Build from signed source
This policy checks if the build was done from a signed commit.
No attestation available
No attestation available for this control. This control expects a predicate type. Use the following command to create such an attestation and upload it to the container-registry as well as to DevGuard
https://slsa.dev/provenance/v1
devguard-scanner attest --token <Personal access token> --predicateType "https://slsa.dev/provenance/v1" <json file>
Status
Evaluation result after comparing the policy with the current state of the asset
Could not evaluate control
Update the attestation using the following command
devguard-scanner attest --token <Personal access token> --predicateType "https://slsa.dev/provenance/v1" <json file>
Create a Personal Access Token
To use the Devguard-Scanner, you need to create a Personal Access Token. You can create such a token by clicking the button below.