2026-06-30T05:29:26.061438Z INFO vector::app: Log level is enabled. level="info" 2026-06-30T05:29:26.061860Z INFO vector::app: Loading configs. paths=["/etc/vector"] 2026-06-30T05:29:26.064543Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}: vector::sources::kubernetes_logs: Obtained Kubernetes Node name to collect logs for (self). self_node_name="ip-10-0-157-12.ec2.internal" 2026-06-30T05:29:26.071090Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}: vector::sources::kubernetes_logs: Including matching files. ret=["**/*"] 2026-06-30T05:29:26.071105Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}: vector::sources::kubernetes_logs: Excluding matching files. ret=["**/*.gz", "**/*.tmp"] 2026-06-30T05:29:26.073192Z INFO vector::topology::running: Running healthchecks. 2026-06-30T05:29:26.073252Z INFO vector: Vector has started. debug="false" version="0.45.0" arch="x86_64" revision="063cabb 2025-02-24 14:52:02.810034614" 2026-06-30T05:29:26.073263Z INFO vector::topology::builder: Healthcheck passed. 2026-06-30T05:29:26.074581Z INFO vector::internal_events::api: API server running. address=127.0.0.1:8686 playground=off graphql=http://127.0.0.1:8686/graphql 2026-06-30T05:29:26.074579Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: file_source::checkpointer: Attempting to read legacy checkpoint files. 2026-06-30T05:44:52.272921Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_buildah-demo-xnywurbidh-clone-repository-pod_ac60e003-313e-4644-81b0-278303b92c57/prepare/0.log 2026-06-30T05:44:52.793167Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_buildah-demo-xnywurbidh-clone-repository-pod_ac60e003-313e-4644-81b0-278303b92c57/place-scripts/0.log 2026/06/30 05:44:52 Entrypoint initialization 2026/06/30 05:44:52 Decoded script /tekton/scripts/script-0-wfrcp 2026-06-30T05:45:05.097947Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_buildah-demo-xnywurbidh-clone-repository-pod_ac60e003-313e-4644-81b0-278303b92c57/step-clone/0.log 2026-06-30T05:45:07.146893Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_buildah-demo-xnywurbidh-clone-repository-pod_ac60e003-313e-4644-81b0-278303b92c57/step-clone/0.log INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' time="2026-06-30T05:45:08Z" level=info msg="[param] url: https://github.com/conforma/golden-container.git" time="2026-06-30T05:45:08Z" level=info msg="[param] depth: 1" time="2026-06-30T05:45:08Z" level=info msg="[param] short-commit-length: 7" time="2026-06-30T05:45:08Z" level=info msg="[param] subdirectory: source" time="2026-06-30T05:45:08Z" level=info msg="[param] delete-existing: true" time="2026-06-30T05:45:08Z" level=info msg="[param] target-branch: main" time="2026-06-30T05:45:08Z" level=info msg="[param] merge-commit-author-name: Konflux CI Git Clone" time="2026-06-30T05:45:08Z" level=info msg="[param] merge-commit-author-email: git-clone@konflux-ci.dev" time="2026-06-30T05:45:08Z" level=info msg="[param] output-dir: /workspace/output" time="2026-06-30T05:45:08Z" level=info msg="[param] retry-max-attempts: 10" 2026-06-30T05:45:10.238665Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_buildah-demo-xnywurbidh-prefetch-dependencies-pod_794a9ff2-b8f0-44a1-b9c2-e532ed4e75c2/prepare/0.log 2026-06-30T05:45:10.758547Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_buildah-demo-xnywurbidh-prefetch-dependencies-pod_794a9ff2-b8f0-44a1-b9c2-e532ed4e75c2/place-scripts/0.log 2026/06/30 05:45:09 Entrypoint initialization 2026/06/30 05:45:10 Decoded script /tekton/scripts/script-0-7fth7 2026-06-30T05:45:25.111216Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_buildah-demo-xnywurbidh-prefetch-dependencies-pod_794a9ff2-b8f0-44a1-b9c2-e532ed4e75c2/step-prefetch-dependencies/0.log 2026-06-30T05:45:27.160089Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_buildah-demo-xnywurbidh-prefetch-dependencies-pod_794a9ff2-b8f0-44a1-b9c2-e532ed4e75c2/step-prefetch-dependencies/0.log Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using mounted service CA bundle: /mnt/service-ca/ca-bundle.crt '/mnt/service-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/service-ca.crt' time="2026-06-30T05:45:27Z" level=debug msg="Starting prefetch-dependencies" time="2026-06-30T05:45:27Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-06-30T05:45:27Z" level=info msg="Not using package registry proxy because allow-package-registry-proxy is not set to `true` on the cluster level" logger=PrefetchDependencies time="2026-06-30T05:45:27Z" level=info msg="[param] source-dir: /workspace/source/source" time="2026-06-30T05:45:27Z" level=info msg="[param] output-dir: /workspace/source/cachi2/output" time="2026-06-30T05:45:27Z" level=info msg="[param] sbom-format: spdx" time="2026-06-30T05:45:27Z" level=info msg="[param] mode: strict" time="2026-06-30T05:45:27Z" level=info msg="[param] output-dir-mount-point: /cachi2/output" time="2026-06-30T05:45:27Z" level=info msg="[param] env-files: [/workspace/source/cachi2/cachi2.env /workspace/source/cachi2/prefetch.env /workspace/source/cachi2/prefetch-env.json]" time="2026-06-30T05:45:28Z" level=info msg="hermeto [stdout] hermeto 0.55.0" time="2026-06-30T05:45:28Z" level=warning msg="No input provided; skipping prefetch-dependencies" logger=PrefetchDependencies time="2026-06-30T05:45:28Z" level=debug msg="Finished prefetch-dependencies" 2026-06-30T05:45:32.884983Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_buildah-demo-xnywurbidh-build-container-pod_f2489a3a-cc9a-4504-ad3b-0a9a4600b55d/place-scripts/0.log 2026-06-30T05:45:32.885043Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_buildah-demo-xnywurbidh-build-container-pod_f2489a3a-cc9a-4504-ad3b-0a9a4600b55d/prepare/0.log 2026-06-30T05:45:34.943173Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_buildah-demo-xnywurbidh-build-container-pod_f2489a3a-cc9a-4504-ad3b-0a9a4600b55d/working-dir-initializer/0.log 2026/06/30 05:45:31 Decoded script /tekton/scripts/script-0-9q82x 2026/06/30 05:45:31 Decoded script /tekton/scripts/script-1-xf4rp 2026/06/30 05:45:31 Decoded script /tekton/scripts/script-2-57qvm 2026/06/30 05:45:31 Decoded script /tekton/scripts/script-3-zxff9 2026/06/30 05:45:31 Decoded script /tekton/scripts/script-4-hgrh6 2026/06/30 05:45:31 Entrypoint initialization 2026-06-30T05:45:39.041590Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_buildah-demo-xnywurbidh-build-container-pod_f2489a3a-cc9a-4504-ad3b-0a9a4600b55d/step-build/0.log 2026-06-30T05:45:41.091239Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_buildah-demo-xnywurbidh-build-container-pod_f2489a3a-cc9a-4504-ad3b-0a9a4600b55d/step-push/0.log 2026-06-30T05:45:51.338161Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_buildah-demo-xnywurbidh-build-container-pod_f2489a3a-cc9a-4504-ad3b-0a9a4600b55d/step-sbom-syft-generate/0.log 2026-06-30T05:46:01.586643Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_buildah-demo-xnywurbidh-build-container-pod_f2489a3a-cc9a-4504-ad3b-0a9a4600b55d/step-prepare-sboms/0.log 2026-06-30T05:46:01.586684Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_buildah-demo-xnywurbidh-build-container-pod_f2489a3a-cc9a-4504-ad3b-0a9a4600b55d/step-upload-sbom/0.log 2026-06-30T05:46:03.636737Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_buildah-demo-xnywurbidh-build-container-pod_f2489a3a-cc9a-4504-ad3b-0a9a4600b55d/step-build/0.log [2026-06-30T05:46:03,600702487+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-06-30T05:46:03,603611990+00:00] Update CA trust [2026-06-30T05:46:05,725656095+00:00] Prepare system (architecture: x86_64) Effective container policy: { "default": [ { "type": "insecureAcceptAnything" } ], "transports": { "docker-daemon": { "": [ { "type": "insecureAcceptAnything" } ] } } } [2026-06-30T05:46:05,735926921+00:00] Run the build [2026-06-30T05:46:05,738492397+00:00] konflux-build-cli image build -f /workspace/source/source/./Containerfile -t quay.io/redhat-appstudio-qe/test-images:buildah-demo-xnywurbidh --source source --context . --secret-dirs src=/additional-secret\,name=does-not-exist\,optional=true --workdir-mount '' --target '' --inherit-labels=true --source-date-epoch '' --rewrite-timestamp=false --squash=false --omit-history=false --image-source https://github.com/conforma/golden-container.git --image-revision 1170f583db17b9db20e993f89d6907dab9acc06f --quay-image-expires-after '' --build-args-file '' --annotations-file '' --legacy-build-timestamp '' --add-legacy-labels --include-legacy-buildinfo-path=true --skip-injections=false --skip-unused-stages=true --hermetic=false --image-pull-proxy '' --image-pull-noproxy '' --yum-repos-d-sources --yum-repos-d-target /etc/yum.repos.d --prefetch-dir '' --prefetch-dir-copy '' --prefetch-env-mount /cachi2/cachi2.env --prefetch-output-mount /cachi2/output --security-opts unmask=/proc/interrupts --rhsm-entitlements=/entitlement --containerfile-json-output /shared/parsed_dockerfile.json --resolved-base-images-output /shared/base_images_digests --no-cache --ulimits nofile=4096:4096 --src-tls-verify=true --dest-tls-verify=true --allow-cross-platform-images=false --build-args --envs --labels --annotations time="2026-06-30T05:46:05Z" level=info msg="[param] containerfile: /workspace/source/source/./Containerfile" time="2026-06-30T05:46:05Z" level=info msg="[param] context: ." time="2026-06-30T05:46:05Z" level=info msg="[param] source: source" time="2026-06-30T05:46:05Z" level=info msg="[param] output-ref: quay.io/redhat-appstudio-qe/test-images:buildah-demo-xnywurbidh" time="2026-06-30T05:46:05Z" level=info msg="[param] secret-dirs: [src=/additional-secret,name=does-not-exist,optional=true]" time="2026-06-30T05:46:05Z" level=info msg="[param] image-source: https://github.com/conforma/golden-container.git" time="2026-06-30T05:46:05Z" level=info msg="[param] image-revision: 1170f583db17b9db20e993f89d6907dab9acc06f" time="2026-06-30T05:46:05Z" level=info msg="[param] add-legacy-labels: true" time="2026-06-30T05:46:05Z" level=info msg="[param] containerfile-json-output: /shared/parsed_dockerfile.json" time="2026-06-30T05:46:05Z" level=info msg="[param] include-legacy-buildinfo-path: true" time="2026-06-30T05:46:05Z" level=info msg="[param] yum-repos-d-target: /etc/yum.repos.d" time="2026-06-30T05:46:05Z" level=info msg="[param] prefetch-output-mount: /cachi2/output" time="2026-06-30T05:46:05Z" level=info msg="[param] prefetch-env-mount: /cachi2/cachi2.env" time="2026-06-30T05:46:05Z" level=info msg="[param] resolved-base-images-output: /shared/base_images_digests" time="2026-06-30T05:46:05Z" level=info msg="[param] rhsm-entitlements: /entitlement" time="2026-06-30T05:46:05Z" level=info msg="[param] rhsm-mount-ca-certs: auto" time="2026-06-30T05:46:05Z" level=info msg="[param] no-cache: true" time="2026-06-30T05:46:05Z" level=info msg="[param] security-opts: [unmask=/proc/interrupts]" time="2026-06-30T05:46:05Z" level=info msg="[param] ulimits: [nofile=4096:4096]" 2026-06-30T05:46:32.347549Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_buildah-demo-xnywurbidh-build-container-pod_f2489a3a-cc9a-4504-ad3b-0a9a4600b55d/step-push/0.log [2026-06-30T05:46:30,966446058+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' time="2026-06-30T05:46:26Z" level=info msg="buildah [stderr] Trying to pull registry.access.redhat.com/ubi9/ubi-micro@sha256:414cfa255ea10eaef4528a26d5618eb67cf487b635ee20f8f14b9317bfd6a4be..." time="2026-06-30T05:46:27Z" level=info msg="buildah [stderr] Getting image source signatures" time="2026-06-30T05:46:29Z" level=info msg="buildah [stderr] Checking if image destination supports signatures" time="2026-06-30T05:46:29Z" level=info msg="buildah [stderr] Copying blob sha256:a6ea345e47d8c80d172b8dedf5a286e29024b63b1af4934e688b7d12a0c8ab6b" time="2026-06-30T05:46:29Z" level=info msg="buildah [stderr] Copying blob sha256:61c3e70d16b0534e4cf004a9c336e4ae8ee348580cca7a8fe487aa088ea63d12" time="2026-06-30T05:46:29Z" level=info msg="buildah [stderr] Copying config sha256:6922b7871a144fd939d85d27a53dd7a3790bb5078ea10bdc683da0f9b2e62728" time="2026-06-30T05:46:29Z" level=info msg="buildah [stderr] Writing manifest to image destination" time="2026-06-30T05:46:29Z" level=info msg="buildah [stderr] Storing signatures" time="2026-06-30T05:46:29Z" level=info msg="buildah [stdout] 6922b7871a144fd939d85d27a53dd7a3790bb5078ea10bdc683da0f9b2e62728" time="2026-06-30T05:46:29Z" level=info msg="Injecting buildinfo: added labels.json" time="2026-06-30T05:46:29Z" level=info msg="Injecting buildinfo: no prefetch SBOM found, not adding content-sets.json" time="2026-06-30T05:46:29Z" level=info msg="Building container image..." time="2026-06-30T05:46:29Z" level=info msg="buildah [stderr] time=\"2026-06-30T05:46:29Z\" level=warning msg=\"missing \\\"GIT_ID\\\" build argument. Try adding \\\"--build-arg GIT_ID=\\\" to the command line\"" time="2026-06-30T05:46:29Z" level=info msg="buildah [stderr] time=\"2026-06-30T05:46:29Z\" level=warning msg=\"missing \\\"BUILD_DATE\\\" build argument. Try adding \\\"--build-arg BUILD_DATE=\\\" to the command line\"" time="2026-06-30T05:46:29Z" level=info msg="buildah [stdout] STEP 1/8: FROM registry.access.redhat.com/ubi9/ubi-micro:latest@sha256:414cfa255ea10eaef4528a26d5618eb67cf487b635ee20f8f14b9317bfd6a4be" time="2026-06-30T05:46:29Z" level=info msg="buildah [stdout] STEP 2/8: ARG GIT_ID" time="2026-06-30T05:46:29Z" level=info msg="buildah [stdout] STEP 3/8: ARG TARGETARCH" time="2026-06-30T05:46:29Z" level=info msg="buildah [stdout] STEP 4/8: ARG BUILD_DATE" time="2026-06-30T05:46:29Z" level=info msg="buildah [stdout] STEP 5/8: LABEL name=\"Enterprise Contract Golden Container\" vendor=\"Red Hat, Inc.\" maintainer=\"hacbs-contract@redhat.com\" version=\"1\" release=\"1\" build-date=$BUILD_DATE summary=\"Trivial image build in compliance with Enterprise Contract policy\" description=\"Trivial image build in compliance with Enterprise Contract policy\" url=\"https://github.com/enterprise-contract/golden-container\" distribution-scope=\"public\" io.k8s.description=\"Trivial image build in compliance with Enterprise Contract policy\" io.k8s.display-name=\"Enterprise Contract Contract Golden Container\" io.openshift.tags=\"golden\" vcs-ref=$GIT_ID vcs-type=git architecture=$TARGETARCH com.redhat.component=\"enterprise-contract-golden-container\" com.redhat.build-host=\"somewhere.over.the.rainbow\"" time="2026-06-30T05:46:29Z" level=info msg="buildah [stdout] STEP 6/8: COPY --from=.konflux-buildinfo . /usr/share/buildinfo/" time="2026-06-30T05:46:29Z" level=info msg="buildah [stdout] STEP 7/8: COPY --from=.konflux-buildinfo . /root/buildinfo/" time="2026-06-30T05:46:29Z" level=info msg="buildah [stdout] STEP 8/8: LABEL \"org.opencontainers.image.created\"=\"2026-06-30T05:46:05Z\" \"org.opencontainers.image.source\"=\"https://github.com/conforma/golden-container.git\" \"org.opencontainers.image.revision\"=\"1170f583db17b9db20e993f89d6907dab9acc06f\" \"build-date\"=\"2026-06-30T05:46:05Z\" \"architecture\"=\"x86_64\" \"vcs-url\"=\"https://github.com/conforma/golden-container.git\" \"vcs-ref\"=\"1170f583db17b9db20e993f89d6907dab9acc06f\" \"vcs-type\"=\"git\"" time="2026-06-30T05:46:29Z" level=info msg="buildah [stdout] COMMIT quay.io/redhat-appstudio-qe/test-images:buildah-demo-xnywurbidh" time="2026-06-30T05:46:30Z" level=info msg="buildah [stdout] --> 71abae1d1ca5" time="2026-06-30T05:46:30Z" level=info msg="buildah [stdout] Successfully tagged quay.io/redhat-appstudio-qe/test-images:buildah-demo-xnywurbidh" time="2026-06-30T05:46:30Z" level=info msg="buildah [stdout] 71abae1d1ca5892fb91ef83e46d6eebf47621b3cb189a141f125adc0a4f0f065" time="2026-06-30T05:46:30Z" level=info msg="Build completed successfully" time="2026-06-30T05:46:30Z" level=info msg="Writing parsed Containerfile to: /shared/parsed_dockerfile.json" time="2026-06-30T05:46:30Z" level=info msg="Containerfile JSON written successfully" time="2026-06-30T05:46:30Z" level=info msg="Writing resolved base images to: /shared/base_images_digests" time="2026-06-30T05:46:30Z" level=info msg="Resolved base images written successfully" {"image_url":"quay.io/redhat-appstudio-qe/test-images:buildah-demo-xnywurbidh"}[2026-06-30T05:46:30,163011349+00:00] Add metadata Getting image source signatures Copying blob sha256:06c3596115b68aa845492bc53ab68a79f6a5e604f781590bea68168ce2e8f828 Copying blob sha256:1c4c7b821008611be4d06cbd2dce718750bece4ba6de72a7e85d1d75f8d2162f Copying blob sha256:6338bf48070048703b5e67ce3004f7e50baca61d725c74f673530571491f12bf Copying config sha256:71abae1d1ca5892fb91ef83e46d6eebf47621b3cb189a141f125adc0a4f0f065 Writing manifest to image destination [2026-06-30T05:46:30,353934421+00:00] End build [2026-06-30T05:46:34,548827748+00:00] Convert image [2026-06-30T05:46:34,549967738+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/test-images:buildah-demo-xnywurbidh-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/test-images:buildah-demo-xnywurbidh docker://quay.io/redhat-appstudio-qe/test-images:buildah-demo-xnywurbidh-build-container Getting image source signatures Copying blob sha256:6338bf48070048703b5e67ce3004f7e50baca61d725c74f673530571491f12bf Copying blob sha256:06c3596115b68aa845492bc53ab68a79f6a5e604f781590bea68168ce2e8f828 Copying blob sha256:1c4c7b821008611be4d06cbd2dce718750bece4ba6de72a7e85d1d75f8d2162f Copying config sha256:71abae1d1ca5892fb91ef83e46d6eebf47621b3cb189a141f125adc0a4f0f065 Writing manifest to image destination [2026-06-30T05:46:38,584245892+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/test-images:buildah-demo-xnywurbidh [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true --digestfile /workspace/source/image-digest quay.io/redhat-appstudio-qe/test-images:buildah-demo-xnywurbidh docker://quay.io/redhat-appstudio-qe/test-images:buildah-demo-xnywurbidh Getting image source signatures Copying blob sha256:06c3596115b68aa845492bc53ab68a79f6a5e604f781590bea68168ce2e8f828 Copying blob sha256:6338bf48070048703b5e67ce3004f7e50baca61d725c74f673530571491f12bf Copying blob sha256:1c4c7b821008611be4d06cbd2dce718750bece4ba6de72a7e85d1d75f8d2162f Copying config sha256:71abae1d1ca5892fb91ef83e46d6eebf47621b3cb189a141f125adc0a4f0f065 Writing manifest to image destination sha256:36e0b761bea312f0f3d8bc7820766160b870340dfffdb68ac30087ab37cb41a3quay.io/redhat-appstudio-qe/test-images:buildah-demo-xnywurbidh [retry] executing: kubectl get configmap cluster-config -n konflux-info -o json Keyless signing is disabled (none of rekorInternalUrl, fulcioInternalUrl, defaultOIDCIssuer, tufInternalUrl are configured in the konflux-info/cluster-config configmap) [2026-06-30T05:46:39,584332665+00:00] End push 2026-06-30T05:46:40.646575Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_buildah-demo-xnywurbidh-build-container-pod_f2489a3a-cc9a-4504-ad3b-0a9a4600b55d/step-sbom-syft-generate/0.log 2026-06-30T05:46:43.997299Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_buildah-demo-xnywurbidh-build-container-pod_f2489a3a-cc9a-4504-ad3b-0a9a4600b55d/step-prepare-sboms/0.log [2026-06-30T05:46:40,200480456+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-06-30T05:46:42,943454807+00:00] End sbom-syft-generate [2026-06-30T05:46:43,276970847+00:00] Prepare SBOM [2026-06-30T05:46:43,280862907+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-06-30T05:47:00.398141Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_buildah-demo-xnywurbidh-build-container-pod_f2489a3a-cc9a-4504-ad3b-0a9a4600b55d/step-upload-sbom/0.log [2026-06-30T05:46:59,378440777+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' 2026-06-30 05:46:55,843 [INFO] mobster.log: Logging level set to 20 2026-06-30 05:46:56,048 [INFO] mobster.oci: Fetching manifest for registry.access.redhat.com/ubi9/ubi-micro@sha256:414cfa255ea10eaef4528a26d5618eb67cf487b635ee20f8f14b9317bfd6a4be 2026-06-30 05:46:57,799 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual workflow will be used. Parent SBOM used for contextualization: https://anchore.com/syft/dir/var/workdir/source-3511c1a9-0ec3-4454-bf6d-0a95249b4ccc 2026-06-30 05:46:58,051 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.logging: {"event_type": "contextual_sbom_matching_statistics", "parent_sbom_reference": "https://anchore.com/syft/dir/var/workdir/source-3511c1a9-0ec3-4454-bf6d-0a95249b4ccc", "component_sbom_reference": "https://konflux-ci.dev/spdxdocs/quay.io/redhat-appstudio-qe/test-images@sha256:36e0b761bea312f0f3d8bc7820766160b870340dfffdb68ac30087ab37cb41a3-dacf84fc-d867-46e4-a9c4-52d9bf68c534", "component_packages": {"total": 35, "matched": 22, "unmatched_all": 13, "unmatched_component_only": 13, "unmatched_without_unique_id": 0}, "parent_packages": {"total": 174, "matched": 146, "unmatched_all": 28, "unmatched_removed_at_build": 28, "unmatched_without_unique_id": 0}, "match_methods": {"by_checksum": 0, "by_verification_code": 15, "by_purl": 7, "total": 22}, "match_origins": {"syft_to_syft": 20, "syft_to_hermeto": 0, "hermeto_to_syft": 2, "hermeto_to_hermeto": 0}, "duplicate_identifiers": {"checksums": {"count": 0, "details": []}, "verification_codes": {"count": 0, "details": []}, "purls": {"count": 0, "details": []}}} 2026-06-30 05:46:58,141 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-06-30 05:46:58,141 [INFO] mobster.log: Contextual workflow completed in 2.10s 2026-06-30 05:46:58,149 [INFO] mobster.main: Exiting with code 0. [2026-06-30T05:46:59,345123018+00:00] End prepare-sboms Using token for quay.io/redhat-appstudio-qe Pushing sbom to registry [retry] executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/test-images:buildah-demo-xnywurbidh@sha256:36e0b761bea312f0f3d8bc7820766160b870340dfffdb68ac30087ab37cb41a3 WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate sbom.json --key '. Uploading SBOM file for [quay.io/redhat-appstudio-qe/test-images@sha256:36e0b761bea312f0f3d8bc7820766160b870340dfffdb68ac30087ab37cb41a3] to [quay.io/redhat-appstudio-qe/test-images:sha256-36e0b761bea312f0f3d8bc7820766160b870340dfffdb68ac30087ab37cb41a3.sbom] with mediaType [text/spdx+json]. quay.io/redhat-appstudio-qe/test-images@sha256:0636dc69643dc88e17da8103ad5ba88067faa67dc13ea0243a0c325b6bc8bebd [2026-06-30T05:47:25,241743089+00:00] End upload-sbom 2026-06-30T05:48:06.009707Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_buildah-demo-xnywurbidh-push-dockerfile-pod_21e27950-cbea-45a8-b890-4274dc987848/prepare/0.log 2026-06-30T05:48:06.009743Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_buildah-demo-xnywurbidh-push-dockerfile-pod_21e27950-cbea-45a8-b890-4274dc987848/working-dir-initializer/0.log 2026/06/30 05:48:04 Entrypoint initialization 2026-06-30T05:48:20.364067Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_buildah-demo-xnywurbidh-push-dockerfile-pod_21e27950-cbea-45a8-b890-4274dc987848/step-push/0.log 2026-06-30T05:48:22.413703Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_buildah-demo-xnywurbidh-push-dockerfile-pod_21e27950-cbea-45a8-b890-4274dc987848/step-push/0.log time="2026-06-30T05:48:21Z" level=info msg="[param] image-url: quay.io/redhat-appstudio-qe/test-images:buildah-demo-xnywurbidh" time="2026-06-30T05:48:21Z" level=info msg="[param] image-digest: sha256:36e0b761bea312f0f3d8bc7820766160b870340dfffdb68ac30087ab37cb41a3" time="2026-06-30T05:48:21Z" level=info msg="[param] containerfile: Containerfile" time="2026-06-30T05:48:21Z" level=info msg="[param] context: ." time="2026-06-30T05:48:21Z" level=info msg="[param] tag-suffix: .dockerfile" time="2026-06-30T05:48:21Z" level=info msg="[param] artifact-type: application/vnd.konflux.dockerfile" time="2026-06-30T05:48:21Z" level=info msg="[param] source: source" time="2026-06-30T05:48:21Z" level=info msg="[param] result-path-image-ref: /tekton/results/IMAGE_REF" time="2026-06-30T05:48:21Z" level=info msg="[param] alternative-filename: Dockerfile" time="2026-06-30T05:48:21Z" level=info msg="oras [stdout] quay.io/redhat-appstudio-qe/test-images@sha256:db60d33864095b00d8ea602adcf6da864075204b44219448124e84ac5faf946b" logger=CliExecutor time="2026-06-30T05:48:21Z" level=info msg="Containerfile '/workspace/workspace/source/Containerfile' is pushed to registry with tag: sha256-36e0b761bea312f0f3d8bc7820766160b870340dfffdb68ac30087ab37cb41a3.dockerfile" 2026-06-30T05:48:49.068849Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-629584ff1be46d3d0aff809df1238407-pod_6bdadfaa-b196-4d7c-9959-be9d66ee49c9/place-scripts/0.log 2026-06-30T05:48:49.068891Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-629584ff1be46d3d0aff809df1238407-pod_6bdadfaa-b196-4d7c-9959-be9d66ee49c9/prepare/0.log 2026/06/30 05:48:47 Entrypoint initialization 2026/06/30 05:48:48 Decoded script /tekton/scripts/script-2-499l8 {"image_ref":"quay.io/redhat-appstudio-qe/test-images@sha256:db60d33864095b00d8ea602adcf6da864075204b44219448124e84ac5faf946b"} 2026-06-30T05:48:59.326672Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-629584ff1be46d3d0aff809df1238407-pod_6bdadfaa-b196-4d7c-9959-be9d66ee49c9/step-assert/0.log 2026-06-30T05:48:59.326704Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-629584ff1be46d3d0aff809df1238407-pod_6bdadfaa-b196-4d7c-9959-be9d66ee49c9/step-detailed-report/0.log 2026-06-30T05:48:59.326712Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-629584ff1be46d3d0aff809df1238407-pod_6bdadfaa-b196-4d7c-9959-be9d66ee49c9/step-initialize-tuf/0.log 2026-06-30T05:48:59.326720Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-629584ff1be46d3d0aff809df1238407-pod_6bdadfaa-b196-4d7c-9959-be9d66ee49c9/step-reduce/0.log 2026-06-30T05:48:59.326728Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-629584ff1be46d3d0aff809df1238407-pod_6bdadfaa-b196-4d7c-9959-be9d66ee49c9/step-report-json/0.log 2026-06-30T05:48:59.326740Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-629584ff1be46d3d0aff809df1238407-pod_6bdadfaa-b196-4d7c-9959-be9d66ee49c9/step-show-config/0.log 2026-06-30T05:48:59.326747Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-629584ff1be46d3d0aff809df1238407-pod_6bdadfaa-b196-4d7c-9959-be9d66ee49c9/step-summary/0.log 2026-06-30T05:48:59.326754Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-629584ff1be46d3d0aff809df1238407-pod_6bdadfaa-b196-4d7c-9959-be9d66ee49c9/step-validate/0.log 2026-06-30T05:48:59.326762Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-629584ff1be46d3d0aff809df1238407-pod_6bdadfaa-b196-4d7c-9959-be9d66ee49c9/step-version/0.log 2026-06-30T05:49:01.376641Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-629584ff1be46d3d0aff809df1238407-pod_6bdadfaa-b196-4d7c-9959-be9d66ee49c9/step-initialize-tuf/0.log 2026-06-30T05:49:01.376694Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-629584ff1be46d3d0aff809df1238407-pod_6bdadfaa-b196-4d7c-9959-be9d66ee49c9/step-reduce/0.log 2026/06/30 05:49:00 INFO Step was skipped due to when expressions were evaluated to false. Single Component mode? false { "application": "", "componentGroup": "", "components": [ { "name": "", "version": "", "containerImage": "quay.io/redhat-appstudio-qe/test-images:buildah-demo-xnywurbidh@sha256:36e0b761bea312f0f3d8bc7820766160b870340dfffdb68ac30087ab37cb41a3", "source": {} } ], "artifacts": {} } 2026-06-30T05:49:09.585302Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-629584ff1be46d3d0aff809df1238407-pod_6bdadfaa-b196-4d7c-9959-be9d66ee49c9/step-assert/0.log 2026-06-30T05:49:09.585351Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-629584ff1be46d3d0aff809df1238407-pod_6bdadfaa-b196-4d7c-9959-be9d66ee49c9/step-detailed-report/0.log 2026-06-30T05:49:09.585408Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-629584ff1be46d3d0aff809df1238407-pod_6bdadfaa-b196-4d7c-9959-be9d66ee49c9/step-report-json/0.log 2026-06-30T05:49:09.585426Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-629584ff1be46d3d0aff809df1238407-pod_6bdadfaa-b196-4d7c-9959-be9d66ee49c9/step-show-config/0.log 2026-06-30T05:49:09.585447Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-629584ff1be46d3d0aff809df1238407-pod_6bdadfaa-b196-4d7c-9959-be9d66ee49c9/step-summary/0.log 2026-06-30T05:49:09.585467Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-629584ff1be46d3d0aff809df1238407-pod_6bdadfaa-b196-4d7c-9959-be9d66ee49c9/step-version/0.log 2026-06-30T05:49:11.647347Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-1b4594c77e5e59d889c36c9e53d64a7e-pod_70683359-ae17-4ed3-9dc9-df4b7b511626/place-scripts/0.log 2026-06-30T05:49:11.647396Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-1b4594c77e5e59d889c36c9e53d64a7e-pod_70683359-ae17-4ed3-9dc9-df4b7b511626/prepare/0.log true { "timestamp": "1782798547", "namespace": "", "successes": 5, "failures": 1, "warnings": 0, "result": "FAILURE" } Version v0.9.25 Source ID b345847182602d9a5ce9e957fa76fe02575c8018 Change date 2026-04-27 12:52:43 +0000 UTC (9 weeks ago) ECC v0.1.7 OPA v1.15.2 Conftest v0.68.2 Cosign v3.0.4 Sigstore v1.10.4 Rekor v1.5.0 Tekton Pipeline v1.9.2 Kubernetes Client v0.35.0 Success: false Result: FAILURE Violations: 1, Warnings: 0, Successes: 5 Component: ImageRef: quay.io/redhat-appstudio-qe/test-images@sha256:36e0b761bea312f0f3d8bc7820766160b870340dfffdb68ac30087ab37cb41a3 Results: ✕ [Violation] test.test_data_found ImageRef: quay.io/redhat-appstudio-qe/test-images@sha256:36e0b761bea312f0f3d8bc7820766160b870340dfffdb68ac30087ab37cb41a3 Reason: No test data found Title: Test data found in task results Description: Ensure that at least one of the tasks in the pipeline includes a TEST_OUTPUT task result, which is where Conforma expects to find test result data. To exclude this rule add "test.test_data_found" to the `exclude` section of the policy configuration. Solution: Confirm at least one task in the build pipeline contains a result named TEST_OUTPUT. For more information about policy issues, see the policy documentation: https://conforma.dev/docs/policy/ { "policy": { "name": "Default", "description": "Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new Konflux applications. Source: https://github.com/conforma/config/blob/main/default/policy.yaml", "sources": [ { "name": "Default", "policy": [ "oci::quay.io/enterprise-contract/ec-release-policy:konflux@sha256:614408c473895bc7263173ccadcbf782e0c3c7c0a8c10851e6b0c94b5ea448c1" ], "data": [ "git::github.com/release-engineering/rhtap-ec-policy//data?ref=e7ebca9822d7378140b7207c7bc7062fa883dd5f", "oci::quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles:latest@sha256:62c93b5041683cf2c88fbe5b8b857f7c90a9b2cc1f8c9efde39abda01c567128", "oci::quay.io/konflux-ci/konflux-vanguard/data-acceptable-bundles:latest@sha256:0b31c7bc77a7463a1bc52f3d3625ef0e0e75443da7fd2de8005d7885282138ea", "oci::quay.io/konflux-ci/integration-service-catalog/data-acceptable-bundles:latest@sha256:7b00455045ea3873a72caeb1e7ac7d036bd53963a26409891a4cc9d0d242b9fc" ], "config": { "include": [ "test" ] } } ], "publicKey": "k8s://chains-e2e-xjzp/cosign-public-key" }, "key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6A45tCVAGgmrCPYqSl9WlUYGUjAq\n7xKCjN3LwlYZunmV0SXPjsB2Xqozd6kV8ESGO/urs8NRuC787GEPZkA6Ug==\n-----END PUBLIC KEY-----\n", "effective-time": "2026-06-30T05:49:01.368209358Z" } 2026-06-30T05:49:12.679885Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-1b4594c77e5e59d889c36c9e53d64a7e-pod_70683359-ae17-4ed3-9dc9-df4b7b511626/step-initialize-tuf/0.log 2026-06-30T05:49:12.679927Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-1b4594c77e5e59d889c36c9e53d64a7e-pod_70683359-ae17-4ed3-9dc9-df4b7b511626/step-reduce/0.log 2026-06-30T05:49:12.679939Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-1b4594c77e5e59d889c36c9e53d64a7e-pod_70683359-ae17-4ed3-9dc9-df4b7b511626/step-report-json/0.log 2026-06-30T05:49:12.679950Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-1b4594c77e5e59d889c36c9e53d64a7e-pod_70683359-ae17-4ed3-9dc9-df4b7b511626/step-validate/0.log 2026-06-30T05:49:13.705677Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-1b4594c77e5e59d889c36c9e53d64a7e-pod_70683359-ae17-4ed3-9dc9-df4b7b511626/step-assert/0.log 2026-06-30T05:49:13.705709Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-1b4594c77e5e59d889c36c9e53d64a7e-pod_70683359-ae17-4ed3-9dc9-df4b7b511626/step-detailed-report/0.log 2026-06-30T05:49:13.705730Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-1b4594c77e5e59d889c36c9e53d64a7e-pod_70683359-ae17-4ed3-9dc9-df4b7b511626/step-show-config/0.log 2026-06-30T05:49:13.705736Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-1b4594c77e5e59d889c36c9e53d64a7e-pod_70683359-ae17-4ed3-9dc9-df4b7b511626/step-summary/0.log 2026-06-30T05:49:13.705749Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-1b4594c77e5e59d889c36c9e53d64a7e-pod_70683359-ae17-4ed3-9dc9-df4b7b511626/step-version/0.log 2026/06/30 05:49:11 Decoded script /tekton/scripts/script-2-tz5z7 2026/06/30 05:49:11 Entrypoint initialization 2026-06-30T05:49:15.755732Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-1b4594c77e5e59d889c36c9e53d64a7e-pod_70683359-ae17-4ed3-9dc9-df4b7b511626/step-initialize-tuf/0.log 2026-06-30T05:49:15.755779Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-1b4594c77e5e59d889c36c9e53d64a7e-pod_70683359-ae17-4ed3-9dc9-df4b7b511626/step-reduce/0.log Single Component mode? false { "application": "", "componentGroup": "", "components": [ { "name": "", "version": "", "containerImage": "quay.io/redhat-appstudio-qe/test-images:buildah-demo-xnywurbidh@sha256:36e0b761bea312f0f3d8bc7820766160b870340dfffdb68ac30087ab37cb41a3", "source": {} } ], "artifacts": {} } 2026/06/30 05:49:15 INFO Step was skipped due to when expressions were evaluated to false. 2026-06-30T05:49:23.967168Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-1b4594c77e5e59d889c36c9e53d64a7e-pod_70683359-ae17-4ed3-9dc9-df4b7b511626/step-assert/0.log 2026-06-30T05:49:23.967216Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-1b4594c77e5e59d889c36c9e53d64a7e-pod_70683359-ae17-4ed3-9dc9-df4b7b511626/step-detailed-report/0.log 2026-06-30T05:49:23.967260Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-1b4594c77e5e59d889c36c9e53d64a7e-pod_70683359-ae17-4ed3-9dc9-df4b7b511626/step-report-json/0.log 2026-06-30T05:49:23.967275Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-1b4594c77e5e59d889c36c9e53d64a7e-pod_70683359-ae17-4ed3-9dc9-df4b7b511626/step-show-config/0.log 2026-06-30T05:49:23.967290Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-1b4594c77e5e59d889c36c9e53d64a7e-pod_70683359-ae17-4ed3-9dc9-df4b7b511626/step-summary/0.log 2026-06-30T05:49:23.967316Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-1b4594c77e5e59d889c36c9e53d64a7e-pod_70683359-ae17-4ed3-9dc9-df4b7b511626/step-version/0.log Success: false Result: FAILURE Violations: 1, Warnings: 0, Successes: 5 Component: ImageRef: quay.io/redhat-appstudio-qe/test-images@sha256:36e0b761bea312f0f3d8bc7820766160b870340dfffdb68ac30087ab37cb41a3 Results: ✕ [Violation] test.test_data_found ImageRef: quay.io/redhat-appstudio-qe/test-images@sha256:36e0b761bea312f0f3d8bc7820766160b870340dfffdb68ac30087ab37cb41a3 Reason: No test data found Title: Test data found in task results Description: Ensure that at least one of the tasks in the pipeline includes a TEST_OUTPUT task result, which is where Conforma expects to find test result data. To exclude this rule add "test.test_data_found" to the `exclude` section of the policy configuration. Solution: Confirm at least one task in the build pipeline contains a result named TEST_OUTPUT. For more information about policy issues, see the policy documentation: https://conforma.dev/docs/policy/ Version v0.9.25 Source ID b345847182602d9a5ce9e957fa76fe02575c8018 Change date 2026-04-27 12:52:43 +0000 UTC (9 weeks ago) ECC v0.1.7 OPA v1.15.2 Conftest v0.68.2 Cosign v3.0.4 Sigstore v1.10.4 Rekor v1.5.0 Tekton Pipeline v1.9.2 Kubernetes Client v0.35.0 false { "policy": { "name": "Default", "description": "Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new Konflux applications. Source: https://github.com/conforma/config/blob/main/default/policy.yaml", "sources": [ { "name": "Default", "policy": [ "oci::quay.io/enterprise-contract/ec-release-policy:konflux@sha256:614408c473895bc7263173ccadcbf782e0c3c7c0a8c10851e6b0c94b5ea448c1" ], "data": [ "git::github.com/release-engineering/rhtap-ec-policy//data?ref=e7ebca9822d7378140b7207c7bc7062fa883dd5f", "oci::quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles:latest@sha256:62c93b5041683cf2c88fbe5b8b857f7c90a9b2cc1f8c9efde39abda01c567128", "oci::quay.io/konflux-ci/konflux-vanguard/data-acceptable-bundles:latest@sha256:0b31c7bc77a7463a1bc52f3d3625ef0e0e75443da7fd2de8005d7885282138ea", "oci::quay.io/konflux-ci/integration-service-catalog/data-acceptable-bundles:latest@sha256:7b00455045ea3873a72caeb1e7ac7d036bd53963a26409891a4cc9d0d242b9fc" ], "config": { "include": [ "test" ] } } ], "publicKey": "k8s://chains-e2e-xjzp/cosign-public-key" }, "key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6A45tCVAGgmrCPYqSl9WlUYGUjAq\n7xKCjN3LwlYZunmV0SXPjsB2Xqozd6kV8ESGO/urs8NRuC787GEPZkA6Ug==\n-----END PUBLIC KEY-----\n", "effective-time": "2026-06-30T05:49:15.861725429Z" } { "timestamp": "1782798562", "namespace": "", "successes": 5, "failures": 1, "warnings": 0, "result": "FAILURE" } {"success": false,"components": [{"name": "","containerImage": "quay.io/redhat-appstudio-qe/test-images@sha256:36e0b761bea312f0f3d8bc7820766160b870340dfffdb68ac30087ab37cb41a3","source": {},"violations": [{"msg": "No test data found","metadata": {"code": "test.test_data_found","collections": ["redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that at least one of the tasks in the pipeline includes a TEST_OUTPUT task result, which is where Conforma expects to find test result data. To exclude this rule add \"test.test_data_found\" to the `exclude` section of the policy configuration.","solution": "Confirm at least one task in the build pipeline contains a result named TEST_OUTPUT.","title": "Test data found in task results"}}],"successes": [{"msg": "Pass","metadata": {"code": "builtin.attestation.signature_check","description": "The attestation signature matches available signing materials.","title": "Attestation signature check passed"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.syntax_check","description": "The attestation has correct syntax.","title": "Attestation syntax check passed"}},{"msg": "Pass","metadata": {"code": "builtin.image.signature_check","description": "The image signature matches available signing materials.","title": "Image signature check passed"}},{"msg": "Pass","metadata": {"code": "test.rule_data_provided","collections": ["redhat","policy_data"],"description": "Confirm the expected rule data keys have been provided in the expected format. The keys are `supported_tests_results`, `failed_tests_results`, `informative_tests`, `erred_tests_results`, `skipped_tests_results`, and `warned_tests_results`.","title": "Rule data provided"}},{"msg": "Pass","metadata": {"code": "test.test_all_images","collections": ["redhat"],"description": "Ensure that task producing the IMAGES_PROCESSED result contains the digests of the built image.","effective_on": "2024-05-29T00:00:00Z","title": "Image digest is present in IMAGES_PROCESSED result"}}],"success": false,"signatures": [{"keyid": "","sig": "MEUCIEp3yD25KjqEvAcYsRpLSHiNy/1XULUhzi9o1FBHc+UMAiEA9HaTum8M9Solzd0r2JguozhEEqxFTy1bhetTiMfDKr4="},{"keyid": "","sig": "MEUCIQDq+x7KfOAllzUkoJM0YHpfwyN+UNloYy+FeKSZe5NNnQIgWcvI+vZQyJ8DGbnCiIv8eXotnoW1xczcT5JY2k1V+h8="},{"keyid": "","sig": "MEUCIEEtVYahp+IJh1ZmhvN0559472YtDg31uW2Ddt48OrGVAiEAo8v/MOhQZTtEdf1oaxAs8fsCZbnSiWazs/JoyGuFyLs="}],"attestations": [{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "tekton.dev/v1/PipelineRun","signatures": [{"keyid": "SHA256:FjEjZQHVEHm6Uag8T+0TuAJrnwo75BdZ25YxGFTgEiI","sig": "MEUCIGck5nu5dVAlI6WlFWsYUqIJ41qq73zcWLMeKCdM/ytRAiEA/Lf+Rmj5pc5ACL0nfIFgdG0uOh2gWeJ83UE6LrQ6Mig="}]}]}],"key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6A45tCVAGgmrCPYqSl9WlUYGUjAq\n7xKCjN3LwlYZunmV0SXPjsB2Xqozd6kV8ESGO/urs8NRuC787GEPZkA6Ug==\n-----END PUBLIC KEY-----\n","policy": {"name": "Default","description": "Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new Konflux applications. Source: https://github.com/conforma/config/blob/main/default/policy.yaml","sources": [{"name": "Default","policy": ["oci::quay.io/enterprise-contract/ec-release-policy:konflux@sha256:614408c473895bc7263173ccadcbf782e0c3c7c0a8c10851e6b0c94b5ea448c1"],"data": ["git::github.com/release-engineering/rhtap-ec-policy//data?ref=e7ebca9822d7378140b7207c7bc7062fa883dd5f","oci::quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles:latest@sha256:62c93b5041683cf2c88fbe5b8b857f7c90a9b2cc1f8c9efde39abda01c567128","oci::quay.io/konflux-ci/konflux-vanguard/data-acceptable-bundles:latest@sha256:0b31c7bc77a7463a1bc52f3d3625ef0e0e75443da7fd2de8005d7885282138ea","oci::quay.io/konflux-ci/integration-service-catalog/data-acceptable-bundles:latest@sha256:7b00455045ea3873a72caeb1e7ac7d036bd53963a26409891a4cc9d0d242b9fc"],"config": {"include": ["test"]}}],"publicKey": "k8s://chains-e2e-xjzp/cosign-public-key"},"ec-version": "v0.9.25","effective-time": "2026-06-30T05:49:01.368209358Z"} 2026-06-30T05:49:54.729444Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-37d6d0dd57bc95bac0b73ee400bfc242-pod_2b368c0c-001f-4bc9-af8d-21a469e1cb22/place-scripts/0.log 2026-06-30T05:49:54.729491Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-37d6d0dd57bc95bac0b73ee400bfc242-pod_2b368c0c-001f-4bc9-af8d-21a469e1cb22/prepare/0.log 2026-06-30T05:49:54.729504Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-37d6d0dd57bc95bac0b73ee400bfc242-pod_2b368c0c-001f-4bc9-af8d-21a469e1cb22/step-initialize-tuf/0.log 2026-06-30T05:49:54.729520Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-37d6d0dd57bc95bac0b73ee400bfc242-pod_2b368c0c-001f-4bc9-af8d-21a469e1cb22/step-reduce/0.log 2026-06-30T05:49:55.251623Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-37d6d0dd57bc95bac0b73ee400bfc242-pod_2b368c0c-001f-4bc9-af8d-21a469e1cb22/step-assert/0.log 2026-06-30T05:49:55.251665Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-37d6d0dd57bc95bac0b73ee400bfc242-pod_2b368c0c-001f-4bc9-af8d-21a469e1cb22/step-detailed-report/0.log 2026-06-30T05:49:55.251681Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-37d6d0dd57bc95bac0b73ee400bfc242-pod_2b368c0c-001f-4bc9-af8d-21a469e1cb22/step-report-json/0.log 2026-06-30T05:49:55.251688Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-37d6d0dd57bc95bac0b73ee400bfc242-pod_2b368c0c-001f-4bc9-af8d-21a469e1cb22/step-show-config/0.log 2026-06-30T05:49:55.251695Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-37d6d0dd57bc95bac0b73ee400bfc242-pod_2b368c0c-001f-4bc9-af8d-21a469e1cb22/step-summary/0.log 2026-06-30T05:49:55.251702Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-37d6d0dd57bc95bac0b73ee400bfc242-pod_2b368c0c-001f-4bc9-af8d-21a469e1cb22/step-validate/0.log 2026-06-30T05:49:55.251708Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-37d6d0dd57bc95bac0b73ee400bfc242-pod_2b368c0c-001f-4bc9-af8d-21a469e1cb22/step-version/0.log {"success": false,"components": [{"name": "","containerImage": "quay.io/redhat-appstudio-qe/test-images@sha256:36e0b761bea312f0f3d8bc7820766160b870340dfffdb68ac30087ab37cb41a3","source": {},"violations": [{"msg": "No test data found","metadata": {"code": "test.test_data_found","collections": ["redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that at least one of the tasks in the pipeline includes a TEST_OUTPUT task result, which is where Conforma expects to find test result data. To exclude this rule add \"test.test_data_found\" to the `exclude` section of the policy configuration.","solution": "Confirm at least one task in the build pipeline contains a result named TEST_OUTPUT.","title": "Test data found in task results"}}],"successes": [{"msg": "Pass","metadata": {"code": "builtin.attestation.signature_check","description": "The attestation signature matches available signing materials.","title": "Attestation signature check passed"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.syntax_check","description": "The attestation has correct syntax.","title": "Attestation syntax check passed"}},{"msg": "Pass","metadata": {"code": "builtin.image.signature_check","description": "The image signature matches available signing materials.","title": "Image signature check passed"}},{"msg": "Pass","metadata": {"code": "test.rule_data_provided","collections": ["redhat","policy_data"],"description": "Confirm the expected rule data keys have been provided in the expected format. The keys are `supported_tests_results`, `failed_tests_results`, `informative_tests`, `erred_tests_results`, `skipped_tests_results`, and `warned_tests_results`.","title": "Rule data provided"}},{"msg": "Pass","metadata": {"code": "test.test_all_images","collections": ["redhat"],"description": "Ensure that task producing the IMAGES_PROCESSED result contains the digests of the built image.","effective_on": "2024-05-29T00:00:00Z","title": "Image digest is present in IMAGES_PROCESSED result"}}],"success": false,"signatures": [{"keyid": "","sig": "MEUCIEp3yD25KjqEvAcYsRpLSHiNy/1XULUhzi9o1FBHc+UMAiEA9HaTum8M9Solzd0r2JguozhEEqxFTy1bhetTiMfDKr4="},{"keyid": "","sig": "MEUCIQDq+x7KfOAllzUkoJM0YHpfwyN+UNloYy+FeKSZe5NNnQIgWcvI+vZQyJ8DGbnCiIv8eXotnoW1xczcT5JY2k1V+h8="},{"keyid": "","sig": "MEUCIEEtVYahp+IJh1ZmhvN0559472YtDg31uW2Ddt48OrGVAiEAo8v/MOhQZTtEdf1oaxAs8fsCZbnSiWazs/JoyGuFyLs="}],"attestations": [{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "tekton.dev/v1/PipelineRun","signatures": [{"keyid": "SHA256:FjEjZQHVEHm6Uag8T+0TuAJrnwo75BdZ25YxGFTgEiI","sig": "MEUCIGck5nu5dVAlI6WlFWsYUqIJ41qq73zcWLMeKCdM/ytRAiEA/Lf+Rmj5pc5ACL0nfIFgdG0uOh2gWeJ83UE6LrQ6Mig="}]}]}],"key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6A45tCVAGgmrCPYqSl9WlUYGUjAq\n7xKCjN3LwlYZunmV0SXPjsB2Xqozd6kV8ESGO/urs8NRuC787GEPZkA6Ug==\n-----END PUBLIC KEY-----\n","policy": {"name": "Default","description": "Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new Konflux applications. Source: https://github.com/conforma/config/blob/main/default/policy.yaml","sources": [{"name": "Default","policy": ["oci::quay.io/enterprise-contract/ec-release-policy:konflux@sha256:614408c473895bc7263173ccadcbf782e0c3c7c0a8c10851e6b0c94b5ea448c1"],"data": ["git::github.com/release-engineering/rhtap-ec-policy//data?ref=e7ebca9822d7378140b7207c7bc7062fa883dd5f","oci::quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles:latest@sha256:62c93b5041683cf2c88fbe5b8b857f7c90a9b2cc1f8c9efde39abda01c567128","oci::quay.io/konflux-ci/konflux-vanguard/data-acceptable-bundles:latest@sha256:0b31c7bc77a7463a1bc52f3d3625ef0e0e75443da7fd2de8005d7885282138ea","oci::quay.io/konflux-ci/integration-service-catalog/data-acceptable-bundles:latest@sha256:7b00455045ea3873a72caeb1e7ac7d036bd53963a26409891a4cc9d0d242b9fc"],"config": {"include": ["test"]}}],"publicKey": "k8s://chains-e2e-xjzp/cosign-public-key"},"ec-version": "v0.9.25","effective-time": "2026-06-30T05:49:15.861725429Z"} 2026/06/30 05:49:52 Entrypoint initialization 2026/06/30 05:49:53 Decoded script /tekton/scripts/script-2-65jfr 2026-06-30T05:49:58.841557Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-37d6d0dd57bc95bac0b73ee400bfc242-pod_2b368c0c-001f-4bc9-af8d-21a469e1cb22/step-initialize-tuf/0.log 2026-06-30T05:49:58.841599Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-37d6d0dd57bc95bac0b73ee400bfc242-pod_2b368c0c-001f-4bc9-af8d-21a469e1cb22/step-reduce/0.log Single Component mode? false { "application": "", "componentGroup": "", "components": [ { "name": "", "version": "", "containerImage": "quay.io/konflux-ci/ec-golden-image:latest", "source": {} }, { "name": "", "version": "", "containerImage": "quay.io/konflux-ci/ec-golden-image:e2e-test-unacceptable-task", "source": {} } ], "artifacts": {} } 2026/06/30 05:49:57 INFO Step was skipped due to when expressions were evaluated to false. 2026-06-30T05:50:11.152398Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-37d6d0dd57bc95bac0b73ee400bfc242-pod_2b368c0c-001f-4bc9-af8d-21a469e1cb22/step-detailed-report/0.log 2026-06-30T05:50:11.152474Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-37d6d0dd57bc95bac0b73ee400bfc242-pod_2b368c0c-001f-4bc9-af8d-21a469e1cb22/step-report-json/0.log 2026-06-30T05:50:11.152491Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-37d6d0dd57bc95bac0b73ee400bfc242-pod_2b368c0c-001f-4bc9-af8d-21a469e1cb22/step-show-config/0.log 2026-06-30T05:50:11.152509Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-37d6d0dd57bc95bac0b73ee400bfc242-pod_2b368c0c-001f-4bc9-af8d-21a469e1cb22/step-summary/0.log 2026-06-30T05:50:11.152528Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-37d6d0dd57bc95bac0b73ee400bfc242-pod_2b368c0c-001f-4bc9-af8d-21a469e1cb22/step-version/0.log 2026-06-30T05:50:11.676685Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-xjzp_verify-enterprise-contract-37d6d0dd57bc95bac0b73ee400bfc242-pod_2b368c0c-001f-4bc9-af8d-21a469e1cb22/step-assert/0.log true {"success": true,"components": [{"name": "-sha256:bd819da15920ef731002630e2b2d49e03b3209ee5edae6c74f2094bb9825b7cf-arm64","containerImage": "quay.io/konflux-ci/ec-golden-image@sha256:bd819da15920ef731002630e2b2d49e03b3209ee5edae6c74f2094bb9825b7cf","source": {},"successes": [{"msg": "Pass","metadata": {"code": "attestation_type.known_attestation_type","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["attestation_type.pipelinerun_attestation_found"],"description": "Confirm the attestation found for the image has a known attestation type.","title": "Known attestation type found"}},{"msg": "Pass","metadata": {"code": "attestation_type.pipelinerun_attestation_found","collections": ["minimal","redhat","redhat_rpms","slsa3"],"description": "Confirm at least one PipelineRun attestation is present.","title": "PipelineRun attestation found"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.signature_check","description": "The attestation signature matches available signing materials.","title": "Attestation signature check passed"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.syntax_check","description": "The attestation has correct syntax.","title": "Attestation syntax check passed"}},{"msg": "Pass","metadata": {"code": "builtin.image.signature_check","description": "The image signature matches available signing materials.","title": "Image signature check passed"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.allowed_builder_ids_provided","collections": ["slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the `allowed_builder_ids` rule data was provided, since it is required by the policy rules in this package.","title": "Allowed builder IDs provided"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.slsa_builder_id_accepted","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the attestation attribute predicate.builder.id is set to one of the values in the `allowed_builder_ids` rule data, e.g. \"https://tekton.dev/chains/v2\".","title": "SLSA Builder ID is known and accepted"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.slsa_builder_id_found","collections": ["slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the attestation attribute predicate.builder.id is set.","title": "SLSA Builder ID found"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.build_script_used","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the predicate.buildConfig.tasks.steps attribute for the task responsible for building and pushing the image is not empty.","title": "Build task contains steps"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.build_task_image_results_found","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Confirm that a build task exists and it has the expected IMAGE_DIGEST and IMAGE_URL task results.","title": "Build task set image digest and url task results"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.subject_build_task_matches","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify the subject of the attestations matches the IMAGE_DIGEST and IMAGE_URL values from the build task.","title": "Provenance subject matches build task image result"}},{"msg": "Pass","metadata": {"code": "slsa_provenance_available.allowed_predicate_types_provided","collections": ["minimal","slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the `allowed_predicate_types` rule data was provided, since it is required by the policy rules in this package.","title": "Allowed predicate types provided"}},{"msg": "Pass","metadata": {"code": "slsa_provenance_available.attestation_predicate_type_accepted","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the predicateType field of the attestation indicates the in-toto SLSA Provenance format was used to attest the PipelineRun.","title": "Expected attestation predicate type found"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.attested_source_code_reference","collections": ["minimal","slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Attestation contains source reference.","title": "Source reference"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.expected_source_code_reference","collections": ["minimal","slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the provided source code reference is the one being attested.","title": "Expected source code reference"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.rule_data_provided","collections": ["minimal","slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the expected rule data keys have been provided in the expected format. The keys are `supported_vcs` and `supported_digests`.","title": "Rule data provided"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_format_okay","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Confirm at least one entry in the predicate.materials array of the attestation contains the expected attributes: uri and digest.sha1.","title": "Materials have uri and digest"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_include_git_sha","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that each entry in the predicate.materials array with a SHA-1 digest includes a valid Git commit SHA.","title": "Materials include git commit shas"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_uri_is_git_repo","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure each entry in the predicate.materials array with a SHA-1 digest includes a valid Git URI.","title": "Material uri is a git repo"}},{"msg": "Pass","metadata": {"code": "tasks.pipeline_has_tasks","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that at least one Task is present in the PipelineRun attestation.","title": "Pipeline run includes at least one task"}},{"msg": "Pass","metadata": {"code": "tasks.successful_pipeline_tasks","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["tasks.pipeline_has_tasks"],"description": "Ensure that all of the Tasks in the Pipeline completed successfully. Note that skipped Tasks are not taken into account and do not influence the outcome.","title": "Successful pipeline tasks"}}],"success": true,"signatures": [{"keyid": "","sig": "MEYCIQDAFKFnOSV+ZO53btaeKYBj9ME2NdgwhZHBvpe+FdPrKgIhALpDGT56tbbpn+Y7xX7I6G9Ggm3UD0MYEZYgZ/Jf0n7s"},{"keyid": "","sig": "MEYCIQCwccUeCezmpPt6+gFQUb625+udjgjabwf3JZKGyt7iuAIhAMSTjScJPNed9vmKj/eLIE4zuKkw+dD1CGOcSlHEYGqi"}],"attestations": [{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "tekton.dev/v1/PipelineRun","signatures": [{"keyid": "SHA256:IhiN7gY+Z3uSSd7tmj6w5Zfhqafzdhm3DZjIvGc6iYY","sig": "MEUCIFDe/HK4zGEf6ReCdi9lKIHt+F3RAQVbVz+9njVgeByoAiEA07g5JSnXBDpV2QlW7s4GuY7DoGVO8rwgOzJDsFR4Vhg="}]}]},{"name": "-sha256:4b8339806ff0774bdfc73676c57c6985fd311d8c8d0ea3062d13c00136f19414-amd64", "containerImage": "quay.io/konflux-ci/ec-golden-image@sha256:4b8339806ff0774bdfc73676c57c6985fd311d8c8d0ea3062d13c00136f19414","source": {},"successes": [{"msg": "Pass","metadata": {"code": "attestation_type.known_attestation_type","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["attestation_type.pipelinerun_attestation_found"],"description": "Confirm the attestation found for the image has a known attestation type.","title": "Known attestation type found"}},{"msg": "Pass","metadata": {"code": "attestation_type.pipelinerun_attestation_found","collections": ["minimal","redhat","redhat_rpms","slsa3"],"description": "Confirm at least one PipelineRun attestation is present.","title": "PipelineRun attestation found"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.signature_check","description": "The attestation signature matches available signing materials.","title": "Attestation signature check passed"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.syntax_check","description": "The attestation has correct syntax.","title": "Attestation syntax check passed"}},{"msg": "Pass","metadata": {"code": "builtin.image.signature_check","description": "The image signature matches available signing materials.","title": "Image signature check passed"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.allowed_builder_ids_provided","collections": ["slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the `allowed_builder_ids` rule data was provided, since it is required by the policy rules in this package.","title": "Allowed builder IDs provided"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.slsa_builder_id_accepted","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the attestation attribute predicate.builder.id is set to one of the values in the `allowed_builder_ids` rule data, e.g. \"https://tekton.dev/chains/v2\".","title": "SLSA Builder ID is known and accepted"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.slsa_builder_id_found","collections": ["slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the attestation attribute predicate.builder.id is set.","title": "SLSA Builder ID found"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.build_script_used","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the predicate.buildConfig.tasks.steps attribute for the task responsible for building and pushing the image is not empty.","title": "Build task contains steps"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.build_task_image_results_found","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Confirm that a build task exists and it has the expected IMAGE_DIGEST and IMAGE_URL task results.","title": "Build task set image digest and url task results"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.subject_build_task_matches","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify the subject of the attestations matches the IMAGE_DIGEST and IMAGE_URL values from the build task.","title": "Provenance subject matches build task image result"}},{"msg": "Pass","metadata": {"code": "slsa_provenance_available.allowed_predicate_types_provided","collections": ["minimal","slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the `allowed_predicate_types` rule data was provided, since it is required by the policy rules in this package.","title": "Allowed predicate types provided"}},{"msg": "Pass","metadata": {"code": "slsa_provenance_available.attestation_predicate_type_accepted","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the predicateType field of the attestation indicates the in-toto SLSA Provenance format was used to attest the PipelineRun.","title": "Expected attestation predicate type found"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.attested_source_code_reference","collections": ["minimal","slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Attestation contains source reference.","title": "Source reference"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.expected_source_code_reference","collections": ["minimal","slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the provided source code reference is the one being attested.","title": "Expected source code reference"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.rule_data_provided","collections": ["minimal","slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the expected rule data keys have been provided in the expected format. The keys are `supported_vcs` and `supported_digests`.","title": "Rule data provided"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_format_okay","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Confirm at least one entry in the predicate.materials array of the attestation contains the expected attributes: uri and digest.sha1.","title": "Materials have uri and digest"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_include_git_sha","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that each entry in the predicate.materials array with a SHA-1 digest includes a valid Git commit SHA.","title": "Materials include git commit shas"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_uri_is_git_repo","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure each entry in the predicate.materials array with a SHA-1 digest includes a valid Git URI.","title": "Material uri is a git repo"}},{"msg": "Pass","metadata": {"code": "tasks.pipeline_has_tasks","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that at least one Task is present in the PipelineRun attestation.","title": "Pipeline run includes at least one task"}},{"msg": "Pass","metadata": {"code": "tasks.successful_pipeline_tasks","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["tasks.pipeline_has_tasks"],"description": "Ensure that all of the Tasks in the Pipeline completed successfully. Note that skipped Tasks are not taken into account and do not influence the outcome.","title": "Successful pipeline tasks"}}],"success": true,"signatures": [{"keyid": "","sig": "MEUCIDClKcqP9YPbxNqrjMmnHiaOfanitDdnBlhFmjQ6BLtJAiEArcCsnbdruYcO3+U0I5lWaU61uOUyU+wfbEj0L+ZR+L0="},{"keyid": "","sig": "MEUCIQCpjCHf1LOrOwwyEkcivoYaDzQBLYDerGUXEJvjlVBnmgIgG5Zk2eQpGhuw2sfOQZbwrB8d3fp5JdZcemQw426vGwg="}],"attestations": [{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "tekton.dev/v1/PipelineRun","signatures": [{"keyid": "SHA256:IhiN7gY+Z3uSSd7tmj6w5Zfhqafzdhm3DZjIvGc6iYY","sig": "MEUCIFDe/HK4zGEf6ReCdi9lKIHt+F3RAQVbVz+9njVgeByoAiEA07g5JSnXBDpV2QlW7s4GuY7DoGVO8rwgOzJDsFR4Vhg="}]}]},{"name": "","containerImage": "quay.io/konflux-ci/ec-golden-image@sha256:304040ca1911aa4d911bd7c6d6d07193c57dc49dbc43e63828b42ab204fb1b25","source": {},"successes": [{"msg": "Pass","metadata": {"code": "attestation_type.known_attestation_type","collections": ["minimal","redhat","redhat_rpms","slsa3"], "depends_on": ["attestation_type.pipelinerun_attestation_found"],"description": "Confirm the attestation found for the image has a known attestation type.","title": "Known attestation type found"}},{"msg": "Pass","metadata": {"code": "attestation_type.pipelinerun_attestation_found","collections": ["minimal","redhat","redhat_rpms","slsa3"],"description": "Confirm at least one PipelineRun attestation is present.","title": "PipelineRun attestation found"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.signature_check","description": "The attestation signature matches available signing materials.","title": "Attestation signature check passed"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.syntax_check","description": "The attestation has correct syntax.","title": "Attestation syntax check passed"}},{"msg": "Pass","metadata": {"code": "builtin.image.signature_check","description": "The image signature matches available signing materials.","title": "Image signature check passed"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.allowed_builder_ids_provided","collections": ["slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the `allowed_builder_ids` rule data was provided, since it is required by the policy rules in this package.","title": "Allowed builder IDs provided"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.slsa_builder_id_accepted","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the attestation attribute predicate.builder.id is set to one of the values in the `allowed_builder_ids` rule data, e.g. \"https://tekton.dev/chains/v2\".","title": "SLSA Builder ID is known and accepted"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.slsa_builder_id_found","collections": ["slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the attestation attribute predicate.builder.id is set.","title": "SLSA Builder ID found"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.build_script_used","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the predicate.buildConfig.tasks.steps attribute for the task responsible for building and pushing the image is not empty.","title": "Build task contains steps"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.build_task_image_results_found","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Confirm that a build task exists and it has the expected IMAGE_DIGEST and IMAGE_URL task results.","title": "Build task set image digest and url task results"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.subject_build_task_matches","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify the subject of the attestations matches the IMAGE_DIGEST and IMAGE_URL values from the build task.","title": "Provenance subject matches build task image result"}},{"msg": "Pass","metadata": {"code": "slsa_provenance_available.allowed_predicate_types_provided","collections": ["minimal","slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the `allowed_predicate_types` rule data was provided, since it is required by the policy rules in this package.","title": "Allowed predicate types provided"}},{"msg": "Pass","metadata": {"code": "slsa_provenance_available.attestation_predicate_type_accepted","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the predicateType field of the attestation indicates the in-toto SLSA Provenance format was used to attest the PipelineRun.","title": "Expected attestation predicate type found"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.attested_source_code_reference","collections": ["minimal","slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Attestation contains source reference.","title": "Source reference"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.expected_source_code_reference","collections": ["minimal","slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the provided source code reference is the one being attested.","title": "Expected source code reference"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.rule_data_provided","collections": ["minimal","slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the expected rule data keys have been provided in the expected format. The keys are `supported_vcs` and `supported_digests`.","title": "Rule data provided"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_format_okay","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Confirm at least one entry in the predicate.materials array of the attestation contains the expected attributes: uri and digest.sha1.","title": "Materials have uri and digest"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_include_git_sha","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that each entry in the predicate.materials array with a SHA-1 digest includes a valid Git commit SHA.","title": "Materials include git commit shas"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_uri_is_git_repo","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure each entry in the predicate.materials array with a SHA-1 digest includes a valid Git URI.","title": "Material uri is a git repo"}},{"msg": "Pass","metadata": {"code": "tasks.pipeline_has_tasks","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that at least one Task is present in the PipelineRun attestation.","title": "Pipeline run includes at least one task"}},{"msg": "Pass","metadata": {"code": "tasks.successful_pipeline_tasks","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["tasks.pipeline_has_tasks"],"description": "Ensure that all of the Tasks in the Pipeline completed successfully. Note that skipped Tasks are not taken into account and do not influence the outcome.","title": "Successful pipeline tasks"}}],"success": true,"signatures": [{"keyid": "","sig": "MEUCIQD86lmOqCovYZDPKm0XxxsLgDQcFIFAv+QZxrFSHmCvQAIgTd1I005ox8MfABqsAen6PZEyg2MCEQNBCx1NLS3V0JQ="}],"attestations": [{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "tekton.dev/v1beta1/TaskRun","signatures": [{"keyid": "SHA256:IhiN7gY+Z3uSSd7tmj6w5Zfhqafzdhm3DZjIvGc6iYY","sig": "MEUCIQDcgZIwEkLFqD7U9HrobgEC8Jo7wm+xJ5AoyO3qg+aj8QIgb9xDpjYGRMmpVk+QATeVKlHonzBiu51HtT3J+lQXPXc="}]},{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "tekton.dev/v1beta1/PipelineRun","signatures": [{"keyid": "SHA256:IhiN7gY+Z3uSSd7tmj6w5Zfhqafzdhm3DZjIvGc6iYY","sig": "MEYCIQDKSihaAR/zAhJhR5GCqleDvfUUtvRw61vk0YeTBAnOSQIhAKa09B4yEfaSJronmWBFbu5cVPNxm17CMl/PElEz1POa"}]}]},{"name": "","containerImage": "quay.io/konflux-ci/ec-golden-image@sha256:0e61e9c81f2e5f05c82aa07135835be5c14e5d4fb7e49734cc581c3856875c8d","source": {},"successes": [{"msg": "Pass","metadata": {"code": "attestation_type.known_attestation_type","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["attestation_type.pipelinerun_attestation_found"], "description": "Confirm the attestation found for the image has a known attestation type.","title": "Known attestation type found"}},{"msg": "Pass","metadata": {"code": "attestation_type.pipelinerun_attestation_found","collections": ["minimal","redhat","redhat_rpms","slsa3"],"description": "Confirm at least one PipelineRun attestation is present.","title": "PipelineRun attestation found"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.signature_check","description": "The attestation signature matches available signing materials.","title": "Attestation signature check passed"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.syntax_check","description": "The attestation has correct syntax.","title": "Attestation syntax check passed"}},{"msg": "Pass","metadata": {"code": "builtin.image.signature_check","description": "The image signature matches available signing materials.","title": "Image signature check passed"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.allowed_builder_ids_provided","collections": ["slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the `allowed_builder_ids` rule data was provided, since it is required by the policy rules in this package.","title": "Allowed builder IDs provided"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.slsa_builder_id_accepted","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the attestation attribute predicate.builder.id is set to one of the values in the `allowed_builder_ids` rule data, e.g. \"https://tekton.dev/chains/v2\".","title": "SLSA Builder ID is known and accepted"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.slsa_builder_id_found","collections": ["slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the attestation attribute predicate.builder.id is set.","title": "SLSA Builder ID found"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.build_script_used","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the predicate.buildConfig.tasks.steps attribute for the task responsible for building and pushing the image is not empty.","title": "Build task contains steps"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.build_task_image_results_found","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Confirm that a build task exists and it has the expected IMAGE_DIGEST and IMAGE_URL task results.","title": "Build task set image digest and url task results"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.subject_build_task_matches","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify the subject of the attestations matches the IMAGE_DIGEST and IMAGE_URL values from the build task.","title": "Provenance subject matches build task image result"}},{"msg": "Pass","metadata": {"code": "slsa_provenance_available.allowed_predicate_types_provided","collections": ["minimal","slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the `allowed_predicate_types` rule data was provided, since it is required by the policy rules in this package.","title": "Allowed predicate types provided"}},{"msg": "Pass","metadata": {"code": "slsa_provenance_available.attestation_predicate_type_accepted","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the predicateType field of the attestation indicates the in-toto SLSA Provenance format was used to attest the PipelineRun.","title": "Expected attestation predicate type found"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.attested_source_code_reference","collections": ["minimal","slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Attestation contains source reference.","title": "Source reference"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.expected_source_code_reference","collections": ["minimal","slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the provided source code reference is the one being attested.","title": "Expected source code reference"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.rule_data_provided","collections": ["minimal","slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the expected rule data keys have been provided in the expected format. The keys are `supported_vcs` and `supported_digests`.","title": "Rule data provided"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_format_okay","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Confirm at least one entry in the predicate.materials array of the attestation contains the expected attributes: uri and digest.sha1.","title": "Materials have uri and digest"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_include_git_sha","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that each entry in the predicate.materials array with a SHA-1 digest includes a valid Git commit SHA.","title": "Materials include git commit shas"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_uri_is_git_repo","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure each entry in the predicate.materials array with a SHA-1 digest includes a valid Git URI.","title": "Material uri is a git repo"}},{"msg": "Pass","metadata": {"code": "tasks.pipeline_has_tasks","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that at least one Task is present in the PipelineRun attestation.","title": "Pipeline run includes at least one task"}},{"msg": "Pass","metadata": {"code": "tasks.successful_pipeline_tasks","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["tasks.pipeline_has_tasks"],"description": "Ensure that all of the Tasks in the Pipeline completed successfully. Note that skipped Tasks are not taken into account and do not influence the outcome.","title": "Successful pipeline tasks"}}],"success": true,"signatures": [{"keyid": "","sig": "MEUCIH1WSpsKcqzY11HkZUBkW2EtnAsuE1DXjFSvEMiekoYhAiEA8DWjnDJelQVizV67I8B3hE7HzqVdoitHQYtE52UYnfU="}],"attestations": [{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "tekton.dev/v1/PipelineRun","signatures": [{"keyid": "SHA256:IhiN7gY+Z3uSSd7tmj6w5Zfhqafzdhm3DZjIvGc6iYY","sig": "MEUCIFDe/HK4zGEf6ReCdi9lKIHt+F3RAQVbVz+9njVgeByoAiEA07g5JSnXBDpV2QlW7s4GuY7DoGVO8rwgOzJDsFR4Vhg="}]}]}],"key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZP/0htjhVt2y0ohjgtIIgICOtQtA\nnaYJRuLprwIv6FDhZ5yFjYUEtsmoNcW7rx2KM6FOXGsCX3BNc7qhHELT+g==\n-----END PUBLIC KEY-----\n","policy": {"name": "Default","description": "Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new Konflux applications. Source: https://github.com/conforma/config/blob/main/default/policy.yaml","sources": [{"name": "Default","policy": ["oci::quay.io/enterprise-contract/ec-release-policy:konflux@sha256:614408c473895bc7263173ccadcbf782e0c3c7c0a8c10851e6b0c94b5ea448c1"],"data": ["git::github.com/release-engineering/rhtap-ec-policy//data?ref=e7ebca9822d7378140b7207c7bc7062fa883dd5f", Success: true Result: SUCCESS Violations: 0, Warnings: 0, Successes: 84 Components: - Name: -sha256:bd819da15920ef731002630e2b2d49e03b3209ee5edae6c74f2094bb9825b7cf-arm64 ImageRef: quay.io/konflux-ci/ec-golden-image@sha256:bd819da15920ef731002630e2b2d49e03b3209ee5edae6c74f2094bb9825b7cf Violations: 0, Warnings: 0, Successes: 21 - Name: -sha256:4b8339806ff0774bdfc73676c57c6985fd311d8c8d0ea3062d13c00136f19414-amd64 ImageRef: quay.io/konflux-ci/ec-golden-image@sha256:4b8339806ff0774bdfc73676c57c6985fd311d8c8d0ea3062d13c00136f19414 Violations: 0, Warnings: 0, Successes: 21 - Name: ImageRef: quay.io/konflux-ci/ec-golden-image@sha256:304040ca1911aa4d911bd7c6d6d07193c57dc49dbc43e63828b42ab204fb1b25 Violations: 0, Warnings: 0, Successes: 21 - Name: ImageRef: quay.io/konflux-ci/ec-golden-image@sha256:0e61e9c81f2e5f05c82aa07135835be5c14e5d4fb7e49734cc581c3856875c8d Violations: 0, Warnings: 0, Successes: 21 { "policy": { "name": "Default", "description": "Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new Konflux applications. Source: https://github.com/conforma/config/blob/main/default/policy.yaml", "sources": [ { "name": "Default", "policy": [ "oci::quay.io/enterprise-contract/ec-release-policy:konflux@sha256:614408c473895bc7263173ccadcbf782e0c3c7c0a8c10851e6b0c94b5ea448c1" ], "data": [ "git::github.com/release-engineering/rhtap-ec-policy//data?ref=e7ebca9822d7378140b7207c7bc7062fa883dd5f", "oci::quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles:latest@sha256:62c93b5041683cf2c88fbe5b8b857f7c90a9b2cc1f8c9efde39abda01c567128", "oci::quay.io/konflux-ci/konflux-vanguard/data-acceptable-bundles:latest@sha256:0b31c7bc77a7463a1bc52f3d3625ef0e0e75443da7fd2de8005d7885282138ea", "oci::quay.io/konflux-ci/integration-service-catalog/data-acceptable-bundles:latest@sha256:7b00455045ea3873a72caeb1e7ac7d036bd53963a26409891a4cc9d0d242b9fc" ], "config": { "exclude": [ "slsa_source_correlated.source_code_reference_provided" ], "include": [ "@slsa3" ] } } ], "publicKey": "k8s://chains-e2e-xjzp/golden-image-public-keyioidajhohg" }, "key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZP/0htjhVt2y0ohjgtIIgICOtQtA\nnaYJRuLprwIv6FDhZ5yFjYUEtsmoNcW7rx2KM6FOXGsCX3BNc7qhHELT+g==\n-----END PUBLIC KEY-----\n", "effective-time": "2026-06-30T05:49:58.287855531Z" } { "timestamp": "1782798610", "namespace": "", "successes": 84, "failures": 0, "warnings": 0, "result": "SUCCESS" } Version v0.9.25 Source ID b345847182602d9a5ce9e957fa76fe02575c8018 Change date 2026-04-27 12:52:43 +0000 UTC (9 weeks ago) ECC v0.1.7 OPA v1.15.2 Conftest v0.68.2 Cosign v3.0.4 Sigstore v1.10.4 Rekor v1.5.0 Tekton Pipeline v1.9.2 Kubernetes Client v0.35.0 "oci::quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles:latest@sha256:62c93b5041683cf2c88fbe5b8b857f7c90a9b2cc1f8c9efde39abda01c567128","oci::quay.io/konflux-ci/konflux-vanguard/data-acceptable-bundles:latest@sha256:0b31c7bc77a7463a1bc52f3d3625ef0e0e75443da7fd2de8005d7885282138ea","oci::quay.io/konflux-ci/integration-service-catalog/data-acceptable-bundles:latest@sha256:7b00455045ea3873a72caeb1e7ac7d036bd53963a26409891a4cc9d0d242b9fc"],"config": {"exclude": ["slsa_source_correlated.source_code_reference_provided"],"include": ["@slsa3"]}}],"publicKey": "k8s://chains-e2e-xjzp/golden-image-public-keyioidajhohg"},"ec-version": "v0.9.25","effective-time": "2026-06-30T05:49:58.287855531Z"}