Surface-level tests
Scope
This document covers the surface-level tests (formerly known as "sanity tests") that Konflux runs as part of its component build pipeline. These surface-level tests automatically check all application images to ensure that they’re up-to-date, correctly formatted, and protected from security vulnerabilities.
Surface-level tests
The Konflux component build pipeline supports several types of tests, including surface-level tests. The surface-level tests used in Konflux are run in the form of Tekton tasks. The utility used for validating container information is Conftest. The following tables show the currently implemented surface-level tests:
Test name | Description | Failure message |
---|---|---|
image_repository_deprecated |
Deprecated images are no longer maintained, leading to unresolved security vulnerabilities. |
The container image must not be built from a repository marked as 'Deprecated' in COMET |
Test name | Description | Failure message |
---|---|---|
image_unsigned_rpms |
Packages signed with Red Hat’s secure signing server adheres to stringent policies and procedures. |
All RPMs in the image must be signed. Found following unsigned rpms(nvra): |