@spec artifact_attestation_filename() :: :"artifact.attestation.filename"

The provenance filename of the built attestation which directly relates to the build artifact filename. This filename SHOULD accompany the artifact at publish time. See the SLSA Relationship specification for more information.

Value type

Value must be of type atom() | String.t().

Examples

["golang-binary-amd64-v0.1.0.attestation", "docker-image-amd64-v0.1.0.intoto.json1", "release-1.tar.gz.attestation", "file-name-package.tar.gz.intoto.json1"]copy

iex> OpenTelemetry.SemConv.Incubating.ArtifactAttributes.artifact_attestation_filename()
:"artifact.attestation.filename"copy

?ARTIFACT_ATTESTATION_FILENAME.
'artifact.attestation.filename'copy

@spec artifact_attestation_hash() :: :"artifact.attestation.hash"

The full hash value (see glossary), of the built attestation. Some envelopes in the software attestation space also refer to this as the digest.

Value type

Value must be of type atom() | String.t().

Examples

["1b31dfcd5b7f9267bf2ff47651df1cfb9147b9e4df1f335accf65b4cda498408"]copy

iex> OpenTelemetry.SemConv.Incubating.ArtifactAttributes.artifact_attestation_hash()
:"artifact.attestation.hash"copy

?ARTIFACT_ATTESTATION_HASH.
'artifact.attestation.hash'copy

@spec artifact_attestation_id() :: :"artifact.attestation.id"

The id of the build software attestation.

Value type

Value must be of type atom() | String.t().

Examples

["123"]copy

iex> OpenTelemetry.SemConv.Incubating.ArtifactAttributes.artifact_attestation_id()
:"artifact.attestation.id"copy

?ARTIFACT_ATTESTATION_ID.
'artifact.attestation.id'copy

@spec artifact_filename() :: :"artifact.filename"

The human readable file name of the artifact, typically generated during build and release processes. Often includes the package name and version in the file name.

Value type

Value must be of type atom() | String.t().

Notes

This file name can also act as the Package Name
in cases where the package ecosystem maps accordingly.
Additionally, the artifact can be published
for others, but that is not a guarantee.

Examples

["golang-binary-amd64-v0.1.0", "docker-image-amd64-v0.1.0", "release-1.tar.gz", "file-name-package.tar.gz"]copy

iex> OpenTelemetry.SemConv.Incubating.ArtifactAttributes.artifact_filename()
:"artifact.filename"copy

?ARTIFACT_FILENAME.
'artifact.filename'copy

@spec artifact_hash() :: :"artifact.hash"

The full hash value (see glossary), often found in checksum.txt on a release of the artifact and used to verify package integrity.

Value type

Value must be of type atom() | String.t().

Notes

The specific algorithm used to create the cryptographic hash value is
not defined. In situations where an artifact has multiple
cryptographic hashes, it is up to the implementer to choose which
hash value to set here; this should be the most secure hash algorithm
that is suitable for the situation and consistent with the
corresponding attestation. The implementer can then provide the other
hash values through an additional set of attribute extensions as they
deem necessary.

Examples

["9ff4c52759e2c4ac70b7d517bc7fcdc1cda631ca0045271ddd1b192544f8a3e9"]copy

iex> OpenTelemetry.SemConv.Incubating.ArtifactAttributes.artifact_hash()
:"artifact.hash"copy

?ARTIFACT_HASH.
'artifact.hash'copy

@spec artifact_purl() :: :"artifact.purl"

The Package URL of the package artifact provides a standard way to identify and locate the packaged artifact.

Value type

Value must be of type atom() | String.t().

Examples

["pkg:github/package-url/purl-spec@1209109710924", "pkg:npm/foo@12.12.3"]copy

iex> OpenTelemetry.SemConv.Incubating.ArtifactAttributes.artifact_purl()
:"artifact.purl"copy

?ARTIFACT_PURL.
'artifact.purl'copy

@spec artifact_version() :: :"artifact.version"

The version of the artifact.

Value type

Value must be of type atom() | String.t().

Examples

["v0.1.0", "1.2.1", "122691-build"]copy

iex> OpenTelemetry.SemConv.Incubating.ArtifactAttributes.artifact_version()
:"artifact.version"copy

?ARTIFACT_VERSION.
'artifact.version'copy