331 lines
7.0 KiB
JSON
331 lines
7.0 KiB
JSON
{
|
|
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
"$id": "https://stellaops.io/schemas/evidence-locker/portable-audit-pack-manifest.v1.schema.json",
|
|
"title": "StellaOps Portable Audit Pack Manifest v1",
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"spec_version",
|
|
"created_utc",
|
|
"artifact",
|
|
"files",
|
|
"digests",
|
|
"rekor",
|
|
"timestamps",
|
|
"verifiers"
|
|
],
|
|
"properties": {
|
|
"spec_version": {
|
|
"type": "string",
|
|
"const": "1.0"
|
|
},
|
|
"created_utc": {
|
|
"type": "string",
|
|
"format": "date-time"
|
|
},
|
|
"artifact": {
|
|
"$ref": "#/$defs/artifact"
|
|
},
|
|
"files": {
|
|
"type": "object",
|
|
"minProperties": 3,
|
|
"required": [
|
|
"canonical_bom.json",
|
|
"dsse_envelope.json",
|
|
"manifest.sig"
|
|
],
|
|
"propertyNames": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"pattern": "^[^\\\\]+$"
|
|
},
|
|
"additionalProperties": {
|
|
"$ref": "#/$defs/fileEntry"
|
|
}
|
|
},
|
|
"digests": {
|
|
"$ref": "#/$defs/digests"
|
|
},
|
|
"rekor": {
|
|
"$ref": "#/$defs/rekor"
|
|
},
|
|
"timestamps": {
|
|
"$ref": "#/$defs/timestamps"
|
|
},
|
|
"verifiers": {
|
|
"$ref": "#/$defs/verifiers"
|
|
},
|
|
"compatibility": {
|
|
"$ref": "#/$defs/compatibility"
|
|
}
|
|
},
|
|
"$defs": {
|
|
"sha256": {
|
|
"type": "string",
|
|
"pattern": "^[a-f0-9]{64}$"
|
|
},
|
|
"artifact": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"name",
|
|
"version",
|
|
"digest",
|
|
"media_type"
|
|
],
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1
|
|
},
|
|
"version": {
|
|
"type": "string",
|
|
"minLength": 1
|
|
},
|
|
"digest": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"sha256"
|
|
],
|
|
"properties": {
|
|
"sha256": {
|
|
"$ref": "#/$defs/sha256"
|
|
}
|
|
}
|
|
},
|
|
"media_type": {
|
|
"type": "string",
|
|
"minLength": 1
|
|
}
|
|
}
|
|
},
|
|
"fileEntry": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"sha256",
|
|
"size",
|
|
"content_type"
|
|
],
|
|
"properties": {
|
|
"sha256": {
|
|
"$ref": "#/$defs/sha256"
|
|
},
|
|
"size": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"content_type": {
|
|
"type": "string",
|
|
"minLength": 1
|
|
},
|
|
"compression": {
|
|
"type": "string",
|
|
"enum": [
|
|
"none",
|
|
"gzip",
|
|
"zstd",
|
|
"snappy"
|
|
]
|
|
},
|
|
"schema_fingerprint": {
|
|
"type": "string",
|
|
"minLength": 1
|
|
}
|
|
}
|
|
},
|
|
"digests": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"canonical_bom_sha256",
|
|
"dsse_payload_digest"
|
|
],
|
|
"properties": {
|
|
"canonical_bom_sha256": {
|
|
"$ref": "#/$defs/sha256"
|
|
},
|
|
"dsse_payload_digest": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"sha256"
|
|
],
|
|
"properties": {
|
|
"sha256": {
|
|
"$ref": "#/$defs/sha256"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"rekor": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"log_id",
|
|
"api_version",
|
|
"tile_refs",
|
|
"root_hash"
|
|
],
|
|
"properties": {
|
|
"log_id": {
|
|
"type": "string",
|
|
"minLength": 1
|
|
},
|
|
"api_version": {
|
|
"type": "string",
|
|
"const": "2"
|
|
},
|
|
"tile_refs": {
|
|
"type": "array",
|
|
"minItems": 1,
|
|
"items": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"path",
|
|
"covers"
|
|
],
|
|
"properties": {
|
|
"path": {
|
|
"type": "string",
|
|
"pattern": "^rekor/"
|
|
},
|
|
"covers": {
|
|
"type": "array",
|
|
"minItems": 1,
|
|
"items": {
|
|
"type": "string",
|
|
"pattern": "^SHA256:[A-Fa-f0-9]{64}$"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"root_hash": {
|
|
"$ref": "#/$defs/sha256"
|
|
}
|
|
}
|
|
},
|
|
"timestamps": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"bom_canonicalized",
|
|
"dsse_signed",
|
|
"rekor_included"
|
|
],
|
|
"properties": {
|
|
"bom_canonicalized": {
|
|
"type": "string",
|
|
"format": "date-time"
|
|
},
|
|
"dsse_signed": {
|
|
"type": "string",
|
|
"format": "date-time"
|
|
},
|
|
"rekor_included": {
|
|
"type": "string",
|
|
"format": "date-time"
|
|
}
|
|
}
|
|
},
|
|
"verifiers": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"pubkeys"
|
|
],
|
|
"properties": {
|
|
"pubkeys": {
|
|
"type": "array",
|
|
"minItems": 1,
|
|
"items": {
|
|
"$ref": "#/$defs/pubkey"
|
|
}
|
|
},
|
|
"rekor_pub": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"type",
|
|
"key_material"
|
|
],
|
|
"properties": {
|
|
"type": {
|
|
"type": "string",
|
|
"enum": [
|
|
"rekor-checkpoint",
|
|
"rekor-key-hash"
|
|
]
|
|
},
|
|
"key_material": {
|
|
"type": "string",
|
|
"minLength": 1
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"pubkey": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"id",
|
|
"type",
|
|
"public_key",
|
|
"usage"
|
|
],
|
|
"properties": {
|
|
"id": {
|
|
"type": "string",
|
|
"minLength": 1
|
|
},
|
|
"type": {
|
|
"type": "string",
|
|
"enum": [
|
|
"ed25519",
|
|
"ecdsa-p256",
|
|
"rsa-4096"
|
|
]
|
|
},
|
|
"public_key": {
|
|
"type": "string",
|
|
"minLength": 1
|
|
},
|
|
"usage": {
|
|
"type": "array",
|
|
"minItems": 1,
|
|
"items": {
|
|
"type": "string",
|
|
"enum": [
|
|
"dsse",
|
|
"manifest-signing",
|
|
"checkpoint-verification"
|
|
]
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"compatibility": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"legacy_manifest_version": {
|
|
"type": "string"
|
|
},
|
|
"legacy_bundle_id": {
|
|
"type": "string"
|
|
},
|
|
"migration_notes": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
} |