verify-enterprise-contract

Version: 0.1

Synopsis

Verify the enterprise contract is met

Params

IMAGES (string)

Spec section of an ApplicationSnapshot resource. Not all fields of the resource are required. A minimal example:

  {
    "components": [
      {
        "containerImage": "quay.io/example/repo:latest"
      }
    ]
  }

Each containerImage in the components array is validated.

POLICY_CONFIGURATION (string)

Name of the policy configuration (EnterpriseContractPolicy resource) to use. namespace/name or name syntax supported. If namespace is omitted the namespace where the task runs is used. You can also specify a policy configuration using a git url, e.g. github.com/enterprise-contract/config//slsa3.

Default: enterprise-contract-service/default

PUBLIC_KEY (string)

Public key used to verify signatures. Must be a valid k8s cosign reference, e.g. k8s://my-space/my-secret where my-secret contains the expected cosign.pub attribute.

REKOR_HOST (string)

Rekor host for transparency log lookups

IGNORE_REKOR (string)

Skip Rekor transparency log checks during validation.

Default: false

TUF_MIRROR (string)

TUF mirror URL. Provide a value when NOT using public sigstore deployment.

SSL_CERT_DIR (string)

Path to a directory containing SSL certs to be used when communicating with external services. This is useful when using the integrated registry and a local instance of Rekor on a development cluster which may use certificates issued by a not-commonly trusted root CA. In such cases, /var/run/secrets/kubernetes.io/serviceaccount is a good value. Multiple paths can be provided by using the : separator.

INFO (string)

Include rule titles and descriptions in the output. Set to "false" to disable it.

Default: true

STRICT (string)

Fail the task if policy fails. Set to "false" to disable it.

Default: true

HOMEDIR (string)

Value for the HOME environment variable.

Default: /tekton/home

EFFECTIVE_TIME (string)

Run policy checks with the provided time.

Default: now

Results

TEST_OUTPUT

Short summary of the policy evaluation for each image