You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We need to think about the API for this attestor. Since the scope is pretty specific and we may want a specific CLI to guide the user we may want to add a new command "review".
{
"_type": "https://in-toto.io/Statement/v0.1",
// Assuming the release is a file and we can just hash it.
"subject": [{"name": "_", "digest": {"sha256": "5678..."}}],
"predicateType": "https://slsa.dev/review/versionedRelease/v0.1",
"predicate": {
"reviews": [
"code-review", // Indicates all the code in the release was reviewed.
"sec-audit", // indicates all the code in the release was security audited
]
"attestor": { "id": "mailto:[email protected]" },
}
}
We need to think about the API for this attestor. Since the scope is pretty specific and we may want a specific CLI to guide the user we may want to add a new command "review".
Proposed API:
witness review -k key.pem --sec-audit pass -m "LGTM"
@TomHennen proposed this shape:
ref: in-toto/attestation#77
The text was updated successfully, but these errors were encountered: