This repo contains a set of policy.yaml files which can be used by the Enterprise Contract
Command Line Interface with a variety of
environments.
When using Red Hat's Konflux CI, (formerly Red Hat App Studio), environment, there is a predefined Integration Test pipeline definition for each of the configs in this section. They can be used when creating an Integration Test in Konflux as per the documentation here.
The policy configuration files are:
Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new Konflux applications.
- URL for Enterprise Contract:
github.com/enterprise-contract/config//default - Source: default/policy.yaml
- Collections: @slsa3
- Konflux Integration Test pipeline definition:
- Github URL:
https://github.com/redhat-appstudio/build-definitions - Path in repository:
pipelines/enterprise-contract.yaml
- Github URL:
Include every rule in the default policy source. For experiments only. This is not expected to pass for Konflux builds without excluding some rules.
- URL for Enterprise Contract:
github.com/enterprise-contract/config//everything - Source: everything/policy.yaml
- Collections:
- Konflux Integration Test pipeline definition:
- Github URL:
https://github.com/redhat-appstudio/build-definitions - Path in repository:
pipelines/enterprise-contract-everything.yaml
- Github URL:
Includes the full set of rules and policies required internally by Red Hat when building Red Hat products.
- URL for Enterprise Contract:
github.com/enterprise-contract/config//redhat - Source: redhat/policy.yaml
- Collections: @redhat
- Konflux Integration Test pipeline definition:
- Github URL:
https://github.com/redhat-appstudio/build-definitions - Path in repository:
pipelines/enterprise-contract-redhat.yaml
- Github URL:
Includes most of the rules and policies required internally by Red Hat when building Red Hat products. It excludes the requirement of hermetic builds.
- URL for Enterprise Contract:
github.com/enterprise-contract/config//redhat-no-hermetic - Source: redhat-no-hermetic/policy.yaml
- Collections: @redhat
- Konflux Integration Test pipeline definition:
- Github URL:
https://github.com/redhat-appstudio/build-definitions - Path in repository:
pipelines/enterprise-contract-redhat-no-hermetic.yaml
- Github URL:
Rules specifically related to levels 1, 2 & 3 of SLSA v0.1, plus a set of basic checks that are expected to pass for all Konflux builds.
- URL for Enterprise Contract:
github.com/enterprise-contract/config//slsa3 - Source: slsa3/policy.yaml
- Collections: @minimal, @slsa3
- Konflux Integration Test pipeline definition:
- Github URL:
https://github.com/redhat-appstudio/build-definitions - Path in repository:
pipelines/enterprise-contract-slsa3.yaml
- Github URL:
These are policy rules used to verify Tekton Task definitions meet the Red Hat guidelines for being considered trusted.
The policy configuration files are:
Rules used to verify Tekton Task definitions comply to Red Hat's standards.
- URL for Enterprise Contract:
github.com/enterprise-contract/config//redhat-trusted-tasks - Source: redhat-trusted-tasks/policy.yaml
Container images built via GitHub Actions can be verified with the following policy configurations.
Rules for container images built via GitHub Workflows.
- URL for Enterprise Contract:
github.com/enterprise-contract/config//github-default - Source: github-default/policy.yaml
- Collections: @github