Closed simonbaird closed 4 months ago
Some example output:
With one component (and without --info):
Success: false
Result: FAILURE
Violations: 1, Warnings: 9, Successes: 82
Component: golden-container
ImageRef: registry.redhat.io/rhtas/ec-rhel9@sha256:fc5c65c2829f170ecc5c0ed33b154c9afde3b3b1f347766a66c4af65d343ea8c
Results:
✕ [Violation] hermetic_build_task.build_task_hermetic
ImageRef: registry.redhat.io/rhtas/ec-rhel9@sha256:fc5c65c2829f170ecc5c0ed33b154c9afde3b3b1f347766a66c4af65d343ea8c
Reason: Build task was not invoked with the hermetic parameter set
› [Warning] cve.deprecated_cve_result_name
ImageRef: registry.redhat.io/rhtas/ec-rhel9@sha256:fc5c65c2829f170ecc5c0ed33b154c9afde3b3b1f347766a66c4af65d343ea8c
Reason: CVE scan uses deprecated result name
...
Attention: Patch coverage is 0%
with 9 lines
in your changes are missing coverage. Please review.
Project coverage is 86.68%. Comparing base (
4e3a778
) to head (3641f75
).
With two components and --info on:
Success: false
Result: FAILURE
Violations: 6, Warnings: 18, Successes: 158
Components:
- Name: golden-container-sha256:b4b23d19b57ea0333f89fb1fa781df57c3cb00f284bd7a384fac093cacf31e58-amd64
ImageRef: quay.io/redhat-appstudio/ec-golden-image@sha256:b4b23d19b57ea0333f89fb1fa781df57c3cb00f284bd7a384fac093cacf31e58
Violations: 3, Warnings: 9, Successes: 79
- Name: golden-container-sha256:79afd494c4d1f3c3e1ba328a20df36e79377db06da94152dd2456f0259e42b98-arm64
ImageRef: quay.io/redhat-appstudio/ec-golden-image@sha256:79afd494c4d1f3c3e1ba328a20df36e79377db06da94152dd2456f0259e42b98
Violations: 3, Warnings: 9, Successes: 79
Results:
✕ [Violation] redhat_manifests.redhat_manifests_missing
ImageRef: quay.io/redhat-appstudio/ec-golden-image@sha256:b4b23d19b57ea0333f89fb1fa781df57c3cb00f284bd7a384fac093cacf31e58
Reason: Missing Red Hat manifest "root/buildinfo/content_manifests/sbom-purl.json"
Title: Missing Red Hat manifests
Description: Verify the expected Red Hat manifests are available in the image. To exclude this rule add
"redhat_manifests.redhat_manifests_missing:root/buildinfo/content_manifests/sbom-purl.json" to the `exclude` section of the
policy configuration.
✕ [Violation] sbom_cyclonedx.found
ImageRef: quay.io/redhat-appstudio/ec-golden-image@sha256:b4b23d19b57ea0333f89fb1fa781df57c3cb00f284bd7a384fac093cacf31e58
Reason: No CycloneDX SBOM found
Title: Found
Description: Confirm a CycloneDX SBOM exists. To exclude this rule add "sbom_cyclonedx.found" to the `exclude` section of the
policy configuration.
Solution: Make sure the build process produces a CycloneDX SBOM.
...
Ref: https://issues.redhat.com/browse/EC-657