Tekton Task Step image registry policies Package
This package ensures that a Task definition contains expected values for the image references used by the Task’s steps.
Rules Included
Permitted step image registry prefix list provided
Confirm the allowed_step_image_registry_prefixes rule data was provided, since it’s required by the policy rules in this package.
Solution: Make sure the data sources contains a key 'allowed_step_image_registry_prefixes' that contains a list of approved registries that can be used to run tasks in the build pipeline.
-
Rule type: FAILURE
-
FAILURE message:
%s -
Code:
step_image_registries.step_image_registry_prefix_list_provided
Step images come from permitted registry
Confirm that each step in the Task uses a container image with a URL that matches one of the prefixes in the provided list of allowed step image registry prefixes. The list is customizeable via the allowed_step_image_registry_prefixes rule data key.
Solution: Make sure the container image used in each step of the Task comes from an approved registry.
-
Rule type: FAILURE
-
FAILURE message:
Step %d uses disallowed image ref '%s' -
Code:
step_image_registries.step_images_permitted