RHTAP Multi-CI Package
Checks for images built using an RHTAP build pipeline in either Jenkins, GitLab or GitHub. RHTAP pipelines are defined under https://github.com/redhat-appstudio/tssc-sample-templates/tree/main/skeleton/ci
Rules Included
SLSA Provenance Attestation Format
Confirm the attestation created by the RHTAP Multi-CI build pipeline matches the expected format.
Solution: This check looks for some fields expected to be present in the SLSA attestation. Modifying the scripts that produce the attestation predicate might cause this to fail. See also the att-predicate-*.sh scripts at https://github.com/redhat-appstudio/tssc-dev-multi-ci/tree/main/rhtap
-
Rule type: FAILURE
-
FAILURE message:
RHTAP %s attestation problem: %s -
Code:
rhtap_multi_ci.attestation_format
SLSA Provenance Attestation Found
Verify an attestation created by the RHTAP Multi-CI build pipeline is present.
Solution: It appears the build pipeline did not create the expected SLSA provenance attestation. Check for relevant error messages in the 'cosign-sign-attest' pipeline step logs.
-
Rule type: FAILURE
-
FAILURE message:
A SLSA v1.0 provenance with one of the following RHTAP Multi-CI build types was not found: %s. -
Code:
rhtap_multi_ci.attestation_found