This contains the fields corresponding to the definition of a software supply chain step in an in-toto layout. This information goes into a Grafeas note.

Attributes

• expectedCommand (type: list(String.t), default: nil) - This field contains the expected command used to perform the step.
• expectedMaterials (type: list(GoogleApi.ContainerAnalysis.V1beta1.Model.ArtifactRule.t), default: nil) - The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.
• expectedProducts (type: list(GoogleApi.ContainerAnalysis.V1beta1.Model.ArtifactRule.t), default: nil) -
• signingKeys (type: list(GoogleApi.ContainerAnalysis.V1beta1.Model.SigningKey.t), default: nil) - This field contains the public keys that can be used to verify the signatures on the step metadata.
• stepName (type: String.t, default: nil) - This field identifies the name of the step in the supply chain.
• threshold (type: String.t, default: nil) - This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.