From bb842ee639d058c2187f664f2fedbddd134d08c7 Mon Sep 17 00:00:00 2001
From: chaosinthecrd <tom@tmlabs.co.uk>
Date: Wed, 10 Apr 2024 13:49:31 +0100
Subject: [PATCH] adding warning mesage for slsa attestor

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
---
 attestation/slsa/slsa.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/attestation/slsa/slsa.go b/attestation/slsa/slsa.go
index 9a1645b2..2ad8a9c2 100644
--- a/attestation/slsa/slsa.go
+++ b/attestation/slsa/slsa.go
@@ -31,6 +31,7 @@ import (
 	"github.com/in-toto/go-witness/attestation/oci"
 	"github.com/in-toto/go-witness/attestation/product"
 	"github.com/in-toto/go-witness/cryptoutil"
+	"github.com/in-toto/go-witness/log"
 	"github.com/in-toto/go-witness/registry"
 	"golang.org/x/exp/maps"
 	"google.golang.org/protobuf/types/known/structpb"
@@ -210,6 +211,11 @@ func (p *Provenance) Attest(ctx *attestation.AttestationContext) error {
 		}
 	}
 
+	// NOTE: We want to warn users that they can use the github and gitlab attestors to enrich their provenance
+	if p.PbProvenance.RunDetails.Builder.Id == DefaultBuilderId {
+		log.Warn("No build system attestor invoked. Consider using github or gitlab attestors (if appropriate) to enrich your SLSA provenance")
+	}
+
 	var err error
 	p.PbProvenance.BuildDefinition.InternalParameters, err = structpb.NewStruct(internalParameters)
 	if err != nil {