[validate] Results:
[validate] ✕ [Violation] trusted_task.trusted
[validate]   ImageRef: quay.io/redhat-user-workloads/rh-openshift-builds-tenant/openshift-builds/openshift-builds-operator@sha256:7b93bd901a75fdcd70735ca677d163bc7118376885f74c578e8bbf8470ddfaa4
[validate]   Reason: Pipeline task "unit-test" uses an untrusted task reference, <UNKNOWN>@<INLINED>
[validate]   Title: Tasks are trusted
[validate]   Description: Check the trust of the Tekton Tasks used in the build Pipeline. There are two modes in which trust is verified. The
[validate]   first mode is used if Trusted Artifacts are enabled. In this case, a chain of trust is established for all the Tasks involved in
[validate]   creating an artifact. If the chain contains an untrusted Task, then a violation is emitted. The second mode is used as a
[validate]   fallback when Trusted Artifacts are not enabled. In this case, **all** Tasks in the build Pipeline must be trusted. To exclude
[validate]   this rule add "trusted_task.trusted:<NAMELESS>" to the `exclude` section of the policy configuration.
[validate]   Solution: If using Trusted Artifacts, be sure every Task in the build Pipeline responsible for producing a Trusted Artifact is
[validate]   trusted. Otherwise, ensure **all** Tasks in the build Pipeline are trusted. Note that trust is eventually revoked from Tasks
[validate]   when newer versions are made available.
[validate] 
[validate] ✕ [Violation] tasks.required_tasks_found
[validate]   ImageRef: quay.io/redhat-user-workloads/rh-openshift-builds-tenant/openshift-builds/openshift-builds-operator-bundle@sha256:2d087e78bc05f8dd37f6b8b6ebaba8d8202916379dd1ede71cb10d8d6e81f9f0
[validate]   Reason: One of "prefetch-dependencies", "prefetch-dependencies-oci-ta" tasks is missing
[validate]   Title: All required tasks were included in the pipeline
[validate]   Description: Ensure that the set of required tasks are included in the PipelineRun attestation. To exclude this rule add one or
[validate]   more of "tasks.required_tasks_found:prefetch-dependencies", "tasks.required_tasks_found:prefetch-dependencies-oci-ta" to the
[validate]   `exclude` section of the policy configuration.
[validate]   Solution: Make sure all required tasks are in the build pipeline. The required task list is contained as
[validate]   xref:ec-cli:ROOT:configuration.adoc#_data_sources[data] under the key 'required-tasks'.
[validate] 
[validate] ✕ [Violation] slsa_build_scripted_build.image_built_by_trusted_task
[validate]   ImageRef: quay.io/redhat-user-workloads/rh-openshift-builds-tenant/openshift-builds/openshift-builds-controller@sha256:327990dbddd05f66982e1d2729be9b7bae37a1f2f2aa6624d48b7b73d26cb4a8
[validate]   Reason: Image
[validate]   "quay.io/redhat-user-workloads/rh-openshift-builds-tenant/openshift-builds/openshift-builds-controller@sha256:327990dbddd05f66982e1d2729be9b7bae37a1f2f2aa6624d48b7b73d26cb4a8"
[validate]   not built by a trusted task: Build Task(s) "buildah" are not trusted
[validate]   Title: Image built by trusted Task
[validate]   Description: Verify the digest of the image being validated is reported by a trusted Task in its IMAGE_DIGEST result. To exclude
[validate]   this rule add "slsa_build_scripted_build.image_built_by_trusted_task" to the `exclude` section of the policy configuration.
[validate]   Solution: Make sure the build Pipeline definition uses a trusted Task to build images.
[validate] 
[validate] ✕ [Violation] tasks.required_tasks_found
[validate]   ImageRef: quay.io/redhat-user-workloads/rh-openshift-builds-tenant/openshift-builds/openshift-builds-controller@sha256:327990dbddd05f66982e1d2729be9b7bae37a1f2f2aa6624d48b7b73d26cb4a8
[validate]   Reason: One of "buildah", "buildah-10gb", "buildah-6gb", "buildah-8gb", "buildah-remote", "buildah-oci-ta",
[validate]   "buildah-remote-oci-ta" tasks is missing
[validate]   Title: All required tasks were included in the pipeline
[validate]   Description: Ensure that the set of required tasks are included in the PipelineRun attestation. To exclude this rule add one or
[validate]   more of "tasks.required_tasks_found:buildah", "tasks.required_tasks_found:buildah-10gb",
[validate]   "tasks.required_tasks_found:buildah-6gb", "tasks.required_tasks_found:buildah-8gb", "tasks.required_tasks_found:buildah-remote",
[validate]   "tasks.required_tasks_found:buildah-oci-ta", "tasks.required_tasks_found:buildah-remote-oci-ta" to the `exclude` section of the
[validate]   policy configuration.
[validate]   Solution: Make sure all required tasks are in the build pipeline. The required task list is contained as
[validate]   xref:ec-cli:ROOT:configuration.adoc#_data_sources[data] under the key 'required-tasks'.
[validate] 
[validate] ✕ [Violation] tasks.required_tasks_found
[validate]   ImageRef: quay.io/redhat-user-workloads/rh-openshift-builds-tenant/openshift-builds/openshift-builds-controller@sha256:327990dbddd05f66982e1d2729be9b7bae37a1f2f2aa6624d48b7b73d26cb4a8
[validate]   Reason: Required task "clair-scan" is missing
[validate]   Title: All required tasks were included in the pipeline
[validate]   Description: Ensure that the set of required tasks are included in the PipelineRun attestation. To exclude this rule add
[validate]   "tasks.required_tasks_found:clair-scan" to the `exclude` section of the policy configuration.
[validate]   Solution: Make sure all required tasks are in the build pipeline. The required task list is contained as
[validate]   xref:ec-cli:ROOT:configuration.adoc#_data_sources[data] under the key 'required-tasks'.
[validate] 
[validate] ✕ [Violation] tasks.required_tasks_found
[validate]   ImageRef: quay.io/redhat-user-workloads/rh-openshift-builds-tenant/openshift-builds/openshift-builds-controller@sha256:327990dbddd05f66982e1d2729be9b7bae37a1f2f2aa6624d48b7b73d26cb4a8
[validate]   Reason: Required task "clamav-scan" is missing
[validate]   Title: All required tasks were included in the pipeline
[validate]   Description: Ensure that the set of required tasks are included in the PipelineRun attestation. To exclude this rule add
[validate]   "tasks.required_tasks_found:clamav-scan" to the `exclude` section of the policy configuration.
[validate]   Solution: Make sure all required tasks are in the build pipeline. The required task list is contained as
[validate]   xref:ec-cli:ROOT:configuration.adoc#_data_sources[data] under the key 'required-tasks'.
[validate] 
[validate] ✕ [Violation] tasks.required_tasks_found
[validate]   ImageRef: quay.io/redhat-user-workloads/rh-openshift-builds-tenant/openshift-builds/openshift-builds-controller@sha256:327990dbddd05f66982e1d2729be9b7bae37a1f2f2aa6624d48b7b73d26cb4a8
[validate]   Reason: Required task "deprecated-image-check" is missing
[validate]   Title: All required tasks were included in the pipeline
[validate]   Description: Ensure that the set of required tasks are included in the PipelineRun attestation. To exclude this rule add
[validate]   "tasks.required_tasks_found:deprecated-image-check" to the `exclude` section of the policy configuration.
[validate]   Solution: Make sure all required tasks are in the build pipeline. The required task list is contained as
[validate]   xref:ec-cli:ROOT:configuration.adoc#_data_sources[data] under the key 'required-tasks'.
[validate] 
[validate] ✕ [Violation] tasks.required_tasks_found
[validate]   ImageRef: quay.io/redhat-user-workloads/rh-openshift-builds-tenant/openshift-builds/openshift-builds-controller@sha256:327990dbddd05f66982e1d2729be9b7bae37a1f2f2aa6624d48b7b73d26cb4a8
[validate]   Reason: One of "prefetch-dependencies", "prefetch-dependencies-oci-ta" tasks is missing
[validate]   Title: All required tasks were included in the pipeline
[validate]   Description: Ensure that the set of required tasks are included in the PipelineRun attestation. To exclude this rule add one or
[validate]   more of "tasks.required_tasks_found:prefetch-dependencies", "tasks.required_tasks_found:prefetch-dependencies-oci-ta" to the
[validate]   `exclude` section of the policy configuration.
[validate]   Solution: Make sure all required tasks are in the build pipeline. The required task list is contained as
[validate]   xref:ec-cli:ROOT:configuration.adoc#_data_sources[data] under the key 'required-tasks'.
[validate] 
[validate] ✕ [Violation] tasks.required_tasks_found
[validate]   ImageRef: quay.io/redhat-user-workloads/rh-openshift-builds-tenant/openshift-builds/openshift-builds-controller@sha256:327990dbddd05f66982e1d2729be9b7bae37a1f2f2aa6624d48b7b73d26cb4a8
[validate]   Reason: One of "sast-snyk-check", "sast-snyk-check-oci-ta" tasks is missing
[validate]   Title: All required tasks were included in the pipeline
[validate]   Description: Ensure that the set of required tasks are included in the PipelineRun attestation. To exclude this rule add one or
[validate]   more of "tasks.required_tasks_found:sast-snyk-check", "tasks.required_tasks_found:sast-snyk-check-oci-ta" to the `exclude`
[validate]   section of the policy configuration.
[validate]   Solution: Make sure all required tasks are in the build pipeline. The required task list is contained as
[validate]   xref:ec-cli:ROOT:configuration.adoc#_data_sources[data] under the key 'required-tasks'.
[validate] 
[validate] ✕ [Violation] tasks.required_tasks_found
[validate]   ImageRef: quay.io/redhat-user-workloads/rh-openshift-builds-tenant/openshift-builds/openshift-builds-controller@sha256:327990dbddd05f66982e1d2729be9b7bae37a1f2f2aa6624d48b7b73d26cb4a8
[validate]   Reason: Required task "show-sbom" is missing
[validate]   Title: All required tasks were included in the pipeline
[validate]   Description: Ensure that the set of required tasks are included in the PipelineRun attestation. To exclude this rule add
[validate]   "tasks.required_tasks_found:show-sbom" to the `exclude` section of the policy configuration.
[validate]   Solution: Make sure all required tasks are in the build pipeline. The required task list is contained as
[validate]   xref:ec-cli:ROOT:configuration.adoc#_data_sources[data] under the key 'required-tasks'.
[validate] 
[validate] ✕ [Violation] trusted_task.trusted
[validate]   ImageRef: quay.io/redhat-user-workloads/rh-openshift-builds-tenant/openshift-builds/openshift-builds-controller@sha256:327990dbddd05f66982e1d2729be9b7bae37a1f2f2aa6624d48b7b73d26cb4a8
[validate]   Reason: Pipeline task "build-container" uses an untrusted task reference,
[validate]   oci://quay.io/konflux-ci/tekton-catalog/task-buildah:0.2@sha256:f93024e3dbcd41dcf1d7e30b3151032808211c39ad0a5ea03ea9c4d5274fa8dd
[validate]   Title: Tasks are trusted
[validate]   Description: Check the trust of the Tekton Tasks used in the build Pipeline. There are two modes in which trust is verified. The
[validate]   first mode is used if Trusted Artifacts are enabled. In this case, a chain of trust is established for all the Tasks involved in
[validate]   creating an artifact. If the chain contains an untrusted Task, then a violation is emitted. The second mode is used as a
[validate]   fallback when Trusted Artifacts are not enabled. In this case, **all** Tasks in the build Pipeline must be trusted. To exclude
[validate]   this rule add "trusted_task.trusted:buildah" to the `exclude` section of the policy configuration.
[validate]   Solution: If using Trusted Artifacts, be sure every Task in the build Pipeline responsible for producing a Trusted Artifact is
[validate]   trusted. Otherwise, ensure **all** Tasks in the build Pipeline are trusted. Note that trust is eventually revoked from Tasks
[validate]   when newer versions are made available.
[validate] 
[validate] ✕ [Violation] trusted_task.trusted
[validate]   ImageRef: quay.io/redhat-user-workloads/rh-openshift-builds-tenant/openshift-builds/openshift-builds-controller@sha256:327990dbddd05f66982e1d2729be9b7bae37a1f2f2aa6624d48b7b73d26cb4a8
[validate]   Reason: Pipeline task "clair-scan" uses an untrusted task reference,
[validate]   oci://quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1@sha256:a13278c3ee419db573a3919d8f86091497d2e7b52b5a800c2767c265df51c58a
[validate]   Title: Tasks are trusted
[validate]   Description: Check the trust of the Tekton Tasks used in the build Pipeline. There are two modes in which trust is verified. The
[validate]   first mode is used if Trusted Artifacts are enabled. In this case, a chain of trust is established for all the Tasks involved in
[validate]   creating an artifact. If the chain contains an untrusted Task, then a violation is emitted. The second mode is used as a
[validate]   fallback when Trusted Artifacts are not enabled. In this case, **all** Tasks in the build Pipeline must be trusted. To exclude
[validate]   this rule add "trusted_task.trusted:clair-scan" to the `exclude` section of the policy configuration.
[validate]   Solution: If using Trusted Artifacts, be sure every Task in the build Pipeline responsible for producing a Trusted Artifact is
[validate]   trusted. Otherwise, ensure **all** Tasks in the build Pipeline are trusted. Note that trust is eventually revoked from Tasks
[validate]   when newer versions are made available.
[validate] 
[validate] ✕ [Violation] trusted_task.trusted
[validate]   ImageRef: quay.io/redhat-user-workloads/rh-openshift-builds-tenant/openshift-builds/openshift-builds-controller@sha256:327990dbddd05f66982e1d2729be9b7bae37a1f2f2aa6624d48b7b73d26cb4a8
[validate]   Reason: Pipeline task "clamav-scan" uses an untrusted task reference,
[validate]   oci://quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:a5742024c2755d3636110aea0b86d298660bb8b7708894674baec16bb90b7106
[validate]   Title: Tasks are trusted
[validate]   Description: Check the trust of the Tekton Tasks used in the build Pipeline. There are two modes in which trust is verified. The
[validate]   first mode is used if Trusted Artifacts are enabled. In this case, a chain of trust is established for all the Tasks involved in
[validate]   creating an artifact. If the chain contains an untrusted Task, then a violation is emitted. The second mode is used as a
[validate]   fallback when Trusted Artifacts are not enabled. In this case, **all** Tasks in the build Pipeline must be trusted. To exclude
[validate]   this rule add "trusted_task.trusted:clamav-scan" to the `exclude` section of the policy configuration.
[validate]   Solution: If using Trusted Artifacts, be sure every Task in the build Pipeline responsible for producing a Trusted Artifact is
[validate]   trusted. Otherwise, ensure **all** Tasks in the build Pipeline are trusted. Note that trust is eventually revoked from Tasks
[validate]   when newer versions are made available.
[validate] 
[validate] ✕ [Violation] trusted_task.trusted
[validate]   ImageRef: quay.io/redhat-user-workloads/rh-openshift-builds-tenant/openshift-builds/openshift-builds-controller@sha256:327990dbddd05f66982e1d2729be9b7bae37a1f2f2aa6624d48b7b73d26cb4a8
[validate]   Reason: Pipeline task "deprecated-base-image-check" uses an untrusted task reference,
[validate]   oci://quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:ea275aeb7d204ef203a67e6a45a4902479afc1d906d2120f0d8c77d9541ea850
[validate]   Title: Tasks are trusted
[validate]   Description: Check the trust of the Tekton Tasks used in the build Pipeline. There are two modes in which trust is verified. The
[validate]   first mode is used if Trusted Artifacts are enabled. In this case, a chain of trust is established for all the Tasks involved in
[validate]   creating an artifact. If the chain contains an untrusted Task, then a violation is emitted. The second mode is used as a
[validate]   fallback when Trusted Artifacts are not enabled. In this case, **all** Tasks in the build Pipeline must be trusted. To exclude
[validate]   this rule add "trusted_task.trusted:deprecated-image-check" to the `exclude` section of the policy configuration.
[validate]   Solution: If using Trusted Artifacts, be sure every Task in the build Pipeline responsible for producing a Trusted Artifact is
[validate]   trusted. Otherwise, ensure **all** Tasks in the build Pipeline are trusted. Note that trust is eventually revoked from Tasks
[validate]   when newer versions are made available.
[validate] 
[validate] ✕ [Violation] trusted_task.trusted
[validate]   ImageRef: quay.io/redhat-user-workloads/rh-openshift-builds-tenant/openshift-builds/openshift-builds-controller@sha256:327990dbddd05f66982e1d2729be9b7bae37a1f2f2aa6624d48b7b73d26cb4a8
[validate]   Reason: Pipeline task "prefetch-dependencies" uses an untrusted task reference,
[validate]   oci://quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:398d8333d30ea25ec1f766009c960df8dd42e0e3af7b2d782236dbde9a9f4bd9
[validate]   Title: Tasks are trusted
[validate]   Description: Check the trust of the Tekton Tasks used in the build Pipeline. There are two modes in which trust is verified. The
[validate]   first mode is used if Trusted Artifacts are enabled. In this case, a chain of trust is established for all the Tasks involved in
[validate]   creating an artifact. If the chain contains an untrusted Task, then a violation is emitted. The second mode is used as a
[validate]   fallback when Trusted Artifacts are not enabled. In this case, **all** Tasks in the build Pipeline must be trusted. To exclude
[validate]   this rule add "trusted_task.trusted:prefetch-dependencies" to the `exclude` section of the policy configuration.
[validate]   Solution: If using Trusted Artifacts, be sure every Task in the build Pipeline responsible for producing a Trusted Artifact is
[validate]   trusted. Otherwise, ensure **all** Tasks in the build Pipeline are trusted. Note that trust is eventually revoked from Tasks
[validate]   when newer versions are made available.
[validate] 
[validate] ✕ [Violation] trusted_task.trusted
[validate]   ImageRef: quay.io/redhat-user-workloads/rh-openshift-builds-tenant/openshift-builds/openshift-builds-controller@sha256:327990dbddd05f66982e1d2729be9b7bae37a1f2f2aa6624d48b7b73d26cb4a8
[validate]   Reason: Pipeline task "sast-snyk-check" uses an untrusted task reference,
[validate]   oci://quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.1@sha256:d68390c8d771a50dcc99841ae224d18f36b677d9da6ad9bf8972878bde5f0f8f
[validate]   Title: Tasks are trusted
[validate]   Description: Check the trust of the Tekton Tasks used in the build Pipeline. There are two modes in which trust is verified. The
[validate]   first mode is used if Trusted Artifacts are enabled. In this case, a chain of trust is established for all the Tasks involved in
[validate]   creating an artifact. If the chain contains an untrusted Task, then a violation is emitted. The second mode is used as a
[validate]   fallback when Trusted Artifacts are not enabled. In this case, **all** Tasks in the build Pipeline must be trusted. To exclude
[validate]   this rule add "trusted_task.trusted:sast-snyk-check" to the `exclude` section of the policy configuration.
[validate]   Solution: If using Trusted Artifacts, be sure every Task in the build Pipeline responsible for producing a Trusted Artifact is
[validate]   trusted. Otherwise, ensure **all** Tasks in the build Pipeline are trusted. Note that trust is eventually revoked from Tasks
[validate]   when newer versions are made available.
[validate] 
[validate] ✕ [Violation] trusted_task.trusted
[validate]   ImageRef: quay.io/redhat-user-workloads/rh-openshift-builds-tenant/openshift-builds/openshift-builds-controller@sha256:327990dbddd05f66982e1d2729be9b7bae37a1f2f2aa6624d48b7b73d26cb4a8
[validate]   Reason: Pipeline task "show-sbom" uses an untrusted task reference,
[validate]   oci://quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:7f8b5499a21de9aca718d0cf2e170949af6b30cacf882d64983471a2c673b1da
[validate]   Title: Tasks are trusted
[validate]   Description: Check the trust of the Tekton Tasks used in the build Pipeline. There are two modes in which trust is verified. The
[validate]   first mode is used if Trusted Artifacts are enabled. In this case, a chain of trust is established for all the Tasks involved in
[validate]   creating an artifact. If the chain contains an untrusted Task, then a violation is emitted. The second mode is used as a
[validate]   fallback when Trusted Artifacts are not enabled. In this case, **all** Tasks in the build Pipeline must be trusted. To exclude
[validate]   this rule add "trusted_task.trusted:show-sbom" to the `exclude` section of the policy configuration.
[validate]   Solution: If using Trusted Artifacts, be sure every Task in the build Pipeline responsible for producing a Trusted Artifact is
[validate]   trusted. Otherwise, ensure **all** Tasks in the build Pipeline are trusted. Note that trust is eventually revoked from Tasks
[validate]   when newer versions are made available.