-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Verify text provenance for GCB #242
Verify text provenance for GCB #242
Conversation
@@ -0,0 +1,684 @@ | |||
package gcb | |||
|
|||
import ( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For some reason this file was not committed but should have in a previous PR.
} | ||
} | ||
|
||
func Test_VerifyTextProvenance(t *testing.T) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the additional test for this PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks!
// The GCB provenance contains a human-readable version of the intoto | ||
// statement, but it is not compliant with the standard. It uses `slsaProvenance` | ||
// instead of `predicate`. For backward compatibility, this has not been fixed | ||
// by the GCB team. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks for the note! was confused about why not use an intotostatement
GCB has an additional text human-readable version of the DSSE payload. This PR verifiers that it matches the verified DSSE payload.