Attestors overview
Each CI/lock attestor captures one slice of build/run state and emits it as an in-toto predicate inside the DSSE envelope. A single cilock run invocation can chain many attestors together, so the resulting collection is the union of every signal you asked for.
command-run
The cilock command-run attestor records the executed argv, exit code, captured stdout/stderr, and an optional Linux ptrace forensic record, signed into in-toto evidence.
material
The cilock material attestor snapshots the working directory before a step runs and emits a single RFC 6962 Merkle-root in-toto subject (tree:materials) over every input file's digest.
git
The cilock git attestor captures the repository state at the working directory — HEAD commit, identities, refs, remotes, tags, parents, tree hash, and dirtiness — signed into in-toto evidence.
product
The cilock product attestor snapshots the working directory after a step runs and emits a single RFC 6962 Merkle-root in-toto subject (tree:products) over every output file's digest.
environment
The cilock environment attestor captures the host OS, hostname, username, and full process environment with sensitive values obfuscated, signing them into in-toto evidence.
inclusion-proof
The cilock inclusion-proof attestor binds a single file's digest to a Merkle tree root via an RFC 6962 audit path and signs it into in-toto evidence for downstream per-file verification.
configuration
The cilock configuration attestor captures the raw CLI flags, config file path, digest, and parsed contents that drove a run, signing them into in-toto evidence.
link
The cilock link attestor synthesizes an in-toto Link v0.3 predicate from the step's command-run, material, product, and environment attestors and signs it into in-toto evidence for legacy verifiers.
lockfiles
The cilock lockfiles attestor captures the contents and SHA-256 digest of common package-manager lockfiles in the working tree and signs them into in-toto evidence as a pinned-dependency fingerprint.
maven
The cilock maven attestor parses a Maven pom.xml and signs the project coordinates and declared dependencies into in-toto evidence as a static, pre-build dependency record.
github-action
The cilock github-action attestor captures GitHub Action execution metadata — reference, type, inputs/outputs, exit code, and runtime context — signed into in-toto evidence.
github
The cilock github attestor fetches the GitHub Actions OIDC token, verifies it against the GitHub JWKS, and signs the decoded claims plus workflow context into in-toto evidence.
githubwebhook
The cilock githubwebhook attestor verifies a GitHub webhook payload's HMAC-SHA256 signature and signs the parsed payload and event name into in-toto evidence.
gitlab
The cilock gitlab attestor captures GitLab CI job context plus the GitLab-issued OIDC JWT and signs it into in-toto evidence, proving an attestation came from a specific pipeline, job, and project.
jenkins
The cilock jenkins attestor captures Jenkins build metadata from JENKINS_/BUILD_ environment variables and signs it into in-toto evidence, binding an artifact to the pipeline run that produced it.
Prowler
Scan AWS, GCP, Azure, Kubernetes, and Microsoft 365 against CIS, NIST, ISO 27001, HIPAA, and PCI-DSS with Prowler under cilock — findings become a signed v0.3 attestation parsed by the native prowler attestor.
jwt
The cilock jwt attestor parses a JWT, fetches a JWKS, verifies the token signature, and signs the decoded claims plus the verifying key into in-toto evidence as a generic OIDC identity proof.
OpenSCAP
Run OpenSCAP (oscap) XCCDF baseline scans under cilock — every SCAP Security Guide profile evaluation becomes a signed in-toto envelope carrying parsed pass/fail/N/A counts plus the raw XCCDF results XML.
aws (aws-iid)
The cilock aws attestor fetches the EC2 instance identity document from IMDS, verifies its RSA-SHA256 signature against the AWS region certificate, and signs the verified host identity into in-toto evidence.
Chef InSpec
Run Chef InSpec (Progress) compliance profiles under cilock — every CIS, custom Ruby, or dev-sec.io scan becomes a signed v0.1 InSpec attestation linked to the profile and target it scanned.
aws-codebuild
The cilock aws-codebuild attestor captures CodeBuild build identity from CODEBUILD_* env vars and the BatchGetBuilds API, signing the full build context into in-toto evidence.
Steampipe
Query AWS, GCP, Azure, Kubernetes, GitHub, and other cloud or SaaS APIs as SQL with Steampipe under cilock — every row becomes a signed v0.1 Steampipe attestation chained to subject digests per identity axis.
gcp-iit
The cilock gcp-iit attestor captures the GCE Instance Identity Token, verifies its signature against Google's JWKS, and signs the resulting GCE host identity into in-toto evidence.
docker
The cilock docker attestor parses docker buildx --metadata-file JSON from products and records image digests, references, and per-architecture SLSA materials into signed in-toto evidence.
Linkerd
Capture Linkerd service-mesh state under cilock — the native linkerd-check attestor parses `linkerd check -o json` plus optional `linkerd viz edges -o json` into a signed v0.3 attestation with per-category check rollup and per-edge mTLS booleans, gated by Rego for release-time mTLS enforcement.
sbom
The cilock sbom attestor picks up SPDX-JSON or CycloneDX-JSON files from the product set, stores each document byte-preservingly, and signs it into in-toto evidence under the SBOM's native predicate type.
sarif
The cilock sarif attestor captures a SARIF result file emitted by a code scanner (CodeQL, Semgrep, gosec, Trivy) and embeds it byte-identical in a signed in-toto attestation under a .report field.
secretscan
The cilock secretscan attestor runs a Gitleaks pattern scan over every product and prior attestor's JSON, with recursive decoding, recording redacted findings into signed in-toto evidence.
k8smanifest
The cilock k8smanifest attestor walks YAML/JSON Kubernetes manifests, strips ephemeral fields, records per-document digests and container image references, and signs them into in-toto evidence.
slsa
The cilock slsa attestor assembles a SLSA Provenance v1.0 predicate from sibling attestors in the same collection and signs it into in-toto evidence under the slsa.dev predicate type.
vex
The cilock vex attestor captures an OpenVEX document found among a step's product files and attaches it as in-toto evidence under the canonical OpenVEX predicate type URI.
oci
The cilock oci attestor ingests an OCI/Docker image saved as a tarball product and signs the manifest, image ID, layer diffIDs, and repo tags into in-toto evidence.
omnitrail
The cilock omnitrail attestor captures a content-addressed trail of every file and directory under the working directory with POSIX metadata, signed into in-toto evidence for cross-tool provenance correlation.
system-packages
The cilock system-packages attestor records the build host's installed OS package inventory (name and version) before materials are gathered, signing it into in-toto evidence.
policyverify
The cilock policyverify attestor emits a SLSA Verification Summary Attestation recording the outcome of a cilock verify run against a signed policy, signed into in-toto evidence.
pip-install
The cilock pip-install attestor captures the post-build Python package environment via pip, statically analyzes installed code and PyPI PEP 740 provenance, and signs it into in-toto evidence.
kube-bench
The cilock kube-bench attestor ingests an Aqua Security kube-bench CIS Kubernetes Benchmark JSON report from the step's products and signs a per-check pass/fail/warn summary into in-toto evidence.
docker-bench
Captures CIS Docker Benchmark results produced by docker-bench-security --json and rolls them up into a signed attestation.
nessus
Ingests a Tenable Nessus .nessus XML report from the attestation products and emits a digest-pinned summary of hosts scanned, findings bucketed by severity, and CVEs referenced by critical/high findings.
asff
Reads an AWS Security Hub ASFF (AWS Security Finding Format) JSON report from the attestation products, validates it, and signs a condensed summary (counts, severity breakdown, failed findings) as the attestation predicate.
aws-config
Reads an AWS Config get-compliance-details-by-config-rule JSON report from the attestation products, aggregates rule-level compliance counts, and signs the summary as the attestation predicate.
sinkhole-flows
Attaches HTTP(S) flow data captured by a mitmproxy sidecar — request/response pairs and TLS ClientHello events — to a signed attestation collection, so policy can reason about exactly which hosts a scan or build talked to.
vsa
Typed decoder for pre-signed SLSA VSA predicates so downstream policies can consume external VSAs as first-class attestations — distinct from policyverify, which produces a VSA at verify time.
structured-data
Generic JSON-ingestion attestor: reads a recipe-pointed JSON product, canonicalizes it (RFC 8785 JCS) for a stable digest, selects in-toto subjects with an RFC 9535 JSONPath subset, and emits a signed envelope keyed on those subjects.
ScubaGoggles
Capture a Google Workspace tenant's raw configuration with CISA ScubaGoggles under cilock — the provider settings become a signed scubagoggles/v0.1 attestation that your own Rego policy evaluates. Facts in the evidence, verdict in the policy.