# Upload attestation

Endpoint: POST /gateway/ssca-manager/v2/orgs/{org}/projects/{project}/attestations/upload/{orchestration}
Version: 1.0
Security: x-api-key

## Path parameters:

  - `org` (string, required)
    Harness organization ID

  - `project` (string, required)
    Harness project ID

  - `orchestration` (string, required)
    Harness Pipeline Execution ID

## Header parameters:

  - `Harness-Account` (string, required)
    Identifier field of the account the resource is scoped to. This is required for Authorization methods other than the x-api-key header. If you are using the x-api-key header, this can be skipped.

  - `Idempotency-Key` (string)
    Client-provided UUID for safe retries

## Request fields (application/json):

  - `envelope` (object, required)

  - `envelope.payloadType` (string, required)
    MIME type of the payload
    Example: "application/vnd.in-toto+json"

  - `envelope.payload` (string, required)
    base64-encoded JSON payload (in-toto Statement)
    Example: "eyJfdHlwZSI6ICJod..."

  - `envelope.signatures` (array)

  - `envelope.signatures.keyid` (string)
    Identifier of the signing key
    Example: "harness-ci-signer"

  - `envelope.signatures.sig` (string)
    Base64-encoded signature
    Example: "MEUCIQ..."

  - `envelope.metadata` (object)
    optional metadata such as source / ingestedBy / timestamp

  - `artifact` (object, required)

  - `artifact.id` (string)
    id of the artifact
    Example: "089855ea-f90e-4bea-a5c9-b5ddf85d3180"

  - `artifact.type` (string, required)
    type of the artifact
    Enum: "image", "repository"

  - `artifact.name` (string, required)
    name of the artifact
    Example: "harness/image"

  - `artifact.tag` (string)
    tag of the artifact
    Example: "latest"

  - `artifact.registry_url` (string, required)
    url of the artifact
    Example: "https://console.cloud.google.com/gcr/images/imageName"

  - `artifact.url` (string)

  - `artifact.variant` (object)

  - `artifact.variant.type` (string)
    type of the variant of the artifact.
    Enum: "tag", "branch", "gitTag", "commit"

  - `artifact.variant.value` (string)
    Value of the variant of the artifact.

  - `artifact.digest` (string)
    digest of the artifact
    Example: "sha256:1234567890"

  - `artifact.metadata` (object)

  - `artifact.repository_platform` (string)
    Enum: "HARNESS", "GITHUB", "BITBUCKET", "GITLAB", "GIT", "AZURE"

  - `executionContext` (object)

  - `executionContext.type` (string, required)
    Enum: "harness", "github"

  - `executionContext.github` (object)
    Github Pipeline Execution Details

  - `executionContext.github.repository` (string)

  - `executionContext.github.github_action` (string)

  - `executionContext.github.action_path` (string)

  - `executionContext.github.job_id` (string)

  - `executionContext.github.run_id` (string)

  - `executionContext.github.workflow_ref` (string)

  - `executionContext.github.runner_detail` (object)

  - `executionContext.github.runner_detail.name` (string)

  - `executionContext.github.runner_detail.account_id` (string)

  - `executionContext.harness` (object)
    Harness Pipeline Execution Details

  - `executionContext.harness.org` (string)

  - `executionContext.harness.project` (string)

  - `executionContext.harness.pipeline_execution_id` (string)

  - `executionContext.harness.pipeline_id` (string)

  - `executionContext.harness.pipeline_name` (string)

  - `executionContext.harness.sequence_id` (string)

  - `executionContext.harness.step_id` (string)

  - `executionContext.harness.step_execution_id` (string)

  - `executionContext.harness.step_name` (string)

  - `executionContext.harness.stage_id` (string)

  - `executionContext.harness.stage_execution_id` (string)

  - `executionContext.harness.stage_name` (string)

  - `executionContext.harness.stage_type` (string)
    Stage type in which the step executed

  - `executionContext.harness.runner_detail` (object)

  - `executionContext.harness.runner_detail.trigger_type` (string)

  - `executionContext.harness.runner_detail.trigger_by_id` (string)

  - `executionContext.harness.runner_detail.trigger_by_name` (string)

## Response 201 fields (application/json):

  - `gitoidSha256` (string)
    GitOID SHA256 digest of the attestation
    Example: "300cd77db87c312b00b2e712d82a7581b20972e6a49e0ed11f4cdd1e2be942a0"

  - `status` (string)
    Ingestion status
    Example: "ingested"

  - `verified` (boolean)
    Whether the signature was verified
    Example: true

  - `indexed` (boolean)
    Whether the attestation has been indexed

  - `artifactId` (string)
    Associated artifact identifier

  - `orchestrationId` (string)
    Orchestration identifier for this attestation

  - `links` (object)

  - `links.download` (string)
    Download URL for this attestation
    Example: "/orgs/SSCA/projects/SSCA_Sanity/attestations/300cd77..."

  - `links.graph` (string)
    Graph query URL for related attestations
    Example: "/orgs/SSCA/projects/SSCA_Sanity/attestations/graph?artifactId=68f09..."


## Response 400 fields

## Response 401 fields

## Response 403 fields

## Response 422 fields

## Response 500 fields