150b3730ef
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
api-governance / spectral-lint (push) Has been cancelled
848 B
848 B
Attestor Payloads (DOCS-ATTEST-73-002)
Schemas/examples for attestations handled by Attestor.
DSSE payload
{
"_type": "https://in-toto.io/Statement/v1",
"subject": [{"name": "sha256:...", "digest": {"sha256": "..."}}],
"predicateType": "stella.ops/vexObservation@v1",
"predicate": {
"observationId": "vex:obs:sha256:...",
"tenant": "default",
"providerId": "ubuntu-csaf",
"createdAt": "2025-11-23T23:10:00Z"
}
}
Evidence links
- Each payload references evidence hashes (VEX observations/linksets) and optional timeline event IDs.
- Keep payloads aggregation-only; no verdict fields.
Hashing/signing
- Canonicalize JSON (RFC 8785) before signing.
- Use SHA-256 digests; include in envelope metadata.
Examples
- Place sample payloads in
docs/samples/attestor/payloads/(add when available).