RHBA-2026:10282 - Bug Fix Advisory

Topic

An updated rhtas/ec-rhel9 container image is now available in the Red Hat container registry.

Description

Conforma (formerly Enterprise Contract) is an artifact verifier and policy checker for use in supply chain CI/CD systems. It produces detailed, readable policy violation reports for container images based on the secure provenance attestations created at build time, using configurable policies defined in Rego.
Use it to gate releases or promotions between environments based on your business, quality, and security policies. Conforma is ideally suited for use with Tekton and Tekton Chains, but it is a system-agnostic command line tool that can be used in any CI environment.

Solution

The container image provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io/rhtas/ec-rhel9 using the "podman pull" command.
For more information about this image, search for rhtas/ec-rhel9 in the Red Hat Ecosystem Catalog at https://catalog.redhat.com/

Affected Products

• Red Hat Trusted Artifact Signer (RHTAS)

Fixes

CVEs

(none)

References

• https://catalog.redhat.com/search?q=ec-rhel9
• https://developers.redhat.com/products/trusted-artifact-signer/