📚 Sync docs from alaudadevops/tektoncd-operator on e251124341e4aa7ae4464c538ef3f8f3f87d1cf8

Source: fix: known doom lint issues (#1551)
Author: JounQin
Ref: refs/heads/release-4.8
Commit: e251124341e4aa7ae4464c538ef3f8f3f87d1cf8

This commit automatically syncs documentation changes from the source-docs repository.

🔗 View source commit: AlaudaDevops/tektoncd-operator@e251124
🤖 Synced on 2026-04-03 07:11:36 UTC

Author: l-qing

.github/SYNC_INFO.md

@@ -1,10 +1,10 @@
 # Documentation Sync Information
 
-- **Last synced**: 2026-04-03 01:45:50 UTC
+- **Last synced**: 2026-04-03 07:11:36 UTC
 - **Source repository**: alaudadevops/tektoncd-operator
-- **Source commit**: [30806f63ba2a1b166f84307d049ff51a6b1fe3c3](https://github.com/alaudadevops/tektoncd-operator/commit/30806f63ba2a1b166f84307d049ff51a6b1fe3c3)
+- **Source commit**: [e251124341e4aa7ae4464c538ef3f8f3f87d1cf8](https://github.com/alaudadevops/tektoncd-operator/commit/e251124341e4aa7ae4464c538ef3f8f3f87d1cf8)
 - **Triggered by**: l-qing
-- **Workflow run**: [#176](https://github.com/alaudadevops/tektoncd-operator/actions/runs/23930121635)
+- **Workflow run**: [#183](https://github.com/alaudadevops/tektoncd-operator/actions/runs/23937735575)
 
 ## Files synced:
 - docs/

.yarn/releases/yarn-4.10.3.cjs

@@ -44,9 +44,9 @@ Image attestation is used for storing and verifying metadata information related
 - [SLSA Provenance](#slsa-provenance)
 - [SBOM](#sbom-software-bill-of-materials)
 - [Vulnerability scan results](#vulnerability-scan-results)
-- [Custom metadata](#custom-metadata-attestation)
+- [Custom metadata](#custom-metadata)
 
-### SLSA Provenance
+### SLSA Provenance \{#slsa-provenance}
 
 [SLSA Provenance](https://slsa.dev/provenance/v1) is metadata containing verifiable information about software artifacts, describing how they were built, what sources were used, and who built them. In Tekton Chains, provenance is cryptographically signed to ensure its integrity and authenticity.
 
@@ -55,7 +55,7 @@ There are two types of provenance in Tekton Chains:
 - **Task-level provenance**: Captures details about a specific TaskRun execution
 - **Pipeline-level provenance**: Captures the entire PipelineRun execution, including all child TaskRuns
 
-### SBOM (Software bill of materials)
+### SBOM (Software bill of materials) \{#sbom-software-bill-of-materials}
 
 [SBOM](https://www.ntia.gov/page/software-bill-materials) is a nested inventory for software, a list of ingredients that make up software components, including:
 - Software components
@@ -67,15 +67,15 @@ SBOM can be in various formats, such as:
 - [SPDX](https://spdx.dev/use/specifications/)
 - [CycloneDX](https://cyclonedx.org/specification/overview/)
 
-### Vulnerability scan results
+### Vulnerability scan results \{#vulnerability-scan-results}
 
 [Cosign Vulnerability Scan results](https://github.com/sigstore/cosign/blob/main/specs/COSIGN_VULN_ATTESTATION_SPEC.md) record the security assessment of the software build process, including:
 - Scanner information (name, version)
   - Vulnerability database information
 - List of discovered vulnerabilities and their severity
 - Remediation recommendations
 
-### Custom metadata
+### Custom metadata \{#custom-metadata}
 
 Custom metadata can be added as needed to support specific security requirements.
 

.yarn/releases/yarn-4.13.0.cjs

@@ -157,7 +157,7 @@ data:
   artifacts.oci.signer: "x509"
 ```
 
-### Type Hinting
+### Type Hinting \{#type-hinting}
 
 :::tip
 More details about type hinting can be found in the [Tekton Chains Type Hinting](https://tekton.dev/docs/chains/slsa-provenance/#type-hinting) documentation.

docs/en/chains/concepts/core_concepts.mdx

@@ -16,7 +16,7 @@ Authentication must be set up to take advantage of the following features in Cha
 * Pushing signatures to an OCI registry after signing an image
 * Using Fulcio to get Signing Certificates when utilizing Keyless signing
 
-## OCI Registry Authentication
+## OCI Registry Authentication \{#oci-registry-authentication}
 
 To push to an OCI registry, the Chains controller will look for credentials in two places:
 
@@ -94,7 +94,7 @@ spec:
     - name: registry-credentials
 ```
 
-#### Using ServiceAccount
+#### Using ServiceAccount \{#using-serviceaccount}
 
 Give the service account access to the secret:
 

docs/en/chains/concepts/understanding_tekton_chains.mdx

@@ -47,7 +47,7 @@ metadata:
 type: Opaque
 ```
 
-### Get the Signing Public Key
+### Get the Signing Public Key \{#get-the-signing-public-key}
 
 :::tip
 If you don't have permission, you can ask the administrator to get the public key.
@@ -58,7 +58,7 @@ $ export NAMESPACE=<tekton-pipelines>
 $ kubectl get secret -n $NAMESPACE signing-secrets -o jsonpath='{.data.cosign\.pub}' | base64 -d > cosign.pub
 ```
 
-### Get the Signing Secret
+### Get the Signing Secret \{#get-the-signing-secret}
 
 ```shell
 $ export NAMESPACE=<tekton-pipelines>
@@ -86,4 +86,3 @@ tekton-chains-controller-55876dfbbd-5wv5z   1/1     Running   0          1m30s
 
 - [Tekton Chains Authentication](https://tekton.dev/docs/chains/authentication/)
 - [Tekton Chains Configuration](https://tekton.dev/docs/chains/config/)
-

docs/en/chains/configure/authentication_for_chains.mdx

@@ -76,7 +76,7 @@ These steps are identical to the [Quick Start: Signed Provenance](../quick_start
 At [Step 8: Verifying the Image and Attestation](../quick_start/signed_provenance.mdx#step-8-verifying-the-image-and-attestation), we use `cosign` CLI to verify the signature.
 Here we use Kyverno to verify the signature.
 
-#### Step 8.1: Create a Kyverno policy to allow only signed images to be deployed
+#### Step 8.1: Create a Kyverno policy to allow only signed images to be deployed \{#step-81-create-a-kyverno-policy-to-allow-only-signed-images-to-be-deployed}
 
 :::tip
 This step requires cluster administrator privileges.

docs/en/chains/configure/signing_key_configuration.mdx

@@ -265,7 +265,7 @@ spec:
 - The same as in [Step 5: Run a Sample Pipeline](../quick_start/signed_provenance.mdx#step-5-run-a-sample-pipeline). Below only introduces the differences.
 - `workspaces`
   - `signkey`: the secret name of the signing key.
-    - `secret.secretName`: The signing secret prepared in the previous step [Get the signing secret](#get-the-signing-secret). But you need to create a new secret with the same namespace as the pipeline run.
+    - `secret.secretName`: The signing secret prepared in the previous step [Get the signing secret](../configure/signing_key_configuration.mdx#get-the-signing-secret). But you need to create a new secret with the same namespace as the pipeline run.
 :::
 
 Save into a yaml file named `chains-demo-5.pipelinerun.yaml` and apply it with:
@@ -585,4 +585,4 @@ This guide provides a foundation for implementing supply chain security in your
 ## References
 
 - [Chains Signed Provenance Tutorial](https://tekton.dev/docs/chains/signed-provenance-tutorial/)
-- [Chains Configuration](../configure/chains_configuration)
+- [Chains Configuration](../configure/chains_configuration)

docs/en/chains/how_to/image_signature_verification.mdx

@@ -303,7 +303,7 @@ spec:
 - The same as in [Step 5: Run a Sample Pipeline](../quick_start/signed_provenance.mdx#step-5-run-a-sample-pipeline). Below only introduces the differences.
 - `workspaces`
   - `signkey`: the secret name of the signing key.
-    - `secret.secretName`: The signing secret prepared in the previous step [Get the signing secret](#get-the-signing-secret). But you need to create a new secret with the same namespace as the pipeline run.
+    - `secret.secretName`: The signing secret prepared in the previous step [Get the signing secret](../configure/signing_key_configuration.mdx#get-the-signing-secret). But you need to create a new secret with the same namespace as the pipeline run.
 :::
 
 Save into a yaml file named `chains-demo-4.pipelinerun.yaml` and apply it with:
@@ -725,4 +725,4 @@ This guide provides a foundation for implementing supply chain security in your
 ## References
 
 - [Chains Signed Provenance Tutorial](https://tekton.dev/docs/chains/signed-provenance-tutorial/)
-- [Chains Configuration](../configure/chains_configuration)
+- [Chains Configuration](../configure/chains_configuration)