verify-enterprise-contract

Spec section of an ApplicationSnapshot resource. Not all fields of the resource are required. A minimal example:

  {
    "components": [
      {
        "containerImage": "quay.io/example/repo:latest"
      }
    ]
  }

Name of the policy configuration (EnterpriseContractPolicy resource) to use. namespace/name or name syntax supported. If namespace is omitted the namespace where the task runs is used. You can also specify a policy configuration using a git url, e.g. github.com/enterprise-contract/config//slsa3.

Public key used to verify signatures. Must be a valid k8s cosign reference, e.g. k8s://my-space/my-secret where my-secret contains the expected cosign.pub attribute.

Rekor host for transparency log lookups

Skip Rekor transparency log checks during validation.

TUF mirror URL. Provide a value when NOT using public sigstore deployment.

Path to a directory containing SSL certs to be used when communicating with external services. This is useful when using the integrated registry and a local instance of Rekor on a development cluster which may use certificates issued by a not-commonly trusted root CA. In such cases, /var/run/secrets/kubernetes.io/serviceaccount is a good value. Multiple paths can be provided by using the : separator.

Include rule titles and descriptions in the output. Set to "false" to disable it.

Fail the task if policy fails. Set to "false" to disable it.

Value for the HOME environment variable.

Run policy checks with the provided time.

Merge additional Rego variables into the policy data. Use syntax "key=value,key2=value2…​"

Short summary of the policy evaluation for each image