Require SBOM Signature
Type: Rule
ID: sbom-signed
Source: v2/rules/sbom/artifact-signed.yaml
Rego Source: artifact-signed.rego
Labels: SBOM, Blueprint
Verify the SBOM is signed.
note
This rule requires Signed SBOM. See here for more details.
tip
Evidence IS required for this rule and will fail if missing.
tip
Signed Evidence for this rule IS required by default.
warning
Rule requires evaluation with a target. Without one, it will be disabled unless the --all-evidence flag is provided.
info
Rule is scoped by product and target.
Usage example
uses: sbom/artifact-signed@v2
Evidence Requirements
| Field | Value |
|---|---|
| filter-by | ['product', 'target'] |
| content_body_type | cyclonedx-json |
| signed | True |
Rule Parameters (with)
| Parameter | Default |
|---|---|
| identity | {'common-names': [], 'emails': []} |