Compliance
A product's build compliance report shows you how the build complies with NIST's SSDF and SLSA up to level 3. You can check out what policies are being checked by Scribe you can examine the SLSA policies here and the SSDF policies here.
To reach the compliance report go to Products > (Your Product) > (Version) > Compliance.
This is what the report looks like:
As you can see, if the policy was checked successfully you'll see a green checkmark next to it. If the check failed you'll see a red exclamation point.
Explanation
- Status - Whether the policy check passed or failed
- Compliance - Which framework does the policy belongs to
- Policy - Each policy under the policy column is a link leading to the right policy in the right regulation page such as the SLSA Policies or the SSDF Policies that Scribe monitors.
- Message - Explains why the policy check was successful or failed. Fix the failure reason to get the policy to pass on the next build run.
note
If you're interested in adding any other policies or frameworks to be checked against your products out of the box please contact us.