stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
f0662dd45f2f05ab6fd0e67489da5f2008e9c0f9
git.stella-ops.org/docs/modules/export-center/schemas/export-manifest.schema.json
StellaOps Bot 4dc7cf834a
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Console CI / console-ci (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
VEX Proof Bundles / verify-bundles (push) Has been cancelled
Details
Add sample proof bundle configurations and verification script 
- Introduced sample proof bundle configuration files for testing, including `sample-proof-bundle-config.dsse.json`, `sample-proof-bundle.dsse.json`, and `sample-proof-bundle.json`.
- Implemented a verification script `test_verify_sample.sh` to validate proof bundles against specified schemas and catalogs.
- Updated existing proof bundle configurations with new metadata, including versioning, created timestamps, and justification details.
- Enhanced evidence entries with expiration dates and hashes for better integrity checks.
- Ensured all new configurations adhere to the defined schema for consistency and reliability in testing.
2025-12-04 08:54:32 +02:00

255 lines
8.5 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://stellaops.io/schemas/export-center/export-manifest.schema.json",
"title": "StellaOps Export Manifest",
"description": "Schema for run manifests, attestations, integrity headers, and quota/backpressure metadata (EC2EC9).",
"type": "object",
"required": [
"schema",
"version",
"exportId",
"profile",
"tenant",
"selectors",
"generatedAt",
"contents"
],
"properties": {
"schema": { "type": "string", "const": "https://stellaops.io/export-center/manifest/v1alpha2" },
"version": { "type": "string", "pattern": "^1\\.1\\.[0-9]+$" },
"exportId": { "type": "string", "pattern": "^[a-z0-9-]{6,64}$" },
"runId": { "type": "string", "pattern": "^[a-z0-9-]{6,64}$" },
"profile": {
"type": "object",
"required": ["kind", "variant", "name"],
"properties": {
"kind": { "type": "string", "enum": ["json", "trivy", "mirror", "devportal", "attestation"] },
"variant": {
"type": "string",
"enum": ["raw", "policy", "db", "java-db", "full", "delta", "offline", "bundle"]
},
"name": { "type": "string", "pattern": "^[a-z0-9]([a-z0-9-]*[a-z0-9])?$" },
"revision": { "type": "string", "pattern": "^r[0-9]+$" }
},
"additionalProperties": false
},
"tenant": { "type": "string", "pattern": "^[a-z0-9]([a-z0-9-]*[a-z0-9])?$" },
"selectors": { "$ref": "#/$defs/selectors" },
"generatedAt": { "type": "string", "format": "date-time" },
"rerunHash": { "type": "string", "pattern": "^sha256:[a-f0-9]{64}$" },
"contents": {
"type": "array",
"items": {
"type": "object",
"required": ["path", "digest", "bytes"],
"properties": {
"path": { "type": "string", "pattern": "^[A-Za-z0-9._/-]+$" },
"digest": { "$ref": "#/$defs/digest" },
"bytes": { "type": "integer", "minimum": 0 },
"records": { "type": "integer", "minimum": 0 },
"contentType": { "type": "string" }
},
"additionalProperties": false
}
},
"delta": {
"type": "object",
"required": ["baseExportId", "baseManifestDigest", "tombstones"],
"properties": {
"baseExportId": { "type": "string", "pattern": "^[a-z0-9-]{6,64}$" },
"baseManifestDigest": { "$ref": "#/$defs/digest" },
"tombstones": {
"type": "array",
"items": { "type": "string", "pattern": "^[A-Za-z0-9._/-]+$" }
},
"added": {
"type": "array",
"items": { "type": "string", "pattern": "^[A-Za-z0-9._/-]+$" }
},
"removed": {
"type": "array",
"items": { "type": "string", "pattern": "^[A-Za-z0-9._/-]+$" }
}
},
"additionalProperties": false
},
"integrity": {
"type": "object",
"required": ["httpHeaders", "oci"],
"properties": {
"httpHeaders": {
"type": "object",
"required": ["Digest", "X-Stella-Signature"],
"properties": {
"Digest": { "type": "string", "pattern": "^sha-256=[A-Za-z0-9+/=]+$" },
"X-Stella-Signature": { "type": "string" },
"X-Stella-Immutability": { "type": "string" }
},
"additionalProperties": false
},
"oci": {
"type": "object",
"required": ["annotations"],
"properties": {
"annotations": {
"type": "object",
"required": [
"io.stellaops.export.profile",
"io.stellaops.export.run",
"io.stellaops.export.manifest-digest",
"io.stellaops.export.provenance-ref"
],
"properties": {
"io.stellaops.export.profile": { "type": "string" },
"io.stellaops.export.run": { "type": "string" },
"io.stellaops.export.manifest-digest": { "$ref": "#/$defs/digest" },
"io.stellaops.export.provenance-ref": { "type": "string" },
"org.opencontainers.image.ref.name": { "type": "string" }
}
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"attestations": {
"type": "object",
"required": ["provenanceRef", "dsseEnvelope", "slsaLevel", "log"],
"properties": {
"provenanceRef": { "type": "string" },
"dsseEnvelope": { "type": "string" },
"slsaLevel": { "type": "string" },
"log": {
"type": "object",
"required": ["kind", "logId", "logIndex", "entryDigest", "timestamp"],
"properties": {
"kind": { "type": "string", "enum": ["hashedrekord", "rekor"] },
"logId": { "type": "string" },
"logIndex": { "type": "integer", "minimum": 0 },
"entryDigest": { "$ref": "#/$defs/digest" },
"timestamp": { "type": "string", "format": "date-time" }
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"distribution": {
"type": "object",
"properties": {
"http": {
"type": "object",
"properties": {
"enabled": { "type": "boolean" },
"retentionDays": { "type": "integer", "minimum": 1, "maximum": 3650 },
"etag": { "type": "string" },
"rangeRequests": { "type": "boolean" }
},
"additionalProperties": false
},
"oci": {
"type": "object",
"properties": {
"enabled": { "type": "boolean" },
"reference": { "type": "string" }
},
"additionalProperties": false
},
"object": {
"type": "object",
"properties": {
"enabled": { "type": "boolean" },
"bucket": { "type": "string" },
"prefix": { "type": "string" }
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"encryption": {
"type": "object",
"properties": {
"mode": { "type": "string", "enum": ["age", "aes-gcm"] },
"recipients": {
"type": "array",
"items": {
"type": "object",
"required": ["keyId", "fingerprint"],
"properties": {
"keyId": { "type": "string" },
"fingerprint": { "type": "string" },
"wrappedKey": { "type": "string" }
},
"additionalProperties": false
}
},
"strict": { "type": "boolean" }
},
"additionalProperties": false
},
"approval": {
"type": "object",
"properties": {
"required": { "type": "boolean" },
"reason": { "type": "string" },
"approvedBy": { "type": "string" },
"ticket": { "type": "string" }
},
"additionalProperties": false
},
"quotas": {
"type": "object",
"properties": {
"maxActiveRuns": { "type": "integer", "minimum": 1, "maximum": 32 },
"maxQueuedRuns": { "type": "integer", "minimum": 1, "maximum": 512 },
"backpressureMode": {
"type": "string",
"enum": ["reject", "defer", "throttle"]
},
"cpuThrottlePercent": { "type": "integer", "minimum": 1, "maximum": 100 }
},
"additionalProperties": false
}
},
"additionalProperties": false,
"$defs": {
"digest": { "type": "string", "pattern": "^sha256:[a-f0-9]{64}$" },
"selectors": {
"type": "object",
"properties": {
"tenants": {
"type": "array",
"items": { "type": "string", "pattern": "^[a-z0-9*.-]+$" },
"uniqueItems": true
},
"products": {
"type": "array",
"items": { "type": "string", "pattern": "^pkg:[A-Za-z0-9.+\\-_/:@*]+$" }
},
"timeWindow": {
"oneOf": [
{ "type": "string", "pattern": "^[0-9]+d$" },
{ "type": "string", "pattern": "^[0-9]{4}-[0-9]{2}-[0-9]{2}/[0-9]{4}-[0-9]{2}-[0-9]{2}$" }
]
},
"severities": {
"type": "array",
"items": { "type": "string", "enum": ["critical", "high", "medium", "low", "info"] },
"uniqueItems": true
},
"ecosystems": {
"type": "array",
"items": {
"type": "string",
"enum": ["npm", "maven", "pypi", "nuget", "go", "cargo", "rpm", "deb", "apk", "java"]
},
"uniqueItems": true
}
},
"additionalProperties": false
}
}
}
Reference in New Issue View Git Blame Copy Permalink