Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-30234

Enterprise contract failure for cluster-api-provider-azure-mce-211

XMLWordPrintable

    • Product / Portfolio Work
    • False
    • Hide

      None

      Show
      None
    • False
    • Critical
    • None

      Description of problem:

      Some EC issues were recently fixed for this component, but today I see this failure:

        ✕ [Violation] tasks.required_untrusted_task_found
          ImageRef: quay.io/redhat-user-workloads/crt-redhat-acm-tenant/cluster-api-provider-azure-mce-211@sha256:f09f895ff1987fa6d49547e0f0aab74025ab7e3269674ace12baf744f4d38357
          Reason: Required task "sast-snyk-check-oci-ta" is required and present but not from a trusted task
          Term: sast-snyk-check-oci-ta
          Title: All required tasks are from trusted tasks
          Description: Ensure that the all required tasks are resolved from trusted tasks. To exclude this rule add
          "tasks.required_untrusted_task_found:sast-snyk-check-oci-ta" to the `exclude` section of the policy configuration.
          Solution: Make sure all required tasks in the build pipeline are resolved from trusted tasks.

        ✕ [Violation] trusted_task.trusted
          ImageRef: quay.io/redhat-user-workloads/crt-redhat-acm-tenant/cluster-api-provider-azure-mce-211@sha256:f09f895ff1987fa6d49547e0f0aab74025ab7e3269674ace12baf744f4d38357
          Reason: Untrusted version of PipelineTask "sast-snyk-check" (Task "sast-snyk-check-oci-ta") was included in build chain
          comprised of: clone-repository, prefetch-dependencies, sast-snyk-check. Please upgrade the task version to:
          sha256:0c2ab8ce6d419400b63dd67d061052ac51de7b1ebe93f8ae86ed07ac638d756d
          Term: sast-snyk-check-oci-ta
          Title: Tasks are trusted
          Description: Check the trust of the Tekton Tasks used in the build Pipeline. There are two modes in which trust is verified. The
          first mode is used if Trusted Artifacts are enabled. In this case, a chain of trust is established for all the Tasks involved in
          creating an artifact. If the chain contains an untrusted Task, then a violation is emitted. The second mode is used as a
          fallback when Trusted Artifacts are not enabled. In this case, *all* Tasks in the build Pipeline must be trusted. To exclude
          this rule add "trusted_task.trusted:sast-snyk-check-oci-ta" to the `exclude` section of the policy configuration.
          Solution: If using Trusted Artifacts, be sure every Task in the build Pipeline responsible for producing a Trusted Artifact is
          trusted. Otherwise, ensure *all* Tasks in the build Pipeline are trusted. Note that trust is eventually revoked from Tasks
          when newer versions are made available.

       

      Version-Release number of selected component (if applicable):

      How reproducible:

      Steps to Reproduce:

      1.  
      2.  
      3. ...

      Actual results:

      Expected results:

      Additional info:

              rhn-engineering-mzazrivec Milan Zazrivec
              gparvin-redhat Gus Parvin
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: