has_pages": false, - "has_projects": true, - "has_wiki": true, - "homepage": "", - "hooks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/hooks", - "html_url": "https://github.com/slsa-framework/slsa-verifier", - "id": 474162642, - "is_template": false, - "issue_comment_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues/comments{/number}", - "issue_events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues/events{/number}", - "issues_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/issues{/number}", - "keys_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/keys{/key_id}", - "labels_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/labels{/name}", - "language": "Go", - "languages_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/languages", - "license": { - "key": "apache-2.0", - "name": "Apache License 2.0", - "node_id": "MDc6TGljZW5zZTI=", - "spdx_id": "Apache-2.0", - "url": "https://api.github.com/licenses/apache-2.0" - }, - "master_branch": "main", - "merges_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/merges", - "milestones_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/milestones{/number}", - "mirror_url": null, - "name": "slsa-verifier", - "node_id": "R_kgDOHEMl0g", - "notifications_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/notifications{?since,all,participating}", - "open_issues": 95, - "open_issues_count": 95, - "organization": "slsa-framework", - "owner": { - "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", - "email": null, - "events_url": "https://api.github.com/users/slsa-framework/events{/privacy}", - "followers_url": "https://api.github.com/users/slsa-framework/followers", - "following_url": "https://api.github.com/users/slsa-framework/following{/other_user}", - "gists_url": "https://api.github.com/users/slsa-framework/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/slsa-framework", - "id": 80431187, - "login": "slsa-framework", - "name": "slsa-framework", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjgwNDMxMTg3", - "organizations_url": "https://api.github.com/users/slsa-framework/orgs", - "received_events_url": "https://api.github.com/users/slsa-framework/received_events", - "repos_url": "https://api.github.com/users/slsa-framework/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/slsa-framework/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/slsa-framework/subscriptions", - "type": "Organization", - "url": "https://api.github.com/users/slsa-framework" - }, - "private": false, - "pulls_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/pulls{/number}", - "pushed_at": 1681288221, - "releases_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/releases{/id}", - "size": 80560, - "ssh_url": "git@github.com:slsa-framework/slsa-verifier.git", - "stargazers": 92, - "stargazers_count": 92, - "stargazers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/stargazers", - "statuses_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/statuses/{sha}", - "subscribers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscribers", - "subscription_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscription", - "svn_url": "https://github.com/slsa-framework/slsa-verifier", - "tags_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/tags", - "teams_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/teams", - "topics": [], - "trees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/trees{/sha}", - "updated_at": "2023-04-11T16:08:11Z", - "url": "https://github.com/slsa-framework/slsa-verifier", - "visibility": "public", - "watchers": 92, - "watchers_count": 92, - "web_commit_signoff_required": true - }, - "sender": { - "avatar_url": "https://avatars.githubusercontent.com/u/49289?v=4", - "events_url": "https://api.github.com/users/ianlewis/events{/privacy}", - "followers_url": "https://api.github.com/users/ianlewis/followers", - "following_url": "https://api.github.com/users/ianlewis/following{/other_user}", - "gists_url": "https://api.github.com/users/ianlewis/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/ianlewis", - "id": 49289, - "login": "ianlewis", - "node_id": "MDQ6VXNlcjQ5Mjg5", - "organizations_url": "https://api.github.com/users/ianlewis/orgs", - "received_events_url": "https://api.github.com/users/ianlewis/received_events", - "repos_url": "https://api.github.com/users/ianlewis/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/ianlewis/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/ianlewis/subscriptions", - "type": "User", - "url": "https://api.github.com/users/ianlewis" - } - }, - "github_head_ref": "", - "github_ref": "refs/tags/v2.2.0", - "github_ref_type": "tag", - "github_repository_id": "474162642", - "github_repository_owner": "slsa-framework", - "github_repository_owner_id": "80431187", - "github_run_attempt": "1", - "github_run_id": "4676255666", - "github_run_number": "290", - "github_sha1": "623cf20a23f3360549eafac6efe1a158960f15f9", - "os": "ubuntu22" - } - }, - "buildConfig": { - "steps": [ - { - "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", - "command": [ - "/opt/hostedtoolcache/go/1.18.10/x64/bin/go", - "mod", - "vendor" - ], - "env": null - }, - { - "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", - "command": [ - "/opt/hostedtoolcache/go/1.18.10/x64/bin/go", - "build", - "-mod=vendor", - "-trimpath", - "-tags=netgo", - "-ldflags=-X sigs.k8s.io/release-utils/version.gitVersion=2.2.0", - "-o", - "slsa-verifier-windows-arm64.exe" - ], - "env": [ - "GOOS=windows", - "GOARCH=arm64", - "CGO_ENABLED=0", - "GO111MODULE=on" - ] - } - ], - "version": 1 - }, - "metadata": { - "buildInvocationID": "4676255666-1", - "completeness": { - "parameters": true, - "environment": false, - "materials": false - }, - "reproducible": false - }, - "materials": [ - { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.2.0", - "digest": { - "sha1": "623cf20a23f3360549eafac6efe1a158960f15f9" - } - }, - { - "uri": "https://github.com/actions/virtual-environments/releases/tag/ubuntu22/20230402.1" - } - ] - } - } - ] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 0, - "PASSED": 7, - "SKIPPED": 0, - "UNKNOWN": 0 - }, - "results": [ - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - "No policy defined for this repository." - ], - "result_type": "UNKNOWN" - }, - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Check mcn_build_as_code_1 is set to PASSED because mcn_trusted_builder_level_three_1 PASSED." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "Check mcn_build_script_1 is set to PASSED because mcn_build_service_1 PASSED." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "Check mcn_build_service_1 is set to PASSED because mcn_build_as_code_1 PASSED." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Found provenance in release assets:", - "slsa-verifier-darwin-amd64.intoto.jsonl", - "slsa-verifier-darwin-arm64.intoto.jsonl", - "slsa-verifier-linux-amd64.intoto.jsonl", - "slsa-verifier-linux-arm64.intoto.jsonl", - "slsa-verifier-windows-amd64.exe.intoto.jsonl", - "slsa-verifier-windows-arm64.exe.intoto.jsonl" - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Successfully verified level 3: ", - "verify passed: slsa-verifier-darwin-amd64,verify passed: slsa-verifier-darwin-arm64,verify passed: slsa-verifier-linux-amd64,verify passed: slsa-verifier-linux-arm64,verify passed: slsa-verifier-windows-amd64.exe,verify passed: slsa-verifier-windows-arm64.exe" - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - { - "Found trusted builder GitHub Actions: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.2.0 triggered by": "https://github.com/slsa-framework/slsa-verifier/blob/fc50b662fcfeeeb0e97243554b47d9b20b14efac/.github/workflows/release.yml" - }, - "However, could not find a passing workflow run." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "This is a Git repository": "https://github.com/slsa-framework/slsa-verifier" - } - ], - "result_type": "PASSED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -} diff --git a/tests/e2e/expected_results/snakeyaml/snakeyaml.dl b/tests/e2e/expected_results/snakeyaml/snakeyaml.dl new file mode 100644 index 000000000..3940f2b8a --- /dev/null +++ b/tests/e2e/expected_results/snakeyaml/snakeyaml.dl @@ -0,0 +1,22 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_build_script_1"), + check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_build_as_code_1"), + check_failed(component_id, "mcn_build_service_1"), + check_failed(component_id, "mcn_infer_artifact_pipeline_1"), + check_failed(component_id, "mcn_provenance_available_1"), + check_failed(component_id, "mcn_provenance_derived_commit_1"), + check_failed(component_id, "mcn_provenance_derived_repo_1"), + check_failed(component_id, "mcn_provenance_expectation_1"), + check_failed(component_id, "mcn_provenance_level_three_1"), + check_failed(component_id, "mcn_provenance_witness_level_one_1"), + check_failed(component_id, "mcn_trusted_builder_level_three_1"), + is_repo_url(component_id, "https://bitbucket.org/snakeyaml/snakeyaml"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:bitbucket.org/snakeyaml/snakeyaml@a34989252e6f59e36a3aaf788a903b7a37a73d33"). diff --git a/tests/e2e/expected_results/snakeyaml/snakeyaml.json b/tests/e2e/expected_results/snakeyaml/snakeyaml.json deleted file mode 100644 index be8c5866d..000000000 --- a/tests/e2e/expected_results/snakeyaml/snakeyaml.json +++ /dev/null @@ -1,266 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-07 15:14:26", - "has_passing_check": true, - "run_checks": [ - "mcn_provenance_available_1", - "mcn_provenance_witness_level_one_1", - "mcn_build_as_code_1", - "mcn_provenance_derived_commit_1", - "mcn_provenance_level_three_1", - "mcn_version_control_system_1", - "mcn_infer_artifact_pipeline_1", - "mcn_trusted_builder_level_three_1", - "mcn_build_script_1", - "mcn_build_service_1", - "mcn_provenance_expectation_1", - "mcn_provenance_derived_repo_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_level_three_1": {}, - "mcn_provenance_witness_level_one_1": {}, - "mcn_provenance_expectation_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_build_script_1": {}, - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_infer_artifact_pipeline_1": {}, - "mcn_build_service_1": {} - } - } - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:bitbucket.org/snakeyaml/snakeyaml@a34989252e6f59e36a3aaf788a903b7a37a73d33", - "local_cloned_path": "local_repos/snakeyaml", - "remote_path": "https://bitbucket.org/snakeyaml/snakeyaml", - "branch": null, - "commit_hash": "a34989252e6f59e36a3aaf788a903b7a37a73d33", - "commit_date": "2023-08-27T12:25:20+04:00" - }, - "provenances": { - "is_inferred": true, - "content": { - "Maven Central Registry": [] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 10, - "PASSED": 2, - "SKIPPED": 0, - "UNKNOWN": 0 - }, - "results": [ - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "git_repo": "https://bitbucket.org/snakeyaml/snakeyaml" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "check_description": "Detects potential pipelines from which an artifact is published.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "check_description": "Check whether the commit came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "commit_digest: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "check_description": "Check whether the repo came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "repository_url: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "check_description": "Check whether the target has a level-1 witness provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -} diff --git a/tests/e2e/expected_results/tinyMediaManager/tinyMediaManager.dl b/tests/e2e/expected_results/tinyMediaManager/tinyMediaManager.dl new file mode 100644 index 000000000..1a1bd419c --- /dev/null +++ b/tests/e2e/expected_results/tinyMediaManager/tinyMediaManager.dl @@ -0,0 +1,22 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_build_script_1"), + check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_build_as_code_1"), + check_failed(component_id, "mcn_build_service_1"), + check_failed(component_id, "mcn_infer_artifact_pipeline_1"), + check_failed(component_id, "mcn_provenance_available_1"), + check_failed(component_id, "mcn_provenance_derived_commit_1"), + check_failed(component_id, "mcn_provenance_derived_repo_1"), + check_failed(component_id, "mcn_provenance_expectation_1"), + check_failed(component_id, "mcn_provenance_level_three_1"), + check_failed(component_id, "mcn_provenance_witness_level_one_1"), + check_failed(component_id, "mcn_trusted_builder_level_three_1"), + is_repo_url(component_id, "https://gitlab.com/tinyMediaManager/tinyMediaManager"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:gitlab.com/tinyMediaManager/tinyMediaManager@cca6b67a335074eca42136556f0a321f75dc4f48"). diff --git a/tests/e2e/expected_results/tinyMediaManager/tinyMediaManager.json b/tests/e2e/expected_results/tinyMediaManager/tinyMediaManager.json deleted file mode 100644 index 30c1b67c5..000000000 --- a/tests/e2e/expected_results/tinyMediaManager/tinyMediaManager.json +++ /dev/null @@ -1,311 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-07 15:09:37", - "has_passing_check": true, - "run_checks": [ - "mcn_provenance_available_1", - "mcn_provenance_witness_level_one_1", - "mcn_build_as_code_1", - "mcn_provenance_derived_commit_1", - "mcn_provenance_level_three_1", - "mcn_version_control_system_1", - "mcn_infer_artifact_pipeline_1", - "mcn_trusted_builder_level_three_1", - "mcn_build_script_1", - "mcn_build_service_1", - "mcn_provenance_expectation_1", - "mcn_provenance_derived_repo_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_level_three_1": {}, - "mcn_provenance_witness_level_one_1": {}, - "mcn_provenance_expectation_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_infer_artifact_pipeline_1": {}, - "mcn_build_service_1": {} - } - }, - "mcn_build_script_1": {} - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:gitlab.com/tinyMediaManager/tinyMediaManager@cca6b67a335074eca42136556f0a321f75dc4f48", - "local_cloned_path": "git_repos/gitlab_com/tinyMediaManager/tinyMediaManager", - "remote_path": "https://gitlab.com/tinyMediaManager/tinyMediaManager", - "branch": "main", - "commit_hash": "cca6b67a335074eca42136556f0a321f75dc4f48", - "commit_date": "2023-05-23T15:54:04+00:00" - }, - "provenances": { - "is_inferred": true, - "content": { - "gitlab_ci": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "subject": [], - "predicateType": "https://slsa.dev/provenance/v0.2", - "predicate": { - "builder": { - "id": "" - }, - "buildType": "", - "invocation": { - "configSource": { - "uri": "", - "digest": { - "sha1": "" - }, - "entryPoint": "" - }, - "parameters": {}, - "environment": {} - }, - "buildConfig": { - "jobID": "", - "stepID": "" - }, - "metadata": { - "buildInvocationId": "", - "buildStartedOn": "", - "buildFinishedOn": "", - "completeness": { - "parameters": "false", - "environment": "false", - "materials": "false" - }, - "reproducible": "false" - }, - "materials": [ - { - "uri": "", - "digest": {} - } - ] - } - } - ], - "Maven Central Registry": [] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 10, - "PASSED": 2, - "SKIPPED": 0, - "UNKNOWN": 0 - }, - "results": [ - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "git_repo": "https://gitlab.com/tinyMediaManager/tinyMediaManager" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "check_description": "Detects potential pipelines from which an artifact is published.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "check_description": "Check whether the commit came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "commit_digest: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "check_description": "Check whether the repo came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "repository_url: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "check_description": "Check whether the target has a level-1 witness provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -} diff --git a/tests/e2e/expected_results/uiv/uiv.dl b/tests/e2e/expected_results/uiv/uiv.dl new file mode 100644 index 000000000..e31e0050e --- /dev/null +++ b/tests/e2e/expected_results/uiv/uiv.dl @@ -0,0 +1,22 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_build_as_code_1"), + check_passed(component_id, "mcn_build_script_1"), + check_passed(component_id, "mcn_build_service_1"), + check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_infer_artifact_pipeline_1"), + check_failed(component_id, "mcn_provenance_available_1"), + check_failed(component_id, "mcn_provenance_derived_commit_1"), + check_failed(component_id, "mcn_provenance_derived_repo_1"), + check_failed(component_id, "mcn_provenance_expectation_1"), + check_failed(component_id, "mcn_provenance_level_three_1"), + check_failed(component_id, "mcn_provenance_witness_level_one_1"), + check_failed(component_id, "mcn_trusted_builder_level_three_1"), + is_repo_url(component_id, "https://github.com/uiv-lib/uiv"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:github.com/uiv-lib/uiv@057b25b4db0913edab4cf728c306085e6fc20d49"). diff --git a/tests/e2e/expected_results/uiv/uiv.json b/tests/e2e/expected_results/uiv/uiv.json deleted file mode 100644 index 678a2f17c..000000000 --- a/tests/e2e/expected_results/uiv/uiv.json +++ /dev/null @@ -1,324 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-07 15:10:16", - "has_passing_check": true, - "run_checks": [ - "mcn_provenance_available_1", - "mcn_provenance_witness_level_one_1", - "mcn_build_as_code_1", - "mcn_provenance_derived_commit_1", - "mcn_provenance_level_three_1", - "mcn_version_control_system_1", - "mcn_infer_artifact_pipeline_1", - "mcn_trusted_builder_level_three_1", - "mcn_build_script_1", - "mcn_build_service_1", - "mcn_provenance_expectation_1", - "mcn_provenance_derived_repo_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_level_three_1": {}, - "mcn_provenance_expectation_1": {}, - "mcn_provenance_witness_level_one_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_infer_artifact_pipeline_1": {}, - "mcn_build_service_1": {} - } - }, - "mcn_build_script_1": {} - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:github.com/uiv-lib/uiv@057b25b4db0913edab4cf728c306085e6fc20d49", - "local_cloned_path": "git_repos/github_com/uiv-lib/uiv", - "remote_path": "https://github.com/uiv-lib/uiv", - "branch": "dev", - "commit_hash": "057b25b4db0913edab4cf728c306085e6fc20d49", - "commit_date": "2023-08-27T00:14:30+00:00" - }, - "provenances": { - "is_inferred": true, - "content": { - "github_actions": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "subject": [], - "predicateType": "https://slsa.dev/provenance/v0.2", - "predicate": { - "builder": { - "id": "https://github.com/uiv-lib/uiv/blob/057b25b4db0913edab4cf728c306085e6fc20d49/.github/workflows/publish_npm.yaml" - }, - "buildType": "Custom github_actions", - "invocation": { - "configSource": { - "uri": "https://github.com/uiv-lib/uiv@refs/heads/dev", - "digest": { - "sha1": "057b25b4db0913edab4cf728c306085e6fc20d49" - }, - "entryPoint": "https://github.com/uiv-lib/uiv/blob/057b25b4db0913edab4cf728c306085e6fc20d49/.github/workflows/publish_npm.yaml" - }, - "parameters": {}, - "environment": {} - }, - "buildConfig": { - "jobID": "deploy_npm", - "stepID": "", - "stepName": "Publish NPM" - }, - "metadata": { - "buildInvocationId": "", - "buildStartedOn": "", - "buildFinishedOn": "", - "completeness": { - "parameters": "false", - "environment": "false", - "materials": "false" - }, - "reproducible": "false" - }, - "materials": [ - { - "uri": "", - "digest": {} - } - ] - } - } - ], - "npm Registry": [] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 8, - "PASSED": 4, - "SKIPPED": 0, - "UNKNOWN": 0 - }, - "results": [ - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "build_tool_name: npm", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVASCRIPT", - "deploy_command: [\"npm\", \"publish\"]", - { - "build_trigger": "https://github.com/uiv-lib/uiv/blob/057b25b4db0913edab4cf728c306085e6fc20d49/.github/workflows/publish_npm.yaml" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "build_tool_name: npm", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVASCRIPT", - "build_tool_command: [\"pnpm\", \"run\", \"dist\"]", - { - "build_trigger": "https://github.com/uiv-lib/uiv/blob/057b25b4db0913edab4cf728c306085e6fc20d49/.github/workflows/main.yaml" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "git_repo": "https://github.com/uiv-lib/uiv" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "check_description": "Detects potential pipelines from which an artifact is published.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "check_description": "Check whether the commit came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "commit_digest: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "check_description": "Check whether the repo came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "repository_url: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "check_description": "Check whether the target has a level-1 witness provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -} diff --git a/tests/e2e/expected_results/urllib3/urllib3.dl b/tests/e2e/expected_results/urllib3/urllib3.dl new file mode 100644 index 000000000..141b722fa --- /dev/null +++ b/tests/e2e/expected_results/urllib3/urllib3.dl @@ -0,0 +1,22 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_build_as_code_1"), + check_passed(component_id, "mcn_build_script_1"), + check_passed(component_id, "mcn_build_service_1"), + check_passed(component_id, "mcn_provenance_available_1"), + check_passed(component_id, "mcn_provenance_expectation_1"), + check_passed(component_id, "mcn_provenance_level_three_1"), + check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_infer_artifact_pipeline_1"), + check_failed(component_id, "mcn_provenance_derived_commit_1"), + check_failed(component_id, "mcn_provenance_derived_repo_1"), + check_failed(component_id, "mcn_provenance_witness_level_one_1"), + check_failed(component_id, "mcn_trusted_builder_level_three_1"), + is_repo_url(component_id, "https://github.com/urllib3/urllib3"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:github.com/urllib3/urllib3@87a0ecee6e691fe5ff93cd000c0158deebef763b"). diff --git a/tests/e2e/expected_results/urllib3/urllib3.json b/tests/e2e/expected_results/urllib3/urllib3.json deleted file mode 100644 index e60b73239..000000000 --- a/tests/e2e/expected_results/urllib3/urllib3.json +++ /dev/null @@ -1,535 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-07 15:09:58", - "has_passing_check": true, - "run_checks": [ - "mcn_provenance_available_1", - "mcn_provenance_witness_level_one_1", - "mcn_build_as_code_1", - "mcn_provenance_derived_commit_1", - "mcn_provenance_level_three_1", - "mcn_version_control_system_1", - "mcn_infer_artifact_pipeline_1", - "mcn_trusted_builder_level_three_1", - "mcn_build_script_1", - "mcn_build_service_1", - "mcn_provenance_expectation_1", - "mcn_provenance_derived_repo_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_expectation_1": {}, - "mcn_provenance_level_three_1": {}, - "mcn_provenance_witness_level_one_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_build_script_1": {}, - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_infer_artifact_pipeline_1": {}, - "mcn_build_service_1": {} - } - } - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:github.com/urllib3/urllib3@87a0ecee6e691fe5ff93cd000c0158deebef763b", - "local_cloned_path": "git_repos/github_com/urllib3/urllib3", - "remote_path": "https://github.com/urllib3/urllib3", - "branch": "main", - "commit_hash": "87a0ecee6e691fe5ff93cd000c0158deebef763b", - "commit_date": "2022-10-04T07:59:23-05:00" - }, - "provenances": { - "is_inferred": false, - "content": { - "github_actions": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "predicateType": "https://slsa.dev/provenance/v0.2", - "subject": [ - { - "name": "urllib3-2.2.1-py3-none-any.whl", - "digest": { - "sha256": "450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d" - } - }, - { - "name": "urllib3-2.2.1.tar.gz", - "digest": { - "sha256": "d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19" - } - } - ], - "predicate": { - "builder": { - "id": "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v1.9.0" - }, - "buildType": "https://github.com/slsa-framework/slsa-github-generator/generic@v1", - "invocation": { - "configSource": { - "uri": "git+https://github.com/urllib3/urllib3@refs/tags/2.2.1", - "digest": { - "sha1": "54d6edf2a671510a5c029d3b76ffe71a5b07147a" - }, - "entryPoint": ".github/workflows/publish.yml" - }, - "parameters": {}, - "environment": { - "github_actor": "pquentin", - "github_actor_id": "42327", - "github_base_ref": "", - "github_event_name": "push", - "github_event_payload": { - "after": "0b4566e65ca046823dd92a490ae33c17bbb88fcb", - "base_ref": null, - "before": "0000000000000000000000000000000000000000", - "commits": [], - "compare": "https://github.com/urllib3/urllib3/compare/2.2.1", - "created": true, - "deleted": false, - "forced": false, - "head_commit": { - "author": { - "email": "quentin.pradet@gmail.com", - "name": "Quentin Pradet", - "username": "pquentin" - }, - "committer": { - "email": "noreply@github.com", - "name": "GitHub", - "username": "web-flow" - }, - "distinct": true, - "id": "54d6edf2a671510a5c029d3b76ffe71a5b07147a", - "message": "Release 2.2.1", - "timestamp": "2024-02-18T07:44:08+04:00", - "tree_id": "a702e15d622eccc7cf18243e6a4a62d19e19579d", - "url": "https://github.com/urllib3/urllib3/commit/54d6edf2a671510a5c029d3b76ffe71a5b07147a" - }, - "organization": { - "avatar_url": "https://avatars.githubusercontent.com/u/26825299?v=4", - "description": "", - "events_url": "https://api.github.com/orgs/urllib3/events", - "hooks_url": "https://api.github.com/orgs/urllib3/hooks", - "id": 26825299, - "issues_url": "https://api.github.com/orgs/urllib3/issues", - "login": "urllib3", - "members_url": "https://api.github.com/orgs/urllib3/members{/member}", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjI2ODI1Mjk5", - "public_members_url": "https://api.github.com/orgs/urllib3/public_members{/member}", - "repos_url": "https://api.github.com/orgs/urllib3/repos", - "url": "https://api.github.com/orgs/urllib3" - }, - "pusher": { - "email": "quentin.pradet@gmail.com", - "name": "pquentin" - }, - "ref": "refs/tags/2.2.1", - "repository": { - "allow_forking": true, - "archive_url": "https://api.github.com/repos/urllib3/urllib3/{archive_format}{/ref}", - "archived": false, - "assignees_url": "https://api.github.com/repos/urllib3/urllib3/assignees{/user}", - "blobs_url": "https://api.github.com/repos/urllib3/urllib3/git/blobs{/sha}", - "branches_url": "https://api.github.com/repos/urllib3/urllib3/branches{/branch}", - "clone_url": "https://github.com/urllib3/urllib3.git", - "collaborators_url": "https://api.github.com/repos/urllib3/urllib3/collaborators{/collaborator}", - "comments_url": "https://api.github.com/repos/urllib3/urllib3/comments{/number}", - "commits_url": "https://api.github.com/repos/urllib3/urllib3/commits{/sha}", - "compare_url": "https://api.github.com/repos/urllib3/urllib3/compare/{base}...{head}", - "contents_url": "https://api.github.com/repos/urllib3/urllib3/contents/{+path}", - "contributors_url": "https://api.github.com/repos/urllib3/urllib3/contributors", - "created_at": 1316369308, - "custom_properties": {}, - "default_branch": "main", - "deployments_url": "https://api.github.com/repos/urllib3/urllib3/deployments", - "description": "urllib3 is a user-friendly HTTP client library for Python", - "disabled": false, - "downloads_url": "https://api.github.com/repos/urllib3/urllib3/downloads", - "events_url": "https://api.github.com/repos/urllib3/urllib3/events", - "fork": false, - "forks": 1134, - "forks_count": 1134, - "forks_url": "https://api.github.com/repos/urllib3/urllib3/forks", - "full_name": "urllib3/urllib3", - "git_commits_url": "https://api.github.com/repos/urllib3/urllib3/git/commits{/sha}", - "git_refs_url": "https://api.github.com/repos/urllib3/urllib3/git/refs{/sha}", - "git_tags_url": "https://api.github.com/repos/urllib3/urllib3/git/tags{/sha}", - "git_url": "git://github.com/urllib3/urllib3.git", - "has_discussions": false, - "has_downloads": true, - "has_issues": true, - "has_pages": false, - "has_projects": true, - "has_wiki": false, - "homepage": "https://urllib3.readthedocs.io", - "hooks_url": "https://api.github.com/repos/urllib3/urllib3/hooks", - "html_url": "https://github.com/urllib3/urllib3", - "id": 2410676, - "is_template": false, - "issue_comment_url": "https://api.github.com/repos/urllib3/urllib3/issues/comments{/number}", - "issue_events_url": "https://api.github.com/repos/urllib3/urllib3/issues/events{/number}", - "issues_url": "https://api.github.com/repos/urllib3/urllib3/issues{/number}", - "keys_url": "https://api.github.com/repos/urllib3/urllib3/keys{/key_id}", - "labels_url": "https://api.github.com/repos/urllib3/urllib3/labels{/name}", - "language": "Python", - "languages_url": "https://api.github.com/repos/urllib3/urllib3/languages", - "license": { - "key": "mit", - "name": "MIT License", - "node_id": "MDc6TGljZW5zZTEz", - "spdx_id": "MIT", - "url": "https://api.github.com/licenses/mit" - }, - "master_branch": "main", - "merges_url": "https://api.github.com/repos/urllib3/urllib3/merges", - "milestones_url": "https://api.github.com/repos/urllib3/urllib3/milestones{/number}", - "mirror_url": null, - "name": "urllib3", - "node_id": "MDEwOlJlcG9zaXRvcnkyNDEwNjc2", - "notifications_url": "https://api.github.com/repos/urllib3/urllib3/notifications{?since,all,participating}", - "open_issues": 137, - "open_issues_count": 137, - "organization": "urllib3", - "owner": { - "avatar_url": "https://avatars.githubusercontent.com/u/26825299?v=4", - "email": null, - "events_url": "https://api.github.com/users/urllib3/events{/privacy}", - "followers_url": "https://api.github.com/users/urllib3/followers", - "following_url": "https://api.github.com/users/urllib3/following{/other_user}", - "gists_url": "https://api.github.com/users/urllib3/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/urllib3", - "id": 26825299, - "login": "urllib3", - "name": "urllib3", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjI2ODI1Mjk5", - "organizations_url": "https://api.github.com/users/urllib3/orgs", - "received_events_url": "https://api.github.com/users/urllib3/received_events", - "repos_url": "https://api.github.com/users/urllib3/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/urllib3/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/urllib3/subscriptions", - "type": "Organization", - "url": "https://api.github.com/users/urllib3" - }, - "private": false, - "pulls_url": "https://api.github.com/repos/urllib3/urllib3/pulls{/number}", - "pushed_at": 1708227973, - "releases_url": "https://api.github.com/repos/urllib3/urllib3/releases{/id}", - "size": 7144, - "ssh_url": "git@github.com:urllib3/urllib3.git", - "stargazers": 3625, - "stargazers_count": 3625, - "stargazers_url": "https://api.github.com/repos/urllib3/urllib3/stargazers", - "statuses_url": "https://api.github.com/repos/urllib3/urllib3/statuses/{sha}", - "subscribers_url": "https://api.github.com/repos/urllib3/urllib3/subscribers", - "subscription_url": "https://api.github.com/repos/urllib3/urllib3/subscription", - "svn_url": "https://github.com/urllib3/urllib3", - "tags_url": "https://api.github.com/repos/urllib3/urllib3/tags", - "teams_url": "https://api.github.com/repos/urllib3/urllib3/teams", - "topics": [ - "http", - "http-client", - "python", - "urllib3" - ], - "trees_url": "https://api.github.com/repos/urllib3/urllib3/git/trees{/sha}", - "updated_at": "2024-02-16T15:03:16Z", - "url": "https://github.com/urllib3/urllib3", - "visibility": "public", - "watchers": 3625, - "watchers_count": 3625, - "web_commit_signoff_required": false - }, - "sender": { - "avatar_url": "https://avatars.githubusercontent.com/u/42327?v=4", - "events_url": "https://api.github.com/users/pquentin/events{/privacy}", - "followers_url": "https://api.github.com/users/pquentin/followers", - "following_url": "https://api.github.com/users/pquentin/following{/other_user}", - "gists_url": "https://api.github.com/users/pquentin/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/pquentin", - "id": 42327, - "login": "pquentin", - "node_id": "MDQ6VXNlcjQyMzI3", - "organizations_url": "https://api.github.com/users/pquentin/orgs", - "received_events_url": "https://api.github.com/users/pquentin/received_events", - "repos_url": "https://api.github.com/users/pquentin/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/pquentin/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/pquentin/subscriptions", - "type": "User", - "url": "https://api.github.com/users/pquentin" - } - }, - "github_head_ref": "", - "github_ref": "refs/tags/2.2.1", - "github_ref_type": "tag", - "github_repository_id": "2410676", - "github_repository_owner": "urllib3", - "github_repository_owner_id": "26825299", - "github_run_attempt": "1", - "github_run_id": "7946373606", - "github_run_number": "29", - "github_sha1": "54d6edf2a671510a5c029d3b76ffe71a5b07147a" - } - }, - "metadata": { - "buildInvocationID": "7946373606-1", - "completeness": { - "parameters": true, - "environment": false, - "materials": false - }, - "reproducible": false - }, - "materials": [ - { - "uri": "git+https://github.com/urllib3/urllib3@refs/tags/2.2.1", - "digest": { - "sha1": "54d6edf2a671510a5c029d3b76ffe71a5b07147a" - } - } - ] - } - } - ] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 5, - "PASSED": 7, - "SKIPPED": 0, - "UNKNOWN": 0 - }, - "results": [ - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "build_tool_name: pip", - "ci_service_name: github_actions", - "language: python", - "deploy_command: pypa/gh-action-pypi-publish", - { - "build_trigger": "https://github.com/urllib3/urllib3/blob/87a0ecee6e691fe5ff93cd000c0158deebef763b/.github/workflows/publish.yml" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "build_tool_name: pip", - "ci_service_name: github_actions", - "language: BuildLanguage.PYTHON", - "build_tool_command: [\"python\", \"-m\", \"build\"]", - { - "build_trigger": "https://github.com/urllib3/urllib3/blob/87a0ecee6e691fe5ff93cd000c0158deebef763b/.github/workflows/ci.yml" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "asset_name: multiple.intoto.jsonl", - { - "asset_url": "https://api.github.com/repos/urllib3/urllib3/releases/assets/152179165" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - { - "asset_url": "https://api.github.com/repos/urllib3/urllib3/releases/assets/152179165" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "git_repo": "https://github.com/urllib3/urllib3" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "check_description": "Detects potential pipelines from which an artifact is published.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "check_description": "Check whether the commit came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "commit_digest: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "check_description": "Check whether the repo came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "repository_url: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "check_description": "Check whether the target has a level-1 witness provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -} diff --git a/tests/e2e/expected_results/urllib3/urllib3_cue_invalid.dl b/tests/e2e/expected_results/urllib3/urllib3_cue_invalid.dl new file mode 100644 index 000000000..2bcb5a8fb --- /dev/null +++ b/tests/e2e/expected_results/urllib3/urllib3_cue_invalid.dl @@ -0,0 +1,21 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_build_as_code_1"), + check_passed(component_id, "mcn_build_script_1"), + check_passed(component_id, "mcn_build_service_1"), + check_passed(component_id, "mcn_provenance_available_1"), + check_passed(component_id, "mcn_provenance_level_three_1"), + check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_infer_artifact_pipeline_1"), + check_failed(component_id, "mcn_provenance_derived_commit_1"), + check_failed(component_id, "mcn_provenance_derived_repo_1"), + check_failed(component_id, "mcn_provenance_witness_level_one_1"), + check_failed(component_id, "mcn_trusted_builder_level_three_1"), + is_repo_url(component_id, "https://github.com/urllib3/urllib3"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:github.com/urllib3/urllib3@87a0ecee6e691fe5ff93cd000c0158deebef763b"). diff --git a/tests/e2e/expected_results/urllib3/urllib3_cue_invalid.json b/tests/e2e/expected_results/urllib3/urllib3_cue_invalid.json deleted file mode 100644 index 3ffb3cb74..000000000 --- a/tests/e2e/expected_results/urllib3/urllib3_cue_invalid.json +++ /dev/null @@ -1,533 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-07 15:16:47", - "has_passing_check": true, - "run_checks": [ - "mcn_provenance_available_1", - "mcn_provenance_witness_level_one_1", - "mcn_build_as_code_1", - "mcn_provenance_derived_commit_1", - "mcn_provenance_level_three_1", - "mcn_version_control_system_1", - "mcn_infer_artifact_pipeline_1", - "mcn_trusted_builder_level_three_1", - "mcn_build_script_1", - "mcn_build_service_1", - "mcn_provenance_expectation_1", - "mcn_provenance_derived_repo_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_level_three_1": {}, - "mcn_provenance_expectation_1": {}, - "mcn_provenance_witness_level_one_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_infer_artifact_pipeline_1": {}, - "mcn_build_service_1": {} - } - }, - "mcn_build_script_1": {} - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:github.com/urllib3/urllib3@87a0ecee6e691fe5ff93cd000c0158deebef763b", - "local_cloned_path": "git_repos/github_com/urllib3/urllib3", - "remote_path": "https://github.com/urllib3/urllib3", - "branch": "main", - "commit_hash": "87a0ecee6e691fe5ff93cd000c0158deebef763b", - "commit_date": "2022-10-04T07:59:23-05:00" - }, - "provenances": { - "is_inferred": false, - "content": { - "github_actions": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "predicateType": "https://slsa.dev/provenance/v0.2", - "subject": [ - { - "name": "urllib3-2.2.1-py3-none-any.whl", - "digest": { - "sha256": "450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d" - } - }, - { - "name": "urllib3-2.2.1.tar.gz", - "digest": { - "sha256": "d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19" - } - } - ], - "predicate": { - "builder": { - "id": "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v1.9.0" - }, - "buildType": "https://github.com/slsa-framework/slsa-github-generator/generic@v1", - "invocation": { - "configSource": { - "uri": "git+https://github.com/urllib3/urllib3@refs/tags/2.2.1", - "digest": { - "sha1": "54d6edf2a671510a5c029d3b76ffe71a5b07147a" - }, - "entryPoint": ".github/workflows/publish.yml" - }, - "parameters": {}, - "environment": { - "github_actor": "pquentin", - "github_actor_id": "42327", - "github_base_ref": "", - "github_event_name": "push", - "github_event_payload": { - "after": "0b4566e65ca046823dd92a490ae33c17bbb88fcb", - "base_ref": null, - "before": "0000000000000000000000000000000000000000", - "commits": [], - "compare": "https://github.com/urllib3/urllib3/compare/2.2.1", - "created": true, - "deleted": false, - "forced": false, - "head_commit": { - "author": { - "email": "quentin.pradet@gmail.com", - "name": "Quentin Pradet", - "username": "pquentin" - }, - "committer": { - "email": "noreply@github.com", - "name": "GitHub", - "username": "web-flow" - }, - "distinct": true, - "id": "54d6edf2a671510a5c029d3b76ffe71a5b07147a", - "message": "Release 2.2.1", - "timestamp": "2024-02-18T07:44:08+04:00", - "tree_id": "a702e15d622eccc7cf18243e6a4a62d19e19579d", - "url": "https://github.com/urllib3/urllib3/commit/54d6edf2a671510a5c029d3b76ffe71a5b07147a" - }, - "organization": { - "avatar_url": "https://avatars.githubusercontent.com/u/26825299?v=4", - "description": "", - "events_url": "https://api.github.com/orgs/urllib3/events", - "hooks_url": "https://api.github.com/orgs/urllib3/hooks", - "id": 26825299, - "issues_url": "https://api.github.com/orgs/urllib3/issues", - "login": "urllib3", - "members_url": "https://api.github.com/orgs/urllib3/members{/member}", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjI2ODI1Mjk5", - "public_members_url": "https://api.github.com/orgs/urllib3/public_members{/member}", - "repos_url": "https://api.github.com/orgs/urllib3/repos", - "url": "https://api.github.com/orgs/urllib3" - }, - "pusher": { - "email": "quentin.pradet@gmail.com", - "name": "pquentin" - }, - "ref": "refs/tags/2.2.1", - "repository": { - "allow_forking": true, - "archive_url": "https://api.github.com/repos/urllib3/urllib3/{archive_format}{/ref}", - "archived": false, - "assignees_url": "https://api.github.com/repos/urllib3/urllib3/assignees{/user}", - "blobs_url": "https://api.github.com/repos/urllib3/urllib3/git/blobs{/sha}", - "branches_url": "https://api.github.com/repos/urllib3/urllib3/branches{/branch}", - "clone_url": "https://github.com/urllib3/urllib3.git", - "collaborators_url": "https://api.github.com/repos/urllib3/urllib3/collaborators{/collaborator}", - "comments_url": "https://api.github.com/repos/urllib3/urllib3/comments{/number}", - "commits_url": "https://api.github.com/repos/urllib3/urllib3/commits{/sha}", - "compare_url": "https://api.github.com/repos/urllib3/urllib3/compare/{base}...{head}", - "contents_url": "https://api.github.com/repos/urllib3/urllib3/contents/{+path}", - "contributors_url": "https://api.github.com/repos/urllib3/urllib3/contributors", - "created_at": 1316369308, - "custom_properties": {}, - "default_branch": "main", - "deployments_url": "https://api.github.com/repos/urllib3/urllib3/deployments", - "description": "urllib3 is a user-friendly HTTP client library for Python", - "disabled": false, - "downloads_url": "https://api.github.com/repos/urllib3/urllib3/downloads", - "events_url": "https://api.github.com/repos/urllib3/urllib3/events", - "fork": false, - "forks": 1134, - "forks_count": 1134, - "forks_url": "https://api.github.com/repos/urllib3/urllib3/forks", - "full_name": "urllib3/urllib3", - "git_commits_url": "https://api.github.com/repos/urllib3/urllib3/git/commits{/sha}", - "git_refs_url": "https://api.github.com/repos/urllib3/urllib3/git/refs{/sha}", - "git_tags_url": "https://api.github.com/repos/urllib3/urllib3/git/tags{/sha}", - "git_url": "git://github.com/urllib3/urllib3.git", - "has_discussions": false, - "has_downloads": true, - "has_issues": true, - "has_pages": false, - "has_projects": true, - "has_wiki": false, - "homepage": "https://urllib3.readthedocs.io", - "hooks_url": "https://api.github.com/repos/urllib3/urllib3/hooks", - "html_url": "https://github.com/urllib3/urllib3", - "id": 2410676, - "is_template": false, - "issue_comment_url": "https://api.github.com/repos/urllib3/urllib3/issues/comments{/number}", - "issue_events_url": "https://api.github.com/repos/urllib3/urllib3/issues/events{/number}", - "issues_url": "https://api.github.com/repos/urllib3/urllib3/issues{/number}", - "keys_url": "https://api.github.com/repos/urllib3/urllib3/keys{/key_id}", - "labels_url": "https://api.github.com/repos/urllib3/urllib3/labels{/name}", - "language": "Python", - "languages_url": "https://api.github.com/repos/urllib3/urllib3/languages", - "license": { - "key": "mit", - "name": "MIT License", - "node_id": "MDc6TGljZW5zZTEz", - "spdx_id": "MIT", - "url": "https://api.github.com/licenses/mit" - }, - "master_branch": "main", - "merges_url": "https://api.github.com/repos/urllib3/urllib3/merges", - "milestones_url": "https://api.github.com/repos/urllib3/urllib3/milestones{/number}", - "mirror_url": null, - "name": "urllib3", - "node_id": "MDEwOlJlcG9zaXRvcnkyNDEwNjc2", - "notifications_url": "https://api.github.com/repos/urllib3/urllib3/notifications{?since,all,participating}", - "open_issues": 137, - "open_issues_count": 137, - "organization": "urllib3", - "owner": { - "avatar_url": "https://avatars.githubusercontent.com/u/26825299?v=4", - "email": null, - "events_url": "https://api.github.com/users/urllib3/events{/privacy}", - "followers_url": "https://api.github.com/users/urllib3/followers", - "following_url": "https://api.github.com/users/urllib3/following{/other_user}", - "gists_url": "https://api.github.com/users/urllib3/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/urllib3", - "id": 26825299, - "login": "urllib3", - "name": "urllib3", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjI2ODI1Mjk5", - "organizations_url": "https://api.github.com/users/urllib3/orgs", - "received_events_url": "https://api.github.com/users/urllib3/received_events", - "repos_url": "https://api.github.com/users/urllib3/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/urllib3/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/urllib3/subscriptions", - "type": "Organization", - "url": "https://api.github.com/users/urllib3" - }, - "private": false, - "pulls_url": "https://api.github.com/repos/urllib3/urllib3/pulls{/number}", - "pushed_at": 1708227973, - "releases_url": "https://api.github.com/repos/urllib3/urllib3/releases{/id}", - "size": 7144, - "ssh_url": "git@github.com:urllib3/urllib3.git", - "stargazers": 3625, - "stargazers_count": 3625, - "stargazers_url": "https://api.github.com/repos/urllib3/urllib3/stargazers", - "statuses_url": "https://api.github.com/repos/urllib3/urllib3/statuses/{sha}", - "subscribers_url": "https://api.github.com/repos/urllib3/urllib3/subscribers", - "subscription_url": "https://api.github.com/repos/urllib3/urllib3/subscription", - "svn_url": "https://github.com/urllib3/urllib3", - "tags_url": "https://api.github.com/repos/urllib3/urllib3/tags", - "teams_url": "https://api.github.com/repos/urllib3/urllib3/teams", - "topics": [ - "http", - "http-client", - "python", - "urllib3" - ], - "trees_url": "https://api.github.com/repos/urllib3/urllib3/git/trees{/sha}", - "updated_at": "2024-02-16T15:03:16Z", - "url": "https://github.com/urllib3/urllib3", - "visibility": "public", - "watchers": 3625, - "watchers_count": 3625, - "web_commit_signoff_required": false - }, - "sender": { - "avatar_url": "https://avatars.githubusercontent.com/u/42327?v=4", - "events_url": "https://api.github.com/users/pquentin/events{/privacy}", - "followers_url": "https://api.github.com/users/pquentin/followers", - "following_url": "https://api.github.com/users/pquentin/following{/other_user}", - "gists_url": "https://api.github.com/users/pquentin/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/pquentin", - "id": 42327, - "login": "pquentin", - "node_id": "MDQ6VXNlcjQyMzI3", - "organizations_url": "https://api.github.com/users/pquentin/orgs", - "received_events_url": "https://api.github.com/users/pquentin/received_events", - "repos_url": "https://api.github.com/users/pquentin/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/pquentin/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/pquentin/subscriptions", - "type": "User", - "url": "https://api.github.com/users/pquentin" - } - }, - "github_head_ref": "", - "github_ref": "refs/tags/2.2.1", - "github_ref_type": "tag", - "github_repository_id": "2410676", - "github_repository_owner": "urllib3", - "github_repository_owner_id": "26825299", - "github_run_attempt": "1", - "github_run_id": "7946373606", - "github_run_number": "29", - "github_sha1": "54d6edf2a671510a5c029d3b76ffe71a5b07147a" - } - }, - "metadata": { - "buildInvocationID": "7946373606-1", - "completeness": { - "parameters": true, - "environment": false, - "materials": false - }, - "reproducible": false - }, - "materials": [ - { - "uri": "git+https://github.com/urllib3/urllib3@refs/tags/2.2.1", - "digest": { - "sha1": "54d6edf2a671510a5c029d3b76ffe71a5b07147a" - } - } - ] - } - } - ] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 5, - "PASSED": 6, - "SKIPPED": 0, - "UNKNOWN": 1 - }, - "results": [ - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "UNKNOWN" - }, - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "build_tool_name: pip", - "ci_service_name: github_actions", - "language: python", - "deploy_command: pypa/gh-action-pypi-publish", - { - "build_trigger": "https://github.com/urllib3/urllib3/blob/87a0ecee6e691fe5ff93cd000c0158deebef763b/.github/workflows/publish.yml" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "build_tool_name: pip", - "ci_service_name: github_actions", - "language: BuildLanguage.PYTHON", - "build_tool_command: [\"python\", \"-m\", \"build\"]", - { - "build_trigger": "https://github.com/urllib3/urllib3/blob/87a0ecee6e691fe5ff93cd000c0158deebef763b/.github/workflows/ci.yml" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "asset_name: multiple.intoto.jsonl", - { - "asset_url": "https://api.github.com/repos/urllib3/urllib3/releases/assets/152179165" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "git_repo": "https://github.com/urllib3/urllib3" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "check_description": "Detects potential pipelines from which an artifact is published.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "check_description": "Check whether the commit came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "commit_digest: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "check_description": "Check whether the repo came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "repository_url: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "check_description": "Check whether the target has a level-1 witness provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -} diff --git a/tests/e2e/expected_results/yoga/yoga.dl b/tests/e2e/expected_results/yoga/yoga.dl new file mode 100644 index 000000000..3848cb503 --- /dev/null +++ b/tests/e2e/expected_results/yoga/yoga.dl @@ -0,0 +1,22 @@ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ + +#include "prelude.dl" + +Policy("test_policy", component_id, "") :- + check_passed(component_id, "mcn_build_as_code_1"), + check_passed(component_id, "mcn_build_script_1"), + check_passed(component_id, "mcn_build_service_1"), + check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_infer_artifact_pipeline_1"), + check_failed(component_id, "mcn_provenance_available_1"), + check_failed(component_id, "mcn_provenance_derived_commit_1"), + check_failed(component_id, "mcn_provenance_derived_repo_1"), + check_failed(component_id, "mcn_provenance_expectation_1"), + check_failed(component_id, "mcn_provenance_level_three_1"), + check_failed(component_id, "mcn_provenance_witness_level_one_1"), + check_failed(component_id, "mcn_trusted_builder_level_three_1"), + is_repo_url(component_id, "https://github.com/facebook/yoga"). + +apply_policy_to("test_policy", component_id) :- + is_component(component_id, "pkg:github.com/facebook/yoga@f8e2bc0875c145c429d0e865c9b83a40f65b3070"). diff --git a/tests/e2e/expected_results/yoga/yoga.json b/tests/e2e/expected_results/yoga/yoga.json deleted file mode 100644 index bcf99554e..000000000 --- a/tests/e2e/expected_results/yoga/yoga.json +++ /dev/null @@ -1,325 +0,0 @@ -{ - "metadata": { - "timestamps": "2024-05-07 15:10:24", - "has_passing_check": true, - "run_checks": [ - "mcn_provenance_available_1", - "mcn_provenance_witness_level_one_1", - "mcn_build_as_code_1", - "mcn_provenance_derived_commit_1", - "mcn_provenance_level_three_1", - "mcn_version_control_system_1", - "mcn_infer_artifact_pipeline_1", - "mcn_trusted_builder_level_three_1", - "mcn_build_script_1", - "mcn_build_service_1", - "mcn_provenance_expectation_1", - "mcn_provenance_derived_repo_1" - ], - "check_tree": { - "mcn_provenance_available_1": { - "mcn_provenance_witness_level_one_1": {}, - "mcn_provenance_expectation_1": {}, - "mcn_provenance_level_three_1": {} - }, - "mcn_provenance_derived_commit_1": {}, - "mcn_version_control_system_1": { - "mcn_trusted_builder_level_three_1": { - "mcn_build_as_code_1": { - "mcn_infer_artifact_pipeline_1": {}, - "mcn_build_service_1": {} - } - }, - "mcn_build_script_1": {} - }, - "mcn_provenance_derived_repo_1": {} - } - }, - "target": { - "info": { - "full_name": "pkg:github.com/facebook/yoga@f8e2bc0875c145c429d0e865c9b83a40f65b3070", - "local_cloned_path": "git_repos/github_com/facebook/yoga", - "remote_path": "https://github.com/facebook/yoga", - "branch": "main", - "commit_hash": "f8e2bc0875c145c429d0e865c9b83a40f65b3070", - "commit_date": "2023-09-06T09:50:43-07:00" - }, - "provenances": { - "is_inferred": true, - "content": { - "github_actions": [ - { - "_type": "https://in-toto.io/Statement/v0.1", - "subject": [], - "predicateType": "https://slsa.dev/provenance/v0.2", - "predicate": { - "builder": { - "id": "https://github.com/facebook/yoga/blob/f8e2bc0875c145c429d0e865c9b83a40f65b3070/.github/workflows/publish-android-release.yml" - }, - "buildType": "Custom github_actions", - "invocation": { - "configSource": { - "uri": "https://github.com/facebook/yoga@refs/heads/main", - "digest": { - "sha1": "f8e2bc0875c145c429d0e865c9b83a40f65b3070" - }, - "entryPoint": "https://github.com/facebook/yoga/blob/f8e2bc0875c145c429d0e865c9b83a40f65b3070/.github/workflows/publish-android-release.yml" - }, - "parameters": {}, - "environment": {} - }, - "buildConfig": { - "jobID": "publish", - "stepID": "", - "stepName": "Publish to the Maven Central" - }, - "metadata": { - "buildInvocationId": "", - "buildStartedOn": "", - "buildFinishedOn": "", - "completeness": { - "parameters": "false", - "environment": "false", - "materials": "false" - }, - "reproducible": "false" - }, - "materials": [ - { - "uri": "", - "digest": {} - } - ] - } - } - ], - "Maven Central Registry": [], - "npm Registry": [] - } - }, - "checks": { - "summary": { - "DISABLED": 0, - "FAILED": 8, - "PASSED": 4, - "SKIPPED": 0, - "UNKNOWN": 0 - }, - "results": [ - { - "check_id": "mcn_build_as_code_1", - "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "build_tool_name: gradle", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVA", - "deploy_command: [\"./gradlew\", \"publishToSonatype\", \"closeAndReleaseSonatypeStagingRepository\"]", - { - "build_trigger": "https://github.com/facebook/yoga/blob/f8e2bc0875c145c429d0e865c9b83a40f65b3070/.github/workflows/publish-android-release.yml" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_script_1", - "check_description": "Check if the target repo has a valid build script.", - "slsa_requirements": [ - "Scripted Build - SLSA Level 1" - ], - "justification": [ - "build_tool_name: gradle", - "ci_service_name: github_actions", - "language: BuildLanguage.JAVA", - "build_tool_command: [\"./gradlew\", \"publishToMavenLocal\"]", - { - "build_trigger": "https://github.com/facebook/yoga/blob/f8e2bc0875c145c429d0e865c9b83a40f65b3070/.github/workflows/publish-android-release.yml" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_build_service_1", - "check_description": "Check if the target repo has a valid build service.", - "slsa_requirements": [ - "Build service - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_version_control_system_1", - "check_description": "Check whether the target repo uses a version control system.", - "slsa_requirements": [ - "Version controlled - SLSA Level 2" - ], - "justification": [ - { - "git_repo": "https://github.com/facebook/yoga" - } - ], - "result_type": "PASSED" - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "check_description": "Detects potential pipelines from which an artifact is published.", - "slsa_requirements": [ - "Build as code - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_available_1", - "check_description": "Check whether the target has intoto provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "check_description": "Check whether the commit came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "commit_digest: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "check_description": "Check whether the repo came from provenance.", - "slsa_requirements": [ - "Security - SLSA Level 4" - ], - "justification": [ - "repository_url: No provenance found." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_expectation_1", - "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", - "slsa_requirements": [ - "Provenance conforms with expectations - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "check_description": "Check whether the target has a level-1 witness provenance.", - "slsa_requirements": [ - "Provenance - Available - SLSA Level 1", - "Provenance content - Identifies build instructions - SLSA Level 1", - "Provenance content - Identifies artifacts - SLSA Level 1", - "Provenance content - Identifies builder - SLSA Level 1" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", - "slsa_requirements": [ - "Hermetic - SLSA Level 4", - "Isolated - SLSA Level 3", - "Parameterless - SLSA Level 4", - "Ephemeral environment - SLSA Level 3" - ], - "justification": [ - "Not Available." - ], - "result_type": "FAILED" - } - ] - } - }, - "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, - "checks_summary": [ - { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_witness_level_one_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_as_code_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_commit_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_version_control_system_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_infer_artifact_pipeline_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_script_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_build_service_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 - }, - { - "check_id": "mcn_provenance_derived_repo_1", - "num_deps_pass": 0 - } - ], - "dep_status": [] - } -}