Module: OpenTelemetry::SemConv::Incubating::ARTIFACT

Defined in:: lib/opentelemetry/semconv/incubating/artifact/attributes.rb

Attribute Names collapse

ARTIFACT_ATTESTATION_FILENAME =

Note:
Stability Level: development

The provenance filename of the built attestation which directly relates to the build artifact filename. This filename SHOULD accompany the artifact at publish time. See the SLSA Relationship specification for more information.

Examples:

Sample Values

golang-binary-amd64-v0.1.0.attestation docker-image-amd64-v0.1.0.intoto.json1 release-1.tar.gz.attestation file-name-package.tar.gz.intoto.json1

'artifact.attestation.filename'

ARTIFACT_ATTESTATION_HASH =

Note:
Stability Level: development

The full hash value (see glossary), of the built attestation. Some envelopes in the software attestation space also refer to this as the digest.

Examples:

Sample Values

1b31dfcd5b7f9267bf2ff47651df1cfb9147b9e4df1f335accf65b4cda498408

'artifact.attestation.hash'

ARTIFACT_ATTESTATION_ID =

Note:
Stability Level: development

The id of the build software attestation.

Examples:

Sample Values

123

'artifact.attestation.id'

ARTIFACT_FILENAME =

Note:
Stability Level: development

The human readable file name of the artifact, typically generated during build and release processes. Often includes the package name and version in the file name.

This file name can also act as the Package Name in cases where the package ecosystem maps accordingly. Additionally, the artifact can be published for others, but that is not a guarantee.

Examples:

Sample Values

golang-binary-amd64-v0.1.0 docker-image-amd64-v0.1.0 release-1.tar.gz file-name-package.tar.gz

'artifact.filename'

ARTIFACT_HASH =

Note:
Stability Level: development

The full hash value (see glossary), often found in checksum.txt on a release of the artifact and used to verify package integrity.

The specific algorithm used to create the cryptographic hash value is not defined. In situations where an artifact has multiple cryptographic hashes, it is up to the implementer to choose which hash value to set here; this should be the most secure hash algorithm that is suitable for the situation and consistent with the corresponding attestation. The implementer can then provide the other hash values through an additional set of attribute extensions as they deem necessary.

Examples:

Sample Values

9ff4c52759e2c4ac70b7d517bc7fcdc1cda631ca0045271ddd1b192544f8a3e9

'artifact.hash'

ARTIFACT_PURL =

Note:
Stability Level: development

The Package URL of the package artifact provides a standard way to identify and locate the packaged artifact.

Examples:

Sample Values

pkg:github/package-url/purl-spec@1209109710924 pkg:npm/foo@12.12.3

'artifact.purl'

ARTIFACT_VERSION =

Note:
Stability Level: development

The version of the artifact.

Examples:

Sample Values

v0.1.0 1.2.1 122691-build

'artifact.version'