in-toto Attestation Framework Output #6208
Labels
contribution requested
This is a great feature idea, but we will need a contribution to get it added to Checkov.
enhancement
New feature or request
outputs
Comments
tsmithv11
added
contribution requested
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the issue
We're using Checkov and interested in a different output format. We'd like the data to follow the in-toto Attestation Specification. In-toto has a vulnerability predicate type that can be seen here; https://github.com/in-toto/attestation/blob/main/spec/predicates/vuln.md
The full in-toto Attestation spec can be seen here; https://github.com/in-toto/attestation/tree/main/spec
This format is used for signed metadata related to more than just security scans. It's useful for analyzing what occurred during a software pipeline.
The in-toto tooling is under the CNCF, which is part of the Linux Foundation.
Trivy supports this output, so adding it to Checkov would be a great addition. We have some dev resources that can assist with this, most likely.
The text was updated successfully, but these errors were encountered: