Skip to content

Preset policy configuration files for Enterprise Contract

Notifications You must be signed in to change notification settings

enterprise-contract/config

Repository files navigation

Enterprise Contract Configuration Files

This repo contains a set of policy.yaml files which can be used by the Enterprise Contract Command Line Interface with a variety of environments.

Konflux CI

When using Red Hat's Konflux CI environment, there is a predefined Integration Test pipeline definition for each of the configs in this section. They can be used when creating an Integration Test in Konflux as per the documentation here.

The policy configuration files are:

Default

Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new Konflux applications.

  • URL for Enterprise Contract: github.com/enterprise-contract/config//default
  • Source: default/policy.yaml
  • Collections: @slsa3

Red Hat

Includes the full set of rules and policies required internally by Red Hat when building Red Hat products.

Red Hat (non hermetic)

Includes most of the rules and policies required internally by Red Hat when building Red Hat products. It excludes the requirement of hermetic builds.

SLSA3

Rules specifically related to levels 1, 2 & 3 of SLSA v0.1, plus a set of basic checks that are expected to pass for all Konflux builds.

Stable (versioned policies)

The main branch of the enterprise-contract/ec-policies is always tested with the latest build of ec-cli. If your environment uses a specific version of ec-cli, such as the official Red Hat build, then you can use one of these instead of the main branch default.

They are similar to the Konflux CI "default" configuration except they use a specific branch of the policies repo for stability and compatiblity with specific verisons of ec. These configurations are suggested for use in Red Hat Trusted Application Pipeline templates.

The policy configuration files are:

Default (v0.1-alpha)

Includes rules for levels 1, 2 & 3 of SLSA v0.1. For use with ec version v0.1-alpha.

Default (v0.2)

Includes rules for levels 1, 2 & 3 of SLSA v0.1. For use with ec version v0.2.

Default (v0.4)

Includes rules for levels 1, 2 & 3 of SLSA v0.1. For use with ec version v0.4

RHTAP GitHub

Includes rules suitable for use with the attestations created by RHTAP GitHub build pipelines.

RHTAP GitLab

Includes rules suitable for use with the attestations created by RHTAP GitLab build pipelines.

RHTAP Jenkins

Includes rules suitable for use with the attestations created by RHTAP Jenkins build pipelines.

Konflux CI & Red Hat Trusted Application Pipeline (RHTAP) - Tasks

These are policy rules used to verify Tekton Task definitions meet the Red Hat guidelines for being considered trusted.

The policy configuration files are:

Red Hat Trusted Tasks

Rules used to verify Tekton Task definitions comply to Red Hat's standards.

GitHub

Container images built via GitHub Actions can be verified with the following policy configurations.

GitHub Default

Rules for container images built via GitHub Workflows.

See also

About

Preset policy configuration files for Enterprise Contract

Resources

Code of conduct

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published