File: COSIGN_PREDICATE_SPEC.md

package info (click to toggle)
cosign 2.5.0-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 4,960 kB
  • sloc: sh: 222; makefile: 170
file content (31 lines) | stat: -rw-r--r-- 1,030 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# Cosign Generic Predicate Specification

`Cosign` supports working with [In-Toto Attestations](https://github.com/in-toto/attestation) using the predicate model.
Several well-known predicates are supported natively, but `cosign` also supports a simple, generic, format for data that
doesn't fit well into other types.

The format for this is defined as follows:

`data`: Raw data to place in the attestation. This is a base64-encoded string of bytes.
`timestamp`: The timestamp the attestation was generated at in the RFC3339 format in the UTC timezone.

Here is an example attestation containing a data file containing `foo`:

```json
{
  "_type": "https://in-toto.io/Statement/v0.1",
  "predicateType": "https://cosign.sigstore.dev/attestation/v1",
  "subject": [
    {
      "name": "us.gcr.io/dlorenc-vmtest2/demo",
      "digest": {
        "sha256": "124e1fdee94fe5c5f902bc94da2d6e2fea243934c74e76c2368acdc8d3ac7155"
      }
    }
  ],
  "predicate": {
    "Data": "foo\n",
    "Timestamp": "2021-08-11T14:51:09Z"
  }
}
```