Type URI: https://in-toto.io/Link/v1
A generic attestation type with the same schema as in-toto 0.9. This allows existing in-toto users to make minimal changes to upgrade to the new attestation format.
Most users should migrate to a more specific attestation type, such as Provenance.
{
"subject": [{ ... }],
"predicateType": "https://in-toto.io/Link/v1",
"predicate": {
"_type": "link",
"name": "...",
"command": "...",
"materials": { ... },
"products": { ... },
"byproducts": { ... },
"environment": { ... }
}
}(Note: This is a Predicate type that fits within the larger Attestation framework.)
The predicate has the same schema as the link's signed field in
in-toto 0.9. See that document for details.
The subject MUST contain whatever elements from products or materials make
sense. For example, a traditional "build" step would list the products in the
subject, whereas a "test" or "vulnerability scan" would like the relevant
materials.
- Bump up the in-toto version from 0.9 to 1.0 once in-toto/docs issue #46 is resolved.