Glossary

A set of requirements imposed upon software delivery artifacts implemented in a Enterprise Contract Policy fulfilling a gating role allowing or preventing a release of these artifacts

Also, Enterprise Contract is the former name for Conforma.

An implementation of Enterprise Contract comprised of one or more Policy Rule

Individual expression of Enterprise Contract Policy. For example: all images should be signed. Evaluation of Policy Rules determines if a release of software artifact is permitted or prevented

A Policy Rule that even if violated does not prevent a release of software artifacts. Marking a Policy Rule as non-blocking is external to the Policy Rule implementation.

A Policy Rule that behaves like a Non-blocking Policy until a certain time in the future at which point it behaves like a regular Policy Rule.

The person responsible for authorizing one or more releases. For Red Hat, this is a Red Hat employee at a certain role (e.g. Project Manager, Product Owner, Technical Lead, etc). It is up to the Application maintainer to define the authorizer.

A statement that an Authorizer allows component builds from certain git references to be released.

A process of generating verifiable claims about any aspect of how a piece of software is produced. In technical terms specified via In-toto Attestation Framework.