artifact_attributes.h 3.2 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879
  1. /*
  2. * Copyright The OpenTelemetry Authors
  3. * SPDX-License-Identifier: Apache-2.0
  4. */
  5. /*
  6. * DO NOT EDIT, this is an Auto-generated file from:
  7. * buildscripts/semantic-convention/templates/registry/semantic_attributes-h.j2
  8. */
  9. #pragma once
  10. #include "opentelemetry/common/macros.h"
  11. #include "opentelemetry/version.h"
  12. OPENTELEMETRY_BEGIN_NAMESPACE
  13. namespace semconv
  14. {
  15. namespace artifact
  16. {
  17. /**
  18. The provenance filename of the built attestation which directly relates to the build artifact
  19. filename. This filename SHOULD accompany the artifact at publish time. See the <a
  20. href="https://slsa.dev/spec/v1.0/distributing-provenance#relationship-between-artifacts-and-attestations">SLSA
  21. Relationship</a> specification for more information.
  22. */
  23. static constexpr const char *kArtifactAttestationFilename = "artifact.attestation.filename";
  24. /**
  25. The full <a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf">hash value (see
  26. glossary)</a>, of the built attestation. Some envelopes in the <a
  27. href="https://github.com/in-toto/attestation/tree/main/spec">software attestation space</a> also
  28. refer to this as the <strong>digest</strong>.
  29. */
  30. static constexpr const char *kArtifactAttestationHash = "artifact.attestation.hash";
  31. /**
  32. The id of the build <a href="https://slsa.dev/attestation-model">software attestation</a>.
  33. */
  34. static constexpr const char *kArtifactAttestationId = "artifact.attestation.id";
  35. /**
  36. The human readable file name of the artifact, typically generated during build and release
  37. processes. Often includes the package name and version in the file name. <p> This file name can
  38. also act as the <a href="https://slsa.dev/spec/v1.0/terminology#package-model">Package Name</a> in
  39. cases where the package ecosystem maps accordingly. Additionally, the artifact <a
  40. href="https://slsa.dev/spec/v1.0/terminology#software-supply-chain">can be published</a> for
  41. others, but that is not a guarantee.
  42. */
  43. static constexpr const char *kArtifactFilename = "artifact.filename";
  44. /**
  45. The full <a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf">hash value (see
  46. glossary)</a>, often found in checksum.txt on a release of the artifact and used to verify package
  47. integrity. <p> The specific algorithm used to create the cryptographic hash value is not defined.
  48. In situations where an artifact has multiple cryptographic hashes, it is up to the implementer to
  49. choose which hash value to set here; this should be the most secure hash algorithm that is
  50. suitable for the situation and consistent with the corresponding attestation. The implementer can
  51. then provide the other hash values through an additional set of attribute extensions as they deem
  52. necessary.
  53. */
  54. static constexpr const char *kArtifactHash = "artifact.hash";
  55. /**
  56. The <a href="https://github.com/package-url/purl-spec">Package URL</a> of the <a
  57. href="https://slsa.dev/spec/v1.0/terminology#package-model">package artifact</a> provides a
  58. standard way to identify and locate the packaged artifact.
  59. */
  60. static constexpr const char *kArtifactPurl = "artifact.purl";
  61. /**
  62. The version of the artifact.
  63. */
  64. static constexpr const char *kArtifactVersion = "artifact.version";
  65. } // namespace artifact
  66. } // namespace semconv
  67. OPENTELEMETRY_END_NAMESPACE