2026-06-29T14:34:29.459424Z INFO vector::app: Log level is enabled. level="info" 2026-06-29T14:34:29.459873Z INFO vector::app: Loading configs. paths=["/etc/vector"] 2026-06-29T14:34:29.462537Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}: vector::sources::kubernetes_logs: Obtained Kubernetes Node name to collect logs for (self). self_node_name="ip-10-0-137-89.ec2.internal" 2026-06-29T14:34:29.469589Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}: vector::sources::kubernetes_logs: Including matching files. ret=["**/*"] 2026-06-29T14:34:29.469603Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}: vector::sources::kubernetes_logs: Excluding matching files. ret=["**/*.gz", "**/*.tmp"] 2026-06-29T14:34:29.471743Z INFO vector::topology::running: Running healthchecks. 2026-06-29T14:34:29.471806Z INFO vector: Vector has started. debug="false" version="0.45.0" arch="x86_64" revision="063cabb 2025-02-24 14:52:02.810034614" 2026-06-29T14:34:29.471820Z INFO vector::topology::builder: Healthcheck passed. 2026-06-29T14:34:29.473091Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: file_source::checkpointer: Attempting to read legacy checkpoint files. 2026-06-29T14:34:29.473110Z INFO vector::internal_events::api: API server running. address=127.0.0.1:8686 playground=off graphql=http://127.0.0.1:8686/graphql 2026-06-29T14:45:51.837623Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_buildah-demo-dzsjqkcrgh-init-pod_41611c88-fd0a-4fac-85af-682a0a331644/prepare/0.log 2026/06/29 14:45:49 Entrypoint initialization 2026-06-29T14:46:06.192734Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_buildah-demo-dzsjqkcrgh-init-pod_41611c88-fd0a-4fac-85af-682a0a331644/step-init/0.log 2026-06-29T14:46:08.242800Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_buildah-demo-dzsjqkcrgh-init-pod_41611c88-fd0a-4fac-85af-682a0a331644/step-init/0.log time="2026-06-29T14:46:06Z" level=info msg="[param] enable: false" time="2026-06-29T14:46:06Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-06-29T14:46:06Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-06-29T14:46:06Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-06-29T14:46:06Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-06-29T14:46:06Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-06-29T14:46:06Z" level=info msg="Cache proxy is disabled via param" time="2026-06-29T14:46:06Z" level=info msg="[result] HTTP PROXY: " time="2026-06-29T14:46:06Z" level=info msg="[result] NO PROXY: " 2026-06-29T14:49:37.257356Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_buildah-demo-dzsjqkcrgh-apply-tags-pod_3dfe4db4-8997-4d58-97c4-ee1b0d1fd51e/prepare/0.log 2026-06-29T14:49:37.257390Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_buildah-demo-dzsjqkcrgh-apply-tags-pod_3dfe4db4-8997-4d58-97c4-ee1b0d1fd51e/step-apply-additional-tags/0.log 2026-06-29T14:49:39.313024Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_buildah-demo-dzsjqkcrgh-apply-tags-pod_3dfe4db4-8997-4d58-97c4-ee1b0d1fd51e/step-apply-additional-tags/0.log 2026/06/29 14:49:36 Entrypoint initialization time="2026-06-29T14:49:38Z" level=info msg="[param] image-url: quay.io/redhat-appstudio-qe/test-images:buildah-demo-dzsjqkcrgh" time="2026-06-29T14:49:38Z" level=info msg="[param] digest: sha256:3b06fc983648e160d37ded978039288528a77e03e0153cad6e3dfc6ae648b5b2" time="2026-06-29T14:49:38Z" level=info msg="[param] tags-from-image-label: konflux.additional-tags" time="2026-06-29T14:49:40Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" 2026-06-29T14:50:08.022088Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-0bc88dc1bc5f0068e6812785e223c4e4-pod_771c9704-bc76-43dd-92fa-2ce9d2d4c8b4/place-scripts/0.log 2026-06-29T14:50:08.022140Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-0bc88dc1bc5f0068e6812785e223c4e4-pod_771c9704-bc76-43dd-92fa-2ce9d2d4c8b4/prepare/0.log 2026/06/29 14:50:06 Decoded script /tekton/scripts/script-2-rs6x7 2026/06/29 14:50:06 Entrypoint initialization {"tags":[]} 2026-06-29T14:50:18.275399Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-0bc88dc1bc5f0068e6812785e223c4e4-pod_771c9704-bc76-43dd-92fa-2ce9d2d4c8b4/step-detailed-report/0.log 2026-06-29T14:50:18.275429Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-0bc88dc1bc5f0068e6812785e223c4e4-pod_771c9704-bc76-43dd-92fa-2ce9d2d4c8b4/step-initialize-tuf/0.log 2026-06-29T14:50:18.275438Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-0bc88dc1bc5f0068e6812785e223c4e4-pod_771c9704-bc76-43dd-92fa-2ce9d2d4c8b4/step-reduce/0.log 2026-06-29T14:50:18.275444Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-0bc88dc1bc5f0068e6812785e223c4e4-pod_771c9704-bc76-43dd-92fa-2ce9d2d4c8b4/step-report-json/0.log 2026-06-29T14:50:18.275451Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-0bc88dc1bc5f0068e6812785e223c4e4-pod_771c9704-bc76-43dd-92fa-2ce9d2d4c8b4/step-show-config/0.log 2026-06-29T14:50:18.275457Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-0bc88dc1bc5f0068e6812785e223c4e4-pod_771c9704-bc76-43dd-92fa-2ce9d2d4c8b4/step-summary/0.log 2026-06-29T14:50:18.275464Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-0bc88dc1bc5f0068e6812785e223c4e4-pod_771c9704-bc76-43dd-92fa-2ce9d2d4c8b4/step-validate/0.log 2026-06-29T14:50:18.275471Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-0bc88dc1bc5f0068e6812785e223c4e4-pod_771c9704-bc76-43dd-92fa-2ce9d2d4c8b4/step-version/0.log 2026-06-29T14:50:20.324450Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-0bc88dc1bc5f0068e6812785e223c4e4-pod_771c9704-bc76-43dd-92fa-2ce9d2d4c8b4/step-assert/0.log 2026-06-29T14:50:22.373176Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-0bc88dc1bc5f0068e6812785e223c4e4-pod_771c9704-bc76-43dd-92fa-2ce9d2d4c8b4/step-initialize-tuf/0.log 2026-06-29T14:50:22.373230Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-0bc88dc1bc5f0068e6812785e223c4e4-pod_771c9704-bc76-43dd-92fa-2ce9d2d4c8b4/step-reduce/0.log Single Component mode? false { "application": "", "componentGroup": "", "components": [ { "name": "", "version": "", "containerImage": "quay.io/redhat-appstudio-qe/test-images:buildah-demo-dzsjqkcrgh@sha256:3b06fc983648e160d37ded978039288528a77e03e0153cad6e3dfc6ae648b5b2", "source": {} } ], "artifacts": {} } 2026/06/29 14:50:20 INFO Step was skipped due to when expressions were evaluated to false. 2026-06-29T14:50:30.578116Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-0bc88dc1bc5f0068e6812785e223c4e4-pod_771c9704-bc76-43dd-92fa-2ce9d2d4c8b4/step-assert/0.log 2026-06-29T14:50:30.578159Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-0bc88dc1bc5f0068e6812785e223c4e4-pod_771c9704-bc76-43dd-92fa-2ce9d2d4c8b4/step-detailed-report/0.log 2026-06-29T14:50:30.578195Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-0bc88dc1bc5f0068e6812785e223c4e4-pod_771c9704-bc76-43dd-92fa-2ce9d2d4c8b4/step-report-json/0.log 2026-06-29T14:50:30.578212Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-0bc88dc1bc5f0068e6812785e223c4e4-pod_771c9704-bc76-43dd-92fa-2ce9d2d4c8b4/step-show-config/0.log 2026-06-29T14:50:30.578225Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-0bc88dc1bc5f0068e6812785e223c4e4-pod_771c9704-bc76-43dd-92fa-2ce9d2d4c8b4/step-summary/0.log 2026-06-29T14:50:30.578244Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-0bc88dc1bc5f0068e6812785e223c4e4-pod_771c9704-bc76-43dd-92fa-2ce9d2d4c8b4/step-version/0.log Version v0.9.25 Source ID b345847182602d9a5ce9e957fa76fe02575c8018 Change date 2026-04-27 12:52:43 +0000 UTC (9 weeks ago) ECC v0.1.7 OPA v1.15.2 Conftest v0.68.2 Cosign v3.0.4 Sigstore v1.10.4 Rekor v1.5.0 Tekton Pipeline v1.9.2 Kubernetes Client v0.35.0 Success: true Result: SUCCESS Violations: 0, Warnings: 0, Successes: 5 Component: ImageRef: quay.io/redhat-appstudio-qe/test-images@sha256:3b06fc983648e160d37ded978039288528a77e03e0153cad6e3dfc6ae648b5b2 { "policy": { "name": "Default", "description": "Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new Konflux applications. Source: https://github.com/conforma/config/blob/main/default/policy.yaml", "sources": [ { "name": "Default", "policy": [ "oci::quay.io/enterprise-contract/ec-release-policy:konflux@sha256:614408c473895bc7263173ccadcbf782e0c3c7c0a8c10851e6b0c94b5ea448c1" ], "data": [ "git::github.com/release-engineering/rhtap-ec-policy//data?ref=e7ebca9822d7378140b7207c7bc7062fa883dd5f", "oci::quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles:latest@sha256:a84185f081bd2514cd8a48b38db2daf8a5964779c4c56c5c1c9a5fcff51e2a6b", "oci::quay.io/konflux-ci/konflux-vanguard/data-acceptable-bundles:latest@sha256:0b31c7bc77a7463a1bc52f3d3625ef0e0e75443da7fd2de8005d7885282138ea", "oci::quay.io/konflux-ci/integration-service-catalog/data-acceptable-bundles:latest@sha256:7b00455045ea3873a72caeb1e7ac7d036bd53963a26409891a4cc9d0d242b9fc" ], "config": { "include": [ "slsa_provenance_available" ] } } ], "publicKey": "k8s://chains-e2e-fmfy/cosign-public-key" }, "key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/uUZZkP9Eb3BuYzjAWNfET/rQfND\niIG2Rwc1wP5TJM/NScERxLiLCVg5HX7xcIdP66s5ekJC5/TQzraO++7QyA==\n-----END PUBLIC KEY-----\n", "effective-time": "2026-06-29T14:50:21.31474478Z" } true { "timestamp": "1782744628", "namespace": "", "successes": 5, "failures": 0, "warnings": 0, "result": "SUCCESS" } 2026-06-29T14:50:57.231360Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-35d599107941c278374b8ad541df6502-pod_5f6878c6-62e7-460c-8570-881770302d8f/place-scripts/0.log 2026-06-29T14:50:57.231408Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-35d599107941c278374b8ad541df6502-pod_5f6878c6-62e7-460c-8570-881770302d8f/prepare/0.log 2026-06-29T14:50:58.263594Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-35d599107941c278374b8ad541df6502-pod_5f6878c6-62e7-460c-8570-881770302d8f/step-initialize-tuf/0.log 2026-06-29T14:50:58.263624Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-35d599107941c278374b8ad541df6502-pod_5f6878c6-62e7-460c-8570-881770302d8f/step-reduce/0.log 2026-06-29T14:50:59.289285Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-35d599107941c278374b8ad541df6502-pod_5f6878c6-62e7-460c-8570-881770302d8f/step-assert/0.log 2026-06-29T14:50:59.289313Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-35d599107941c278374b8ad541df6502-pod_5f6878c6-62e7-460c-8570-881770302d8f/step-detailed-report/0.log 2026-06-29T14:50:59.289335Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-35d599107941c278374b8ad541df6502-pod_5f6878c6-62e7-460c-8570-881770302d8f/step-report-json/0.log 2026-06-29T14:50:59.289341Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-35d599107941c278374b8ad541df6502-pod_5f6878c6-62e7-460c-8570-881770302d8f/step-show-config/0.log 2026-06-29T14:50:59.289348Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-35d599107941c278374b8ad541df6502-pod_5f6878c6-62e7-460c-8570-881770302d8f/step-summary/0.log 2026-06-29T14:50:59.289354Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-35d599107941c278374b8ad541df6502-pod_5f6878c6-62e7-460c-8570-881770302d8f/step-validate/0.log 2026-06-29T14:50:59.289360Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-35d599107941c278374b8ad541df6502-pod_5f6878c6-62e7-460c-8570-881770302d8f/step-version/0.log 2026/06/29 14:50:56 Entrypoint initialization 2026/06/29 14:50:57 Decoded script /tekton/scripts/script-2-tlfqh 2026-06-29T14:51:01.339171Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-35d599107941c278374b8ad541df6502-pod_5f6878c6-62e7-460c-8570-881770302d8f/step-initialize-tuf/0.log 2026-06-29T14:51:01.339209Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-35d599107941c278374b8ad541df6502-pod_5f6878c6-62e7-460c-8570-881770302d8f/step-reduce/0.log Single Component mode? false { "application": "", "componentGroup": "", "components": [ { "name": "", "version": "", "containerImage": "quay.io/redhat-appstudio-qe/test-images:buildah-demo-dzsjqkcrgh@sha256:3b06fc983648e160d37ded978039288528a77e03e0153cad6e3dfc6ae648b5b2", "source": {} } ], "artifacts": {} } 2026/06/29 14:51:01 INFO Step was skipped due to when expressions were evaluated to false. {"success": true,"components": [{"name": "","containerImage": "quay.io/redhat-appstudio-qe/test-images@sha256:3b06fc983648e160d37ded978039288528a77e03e0153cad6e3dfc6ae648b5b2","source": {},"successes": [{"msg": "Pass","metadata": {"code": "builtin.attestation.signature_check","description": "The attestation signature matches available signing materials.","title": "Attestation signature check passed"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.syntax_check","description": "The attestation has correct syntax.","title": "Attestation syntax check passed"}},{"msg": "Pass","metadata": {"code": "builtin.image.signature_check","description": "The image signature matches available signing materials.","title": "Image signature check passed"}},{"msg": "Pass","metadata": {"code": "slsa_provenance_available.allowed_predicate_types_provided","collections": ["minimal","slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the `allowed_predicate_types` rule data was provided, since it is required by the policy rules in this package.","title": "Allowed predicate types provided"}},{"msg": "Pass","metadata": {"code": "slsa_provenance_available.attestation_predicate_type_accepted","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the predicateType field of the attestation indicates the in-toto SLSA Provenance format was used to attest the PipelineRun.","title": "Expected attestation predicate type found"}}],"success": true,"signatures": [{"keyid": "","sig": "MEUCIAqMI1N5VsRd4YcJ0exqIj1sYGXo9Xaf+dHGGj7hBesTAiEAiifwxW7dujuk5jXn+cZZl/c5dtr6UAT2MjURQPsliK8="},{"keyid": "","sig": "MEYCIQC9h5elPEmC2qL64oNq6X5k/lrpBFhQstiqO0XsM5EoJAIhAIHLWz/nF1FPPSKPYqyZxYi6pJ4dv04q4nSZPf/tiY+J"},{"keyid": "","sig": "MEUCIFVb1bjQ4H8ZY8+RqppdSte9oXSTLFsgh12hu5Tm5CKVAiEAz/Cp4IrDNos73kZm+PIg+KchYwSXziu3TdptlVeDOwM="}],"attestations": [{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "tekton.dev/v1/PipelineRun","signatures": [{"keyid": "SHA256:HZB99W4F4FEBQ0BqjSaa4fv6Og22Zob1EAdCJeGR2MA","sig": "MEUCIBShOd4X2dQd1KjQj3JuOQb99NNAx5Z4OLr3xP16OwQwAiEAsJPFaHjVmex2xBGuWPXbXYhcYFvEnc9arF2g1uH9RaQ="}]}]}],"key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/uUZZkP9Eb3BuYzjAWNfET/rQfND\niIG2Rwc1wP5TJM/NScERxLiLCVg5HX7xcIdP66s5ekJC5/TQzraO++7QyA==\n-----END PUBLIC KEY-----\n","policy": {"name": "Default","description": "Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new Konflux applications. Source: https://github.com/conforma/config/blob/main/default/policy.yaml","sources": [{"name": "Default","policy": ["oci::quay.io/enterprise-contract/ec-release-policy:konflux@sha256:614408c473895bc7263173ccadcbf782e0c3c7c0a8c10851e6b0c94b5ea448c1"],"data": ["git::github.com/release-engineering/rhtap-ec-policy//data?ref=e7ebca9822d7378140b7207c7bc7062fa883dd5f","oci::quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles:latest@sha256:a84185f081bd2514cd8a48b38db2daf8a5964779c4c56c5c1c9a5fcff51e2a6b","oci::quay.io/konflux-ci/konflux-vanguard/data-acceptable-bundles:latest@sha256:0b31c7bc77a7463a1bc52f3d3625ef0e0e75443da7fd2de8005d7885282138ea","oci::quay.io/konflux-ci/integration-service-catalog/data-acceptable-bundles:latest@sha256:7b00455045ea3873a72caeb1e7ac7d036bd53963a26409891a4cc9d0d242b9fc"],"config": {"include": ["slsa_provenance_available"]}}],"publicKey": "k8s://chains-e2e-fmfy/cosign-public-key"},"ec-version": "v0.9.25","effective-time": "2026-06-29T14:50:21.31474478Z"} 2026-06-29T14:51:09.545385Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-35d599107941c278374b8ad541df6502-pod_5f6878c6-62e7-460c-8570-881770302d8f/step-report-json/0.log 2026-06-29T14:51:09.545429Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-35d599107941c278374b8ad541df6502-pod_5f6878c6-62e7-460c-8570-881770302d8f/step-summary/0.log 2026-06-29T14:51:09.545451Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-35d599107941c278374b8ad541df6502-pod_5f6878c6-62e7-460c-8570-881770302d8f/step-version/0.log 2026-06-29T14:51:10.063830Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-35d599107941c278374b8ad541df6502-pod_5f6878c6-62e7-460c-8570-881770302d8f/step-assert/0.log 2026-06-29T14:51:10.063868Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-35d599107941c278374b8ad541df6502-pod_5f6878c6-62e7-460c-8570-881770302d8f/step-detailed-report/0.log 2026-06-29T14:51:10.063909Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-35d599107941c278374b8ad541df6502-pod_5f6878c6-62e7-460c-8570-881770302d8f/step-show-config/0.log false Success: false Result: FAILURE Violations: 1, Warnings: 0, Successes: 5 Component: ImageRef: quay.io/redhat-appstudio-qe/test-images@sha256:3b06fc983648e160d37ded978039288528a77e03e0153cad6e3dfc6ae648b5b2 Results: ✕ [Violation] test.test_data_found ImageRef: quay.io/redhat-appstudio-qe/test-images@sha256:3b06fc983648e160d37ded978039288528a77e03e0153cad6e3dfc6ae648b5b2 Reason: No test data found Title: Test data found in task results Description: Ensure that at least one of the tasks in the pipeline includes a TEST_OUTPUT task result, which is where Conforma expects to find test result data. To exclude this rule add "test.test_data_found" to the `exclude` section of the policy configuration. Solution: Confirm at least one task in the build pipeline contains a result named TEST_OUTPUT. For more information about policy issues, see the policy documentation: https://conforma.dev/docs/policy/ Version v0.9.25 Source ID b345847182602d9a5ce9e957fa76fe02575c8018 Change date 2026-04-27 12:52:43 +0000 UTC (9 weeks ago) ECC v0.1.7 OPA v1.15.2 Conftest v0.68.2 Cosign v3.0.4 Sigstore v1.10.4 Rekor v1.5.0 Tekton Pipeline v1.9.2 Kubernetes Client v0.35.0 { "policy": { "name": "Default", "description": "Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new Konflux applications. Source: https://github.com/conforma/config/blob/main/default/policy.yaml", "sources": [ { "name": "Default", "policy": [ "oci::quay.io/enterprise-contract/ec-release-policy:konflux@sha256:614408c473895bc7263173ccadcbf782e0c3c7c0a8c10851e6b0c94b5ea448c1" ], "data": [ "git::github.com/release-engineering/rhtap-ec-policy//data?ref=e7ebca9822d7378140b7207c7bc7062fa883dd5f", "oci::quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles:latest@sha256:a84185f081bd2514cd8a48b38db2daf8a5964779c4c56c5c1c9a5fcff51e2a6b", "oci::quay.io/konflux-ci/konflux-vanguard/data-acceptable-bundles:latest@sha256:0b31c7bc77a7463a1bc52f3d3625ef0e0e75443da7fd2de8005d7885282138ea", "oci::quay.io/konflux-ci/integration-service-catalog/data-acceptable-bundles:latest@sha256:7b00455045ea3873a72caeb1e7ac7d036bd53963a26409891a4cc9d0d242b9fc" ], "config": { "include": [ "test" ] } } ], "publicKey": "k8s://chains-e2e-fmfy/cosign-public-key" }, "key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/uUZZkP9Eb3BuYzjAWNfET/rQfND\niIG2Rwc1wP5TJM/NScERxLiLCVg5HX7xcIdP66s5ekJC5/TQzraO++7QyA==\n-----END PUBLIC KEY-----\n", "effective-time": "2026-06-29T14:51:01.932974207Z" } { "timestamp": "1782744668", "namespace": "", "successes": 5, "failures": 1, "warnings": 0, "result": "FAILURE" } {"success": false,"components": [{"name": "","containerImage": "quay.io/redhat-appstudio-qe/test-images@sha256:3b06fc983648e160d37ded978039288528a77e03e0153cad6e3dfc6ae648b5b2","source": {},"violations": [{"msg": "No test data found","metadata": {"code": "test.test_data_found","collections": ["redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that at least one of the tasks in the pipeline includes a TEST_OUTPUT task result, which is where Conforma expects to find test result data. To exclude this rule add \"test.test_data_found\" to the `exclude` section of the policy configuration.","solution": "Confirm at least one task in the build pipeline contains a result named TEST_OUTPUT.","title": "Test data found in task results"}}],"successes": [{"msg": "Pass","metadata": {"code": "builtin.attestation.signature_check","description": "The attestation signature matches available signing materials.","title": "Attestation signature check passed"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.syntax_check","description": "The attestation has correct syntax.","title": "Attestation syntax check passed"}},{"msg": "Pass","metadata": {"code": "builtin.image.signature_check","description": "The image signature matches available signing materials.","title": "Image signature check passed"}},{"msg": "Pass","metadata": {"code": "test.rule_data_provided","collections": ["redhat","policy_data"],"description": "Confirm the expected rule data keys have been provided in the expected format. The keys are `supported_tests_results`, `failed_tests_results`, `informative_tests`, `erred_tests_results`, `skipped_tests_results`, and `warned_tests_results`.","title": "Rule data provided"}},{"msg": "Pass","metadata": {"code": "test.test_all_images","collections": ["redhat"],"description": "Ensure that task producing the IMAGES_PROCESSED result contains the digests of the built image.","effective_on": "2024-05-29T00:00:00Z","title": "Image digest is present in IMAGES_PROCESSED result"}}],"success": false,"signatures": [{"keyid": "","sig": "MEUCIAqMI1N5VsRd4YcJ0exqIj1sYGXo9Xaf+dHGGj7hBesTAiEAiifwxW7dujuk5jXn+cZZl/c5dtr6UAT2MjURQPsliK8="},{"keyid": "","sig": "MEYCIQC9h5elPEmC2qL64oNq6X5k/lrpBFhQstiqO0XsM5EoJAIhAIHLWz/nF1FPPSKPYqyZxYi6pJ4dv04q4nSZPf/tiY+J"},{"keyid": "","sig": "MEUCIFVb1bjQ4H8ZY8+RqppdSte9oXSTLFsgh12hu5Tm5CKVAiEAz/Cp4IrDNos73kZm+PIg+KchYwSXziu3TdptlVeDOwM="}],"attestations": [{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "tekton.dev/v1/PipelineRun","signatures": [{"keyid": "SHA256:HZB99W4F4FEBQ0BqjSaa4fv6Og22Zob1EAdCJeGR2MA","sig": "MEUCIBShOd4X2dQd1KjQj3JuOQb99NNAx5Z4OLr3xP16OwQwAiEAsJPFaHjVmex2xBGuWPXbXYhcYFvEnc9arF2g1uH9RaQ="}]}]}],"key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/uUZZkP9Eb3BuYzjAWNfET/rQfND\niIG2Rwc1wP5TJM/NScERxLiLCVg5HX7xcIdP66s5ekJC5/TQzraO++7QyA==\n-----END PUBLIC KEY-----\n","policy": {"name": "Default","description": "Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new Konflux applications. Source: https://github.com/conforma/config/blob/main/default/policy.yaml","sources": [{"name": "Default","policy": ["oci::quay.io/enterprise-contract/ec-release-policy:konflux@sha256:614408c473895bc7263173ccadcbf782e0c3c7c0a8c10851e6b0c94b5ea448c1"],"data": ["git::github.com/release-engineering/rhtap-ec-policy//data?ref=e7ebca9822d7378140b7207c7bc7062fa883dd5f","oci::quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles:latest@sha256:a84185f081bd2514cd8a48b38db2daf8a5964779c4c56c5c1c9a5fcff51e2a6b","oci::quay.io/konflux-ci/konflux-vanguard/data-acceptable-bundles:latest@sha256:0b31c7bc77a7463a1bc52f3d3625ef0e0e75443da7fd2de8005d7885282138ea","oci::quay.io/konflux-ci/integration-service-catalog/data-acceptable-bundles:latest@sha256:7b00455045ea3873a72caeb1e7ac7d036bd53963a26409891a4cc9d0d242b9fc"],"config": {"include": ["test"]}}],"publicKey": "k8s://chains-e2e-fmfy/cosign-public-key"},"ec-version": "v0.9.25","effective-time": "2026-06-29T14:51:01.932974207Z"} 2026-06-29T14:51:46.967569Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-d38e85412e8460a697144a21d0440409-pod_30afdcbe-e65b-4a7a-a1d4-d0420a20fcee/place-scripts/0.log 2026-06-29T14:51:46.967608Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-d38e85412e8460a697144a21d0440409-pod_30afdcbe-e65b-4a7a-a1d4-d0420a20fcee/prepare/0.log 2026-06-29T14:51:46.967617Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-d38e85412e8460a697144a21d0440409-pod_30afdcbe-e65b-4a7a-a1d4-d0420a20fcee/step-assert/0.log 2026-06-29T14:51:46.967625Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-d38e85412e8460a697144a21d0440409-pod_30afdcbe-e65b-4a7a-a1d4-d0420a20fcee/step-detailed-report/0.log 2026-06-29T14:51:46.967632Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-d38e85412e8460a697144a21d0440409-pod_30afdcbe-e65b-4a7a-a1d4-d0420a20fcee/step-initialize-tuf/0.log 2026-06-29T14:51:46.967638Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-d38e85412e8460a697144a21d0440409-pod_30afdcbe-e65b-4a7a-a1d4-d0420a20fcee/step-reduce/0.log 2026-06-29T14:51:46.967645Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-d38e85412e8460a697144a21d0440409-pod_30afdcbe-e65b-4a7a-a1d4-d0420a20fcee/step-report-json/0.log 2026-06-29T14:51:46.967651Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-d38e85412e8460a697144a21d0440409-pod_30afdcbe-e65b-4a7a-a1d4-d0420a20fcee/step-show-config/0.log 2026-06-29T14:51:46.967661Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-d38e85412e8460a697144a21d0440409-pod_30afdcbe-e65b-4a7a-a1d4-d0420a20fcee/step-summary/0.log 2026-06-29T14:51:46.967667Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-d38e85412e8460a697144a21d0440409-pod_30afdcbe-e65b-4a7a-a1d4-d0420a20fcee/step-validate/0.log 2026-06-29T14:51:46.967674Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-d38e85412e8460a697144a21d0440409-pod_30afdcbe-e65b-4a7a-a1d4-d0420a20fcee/step-version/0.log 2026/06/29 14:51:45 Decoded script /tekton/scripts/script-2-b8rrl 2026/06/29 14:51:44 Entrypoint initialization 2026-06-29T14:51:51.075347Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-d38e85412e8460a697144a21d0440409-pod_30afdcbe-e65b-4a7a-a1d4-d0420a20fcee/step-initialize-tuf/0.log 2026-06-29T14:51:51.075386Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-d38e85412e8460a697144a21d0440409-pod_30afdcbe-e65b-4a7a-a1d4-d0420a20fcee/step-reduce/0.log 2026/06/29 14:51:49 INFO Step was skipped due to when expressions were evaluated to false. Single Component mode? false { "application": "", "componentGroup": "", "components": [ { "name": "", "version": "", "containerImage": "quay.io/konflux-ci/ec-golden-image:latest", "source": {} }, { "name": "", "version": "", "containerImage": "quay.io/konflux-ci/ec-golden-image:e2e-test-unacceptable-task", "source": {} } ], "artifacts": {} } 2026-06-29T14:52:05.431436Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-d38e85412e8460a697144a21d0440409-pod_30afdcbe-e65b-4a7a-a1d4-d0420a20fcee/step-assert/0.log 2026-06-29T14:52:05.431481Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-d38e85412e8460a697144a21d0440409-pod_30afdcbe-e65b-4a7a-a1d4-d0420a20fcee/step-detailed-report/0.log 2026-06-29T14:52:05.431521Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-d38e85412e8460a697144a21d0440409-pod_30afdcbe-e65b-4a7a-a1d4-d0420a20fcee/step-report-json/0.log 2026-06-29T14:52:05.431536Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-d38e85412e8460a697144a21d0440409-pod_30afdcbe-e65b-4a7a-a1d4-d0420a20fcee/step-show-config/0.log 2026-06-29T14:52:05.431547Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-d38e85412e8460a697144a21d0440409-pod_30afdcbe-e65b-4a7a-a1d4-d0420a20fcee/step-summary/0.log 2026-06-29T14:52:05.431567Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-d38e85412e8460a697144a21d0440409-pod_30afdcbe-e65b-4a7a-a1d4-d0420a20fcee/step-version/0.log {"success": true,"components": [{"name": "-sha256:bd819da15920ef731002630e2b2d49e03b3209ee5edae6c74f2094bb9825b7cf-arm64","containerImage": "quay.io/konflux-ci/ec-golden-image@sha256:bd819da15920ef731002630e2b2d49e03b3209ee5edae6c74f2094bb9825b7cf","source": {},"successes": [{"msg": "Pass","metadata": {"code": "attestation_type.known_attestation_type","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["attestation_type.pipelinerun_attestation_found"],"description": "Confirm the attestation found for the image has a known attestation type.","title": "Known attestation type found"}},{"msg": "Pass","metadata": {"code": "attestation_type.pipelinerun_attestation_found","collections": ["minimal","redhat","redhat_rpms","slsa3"],"description": "Confirm at least one PipelineRun attestation is present.","title": "PipelineRun attestation found"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.signature_check","description": "The attestation signature matches available signing materials.","title": "Attestation signature check passed"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.syntax_check","description": "The attestation has correct syntax.","title": "Attestation syntax check passed"}},{"msg": "Pass","metadata": {"code": "builtin.image.signature_check","description": "The image signature matches available signing materials.","title": "Image signature check passed"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.allowed_builder_ids_provided","collections": ["slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the `allowed_builder_ids` rule data was provided, since it is required by the policy rules in this package.","title": "Allowed builder IDs provided"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.slsa_builder_id_accepted","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the attestation attribute predicate.builder.id is set to one of the values in the `allowed_builder_ids` rule data, e.g. \"https://tekton.dev/chains/v2\".","title": "SLSA Builder ID is known and accepted"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.slsa_builder_id_found","collections": ["slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the attestation attribute predicate.builder.id is set.","title": "SLSA Builder ID found"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.build_script_used","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the predicate.buildConfig.tasks.steps attribute for the task responsible for building and pushing the image is not empty.","title": "Build task contains steps"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.build_task_image_results_found","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Confirm that a build task exists and it has the expected IMAGE_DIGEST and IMAGE_URL task results.","title": "Build task set image digest and url task results"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.subject_build_task_matches","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify the subject of the attestations matches the IMAGE_DIGEST and IMAGE_URL values from the build task.","title": "Provenance subject matches build task image result"}},{"msg": "Pass","metadata": {"code": "slsa_provenance_available.allowed_predicate_types_provided","collections": ["minimal","slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the `allowed_predicate_types` rule data was provided, since it is required by the policy rules in this package.","title": "Allowed predicate types provided"}},{"msg": "Pass","metadata": {"code": "slsa_provenance_available.attestation_predicate_type_accepted","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the predicateType field of the attestation indicates the in-toto SLSA Provenance format was used to attest the PipelineRun.","title": "Expected attestation predicate type found"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.attested_source_code_reference","collections": ["minimal","slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Attestation contains source reference.","title": "Source reference"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.expected_source_code_reference","collections": ["minimal","slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the provided source code reference is the one being attested.","title": "Expected source code reference"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.rule_data_provided","collections": ["minimal","slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the expected rule data keys have been provided in the expected format. The keys are `supported_vcs` and `supported_digests`.","title": "Rule data provided"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_format_okay","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Confirm at least one entry in the predicate.materials array of the attestation contains the expected attributes: uri and digest.sha1.","title": "Materials have uri and digest"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_include_git_sha","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that each entry in the predicate.materials array with a SHA-1 digest includes a valid Git commit SHA.","title": "Materials include git commit shas"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_uri_is_git_repo","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure each entry in the predicate.materials array with a SHA-1 digest includes a valid Git URI.","title": "Material uri is a git repo"}},{"msg": "Pass","metadata": {"code": "tasks.pipeline_has_tasks","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that at least one Task is present in the PipelineRun attestation.","title": "Pipeline run includes at least one task"}},{"msg": "Pass","metadata": {"code": "tasks.successful_pipeline_tasks","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["tasks.pipeline_has_tasks"],"description": "Ensure that all of the Tasks in the Pipeline completed successfully. Note that skipped Tasks are not taken into account and do not influence the outcome.","title": "Successful pipeline tasks"}}],"success": true,"signatures": [{"keyid": "","sig": "MEYCIQDAFKFnOSV+ZO53btaeKYBj9ME2NdgwhZHBvpe+FdPrKgIhALpDGT56tbbpn+Y7xX7I6G9Ggm3UD0MYEZYgZ/Jf0n7s"},{"keyid": "","sig": "MEYCIQCwccUeCezmpPt6+gFQUb625+udjgjabwf3JZKGyt7iuAIhAMSTjScJPNed9vmKj/eLIE4zuKkw+dD1CGOcSlHEYGqi"}],"attestations": [{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "tekton.dev/v1/PipelineRun","signatures": [{"keyid": "SHA256:IhiN7gY+Z3uSSd7tmj6w5Zfhqafzdhm3DZjIvGc6iYY","sig": "MEUCIFDe/HK4zGEf6ReCdi9lKIHt+F3RAQVbVz+9njVgeByoAiEA07g5JSnXBDpV2QlW7s4GuY7DoGVO8rwgOzJDsFR4Vhg="}]}]},{"name": "-sha256:4b8339806ff0774bdfc73676c57c6985fd311d8c8d0ea3062d13c00136f19414-amd64", "containerImage": "quay.io/konflux-ci/ec-golden-image@sha256:4b8339806ff0774bdfc73676c57c6985fd311d8c8d0ea3062d13c00136f19414","source": {},"successes": [{"msg": "Pass","metadata": {"code": "attestation_type.known_attestation_type","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["attestation_type.pipelinerun_attestation_found"],"description": "Confirm the attestation found for the image has a known attestation type.","title": "Known attestation type found"}},{"msg": "Pass","metadata": {"code": "attestation_type.pipelinerun_attestation_found","collections": ["minimal","redhat","redhat_rpms","slsa3"],"description": "Confirm at least one PipelineRun attestation is present.","title": "PipelineRun attestation found"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.signature_check","description": "The attestation signature matches available signing materials.","title": "Attestation signature check passed"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.syntax_check","description": "The attestation has correct syntax.","title": "Attestation syntax check passed"}},{"msg": "Pass","metadata": {"code": "builtin.image.signature_check","description": "The image signature matches available signing materials.","title": "Image signature check passed"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.allowed_builder_ids_provided","collections": ["slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the `allowed_builder_ids` rule data was provided, since it is required by the policy rules in this package.","title": "Allowed builder IDs provided"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.slsa_builder_id_accepted","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the attestation attribute predicate.builder.id is set to one of the values in the `allowed_builder_ids` rule data, e.g. \"https://tekton.dev/chains/v2\".","title": "SLSA Builder ID is known and accepted"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.slsa_builder_id_found","collections": ["slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the attestation attribute predicate.builder.id is set.","title": "SLSA Builder ID found"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.build_script_used","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the predicate.buildConfig.tasks.steps attribute for the task responsible for building and pushing the image is not empty.","title": "Build task contains steps"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.build_task_image_results_found","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Confirm that a build task exists and it has the expected IMAGE_DIGEST and IMAGE_URL task results.","title": "Build task set image digest and url task results"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.subject_build_task_matches","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify the subject of the attestations matches the IMAGE_DIGEST and IMAGE_URL values from the build task.","title": "Provenance subject matches build task image result"}},{"msg": "Pass","metadata": {"code": "slsa_provenance_available.allowed_predicate_types_provided","collections": ["minimal","slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the `allowed_predicate_types` rule data was provided, since it is required by the policy rules in this package.","title": "Allowed predicate types provided"}},{"msg": "Pass","metadata": {"code": "slsa_provenance_available.attestation_predicate_type_accepted","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the predicateType field of the attestation indicates the in-toto SLSA Provenance format was used to attest the PipelineRun.","title": "Expected attestation predicate type found"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.attested_source_code_reference","collections": ["minimal","slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Attestation contains source reference.","title": "Source reference"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.expected_source_code_reference","collections": ["minimal","slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the provided source code reference is the one being attested.","title": "Expected source code reference"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.rule_data_provided","collections": ["minimal","slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the expected rule data keys have been provided in the expected format. The keys are `supported_vcs` and `supported_digests`.","title": "Rule data provided"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_format_okay","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Confirm at least one entry in the predicate.materials array of the attestation contains the expected attributes: uri and digest.sha1.","title": "Materials have uri and digest"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_include_git_sha","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that each entry in the predicate.materials array with a SHA-1 digest includes a valid Git commit SHA.","title": "Materials include git commit shas"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_uri_is_git_repo","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure each entry in the predicate.materials array with a SHA-1 digest includes a valid Git URI.","title": "Material uri is a git repo"}},{"msg": "Pass","metadata": {"code": "tasks.pipeline_has_tasks","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that at least one Task is present in the PipelineRun attestation.","title": "Pipeline run includes at least one task"}},{"msg": "Pass","metadata": {"code": "tasks.successful_pipeline_tasks","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["tasks.pipeline_has_tasks"],"description": "Ensure that all of the Tasks in the Pipeline completed successfully. Note that skipped Tasks are not taken into account and do not influence the outcome.","title": "Successful pipeline tasks"}}],"success": true,"signatures": [{"keyid": "","sig": "MEUCIDClKcqP9YPbxNqrjMmnHiaOfanitDdnBlhFmjQ6BLtJAiEArcCsnbdruYcO3+U0I5lWaU61uOUyU+wfbEj0L+ZR+L0="},{"keyid": "","sig": "MEUCIQCpjCHf1LOrOwwyEkcivoYaDzQBLYDerGUXEJvjlVBnmgIgG5Zk2eQpGhuw2sfOQZbwrB8d3fp5JdZcemQw426vGwg="}],"attestations": [{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "tekton.dev/v1/PipelineRun","signatures": [{"keyid": "SHA256:IhiN7gY+Z3uSSd7tmj6w5Zfhqafzdhm3DZjIvGc6iYY","sig": "MEUCIFDe/HK4zGEf6ReCdi9lKIHt+F3RAQVbVz+9njVgeByoAiEA07g5JSnXBDpV2QlW7s4GuY7DoGVO8rwgOzJDsFR4Vhg="}]}]},{"name": "","containerImage": "quay.io/konflux-ci/ec-golden-image@sha256:304040ca1911aa4d911bd7c6d6d07193c57dc49dbc43e63828b42ab204fb1b25","source": {},"successes": [{"msg": "Pass","metadata": {"code": "attestation_type.known_attestation_type","collections": ["minimal","redhat","redhat_rpms","slsa3"], "depends_on": ["attestation_type.pipelinerun_attestation_found"],"description": "Confirm the attestation found for the image has a known attestation type.","title": "Known attestation type found"}},{"msg": "Pass","metadata": {"code": "attestation_type.pipelinerun_attestation_found","collections": ["minimal","redhat","redhat_rpms","slsa3"],"description": "Confirm at least one PipelineRun attestation is present.","title": "PipelineRun attestation found"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.signature_check","description": "The attestation signature matches available signing materials.","title": "Attestation signature check passed"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.syntax_check","description": "The attestation has correct syntax.","title": "Attestation syntax check passed"}},{"msg": "Pass","metadata": {"code": "builtin.image.signature_check","description": "The image signature matches available signing materials.","title": "Image signature check passed"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.allowed_builder_ids_provided","collections": ["slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the `allowed_builder_ids` rule data was provided, since it is required by the policy rules in this package.","title": "Allowed builder IDs provided"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.slsa_builder_id_accepted","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the attestation attribute predicate.builder.id is set to one of the values in the `allowed_builder_ids` rule data, e.g. \"https://tekton.dev/chains/v2\".","title": "SLSA Builder ID is known and accepted"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.slsa_builder_id_found","collections": ["slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the attestation attribute predicate.builder.id is set.","title": "SLSA Builder ID found"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.build_script_used","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the predicate.buildConfig.tasks.steps attribute for the task responsible for building and pushing the image is not empty.","title": "Build task contains steps"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.build_task_image_results_found","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Confirm that a build task exists and it has the expected IMAGE_DIGEST and IMAGE_URL task results.","title": "Build task set image digest and url task results"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.subject_build_task_matches","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify the subject of the attestations matches the IMAGE_DIGEST and IMAGE_URL values from the build task.","title": "Provenance subject matches build task image result"}},{"msg": "Pass","metadata": {"code": "slsa_provenance_available.allowed_predicate_types_provided","collections": ["minimal","slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the `allowed_predicate_types` rule data was provided, since it is required by the policy rules in this package.","title": "Allowed predicate types provided"}},{"msg": "Pass","metadata": {"code": "slsa_provenance_available.attestation_predicate_type_accepted","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the predicateType field of the attestation indicates the in-toto SLSA Provenance format was used to attest the PipelineRun.","title": "Expected attestation predicate type found"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.attested_source_code_reference","collections": ["minimal","slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Attestation contains source reference.","title": "Source reference"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.expected_source_code_reference","collections": ["minimal","slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the provided source code reference is the one being attested.","title": "Expected source code reference"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.rule_data_provided","collections": ["minimal","slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the expected rule data keys have been provided in the expected format. The keys are `supported_vcs` and `supported_digests`.","title": "Rule data provided"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_format_okay","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Confirm at least one entry in the predicate.materials array of the attestation contains the expected attributes: uri and digest.sha1.","title": "Materials have uri and digest"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_include_git_sha","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that each entry in the predicate.materials array with a SHA-1 digest includes a valid Git commit SHA.","title": "Materials include git commit shas"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_uri_is_git_repo","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure each entry in the predicate.materials array with a SHA-1 digest includes a valid Git URI.","title": "Material uri is a git repo"}},{"msg": "Pass","metadata": {"code": "tasks.pipeline_has_tasks","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that at least one Task is present in the PipelineRun attestation.","title": "Pipeline run includes at least one task"}},{"msg": "Pass","metadata": {"code": "tasks.successful_pipeline_tasks","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["tasks.pipeline_has_tasks"],"description": "Ensure that all of the Tasks in the Pipeline completed successfully. Note that skipped Tasks are not taken into account and do not influence the outcome.","title": "Successful pipeline tasks"}}],"success": true,"signatures": [{"keyid": "","sig": "MEUCIQD86lmOqCovYZDPKm0XxxsLgDQcFIFAv+QZxrFSHmCvQAIgTd1I005ox8MfABqsAen6PZEyg2MCEQNBCx1NLS3V0JQ="}],"attestations": [{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "tekton.dev/v1beta1/TaskRun","signatures": [{"keyid": "SHA256:IhiN7gY+Z3uSSd7tmj6w5Zfhqafzdhm3DZjIvGc6iYY","sig": "MEUCIQDcgZIwEkLFqD7U9HrobgEC8Jo7wm+xJ5AoyO3qg+aj8QIgb9xDpjYGRMmpVk+QATeVKlHonzBiu51HtT3J+lQXPXc="}]},{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "tekton.dev/v1beta1/PipelineRun","signatures": [{"keyid": "SHA256:IhiN7gY+Z3uSSd7tmj6w5Zfhqafzdhm3DZjIvGc6iYY","sig": "MEYCIQDKSihaAR/zAhJhR5GCqleDvfUUtvRw61vk0YeTBAnOSQIhAKa09B4yEfaSJronmWBFbu5cVPNxm17CMl/PElEz1POa"}]}]},{"name": "","containerImage": "quay.io/konflux-ci/ec-golden-image@sha256:0e61e9c81f2e5f05c82aa07135835be5c14e5d4fb7e49734cc581c3856875c8d","source": {},"successes": [{"msg": "Pass","metadata": {"code": "attestation_type.known_attestation_type","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["attestation_type.pipelinerun_attestation_found"], "description": "Confirm the attestation found for the image has a known attestation type.","title": "Known attestation type found"}},{"msg": "Pass","metadata": {"code": "attestation_type.pipelinerun_attestation_found","collections": ["minimal","redhat","redhat_rpms","slsa3"],"description": "Confirm at least one PipelineRun attestation is present.","title": "PipelineRun attestation found"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.signature_check","description": "The attestation signature matches available signing materials.","title": "Attestation signature check passed"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.syntax_check","description": "The attestation has correct syntax.","title": "Attestation syntax check passed"}},{"msg": "Pass","metadata": {"code": "builtin.image.signature_check","description": "The image signature matches available signing materials.","title": "Image signature check passed"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.allowed_builder_ids_provided","collections": ["slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the `allowed_builder_ids` rule data was provided, since it is required by the policy rules in this package.","title": "Allowed builder IDs provided"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.slsa_builder_id_accepted","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the attestation attribute predicate.builder.id is set to one of the values in the `allowed_builder_ids` rule data, e.g. \"https://tekton.dev/chains/v2\".","title": "SLSA Builder ID is known and accepted"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.slsa_builder_id_found","collections": ["slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the attestation attribute predicate.builder.id is set.","title": "SLSA Builder ID found"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.build_script_used","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the predicate.buildConfig.tasks.steps attribute for the task responsible for building and pushing the image is not empty.","title": "Build task contains steps"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.build_task_image_results_found","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Confirm that a build task exists and it has the expected IMAGE_DIGEST and IMAGE_URL task results.","title": "Build task set image digest and url task results"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.subject_build_task_matches","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify the subject of the attestations matches the IMAGE_DIGEST and IMAGE_URL values from the build task.","title": "Provenance subject matches build task image result"}},{"msg": "Pass","metadata": {"code": "slsa_provenance_available.allowed_predicate_types_provided","collections": ["minimal","slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the `allowed_predicate_types` rule data was provided, since it is required by the policy rules in this package.","title": "Allowed predicate types provided"}},{"msg": "Pass","metadata": {"code": "slsa_provenance_available.attestation_predicate_type_accepted","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the predicateType field of the attestation indicates the in-toto SLSA Provenance format was used to attest the PipelineRun.","title": "Expected attestation predicate type found"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.attested_source_code_reference","collections": ["minimal","slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Attestation contains source reference.","title": "Source reference"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.expected_source_code_reference","collections": ["minimal","slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the provided source code reference is the one being attested.","title": "Expected source code reference"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.rule_data_provided","collections": ["minimal","slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the expected rule data keys have been provided in the expected format. The keys are `supported_vcs` and `supported_digests`.","title": "Rule data provided"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_format_okay","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Confirm at least one entry in the predicate.materials array of the attestation contains the expected attributes: uri and digest.sha1.","title": "Materials have uri and digest"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_include_git_sha","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that each entry in the predicate.materials array with a SHA-1 digest includes a valid Git commit SHA.","title": "Materials include git commit shas"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_uri_is_git_repo","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure each entry in the predicate.materials array with a SHA-1 digest includes a valid Git URI.","title": "Material uri is a git repo"}},{"msg": "Pass","metadata": {"code": "tasks.pipeline_has_tasks","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that at least one Task is present in the PipelineRun attestation.","title": "Pipeline run includes at least one task"}},{"msg": "Pass","metadata": {"code": "tasks.successful_pipeline_tasks","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["tasks.pipeline_has_tasks"],"description": "Ensure that all of the Tasks in the Pipeline completed successfully. Note that skipped Tasks are not taken into account and do not influence the outcome.","title": "Successful pipeline tasks"}}],"success": true,"signatures": [{"keyid": "","sig": "MEUCIH1WSpsKcqzY11HkZUBkW2EtnAsuE1DXjFSvEMiekoYhAiEA8DWjnDJelQVizV67I8B3hE7HzqVdoitHQYtE52UYnfU="}],"attestations": [{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "tekton.dev/v1/PipelineRun","signatures": [{"keyid": "SHA256:IhiN7gY+Z3uSSd7tmj6w5Zfhqafzdhm3DZjIvGc6iYY","sig": "MEUCIFDe/HK4zGEf6ReCdi9lKIHt+F3RAQVbVz+9njVgeByoAiEA07g5JSnXBDpV2QlW7s4GuY7DoGVO8rwgOzJDsFR4Vhg="}]}]}],"key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZP/0htjhVt2y0ohjgtIIgICOtQtA\nnaYJRuLprwIv6FDhZ5yFjYUEtsmoNcW7rx2KM6FOXGsCX3BNc7qhHELT+g==\n-----END PUBLIC KEY-----\n","policy": {"name": "Default","description": "Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new Konflux applications. Source: https://github.com/conforma/config/blob/main/default/policy.yaml","sources": [{"name": "Default","policy": ["oci::quay.io/enterprise-contract/ec-release-policy:konflux@sha256:614408c473895bc7263173ccadcbf782e0c3c7c0a8c10851e6b0c94b5ea448c1"],"data": ["git::github.com/release-engineering/rhtap-ec-policy//data?ref=e7ebca9822d7378140b7207c7bc7062fa883dd5f", { "policy": { "name": "Default", "description": "Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new Konflux applications. Source: https://github.com/conforma/config/blob/main/default/policy.yaml", "sources": [ { "name": "Default", "policy": [ "oci::quay.io/enterprise-contract/ec-release-policy:konflux@sha256:614408c473895bc7263173ccadcbf782e0c3c7c0a8c10851e6b0c94b5ea448c1" ], "data": [ "git::github.com/release-engineering/rhtap-ec-policy//data?ref=e7ebca9822d7378140b7207c7bc7062fa883dd5f", "oci::quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles:latest@sha256:a84185f081bd2514cd8a48b38db2daf8a5964779c4c56c5c1c9a5fcff51e2a6b", "oci::quay.io/konflux-ci/konflux-vanguard/data-acceptable-bundles:latest@sha256:0b31c7bc77a7463a1bc52f3d3625ef0e0e75443da7fd2de8005d7885282138ea", "oci::quay.io/konflux-ci/integration-service-catalog/data-acceptable-bundles:latest@sha256:7b00455045ea3873a72caeb1e7ac7d036bd53963a26409891a4cc9d0d242b9fc" ], "config": { "exclude": [ "slsa_source_correlated.source_code_reference_provided" ], "include": [ "@slsa3" ] } } ], "publicKey": "k8s://chains-e2e-fmfy/golden-image-public-keyzuuccqxwso" }, "key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZP/0htjhVt2y0ohjgtIIgICOtQtA\nnaYJRuLprwIv6FDhZ5yFjYUEtsmoNcW7rx2KM6FOXGsCX3BNc7qhHELT+g==\n-----END PUBLIC KEY-----\n", "effective-time": "2026-06-29T14:51:50.09122359Z" } Success: true Result: SUCCESS Violations: 0, Warnings: 0, Successes: 84 Components: - Name: -sha256:bd819da15920ef731002630e2b2d49e03b3209ee5edae6c74f2094bb9825b7cf-arm64 ImageRef: quay.io/konflux-ci/ec-golden-image@sha256:bd819da15920ef731002630e2b2d49e03b3209ee5edae6c74f2094bb9825b7cf Violations: 0, Warnings: 0, Successes: 21 - Name: -sha256:4b8339806ff0774bdfc73676c57c6985fd311d8c8d0ea3062d13c00136f19414-amd64 ImageRef: quay.io/konflux-ci/ec-golden-image@sha256:4b8339806ff0774bdfc73676c57c6985fd311d8c8d0ea3062d13c00136f19414 Violations: 0, Warnings: 0, Successes: 21 - Name: ImageRef: quay.io/konflux-ci/ec-golden-image@sha256:304040ca1911aa4d911bd7c6d6d07193c57dc49dbc43e63828b42ab204fb1b25 Violations: 0, Warnings: 0, Successes: 21 - Name: ImageRef: quay.io/konflux-ci/ec-golden-image@sha256:0e61e9c81f2e5f05c82aa07135835be5c14e5d4fb7e49734cc581c3856875c8d Violations: 0, Warnings: 0, Successes: 21 Version v0.9.25 Source ID b345847182602d9a5ce9e957fa76fe02575c8018 Change date 2026-04-27 12:52:43 +0000 UTC (9 weeks ago) ECC v0.1.7 OPA v1.15.2 Conftest v0.68.2 Cosign v3.0.4 Sigstore v1.10.4 Rekor v1.5.0 Tekton Pipeline v1.9.2 Kubernetes Client v0.35.0 true { "timestamp": "1782744722", "namespace": "", "successes": 84, "failures": 0, "warnings": 0, "result": "SUCCESS" } "oci::quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles:latest@sha256:a84185f081bd2514cd8a48b38db2daf8a5964779c4c56c5c1c9a5fcff51e2a6b","oci::quay.io/konflux-ci/konflux-vanguard/data-acceptable-bundles:latest@sha256:0b31c7bc77a7463a1bc52f3d3625ef0e0e75443da7fd2de8005d7885282138ea","oci::quay.io/konflux-ci/integration-service-catalog/data-acceptable-bundles:latest@sha256:7b00455045ea3873a72caeb1e7ac7d036bd53963a26409891a4cc9d0d242b9fc"],"config": {"exclude": ["slsa_source_correlated.source_code_reference_provided"],"include": ["@slsa3"]}}],"publicKey": "k8s://chains-e2e-fmfy/golden-image-public-keyzuuccqxwso"},"ec-version": "v0.9.25","effective-time": "2026-06-29T14:51:50.09122359Z"} 2026-06-29T14:53:04.890574Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-c2fca85658cf4f7b54e0aa2ba41d86c9-pod_23c2ec4a-ab17-4580-a83a-30e6532879bb/place-scripts/0.log 2026-06-29T14:53:04.890615Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-c2fca85658cf4f7b54e0aa2ba41d86c9-pod_23c2ec4a-ab17-4580-a83a-30e6532879bb/prepare/0.log 2026-06-29T14:53:05.924951Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-c2fca85658cf4f7b54e0aa2ba41d86c9-pod_23c2ec4a-ab17-4580-a83a-30e6532879bb/step-initialize-tuf/0.log 2026-06-29T14:53:05.924983Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-c2fca85658cf4f7b54e0aa2ba41d86c9-pod_23c2ec4a-ab17-4580-a83a-30e6532879bb/step-reduce/0.log 2026-06-29T14:53:05.924990Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-c2fca85658cf4f7b54e0aa2ba41d86c9-pod_23c2ec4a-ab17-4580-a83a-30e6532879bb/step-report-json/0.log 2026-06-29T14:53:05.924997Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-c2fca85658cf4f7b54e0aa2ba41d86c9-pod_23c2ec4a-ab17-4580-a83a-30e6532879bb/step-validate/0.log 2026-06-29T14:53:06.951369Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-c2fca85658cf4f7b54e0aa2ba41d86c9-pod_23c2ec4a-ab17-4580-a83a-30e6532879bb/step-assert/0.log 2026-06-29T14:53:06.951401Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-c2fca85658cf4f7b54e0aa2ba41d86c9-pod_23c2ec4a-ab17-4580-a83a-30e6532879bb/step-detailed-report/0.log 2026-06-29T14:53:06.951420Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-c2fca85658cf4f7b54e0aa2ba41d86c9-pod_23c2ec4a-ab17-4580-a83a-30e6532879bb/step-show-config/0.log 2026-06-29T14:53:06.951427Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-c2fca85658cf4f7b54e0aa2ba41d86c9-pod_23c2ec4a-ab17-4580-a83a-30e6532879bb/step-summary/0.log 2026-06-29T14:53:06.951438Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-c2fca85658cf4f7b54e0aa2ba41d86c9-pod_23c2ec4a-ab17-4580-a83a-30e6532879bb/step-version/0.log 2026/06/29 14:53:04 Decoded script /tekton/scripts/script-2-vschb 2026/06/29 14:53:04 Entrypoint initialization 2026-06-29T14:53:09.001330Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-c2fca85658cf4f7b54e0aa2ba41d86c9-pod_23c2ec4a-ab17-4580-a83a-30e6532879bb/step-initialize-tuf/0.log 2026-06-29T14:53:09.001374Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-c2fca85658cf4f7b54e0aa2ba41d86c9-pod_23c2ec4a-ab17-4580-a83a-30e6532879bb/step-reduce/0.log Single Component mode? false { "application": "", "componentGroup": "", "components": [ { "name": "", "version": "", "containerImage": "quay.io/redhat-appstudio-qe/enterprise-contract-tests:e2e-test-unpinned-task-bundle", "source": {} } ], "artifacts": {} } 2026/06/29 14:53:08 INFO Step was skipped due to when expressions were evaluated to false. 2026-06-29T14:53:19.260994Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-c2fca85658cf4f7b54e0aa2ba41d86c9-pod_23c2ec4a-ab17-4580-a83a-30e6532879bb/step-assert/0.log 2026-06-29T14:53:19.261040Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-c2fca85658cf4f7b54e0aa2ba41d86c9-pod_23c2ec4a-ab17-4580-a83a-30e6532879bb/step-detailed-report/0.log 2026-06-29T14:53:19.261080Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-c2fca85658cf4f7b54e0aa2ba41d86c9-pod_23c2ec4a-ab17-4580-a83a-30e6532879bb/step-report-json/0.log 2026-06-29T14:53:19.261097Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-c2fca85658cf4f7b54e0aa2ba41d86c9-pod_23c2ec4a-ab17-4580-a83a-30e6532879bb/step-show-config/0.log 2026-06-29T14:53:19.261110Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-c2fca85658cf4f7b54e0aa2ba41d86c9-pod_23c2ec4a-ab17-4580-a83a-30e6532879bb/step-summary/0.log 2026-06-29T14:53:19.261128Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/chains-e2e-fmfy_verify-enterprise-contract-c2fca85658cf4f7b54e0aa2ba41d86c9-pod_23c2ec4a-ab17-4580-a83a-30e6532879bb/step-version/0.log {"success": true,"components": [{"name": "","containerImage": "quay.io/redhat-appstudio-qe/enterprise-contract-tests@sha256:c1a2330b0117c4ccd642ba95539a499ae54f0282b124f0514ee57b274d674f10","source": {},"warnings": [{"msg": "Pipeline task \"build-container\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-1@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "buildah","title": "Task references are pinned"}},{"msg": "Pipeline task \"clamav-scan\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-1@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "clamav-scan","title": "Task references are pinned"}},{"msg": "Pipeline task \"appstudio-configure-build\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-1@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "configure-build","title": "Task references are pinned"}},{"msg": "Pipeline task \"conftest-clair\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-1@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "conftest-clair","title": "Task references are pinned"}},{"msg": "Pipeline task \"deprecated-base-image-check\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-1@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "deprecated-image-check","title": "Task references are pinned"}},{"msg": "Pipeline task \"get-clair-results\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-1@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "get-clair-scan","title": "Task references are pinned"}},{"msg": "Pipeline task \"clone-repository\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-1@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "git-clone","title": "Task references are pinned"}},{"msg": "Pipeline task \"hacbs-test-evaluation\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-1@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "hacbs-test-evaluation","title": "Task references are pinned"}},{"msg": "Pipeline task \"appstudio-init\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-1@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "init","title": "Task references are pinned"}},{"msg": "Pipeline task \"sanity-inspect-image\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-2@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "sanity-inspect-image","title": "Task references are pinned"}},{"msg": "Pipeline task \"sanity-label-check\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-2@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.", Success: true Result: WARNING Violations: 0, Warnings: 16, Successes: 3 Component: ImageRef: quay.io/redhat-appstudio-qe/enterprise-contract-tests@sha256:c1a2330b0117c4ccd642ba95539a499ae54f0282b124f0514ee57b274d674f10 Results: › [Warning] trusted_task.pinned ImageRef: quay.io/redhat-appstudio-qe/enterprise-contract-tests@sha256:c1a2330b0117c4ccd642ba95539a499ae54f0282b124f0514ee57b274d674f10 Reason: Pipeline task "build-container" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-1@ Term: buildah Title: Task references are pinned Description: Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest. Solution: Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description. › [Warning] trusted_task.pinned ImageRef: quay.io/redhat-appstudio-qe/enterprise-contract-tests@sha256:c1a2330b0117c4ccd642ba95539a499ae54f0282b124f0514ee57b274d674f10 Reason: Pipeline task "clamav-scan" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-1@ Term: clamav-scan Title: Task references are pinned Description: Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest. Solution: Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description. › [Warning] trusted_task.pinned ImageRef: quay.io/redhat-appstudio-qe/enterprise-contract-tests@sha256:c1a2330b0117c4ccd642ba95539a499ae54f0282b124f0514ee57b274d674f10 Reason: Pipeline task "appstudio-configure-build" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-1@ Term: configure-build Title: Task references are pinned Description: Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest. Solution: Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description. › [Warning] trusted_task.pinned ImageRef: quay.io/redhat-appstudio-qe/enterprise-contract-tests@sha256:c1a2330b0117c4ccd642ba95539a499ae54f0282b124f0514ee57b274d674f10 Reason: Pipeline task "conftest-clair" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-1@ Term: conftest-clair Title: Task references are pinned Description: Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest. Solution: Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description. › [Warning] trusted_task.pinned ImageRef: quay.io/redhat-appstudio-qe/enterprise-contract-tests@sha256:c1a2330b0117c4ccd642ba95539a499ae54f0282b124f0514ee57b274d674f10 Reason: Pipeline task "deprecated-base-image-check" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-1@ Term: deprecated-image-check Title: Task references are pinned Description: Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest. Solution: Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description. › [Warning] trusted_task.pinned ImageRef: quay.io/redhat-appstudio-qe/enterprise-contract-tests@sha256:c1a2330b0117c4ccd642ba95539a499ae54f0282b124f0514ee57b274d674f10 Reason: Pipeline task "get-clair-results" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-1@ Term: get-clair-scan Title: Task references are pinned Description: Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest. Solution: Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description. › [Warning] trusted_task.pinned ImageRef: quay.io/redhat-appstudio-qe/enterprise-contract-tests@sha256:c1a2330b0117c4ccd642ba95539a499ae54f0282b124f0514ee57b274d674f10 Reason: Pipeline task "clone-repository" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-1@ Term: git-clone Title: Task references are pinned Description: Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest. Solution: Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description. › [Warning] trusted_task.pinned ImageRef: quay.io/redhat-appstudio-qe/enterprise-contract-tests@sha256:c1a2330b0117c4ccd642ba95539a499ae54f0282b124f0514ee57b274d674f10 Reason: Pipeline task "hacbs-test-evaluation" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-1@ Term: hacbs-test-evaluation Title: Task references are pinned Description: Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest. Solution: Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description. › [Warning] trusted_task.pinned ImageRef: quay.io/redhat-appstudio-qe/enterprise-contract-tests@sha256:c1a2330b0117c4ccd642ba95539a499ae54f0282b124f0514ee57b274d674f10 Reason: Pipeline task "appstudio-init" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-1@ Term: init Title: Task references are pinned Description: Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest. Solution: Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description. › [Warning] trusted_task.pinned ImageRef: quay.io/redhat-appstudio-qe/enterprise-contract-tests@sha256:c1a2330b0117c4ccd642ba95539a499ae54f0282b124f0514ee57b274d674f10 Reason: Pipeline task "sanity-inspect-image" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-2@ Term: sanity-inspect-image Title: Task references are pinned Description: Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest. Solution: Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description. › [Warning] trusted_task.pinned ImageRef: quay.io/redhat-appstudio-qe/enterprise-contract-tests@sha256:c1a2330b0117c4ccd642ba95539a499ae54f0282b124f0514ee57b274d674f10 Reason: Pipeline task "sanity-label-check" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-2@ Term: sanity-label-check Title: Task references are pinned Description: Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest. Solution: Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description. › [Warning] trusted_task.pinned ImageRef: quay.io/redhat-appstudio-qe/enterprise-contract-tests@sha256:c1a2330b0117c4ccd642ba95539a499ae54f0282b124f0514ee57b274d674f10 Reason: Pipeline task "sanity-optional-label-check" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-2@ Term: sanity-label-check Title: Task references are pinned Description: Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest. Solution: Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description. › [Warning] trusted_task.pinned ImageRef: quay.io/redhat-appstudio-qe/enterprise-contract-tests@sha256:c1a2330b0117c4ccd642ba95539a499ae54f0282b124f0514ee57b274d674f10 Reason: Pipeline task "sast-go" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-2@ Term: sast-go Title: Task references are pinned Description: Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest. Solution: Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description. › [Warning] trusted_task.pinned ImageRef: quay.io/redhat-appstudio-qe/enterprise-contract-tests@sha256:c1a2330b0117c4ccd642ba95539a499ae54f0282b124f0514ee57b274d674f10 Reason: Pipeline task "sast-java-sec-check" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-2@ Term: sast-java-sec-check Title: Task references are pinned Description: Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest. Solution: Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description. › [Warning] trusted_task.pinned ImageRef: quay.io/redhat-appstudio-qe/enterprise-contract-tests@sha256:c1a2330b0117c4ccd642ba95539a499ae54f0282b124f0514ee57b274d674f10 Reason: Pipeline task "sast-snyk-check" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-2@ Term: sast-snyk-check Title: Task references are pinned Description: Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest. Solution: Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description. › [Warning] trusted_task.pinned ImageRef: quay.io/redhat-appstudio-qe/enterprise-contract-tests@sha256:c1a2330b0117c4ccd642ba95539a499ae54f0282b124f0514ee57b274d674f10 Reason: Pipeline task "show-summary" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-2@ Term: summary Title: Task references are pinned Description: Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest. Solution: Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description. For more information about policy issues, see the policy documentation: https://conforma.dev/docs/policy/ Version v0.9.25 Source ID b345847182602d9a5ce9e957fa76fe02575c8018 Change date 2026-04-27 12:52:43 +0000 UTC (9 weeks ago) ECC v0.1.7 OPA v1.15.2 Conftest v0.68.2 Cosign v3.0.4 Sigstore v1.10.4 Rekor v1.5.0 Tekton Pipeline v1.9.2 Kubernetes Client v0.35.0 { "timestamp": "1782744796", "namespace": "", "successes": 3, "failures": 0, "warnings": 16, "result": "WARNING" } true { "policy": { "name": "Default", "description": "Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new Konflux applications. Source: https://github.com/conforma/config/blob/main/default/policy.yaml", "sources": [ { "name": "Default", "policy": [ "oci::quay.io/enterprise-contract/ec-release-policy:konflux@sha256:614408c473895bc7263173ccadcbf782e0c3c7c0a8c10851e6b0c94b5ea448c1" ], "data": [ "git::github.com/release-engineering/rhtap-ec-policy//data?ref=e7ebca9822d7378140b7207c7bc7062fa883dd5f", "oci::quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles:latest@sha256:a84185f081bd2514cd8a48b38db2daf8a5964779c4c56c5c1c9a5fcff51e2a6b", "oci::quay.io/konflux-ci/konflux-vanguard/data-acceptable-bundles:latest@sha256:0b31c7bc77a7463a1bc52f3d3625ef0e0e75443da7fd2de8005d7885282138ea", "oci::quay.io/konflux-ci/integration-service-catalog/data-acceptable-bundles:latest@sha256:7b00455045ea3873a72caeb1e7ac7d036bd53963a26409891a4cc9d0d242b9fc" ], "config": { "include": [ "trusted_task.pinned" ] } } ], "publicKey": "k8s://chains-e2e-fmfy/unpinned-task-bundle-public-keypztalvmbqu" }, "key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPfwkY/ru2JRd6FSqIp7lT3gzjaEC\nEAg+paWtlme2KNcostCsmIbwz+bc2aFV+AxCOpRjRpp3vYrbS5KhkmgC1Q==\n-----END PUBLIC KEY-----\n", "effective-time": "2026-06-29T14:53:09.228640302Z" } "solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "sanity-label-check","title": "Task references are pinned"}},{"msg": "Pipeline task \"sanity-optional-label-check\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-2@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "sanity-label-check","title": "Task references are pinned"}},{"msg": "Pipeline task \"sast-go\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-2@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "sast-go","title": "Task references are pinned"}},{"msg": "Pipeline task \"sast-java-sec-check\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-2@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "sast-java-sec-check","title": "Task references are pinned"}},{"msg": "Pipeline task \"sast-snyk-check\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-2@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "sast-snyk-check","title": "Task references are pinned"}},{"msg": "Pipeline task \"show-summary\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-2@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "summary","title": "Task references are pinned"}}],"successes": [{"msg": "Pass","metadata": {"code": "builtin.attestation.signature_check","description": "The attestation signature matches available signing materials.","title": "Attestation signature check passed"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.syntax_check","description": "The attestation has correct syntax.","title": "Attestation syntax check passed"}},{"msg": "Pass","metadata": {"code": "builtin.image.signature_check","description": "The image signature matches available signing materials.","title": "Image signature check passed"}}],"success": true,"signatures": [{"keyid": "","sig": "MEYCIQD0M+eFk8KPeOHvC6GNIQkaJGZvtOvvDqBvzi+qYgiS2gIhAP7stpq7Nl9vpF4tjqLC7/gr6t5yXc9Y353Btfe3DcEM"},{"keyid": "","sig": "MEUCIDkj9PKADlbayhD4DIUm5SRw2pCzSTeak1dJHAZOyQyQAiEApp4BQneeSKSbKbojFEzeJbVTPGBQrA7QnTzTblnU7nE="}],"attestations": [{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "https://tekton.dev/attestations/chains@v2","signatures": [{"keyid": "SHA256:w1ABTR6Lt6NlJapY8sIR8F2BvXZ6qn2q+GrC+jWwpqE","sig": "MEQCICXkO7VwYxRHIYd+EbSeIvN+tKMyM4YSZkbUewMSefclAiBCoWnkdF5X4z6rY2YnOlwF5NrrPJh4f/tIvGJe1E3HIQ=="}]},{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "https://tekton.dev/attestations/chains@v2","signatures": [{"keyid": "SHA256:w1ABTR6Lt6NlJapY8sIR8F2BvXZ6qn2q+GrC+jWwpqE","sig": "MEUCIQCmcnxF+boyOwR1RSLnZHUJgGtuQ5y0pm+hBjAhyb9TOwIgTtn/WYNIDWeW9WEALawsVBBtcsdeG91wuwIHpYo2zpc="}]},{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "https://tekton.dev/attestations/chains/pipelinerun@v2","signatures": [{"keyid": "SHA256:w1ABTR6Lt6NlJapY8sIR8F2BvXZ6qn2q+GrC+jWwpqE","sig": "MEUCIQCrK8Zvo5I45A0j/gvxmsJV30nb6/iQxQVeOMhELH964AIgXm12BtB+JHO5YWoFZAAAR+yMrpgeNBvn5vvVLYoYpHA="}]}]}],"key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPfwkY/ru2JRd6FSqIp7lT3gzjaEC\nEAg+paWtlme2KNcostCsmIbwz+bc2aFV+AxCOpRjRpp3vYrbS5KhkmgC1Q==\n-----END PUBLIC KEY-----\n","policy": {"name": "Default","description": "Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new Konflux applications. Source: https://github.com/conforma/config/blob/main/default/policy.yaml","sources": [{"name": "Default","policy": ["oci::quay.io/enterprise-contract/ec-release-policy:konflux@sha256:614408c473895bc7263173ccadcbf782e0c3c7c0a8c10851e6b0c94b5ea448c1"],"data": ["git::github.com/release-engineering/rhtap-ec-policy//data?ref=e7ebca9822d7378140b7207c7bc7062fa883dd5f","oci::quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles:latest@sha256:a84185f081bd2514cd8a48b38db2daf8a5964779c4c56c5c1c9a5fcff51e2a6b","oci::quay.io/konflux-ci/konflux-vanguard/data-acceptable-bundles:latest@sha256:0b31c7bc77a7463a1bc52f3d3625ef0e0e75443da7fd2de8005d7885282138ea","oci::quay.io/konflux-ci/integration-service-catalog/data-acceptable-bundles:latest@sha256:7b00455045ea3873a72caeb1e7ac7d036bd53963a26409891a4cc9d0d242b9fc"],"config": {"include": ["trusted_task.pinned"]}}],"publicKey": "k8s://chains-e2e-fmfy/unpinned-task-bundle-public-keypztalvmbqu"},"ec-version": "v0.9.25","effective-time": "2026-06-29T14:53:09.228640302Z"} 2026-06-29T16:00:23.499220Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/mintmaker_renovate-06291600-26e86396-build-pod_5a4a240c-65ed-4644-9327-056394d0ce4d/place-scripts/0.log 2026-06-29T16:00:23.499265Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/mintmaker_renovate-06291600-26e86396-build-pod_5a4a240c-65ed-4644-9327-056394d0ce4d/prepare/0.log 2026/06/29 16:00:22 Entrypoint initialization 2026/06/29 16:00:23 Decoded script /tekton/scripts/script-0-2cwzd 2026/06/29 16:00:23 Decoded script /tekton/scripts/script-1-bxsft 2026/06/29 16:00:23 Decoded script /tekton/scripts/script-2-xd9bg 2026-06-29T16:00:29.659448Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/mintmaker_renovate-06291600-26e86396-build-pod_5a4a240c-65ed-4644-9327-056394d0ce4d/step-prepare-db/0.log 2026-06-29T16:00:31.719635Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Found new file to watch. file=/var/log/pods/mintmaker_renovate-06291600-26e86396-build-pod_5a4a240c-65ed-4644-9327-056394d0ce4d/step-prepare-rpm-cert/0.log 2026/06/29 16:00:28 warning: unsuccessful cred copy: ".docker" from "/tekton/creds" to "/": unable to create destination directory: mkdir /.docker: permission denied 2026/06/29 16:00:31 warning: unsuccessful cred copy: ".docker" from "/tekton/creds" to "/root": unable to create destination directory: mkdir /root/.docker: permission denied 2026-06-29T16:02:26.540778Z WARN source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Currently ignoring file too small to fingerprint. file=/var/log/pods/mintmaker_renovate-06291600-26e86396-build-pod_5a4a240c-65ed-4644-9327-056394d0ce4d/step-renovate/0.log 2026-06-29T16:02:30.641497Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Stopped watching file. file=/var/log/pods/mintmaker_renovate-06291600-26e86396-build-pod_5a4a240c-65ed-4644-9327-056394d0ce4d/step-prepare-db/0.log reached_eof="true" 2026-06-29T16:02:32.691257Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Stopped watching file. file=/var/log/pods/mintmaker_renovate-06291600-26e86396-build-pod_5a4a240c-65ed-4644-9327-056394d0ce4d/place-scripts/0.log reached_eof="true" 2026-06-29T16:02:32.691308Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Stopped watching file. file=/var/log/pods/mintmaker_renovate-06291600-26e86396-build-pod_5a4a240c-65ed-4644-9327-056394d0ce4d/prepare/0.log reached_eof="true" 2026-06-29T16:02:32.691320Z INFO source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Stopped watching file. file=/var/log/pods/mintmaker_renovate-06291600-26e86396-build-pod_5a4a240c-65ed-4644-9327-056394d0ce4d/step-prepare-rpm-cert/0.log reached_eof="true"