macaron.slsa_analyzer.specs package
Submodules
macaron.slsa_analyzer.specs.build_spec module
This module contains the BuildSpec class.
- class macaron.slsa_analyzer.specs.build_spec.BuildInfo
Bases:
TypedDict
This class contains the properties of a build process.
References
- class macaron.slsa_analyzer.specs.build_spec.BuildSpec
Bases:
TypedDict
This class contains the specs for building a Java artifact.
References
-
tools:
list
[BaseBuildTool
] The build tools used for building this artifact.
-
purl_tools:
list
[BaseBuildTool
] The build tools that match the software component PackageURL type.
-
tools:
macaron.slsa_analyzer.specs.ci_spec module
This module contains the BuildSpec class.
- class macaron.slsa_analyzer.specs.ci_spec.CIInfo
Bases:
TypedDict
This class contains the information gathered for a CI service.
-
service:
BaseCIService
The CI service data.
-
provenance_assets:
list
[AssetLocator
] Release assets for provenances, e.g., asset for attestation.intoto.jsonl.
For GitHub Actions, each asset is a member of the
assets
list in the GitHub Actions appropriate release payload. See: https://docs.github.com/en/rest/releases/releases?apiVersion=2022-11-28#get-a-release-by-tag-name.
-
release:
dict
The appropriate release. Schema: https://docs.github.com/en/rest/releases/releases?apiVersion=2022-11-28#get-a-release-by-tag-name
-
provenances:
Sequence
[DownloadedProvenanceData
] The provenances data.
-
service:
macaron.slsa_analyzer.specs.inferred_provenance module
This module contains the inferred SLSA provenance spec.
- class macaron.slsa_analyzer.specs.inferred_provenance.Provenance
Bases:
object
This class implements the inferred SLSA provenance.
This inferred provenance implementation follows the SLSA v0.2 provenance schema. See https://slsa.dev/spec/v0.2/provenance
- __init__()
Initialize instance.
macaron.slsa_analyzer.specs.package_registry_spec module
This module contains data related to one package registry that is matched against a repository.
- class macaron.slsa_analyzer.specs.package_registry_spec.PackageRegistryInfo(build_tool, package_registry, provenances=<factory>, metadata=<factory>)
Bases:
object
This class contains data for one package registry that is matched against a repository.
-
build_tool:
BaseBuildTool
The build tool matched against the repository.
-
package_registry:
PackageRegistry
The package registry matched against the repository. This is dependent on the build tool detected.
-
provenances:
list
[DownloadedProvenanceData
] The provenances matched against the current repo.
-
metadata:
list
[AssetLocator
] The metadata obtained by the registry.
- __init__(build_tool, package_registry, provenances=<factory>, metadata=<factory>)
-
build_tool: