Scribe Published Policy
Type: Rule
ID: scribe-published-policy
Source: v2/rules/api/scribe-api-published.yaml
Rego Source: scribe-api-published.rego
Labels: Scribe
Verify image Scribe Publish flag is set for container image.
tip
Rule requires the Scribe API to be enabled. Ensure that you provide the Scribe Token to the valint utility.
tip
Signed Evidence for this rule IS NOT required by default but is recommended.
warning
Rule requires evaluation with a target. Without one, it will be disabled unless the --all-evidence flag is provided.
Usage example
uses: api/scribe-api-published@v2
Mitigation
Ensure that all critical or high severity vulnerabilities are addressed before delivering the product.
Description
This rule ensures that the product is published only after all critical or high severity vulnerabilities are addressed.
Evidence Requirements
| Field | Value |
|---|---|
| signed | False |
| content_body_type | cyclonedx-json |
Rule Parameters (with)
| Parameter | Default |
|---|---|
| superset | {'published': None} |