Verify File Integrity
Type: Rule
ID: file-integrity
Source: v2/rules/multievidence/files_integrity.yaml
Rego Source: files_integrity.rego
Labels: SBOM
Verify the checksum of each file in one SBOM matches the checksum in a second SBOM.
note
This rule requires Signed Image SBOM. See here for more details.
tip
Signed Evidence for this rule IS required by default.
warning
Rule requires evaluation with a target. Without one, it will be disabled unless the --all-evidence flag is provided.
Usage example
uses: multievidence/files_integrity@v2
Evidence Requirements
| Field | Value |
|---|---|
| signed | True |
| content_body_type | cyclonedx-json |
| target_type | container |
| labels | - new_evidence |
Rule Parameters (with)
| Parameter | Default |
|---|---|
| ref_sbom | {{ .Env.REF_SBOM_DATA }} |
| path_prefix | pkg:file/ |