Collection

Witness enables users to generate a wide variety of attestation predicates (arbitrary metadata about a subject artifact, with a type-specific schema) through the use of attestors. For each witness run, multiple attestors can be specified and therefore multiple predicates can be generated as an output. Witness correlates each run invocation to a "step" in an artifacts supply-chain lifecycle (the name of which is determine by the --step flag). Witness therefore needs a way of bundling these predicates together to form a complete representation of that specific step, but also to avoid the repeated process of signing multiple statements. The Collection object is a predicate type that achieves this.

Schema

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://github.com/in-toto/go-witness/attestation/collection",
  "$ref": "#/$defs/Collection",
  "$defs": {
    "Collection": {
      "properties": {
        "name": {
          "type": "string"
        },
        "attestations": {
          "items": {
            "$ref": "#/$defs/CollectionAttestation"
          },
          "type": "array"
        }
      },
      "additionalProperties": false,
      "type": "object",
      "required": [
        "name",
        "attestations"
      ]
    },
    "CollectionAttestation": {
      "properties": {
        "type": {
          "type": "string"
        },
        "attestation": true,
        "starttime": {
          "type": "string",
          "format": "date-time"
        },
        "endtime": {
          "type": "string",
          "format": "date-time"
        }
      },
      "additionalProperties": false,
      "type": "object",
      "required": [
        "type",
        "attestation",
        "starttime",
        "endtime"
      ]
    }
  }
}