-
Bug
-
Resolution: Done
-
Blocker
-
None
-
ACM 2.14.0
Description of problem:
There are many failures. Make sure you have attempted a build with updated pipelines
Some violations are
✕ [Violation] slsa_build_scripted_build.image_built_by_trusted_task
ImageRef: quay.io/redhat-user-workloads/crt-redhat-acm-tenant/endpoint-monitoring-operator-acm-214@sha256:b22f886b301ad3d6b4e47313ae0aa85d0126ef95653092f47d98d520ae850505
Reason: Image
"quay.io/redhat-user-workloads/crt-redhat-acm-tenant/endpoint-monitoring-operator-acm-214@sha256:b22f886b301ad3d6b4e47313ae0aa85d0126ef95653092f47d98d520ae850505"
not built by a trusted task: Build Task(s) "build-image-index" are not trusted
Title: Image built by trusted Task
Description: Verify the digest of the image being validated is reported by a trusted Task in its IMAGE_DIGEST result. To exclude
this rule add "slsa_build_scripted_build.image_built_by_trusted_task" to the `exclude` section of the policy configuration.
Solution: Make sure the build Pipeline definition uses a trusted Task to build images.
✕ [Violation] tasks.required_tasks_found
ImageRef: quay.io/redhat-user-workloads/crt-redhat-acm-tenant/endpoint-monitoring-operator-acm-214@sha256:b22f886b301ad3d6b4e47313ae0aa85d0126ef95653092f47d98d520ae850505
Reason: One of "buildah", "buildah-10gb", "buildah-6gb", "buildah-8gb", "buildah-remote", "buildah-oci-ta",
"buildah-remote-oci-ta" tasks is missing
Terms: buildah, buildah-10gb, buildah-6gb, buildah-8gb, buildah-remote, buildah-oci-ta, buildah-remote-oci-ta
Title: All required tasks were included in the pipeline
Description: Ensure that the set of required tasks are included in the PipelineRun attestation. To exclude this rule add one or
more of "tasks.required_tasks_found:buildah", "tasks.required_tasks_found:buildah-10gb",
"tasks.required_tasks_found:buildah-6gb", "tasks.required_tasks_found:buildah-8gb", "tasks.required_tasks_found:buildah-remote",
"tasks.required_tasks_found:buildah-oci-ta", "tasks.required_tasks_found:buildah-remote-oci-ta" to the `exclude` section of the
policy configuration.
Solution: Make sure all required tasks are in the build pipeline. The required task list is contained as
https://conforma.dev/docs/ec-cli/configuration.html#_data_sources under the key 'required-tasks'.
✕ [Violation] tasks.required_tasks_found
ImageRef: quay.io/redhat-user-workloads/crt-redhat-acm-tenant/endpoint-monitoring-operator-acm-214@sha256:b22f886b301ad3d6b4e47313ae0aa85d0126ef95653092f47d98d520ae850505
Reason: Required task "clair-scan" is missing
Term: clair-scan
Title: All required tasks were included in the pipeline
Description: Ensure that the set of required tasks are included in the PipelineRun attestation. To exclude this rule add
"tasks.required_tasks_found:clair-scan" to the `exclude` section of the policy configuration.
Solution: Make sure all required tasks are in the build pipeline. The required task list is contained as
https://conforma.dev/docs/ec-cli/configuration.html#_data_sources under the key 'required-tasks'.
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
- ...
Actual results:
Expected results:
Additional info:
- clones
-
-
- Closed
-