docs: update hermetic field after it was moved in implementation

Signed-off-by: Tonis Tiigi <[email protected]>
tonistiigi · Jan 4, 2023 · c1963ec · c1963ec
1 parent 4d807dd
commit c1963ec
Showing 1 changed file with 14 additions and 5 deletions.
diff --git a/docs/slsa.md b/docs/slsa.md
@@ -298,16 +298,12 @@ are not complete. Parameters are also not complete on direct LLB builds that did
 from untracked source in a local directory, the materials are not complete, while when building from a remote
 Git repository all materials can be tracked by BuildKit and `completeness.materials` is true. 
 
-`https://mobyproject.org/buildkit@v1#hermetic` is a custom field that is true if the build was hermetic and
-did not access the network. In Dockerfiles, a build is hermetic if it does not use `RUN` commands or disables
-network with `--network=none` flag.
 
 ```
       "completeness": {
         "parameters": true,
         "environment": true,
-        "materials": true,
-        "https://mobyproject.org/buildkit@v1#hermetic": true
+        "materials": true
       }
     }
 ```
@@ -321,6 +317,19 @@ user with the `reproducible=true` attestation parameter.
     "reproducible": false
 ```
 
+
+### `metadata.https://mobyproject.org/buildkit@v1#hermetic`
+
+This extension field is set to true if the build was hermetic and did not access the network.
+In Dockerfiles, a build is hermetic if it does not use `RUN` commands or disables
+network with `--network=none` flag.
+
+```
+    "metadata": {
+      "https://mobyproject.org/buildkit@v1#hermetic": true,
+      ...
+```
+
 ### `metadata.https://mobyproject.org/buildkit@v1#metadata`
 
 This extension field defines BuildKit-specific additional metadata that is not part of the SLSA provenance spec.