SLSA - Provenance - Available Package
The SLSA Provenance Available requirement states the following: "The provenance is available to the consumer in a format that the consumer accepts. The format SHOULD be in-toto SLSA Provenance, but another format MAY be used if both producer and consumer agree and it meets all the other requirements." This package only accepts the in-toto SLSA Provenance format.
Rules Included
Allowed predicate types provided
Confirm the allowed_predicate_types rule data was provided, since it is required by the policy rules in this package.
-
Rule type: FAILURE
-
FAILURE message:
%s -
Code:
slsa_provenance_available.allowed_predicate_types_provided
Expected attestation predicate type found
Verify that the predicateType field of the attestation indicates the in-toto SLSA Provenance format was used to attest the PipelineRun.
Solution: The predicate type field in the attestation does not match the 'allowed_predicate_types' field. This field is set in the data sources.
-
Rule type: FAILURE
-
FAILURE message:
Attestation predicate type %q is not an expected type (%s) -
Code:
slsa_provenance_available.attestation_predicate_type_accepted