Skip to main content

Attestor catalog

Every attestor compiled into the default cilock binary (verified against cilock 1.0.1's cilock attestors list output), with its predicate type URL, lifecycle phase, and a one-line summary. Per-attestor JSON schemas live upstream in the witness docs (linked in the table); cilock and witness use compatible schemas, with cilock attestation types namespaced under https://aflock.ai/attestations/<name>/v0.1 and witness types under https://witness.dev/attestations/<name>/v0.1. Cilock accepts both via legacy aliases. Several attestors emit upstream-typed predicates (SLSA, OpenVEX, in-toto link, SLSA VSA) instead of an aflock-namespaced one; those exact types are shown in the table.

Source of truth: rookery/cilock/cmd/cilock/main.go for the registered set; per-attestor source in rookery/plugins/attestors/<name>/.

The current binary registers 29 attestors (3 always-run, 2 default-on, 24 opt-in).

Inspecting your binaryโ€‹

# Full table of registered attestors with name, type URL, run type
cilock attestors list

# JSON Schema for a specific attestor's predicate
cilock attestors schema git

The (always run) and (default) markers in cilock attestors list show which attestors fire on every cilock run and which are enabled without being passed via --attestations.

Source & build contextโ€‹

NamePredicate typeLifecycleWhat it capturesUpstream schema
git (default)https://aflock.ai/attestations/git/v0.1prematerialCommit hash, branch, tags, author, committer, dirty status, refs, remotes, parentswitness/git.md
command-run (always run)https://aflock.ai/attestations/command-run/v0.1executeargv, exit code, stdout/stderr digests, optional ptrace openedfiles and syscall recordswitness/command-run.md
material (always run)https://aflock.ai/attestations/material/v0.1materialDigests of all files in the working directory before the command runswitness/material.md
product (always run)https://aflock.ai/attestations/product/v0.1productDigests of files changed/created during execute (filtered by --attestor-product-include-glob / --attestor-product-exclude-glob)witness/product.md
environment (default)https://aflock.ai/attestations/environment/v0.1prematerialOS, kernel, env vars (sensitive vars obfuscated or filtered)witness/environment.md
configurationhttps://aflock.ai/attestations/configuration/v0.1prematerialCaptures cilock's own runtime config for the step(cilock-native)
linkhttps://in-toto.io/attestation/link/v0.3postproductin-toto link statement format (legacy in-toto compat)witness/link.md
lockfileshttps://aflock.ai/attestations/lockfiles/v0.1prematerialHashes of detected lockfiles for package-manager integritywitness/lockfiles.md

CI platform identityโ€‹

NamePredicate typeLifecycleWhat it capturesUpstream schema
github-actionhttps://aflock.ai/attestations/github-action/v0.1executeWorkflow, job, run-id, actor, event, ref, SHA from GITHUB_* env(cilock-native)
githubhttps://aflock.ai/attestations/github/v0.1prematerialGitHub OIDC token claims (audience, subject, repo, ref)witness/github.md
githubwebhookhttps://aflock.ai/attestations/githubwebhook/v0.1postproductInbound webhook payload digest for chain-of-custody(cilock-native)
gitlabhttps://aflock.ai/attestations/gitlab/v0.1prematerialGitLab CI JWT identity, pipeline, job, runner, refwitness/gitlab.md
jenkinshttps://aflock.ai/attestations/jenkins/v0.1prematerialJenkins build identity and job contextwitness/jenkins.md
jwthttps://aflock.ai/attestations/jwt/v0.1prematerialGeneric JWT identity capture (used for non-built-in OIDC sources)witness/jwt.md

Cloud identity & infrastructureโ€‹

NamePredicate typeLifecycleWhat it capturesUpstream schema
awshttps://aflock.ai/attestations/aws/v0.1prematerialAWS EC2 instance identity document, cryptographically validated against the AWS public keywitness/aws.md
aws-codebuildhttps://aflock.ai/attestations/aws-codebuild/v0.1prematerialAWS CodeBuild project identity and build metadatawitness/aws-codebuild.md
gcp-iithttps://aflock.ai/attestations/gcp-iit/v0.1prematerialGCP Instance Identity Token, validated against GCP keyswitness/gcp-iit.md
dockerhttps://aflock.ai/attestations/docker/v0.1postproductDocker buildx metadata file digests, image tagswitness/docker.md
ocihttps://aflock.ai/attestations/oci/v0.1postproductOCI image content from saved image tarball, layers, config, manifestswitness/oci.md
k8smanifesthttps://aflock.ai/attestations/k8smanifest/v0.2postproductKubernetes manifest digests for deploy artifactswitness/k8smanifest.md

Security & compliance evidenceโ€‹

NamePredicate typeLifecycleWhat it capturesUpstream schema
sbomhttps://aflock.ai/attestations/sbom/v0.1postproductParses CycloneDX or SPDX JSON files in the products and embeds the SBOM document. (When a CycloneDX SBOM is emitted as a standalone attestation via --attestor-sbom-export, its inner predicateType becomes https://cyclonedx.org/bom.)witness/sbom.md
sarifhttps://aflock.ai/attestations/sarif/v0.1postproductParses SARIF result files (CodeQL, Semgrep, gosec, Trivy, etc.). Outer predicate wraps the SARIF report at .report, so Rego policies use input.report.runs not input.runs.witness/sarif.md
slsahttps://slsa.dev/provenance/v1.0postproductEmits SLSA Provenance v1 from the cilock run context. Uses the upstream SLSA predicate type directly.witness/slsa.md
secretscanhttps://aflock.ai/attestations/secretscan/v0.1postproductGitleaks pattern scan with recursive base64/hex/URL decode (default maxDecodeLayers=3); --attestor-secretscan-fail-on-detection blocks the build on hits. See concepts โ†’ secretscan.witness/secretscan.md
vexhttps://openvex.dev/nspostproductVulnerability Exploit Exchange, explicit vulnerability disposition statements. Uses the upstream OpenVEX predicate type.witness/vex.md
omnitrailhttps://aflock.ai/attestations/omnitrail/v0.1prematerialOmniTrail tooling trail (Linux/Darwin only; Windows builds excluded for this reason)witness/omnitrail.md
system-packageshttps://aflock.ai/attestations/system-packages/v0.1prematerialOS package inventory (deb/rpm/apk)witness/system-packages.md
policyverifyhttps://slsa.dev/verification_summary/v1verifyRecords a SLSA Verification Summary Attestation (VSA) for the verify result. Verify-type attestor: runs only inside cilock verify; cannot be combined with run-type attestors in cilock run.(cilock-native; see verify-in-a-release-gate)
mavenhttps://aflock.ai/attestations/maven/v0.1prematerialMaven build context (POM path defaults to pom.xml) and dependency declarationswitness/maven.md

Always-run and default setsโ€‹

Verified from rookery/cilock/internal/cmd/run.go + the live cilock attestors list:

  • Always run (cannot be omitted, run on every cilock run): material, product, and command-run (when args are provided).
  • Default attestation set (when --attestations is not specified): environment,git (comma-separated, per cobra StringSlice semantics).

Pass additional attestors with --attestations "<a>,<b>,<c>" (comma-separated, not space). Cilock also accepts the legacy witness URL aliases via attestation.RegisterLegacyAliases(), called from cilock/cmd/cilock/main.go at startup.

Naming gotchasโ€‹

The on-disk Go package name and the attestor's Name() aren't always identical. Use the Name() value when passing --attestations:

Go package directoryAttestor Name() (use this in --attestations)
plugins/attestors/commandrun/command-run
plugins/attestors/githubaction/github-action
plugins/attestors/aws-iid/aws

Available in rookery but not in the default cilock binaryโ€‹

These attestors live in rookery/plugins/attestors/ but are not registered in the default cilock binary (some are imported but not registered, others aren't imported at all). To include them, build a custom binary using the rookery builder:

asff, aws-config, docker-bench, inspec, kube-bench, nessus, oscap, pip-install, prowler, sinkhole-flows, vsa

(Note: pip-install is blank-imported by cilock/cmd/cilock/main.go but does not appear in cilock attestors list output. Treat it as unavailable in the default binary; build via the rookery builder if you need it.)