Group policies together to simplify their management.
attestation push
would fail until the required material is provided:
inputs
section.
Then those inputs can be passed down to policies using interpolation.
In the example above, bannedComponents
input parameter (which is mandatory) is passed to the underlying policy with the expression {{ inputs.bannedComponents }}
sbom
material. But what if our contract requires multiple SBOMs (because we are building several images in the same pipeline, for example)?
By using parameters and placeholders in material names, we can add as many instances of the same policy group as we need: