Merge pull request #1667 from st3penta/EC-1410

st3penta · web-flow · commit fd8526f68819 · 2026-02-18T10:28:12.000+01:00
Add SLSA v1 provenance to allowed predicate types
diff --git a/policy/lib/rule_data.rego b/policy/lib/rule_data.rego
@@ -11,7 +11,7 @@ rule_data_defaults := {
 	"known_attestation_types": ["https://in-toto.io/Statement/v0.1"],
 	#
 	# Used in release/slsa_provenance_available
-	"allowed_predicate_types": ["https://slsa.dev/provenance/v0.2"],
+	"allowed_predicate_types": ["https://slsa.dev/provenance/v0.2", "https://slsa.dev/provenance/v1"],
 	#
 	# Used in release/slsa_build_build_service
 	"allowed_builder_ids": ["https://tekton.dev/chains/v2"],
diff --git a/policy/release/slsa_provenance_available/slsa_provenance_available_test.rego b/policy/release/slsa_provenance_available/slsa_provenance_available_test.rego
@@ -14,7 +14,7 @@ test_att_predicate_type if {
 	attestations := _mock_attestations(["spam"])
 	expected_deny := {{
 		"code": "slsa_provenance_available.attestation_predicate_type_accepted",
-		"msg": "Attestation predicate type \"spam\" is not an expected type (https://slsa.dev/provenance/v0.2)",
+		"msg": "Attestation predicate type \"spam\" is not an expected type (https://slsa.dev/provenance/v0.2, https://slsa.dev/provenance/v1)", # regal ignore:line-length
 	}}
 	lib.assert_equal_results(slsa_provenance_available.deny, expected_deny) with input.attestations as attestations
 }

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@ rule_data_defaults := {`
`11`	`11`	`"known_attestation_types": ["https://in-toto.io/Statement/v0.1"],`
`12`	`12`	`#`
`13`	`13`	`# Used in release/slsa_provenance_available`
`14`		`- "allowed_predicate_types": ["https://slsa.dev/provenance/v0.2"],`
	`14`	`+ "allowed_predicate_types": ["https://slsa.dev/provenance/v0.2", "https://slsa.dev/provenance/v1"],`
`15`	`15`	`#`
`16`	`16`	`# Used in release/slsa_build_build_service`
`17`	`17`	`"allowed_builder_ids": ["https://tekton.dev/chains/v2"],`
Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,7 @@ test_att_predicate_type if {`
`14`	`14`	`attestations := _mock_attestations(["spam"])`
`15`	`15`	`expected_deny := {{`
`16`	`16`	`"code": "slsa_provenance_available.attestation_predicate_type_accepted",`
`17`		`- "msg": "Attestation predicate type \"spam\" is not an expected type (https://slsa.dev/provenance/v0.2)",`
	`17`	`+ "msg": "Attestation predicate type \"spam\" is not an expected type (https://slsa.dev/provenance/v0.2, https://slsa.dev/provenance/v1)", # regal ignore:line-length`
`18`	`18`	`}}`
`19`	`19`	`lib.assert_equal_results(slsa_provenance_available.deny, expected_deny) with input.attestations as attestations`
`20`	`20`	`}`