30 lines
856 B
Markdown
30 lines
856 B
Markdown
# Attestor Payloads (DOCS-ATTEST-73-002)
|
|
|
|
Schemas/examples for attestations handled by Attestor.
|
|
|
|
## DSSE payload
|
|
```json
|
|
{
|
|
"_type": "https://in-toto.io/Statement/v1",
|
|
"subject": [{"name": "sha256:...", "digest": {"sha256": "..."}}],
|
|
"predicateType": "stella.ops/vexObservation@v1",
|
|
"predicate": {
|
|
"observationId": "vex:obs:sha256:...",
|
|
"tenant": "default",
|
|
"providerId": "ubuntu-csaf",
|
|
"createdAt": "2025-11-23T23:10:00Z"
|
|
}
|
|
}
|
|
```
|
|
|
|
## Evidence links
|
|
- Each payload references evidence hashes (VEX observations/linksets) and optional timeline event IDs.
|
|
- Keep payloads aggregation-only; no verdict fields.
|
|
|
|
## Hashing/signing
|
|
- Canonicalize JSON (RFC 8785) before signing.
|
|
- Use SHA-256 digests; include in envelope metadata.
|
|
|
|
## Examples
|
|
- Place sample payloads in `docs/modules/attestor/samples/payloads/` (add when available).
|