Dagger
Search

slsa-verifier

Verify provenance from SLSA compliant builders.

Installation

dagger install github.com/sagikazarmark/daggerverse/slsa-verifier@v0.1.0

Entrypoint

Return Type
SlsaVerifier !
Arguments
NameTypeDescription
versionString SLSA verifier version. (default: latest version)
Example
dagger -m github.com/sagikazarmark/daggerverse/slsa-verifier@24c022dde505b24970824dd50f51e719098cfeb3 call \
func (m *myModule) example() *SlsaVerifier  {
	return dag.
			SlsaVerifier()
}
@function
def example() -> dag.SlsaVerifier:
	return (
		dag.slsa_verifier()
	)
@func()
example(): SlsaVerifier {
	return dag
		.slsaVerifier()
}

Types

SlsaVerifier 🔗

verifyArtifact() 🔗

Verifies SLSA provenance on artifact blobs given as arguments (assuming same provenance).

Return Type
Container !
Arguments
NameTypeDefault ValueDescription
artifacts[File ! ] !-Artifacts to verify.
provenanceFile !-Provenance file.
sourceUriString !-Expected source repository that should have produced the binary, e.g. github.com/some/repo
builderIdString -The unique builder ID who created the provenance.
sourceBranchString -Expected branch the binary was compiled from.
sourceTagString -Expected tag the binary was compiled from.
sourceVersionedTagString -Expected version the binary was compiled from. Uses semantic version to match the tag.
Example
dagger -m github.com/sagikazarmark/daggerverse/slsa-verifier@24c022dde505b24970824dd50f51e719098cfeb3 call \
 verify-artifact --provenance file:path --source-uri string
func (m *myModule) example(artifacts []*File, provenance *File, sourceUri string) *Container  {
	return dag.
			SlsaVerifier().
			VerifyArtifact(artifacts, provenance, sourceUri)
}
@function
def example(artifacts: List[dagger.File], provenance: dagger.File, source_uri: str) -> dagger.Container:
	return (
		dag.slsa_verifier()
		.verify_artifact(artifacts, provenance, source_uri)
	)
@func()
example(artifacts: File[], provenance: File, sourceUri: string): Container {
	return dag
		.slsaVerifier()
		.verifyArtifact(artifacts, provenance, sourceUri)
}