Description of problem:

There are many failures. Make sure you have attempted a build with updated pipelines

Some violations are

✕ [Violation] trusted_task.trusted
  ImageRef: quay.io/redhat-user-workloads/crt-redhat-acm-tenant/multicluster-observability-operator-acm-214@sha256:d6299b7ae8749ca79db03eeda6a2ccffd7b3259f9beaad69e29b7986ba235c36
  Reason: Code tampering detected, untrusted PipelineTask "build-source-image" (Task "source-build-oci-ta") was included in build
  chain comprised of: build-source-image, clone-repository, prefetch-dependencies
  Term: source-build-oci-ta
  Title: Tasks are trusted
  Description: Check the trust of the Tekton Tasks used in the build Pipeline. There are two modes in which trust is verified. The
  first mode is used if Trusted Artifacts are enabled. In this case, a chain of trust is established for all the Tasks involved in
  creating an artifact. If the chain contains an untrusted Task, then a violation is emitted. The second mode is used as a
  fallback when Trusted Artifacts are not enabled. In this case, *all* Tasks in the build Pipeline must be trusted. To exclude
  this rule add "trusted_task.trusted:source-build-oci-ta" to the `exclude` section of the policy configuration.
  Solution: If using Trusted Artifacts, be sure every Task in the build Pipeline responsible for producing a Trusted Artifact is
  trusted. Otherwise, ensure *all* Tasks in the build Pipeline are trusted. Note that trust is eventually revoked from Tasks
  when newer versions are made available.

✕ [Violation] slsa_build_scripted_build.image_built_by_trusted_task
  ImageRef: quay.io/redhat-user-workloads/crt-redhat-acm-tenant/multicluster-observability-operator-acm-214@sha256:39c5530e236d590304988469c3b72132a9f4a7fbaacfcd108edf3d76bed21ed1
  Reason: Image
  "quay.io/redhat-user-workloads/crt-redhat-acm-tenant/multicluster-observability-operator-acm-214@sha256:39c5530e236d590304988469c3b72132a9f4a7fbaacfcd108edf3d76bed21ed1"
  not built by a trusted task: Build Task(s) "build-image-index" are not trusted
  Title: Image built by trusted Task
  Description: Verify the digest of the image being validated is reported by a trusted Task in its IMAGE_DIGEST result. To exclude
  this rule add "slsa_build_scripted_build.image_built_by_trusted_task" to the `exclude` section of the policy configuration.
  Solution: Make sure the build Pipeline definition uses a trusted Task to build images.

✕ [Violation] tasks.required_tasks_found
  ImageRef: quay.io/redhat-user-workloads/crt-redhat-acm-tenant/multicluster-observability-operator-acm-214@sha256:39c5530e236d590304988469c3b72132a9f4a7fbaacfcd108edf3d76bed21ed1
  Reason: One of "buildah", "buildah-10gb", "buildah-6gb", "buildah-8gb", "buildah-remote", "buildah-oci-ta",
  "buildah-remote-oci-ta" tasks is missing
  Terms: buildah, buildah-10gb, buildah-6gb, buildah-8gb, buildah-remote, buildah-oci-ta, buildah-remote-oci-ta
  Title: All required tasks were included in the pipeline
  Description: Ensure that the set of required tasks are included in the PipelineRun attestation. To exclude this rule add one or
  more of "tasks.required_tasks_found:buildah", "tasks.required_tasks_found:buildah-10gb",
  "tasks.required_tasks_found:buildah-6gb", "tasks.required_tasks_found:buildah-8gb", "tasks.required_tasks_found:buildah-remote",
  "tasks.required_tasks_found:buildah-oci-ta", "tasks.required_tasks_found:buildah-remote-oci-ta" to the `exclude` section of the
  policy configuration.
  Solution: Make sure all required tasks are in the build pipeline. The required task list is contained as
  https://conforma.dev/docs/ec-cli/configuration.html#_data_sources under the key 'required-tasks'.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

1.  
2.  
3. ...

Actual results:

Expected results:

Additional info: