{"success":true,"components":[{"name":"","containerImage":"quay.io/rhtap_qe/backend-tests-go-tvlfzjsw@sha256:38d82b9b6afac92573503a522d514822fd6ab71f73f63ee5e91ad31a61ff151f","source":{},"successes":[{"msg":"Pass","metadata":{"code":"builtin.attestation.signature_check","description":"The attestation signature matches available signing materials.","title":"Attestation signature check passed"}},{"msg":"Pass","metadata":{"code":"builtin.attestation.syntax_check","description":"The attestation has correct syntax.","title":"Attestation syntax check passed"}},{"msg":"Pass","metadata":{"code":"builtin.image.signature_check","description":"The image signature matches available signing materials.","title":"Image signature check passed"}},{"msg":"Pass","metadata":{"code":"slsa_build_build_service.allowed_builder_ids_provided","collections":["slsa3","redhat","redhat_rpms","policy_data"],"description":"Confirm the `allowed_builder_ids` rule data was provided, since it is required by the policy rules in this package.","title":"Allowed builder IDs provided"}},{"msg":"Pass","metadata":{"code":"slsa_build_build_service.slsa_builder_id_accepted","collections":["slsa3","redhat","redhat_rpms"],"depends_on":["attestation_type.known_attestation_type"],"description":"Verify that the attestation attribute predicate.builder.id is set to one of the values in the `allowed_builder_ids` rule data, e.g. \"https://tekton.dev/chains/v2\".","title":"SLSA Builder ID is known and accepted"}},{"msg":"Pass","metadata":{"code":"slsa_build_build_service.slsa_builder_id_found","collections":["slsa3","redhat"],"depends_on":["attestation_type.known_attestation_type"],"description":"Verify that the attestation attribute predicate.builder.id is set.","title":"SLSA Builder ID found"}},{"msg":"Pass","metadata":{"code":"slsa_build_scripted_build.build_script_used","collections":["slsa3","redhat","redhat_rpms"],"depends_on":["attestation_type.known_attestation_type"],"description":"Verify that the predicate.buildConfig.tasks.steps attribute for the task responsible for building and pushing the image is not empty.","title":"Build task contains steps"}},{"msg":"Pass","metadata":{"code":"slsa_build_scripted_build.build_task_image_results_found","collections":["slsa3","redhat","redhat_rpms"],"depends_on":["attestation_type.known_attestation_type"],"description":"Confirm that a build task exists and it has the expected IMAGE_DIGEST and IMAGE_URL task results.","title":"Build task set image digest and url task results"}},{"msg":"Pass","metadata":{"code":"slsa_build_scripted_build.subject_build_task_matches","collections":["slsa3","redhat","redhat_rpms"],"depends_on":["attestation_type.known_attestation_type"],"description":"Verify the subject of the attestations matches the IMAGE_DIGEST and IMAGE_URL values from the build task.","title":"Provenance subject matches build task image result"}},{"msg":"Pass","metadata":{"code":"slsa_provenance_available.allowed_predicate_types_provided","collections":["minimal","slsa3","redhat","redhat_rpms","policy_data"],"description":"Confirm the `allowed_predicate_types` rule data was provided, since it is required by the policy rules in this package.","title":"Allowed predicate types provided"}},{"msg":"Pass","metadata":{"code":"slsa_provenance_available.attestation_predicate_type_accepted","collections":["minimal","slsa3","redhat","redhat_rpms"],"depends_on":["attestation_type.known_attestation_type"],"description":"Verify that the predicateType field of the attestation indicates the in-toto SLSA Provenance format was used to attest the PipelineRun.","title":"Expected attestation predicate type found"}},{"msg":"Pass","metadata":{"code":"slsa_source_version_controlled.materials_format_okay","collections":["minimal","slsa3","redhat","redhat_rpms"],"depends_on":["attestation_type.known_attestation_type"],"description":"Confirm at least one entry in the predicate.materials array of the attestation contains the expected attributes: uri and digest.sha1.","title":"Materials have uri and digest"}},{"msg":"Pass","metadata":{"code":"slsa_source_version_controlled.materials_include_git_sha","collections":["minimal","slsa3","redhat","redhat_rpms"],"depends_on":["attestation_type.known_attestation_type"],"description":"Ensure that each entry in the predicate.materials array with a SHA-1 digest includes a valid Git commit SHA.","title":"Materials include git commit shas"}},{"msg":"Pass","metadata":{"code":"slsa_source_version_controlled.materials_uri_is_git_repo","collections":["minimal","slsa3","redhat","redhat_rpms"],"depends_on":["attestation_type.known_attestation_type"],"description":"Ensure each entry in the predicate.materials array with a SHA-1 digest includes a valid Git URI.","title":"Material uri is a git repo"}},{"msg":"Pass","metadata":{"code":"tasks.pipeline_has_tasks","collections":["minimal","redhat","redhat_rpms","slsa3"],"depends_on":["attestation_type.known_attestation_type"],"description":"Ensure that at least one Task is present in the PipelineRun attestation.","title":"Pipeline run includes at least one task"}},{"msg":"Pass","metadata":{"code":"tasks.successful_pipeline_tasks","collections":["minimal","redhat","redhat_rpms","slsa3"],"depends_on":["tasks.pipeline_has_tasks"],"description":"Ensure that all of the Tasks in the Pipeline completed successfully. Note that skipped Tasks are not taken into account and do not influence the outcome.","title":"Successful pipeline tasks"}}],"success":true,"signatures":[{"keyid":"","sig":"MEYCIQCIA3xxb6BaoUfH7xfZLkPXO0wM/5QyMA0RlRp8qDxUEwIhALnXAe9LsjX3gkPjkX24J6Vtkh5KRUHMNqNQCWX4Ubuv"}],"attestations":[{"type":"https://in-toto.io/Statement/v0.1","predicateType":"https://slsa.dev/provenance/v0.2","predicateBuildType":"tekton.dev/v1beta1/TaskRun","signatures":[{"keyid":"SHA256:waJofP34Ufcz2gCUnQjdACvEOAuSefloJWD2S3GPS7o","sig":"MEQCIBemUA2BB2JKn0Tt9DJ8Y3lr/dUcC8/8dhL9ZUm2cWbFAiAG5LKOWuGUqA38sWG/j1RTxM2Ff0eSx428AuKB1S+sJA=="}]},{"type":"https://in-toto.io/Statement/v0.1","predicateType":"https://slsa.dev/provenance/v0.2","predicateBuildType":"tekton.dev/v1beta1/PipelineRun","signatures":[{"keyid":"SHA256:waJofP34Ufcz2gCUnQjdACvEOAuSefloJWD2S3GPS7o","sig":"MEQCIFpVcSOjKPbzeT85tXwBjfGvLuT/VrDwrJGk2pCAGpVnAiBf6zxEfXRkghfNwv5gyPPydlsw/P/hWnuFl9tqpI90ug=="}]}]}],"key":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECKQRfZW3zudhbdcD9VpI7PumaTbb\nuuN0T8+LHb/ivhDI5tZnl+GMs6LkA/sE8jisyasXOV/H2n9STjAhbCCpYw==\n-----END PUBLIC KEY-----\n","policy":{"name":"Tekton SLSA3 (v0.7)","description":"Includes rules for levels 1, 2 \u0026 3 of SLSA v0.1. For use with ec version v0.7","sources":[{"name":"Default","policy":["git::github.com/conforma/policy//policy/lib?ref=968421349f35331f74e00fad95381cd103d1a0e3","git::github.com/conforma/policy//policy/release?ref=968421349f35331f74e00fad95381cd103d1a0e3"],"config":{"exclude":["slsa_source_correlated"],"include":["@slsa3"]}}],"rekorUrl":"https://rekor-server-tssc-tas.apps.rosa.kx-c9b089e990.jsgh.p3.openshiftapps.com","publicKey":"k8s://tssc-app-ci/cosign-pub"},"ec-version":"v0.7.160+redhat","effective-time":"2026-01-26T10:24:28.887968759Z"}