Describe the bug
I believe that these attestations end up being a giant OR:
https://github.com/chainguard-dev/policy-catalog/blob/524be7dc1c401f5cb55644e022add82d43a84925/policies/vendors/chainguard/chainguard-images-attested-cue.yaml
To Reproduce
Find an image that only has one of the specified attestations, and run this on it.
Expected behavior
Any of the missing attestations trigger a failure
Describe the bug
I believe that these attestations end up being a giant OR:
https://github.com/chainguard-dev/policy-catalog/blob/524be7dc1c401f5cb55644e022add82d43a84925/policies/vendors/chainguard/chainguard-images-attested-cue.yaml
To Reproduce
Find an image that only has one of the specified attestations, and run this on it.
Expected behavior
Any of the missing attestations trigger a failure