This directory contains examples for SCAI use cases:
- Binary attributes
- Build process attributes
- Build environment attributes
- Build platform attributes
- Dependency vulnerability attributes
Before running any example, make sure to follow the setup instructions.
Each directory contains a script to run the Python example:
./run-example.shAnd to run the Go example:
./run-go-example.shThe resulting metadata will be stored in the respective metadata/ directory.
:: warn :: The scai-generator CLI tools do not generate digitally signed in-toto attestations. Any digitally signed attestations included in this repo are only provided for demo purposes.
We provide one end-to-end example for a container build that showcases both SCAI attestation generation, as well as verification of an ITE-10 in-toto layout and SCAI policy checking.
Use the examples/run-container-examples-e2e.sh bash script to run the full
example.