in-toto · jkjell · Dec 4, 2024 · Dec 4, 2024 · Dec 4, 2024
diff --git a/docs/attestors/git.json b/docs/attestors/git.json
@@ -4,6 +4,15 @@
   "$defs": {
     "Attestor": {
       "properties": {
+        "gittool": {
+          "type": "string"
+        },
+        "gitbinpath": {
+          "type": "string"
+        },
+        "gitbinhash": {
+          "$ref": "#/$defs/DigestSet"
+        },
         "commithash": {
           "type": "string"
         },
@@ -71,6 +80,7 @@
       "additionalProperties": false,
       "type": "object",
       "required": [
+        "gittool",
         "commithash",
         "author",
         "authoremail",

diff --git a/docs/attestors/git.md b/docs/attestors/git.md
@@ -3,19 +3,28 @@
 The Git Attestor records the current state of the objects in the git repository, including untracked objects.
 Both staged and unstaged states are recorded.
 
-
 ## Subjects
 
 The attestor returns the SHA1 ([Secure Hash Algorithm 1](https://en.wikipedia.org/wiki/SHA-1)) git commit hash as a subject.
 
 ## Schema
+
 ```json
 {
   "$schema": "https://json-schema.org/draft/2020-12/schema",
   "$ref": "#/$defs/Attestor",
   "$defs": {
     "Attestor": {
       "properties": {
+        "gittool": {
+          "type": "string"
+        },
+        "gitbinpath": {
+          "type": "string"
+        },
+        "gitbinhash": {
+          "$ref": "#/$defs/DigestSet"
+        },
         "commithash": {
           "type": "string"
         },
@@ -83,6 +92,7 @@ The attestor returns the SHA1 ([Secure Hash Algorithm 1](https://en.wikipedia.or
       "additionalProperties": false,
       "type": "object",
       "required": [
+        "gittool",
         "commithash",
         "author",
         "authoremail",

diff --git a/docs/attestors/jenkins.json b/docs/attestors/jenkins.json
@@ -0,0 +1,55 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$ref": "#/$defs/Attestor",
+  "$defs": {
+    "Attestor": {
+      "properties": {
+        "buildid": {
+          "type": "string"
+        },
+        "buildnumber": {
+          "type": "string"
+        },
+        "buildtag": {
+          "type": "string"
+        },
+        "pipelineurl": {
+          "type": "string"
+        },
+        "executornumber": {
+          "type": "string"
+        },
+        "javahome": {
+          "type": "string"
+        },
+        "jenkinsurl": {
+          "type": "string"
+        },
+        "jobname": {
+          "type": "string"
+        },
+        "nodename": {
+          "type": "string"
+        },
+        "workspace": {
+          "type": "string"
+        }
+      },
+      "additionalProperties": false,
+      "type": "object",
+      "required": [
+        "buildid",
+        "buildnumber",
+        "buildtag",
+        "pipelineurl",
+        "executornumber",
+        "javahome",
+        "jenkinsurl",
+        "jobname",
+        "nodename",
+        "workspace"
+      ]
+    }
+  }
+}
+
diff --git a/docs/attestors/jenkins.md b/docs/attestors/jenkins.md
@@ -0,0 +1,63 @@
+# Jenkins Attestor
+
+The [Jenkins](https://www.jenkins.io/) Attestor records information about the Jenkins CI/CD job execution in which
+Witness was run.
+
+## Schema
+
+```json
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$ref": "#/$defs/Attestor",
+  "$defs": {
+    "Attestor": {
+      "properties": {
+        "buildid": {
+          "type": "string"
+        },
+        "buildnumber": {
+          "type": "string"
+        },
+        "buildtag": {
+          "type": "string"
+        },
+        "pipelineurl": {
+          "type": "string"
+        },
+        "executornumber": {
+          "type": "string"
+        },
+        "javahome": {
+          "type": "string"
+        },
+        "jenkinsurl": {
+          "type": "string"
+        },
+        "jobname": {
+          "type": "string"
+        },
+        "nodename": {
+          "type": "string"
+        },
+        "workspace": {
+          "type": "string"
+        }
+      },
+      "additionalProperties": false,
+      "type": "object",
+      "required": [
+        "buildid",
+        "buildnumber",
+        "buildtag",
+        "pipelineurl",
+        "executornumber",
+        "javahome",
+        "jenkinsurl",
+        "jobname",
+        "nodename",
+        "workspace"
+      ]
+    }
+  }
+}
+```
diff --git a/go.mod b/go.mod
@@ -3,7 +3,7 @@ module github.com/in-toto/witness
 go 1.23.2
 
 require (
-	github.com/in-toto/go-witness v0.6.0
+	github.com/in-toto/go-witness v0.7.0
 	github.com/invopop/jsonschema v0.12.0
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/sigstore/fulcio v1.6.5
@@ -35,28 +35,28 @@ require (
 	cloud.google.com/go/kms v1.20.0 // indirect
 	cloud.google.com/go/longrunning v0.6.1 // indirect
 	dario.cat/mergo v1.0.1 // indirect
-	github.com/CycloneDX/cyclonedx-go v0.9.0 // indirect
+	github.com/CycloneDX/cyclonedx-go v0.9.1 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/OneOfOne/xxhash v1.2.8 // indirect
 	github.com/ProtonMail/go-crypto v1.0.0 // indirect
 	github.com/agnivade/levenshtein v1.1.1 // indirect
 	github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect
 	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
 	github.com/aws/aws-sdk-go v1.55.5 // indirect
-	github.com/aws/aws-sdk-go-v2 v1.31.0 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.27.37 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.35 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.18 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.18 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.32.2 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.27.43 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.41 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.17 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.20 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.35.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.23.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.31.1 // indirect
-	github.com/aws/smithy-go v1.21.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.24.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.32.2 // indirect
+	github.com/aws/smithy-go v1.22.0 // indirect
 	github.com/bahlo/generic-list-go v0.2.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/buger/jsonparser v1.1.1 // indirect
@@ -73,7 +73,7 @@ require (
 	github.com/fkautz/omnitrail-go v0.0.0-20230808061951-37d34c23539d // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.4 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.7 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.5.0 // indirect
 	github.com/go-git/go-git/v5 v5.11.0 // indirect
@@ -94,7 +94,7 @@ require (
 	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 // indirect
 	github.com/hashicorp/hcl v1.0.1-vault-3 // indirect
-	github.com/in-toto/archivista v0.5.1 // indirect
+	github.com/in-toto/archivista v0.5.4 // indirect
 	github.com/in-toto/attestation v1.0.2 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
@@ -130,10 +130,10 @@ require (
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/secure-systems-lab/go-securesystemslib v0.8.0 // indirect
 	github.com/sergi/go-diff v1.3.1 // indirect
-	github.com/sigstore/sigstore v1.8.9 // indirect
+	github.com/sigstore/sigstore v1.8.10 // indirect
 	github.com/skeema/knownhosts v1.2.1 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
-	github.com/spdx/tools-golang v0.5.4 // indirect
+	github.com/spdx/tools-golang v0.5.5 // indirect
 	github.com/spf13/afero v1.11.0 // indirect
 	github.com/spf13/cast v1.7.0 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
@@ -155,13 +155,14 @@ require (
 	go.opentelemetry.io/otel/sdk v1.29.0 // indirect
 	go.opentelemetry.io/otel/trace v1.30.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/crypto v0.27.0 // indirect
+	golang.org/x/crypto v0.29.0 // indirect
 	golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 // indirect
-	golang.org/x/net v0.29.0 // indirect
-	golang.org/x/sync v0.8.0 // indirect
-	golang.org/x/sys v0.25.0 // indirect
-	golang.org/x/term v0.24.0 // indirect
-	golang.org/x/text v0.18.0 // indirect
+	golang.org/x/mod v0.21.0 // indirect
+	golang.org/x/net v0.31.0 // indirect
+	golang.org/x/sync v0.9.0 // indirect
+	golang.org/x/sys v0.27.0 // indirect
+	golang.org/x/term v0.26.0 // indirect
+	golang.org/x/text v0.20.0 // indirect
 	golang.org/x/time v0.6.0 // indirect
 	google.golang.org/api v0.199.0 // indirect
 	google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 // indirect