CLI

ec validate image --images snapshot.json --ignore-rekor --policy policy.yaml --output yaml --debug 2>&1 | grep slsa_build_scripted_build.rego

policy.yaml

apiVersion: appstudio.redhat.com/v1alpha1
kind: EnterpriseContractPolicy
metadata:
  name: default
  namespace: enterprise-contract-service
spec:
  description: Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new RHTAP applications. Available collections are defined in https://redhat-appstudio.github.io/docs.stonesoup.io/ec-policies/release_policy.html#_available_rule_collections. If a different policy configuration is desired, this resource can serve as a starting point. See the docs on how to include and exclude rules https://redhat-appstudio.github.io/docs.stonesoup.io/ec-policies/policy_configuration.html#_including_and_excluding_rules.
  name: Default
  publicKey: |
    -----BEGIN PUBLIC KEY-----
    MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPfwkY/ru2JRd6FSqIp7lT3gzjaEC
    EAg+paWtlme2KNcostCsmIbwz+bc2aFV+AxCOpRjRpp3vYrbS5KhkmgC1Q==
    -----END PUBLIC KEY-----
  sources:
    - config:
        include:
          - trusted_artifacts
      data:
        - oci::quay.io/redhat-appstudio-tekton-catalog/data-acceptable-bundles:latest
        - github.com/release-engineering/rhtap-ec-policy//data
      name: Default
      policy:
        - /home/zregvart/tmp/ec-policies/policy/release
        - /home/zregvart/tmp/ec-policies/policy/lib
        #- github.com/enterprise-contract/ec-policies//policy/lib
        #- github.com/enterprise-contract/ec-policies//policy/release

snapshot.json

{
  "application": "ec-cli",
  "components": [
    {
      "name": "ec-cli",
      "containerImage": "quay.io/redhat-appstudio-qe/enterprise-contract-tests:e2e-test-unpinned-task-bundle"
    }
  ],
  "artifacts": {}
}