slsa-verifier
Verify provenance from SLSA compliant builders.
Installation
dagger install github.com/sagikazarmark/daggerverse/slsa-verifier@v0.1.0Entrypoint
Return Type
SlsaVerifier !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| version | String | - | SLSA verifier version. (default: latest version) |
Example
dagger -m github.com/sagikazarmark/daggerverse/slsa-verifier@24c022dde505b24970824dd50f51e719098cfeb3 call \
func (m *MyModule) Example() *dagger.SlsaVerifier {
return dag.
SlsaVerifier()
}@function
def example() -> dagger.SlsaVerifier:
return (
dag.slsa_verifier()
)@func()
example(): SlsaVerifier {
return dag
.slsaVerifier()
}Types
SlsaVerifier 🔗
verifyArtifact() 🔗
Verifies SLSA provenance on artifact blobs given as arguments (assuming same provenance).
Return Type
Container !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| artifacts | [File ! ] ! | - | Artifacts to verify. |
| provenance | File ! | - | Provenance file. |
| sourceUri | String ! | - | Expected source repository that should have produced the binary, e.g. github.com/some/repo |
| builderId | String | - | The unique builder ID who created the provenance. |
| sourceBranch | String | - | Expected branch the binary was compiled from. |
| sourceTag | String | - | Expected tag the binary was compiled from. |
| sourceVersionedTag | String | - | Expected version the binary was compiled from. Uses semantic version to match the tag. |
Example
dagger -m github.com/sagikazarmark/daggerverse/slsa-verifier@24c022dde505b24970824dd50f51e719098cfeb3 call \
verify-artifact --provenance file:path --source-uri stringfunc (m *MyModule) Example(artifacts []*dagger.File, provenance *dagger.File, sourceUri string) *dagger.Container {
return dag.
SlsaVerifier().
VerifyArtifact(artifacts, provenance, sourceUri)
}@function
def example(artifacts: List[dagger.File], provenance: dagger.File, source_uri: str) -> dagger.Container:
return (
dag.slsa_verifier()
.verify_artifact(artifacts, provenance, source_uri)
)@func()
example(artifacts: File[], provenance: File, sourceUri: string): Container {
return dag
.slsaVerifier()
.verifyArtifact(artifacts, provenance, sourceUri)
}