Acceptable Bundles
1. Task Bundles
The Enterprise Contract requires that all Red Hat Trusted Application Pipeline pipelines use only tasks defined in these specific task bundles. See also the "Task bundle is not acceptable" release and policy rules where this list is used.
The list of acceptable bundles is time based. A bundle that is acceptable today is not necessarily acceptable tomorrow. The list below may contain bundles that are "too old" and no longer acceptable. The reason for this behavior is to allow users a certain period of time to upgrade to a newer bundle.
Any bundle with an effective date in the future, and the bundle with the most recent effective date not in the future are acceptable. For example, consider a list that includes the following acceptable bundles:
-
a, effective on 2022-10-23
-
b, effective on 2022-10-22
-
c, effective on 2022-10-20
-
d, effective on 2022-10-19
If today is 2022-10-21, then the bundles a, b, and c are acceptable, while d is not.
Even when using an acceptable bundle, some policy rules may emit a warning if the bundle is not the latest one on the list. This is an attempt to notify users that although there are no violations today, an update is required for continued compliance. In the example above, using b or c would result in such a warning.
The process of adding bundles to the list of acceptable bundles is described here.
1.1. quay.io/redhat-appstudio-tekton-catalog/task-buildah
Digest |
Tag |
Effective |
2023-11-06T00:00:00Z |
||
2023-10-25T00:00:00Z |
||
2023-10-21T00:00:00Z |
1.2. quay.io/redhat-appstudio-tekton-catalog/task-clair-scan
Digest |
Tag |
Effective |
2023-11-01T00:00:00Z |
||
2023-10-29T00:00:00Z |
||
2023-10-28T00:00:00Z |