macaron.slsa_analyzer.provenance.slsa package

This module implements SLSA provenance abstractions.

class macaron.slsa_analyzer.provenance.slsa.SLSAProvenanceData(asset: AssetLocator, payload: InTotoV01Payload | InTotoV1Payload)

Bases: NamedTuple

SLSA provenance data.

asset: AssetLocator

The provenance asset.

payload: InTotoV01Payload | InTotoV1Payload

The provenance payload.

macaron.slsa_analyzer.provenance.slsa.extract_build_artifacts_from_slsa_subjects(payload)

Extract subjects that are build artifacts from the "subject" field of the provenance.

Each artifact subject is assumed to have a sha256 digest. If a sha256 digest is not present for a subject, that subject is ignored.

Parameters:

payload (InTotoPayload) – The provenance payload.

Returns:

A list of subjects in the "subject" field of the provenance that are build artifacts.

Return type:

list[InTotoV01Subject | InTotoV1ResourceDescriptor]

macaron.slsa_analyzer.provenance.slsa.is_slsa_provenance_payload(payload, predicate_types)

Check if the given provenance payload is a SLSA provenance payload.

Parameters:
  • payload (InTotoPayload) – The provenance payload.

  • predicate_types (list[str]) – The allowed values for the "predicateType" field of the provenance payload.

Returns:

True if the payload is a witness provenance payload, False otherwise.

Return type:

bool