Feature Request: Generate Human-Readable Reports from `witness verify` Outputs

[colek42]

Description

As a user, I need the ability to generate detailed, human-readable reports from the outputs of the witness verify command. These reports should provide comprehensive details about each attestation's steps and fields. Users must have the flexibility to define which attestation fields to display in the report using a YAML file.

Proposed Flags

• Report Generation Flag: --generate-report
• YAML File Specification for Fields: --fields-config
• Report Output File: --report-output
• Report Format: --report-format

Report Configuration Example (YAML)

report:
  title: "Witness Verification Report"
  steps_summary:
    include: true

  attestations:
    - id: "gitlab"
      url: "https://witness.dev/attestations/gitlab/v0.1"
      fields:
        - "jwt.claims.project_id"
        - "jwt.claims.iss"
        - "ciconfigpath"
        - "jwt.verifiedBy.jwksUrl"

    - id: "gcp-iit"
      url: "https://witness.dev/attestations/gcp-iit/v0.1"
      fields:
        - "jwt.claims.iss"
        - "jwt.claims.aud"
        - "jwt.claims.email"
        - "jwt.claims.sub"
        - "jwt.verifiedBy.jwksUrl"
        - "project_id"
        - "project_number"
        - "cluster_name"
        - "cluster_uid"
        - "cluster_location"
        - "zone"

Requirements

• Integrate a new flag --generate-report in witness verify to trigger report generation.
• Allow users to specify the fields for each attestation in a YAML file using --fields-config.
• Enable specifying the output file name/path with --report-output.
• Support various output formats (PDF, HTML) with --report-format.

Expected Behavior

• Running witness verify with --generate-report triggers report generation.
• Users can define the fields for each attestation in a YAML file using --fields-config.
• The tool generates a report in the specified format, containing the chosen fields for each attestation.

Use Cases

• Developers needing reports for internal audits of deployment verifications.
• Security analysts requiring detailed attestation reports for policy compliance.

Additional Context

• The feature should focus on producing easy-to-read and well-formatted outputs.
• The YAML file for fields configuration (--fields-config) allows users to customize the content of their reports based on their specific needs.

[fkautz]

If we generate an attestation of the generated report, we can have cryptographically verifiable physical reports!