refactor(attestation): use in_toto library and update to slsa provenance schema v1 (!4094) · Merge requests · GitLab.org / gitlab-runner · GitLab

Lukas Höhl requested to merge Hown3d/gitlab-runner:hown3d/in_toto into main May 17, 2023

What does this MR do?

Update SLSA Provenance to v1
Use in_toto_golang library to generate In-Toto Statement

Why was this MR needed?

Managing a own golang structure set of a in-toto statement is tideous to update and maintain.

The golang library https://github.com/in-toto/in-toto-golang manages and maintans those structures acording to the specification

What's the best way to test this MR?

Migration of SLSA provenance spec is done using the guide from the framework itself: https://slsa.dev/provenance/v1#migrating-from-02

What are the relevant issue numbers?

Edited May 17, 2023 by Lukas Höhl