About Enterprise Contract
The Enterprise Contract is a set of tools for maintaining software supply chain security, and for the definition and enforcement of policies related to how container images are built and tested.
The Konflux build process uses Tekton Chains to produce a signed in-toto attestation of the build pipeline. Enterprise Contract then uses that signed attestation to cryptographically verify that the build was not tampered with, and to check the build against a set of policies. The policies attest that the build process followed a prescribed set of best practices, plus organization specific policies as required.
While Enterprise Contract was originally created to work with Tekton and Tekton Chains' attestations, it is flexible enough to be used with other CI/CD systems, for example GitHub Actions.
EC CLI - Command line utility
EC Task Definition - A Tekton Task wrapper for the EC CLI
EC Policy CRD - Defines a Kubernetes CR for EC configuration
EC Policies - A set of policies defined in OPA/Rego
There’s an additional overview of Enterprise Contract and its components in the Book of AppStudio.