Success: false
Result: FAILURE
Violations: 4, Warnings: 10, Successes: 124
Component: tsf-comp-htyz
ImageRef: quay.io/rhtap_qe/default-tenant/tsf-comp-htyz@sha256:5fe8cdbf42dd8b527622c970fa77531054eb74ea63928785fca3312cdb461cff

Results:
✕ [Violation] tasks.required_tasks_found
  ImageRef: quay.io/rhtap_qe/default-tenant/tsf-comp-htyz@sha256:5fe8cdbf42dd8b527622c970fa77531054eb74ea63928785fca3312cdb461cff
  Reason: Required task "tpa-scan" is missing
  Term: tpa-scan
  Title: All required tasks were included in the pipeline
  Description: Ensure that the set of required tasks are included in the PipelineRun attestation. To exclude this rule add
  "tasks.required_tasks_found:tpa-scan" to the `exclude` section of the policy configuration.
  Solution: Make sure all required tasks are in the build pipeline. The required task list is contained as
  https://conforma.dev/docs/cli/configuration.html#_data_sources under the key 'required-tasks'.

✕ [Violation] test.no_failed_tests
  ImageRef: quay.io/rhtap_qe/default-tenant/tsf-comp-htyz@sha256:5fe8cdbf42dd8b527622c970fa77531054eb74ea63928785fca3312cdb461cff
  Reason: The Task "coverity-availability-check" from the build Pipeline reports a failed test
  Term: coverity-availability-check
  Title: No tests failed
  Description: Produce a violation if any non-informative tests have their result set to "FAILED". The result type is configurable
  by the "failed_tests_results" key, and the list of informative tests is configurable by the "informative_tests" key in the rule
  data. To exclude this rule add "test.no_failed_tests:coverity-availability-check" to the `exclude` section of the policy
  configuration.
  Solution: There is a test that failed. Make sure that any task in the build pipeline with a result named 'TEST_OUTPUT' does not
  fail. More information about the test should be available in the logs for the build Pipeline.

✕ [Violation] test.no_failed_tests
  ImageRef: quay.io/rhtap_qe/default-tenant/tsf-comp-htyz@sha256:5fe8cdbf42dd8b527622c970fa77531054eb74ea63928785fca3312cdb461cff
  Reason: The Task "ecosystem-cert-preflight-checks" from the build Pipeline reports a failed test
  Term: ecosystem-cert-preflight-checks
  Title: No tests failed
  Description: Produce a violation if any non-informative tests have their result set to "FAILED". The result type is configurable
  by the "failed_tests_results" key, and the list of informative tests is configurable by the "informative_tests" key in the rule
  data. To exclude this rule add "test.no_failed_tests:ecosystem-cert-preflight-checks" to the `exclude` section of the policy
  configuration.
  Solution: There is a test that failed. Make sure that any task in the build pipeline with a result named 'TEST_OUTPUT' does not
  fail. More information about the test should be available in the logs for the build Pipeline.

✕ [Violation] test.no_skipped_tests
  ImageRef: quay.io/rhtap_qe/default-tenant/tsf-comp-htyz@sha256:5fe8cdbf42dd8b527622c970fa77531054eb74ea63928785fca3312cdb461cff
  Reason: The Task "sast-snyk-check-oci-ta" from the build Pipeline reports a test was skipped
  Term: sast-snyk-check-oci-ta
  Title: No tests were skipped
  Description: Produce a violation if any tests have their result set to "SKIPPED". A skipped result means a pre-requirement for
  executing the test was not met, e.g. a license key for executing a scanner was not provided. The result type is configurable by
  the "skipped_tests_results" key in the rule data. To exclude this rule add "test.no_skipped_tests:sast-snyk-check-oci-ta" to the
  `exclude` section of the policy configuration.
  Solution: There is a test that was skipped. Make sure that each task with a result named 'TEST_OUTPUT' was not skipped. You can
  find which test was skipped by examining the 'result' key in the 'TEST_OUTPUT'. More information about the test should be
  available in the logs for the build Pipeline.

› [Warning] cve.unpatched_cve_warnings
  ImageRef: quay.io/rhtap_qe/default-tenant/tsf-comp-htyz@sha256:5fe8cdbf42dd8b527622c970fa77531054eb74ea63928785fca3312cdb461cff
  Reason: Found "CVE-2026-27135" non-blocking unpatched vulnerability of high security level
  Term: CVE-2026-27135
  Title: Non-blocking unpatched CVE check
  Description: The SLSA Provenance attestation for the image is inspected to ensure CVEs that do NOT have a known fix and meet a
  certain security level have not been detected. If detected, this policy rule will raise a warning. By default, only CVEs of
  critical and high security level cause a warning. This is configurable by the rule data key
  `warn_unpatched_cve_security_levels`. The available levels are critical, high, medium, low, and unknown.
  Solution: CVEs without a known fix can only be remediated by either removing the impacted dependency, or by waiting for a fix to
  be available.

› [Warning] cve.unpatched_cve_warnings
  ImageRef: quay.io/rhtap_qe/default-tenant/tsf-comp-htyz@sha256:5fe8cdbf42dd8b527622c970fa77531054eb74ea63928785fca3312cdb461cff
  Reason: Found "CVE-2026-33412" non-blocking unpatched vulnerability of high security level
  Term: CVE-2026-33412
  Title: Non-blocking unpatched CVE check
  Description: The SLSA Provenance attestation for the image is inspected to ensure CVEs that do NOT have a known fix and meet a
  certain security level have not been detected. If detected, this policy rule will raise a warning. By default, only CVEs of
  critical and high security level cause a warning. This is configurable by the rule data key
  `warn_unpatched_cve_security_levels`. The available levels are critical, high, medium, low, and unknown.
  Solution: CVEs without a known fix can only be remediated by either removing the impacted dependency, or by waiting for a fix to
  be available.

› [Warning] cve.unpatched_cve_warnings
  ImageRef: quay.io/rhtap_qe/default-tenant/tsf-comp-htyz@sha256:5fe8cdbf42dd8b527622c970fa77531054eb74ea63928785fca3312cdb461cff
  Reason: Found "CVE-2026-4111" non-blocking unpatched vulnerability of high security level
  Term: CVE-2026-4111
  Title: Non-blocking unpatched CVE check
  Description: The SLSA Provenance attestation for the image is inspected to ensure CVEs that do NOT have a known fix and meet a
  certain security level have not been detected. If detected, this policy rule will raise a warning. By default, only CVEs of
  critical and high security level cause a warning. This is configurable by the rule data key
  `warn_unpatched_cve_security_levels`. The available levels are critical, high, medium, low, and unknown.
  Solution: CVEs without a known fix can only be remediated by either removing the impacted dependency, or by waiting for a fix to
  be available.

› [Warning] cve.unpatched_cve_warnings
  ImageRef: quay.io/rhtap_qe/default-tenant/tsf-comp-htyz@sha256:5fe8cdbf42dd8b527622c970fa77531054eb74ea63928785fca3312cdb461cff
  Reason: Found "CVE-2026-4424" non-blocking unpatched vulnerability of high security level
  Term: CVE-2026-4424
  Title: Non-blocking unpatched CVE check
  Description: The SLSA Provenance attestation for the image is inspected to ensure CVEs that do NOT have a known fix and meet a
  certain security level have not been detected. If detected, this policy rule will raise a warning. By default, only CVEs of
  critical and high security level cause a warning. This is configurable by the rule data key
  `warn_unpatched_cve_security_levels`. The available levels are critical, high, medium, low, and unknown.
  Solution: CVEs without a known fix can only be remediated by either removing the impacted dependency, or by waiting for a fix to
  be available.

› [Warning] cve.unpatched_cve_warnings
  ImageRef: quay.io/rhtap_qe/default-tenant/tsf-comp-htyz@sha256:5fe8cdbf42dd8b527622c970fa77531054eb74ea63928785fca3312cdb461cff
  Reason: Found "CVE-2026-4519" non-blocking unpatched vulnerability of high security level
  Term: CVE-2026-4519
  Title: Non-blocking unpatched CVE check
  Description: The SLSA Provenance attestation for the image is inspected to ensure CVEs that do NOT have a known fix and meet a
  certain security level have not been detected. If detected, this policy rule will raise a warning. By default, only CVEs of
  critical and high security level cause a warning. This is configurable by the rule data key
  `warn_unpatched_cve_security_levels`. The available levels are critical, high, medium, low, and unknown.
  Solution: CVEs without a known fix can only be remediated by either removing the impacted dependency, or by waiting for a fix to
  be available.

› [Warning] trusted_task.current
  ImageRef: quay.io/rhtap_qe/default-tenant/tsf-comp-htyz@sha256:5fe8cdbf42dd8b527622c970fa77531054eb74ea63928785fca3312cdb461cff
  Reason: A newer version of task "clair-scan" exists. Please update before 2026-05-15T00:00:00Z. The current bundle is
  "oci://quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:9397d3eb9f1cbebaa15e93256e0ca9eaca148baa674be72f07f4a00df63c4609"
  and the latest bundle ref is "sha256:3fa03be0280f33d7070ea53f26d53e727199737a7a2b9a59a95071ae40a999ac"
  Term: clair-scan
  Title: Tasks using the latest versions
  Description: Check if all Tekton Tasks use the latest known Task reference. When warnings will be reported can be configured
  using the `task_expiry_warning_days` rule data setting. It holds the number of days before the task is to expire within which
  the warnings will be reported.
  Solution: Update the Task reference to a newer version.

› [Warning] trusted_task.current
  ImageRef: quay.io/rhtap_qe/default-tenant/tsf-comp-htyz@sha256:5fe8cdbf42dd8b527622c970fa77531054eb74ea63928785fca3312cdb461cff
  Reason: A newer version of task "deprecated-base-image-check" exists. Please update before 2026-05-17T00:00:00Z. The current
  bundle is
  "oci://quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:3457a4ca93f8d55f14ebd407532b1223c689eacc34f0abb3003db4111667bdae"
  and the latest bundle ref is "sha256:5ff16b7e6b4a8aa1adb352e74b9f831f77ff97bafd1b89ddb0038d63335f1a67"
  Term: deprecated-image-check
  Title: Tasks using the latest versions
  Description: Check if all Tekton Tasks use the latest known Task reference. When warnings will be reported can be configured
  using the `task_expiry_warning_days` rule data setting. It holds the number of days before the task is to expire within which
  the warnings will be reported.
  Solution: Update the Task reference to a newer version.

› [Warning] trusted_task.current
  ImageRef: quay.io/rhtap_qe/default-tenant/tsf-comp-htyz@sha256:5fe8cdbf42dd8b527622c970fa77531054eb74ea63928785fca3312cdb461cff
  Reason: A newer version of task "sast-shell-check" exists. Please update before 2026-05-15T00:00:00Z. The current bundle is
  "oci://quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:c314b4d5369d7961af51c865be28cd792d5f233aef94ecf035b3f84acde398bf"
  and the latest bundle ref is "sha256:c89a2bcf408ede50b161005859c76868f8007bb2a5daa06c1effe979b02145d7"
  Term: sast-shell-check-oci-ta
  Title: Tasks using the latest versions
  Description: Check if all Tekton Tasks use the latest known Task reference. When warnings will be reported can be configured
  using the `task_expiry_warning_days` rule data setting. It holds the number of days before the task is to expire within which
  the warnings will be reported.
  Solution: Update the Task reference to a newer version.

› [Warning] trusted_task.current
  ImageRef: quay.io/rhtap_qe/default-tenant/tsf-comp-htyz@sha256:5fe8cdbf42dd8b527622c970fa77531054eb74ea63928785fca3312cdb461cff
  Reason: A newer version of task "sast-snyk-check" exists. Please update before 2026-05-15T00:00:00Z. The current bundle is
  "oci://quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:6045ed6f2d37cfdf75cb3f2bf88706839c276a59f892ae027a315456c2914cf3"
  and the latest bundle ref is "sha256:ba3eff8f97a7cfc5341f3138c8a13e532238298d9a0fb94401c0971d30eb115a"
  Term: sast-snyk-check-oci-ta
  Title: Tasks using the latest versions
  Description: Check if all Tekton Tasks use the latest known Task reference. When warnings will be reported can be configured
  using the `task_expiry_warning_days` rule data setting. It holds the number of days before the task is to expire within which
  the warnings will be reported.
  Solution: Update the Task reference to a newer version.

› [Warning] trusted_task.current
  ImageRef: quay.io/rhtap_qe/default-tenant/tsf-comp-htyz@sha256:5fe8cdbf42dd8b527622c970fa77531054eb74ea63928785fca3312cdb461cff
  Reason: A newer version of task "sast-unicode-check" exists. Please update before 2026-05-15T00:00:00Z. The current bundle is
  "oci://quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.4@sha256:3d8a6902ab7c5c2125be07263f395426342c5032b3abfd0140162ad838437bab"
  and the latest bundle ref is "sha256:92552dddd259cd4cc2ac9a19a02e6649cadfdbb8cd66b61b8c9748d94f2166a5"
  Term: sast-unicode-check-oci-ta
  Title: Tasks using the latest versions
  Description: Check if all Tekton Tasks use the latest known Task reference. When warnings will be reported can be configured
  using the `task_expiry_warning_days` rule data setting. It holds the number of days before the task is to expire within which
  the warnings will be reported.
  Solution: Update the Task reference to a newer version.

For more information about policy issues, see the policy documentation: https://conforma.dev/docs/policy/