112 lines
3.5 KiB
JSON
112 lines
3.5 KiB
JSON
{
|
|
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
"$id": "https://stellaops.dev/schemas/evidence/audit-bundle-index.schema.json",
|
|
"title": "StellaOps Audit Bundle Index",
|
|
"description": "Index/manifest for audit bundles with integrity hashes and referenced artifacts.",
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"manifestVersion",
|
|
"bundleId",
|
|
"createdAt",
|
|
"subject",
|
|
"artifacts",
|
|
"verification"
|
|
],
|
|
"properties": {
|
|
"manifestVersion": { "type": "string", "minLength": 1 },
|
|
"bundleId": { "type": "string", "minLength": 1 },
|
|
"createdAt": { "type": "string", "format": "date-time" },
|
|
"subject": { "$ref": "#/$defs/subject" },
|
|
"artifacts": {
|
|
"type": "array",
|
|
"minItems": 1,
|
|
"items": { "$ref": "#/$defs/artifact" }
|
|
},
|
|
"verification": { "$ref": "#/$defs/verification" },
|
|
"transparency": { "$ref": "#/$defs/transparency" },
|
|
"timestamps": {
|
|
"type": "array",
|
|
"items": { "$ref": "#/$defs/timestampEntry" }
|
|
}
|
|
},
|
|
"$defs": {
|
|
"subject": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": ["type", "digest"],
|
|
"properties": {
|
|
"type": { "type": "string", "minLength": 1 },
|
|
"digest": { "type": "string", "pattern": "^sha256:[0-9a-f]{64}$" },
|
|
"name": { "type": "string" }
|
|
}
|
|
},
|
|
"artifact": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": ["path", "type", "digest", "size"],
|
|
"properties": {
|
|
"path": { "type": "string", "minLength": 1 },
|
|
"type": { "type": "string", "minLength": 1 },
|
|
"format": { "type": "string" },
|
|
"digest": { "type": "string", "pattern": "^sha256:[0-9a-f]{64}$" },
|
|
"size": { "type": "integer", "minimum": 0 },
|
|
"mediaType": { "type": "string" },
|
|
"predicateType": { "type": "string" },
|
|
"signedBy": {
|
|
"type": "array",
|
|
"items": { "type": "string" }
|
|
},
|
|
"attributes": {
|
|
"type": "object",
|
|
"additionalProperties": { "type": "string" }
|
|
}
|
|
}
|
|
},
|
|
"verification": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": ["merkleRoot", "algorithm", "checksumFile"],
|
|
"properties": {
|
|
"merkleRoot": { "type": "string", "pattern": "^sha256:[0-9a-f]{64}$" },
|
|
"algorithm": { "type": "string", "minLength": 1 },
|
|
"checksumFile": { "type": "string", "minLength": 1 }
|
|
}
|
|
},
|
|
"transparency": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"rekorEntries": {
|
|
"type": "array",
|
|
"items": { "$ref": "#/$defs/rekorEntry" }
|
|
}
|
|
}
|
|
},
|
|
"rekorEntry": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": ["uuid", "logIndex"],
|
|
"properties": {
|
|
"uuid": { "type": "string", "minLength": 1 },
|
|
"logIndex": { "type": "integer", "minimum": 0 },
|
|
"rootHash": { "type": "string" },
|
|
"inclusionProofPath": { "type": "string" },
|
|
"logUrl": { "type": "string" }
|
|
}
|
|
},
|
|
"timestampEntry": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": ["tokenPath", "hashAlgorithm"],
|
|
"properties": {
|
|
"tokenPath": { "type": "string", "minLength": 1 },
|
|
"hashAlgorithm": { "type": "string", "minLength": 1 },
|
|
"signedAt": { "type": "string", "format": "date-time" },
|
|
"tsaName": { "type": "string" },
|
|
"tsaUrl": { "type": "string" }
|
|
}
|
|
}
|
|
}
|
|
}
|