Getting started with Enterprise Contract & Red Hat Trusted Application Pipeline
If you don’t already have an application defined in RHTAP, follow the getting started guide here. Once that’s done you should have an application with at least one component.
To get the most out of Enterprise Contract it’s recommended that you also upgrade to a custom build pipeline as described here.
To run the Enterprise Contract pipeline automatically after each build, an integration test is used. One should be automatically created when a new application is created. The process of recreating it manually is described here.
If you prefer to pin the pipeline bundle to a particular version, instead of using the
|In the future it will be possible to use a git resolver to specify the pipeline definition in its git repo instead of as a Tekton bundle image reference. It’s expected this will become the preferred way to specify the integration test pipeline.|
With the Enterprise Contract integration test created, each successful build pipeline run will trigger an integration test pipeline run. You can find the integration test pipeline runs by clicking the integration test under the "Integration Tests" tab.
The Enterprise Contract results can be seen under the "Security" tab, for example this shows a passing Enterprise Contract test:
The raw output from the Enterprise Contract task is YAML formatted and can be seen in the pipeline run logs, particularly under the "STEP-REPORT" heading: