Scan attestation predicate (/scan/v1)
Title: Scan attestation predicate (/scan/v1)
| |
|---|
| Type | object |
| Required | No |
| Additional properties | Not allowed |
Description: houba's normalized scan summary — the signed, verifiable form of io.houba.scan.*.
1. Property scanner
Title: Scanner
| |
|---|
| Type | object |
| Required | Yes |
| Additional properties | Not allowed |
| Defined in | #/$defs/Scanner |
Description: The upstream scanner that produced the report (houba did not run it).
| Property | Pattern | Type | Deprecated | Definition | Title/Description |
|---|
| + name | No | string | No | - | Name |
| + version | No | string | No | - | Version |
1.1. Property name
Title: Name
1.2. Property version
Title: Version
Title: Format
3. Property summary
Title: Summary
| Property | Pattern | Type | Deprecated | Definition | Title/Description |
|---|
| - | No | string | No | - | - |
3.1. Property additionalProperties
4. Property report_digest
Title: Report Digest
5. Property attested_at
Title: Attested At
Description: ISO-8601 timestamp of when houba attached and signed this scan. The freshness clock: an admission controller enforces a max-age policy against it (admit only if now - attested_at <= max-age). This signed field is the only trustworthy freshness source — not the unsigned scan-timestamp annotation (the HOUBA_LABEL_PREFIX-prefixed key, e.g. io.houba.scan.timestamp), which exists only for gc.
6. Property builder_id
Title: Builder Id