diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 1193c97f..98bbd925 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -64,7 +64,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@c0d1daa7f7e14667747d73a7dbbe8c074bc8bfe2 # v2.22.9 + uses: github/codeql-action/init@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -74,7 +74,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@c0d1daa7f7e14667747d73a7dbbe8c074bc8bfe2 # v2.22.9 + uses: github/codeql-action/autobuild@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -87,6 +87,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@c0d1daa7f7e14667747d73a7dbbe8c074bc8bfe2 # v2.22.9 + uses: github/codeql-action/analyze@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 40f28f19..5b0608ae 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -38,4 +38,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: 'Dependency Review' - uses: actions/dependency-review-action@01bc87099ba56df1e897b6874784491ea6309bc4 # v3.1.4 + uses: actions/dependency-review-action@c74b580d73376b7750d3d2a50bfb8adc2c937507 # v3.1.5 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2861efc3..2785e946 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,14 +12,18 @@ # See the License for the specific language governing permissions and # limitations under the License. -permissions: - id-token: write # This is required for requesting the JWT - contents: read # This is required for actions/checkout name: release on: [push, pull_request] + +permissions: + contents: read + jobs: fmt: uses: ./.github/workflows/witness.yml + permissions: + id-token: write # This is required for requesting the JWT + contents: read with: pull_request: ${{ github.event_name == 'pull_request' }} step: fmt @@ -29,6 +33,9 @@ jobs: sast: needs: [fmt] uses: ./.github/workflows/witness.yml + permissions: + id-token: write # This is required for requesting the JWT + contents: read with: pull_request: ${{ github.event_name == 'pull_request' }} step: sast @@ -38,6 +45,9 @@ jobs: unit-test: needs: [fmt] uses: ./.github/workflows/witness.yml + permissions: + id-token: write # This is required for requesting the JWT + contents: read with: pull_request: ${{ github.event_name == 'pull_request' }} step: unit-test diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 0c6e645b..aa38c90b 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -77,7 +77,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 with: name: SARIF file path: results.sarif @@ -85,6 +85,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@c0d1daa7f7e14667747d73a7dbbe8c074bc8bfe2 # v2.22.9 + uses: github/codeql-action/upload-sarif@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0 with: sarif_file: results.sarif diff --git a/.github/workflows/verify-licence.yml b/.github/workflows/verify-licence.yml index 593a8d18..8528886d 100644 --- a/.github/workflows/verify-licence.yml +++ b/.github/workflows/verify-licence.yml @@ -34,9 +34,9 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: '1.17.x' + go-version: '1.21.x' - name: Install addlicense - run: go install github.com/google/addlicense@latest + run: go install github.com/google/addlicense@v1.1.1 - name: Check license headers run: | set -e diff --git a/.github/workflows/witness.yml b/.github/workflows/witness.yml index dd93c079..1b2dc2c1 100644 --- a/.github/workflows/witness.yml +++ b/.github/workflows/witness.yml @@ -40,9 +40,15 @@ on: required: true type: string +permissions: + contents: read + jobs: witness: runs-on: ubuntu-latest + permissions: + contents: read + id-token: write steps: - name: Harden Runner uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 @@ -55,7 +61,7 @@ jobs: go-version: 1.21.x - if: ${{ inputs.artifact-download != '' }} - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 with: name: ${{ inputs.artifact-download }} path: /tmp @@ -79,7 +85,7 @@ jobs: run: ${{ inputs.command }} - if: ${{ inputs.artifact-upload-path != '' && inputs.artifact-upload-name != ''}} - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 with: name: ${{ inputs.artifact-upload-name }} path: ${{ inputs.artifact-upload-path }} diff --git a/DEPENDENCY.md b/DEPENDENCY.md new file mode 100644 index 00000000..99f74a1c --- /dev/null +++ b/DEPENDENCY.md @@ -0,0 +1,42 @@ +# Environment Dependencies Policy + +## Purpose + +This policy describes how Witness maintainers consume third-party packages. + +## Scope + +This policy applies to all Witness maintainers and all third-party packages used in the Witness project. + +## Policy + +Witness maintainers must follow these guidelines when consuming third-party packages: + +- Only use third-party packages that are necessary for the functionality of Witness. +- Use the latest version of all third-party packages whenever possible. +- Avoid using third-party packages that are known to have security vulnerabilities. +- Pin all third-party packages to specific versions in the Witness codebase. +- Use a dependency management tool, such as Go modules, to manage third-party dependencies. + +## Procedure + +When adding a new third-party package to Witness, maintainers must follow these steps: + +1. Evaluate the need for the package. Is it necessary for the functionality of Witness? +2. Research the package. Is it well-maintained? Does it have a good reputation? +3. Choose a version of the package. Use the latest version whenever possible. +4. Pin the package to the specific version in the Witness codebase. +5. Update the Witness documentation to reflect the new dependency. + +## Enforcement + +This policy is enforced by the Witness maintainers. +Maintainers are expected to review each other's code changes to ensure that they comply with this policy. + +## Exceptions + +Exceptions to this policy may be granted by the Witness project lead on a case-by-case basis. + +## Credits + +This policy was adapted from the [Kubescape Community](https://github.com/kubescape/kubescape/blob/master/docs/environment-dependencies-policy.md) diff --git a/README.md b/README.md index 9579bb17..2741e8d7 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ This library is currently pre-1.0 and therefore the API may be subject to breaki - A selection of attestation sources to search for attestation collections ## Documentation -For more detail regarding the library itself, we recommend viewing [pkg.go.dev](https://pkg.go.dev/github.com/testifysec/go-witness). For +For more detail regarding the library itself, we recommend viewing [pkg.go.dev](https://pkg.go.dev/github.com/in-toto/go-witness). For the documentation of the witness project, please view [the main witness repository](https://github.com/in-toto/witness/tree/main/docs). ## Requirements diff --git a/SECURITY-INSIGHTS.yml b/SECURITY-INSIGHTS.yml index cf55b9bd..c52c5f1b 100644 --- a/SECURITY-INSIGHTS.yml +++ b/SECURITY-INSIGHTS.yml @@ -15,10 +15,67 @@ header: schema-version: 1.0.0 expiration-date: '2024-08-31T10:10:09.000Z' - last-updated: '2023-12-06' - last-reviewed: '2023-12-06' + last-updated: '2023-12-20' + last-reviewed: '2023-12-20' commit-hash: cd0c222058a8830a8e190b840e466098b25a3c41 project-url: https://github.com/in-toto/go-witness - project-release: 'v0.17.0' - changelog: https://github.com/in-toto/go-witness/releases/tag/v0.17.0 + project-release: 'v0.2.0' + changelog: https://github.com/in-toto/go-witness/releases/tag/v0.2.0 license: https://github.com/in-toto/go-witness/blob/main/LICENSE + +project-lifecycle: + status: active + roadmap: https://github.com/orgs/in-toto/projects/4/views/3 + bug-fixes-only: false + core-maintainers: + - https://github.com/in-toto/go-witness/MAINTAINERS.md + release-cycle: https://github.com/in-toto/go-witness/releases + +contribution-policy: + accepts-pull-requests: true + accepts-automated-pull-requests: true + contributing-policy: https://github.com/in-toto/go-witness/blob/main/CONTRIBUTING.md + code-of-conduct: https://github.com/in-toto/go-witness/blob/main/CODE_OF_CONDUCT.md + +documentation: + - https://witness.dev + +distribution-points: + - https://github.com/in-toto/go-witness/releases + +security-testing: +- tool-type: sca + tool-name: Dependabot + tool-version: 2 + tool-url: https://github.com/dependabot + integration: + ad-hoc: false + ci: true + before-release: false + +security-contacts: +- type: email + value: security@testifysec.com + primary: true + +vulnerability-reporting: + accepts-vulnerability-reports: true + email-contact: security@testifysec.com + security-policy: https://github.com/in-toto/go-witness/SECURITY.md + +dependencies: + third-party-packages: true + dependencies-lists: + - https://github.com/in-toto/go-witness/go.mod + sbom: + - sbom-file: https://foo.bar/sbom + sbom-format: CycloneDX + sbom-url: https://foo.bar + dependencies-lifecycle: + policy-url: https://github.com/in-toto/go-witness/SECURITY.md + comment: | + All dependencies are subject to the Witness Security Policy. + env-dependencies-policy: + policy-url: https://github.com/in-toto/go-witness/DEPENDENCY.md + comment: | + All dependencies are subject to the Witness Dependency Policy. diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..2d5ae3cb --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,34 @@ +# Security Policy + +## Security Bulletins + +See current security bullentins on GitHub: https://github.com/in-toto/go-witness/security/advisories + +For information regarding the security of this project please join: + +* in-toto-witness on CNCF Slack + +## Reporting a Vulnerability + +Please use the below process to report a vulnerability to the project: + +Web Form: + +1. Please visit https://github.com/in-toto/go-witness/security/advisories/new + * You will receive a confirmation email upon submission +1. You may be contacted by a maintainer to further discuss the reported item + within 3 days. Please bear with us as we seek to understand the breadth + and scope of the reported problem, recreate it, and confirm if there is an + vulnerability present. + +This project follows a 30 day disclosure timeline. + +## Supported Versions + +Information regarding supported versions of this project can be found on +in the below table: + +| Version | Supported | +| --- | --- | +| Latest | :white_check_mark: | +| <= Latest - 2 | :x: | diff --git a/archivista/download.go b/archivista/download.go index 5550d45a..cb6127b8 100644 --- a/archivista/download.go +++ b/archivista/download.go @@ -17,8 +17,8 @@ package archivista import ( "context" - archivistaapi "github.com/testifysec/archivista-api" - "github.com/testifysec/go-witness/dsse" + archivistaapi "github.com/in-toto/archivista/pkg/api" + "github.com/in-toto/go-witness/dsse" ) func (c *Client) Download(ctx context.Context, gitoid string) (dsse.Envelope, error) { diff --git a/archivista/searchgitoids.go b/archivista/searchgitoids.go index 851840dc..f52d5257 100644 --- a/archivista/searchgitoids.go +++ b/archivista/searchgitoids.go @@ -17,7 +17,7 @@ package archivista import ( "context" - archivistaapi "github.com/testifysec/archivista-api" + archivistaapi "github.com/in-toto/archivista/pkg/api" ) type searchGitoidResponse struct { diff --git a/archivista/store.go b/archivista/store.go index 0b6f682a..ccba927a 100644 --- a/archivista/store.go +++ b/archivista/store.go @@ -17,8 +17,8 @@ package archivista import ( "context" - archivistaapi "github.com/testifysec/archivista-api" - "github.com/testifysec/go-witness/dsse" + archivistaapi "github.com/in-toto/archivista/pkg/api" + "github.com/in-toto/go-witness/dsse" ) func (c *Client) Store(ctx context.Context, env dsse.Envelope) (string, error) { diff --git a/attestation/aws-iid/aws-iid.go b/attestation/aws-iid/aws-iid.go index 874fbd6d..a9bd0a6f 100644 --- a/attestation/aws-iid/aws-iid.go +++ b/attestation/aws-iid/aws-iid.go @@ -27,9 +27,9 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/ec2metadata" "github.com/aws/aws-sdk-go/aws/session" - "github.com/testifysec/go-witness/attestation" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/log" + "github.com/in-toto/go-witness/attestation" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/log" ) const ( @@ -42,8 +42,8 @@ const ( const ( docPath = "instance-identity/document" sigPath = "instance-identity/signature" - //https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/verify-signature.html - //The following AWS public certificate is for all AWS Regions, except Hong Kong, Bahrain, China, and GovCloud. + // https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/verify-signature.html + // The following AWS public certificate is for all AWS Regions, except Hong Kong, Bahrain, China, and GovCloud. awsCACertPEM = `-----BEGIN CERTIFICATE----- MIIDIjCCAougAwIBAgIJAKnL4UEDMN/FMA0GCSqGSIb3DQEBBQUAMGoxCzAJBgNV BAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMRgw diff --git a/attestation/aws-iid/aws-iid_test.go b/attestation/aws-iid/aws-iid_test.go index 13cb45f3..bcda075b 100644 --- a/attestation/aws-iid/aws-iid_test.go +++ b/attestation/aws-iid/aws-iid_test.go @@ -24,9 +24,9 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/session" + "github.com/in-toto/go-witness/attestation" + "github.com/in-toto/go-witness/cryptoutil" "github.com/stretchr/testify/require" - "github.com/testifysec/go-witness/attestation" - "github.com/testifysec/go-witness/cryptoutil" ) const iid = `{ diff --git a/attestation/collection.go b/attestation/collection.go index 2697a81e..9add8895 100644 --- a/attestation/collection.go +++ b/attestation/collection.go @@ -19,7 +19,7 @@ import ( "fmt" "time" - "github.com/testifysec/go-witness/cryptoutil" + "github.com/in-toto/go-witness/cryptoutil" ) const CollectionType = "https://witness.testifysec.com/attestation-collection/v0.1" diff --git a/attestation/commandrun/commandrun.go b/attestation/commandrun/commandrun.go index ff6675c6..5379700e 100644 --- a/attestation/commandrun/commandrun.go +++ b/attestation/commandrun/commandrun.go @@ -20,9 +20,9 @@ import ( "os" "os/exec" - "github.com/testifysec/go-witness/attestation" - "github.com/testifysec/go-witness/attestation/environment" - "github.com/testifysec/go-witness/cryptoutil" + "github.com/in-toto/go-witness/attestation" + "github.com/in-toto/go-witness/attestation/environment" + "github.com/in-toto/go-witness/cryptoutil" ) const ( diff --git a/attestation/commandrun/tracing_linux.go b/attestation/commandrun/tracing_linux.go index e9cce1bd..53d20d3d 100644 --- a/attestation/commandrun/tracing_linux.go +++ b/attestation/commandrun/tracing_linux.go @@ -26,10 +26,10 @@ import ( "strconv" "strings" - "github.com/testifysec/go-witness/attestation" - "github.com/testifysec/go-witness/attestation/environment" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/log" + "github.com/in-toto/go-witness/attestation" + "github.com/in-toto/go-witness/attestation/environment" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/log" "golang.org/x/sys/unix" ) diff --git a/attestation/commandrun/tracing_unsupported.go b/attestation/commandrun/tracing_unsupported.go index 23023c72..55353dc1 100644 --- a/attestation/commandrun/tracing_unsupported.go +++ b/attestation/commandrun/tracing_unsupported.go @@ -20,7 +20,7 @@ import ( "errors" "os/exec" - "github.com/testifysec/go-witness/attestation" + "github.com/in-toto/go-witness/attestation" ) func enableTracing(c *exec.Cmd) { diff --git a/attestation/context.go b/attestation/context.go index d0e1a455..748829c5 100644 --- a/attestation/context.go +++ b/attestation/context.go @@ -21,8 +21,8 @@ import ( "os" "time" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/log" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/log" ) type RunType string diff --git a/attestation/environment/environment.go b/attestation/environment/environment.go index e27d056b..bb3e3d96 100644 --- a/attestation/environment/environment.go +++ b/attestation/environment/environment.go @@ -20,7 +20,7 @@ import ( "runtime" "strings" - "github.com/testifysec/go-witness/attestation" + "github.com/in-toto/go-witness/attestation" ) const ( diff --git a/attestation/environment/environment_test.go b/attestation/environment/environment_test.go index 7a86ef58..b958cd32 100644 --- a/attestation/environment/environment_test.go +++ b/attestation/environment/environment_test.go @@ -18,8 +18,8 @@ import ( "os" "testing" + "github.com/in-toto/go-witness/attestation" "github.com/stretchr/testify/require" - "github.com/testifysec/go-witness/attestation" ) func TestEnvironment(t *testing.T) { diff --git a/attestation/factory.go b/attestation/factory.go index ef50a60c..a78bfabb 100644 --- a/attestation/factory.go +++ b/attestation/factory.go @@ -17,8 +17,8 @@ package attestation import ( "fmt" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/registry" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/registry" ) var ( @@ -70,6 +70,12 @@ func (e ErrAttestationNotFound) Error() string { return fmt.Sprintf("attestation not found: %v", string(e)) } +type ErrAttestorNotFound string + +func (e ErrAttestorNotFound) Error() string { + return fmt.Sprintf("attestor not found: %v", string(e)) +} + func RegisterAttestation(name, predicateType string, run RunType, factoryFunc registry.FactoryFunc[Attestor], opts ...registry.Configurer) { registrationEntry := attestorRegistry.Register(name, factoryFunc, opts...) attestationsByType[predicateType] = registrationEntry @@ -86,14 +92,32 @@ func FactoryByName(name string) (registry.FactoryFunc[Attestor], bool) { return registrationEntry.Factory, ok } +func GetAttestor(nameOrType string) (Attestor, error) { + attestors, err := GetAttestors([]string{nameOrType}) + if err != nil { + return nil, err + } + + if len(attestors) == 0 { + return nil, ErrAttestorNotFound(nameOrType) + } + + return attestors[0], nil +} + +// Deprecated: use AddAttestors instead func Attestors(nameOrTypes []string) ([]Attestor, error) { + return GetAttestors(nameOrTypes) +} + +func GetAttestors(nameOrTypes []string) ([]Attestor, error) { attestors := make([]Attestor, 0) for _, nameOrType := range nameOrTypes { factory, ok := FactoryByName(nameOrType) if !ok { factory, ok = FactoryByType(nameOrType) if !ok { - return nil, ErrAttestationNotFound(nameOrType) + return nil, ErrAttestorNotFound(nameOrType) } } diff --git a/attestation/file/file.go b/attestation/file/file.go index 4b648c7f..40752b28 100644 --- a/attestation/file/file.go +++ b/attestation/file/file.go @@ -21,8 +21,8 @@ import ( "path/filepath" "github.com/edwarnicke/gitoid" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/log" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/log" ) // recordArtifacts will walk basePath and record the digests of each file with each of the functions in hashes. diff --git a/attestation/file/file_test.go b/attestation/file/file_test.go index a4269bf1..9f4dc0da 100644 --- a/attestation/file/file_test.go +++ b/attestation/file/file_test.go @@ -20,8 +20,8 @@ import ( "path/filepath" "testing" + "github.com/in-toto/go-witness/cryptoutil" "github.com/stretchr/testify/require" - "github.com/testifysec/go-witness/cryptoutil" ) func TestBrokenSymlink(t *testing.T) { diff --git a/attestation/gcp-iit/gcp-iit.go b/attestation/gcp-iit/gcp-iit.go index c2cdfdbd..84ea433d 100644 --- a/attestation/gcp-iit/gcp-iit.go +++ b/attestation/gcp-iit/gcp-iit.go @@ -22,10 +22,10 @@ import ( "net/url" "strings" - "github.com/testifysec/go-witness/attestation" - "github.com/testifysec/go-witness/attestation/jwt" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/log" + "github.com/in-toto/go-witness/attestation" + "github.com/in-toto/go-witness/attestation/jwt" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/log" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) diff --git a/attestation/git/git.go b/attestation/git/git.go index 2978b4d7..1a92634e 100644 --- a/attestation/git/git.go +++ b/attestation/git/git.go @@ -23,8 +23,8 @@ import ( "github.com/go-git/go-git/v5" "github.com/go-git/go-git/v5/plumbing" "github.com/go-git/go-git/v5/plumbing/object" - "github.com/testifysec/go-witness/attestation" - "github.com/testifysec/go-witness/cryptoutil" + "github.com/in-toto/go-witness/attestation" + "github.com/in-toto/go-witness/cryptoutil" ) const ( diff --git a/attestation/git/git_test.go b/attestation/git/git_test.go index c4d93dc4..30c06944 100644 --- a/attestation/git/git_test.go +++ b/attestation/git/git_test.go @@ -26,8 +26,8 @@ import ( "github.com/go-git/go-git/v5" "github.com/go-git/go-git/v5/plumbing" "github.com/go-git/go-git/v5/plumbing/object" + "github.com/in-toto/go-witness/attestation" "github.com/stretchr/testify/require" - "github.com/testifysec/go-witness/attestation" ) func TestNew(t *testing.T) { diff --git a/attestation/github/github.go b/attestation/github/github.go index cece9c0c..c768e3b7 100644 --- a/attestation/github/github.go +++ b/attestation/github/github.go @@ -26,10 +26,10 @@ import ( "strings" "github.com/davecgh/go-spew/spew" - "github.com/testifysec/go-witness/attestation" - "github.com/testifysec/go-witness/attestation/jwt" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/log" + "github.com/in-toto/go-witness/attestation" + "github.com/in-toto/go-witness/attestation/jwt" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/log" ) const ( diff --git a/attestation/gitlab/gitlab.go b/attestation/gitlab/gitlab.go index 5d6c1a80..b9663b0a 100644 --- a/attestation/gitlab/gitlab.go +++ b/attestation/gitlab/gitlab.go @@ -20,10 +20,10 @@ import ( "os" "strings" - "github.com/testifysec/go-witness/attestation" - "github.com/testifysec/go-witness/attestation/jwt" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/log" + "github.com/in-toto/go-witness/attestation" + "github.com/in-toto/go-witness/attestation/jwt" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/log" ) const ( diff --git a/attestation/jwt/jwt.go b/attestation/jwt/jwt.go index 56952543..1eb2ca12 100644 --- a/attestation/jwt/jwt.go +++ b/attestation/jwt/jwt.go @@ -19,7 +19,7 @@ import ( "fmt" "net/http" - "github.com/testifysec/go-witness/attestation" + "github.com/in-toto/go-witness/attestation" "gopkg.in/square/go-jose.v2" "gopkg.in/square/go-jose.v2/jwt" ) diff --git a/attestation/material/material.go b/attestation/material/material.go index 84394d33..458515a1 100644 --- a/attestation/material/material.go +++ b/attestation/material/material.go @@ -17,9 +17,9 @@ package material import ( "encoding/json" - "github.com/testifysec/go-witness/attestation" - "github.com/testifysec/go-witness/attestation/file" - "github.com/testifysec/go-witness/cryptoutil" + "github.com/in-toto/go-witness/attestation" + "github.com/in-toto/go-witness/attestation/file" + "github.com/in-toto/go-witness/cryptoutil" ) const ( diff --git a/attestation/maven/maven.go b/attestation/maven/maven.go index 57c93840..c2dd5858 100644 --- a/attestation/maven/maven.go +++ b/attestation/maven/maven.go @@ -21,10 +21,9 @@ import ( "io" "os" - "github.com/testifysec/go-witness/attestation" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/log" - "github.com/testifysec/go-witness/registry" + "github.com/in-toto/go-witness/attestation" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/log" ) const ( diff --git a/attestation/maven/maven_test.go b/attestation/maven/maven_test.go index 0377e782..af7574c9 100644 --- a/attestation/maven/maven_test.go +++ b/attestation/maven/maven_test.go @@ -19,8 +19,9 @@ import ( "path/filepath" "testing" + "github.com/in-toto/go-witness/attestation" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/testifysec/go-witness/attestation" ) func writeTempPomXml(t *testing.T, path string) (string, error) { diff --git a/attestation/oci/oci.go b/attestation/oci/oci.go index f16569af..0f6dcb93 100644 --- a/attestation/oci/oci.go +++ b/attestation/oci/oci.go @@ -26,9 +26,9 @@ import ( "os" "strings" - "github.com/testifysec/go-witness/attestation" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/log" + "github.com/in-toto/go-witness/attestation" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/log" ) const ( diff --git a/attestation/oci/oci_test.go b/attestation/oci/oci_test.go index 4b75a125..faca7495 100644 --- a/attestation/oci/oci_test.go +++ b/attestation/oci/oci_test.go @@ -20,9 +20,9 @@ import ( "os" "testing" + "github.com/in-toto/go-witness/attestation" + "github.com/in-toto/go-witness/cryptoutil" "github.com/stretchr/testify/require" - "github.com/testifysec/go-witness/attestation" - "github.com/testifysec/go-witness/cryptoutil" ) type testProducter struct { diff --git a/attestation/product/product.go b/attestation/product/product.go index 3ef24571..1754d841 100644 --- a/attestation/product/product.go +++ b/attestation/product/product.go @@ -24,10 +24,10 @@ import ( "path/filepath" "github.com/gobwas/glob" - "github.com/testifysec/go-witness/attestation" - "github.com/testifysec/go-witness/attestation/file" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/registry" + "github.com/in-toto/go-witness/attestation" + "github.com/in-toto/go-witness/attestation/file" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/registry" ) const ( diff --git a/attestation/product/product_test.go b/attestation/product/product_test.go index 76502b74..21aead8a 100644 --- a/attestation/product/product_test.go +++ b/attestation/product/product_test.go @@ -23,10 +23,10 @@ import ( "strings" "testing" + "github.com/in-toto/go-witness/attestation" + "github.com/in-toto/go-witness/cryptoutil" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/testifysec/go-witness/attestation" - "github.com/testifysec/go-witness/cryptoutil" ) func TestFromDigestMap(t *testing.T) { diff --git a/attestation/sarif/sarif.go b/attestation/sarif/sarif.go index 8c21d8ca..1dac7d87 100644 --- a/attestation/sarif/sarif.go +++ b/attestation/sarif/sarif.go @@ -21,10 +21,10 @@ import ( "os" "strings" + "github.com/in-toto/go-witness/attestation" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/log" "github.com/owenrumney/go-sarif/sarif" - "github.com/testifysec/go-witness/attestation" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/log" ) const ( diff --git a/dsse/dsse_test.go b/dsse/dsse_test.go index 1df34b3f..7a63e251 100644 --- a/dsse/dsse_test.go +++ b/dsse/dsse_test.go @@ -28,9 +28,9 @@ import ( "testing" "time" + "github.com/in-toto/go-witness/cryptoutil" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/testifysec/go-witness/cryptoutil" ) func createRsaKey() (*rsa.PrivateKey, *rsa.PublicKey, error) { diff --git a/dsse/sign.go b/dsse/sign.go index 570934a3..25b958ec 100644 --- a/dsse/sign.go +++ b/dsse/sign.go @@ -21,7 +21,7 @@ import ( "fmt" "io" - "github.com/testifysec/go-witness/cryptoutil" + "github.com/in-toto/go-witness/cryptoutil" ) type Timestamper interface { diff --git a/dsse/verify.go b/dsse/verify.go index f1a90393..b74c24ed 100644 --- a/dsse/verify.go +++ b/dsse/verify.go @@ -21,7 +21,7 @@ import ( "io" "time" - "github.com/testifysec/go-witness/cryptoutil" + "github.com/in-toto/go-witness/cryptoutil" ) type TimestampVerifier interface { diff --git a/go.mod b/go.mod index 6d6c876c..d8e42716 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/testifysec/go-witness +module github.com/in-toto/go-witness go 1.19 @@ -7,52 +7,53 @@ require ( github.com/digitorus/pkcs7 v0.0.0-20230220124406-51331ccfc40f github.com/digitorus/timestamp v0.0.0-20230220124323-d542479a2425 github.com/edwarnicke/gitoid v0.0.0-20220710194850-1be5bfda1f9d - github.com/go-git/go-git/v5 v5.5.2 + github.com/go-git/go-git/v5 v5.11.0 + github.com/in-toto/archivista v0.2.0 github.com/mattn/go-isatty v0.0.20 github.com/open-policy-agent/opa v0.49.2 github.com/owenrumney/go-sarif v1.1.1 github.com/spiffe/go-spiffe/v2 v2.1.6 github.com/stretchr/testify v1.8.4 - github.com/testifysec/archivista-api v0.0.0-20230220215059-632b84b82b76 go.step.sm/crypto v0.25.2 - golang.org/x/sys v0.13.0 + golang.org/x/sys v0.15.0 google.golang.org/grpc v1.56.3 gopkg.in/square/go-jose.v2 v2.6.0 - k8s.io/apimachinery v0.26.11 + k8s.io/apimachinery v0.26.12 ) require ( + dario.cat/mergo v1.0.0 // indirect filippo.io/edwards25519 v1.0.0 // indirect github.com/agnivade/levenshtein v1.1.1 // indirect - github.com/cloudflare/circl v1.3.3 // indirect + github.com/cloudflare/circl v1.3.7 // indirect github.com/coreos/go-oidc/v3 v3.5.0 // indirect + github.com/cyphar/filepath-securejoin v0.2.4 // indirect github.com/dustin/go-humanize v1.0.1 // indirect github.com/go-jose/go-jose/v3 v3.0.1 // indirect - github.com/go-logr/logr v1.2.3 // indirect + github.com/go-logr/logr v1.2.4 // indirect github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/google/flatbuffers v2.0.8+incompatible // indirect github.com/google/go-containerregistry v0.13.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.15.0 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/kr/pretty v0.3.0 // indirect github.com/letsencrypt/boulder v0.0.0-20221109233200-85aa52084eaf // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/pjbgf/sha1cd v0.2.3 // indirect + github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/rogpeppe/go-internal v1.8.0 // indirect github.com/segmentio/ksuid v1.0.4 // indirect - github.com/skeema/knownhosts v1.1.0 // indirect + github.com/skeema/knownhosts v1.2.1 // indirect github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect github.com/tchap/go-patricia/v2 v2.3.1 // indirect github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect github.com/zclconf/go-cty v1.12.1 // indirect - golang.org/x/mod v0.8.0 // indirect + golang.org/x/mod v0.12.0 // indirect golang.org/x/oauth2 v0.7.0 // indirect - golang.org/x/tools v0.6.0 // indirect + golang.org/x/tools v0.13.0 // indirect google.golang.org/appengine v1.6.7 // indirect gopkg.in/inf.v0 v0.9.1 // indirect k8s.io/klog/v2 v2.90.0 // indirect @@ -62,18 +63,16 @@ require ( ) require ( - github.com/Microsoft/go-winio v0.6.0 // indirect + github.com/Microsoft/go-winio v0.6.1 // indirect github.com/OneOfOne/xxhash v1.2.8 // indirect - github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect - github.com/acomagu/bufpipe v1.0.3 // indirect + github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect github.com/aws/aws-sdk-go v1.44.334 github.com/emirpasic/gods v1.18.1 // indirect github.com/ghodss/yaml v1.0.0 // indirect - github.com/go-git/gcfg v1.5.0 // indirect - github.com/go-git/go-billy/v5 v5.4.1 // indirect + github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect + github.com/go-git/go-billy/v5 v5.5.0 // indirect github.com/gobwas/glob v0.2.3 github.com/golang/protobuf v1.5.3 // indirect - github.com/imdario/mergo v0.3.13 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect @@ -87,10 +86,10 @@ require ( github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/yashtewari/glob-intersection v0.1.0 // indirect github.com/zeebo/errs v1.3.0 // indirect - golang.org/x/crypto v0.14.0 // indirect - golang.org/x/net v0.17.0 // indirect - golang.org/x/term v0.13.0 // indirect - golang.org/x/text v0.13.0 // indirect + golang.org/x/crypto v0.17.0 // indirect + golang.org/x/net v0.19.0 // indirect + golang.org/x/term v0.15.0 // indirect + golang.org/x/text v0.14.0 // indirect google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect google.golang.org/protobuf v1.31.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect diff --git a/go.sum b/go.sum index dea9197c..fdcfeed1 100644 --- a/go.sum +++ b/go.sum @@ -1,38 +1,36 @@ cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= +dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= +dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= filippo.io/edwards25519 v1.0.0 h1:0wAIcmJUqRdI8IJ/3eGi5/HwXZWPujYXXlkrQogz0Ek= filippo.io/edwards25519 v1.0.0/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= -github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg= -github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE= +github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= +github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8= github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= -github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8= -github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA= -github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g= -github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk= -github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= +github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 h1:kkhsdkhsCvIsutKu5zLMgWtgh9YxGCNAw8Ad8hjwfYg= +github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8= github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= -github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= -github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aws/aws-sdk-go v1.44.334 h1:h2bdbGb//fez6Sv6PaYv868s9liDeoYM6hYsAqTB4MU= github.com/aws/aws-sdk-go v1.44.334/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= -github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= +github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HVHpXvjfy0Dy7g6fuA= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= -github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I= -github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= +github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= +github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= github.com/coreos/go-oidc/v3 v3.5.0 h1:VxKtbccHZxs8juq7RdJntSqtXFtde9YpNpGn0yqgEHw= github.com/coreos/go-oidc/v3 v3.5.0/go.mod h1:ecXRtV4romGPeO6ieExAsUK9cb/3fp9hXNz1tlv8PIM= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= +github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -49,6 +47,7 @@ github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkp github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= github.com/edwarnicke/gitoid v0.0.0-20220710194850-1be5bfda1f9d h1:4l+Uq5zFWSagXgGFaKRRVWJrnlzeathyagWgYUltCgY= github.com/edwarnicke/gitoid v0.0.0-20220710194850-1be5bfda1f9d/go.mod h1:WxWwA3EYuCQjlR5EBUX3uaTS8bh9BOa7BcqVREHQ0uQ= +github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= github.com/facebookgo/clock v0.0.0-20150410010913-600d898af40a h1:yDWHCSQ40h88yih2JAcL6Ls/kVkSE8GFACTGVnMPruw= @@ -59,23 +58,19 @@ github.com/foxcpp/go-mockdns v0.0.0-20210729171921-fb145fc6f897 h1:E52jfcE64UG42 github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY= -github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4= -github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4= -github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E= -github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= -github.com/go-git/go-billy/v5 v5.4.0/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg= -github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4= -github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg= -github.com/go-git/go-git-fixtures/v4 v4.3.1 h1:y5z6dd3qi8Hl+stezc8p3JxDkoTRqMAlKnXHuzrfjTQ= -github.com/go-git/go-git-fixtures/v4 v4.3.1/go.mod h1:8LHG1a3SRW71ettAD/jW13h8c6AqjVSeL11RAdgaqpo= -github.com/go-git/go-git/v5 v5.5.2 h1:v8lgZa5k9ylUw+OR/roJHTxR4QItsNFI5nKtAXFuynw= -github.com/go-git/go-git/v5 v5.5.2/go.mod h1:BE5hUJ5yaV2YMxhmaP4l6RBQ08kMxKSPD4BlxtH7OjI= +github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= +github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= +github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU= +github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow= +github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= +github.com/go-git/go-git/v5 v5.11.0 h1:XIZc1p+8YzypNr34itUfSvYJcv+eYdTnTvOZ2vD3cA4= +github.com/go-git/go-git/v5 v5.11.0/go.mod h1:6GFcX2P3NM7FPBfpePbpLd21XxsgdAt+lKqXmCUiUCY= github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA= github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= -github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= +github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-rod/rod v0.112.6 h1:zMirUmhsBeshMWyf285BD0UGtGq54HfThLDGSjcP3lU= github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg= github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= @@ -84,6 +79,7 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v1.1.0 h1:/d3pCKDPWNnvIWe0vVUpNP32qc8U3PDVxySP/y360qE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= @@ -97,8 +93,7 @@ github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= -github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-containerregistry v0.13.0 h1:y1C7Z3e149OJbOPDBxLYR8ITPz8dTKqQwjErKVHJC8k= github.com/google/go-containerregistry v0.13.0/go.mod h1:J9FQ+eSS4a1aC2GNZxvNpbWhgp0487v+cgiilB4FqDo= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -108,11 +103,10 @@ github.com/grpc-ecosystem/grpc-gateway/v2 v2.15.0 h1:1JYBfzqrWPcCclBwxFCPAou9n+q github.com/grpc-ecosystem/grpc-gateway/v2 v2.15.0/go.mod h1:YDZoGHuwE+ov0c8smSH49WLF3F2LaWnYYuDVd+EWrc0= github.com/honeycombio/beeline-go v1.10.0 h1:cUDe555oqvw8oD76BQJ8alk7FP0JZ/M/zXpNvOEDLDc= github.com/honeycombio/libhoney-go v1.16.0 h1:kPpqoz6vbOzgp7jC6SR7SkNj7rua7rgxvznI6M3KdHc= -github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= -github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= +github.com/in-toto/archivista v0.2.0 h1:FViuHMVVETborvOqlmSYdROY8RmX3CO0V0MOhU/Rl20= +github.com/in-toto/archivista v0.2.0/go.mod h1:qt9uN4TkHWUgR5A2wxRqQIBizSl32P2nI2AjESskkr0= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= -github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= @@ -126,17 +120,12 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.15.11 h1:Lcadnb3RKGin4FYM/orgq0qde+nc15E5Cbqg4B9Sx9c= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= -github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/letsencrypt/boulder v0.0.0-20221109233200-85aa52084eaf h1:ndns1qx/5dL43g16EQkPV/i8+b3l5bYQwLeoSBe7tS8= github.com/letsencrypt/boulder v0.0.0-20221109233200-85aa52084eaf/go.mod h1:aGkAgvWY/IUcVFfuly53REpfv5edu25oij+qHRFaraA= -github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A= -github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= @@ -146,16 +135,15 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= +github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/open-policy-agent/opa v0.49.2 h1:n8ntRq/yDWy+cmYaqSLrHXmrT3tX8WlK28vjFQdC6W8= github.com/open-policy-agent/opa v0.49.2/go.mod h1:7L3lN5qe8xboRmEHxC5lGjo5KsRMdK+CCLiFoOCP7rU= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/owenrumney/go-sarif v1.1.1 h1:QNObu6YX1igyFKhdzd7vgzmw7XsWN3/6NMGuDzBgXmE= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= -github.com/pjbgf/sha1cd v0.2.3 h1:uKQP/7QOzNtKYH7UTohZLcjF5/55EnTw0jO/Ru4jZwI= -github.com/pjbgf/sha1cd v0.2.3/go.mod h1:HOK9QrgzdHpbc2Kzip0Q1yi3M2MFGPADtR6HjG65m5M= -github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= +github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= +github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= @@ -166,12 +154,9 @@ github.com/prometheus/common v0.39.0 h1:oOyhkDq05hPZKItWVBkJ6g6AtGxi+fy7F4JvUV8u github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJfhI= github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM= github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= -github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= -github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8= -github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE= +github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c= github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE= -github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= github.com/sigstore/fulcio v1.1.0 h1:mzzJ05Ccu8Y2inyioklNvc8MpzlGHxu8YqNeTm0dHfU= @@ -179,9 +164,9 @@ github.com/sigstore/fulcio v1.1.0/go.mod h1:zv1ZQTXZbUwQdRwajlQksc34pRas+2aZYpIZ github.com/sigstore/sigstore v1.5.2 h1:rvZSPJDH2ysoc8kjW9v4nv1UX3XwSA8y4x6Dk7hA0D4= github.com/sigstore/sigstore v1.5.2/go.mod h1:wxhp9KoaOpeb1VLKILruD283KJqPSqX+3TuBByVDZ6E= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= -github.com/skeema/knownhosts v1.1.0 h1:Wvr9V0MxhjRbl3f9nMnKnFfiWTJmtECJ9Njkea3ysW0= -github.com/skeema/knownhosts v1.1.0/go.mod h1:sKFq3RD6/TKZkSWn8boUbDC7Qkgcv+8XXijpFO6roag= +github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= +github.com/skeema/knownhosts v1.2.1 h1:SHWdIUa82uGZz+F+47k8SY4QhhI291cXCpopT1lK2AQ= +github.com/skeema/knownhosts v1.2.1/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 h1:JIAuq3EEf9cgbU6AtGPK4CTG3Zf6CKMNqf0MHTggAUA= github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY= @@ -198,8 +183,6 @@ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcU github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes= github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= -github.com/testifysec/archivista-api v0.0.0-20230220215059-632b84b82b76 h1:GAUgHyg4ss2DDTIYG9RuVxap2smkAGtzpXcOvNxlLic= -github.com/testifysec/archivista-api v0.0.0-20230220215059-632b84b82b76/go.mod h1:6OYeTa1OOoVuqo9i8t6GAHtwg0CgofZVfwgVt7DgrwI= github.com/theupdateframework/go-tuf v0.5.2-0.20220930112810-3890c1e7ace4 h1:1i/Afw3rmaR1gF3sfVkG2X6ldkikQwA9zY380LrR5YI= github.com/theupdateframework/go-tuf v0.5.2-0.20220930112810-3890c1e7ace4/go.mod h1:vAqWV3zEs89byeFsAYoh/Q14vJTgJkHwnnRCWBBBINY= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0= @@ -236,17 +219,17 @@ golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= -golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= -golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= +golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= +golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= +golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= +golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -256,13 +239,14 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= -golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= +golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= +golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk= golang.org/x/oauth2 v0.7.0 h1:qe6s0zUXlPX80/dITx3440hWZ7GwMwgDDyrSGTPJG/g= golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= @@ -270,37 +254,35 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= -golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= +golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= -golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= -golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= +golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= +golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -309,15 +291,18 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ= +golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -338,10 +323,7 @@ gopkg.in/alexcesaro/statsd.v2 v2.0.0 h1:FXkZSCZIH17vLCO5sO2UucTHsH9pc+17F6pl3JVC gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= -gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI= @@ -349,16 +331,14 @@ gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76 gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/apimachinery v0.26.11 h1:w//840HHdwSRKqD15j9YX9HLlU6RPlfrvW0xEhLk2+0= -k8s.io/apimachinery v0.26.11/go.mod h1:2/HZp0l6coXtS26du1Bk36fCuAEr/lVs9Q9NbpBtd1Y= +k8s.io/apimachinery v0.26.12 h1:y+OgufxqLIZtyXIydRhjLBGzrYLF+qwiDdCFXYOjeN4= +k8s.io/apimachinery v0.26.12/go.mod h1:2/HZp0l6coXtS26du1Bk36fCuAEr/lVs9Q9NbpBtd1Y= k8s.io/klog/v2 v2.90.0 h1:VkTxIV/FjRXn1fgNNcKGM8cfmL1Z33ZjXRTVxKCoF5M= k8s.io/klog/v2 v2.90.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/utils v0.0.0-20230115233650-391b47cb4029 h1:L8zDtT4jrxj+TaQYD0k8KNlr556WaVQylDXswKmX+dE= diff --git a/imports.go b/imports.go index 1fa4afee..3736edf3 100644 --- a/imports.go +++ b/imports.go @@ -17,21 +17,21 @@ package witness // all of the following imports are here so that each of the package's init functions run appropriately import ( // attestors - _ "github.com/testifysec/go-witness/attestation/aws-iid" - _ "github.com/testifysec/go-witness/attestation/commandrun" - _ "github.com/testifysec/go-witness/attestation/environment" - _ "github.com/testifysec/go-witness/attestation/gcp-iit" - _ "github.com/testifysec/go-witness/attestation/git" - _ "github.com/testifysec/go-witness/attestation/github" - _ "github.com/testifysec/go-witness/attestation/gitlab" - _ "github.com/testifysec/go-witness/attestation/jwt" - _ "github.com/testifysec/go-witness/attestation/maven" - _ "github.com/testifysec/go-witness/attestation/oci" - _ "github.com/testifysec/go-witness/attestation/sarif" + _ "github.com/in-toto/go-witness/attestation/aws-iid" + _ "github.com/in-toto/go-witness/attestation/commandrun" + _ "github.com/in-toto/go-witness/attestation/environment" + _ "github.com/in-toto/go-witness/attestation/gcp-iit" + _ "github.com/in-toto/go-witness/attestation/git" + _ "github.com/in-toto/go-witness/attestation/github" + _ "github.com/in-toto/go-witness/attestation/gitlab" + _ "github.com/in-toto/go-witness/attestation/jwt" + _ "github.com/in-toto/go-witness/attestation/maven" + _ "github.com/in-toto/go-witness/attestation/oci" + _ "github.com/in-toto/go-witness/attestation/sarif" // signer providers - _ "github.com/testifysec/go-witness/signer/file" - _ "github.com/testifysec/go-witness/signer/fulcio" - _ "github.com/testifysec/go-witness/signer/spiffe" - _ "github.com/testifysec/go-witness/signer/vault" + _ "github.com/in-toto/go-witness/signer/file" + _ "github.com/in-toto/go-witness/signer/fulcio" + _ "github.com/in-toto/go-witness/signer/spiffe" + _ "github.com/in-toto/go-witness/signer/vault" ) diff --git a/intoto/statement.go b/intoto/statement.go index ee84ff63..6574276e 100644 --- a/intoto/statement.go +++ b/intoto/statement.go @@ -16,11 +16,14 @@ package intoto import ( "encoding/json" - "github.com/testifysec/go-witness/cryptoutil" + + "github.com/in-toto/go-witness/cryptoutil" ) -const StatementType = "https://in-toto.io/Statement/v0.1" -const PayloadType = "application/vnd.in-toto+json" +const ( + StatementType = "https://in-toto.io/Statement/v0.1" + PayloadType = "application/vnd.in-toto+json" +) type Subject struct { Name string `json:"name"` diff --git a/log/log.go b/log/log.go index 14d54256..31396dc1 100644 --- a/log/log.go +++ b/log/log.go @@ -58,8 +58,11 @@ func Warnf(format string, args ...interface{}) { if _, ok := a.(error); ok { err := fmt.Errorf(format, args...) log.Warn(err) + return } } + + log.Warnf(format, args...) } func Warn(args ...interface{}) { @@ -71,8 +74,11 @@ func Debugf(format string, args ...interface{}) { if _, ok := a.(error); ok { err := fmt.Errorf(format, args...) log.Debug(err) + return } } + + log.Debugf(format, args...) } func Debug(args ...interface{}) { diff --git a/policy/constraints.go b/policy/constraints.go index d1a5ebf0..b9f92627 100644 --- a/policy/constraints.go +++ b/policy/constraints.go @@ -18,7 +18,7 @@ import ( "fmt" "net/url" - "github.com/testifysec/go-witness/cryptoutil" + "github.com/in-toto/go-witness/cryptoutil" ) const ( diff --git a/policy/constraints_test.go b/policy/constraints_test.go index 3afd5cba..83afab6a 100644 --- a/policy/constraints_test.go +++ b/policy/constraints_test.go @@ -28,9 +28,9 @@ import ( "testing" "time" + "github.com/in-toto/go-witness/cryptoutil" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/testifysec/go-witness/cryptoutil" ) type checkConstraintAttributeCase struct { diff --git a/policy/errors.go b/policy/errors.go index 5b4dc8ad..88f1800b 100644 --- a/policy/errors.go +++ b/policy/errors.go @@ -19,7 +19,7 @@ import ( "strings" "time" - "github.com/testifysec/go-witness/cryptoutil" + "github.com/in-toto/go-witness/cryptoutil" ) type ErrNoAttestations string diff --git a/policy/policy.go b/policy/policy.go index b6456b1f..3eddcd94 100644 --- a/policy/policy.go +++ b/policy/policy.go @@ -20,10 +20,10 @@ import ( "crypto/x509" "time" - "github.com/testifysec/go-witness/attestation" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/log" - "github.com/testifysec/go-witness/source" + "github.com/in-toto/go-witness/attestation" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/log" + "github.com/in-toto/go-witness/source" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) diff --git a/policy/policy_test.go b/policy/policy_test.go index 6e767a20..6b5af3ac 100644 --- a/policy/policy_test.go +++ b/policy/policy_test.go @@ -25,13 +25,13 @@ import ( "testing" "time" + "github.com/in-toto/go-witness/attestation" + "github.com/in-toto/go-witness/attestation/commandrun" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/intoto" + "github.com/in-toto/go-witness/source" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/testifysec/go-witness/attestation" - "github.com/testifysec/go-witness/attestation/commandrun" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/intoto" - "github.com/testifysec/go-witness/source" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) diff --git a/policy/rego.go b/policy/rego.go index 6a436399..51e71e81 100644 --- a/policy/rego.go +++ b/policy/rego.go @@ -20,9 +20,9 @@ import ( "encoding/json" "fmt" + "github.com/in-toto/go-witness/attestation" "github.com/open-policy-agent/opa/ast" "github.com/open-policy-agent/opa/rego" - "github.com/testifysec/go-witness/attestation" ) func EvaluateRegoPolicy(attestor attestation.Attestor, policies []RegoPolicy) error { diff --git a/policy/rego_test.go b/policy/rego_test.go index 3ae3d373..ab767e9e 100644 --- a/policy/rego_test.go +++ b/policy/rego_test.go @@ -17,9 +17,9 @@ package policy import ( "testing" + "github.com/in-toto/go-witness/attestation/git" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/testifysec/go-witness/attestation/git" ) func TestRegoPolicy(t *testing.T) { diff --git a/policy/step.go b/policy/step.go index 15a54001..b1b63ef0 100644 --- a/policy/step.go +++ b/policy/step.go @@ -18,8 +18,8 @@ import ( "fmt" "strings" - "github.com/testifysec/go-witness/attestation" - "github.com/testifysec/go-witness/source" + "github.com/in-toto/go-witness/attestation" + "github.com/in-toto/go-witness/source" ) // +kubebuilder:object:generate=true diff --git a/run.go b/run.go index d9c489b3..b6ccd2ca 100644 --- a/run.go +++ b/run.go @@ -19,12 +19,12 @@ import ( "encoding/json" "fmt" - "github.com/testifysec/go-witness/attestation" - "github.com/testifysec/go-witness/attestation/environment" - "github.com/testifysec/go-witness/attestation/git" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/dsse" - "github.com/testifysec/go-witness/intoto" + "github.com/in-toto/go-witness/attestation" + "github.com/in-toto/go-witness/attestation/environment" + "github.com/in-toto/go-witness/attestation/git" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/dsse" + "github.com/in-toto/go-witness/intoto" ) type runOptions struct { diff --git a/sign.go b/sign.go index 8f10a028..c2d0a58e 100644 --- a/sign.go +++ b/sign.go @@ -18,7 +18,7 @@ import ( "encoding/json" "io" - "github.com/testifysec/go-witness/dsse" + "github.com/in-toto/go-witness/dsse" ) func Sign(r io.Reader, dataType string, w io.Writer, opts ...dsse.SignOption) error { diff --git a/signer/file/file.go b/signer/file/file.go index 95256daa..f76d8116 100644 --- a/signer/file/file.go +++ b/signer/file/file.go @@ -20,9 +20,9 @@ import ( "fmt" "os" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/registry" - "github.com/testifysec/go-witness/signer" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/registry" + "github.com/in-toto/go-witness/signer" ) func init() { diff --git a/signer/fulcio/fulcio.go b/signer/fulcio/fulcio.go index 449e7553..fc4c55d8 100644 --- a/signer/fulcio/fulcio.go +++ b/signer/fulcio/fulcio.go @@ -31,16 +31,16 @@ import ( "strings" "time" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/log" + "github.com/in-toto/go-witness/registry" + "github.com/in-toto/go-witness/signer" "github.com/mattn/go-isatty" fulciopb "github.com/sigstore/fulcio/pkg/generated/protobuf" "github.com/sigstore/sigstore/pkg/cryptoutils" "github.com/sigstore/sigstore/pkg/oauthflow" "github.com/sigstore/sigstore/pkg/signature" sigo "github.com/sigstore/sigstore/pkg/signature/options" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/log" - "github.com/testifysec/go-witness/registry" - "github.com/testifysec/go-witness/signer" "google.golang.org/grpc" "google.golang.org/grpc/credentials" "google.golang.org/grpc/credentials/insecure" @@ -105,6 +105,20 @@ func init() { return fsp, nil }, ), + registry.StringConfigOption( + "oidc-redirect-url", + "OIDC redirect URL (Optional). The default oidc-redirect-url is 'http://localhost:0/auth/callback'.", + "", + func(sp signer.SignerProvider, oidcRedirectUrl string) (signer.SignerProvider, error) { + fsp, ok := sp.(FulcioSignerProvider) + if !ok { + return sp, fmt.Errorf("provided signer provider is not a fulcio signer provider") + } + + WithOidcRedirectUrl(oidcRedirectUrl)(&fsp) + return fsp, nil + }, + ), registry.StringConfigOption( "token-path", "Path to the file containing a raw token to use for authentication to fulcio (cannot be used in conjunction with --fulcio-token)", @@ -123,11 +137,12 @@ func init() { } type FulcioSignerProvider struct { - FulcioURL string - OidcIssuer string - OidcClientID string - Token string - TokenPath string + FulcioURL string + OidcIssuer string + OidcClientID string + Token string + TokenPath string + OidcRedirectUrl string } type Option func(*FulcioSignerProvider) @@ -156,6 +171,13 @@ func WithToken(tokenOption string) Option { } } + +func WithOidcRedirectUrl(oidcRedirectUrl string) Option { + return func(fsp *FulcioSignerProvider) { + fsp.OidcRedirectUrl = oidcRedirectUrl + } +} + func WithTokenPath(tokenPathOption string) Option { return func(fsp *FulcioSignerProvider) { fsp.TokenPath = tokenPathOption @@ -243,7 +265,7 @@ func (fsp FulcioSignerProvider) Signer(ctx context.Context) (cryptoutil.Signer, raw = string(f) case fsp.Token == "" && isatty.IsTerminal(os.Stdin.Fd()): - tok, err := oauthflow.OIDConnect(fsp.OidcIssuer, fsp.OidcClientID, "", "", oauthflow.DefaultIDTokenGetter) + tok, err := oauthflow.OIDConnect(fsp.OidcIssuer, fsp.OidcClientID, "", fsp.OidcRedirectUrl, oauthflow.DefaultIDTokenGetter) if err != nil { return nil, err } diff --git a/signer/registry.go b/signer/registry.go index a445df31..3c828fde 100644 --- a/signer/registry.go +++ b/signer/registry.go @@ -17,13 +17,11 @@ package signer import ( "context" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/registry" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/registry" ) -var ( - signerRegistry = registry.New[SignerProvider]() -) +var signerRegistry = registry.New[SignerProvider]() type SignerProvider interface { Signer(context.Context) (cryptoutil.Signer, error) diff --git a/signer/spiffe/spiffe.go b/signer/spiffe/spiffe.go index ee76fe6e..34d708e6 100644 --- a/signer/spiffe/spiffe.go +++ b/signer/spiffe/spiffe.go @@ -18,10 +18,10 @@ import ( "context" "fmt" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/registry" + "github.com/in-toto/go-witness/signer" "github.com/spiffe/go-spiffe/v2/workloadapi" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/registry" - "github.com/testifysec/go-witness/signer" ) func init() { diff --git a/signer/vault/signerprovider.go b/signer/vault/signerprovider.go index 27ec65c6..c6a19da3 100644 --- a/signer/vault/signerprovider.go +++ b/signer/vault/signerprovider.go @@ -21,9 +21,9 @@ import ( "strings" "time" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/registry" - "github.com/testifysec/go-witness/signer" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/registry" + "github.com/in-toto/go-witness/signer" ) const ( diff --git a/signer/vault/signerprovider_test.go b/signer/vault/signerprovider_test.go index c5a2f007..39c44e74 100644 --- a/signer/vault/signerprovider_test.go +++ b/signer/vault/signerprovider_test.go @@ -25,9 +25,9 @@ import ( "testing" "time" + "github.com/in-toto/go-witness/cryptoutil" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/testifysec/go-witness/cryptoutil" ) func createRsaKey() (*rsa.PrivateKey, *rsa.PublicKey, error) { diff --git a/source/archivista.go b/source/archivista.go index 66c4ec32..2f74f722 100644 --- a/source/archivista.go +++ b/source/archivista.go @@ -17,7 +17,7 @@ package source import ( "context" - "github.com/testifysec/go-witness/archivista" + "github.com/in-toto/go-witness/archivista" ) type ArchivistaSource struct { diff --git a/source/memory.go b/source/memory.go index df6e5609..8f7450e7 100644 --- a/source/memory.go +++ b/source/memory.go @@ -21,7 +21,7 @@ import ( "io" "os" - "github.com/testifysec/go-witness/dsse" + "github.com/in-toto/go-witness/dsse" ) type ErrDuplicateReference string diff --git a/source/source.go b/source/source.go index 7ebd5e41..1aad2bbd 100644 --- a/source/source.go +++ b/source/source.go @@ -18,9 +18,9 @@ import ( "context" "encoding/json" - "github.com/testifysec/go-witness/attestation" - "github.com/testifysec/go-witness/dsse" - "github.com/testifysec/go-witness/intoto" + "github.com/in-toto/go-witness/attestation" + "github.com/in-toto/go-witness/dsse" + "github.com/in-toto/go-witness/intoto" ) type CollectionEnvelope struct { diff --git a/source/verified.go b/source/verified.go index 0bbc0058..46fc561e 100644 --- a/source/verified.go +++ b/source/verified.go @@ -17,9 +17,9 @@ package source import ( "context" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/dsse" - "github.com/testifysec/go-witness/log" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/dsse" + "github.com/in-toto/go-witness/log" ) type VerifiedCollection struct { diff --git a/timestamp/tsp.go b/timestamp/tsp.go index 8e6d1303..e8a1e596 100644 --- a/timestamp/tsp.go +++ b/timestamp/tsp.go @@ -26,7 +26,7 @@ import ( "github.com/digitorus/pkcs7" "github.com/digitorus/timestamp" - "github.com/testifysec/go-witness/cryptoutil" + "github.com/in-toto/go-witness/cryptoutil" ) type TSPTimestamper struct { diff --git a/timestamp/tsp_test.go b/timestamp/tsp_test.go index f9e61757..60698931 100644 --- a/timestamp/tsp_test.go +++ b/timestamp/tsp_test.go @@ -20,9 +20,9 @@ import ( "crypto/x509" "testing" + "github.com/in-toto/go-witness/cryptoutil" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/testifysec/go-witness/cryptoutil" ) const ( diff --git a/verify.go b/verify.go index 857aa09b..bb20df6b 100644 --- a/verify.go +++ b/verify.go @@ -21,11 +21,11 @@ import ( "fmt" "io" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/dsse" - "github.com/testifysec/go-witness/policy" - "github.com/testifysec/go-witness/source" - "github.com/testifysec/go-witness/timestamp" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/dsse" + "github.com/in-toto/go-witness/policy" + "github.com/in-toto/go-witness/source" + "github.com/in-toto/go-witness/timestamp" ) func VerifySignature(r io.Reader, verifiers ...cryptoutil.Verifier) (dsse.Envelope, error) {