{"success":true,"components":[{"name":"","containerImage":"quay.io/rhtap_qe/backend-tests-go-wzxjpjqg@sha256:b7634e829f2e694abb9ee0ea643ee507a8150caf3f036d26bde691e0a75e97e1","source":{},"successes":[{"msg":"Pass","metadata":{"code":"builtin.attestation.signature_check","description":"The attestation signature matches available signing materials.","title":"Attestation signature check passed"}},{"msg":"Pass","metadata":{"code":"builtin.attestation.syntax_check","description":"The attestation has correct syntax.","title":"Attestation syntax check passed"}},{"msg":"Pass","metadata":{"code":"builtin.image.signature_check","description":"The image signature matches available signing materials.","title":"Image signature check passed"}},{"msg":"Pass","metadata":{"code":"slsa_build_build_service.allowed_builder_ids_provided","collections":["slsa3","redhat","redhat_rpms","policy_data"],"description":"Confirm the `allowed_builder_ids` rule data was provided, since it is required by the policy rules in this package.","title":"Allowed builder IDs provided"}},{"msg":"Pass","metadata":{"code":"slsa_build_build_service.slsa_builder_id_accepted","collections":["slsa3","redhat","redhat_rpms"],"depends_on":["attestation_type.known_attestation_type"],"description":"Verify that the attestation attribute predicate.builder.id is set to one of the values in the `allowed_builder_ids` rule data, e.g. \"https://tekton.dev/chains/v2\".","title":"SLSA Builder ID is known and accepted"}},{"msg":"Pass","metadata":{"code":"slsa_build_build_service.slsa_builder_id_found","collections":["slsa3","redhat"],"depends_on":["attestation_type.known_attestation_type"],"description":"Verify that the attestation attribute predicate.builder.id is set.","title":"SLSA Builder ID found"}},{"msg":"Pass","metadata":{"code":"slsa_build_scripted_build.build_script_used","collections":["slsa3","redhat","redhat_rpms"],"depends_on":["attestation_type.known_attestation_type"],"description":"Verify that the predicate.buildConfig.tasks.steps attribute for the task responsible for building and pushing the image is not empty.","title":"Build task contains steps"}},{"msg":"Pass","metadata":{"code":"slsa_build_scripted_build.build_task_image_results_found","collections":["slsa3","redhat","redhat_rpms"],"depends_on":["attestation_type.known_attestation_type"],"description":"Confirm that a build task exists and it has the expected IMAGE_DIGEST and IMAGE_URL task results.","title":"Build task set image digest and url task results"}},{"msg":"Pass","metadata":{"code":"slsa_build_scripted_build.subject_build_task_matches","collections":["slsa3","redhat","redhat_rpms"],"depends_on":["attestation_type.known_attestation_type"],"description":"Verify the subject of the attestations matches the IMAGE_DIGEST and IMAGE_URL values from the build task.","title":"Provenance subject matches build task image result"}},{"msg":"Pass","metadata":{"code":"slsa_provenance_available.allowed_predicate_types_provided","collections":["minimal","slsa3","redhat","redhat_rpms","policy_data"],"description":"Confirm the `allowed_predicate_types` rule data was provided, since it is required by the policy rules in this package.","title":"Allowed predicate types provided"}},{"msg":"Pass","metadata":{"code":"slsa_provenance_available.attestation_predicate_type_accepted","collections":["minimal","slsa3","redhat","redhat_rpms"],"depends_on":["attestation_type.known_attestation_type"],"description":"Verify that the predicateType field of the attestation indicates the in-toto SLSA Provenance format was used to attest the PipelineRun.","title":"Expected attestation predicate type found"}},{"msg":"Pass","metadata":{"code":"slsa_source_version_controlled.materials_format_okay","collections":["minimal","slsa3","redhat","redhat_rpms"],"depends_on":["attestation_type.known_attestation_type"],"description":"Confirm at least one entry in the predicate.materials array of the attestation contains the expected attributes: uri and digest.sha1.","title":"Materials have uri and digest"}},{"msg":"Pass","metadata":{"code":"slsa_source_version_controlled.materials_include_git_sha","collections":["minimal","slsa3","redhat","redhat_rpms"],"depends_on":["attestation_type.known_attestation_type"],"description":"Ensure that each entry in the predicate.materials array with a SHA-1 digest includes a valid Git commit SHA.","title":"Materials include git commit shas"}},{"msg":"Pass","metadata":{"code":"slsa_source_version_controlled.materials_uri_is_git_repo","collections":["minimal","slsa3","redhat","redhat_rpms"],"depends_on":["attestation_type.known_attestation_type"],"description":"Ensure each entry in the predicate.materials array with a SHA-1 digest includes a valid Git URI.","title":"Material uri is a git repo"}},{"msg":"Pass","metadata":{"code":"tasks.pipeline_has_tasks","collections":["minimal","redhat","redhat_rpms","slsa3"],"depends_on":["attestation_type.known_attestation_type"],"description":"Ensure that at least one Task is present in the PipelineRun attestation.","title":"Pipeline run includes at least one task"}},{"msg":"Pass","metadata":{"code":"tasks.successful_pipeline_tasks","collections":["minimal","redhat","redhat_rpms","slsa3"],"depends_on":["tasks.pipeline_has_tasks"],"description":"Ensure that all of the Tasks in the Pipeline completed successfully. Note that skipped Tasks are not taken into account and do not influence the outcome.","title":"Successful pipeline tasks"}}],"success":true,"signatures":[{"keyid":"","sig":"MEUCID4+7wWUMzhUPigV44DAe32gn+PK1/ZMlNMeQwPGNMMPAiEAluU9PnZl0io0D4oXlNj4NPYXqNcz8QIS/xwWQojWWm4="}],"attestations":[{"type":"https://in-toto.io/Statement/v0.1","predicateType":"https://slsa.dev/provenance/v0.2","predicateBuildType":"tekton.dev/v1beta1/TaskRun","signatures":[{"keyid":"SHA256:nIGkR0pZLrDu7xx9tM9KCFWI/x/GaKFoiU0k9QykwnI","sig":"MEUCIGIoEYNgK7d1zm/wbNbYpCUU5dryGDk1bMfI6gD/Ee4HAiEAnfYoRq8R0DzVkMAO1svKoPzSd+VNKbTfkIIDEYSDChE="}]},{"type":"https://in-toto.io/Statement/v0.1","predicateType":"https://slsa.dev/provenance/v0.2","predicateBuildType":"tekton.dev/v1beta1/PipelineRun","signatures":[{"keyid":"SHA256:nIGkR0pZLrDu7xx9tM9KCFWI/x/GaKFoiU0k9QykwnI","sig":"MEQCIF8de22BlIomTCP/xzdmAzN/Djd1JAmvmR4ucCK7hOofAiAtQU53f2H6oSN7K8dyXAO8eJev5GhsXtVlvpSyd6RpJA=="}]}]}],"key":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzjiIkHyfGmwW+7xrGCx6uaaPuZgk\ncvnTVTuoBan7qB5NgnIh9hMldRDHo1XNblDaIzM54ZUSTUP6h/ewd6TcEg==\n-----END PUBLIC KEY-----\n","policy":{"name":"Tekton SLSA3 (v0.7)","description":"Includes rules for levels 1, 2 \u0026 3 of SLSA v0.1. For use with ec version v0.7","sources":[{"name":"Default","policy":["git::github.com/conforma/policy//policy/lib?ref=e209dda6ed05a2fa95e2dbb796ae82a0f9298617","git::github.com/conforma/policy//policy/release?ref=e209dda6ed05a2fa95e2dbb796ae82a0f9298617"],"config":{"exclude":["slsa_source_correlated"],"include":["@slsa3"]}}],"rekorUrl":"https://rekor-server-tssc-tas.apps.rosa.kx-4d53a051e4.hbvr.p3.openshiftapps.com","publicKey":"k8s://tssc-app-ci/cosign-pub"},"ec-version":"v0.7.160+redhat","effective-time":"2026-02-05T14:44:03.60134478Z"}