Skip to main content

atlas_cli/slsa/
mod.rs

1//! # SLSA (Supply-chain Levels for Software Artifacts) Implementation
2//!
3//! This module provides functionality for generating SLSA (Supply-chain Levels for Software Artifacts)
4//! v1 build provenance attestations. SLSA is a security framework that helps protect the integrity of
5//! software artifacts throughout the development and deployment pipeline.
6//!
7//! ## Overview
8//!
9//! SLSA provenance provides a cryptographically verifiable record of:
10//! - What software was built
11//! - How it was built (build process, tools, environment)
12//! - Who built it (builder identity and authentication)
13//! - When it was built (timestamps and metadata)
14//!
15//! ## SLSA Build Levels
16//!
17//! This implementation supports SLSA Build provenance with varying levels of security:
18//! - **Build L1**: Basic provenance generation with minimal requirements
19//! - **Build L2**: Enhanced provenance with hosted build service requirements
20//! - **Build L3**: High-confidence provenance with additional security controls
21//!
22//! ## Key Components
23//!
24//! - [`cli`] - An Atlas CLI specific generator for SLSA Build Provenance
25//! - [`generators`] - Core functions for creating SLSA provenance structures
26//! - [`BUILD_PROVENANCE_PREDICATE_TYPE_V1`] - Standard SLSA v1 predicate type URI
27//!
28//! ## Examples
29//!
30//! ### Basic Build Provenance Generation
31//!
32//! ```no_run
33//! use atlas_cli::slsa::cli::generate_build_provenance;
34//! use atlas_c2pa_lib::cose::HashAlgorithm;
35//! use std::path::PathBuf;
36//!
37//! // Generate SLSA build provenance for compiled artifacts
38//! generate_build_provenance(
39//!     vec![PathBuf::from("src/main.rs")],           // input files
40//!     PathBuf::from("Makefile"),                    // build script
41//!     vec![PathBuf::from("target/release/myapp")],  // output artifacts  
42//!     Some(PathBuf::from("signing_key.pem")),       // signing key
43//!     HashAlgorithm::Sha384,                        // hash algorithm
44//!     "json".to_string(),                           // output format
45//!     true,                                         // print to stdout
46//!     None,                                         // storage backend
47//!     false,                                        // TDX support
48//! ).unwrap();
49//! ```
50pub mod cli;
51pub mod generators;
52
53/// The standard SLSA v1 build provenance in-toto predicate type URI.
54///
55/// This constant defines the official predicate type identifier for SLSA build provenance
56/// attestations according to the SLSA v1 specification. It is used in in-toto Statements
57/// to indicate that the predicate contains SLSA build provenance information.
58///
59/// ```
60/// use atlas_cli::slsa::BUILD_PROVENANCE_PREDICATE_TYPE_V1;
61///
62/// // Used in attestation generation
63/// let predicate_type = BUILD_PROVENANCE_PREDICATE_TYPE_V1;
64/// assert_eq!(predicate_type, "https://slsa.dev/provenance/v1");
65/// ```
66pub const BUILD_PROVENANCE_PREDICATE_TYPE_V1: &str = "https://slsa.dev/provenance/v1";