e1262eb916
- Introduced a new JSON fixture `receipt-input.json` containing base, environmental, and threat metrics for CVSS scoring. - Added corresponding SHA256 hash file `receipt-input.sha256` to ensure integrity of the JSON fixture.
539 B
539 B
| 1 | source_field | target_field | rule | notes |
|---|---|---|---|---|
| 2 | builder.id | builder.id | copy | |
| 3 | builder.version | builder.version | copy | |
| 4 | invocation.configSource.uri | configSource.uri | copy | |
| 5 | invocation.configSource.digest | configSource.digest | copy | |
| 6 | materials[] | materials[] | copy | Keep materials but drop integrity fields unsupported in 1.0 |
| 7 | subject[] | subject[] | copy | |
| 8 | provenance.dsse | metadata.buildInvocationID | copy | Use DSSE hash as buildInvocationID placeholder |
| 9 | metadata.startedOn | metadata.buildStartedOn | copy | |
| 10 | metadata.finishedOn | metadata.buildFinishedOn | copy |