oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: set cosign attest predicate type based on Syft output type (#1598)

Browse Source 
Signed-off-by: Nils Hanke <nils.hanke@outlook.de>
This commit is contained in:
Nils Hanke 2023-02-24 21:08:40 +01:00 committed by GitHub
parent 284bae9d5f
commit fa0a9fe8f9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
cmd/syft/cli/attest/attest.go
View File

@ -5,6 +5,7 @@ import (
"fmt" "fmt"
"os" "os"
"os/exec" "os/exec"
"strings"
"github.com/wagoodman/go-partybus" "github.com/wagoodman/go-partybus"
"github.com/wagoodman/go-progress" "github.com/wagoodman/go-progress"
@ -130,7 +131,21 @@ func execWorker(app *config.Application, si source.Input, writer sbom.Writer) <-
return return
} }
args := []string{"attest", si.UserInput, "--predicate", f.Name()} // Select Cosign predicate type based on defined output type
// As orientation, check: https://github.com/sigstore/cosign/blob/main/pkg/cosign/attestation/attestation.go
var predicateType string
switch strings.ToLower(o) {
case "cyclonedx-json":
predicateType = "cyclonedx"
case "spdx-tag-value":
predicateType = "spdx"
case "spdx-json":
predicateType = "spdxjson"
default:
predicateType = "custom"
}
args := []string{"attest", si.UserInput, "--predicate", f.Name(), "--type", predicateType}
if app.Attest.Key != "" { if app.Attest.Key != "" {
args = append(args, "--key", app.Attest.Key) args = append(args, "--key", app.Attest.Key)
} }