From bd07c014102e0f1997b056b8c152195b4669b9c6 Mon Sep 17 00:00:00 2001 From: hectorj2f Date: Sun, 13 Oct 2024 22:11:25 +0200 Subject: [PATCH] rename to use vulns and avoid ambiguous types Signed-off-by: hectorj2f --- protos/README.md | 4 ++-- .../{vuln/v0.1/vuln.proto => vulns/v0.1/vulns.proto} | 6 +++--- spec/predicates/{vuln.md => vulns.md} | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) rename protos/in_toto_attestation/predicates/{vuln/v0.1/vuln.proto => vulns/v0.1/vulns.proto} (92%) rename spec/predicates/{vuln.md => vulns.md} (98%) diff --git a/protos/README.md b/protos/README.md index ab9ef7d1..0ec63996 100644 --- a/protos/README.md +++ b/protos/README.md @@ -20,7 +20,7 @@ predicates have protobuf definitions: artifact. - [SCAI]: Evidence-based assertions about software artifact and supply chain attributes. -- [VULN]: Describes how to store the results of scanners when detecting vulnerabilities in a software artifact. +- [VULNS]: Describes how to store the results of scanners when detecting vulnerabilities in a software artifact. chain attributes. - [Test Result]: Expresses the result of a test run in the software supply chain. @@ -52,7 +52,7 @@ testing the supported language bindings. [SCAI]: in_toto_attestation/predicates/scai/ [SLSA Provenance]: in_toto_attestation/predicates/provenance/ [SLSA Verification Summary]: in_toto_attestation/predicates/vsa/ -[VULN]: in_toto_attestation/predicates/vuln/ +[VULNS]: in_toto_attestation/predicates/vulns/ [in-toto Link]: in_toto_attestation/predicates/link/ [Test Result]: in_toto_attestation/predicates/test_result/ [documentation]: ../docs/protos.md diff --git a/protos/in_toto_attestation/predicates/vuln/v0.1/vuln.proto b/protos/in_toto_attestation/predicates/vulns/v0.1/vulns.proto similarity index 92% rename from protos/in_toto_attestation/predicates/vuln/v0.1/vuln.proto rename to protos/in_toto_attestation/predicates/vulns/v0.1/vulns.proto index 0d0c57ee..124498b0 100644 --- a/protos/in_toto_attestation/predicates/vuln/v0.1/vuln.proto +++ b/protos/in_toto_attestation/predicates/vulns/v0.1/vulns.proto @@ -1,12 +1,12 @@ syntax = "proto3"; -package in_toto_attestation.predicates.vuln.v01; +package in_toto_attestation.predicates.vulns.v01; import "google/protobuf/struct.proto"; import "google/protobuf/timestamp.proto"; -option go_package = "github.com/in-toto/attestation/go/predicates/vuln/v1"; -option java_package = "io.github.intoto.attestation.predicates.vuln.v1"; +option go_package = "github.com/in-toto/attestation/go/predicates/vulns/v1"; +option java_package = "io.github.intoto.attestation.predicates.vulns.v1"; // Validation of all fields is left to the users of this proto. message Vuln { diff --git a/spec/predicates/vuln.md b/spec/predicates/vulns.md similarity index 98% rename from spec/predicates/vuln.md rename to spec/predicates/vulns.md index bc5849d7..9b24bb04 100644 --- a/spec/predicates/vuln.md +++ b/spec/predicates/vulns.md @@ -94,7 +94,7 @@ The `predicate` contains a JSON-encoded data with the following fields: > > > > > This is a string representing the severity score based on the selected method. -**scanner.result.[*].vulnerability.annotations, optional** list +**scanner.result.[*].vulnerability.annotations, optional** list, map > > > > > This is a list of key/value pairs where scanners can add additional custom information.