public sealed class AttestationOccurrence : IMessage<AttestationOccurrence>, IEquatable<AttestationOccurrence>, IDeepCloneable<AttestationOccurrence>, IBufferMessage, IMessage
Reference documentation and code samples for the Grafeas v1 API class AttestationOccurrence.
Occurrence that represents a single "attestation". The authenticity of an
attestation can be verified using the attached signature. If the verifier
trusts the public key of the signer, then verifying the signature is
sufficient to establish trust. In this circumstance, the authority to which
this attestation is attached is primarily useful for lookup (how to find
this attestation if you already know the authority and artifact to be
verified) and intent (for which authority this attestation was intended to
sign.
One or more JWTs encoding a self-contained attestation.
Each JWT encodes the payload that it verifies within the JWT itself.
Verifier implementation SHOULD ignore theserialized_payloadfield
when verifying these JWTs.
If only JWTs are present on this AttestationOccurrence, then theserialized_payloadSHOULD be left empty.
Each JWT SHOULD encode a claim specific to theresource_uriof this
Occurrence, but this is not validated by Grafeas metadata API
implementations. The JWT itself is opaque to Grafeas.
public RepeatedField<Signature> Signatures { get; }
One or more signatures overserialized_payload. Verifier implementations
should consider this attestation message verified if at least onesignatureverifiesserialized_payload. SeeSignaturein common.proto
for more details on signature structure and verification.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThis documentation provides reference information for the \u003ccode\u003eAttestationOccurrence\u003c/code\u003e class within the Grafeas v1 API, detailing its structure and usage.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eAttestationOccurrence\u003c/code\u003e represents a single attestation, whose authenticity is confirmed by an attached signature, and trust is established if the verifier trusts the signer's public key.\u003c/p\u003e\n"],["\u003cp\u003eThe class \u003ccode\u003eAttestationOccurrence\u003c/code\u003e has a constructor, \u003ccode\u003eAttestationOccurrence()\u003c/code\u003e, and properties such as \u003ccode\u003eJwts\u003c/code\u003e, \u003ccode\u003eSerializedPayload\u003c/code\u003e, and \u003ccode\u003eSignatures\u003c/code\u003e, which store JWTs, the verified payload, and signatures over that payload respectively.\u003c/p\u003e\n"],["\u003cp\u003eThe most recent version of the documentation is 3.7.0, and there are other versions of the documentation available for previous releases dating back to version 2.2.0.\u003c/p\u003e\n"]]],[],null,["# Grafeas v1 API - Class AttestationOccurrence (3.10.0)\n\nVersion latestkeyboard_arrow_down\n\n- [3.10.0 (latest)](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1.AttestationOccurrence)\n- [3.8.0](/dotnet/docs/reference/Grafeas.V1/3.8.0/Grafeas.V1.AttestationOccurrence)\n- [3.7.0](/dotnet/docs/reference/Grafeas.V1/3.7.0/Grafeas.V1.AttestationOccurrence)\n- [3.6.0](/dotnet/docs/reference/Grafeas.V1/3.6.0/Grafeas.V1.AttestationOccurrence)\n- [3.5.0](/dotnet/docs/reference/Grafeas.V1/3.5.0/Grafeas.V1.AttestationOccurrence)\n- [3.4.0](/dotnet/docs/reference/Grafeas.V1/3.4.0/Grafeas.V1.AttestationOccurrence)\n- [3.3.0](/dotnet/docs/reference/Grafeas.V1/3.3.0/Grafeas.V1.AttestationOccurrence)\n- [3.2.0](/dotnet/docs/reference/Grafeas.V1/3.2.0/Grafeas.V1.AttestationOccurrence)\n- [3.1.0](/dotnet/docs/reference/Grafeas.V1/3.1.0/Grafeas.V1.AttestationOccurrence)\n- [3.0.0](/dotnet/docs/reference/Grafeas.V1/3.0.0/Grafeas.V1.AttestationOccurrence)\n- [2.4.0](/dotnet/docs/reference/Grafeas.V1/2.4.0/Grafeas.V1.AttestationOccurrence)\n- [2.3.0](/dotnet/docs/reference/Grafeas.V1/2.3.0/Grafeas.V1.AttestationOccurrence)\n- [2.2.0](/dotnet/docs/reference/Grafeas.V1/2.2.0/Grafeas.V1.AttestationOccurrence) \n\n public sealed class AttestationOccurrence : IMessage\u003cAttestationOccurrence\u003e, IEquatable\u003cAttestationOccurrence\u003e, IDeepCloneable\u003cAttestationOccurrence\u003e, IBufferMessage, IMessage\n\nReference documentation and code samples for the Grafeas v1 API class AttestationOccurrence.\n\nOccurrence that represents a single \"attestation\". The authenticity of an\nattestation can be verified using the attached signature. If the verifier\ntrusts the public key of the signer, then verifying the signature is\nsufficient to establish trust. In this circumstance, the authority to which\nthis attestation is attached is primarily useful for lookup (how to find\nthis attestation if you already know the authority and artifact to be\nverified) and intent (for which authority this attestation was intended to\nsign. \n\nInheritance\n-----------\n\n[object](https://learn.microsoft.com/dotnet/api/system.object) \\\u003e AttestationOccurrence \n\nImplements\n----------\n\n[IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage-1.html)[AttestationOccurrence](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1.AttestationOccurrence), [IEquatable](https://learn.microsoft.com/dotnet/api/system.iequatable-1)[AttestationOccurrence](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1.AttestationOccurrence), [IDeepCloneable](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IDeepCloneable-1.html)[AttestationOccurrence](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1.AttestationOccurrence), [IBufferMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IBufferMessage.html), [IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage.html) \n\nInherited Members\n-----------------\n\n[object.GetHashCode()](https://learn.microsoft.com/dotnet/api/system.object.gethashcode) \n[object.GetType()](https://learn.microsoft.com/dotnet/api/system.object.gettype) \n[object.ToString()](https://learn.microsoft.com/dotnet/api/system.object.tostring)\n\nNamespace\n---------\n\n[Grafeas.V1](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1)\n\nAssembly\n--------\n\nGrafeas.V1.dll\n\nConstructors\n------------\n\n### AttestationOccurrence()\n\n public AttestationOccurrence()\n\n### AttestationOccurrence(AttestationOccurrence)\n\n public AttestationOccurrence(AttestationOccurrence other)\n\nProperties\n----------\n\n### Jwts\n\n public RepeatedField\u003cJwt\u003e Jwts { get; }\n\nOne or more JWTs encoding a self-contained attestation.\nEach JWT encodes the payload that it verifies within the JWT itself.\nVerifier implementation SHOULD ignore the `serialized_payload` field\nwhen verifying these JWTs.\nIf only JWTs are present on this AttestationOccurrence, then the\n`serialized_payload` SHOULD be left empty.\nEach JWT SHOULD encode a claim specific to the `resource_uri` of this\nOccurrence, but this is not validated by Grafeas metadata API\nimplementations. The JWT itself is opaque to Grafeas.\n\n### SerializedPayload\n\n public ByteString SerializedPayload { get; set; }\n\nRequired. The serialized payload that is verified by one or more\n`signatures`.\n\n### Signatures\n\n public RepeatedField\u003cSignature\u003e Signatures { get; }\n\nOne or more signatures over `serialized_payload`. Verifier implementations\nshould consider this attestation message verified if at least one\n`signature` verifies `serialized_payload`. See `Signature` in common.proto\nfor more details on signature structure and verification."]]
