Success: true Result: WARNING Violations: 0, Warnings: 6, Successes: 127 Component: tsf-demo-comp ImageRef: quay.io/rhtap_qe/default-tenant/tsf-demo-comp@sha256:913010d8b5ce8f6e482e6a3a6d5e70eb7f2115890c668381e21fa01776e573c6 Results: › [Warning] cve.unpatched_cve_warnings ImageRef: quay.io/rhtap_qe/default-tenant/tsf-demo-comp@sha256:913010d8b5ce8f6e482e6a3a6d5e70eb7f2115890c668381e21fa01776e573c6 Reason: Found "CVE-2026-34982" non-blocking unpatched vulnerability of high security level Term: CVE-2026-34982 Title: Non-blocking unpatched CVE check Description: The SLSA Provenance attestation for the image is inspected to ensure CVEs that do NOT have a known fix and meet a certain security level have not been detected. If detected, this policy rule will raise a warning. By default, only CVEs of critical and high security level cause a warning. This is configurable by the rule data key `warn_unpatched_cve_security_levels`. The available levels are critical, high, medium, low, and unknown. Solution: CVEs without a known fix can only be remediated by either removing the impacted dependency, or by waiting for a fix to be available. › [Warning] cve.unpatched_cve_warnings ImageRef: quay.io/rhtap_qe/default-tenant/tsf-demo-comp@sha256:913010d8b5ce8f6e482e6a3a6d5e70eb7f2115890c668381e21fa01776e573c6 Reason: Found "CVE-2026-4424" non-blocking unpatched vulnerability of high security level Term: CVE-2026-4424 Title: Non-blocking unpatched CVE check Description: The SLSA Provenance attestation for the image is inspected to ensure CVEs that do NOT have a known fix and meet a certain security level have not been detected. If detected, this policy rule will raise a warning. By default, only CVEs of critical and high security level cause a warning. This is configurable by the rule data key `warn_unpatched_cve_security_levels`. The available levels are critical, high, medium, low, and unknown. Solution: CVEs without a known fix can only be remediated by either removing the impacted dependency, or by waiting for a fix to be available. › [Warning] cve.unpatched_cve_warnings ImageRef: quay.io/rhtap_qe/default-tenant/tsf-demo-comp@sha256:913010d8b5ce8f6e482e6a3a6d5e70eb7f2115890c668381e21fa01776e573c6 Reason: Found "CVE-2026-4878" non-blocking unpatched vulnerability of high security level Term: CVE-2026-4878 Title: Non-blocking unpatched CVE check Description: The SLSA Provenance attestation for the image is inspected to ensure CVEs that do NOT have a known fix and meet a certain security level have not been detected. If detected, this policy rule will raise a warning. By default, only CVEs of critical and high security level cause a warning. This is configurable by the rule data key `warn_unpatched_cve_security_levels`. The available levels are critical, high, medium, low, and unknown. Solution: CVEs without a known fix can only be remediated by either removing the impacted dependency, or by waiting for a fix to be available. › [Warning] cve.unpatched_cve_warnings ImageRef: quay.io/rhtap_qe/default-tenant/tsf-demo-comp@sha256:913010d8b5ce8f6e482e6a3a6d5e70eb7f2115890c668381e21fa01776e573c6 Reason: Found "CVE-2026-6100" non-blocking unpatched vulnerability of high security level Term: CVE-2026-6100 Title: Non-blocking unpatched CVE check Description: The SLSA Provenance attestation for the image is inspected to ensure CVEs that do NOT have a known fix and meet a certain security level have not been detected. If detected, this policy rule will raise a warning. By default, only CVEs of critical and high security level cause a warning. This is configurable by the rule data key `warn_unpatched_cve_security_levels`. The available levels are critical, high, medium, low, and unknown. Solution: CVEs without a known fix can only be remediated by either removing the impacted dependency, or by waiting for a fix to be available. › [Warning] trusted_task.current ImageRef: quay.io/rhtap_qe/default-tenant/tsf-demo-comp@sha256:913010d8b5ce8f6e482e6a3a6d5e70eb7f2115890c668381e21fa01776e573c6 Reason: A newer version of task "deprecated-base-image-check" exists. Please update before 2026-05-17T00:00:00Z. The current bundle is "oci://quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:3457a4ca93f8d55f14ebd407532b1223c689eacc34f0abb3003db4111667bdae" and the latest bundle ref is "sha256:5ff16b7e6b4a8aa1adb352e74b9f831f77ff97bafd1b89ddb0038d63335f1a67" Term: deprecated-image-check Title: Tasks using the latest versions Description: Check if all Tekton Tasks use the latest known Task reference. When warnings will be reported can be configured using the `task_expiry_warning_days` rule data setting. It holds the number of days before the task is to expire within which the warnings will be reported. Solution: Update the Task reference to a newer version. › [Warning] trusted_task.current ImageRef: quay.io/rhtap_qe/default-tenant/tsf-demo-comp@sha256:913010d8b5ce8f6e482e6a3a6d5e70eb7f2115890c668381e21fa01776e573c6 Reason: A newer version of task "sast-shell-check" exists. Please update before 2026-05-30T00:00:00Z. The current bundle is "oci://quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta-min:0.1@sha256:fa19753f59288a397aab2ddb9459f35f0ec1b89f43c36e944a3958db72becb5a" and the latest bundle ref is "sha256:ab677246d5726fe774ac29cb8c07fd87852cdf91c396d62869dd785017c9fe07" Term: sast-shell-check-oci-ta-min Title: Tasks using the latest versions Description: Check if all Tekton Tasks use the latest known Task reference. When warnings will be reported can be configured using the `task_expiry_warning_days` rule data setting. It holds the number of days before the task is to expire within which the warnings will be reported. Solution: Update the Task reference to a newer version. For more information about policy issues, see the policy documentation: https://conforma.dev/docs/policy/