Verify that artifact was created by the specified builder
Type: Rule
ID: slsa-verify-builder
Source: v2/rules/slsa/verify-builder.yaml
Rego Source: verify-builder.rego
Labels: SLSA, Image
Verify the artifact was created by the specified builder.
note
This rule requires SLSA Provenance. See here for more details.
tip
Signed Evidence for this rule IS NOT required by default but is recommended.
info
Rule is scoped by pipeline and product.
Usage example
uses: slsa/verify-builder@v2
Evidence Requirements
| Field | Value |
|---|---|
| filter-by | ['pipeline', 'product'] |
| signed | False |
| content_body_type | slsa |
| target_type | container |
Rule Parameters (with)
| Parameter | Default |
|---|---|
| id | {{ .Env.HOSTNAME }} |