Pipeline Policy

To be able to reproduce and audit builds accurately it’s important to know exactly what happens during the build. To do this Conforma requires that all tasks are defined in a set of known and trusted task bundles. This package includes rules to confirm that the tasks in a Pipeline definition are defined in task bundles, and that the task bundles are from the list of known and trusted bundles.

Policies to confirm the Tekton Pipeline definition has the expected kind.

Konflux expects that certain Tekton tasks are executed during image builds. This package includes policy rules to confirm that the pipeline definition includes those required tasks.