Add ec.oci.image_index rego function #2121
Comments
lcarva
added a commit
to lcarva/ec-policies
that referenced
this issue
Oct 31, 2024
Currently, Konflux does not create an SBOM for Image Indexes: https://issues.redhat.com/browse/KONFLUX-4330 Until then, do not trigger a violation when an SBOM is not found for such images. Today, it's not possible to determine if the image being validated is an Image Index or an Image Manifest, see enterprise-contract/ec-cli#2121. The Image Index detection is done via Konflux-specific heuristics as a workaround. Signed-off-by: Luiz Carvalho <[email protected]>
lcarva
added a commit
to lcarva/ec-policies
that referenced
this issue
Oct 31, 2024
Currently, Konflux does not create an SBOM for Image Indexes: https://issues.redhat.com/browse/KONFLUX-4330 Until then, do not trigger a violation when an SBOM is not found for such images. Today, it's not possible to determine if the image being validated is an Image Index or an Image Manifest, see enterprise-contract/ec-cli#2121. The Image Index detection is done via Konflux-specific heuristics as a workaround. Fixes 1210 Resolves: EC-996 Signed-off-by: Luiz Carvalho <[email protected]>
lcarva
added a commit
to lcarva/ec-policies
that referenced
this issue
Oct 31, 2024
Currently, Konflux does not create an SBOM for Image Indexes: https://issues.redhat.com/browse/KONFLUX-4330 Until then, do not trigger a violation when an SBOM is not found for such images. Today, it's not possible to determine if the image being validated is an Image Index or an Image Manifest, see enterprise-contract/ec-cli#2121. The Image Index detection is done via Konflux-specific heuristics as a workaround. Fixes enterprise-contract#1210 Resolves: EC-996 Signed-off-by: Luiz Carvalho <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
EC provides the ec.oci.image_manifest rego function which returns an Image Manifest given an image reference.
If the provided image reference refers to an Image Index, then
ec.oci.image_manifestpicks the correct Image Manifest and returns that. This is expected.However, there are cases where we need to know if a certain image reference is for an Image Manifest or an Image Index. This is currently not possible due to the auto-resolution behavior mentioned above.
Acceptance Criteria
ec.oci.image_index, that returns an Image Index. If the image reference provided is not an Image Index, log a warning and return no value.The text was updated successfully, but these errors were encountered: