Success: true Result: WARNING Violations: 0, Warnings: 4, Successes: 128 Component: tsf-demo-comp ImageRef: quay.io/rhtap_qe/default-tenant/tsf-demo-comp@sha256:2f2e3a334913c53558dcb800d0ae0f1e3fff3098e57ec3c72baf4d8271d0ba33 Results: › [Warning] cve.unpatched_cve_warnings ImageRef: quay.io/rhtap_qe/default-tenant/tsf-demo-comp@sha256:2f2e3a334913c53558dcb800d0ae0f1e3fff3098e57ec3c72baf4d8271d0ba33 Reason: Found "CVE-2026-34982" non-blocking unpatched vulnerability of high security level Term: CVE-2026-34982 Title: Non-blocking unpatched CVE check Description: The SLSA Provenance attestation for the image is inspected to ensure CVEs that do NOT have a known fix and meet a certain security level have not been detected. If detected, this policy rule will raise a warning. By default, only CVEs of critical and high security level cause a warning. This is configurable by the rule data key `warn_unpatched_cve_security_levels`. The available levels are critical, high, medium, low, and unknown. Solution: CVEs without a known fix can only be remediated by either removing the impacted dependency, or by waiting for a fix to be available. › [Warning] cve.unpatched_cve_warnings ImageRef: quay.io/rhtap_qe/default-tenant/tsf-demo-comp@sha256:2f2e3a334913c53558dcb800d0ae0f1e3fff3098e57ec3c72baf4d8271d0ba33 Reason: Found "CVE-2026-4786" non-blocking unpatched vulnerability of high security level Term: CVE-2026-4786 Title: Non-blocking unpatched CVE check Description: The SLSA Provenance attestation for the image is inspected to ensure CVEs that do NOT have a known fix and meet a certain security level have not been detected. If detected, this policy rule will raise a warning. By default, only CVEs of critical and high security level cause a warning. This is configurable by the rule data key `warn_unpatched_cve_security_levels`. The available levels are critical, high, medium, low, and unknown. Solution: CVEs without a known fix can only be remediated by either removing the impacted dependency, or by waiting for a fix to be available. › [Warning] cve.unpatched_cve_warnings ImageRef: quay.io/rhtap_qe/default-tenant/tsf-demo-comp@sha256:2f2e3a334913c53558dcb800d0ae0f1e3fff3098e57ec3c72baf4d8271d0ba33 Reason: Found "CVE-2026-4878" non-blocking unpatched vulnerability of high security level Term: CVE-2026-4878 Title: Non-blocking unpatched CVE check Description: The SLSA Provenance attestation for the image is inspected to ensure CVEs that do NOT have a known fix and meet a certain security level have not been detected. If detected, this policy rule will raise a warning. By default, only CVEs of critical and high security level cause a warning. This is configurable by the rule data key `warn_unpatched_cve_security_levels`. The available levels are critical, high, medium, low, and unknown. Solution: CVEs without a known fix can only be remediated by either removing the impacted dependency, or by waiting for a fix to be available. › [Warning] cve.unpatched_cve_warnings ImageRef: quay.io/rhtap_qe/default-tenant/tsf-demo-comp@sha256:2f2e3a334913c53558dcb800d0ae0f1e3fff3098e57ec3c72baf4d8271d0ba33 Reason: Found "CVE-2026-6100" non-blocking unpatched vulnerability of high security level Term: CVE-2026-6100 Title: Non-blocking unpatched CVE check Description: The SLSA Provenance attestation for the image is inspected to ensure CVEs that do NOT have a known fix and meet a certain security level have not been detected. If detected, this policy rule will raise a warning. By default, only CVEs of critical and high security level cause a warning. This is configurable by the rule data key `warn_unpatched_cve_security_levels`. The available levels are critical, high, medium, low, and unknown. Solution: CVEs without a known fix can only be remediated by either removing the impacted dependency, or by waiting for a fix to be available. For more information about policy issues, see the policy documentation: https://conforma.dev/docs/policy/