Description of problem:

Konflux components failing EC checks are:

• cluster-api-provider-openshift-assisted-control-plane-mce-29
• cluster-api-provider-openshift-assisted-bootstrap-mce-29

An example violation indicating konflux wants you to upgrade a task:

✕ [Violation] trusted_task.trusted
  ImageRef: quay.io/redhat-user-workloads/crt-redhat-acm-tenant/cluster-api-provider-openshift-assisted-bootstrap-mce-29@sha256:3dfbdf79c303cd39d1994c319f92ab411c8c5e4d85874df4e9649f3883bda629
  Reason: Untrusted version of PipelineTask "rpms-signature-scan" (Task "rpms-signature-scan") was included in build chain
  comprised of: rpms-signature-scan. Please upgrade the task version to:
  sha256:1b6c20ab3dbfb0972803d3ebcb2fa72642e59400c77bd66dfd82028bdd09e120
  Term: rpms-signature-scan
  Title: Tasks are trusted
  Description: Check the trust of the Tekton Tasks used in the build Pipeline. There are two modes in which trust is verified. The
  first mode is used if Trusted Artifacts are enabled. In this case, a chain of trust is established for all the Tasks involved in
  creating an artifact. If the chain contains an untrusted Task, then a violation is emitted. The second mode is used as a
  fallback when Trusted Artifacts are not enabled. In this case, *all* Tasks in the build Pipeline must be trusted. To exclude
  this rule add "trusted_task.trusted:rpms-signature-scan" to the `exclude` section of the policy configuration.
  Solution: If using Trusted Artifacts, be sure every Task in the build Pipeline responsible for producing a Trusted Artifact is
  trusted. Otherwise, ensure *all* Tasks in the build Pipeline are trusted. Note that trust is eventually revoked from Tasks
  when newer versions are made available.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

1.  
2.  
3. ...

Actual results:

Expected results:

Additional info: