Hermetic build task Package

This package verifies the build task in the attestation was invoked with the expected parameters to perform a hermetic build.

Package Name

  • hermetic_build_task

Rules Included

Build task called with hermetic param set

Verify the build task in the PipelineRun attestation was invoked with the proper parameters to make the build process hermetic.

Solution: Make sure the task that builds the image has a parameter named 'HERMETIC' and it’s set to 'true'.

  • Rule type: FAILURE

  • FAILURE message: Build task was not invoked with the hermetic parameter set

  • Code: hermetic_build_task.build_task_hermetic

  • Source