Skip to content

Commit efa204b

Browse files
benmssbenmss
committed
chore: add integration test expected result.
Signed-off-by: Ben Selwyn-Smith <[email protected]>
1 parent 1ccaefc commit efa204b

File tree

1 file changed

+334
-0
lines changed

1 file changed

+334
-0
lines changed

tests/e2e/expected_results/purl/npm/semver/semver.json

Lines changed: 334 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,334 @@
1+
{
2+
"metadata": {
3+
"timestamps": "2024-03-22 09:02:56",
4+
"has_passing_check": true,
5+
"run_checks": [
6+
"mcn_provenance_available_1",
7+
"mcn_provenance_expectation_1",
8+
"mcn_provenance_witness_level_one_1",
9+
"mcn_trusted_builder_level_three_1",
10+
"mcn_build_as_code_1",
11+
"mcn_build_script_1",
12+
"mcn_build_service_1",
13+
"mcn_infer_artifact_pipeline_1",
14+
"mcn_provenance_level_three_1",
15+
"mcn_version_control_system_1"
16+
],
17+
"check_tree": {
18+
"mcn_provenance_available_1": {
19+
"mcn_provenance_level_three_1": {},
20+
"mcn_provenance_expectation_1": {},
21+
"mcn_provenance_witness_level_one_1": {}
22+
},
23+
"mcn_version_control_system_1": {
24+
"mcn_trusted_builder_level_three_1": {
25+
"mcn_build_as_code_1": {
26+
"mcn_build_service_1": {
27+
"mcn_build_script_1": {}
28+
},
29+
"mcn_infer_artifact_pipeline_1": {}
30+
}
31+
}
32+
}
33+
}
34+
},
35+
"target": {
36+
"info": {
37+
"full_name": "pkg:npm/[email protected]",
38+
"local_cloned_path": "git_repos/github.com/npm/node-semver",
39+
"remote_path": "https://github.com/npm/node-semver",
40+
"branch": null,
41+
"commit_hash": "377f709718053a477ed717089c4403c4fec332a1",
42+
"commit_date": "2024-02-05T09:03:38-08:00"
43+
},
44+
"provenances": {
45+
"is_inferred": false,
46+
"content": {
47+
"github_actions": [
48+
{
49+
"_type": "https://in-toto.io/Statement/v0.1",
50+
"subject": [],
51+
"predicateType": "https://slsa.dev/provenance/v0.2",
52+
"predicate": {
53+
"builder": {
54+
"id": "<URI>"
55+
},
56+
"buildType": "<URI>",
57+
"invocation": {
58+
"configSource": {
59+
"uri": "<URI>",
60+
"digest": {
61+
"sha1": "<STING>"
62+
},
63+
"entryPoint": "<STRING>"
64+
},
65+
"parameters": {},
66+
"environment": {}
67+
},
68+
"buildConfig": {
69+
"jobID": "<STRING>",
70+
"stepID": "<STRING>"
71+
},
72+
"metadata": {
73+
"buildInvocationId": "<STRING>",
74+
"buildStartedOn": "<TIMESTAMP>",
75+
"buildFinishedOn": "<TIMESTAMP>",
76+
"completeness": {
77+
"parameters": "false",
78+
"environment": "false",
79+
"materials": "false"
80+
},
81+
"reproducible": "false"
82+
},
83+
"materials": [
84+
{
85+
"uri": "<URI>",
86+
"digest": {}
87+
}
88+
]
89+
}
90+
}
91+
],
92+
"npm Registry": [
93+
{
94+
"_type": "https://in-toto.io/Statement/v1",
95+
"subject": [
96+
{
97+
"name": "pkg:npm/[email protected]",
98+
"digest": {
99+
"sha512": "127c1786b9705cc93d80abb9fdf971e6cbff6a7e7b024469946de14caebc5bb1510cdfa4f8e5818fae4cefbd7d3a403cd972c1c6b717d0a4878fe5f908e84e56"
100+
}
101+
}
102+
],
103+
"predicateType": "https://slsa.dev/provenance/v1",
104+
"predicate": {
105+
"buildDefinition": {
106+
"buildType": "https://slsa-framework.github.io/github-actions-buildtypes/workflow/v1",
107+
"externalParameters": {
108+
"workflow": {
109+
"ref": "refs/heads/main",
110+
"repository": "https://github.com/npm/node-semver",
111+
"path": ".github/workflows/release.yml"
112+
}
113+
},
114+
"internalParameters": {
115+
"github": {
116+
"event_name": "push",
117+
"repository_id": "1357199",
118+
"repository_owner_id": "6078720"
119+
}
120+
},
121+
"resolvedDependencies": [
122+
{
123+
"uri": "git+https://github.com/npm/node-semver@refs/heads/main",
124+
"digest": {
125+
"gitCommit": "377f709718053a477ed717089c4403c4fec332a1"
126+
}
127+
}
128+
]
129+
},
130+
"runDetails": {
131+
"builder": {
132+
"id": "https://github.com/actions/runner/github-hosted"
133+
},
134+
"metadata": {
135+
"invocationId": "https://github.com/npm/node-semver/actions/runs/7788106733/attempts/1"
136+
}
137+
}
138+
}
139+
}
140+
]
141+
}
142+
},
143+
"checks": {
144+
"summary": {
145+
"DISABLED": 0,
146+
"FAILED": 4,
147+
"PASSED": 5,
148+
"SKIPPED": 0,
149+
"UNKNOWN": 1
150+
},
151+
"results": [
152+
{
153+
"check_id": "mcn_provenance_expectation_1",
154+
"check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.",
155+
"slsa_requirements": [
156+
"Provenance conforms with expectations - SLSA Level 3"
157+
],
158+
"justification": [
159+
"Not Available."
160+
],
161+
"result_type": "UNKNOWN"
162+
},
163+
{
164+
"check_id": "mcn_build_as_code_1",
165+
"check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.",
166+
"slsa_requirements": [
167+
"Build as code - SLSA Level 3"
168+
],
169+
"justification": [
170+
"build_tool_name: npm",
171+
"ci_service_name: github_actions",
172+
"deploy_command: [\"npm\", \"publish\", \"--provenance\", \"--tag=\\\"$1\\\"\"]",
173+
{
174+
"build_trigger": "https://github.com/npm/node-semver/blob/377f709718053a477ed717089c4403c4fec332a1/.github/workflows/release-integration.yml"
175+
}
176+
],
177+
"result_type": "PASSED"
178+
},
179+
{
180+
"check_id": "mcn_build_script_1",
181+
"check_description": "Check if the target repo has a valid build script.",
182+
"slsa_requirements": [
183+
"Scripted Build - SLSA Level 1"
184+
],
185+
"justification": [
186+
"Not Available."
187+
],
188+
"result_type": "PASSED"
189+
},
190+
{
191+
"check_id": "mcn_build_service_1",
192+
"check_description": "Check if the target repo has a valid build service.",
193+
"slsa_requirements": [
194+
"Build service - SLSA Level 2"
195+
],
196+
"justification": [
197+
"Not Available."
198+
],
199+
"result_type": "PASSED"
200+
},
201+
{
202+
"check_id": "mcn_provenance_available_1",
203+
"check_description": "Check whether the target has intoto provenance.",
204+
"slsa_requirements": [
205+
"Provenance - Available - SLSA Level 1",
206+
"Provenance content - Identifies build instructions - SLSA Level 1",
207+
"Provenance content - Identifies artifacts - SLSA Level 1",
208+
"Provenance content - Identifies builder - SLSA Level 1"
209+
],
210+
"justification": [
211+
"asset_name: semver",
212+
{
213+
"asset_url": "https://registry.npmjs.org/-/npm/v1/attestations/[email protected]"
214+
}
215+
],
216+
"result_type": "PASSED"
217+
},
218+
{
219+
"check_id": "mcn_version_control_system_1",
220+
"check_description": "Check whether the target repo uses a version control system.",
221+
"slsa_requirements": [
222+
"Version controlled - SLSA Level 2"
223+
],
224+
"justification": [
225+
{
226+
"git_repo": "https://github.com/npm/node-semver"
227+
}
228+
],
229+
"result_type": "PASSED"
230+
},
231+
{
232+
"check_id": "mcn_infer_artifact_pipeline_1",
233+
"check_description": "Detects potential pipelines from which an artifact is published.",
234+
"slsa_requirements": [
235+
"Build as code - SLSA Level 3"
236+
],
237+
"justification": [
238+
"Not Available."
239+
],
240+
"result_type": "FAILED"
241+
},
242+
{
243+
"check_id": "mcn_provenance_level_three_1",
244+
"check_description": "Check whether the target has SLSA provenance level 3.",
245+
"slsa_requirements": [
246+
"Provenance - Non falsifiable - SLSA Level 3",
247+
"Provenance content - Includes all build parameters - SLSA Level 3",
248+
"Provenance content - Identifies entry point - SLSA Level 3",
249+
"Provenance content - Identifies source code - SLSA Level 2"
250+
],
251+
"justification": [
252+
"Not Available."
253+
],
254+
"result_type": "FAILED"
255+
},
256+
{
257+
"check_id": "mcn_provenance_witness_level_one_1",
258+
"check_description": "Check whether the target has a level-1 witness provenance.",
259+
"slsa_requirements": [
260+
"Provenance - Available - SLSA Level 1",
261+
"Provenance content - Identifies build instructions - SLSA Level 1",
262+
"Provenance content - Identifies artifacts - SLSA Level 1",
263+
"Provenance content - Identifies builder - SLSA Level 1"
264+
],
265+
"justification": [
266+
"Not Available."
267+
],
268+
"result_type": "FAILED"
269+
},
270+
{
271+
"check_id": "mcn_trusted_builder_level_three_1",
272+
"check_description": "Check whether the target uses a trusted SLSA level 3 builder.",
273+
"slsa_requirements": [
274+
"Hermetic - SLSA Level 4",
275+
"Isolated - SLSA Level 3",
276+
"Parameterless - SLSA Level 4",
277+
"Ephemeral environment - SLSA Level 3"
278+
],
279+
"justification": [
280+
"Not Available."
281+
],
282+
"result_type": "FAILED"
283+
}
284+
]
285+
}
286+
},
287+
"dependencies": {
288+
"analyzed_deps": 0,
289+
"unique_dep_repos": 0,
290+
"checks_summary": [
291+
{
292+
"check_id": "mcn_provenance_available_1",
293+
"num_deps_pass": 0
294+
},
295+
{
296+
"check_id": "mcn_provenance_expectation_1",
297+
"num_deps_pass": 0
298+
},
299+
{
300+
"check_id": "mcn_provenance_witness_level_one_1",
301+
"num_deps_pass": 0
302+
},
303+
{
304+
"check_id": "mcn_trusted_builder_level_three_1",
305+
"num_deps_pass": 0
306+
},
307+
{
308+
"check_id": "mcn_build_as_code_1",
309+
"num_deps_pass": 0
310+
},
311+
{
312+
"check_id": "mcn_build_script_1",
313+
"num_deps_pass": 0
314+
},
315+
{
316+
"check_id": "mcn_build_service_1",
317+
"num_deps_pass": 0
318+
},
319+
{
320+
"check_id": "mcn_infer_artifact_pipeline_1",
321+
"num_deps_pass": 0
322+
},
323+
{
324+
"check_id": "mcn_provenance_level_three_1",
325+
"num_deps_pass": 0
326+
},
327+
{
328+
"check_id": "mcn_version_control_system_1",
329+
"num_deps_pass": 0
330+
}
331+
],
332+
"dep_status": []
333+
}
334+
}

0 commit comments

Comments
 (0)