Conforma Seadog Logo Conforma Documentation
Home Blog Contribute
Documentation
User GuideCLI ReferenceTekton TasksConfigurationPolicies
  • About
      • Introduction
      • Getting started
        • Configuration
      • How-to guides
        • Using Cosign
        • Command line Conforma
        • Reproducing a Konflux Conforma report locally
        • Using custom configuration
        • Using custom data
        • Hitchhiker’s Guide to Conforma
      • Conforma & SLSA
      • Glossary
  • CLI Reference
      • Home
      • Configuration
      • Policy Input
      • Signing
      • Troubleshooting
      • Command Reference
        • ec
        • ec fetch
        • ec fetch policy
        • ec init
        • ec init policies
        • ec inspect
        • ec inspect policy
        • ec inspect policy-data
        • ec opa
        • ec opa bench
        • ec opa build
        • ec opa capabilities
        • ec opa check
        • ec opa deps
        • ec opa eval
        • ec opa exec
        • ec opa fmt
        • ec opa inspect
        • ec opa parse
        • ec opa run
        • ec opa sign
        • ec opa test
        • ec opa version
        • ec sigstore
        • ec sigstore initialize
        • ec test
        • ec track
        • ec track bundle
        • ec validate
        • ec validate image
        • ec validate input
        • ec validate policy
        • ec version
      • Tekton Tasks
        • verify-conforma-konflux-ta
        • verify-enterprise-contract
      • Rego Reference
        • ec.oci.blob
        • ec.oci.descriptor
        • ec.oci.image_files
        • ec.oci.image_index
        • ec.oci.image_manifest
        • ec.purl.is_valid
        • ec.purl.parse
        • ec.sigstore.verify_attestation
        • ec.sigstore.verify_image
  • Configuration Reference
      • About Conforma Configuration
      • Reference
  • Policies
      • About Conforma
      • Release Policy
        • Rule Collections
          • github
          • minimal
          • policy_data
          • redhat
          • redhat_rpms
          • rhtap-multi-ci
          • slsa3
        • Release Rules
          • Attestation type
            • Deprecated policy attestation format
            • Known attestation type found
            • Known attestation types provided
            • PipelineRun attestation found
          • Base image checks
            • Allowed base image registry prefixes list was provided
            • Base image comes from permitted registry
            • Base images provided
          • Buildah build task
            • ADD_CAPABILITIES parameter
            • Buildah task uses a local Dockerfile
            • PLATFORM parameter
            • PRIVILEGED_NESTED parameter
            • disallowed_platform_patterns format
          • CVE checks
            • Blocking CVE check
            • Blocking unpatched CVE check
            • CVE scan results found
            • Non-blocking CVE check
            • Non-blocking unpatched CVE check
            • Rule data provided
          • External parameters
            • Pipeline run params
            • PipelineRun params provided
            • Restrict shared volumes
          • Git branch checks
            • Only allow builds from a trusted branch
          • GitHub Certificate Checks
            • GitHub Workflow Certificate Extensions
            • GitHub Workflow Name
            • GitHub Workflow Repository
            • GitHub Workflow Repository
            • GitHub Workflow Trigger
            • Rule data provided
          • Hermetic task
            • Task called with hermetic param set
          • Labels
            • Deprecated labels
            • Disallowed inherited labels
            • Inaccessible image config
            • Inaccessible image manifest
            • Inaccessible parent image config
            • Inaccessible parent image manifest
            • Optional labels
            • Required labels
            • Rule data provided
          • OLM
            • ClusterServiceVersion semver format
            • Feature annotations have expected value
            • Images referenced by OLM bundle are from allowed registries
            • OLM bundle images are not multi-arch
            • Related images references are from allowed registries
            • Required OLM feature annotations list provided
            • Subscription annotation has expected value
            • Unable to access related images for a component
            • Unmapped images in OLM bundle
            • Unpinned images in OLM bundle
            • Unpinned images in input snapshot
            • Unpinned related images for a component
          • Pre-build-script task checks
            • Script runner image comes from allowed registry
            • Script runner image is a valid image reference
            • Script runner image is included in the sbom
            • Script runner image is listed in the task results
          • Provenance Materials
            • Git clone source matches materials provenance
            • Git clone task found
          • Quay expiration
            • Expires label
          • RHTAP Multi-CI
            • SLSA Provenance Attestation Format
            • SLSA Provenance Attestation Found
          • RPM Packages
            • Unique Version
          • RPM Pipeline
            • Task version invalid_pipeline
          • RPM Repos
            • All rpms have known repo ids
            • Known repo id list provided
          • RPM Signature
            • Allowed RPM signature key
            • Result format
            • Rule data provided
          • SBOM
            • Disallowed packages list is provided
            • Found
          • SBOM CycloneDX
            • Allowed
            • Allowed package external references
            • Allowed package sources
            • Disallowed package attributes
            • Disallowed package external references
            • Valid
          • SLSA - Build - Build Service
            • Allowed builder IDs provided
            • SLSA Builder ID found
            • SLSA Builder ID is known and accepted
          • SLSA - Build - Scripted Build
            • Build task contains steps
            • Build task set image digest and url task results
            • Image built by trusted Task
            • Provenance subject matches build task image result
          • SLSA - Provenance - Available
            • Allowed predicate types provided
            • Expected attestation predicate type found
          • SLSA - Source - Version Controlled
            • Material uri is a git repo
            • Materials have uri and digest
            • Materials include git commit shas
          • SLSA - Verification model - Source
            • Expected source code reference
            • Rule data provided
            • Source code reference provided
            • Source reference
          • SPDX SBOM
            • Allowed
            • Allowed package external references
            • Allowed package sources
            • Contains files
            • Contains packages
            • Disallowed package attributes
            • Disallowed package external references
            • Matches image
            • Valid
          • Schedule related checks
            • Date Restriction
            • Rule data provided
            • Weekday Restriction
          • Source image
            • Exists
            • Signed
          • Tasks
            • All required tasks are from trusted tasks
            • All required tasks were included in the pipeline
            • Data provided
            • Future required tasks were found
            • Pinned Task references
            • Pipeline run includes at least one task
            • Required tasks list for pipeline was provided
            • Required tasks list was provided
            • Successful pipeline tasks
            • Task version unsupported
          • Test
            • Image digest is present in IMAGES_PROCESSED result
            • No informative tests failed
            • No tests erred
            • No tests failed
            • No tests produced warnings
            • No tests were skipped
            • No unsupported test result values found
            • Rule data provided
            • Test data found in task results
            • Test data includes results key
          • Trusted Task checks
            • Data format
            • Task references are pinned
            • Task references are tagged
            • Task tracking data was provided
            • Tasks are trusted
            • Tasks using the latest versions
            • Trusted Artifact produced in pipeline
            • Trusted parameters
          • rpm-ostree Task
            • Builder image parameter
            • Rule data
      • Pipeline Policy
        • Pipeline definition Task bundle policies
          • Missing required data
          • Task bundle is not trusted
          • Task bundle is out of date
          • Task bundle reference is empty
          • Task bundle was not used or is not defined
          • Unpinned task bundle reference
        • Pipeline definition sanity checks
          • Pipeline definition has expected kind
        • Required tasks
          • Missing future required task
          • Missing required task
          • Pipeline contains tasks
          • Required task list is present in rule data
          • Required tasks found in pipeline definition
      • Build Task Policy
        • Tekton task build type label checks
          • Build task has build type label
          • Build task has label
      • Task Policy
        • Tekton Task Step image policies
          • Step images are valid
        • Tekton Task Step image registry policies
          • Permitted step image registry prefix list provided
          • Step images come from permitted registry
        • Tekton Task annotations
          • Task definition uses expires-on annotation in RFC3339 format
        • Tekton Task result
          • Required result defined
          • Rule data provided
        • Tekton task kind checks
          • Kind field is present in task definition
          • Task definition has expected kind
        • Trusted Artifacts Conventions
          • Parameter
          • Result
          • Workspace
      • StepAction Policy
        • Tekton StepAction images policies
          • Image comes from permitted registry
          • Image is accessible
          • Rule data provided
        • Tekton StepAction kind checks
          • StepAction definition has expected kind
      • Trusted Tasks and Trusted Artifacts
      • Trusting Tasks
      • Policy Bundles
      • Policy Authoring
      • Task Authoring
  • Conforma Policies
  • Pipeline Policy
  • Pipeline definition sanity checks
Edit this Page

Contents

  • Package Name
  • Rules Included
  • Pipeline definition has expected kind

Pipeline definition sanity checks Package

Contents

  • Package Name
  • Rules Included
  • Pipeline definition has expected kind

Policies to confirm the Tekton Pipeline definition has the expected kind.

Package Name

  • basic

Rules Included

Pipeline definition has expected kind

Confirm that the pipeline definition has the kind "Pipeline".

  • Rule type: FAILURE

  • FAILURE message: Unexpected kind '%s' for pipeline definition

  • Code: basic.expected_kind

  • Source

This page was built using the Antora default UI.

The source code for this UI is licensed under the terms of the MPL-2.0 license.