feat: add more tests for GCB verification (#389)

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

Signed-off-by: laurentsimon <laurentsimon@google.com>

cli/slsa-verifier/main_test.go

@@ -583,7 +583,8 @@ func Test_runVerifyGHAArtifactPath(t *testing.T) {
 					args := []string{
 						artifactPath,
 						"--source-uri", tt.source,
-						"--provenance-path", provenancePath}
+						"--provenance-path", provenancePath,
+					}
 					if bid != nil {
 						args = append(args, "--builder-id", *bid)
 					}
@@ -953,6 +954,102 @@ func Test_runVerifyGCBArtifactImage(t *testing.T) {
 			source:     "github.com/laurentsimon/gcb-tests",
 			err:        serrors.ErrorMismatchHash,
 		},
+		{
+			name:       "invalid signature encoding",
+			artifact:   "gcloud-container-github",
+			provenance: "gcloud-container-invalid-signature-encoding.json",
+			source:     "github.com/laurentsimon/gcb-tests",
+			err:        serrors.ErrorNoValidSignature,
+		},
+		{
+			name:       "invalid signature empty",
+			artifact:   "gcloud-container-github",
+			provenance: "gcloud-container-empty-signature.json",
+			source:     "github.com/laurentsimon/gcb-tests",
+			err:        serrors.ErrorNoValidSignature,
+		},
+		{
+			name:       "invalid signature none",
+			artifact:   "gcloud-container-github",
+			provenance: "gcloud-container-no-signature.json",
+			source:     "github.com/laurentsimon/gcb-tests",
+			err:        serrors.ErrorInvalidDssePayload,
+		},
+		{
+			name:       "invalid region",
+			artifact:   "gcloud-container-github",
+			provenance: "gcloud-container-invalid-signature-region.json",
+			source:     "github.com/laurentsimon/gcb-tests",
+			err:        serrors.ErrorNoValidSignature,
+		},
+		{
+			name:       "invalid empty region",
+			artifact:   "gcloud-container-github",
+			provenance: "gcloud-container-empty-signature-region.json",
+			source:     "github.com/laurentsimon/gcb-tests",
+			err:        serrors.ErrorNoValidSignature,
+		},
+		{
+			name:       "invalid keyid",
+			artifact:   "gcloud-container-github",
+			provenance: "gcloud-container-invalid-keyid.json",
+			source:     "github.com/laurentsimon/gcb-tests",
+			err:        serrors.ErrorNoValidSignature,
+		},
+		{
+			name:       "invalid keyid empty",
+			artifact:   "gcloud-container-github",
+			provenance: "gcloud-container-empty-keyid.json",
+			source:     "github.com/laurentsimon/gcb-tests",
+			err:        serrors.ErrorNoValidSignature,
+		},
+		{
+			name:       "invalid keyid none",
+			artifact:   "gcloud-container-github",
+			provenance: "gcloud-container-no-keyid.json",
+			source:     "github.com/laurentsimon/gcb-tests",
+			err:        serrors.ErrorNoValidSignature,
+		},
+		{
+			name:       "invalid signature multiple",
+			artifact:   "gcloud-container-github",
+			provenance: "gcloud-container-multiple-invalid-signatures.json",
+			source:     "github.com/laurentsimon/gcb-tests",
+			err:        serrors.ErrorNoValidSignature,
+		},
+		{
+			name:       "signature multiple 2nd valid",
+			artifact:   "gcloud-container-github",
+			provenance: "gcloud-container-multiple-signatures-2ndvalid.json",
+			source:     "github.com/laurentsimon/gcb-tests",
+		},
+		{
+			name:       "signature multiple 3rd valid",
+			artifact:   "gcloud-container-github",
+			provenance: "gcloud-container-multiple-signatures-3rdvalid.json",
+			source:     "github.com/laurentsimon/gcb-tests",
+		},
+		{
+			name:       "invalid multiple provenance",
+			artifact:   "gcloud-container-github",
+			provenance: "gcloud-container-multiple-invalid-provenance.json",
+			source:     "github.com/laurentsimon/gcb-tests",
+			err:        serrors.ErrorNoValidSignature,
+		},
+		// TODO(388): verify the correct provenance is returned.
+		// This should also be done for all other entries in this test.
+		{
+			name:       "multiple provenance 2nd valid",
+			artifact:   "gcloud-container-github",
+			provenance: "gcloud-container-multiple-provenance-2ndvalid.json",
+			source:     "github.com/laurentsimon/gcb-tests",
+		},
+		{
+			name:       "multiple provenance 3rd valid",
+			artifact:   "gcloud-container-github",
+			provenance: "gcloud-container-multiple-provenance-3rdvalid.json",
+			source:     "github.com/laurentsimon/gcb-tests",
+		},
 		{
 			name: "oci valid with tag",
 			// Image re-tagged and pushed to docker hub. This image is public.

cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-empty-keyid.json

@@ -0,0 +1,94 @@
+{
+    "image_summary": {
+      "digest": "sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd",
+      "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd",
+      "registry": "us-west2-docker.pkg.dev",
+      "repository": "quickstart-docker-repo"
+    },
+    "provenance_summary": {
+      "provenance": [
+        {
+          "build": {
+            "intotoStatement": {
+              "_type": "https://in-toto.io/Statement/v0.1",
+              "predicateType": "https://slsa.dev/provenance/v0.1",
+              "slsaProvenance": {
+                "builder": {
+                  "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2"
+                },
+                "materials": [
+                  {
+                    "uri": "https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e"
+                  }
+                ],
+                "metadata": {
+                  "buildFinishedOn": "2022-08-15T22:43:34.366498Z",
+                  "buildInvocationId": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b",
+                  "buildStartedOn": "2022-08-15T22:43:18.700638187Z"
+                },
+                "recipe": {
+                  "arguments": {
+                    "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build",
+                    "id": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b",
+                    "options": {
+                      "dynamicSubstitutions": true,
+                      "logging": "LEGACY",
+                      "pool": {},
+                      "substitutionOption": "ALLOW_LOOSE"
+                    },
+                    "sourceProvenance": {},
+                    "steps": [
+                      {
+                        "args": [
+                          "build",
+                          "-t",
+                          "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14",
+                          "."
+                        ],
+                        "name": "gcr.io/cloud-builders/docker",
+                        "pullTiming": {
+                          "endTime": "2022-08-15T22:43:21.662016533Z",
+                          "startTime": "2022-08-15T22:43:21.657262492Z"
+                        },
+                        "status": "SUCCESS",
+                        "timing": {
+                          "endTime": "2022-08-15T22:43:27.056377441Z",
+                          "startTime": "2022-08-15T22:43:21.657262492Z"
+                        }
+                      }
+                    ]
+                  },
+                  "entryPoint": "cloudbuild.yaml",
+                  "type": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2"
+                }
+              },
+              "subject": [
+                {
+                  "digest": {
+                    "sha256": "1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd"
+                  },
+                  "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14"
+                }
+              ]
+            }
+          },
+          "createTime": "2022-08-15T22:43:35.649016Z",
+          "envelope": {
+            "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4yIn0sIm1hdGVyaWFscyI6W3sidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMvY29tbWl0L2ZiYmI5ODc2NWU4NWFkNDY0MzAyZGM1OTc3OTY4MTA0ZDM2ZTQ1NWUifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDgtMTVUMjI6NDM6MzQuMzY2NDk4WiIsImJ1aWxkSW52b2NhdGlvbklkIjoiYjZlMDUyYTctNWFhNC00MWJmLWE1NmItOWJjNGU0ZjMwNThiIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjE4LjcwMDYzODE4N1oifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MTQiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NjIwMTY1MzNaIiwic3RhcnRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NTcyNjI0OTJaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjcuMDU2Mzc3NDQxWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9fV19LCJlbnRyeVBvaW50IjoiY2xvdWRidWlsZC55YW1sIiwidHlwZSI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9fSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4xIiwic2xzYVByb3ZlbmFuY2UiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9LCJtYXRlcmlhbHMiOlt7InVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzL2NvbW1pdC9mYmJiOTg3NjVlODVhZDQ2NDMwMmRjNTk3Nzk2ODEwNGQzNmU0NTVlIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjM0LjM2NjQ5OFoiLCJidWlsZEludm9jYXRpb25JZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOC0xNVQyMjo0MzoxOC43MDA2MzgxODdaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiJiNmUwNTJhNy01YWE0LTQxYmYtYTU2Yi05YmM0ZTRmMzA1OGIiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInN1YnN0aXR1dGlvbk9wdGlvbiI6IkFMTE9XX0xPT1NFIn0sInNvdXJjZVByb3ZlbmFuY2UiOnt9LCJzdGVwcyI6W3siYXJncyI6WyJidWlsZCIsIi10IiwidXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djE0IiwiLiJdLCJuYW1lIjoiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsInB1bGxUaW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjYyMDE2NTMzWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9LCJzdGF0dXMiOiJTVUNDRVNTIiwidGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjI3LjA1NjM3NzQ0MVoiLCJzdGFydFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjIxLjY1NzI2MjQ5MloifX1dfSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjIifX0sInN1YmplY3QiOlt7ImRpZ2VzdCI6eyJzaGEyNTYiOiIxYTAzM2IwMDJmODllZDJiOGVhNzMzMTYyNDk3ZmI3MGYxYTQwNDlhN2Y4NjAyZDZhMzM2ODJiNGFkOTkyMWZkIn0sIm5hbWUiOiJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYxNCJ9XX0=",
+            "payloadType": "application/vnd.in-toto+json",
+            "signatures": [
+              {
+                "sig": "MEYCIQD-0xUsdkYnsmKnQL_ndEvXknLfn82zsG-hGyYUd4aYsAIhAP4KSCxN2VPNc-dvfrQIGduMUNmAiHxLttdezqdrSf3F"
+              }
+            ]
+          },
+          "kind": "BUILD",
+          "name": "projects/gosst-scare-sandbox/occurrences/8ce06798-f94d-4772-a224-04e473163790",
+          "noteName": "projects/verified-builder/notes/intoto_b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b",
+          "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd",
+          "updateTime": "2022-08-15T22:43:35.649016Z"
+        }
+      ]
+    }
+  }
+

cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-empty-signature-region.json

@@ -0,0 +1,95 @@
+{
+    "image_summary": {
+      "digest": "sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd",
+      "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd",
+      "registry": "us-west2-docker.pkg.dev",
+      "repository": "quickstart-docker-repo"
+    },
+    "provenance_summary": {
+      "provenance": [
+        {
+          "build": {
+            "intotoStatement": {
+              "_type": "https://in-toto.io/Statement/v0.1",
+              "predicateType": "https://slsa.dev/provenance/v0.1",
+              "slsaProvenance": {
+                "builder": {
+                  "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2"
+                },
+                "materials": [
+                  {
+                    "uri": "https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e"
+                  }
+                ],
+                "metadata": {
+                  "buildFinishedOn": "2022-08-15T22:43:34.366498Z",
+                  "buildInvocationId": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b",
+                  "buildStartedOn": "2022-08-15T22:43:18.700638187Z"
+                },
+                "recipe": {
+                  "arguments": {
+                    "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build",
+                    "id": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b",
+                    "options": {
+                      "dynamicSubstitutions": true,
+                      "logging": "LEGACY",
+                      "pool": {},
+                      "substitutionOption": "ALLOW_LOOSE"
+                    },
+                    "sourceProvenance": {},
+                    "steps": [
+                      {
+                        "args": [
+                          "build",
+                          "-t",
+                          "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14",
+                          "."
+                        ],
+                        "name": "gcr.io/cloud-builders/docker",
+                        "pullTiming": {
+                          "endTime": "2022-08-15T22:43:21.662016533Z",
+                          "startTime": "2022-08-15T22:43:21.657262492Z"
+                        },
+                        "status": "SUCCESS",
+                        "timing": {
+                          "endTime": "2022-08-15T22:43:27.056377441Z",
+                          "startTime": "2022-08-15T22:43:21.657262492Z"
+                        }
+                      }
+                    ]
+                  },
+                  "entryPoint": "cloudbuild.yaml",
+                  "type": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2"
+                }
+              },
+              "subject": [
+                {
+                  "digest": {
+                    "sha256": "1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd"
+                  },
+                  "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14"
+                }
+              ]
+            }
+          },
+          "createTime": "2022-08-15T22:43:35.649016Z",
+          "envelope": {
+            "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4yIn0sIm1hdGVyaWFscyI6W3sidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMvY29tbWl0L2ZiYmI5ODc2NWU4NWFkNDY0MzAyZGM1OTc3OTY4MTA0ZDM2ZTQ1NWUifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDgtMTVUMjI6NDM6MzQuMzY2NDk4WiIsImJ1aWxkSW52b2NhdGlvbklkIjoiYjZlMDUyYTctNWFhNC00MWJmLWE1NmItOWJjNGU0ZjMwNThiIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjE4LjcwMDYzODE4N1oifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MTQiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NjIwMTY1MzNaIiwic3RhcnRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NTcyNjI0OTJaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjcuMDU2Mzc3NDQxWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9fV19LCJlbnRyeVBvaW50IjoiY2xvdWRidWlsZC55YW1sIiwidHlwZSI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9fSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4xIiwic2xzYVByb3ZlbmFuY2UiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9LCJtYXRlcmlhbHMiOlt7InVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzL2NvbW1pdC9mYmJiOTg3NjVlODVhZDQ2NDMwMmRjNTk3Nzk2ODEwNGQzNmU0NTVlIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjM0LjM2NjQ5OFoiLCJidWlsZEludm9jYXRpb25JZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOC0xNVQyMjo0MzoxOC43MDA2MzgxODdaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiJiNmUwNTJhNy01YWE0LTQxYmYtYTU2Yi05YmM0ZTRmMzA1OGIiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInN1YnN0aXR1dGlvbk9wdGlvbiI6IkFMTE9XX0xPT1NFIn0sInNvdXJjZVByb3ZlbmFuY2UiOnt9LCJzdGVwcyI6W3siYXJncyI6WyJidWlsZCIsIi10IiwidXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djE0IiwiLiJdLCJuYW1lIjoiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsInB1bGxUaW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjYyMDE2NTMzWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9LCJzdGF0dXMiOiJTVUNDRVNTIiwidGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjI3LjA1NjM3NzQ0MVoiLCJzdGFydFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjIxLjY1NzI2MjQ5MloifX1dfSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjIifX0sInN1YmplY3QiOlt7ImRpZ2VzdCI6eyJzaGEyNTYiOiIxYTAzM2IwMDJmODllZDJiOGVhNzMzMTYyNDk3ZmI3MGYxYTQwNDlhN2Y4NjAyZDZhMzM2ODJiNGFkOTkyMWZkIn0sIm5hbWUiOiJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYxNCJ9XX0=",
+            "payloadType": "application/vnd.in-toto+json",
+            "signatures": [
+              {
+                "keyid": "projects/verified-builder/locations//keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1",
+                "sig": "MEYCIQD-0xUsdkYnsmKnQL_ndEvXknLfn82zsG-hGyYUd4aYsAIhAP4KSCxN2VPNc-dvfrQIGduMUNmAiHxLttdezqdrSf3F"
+              }
+            ]
+          },
+          "kind": "BUILD",
+          "name": "projects/gosst-scare-sandbox/occurrences/8ce06798-f94d-4772-a224-04e473163790",
+          "noteName": "projects/verified-builder/notes/intoto_b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b",
+          "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd",
+          "updateTime": "2022-08-15T22:43:35.649016Z"
+        }
+      ]
+    }
+  }
+