Thank you for the PR. Do you mind creating an issue explaining the problem and when it happens? Because in Helm charts we support both OCI and tarballs. Does this happen with other artifacts as well?

Do you mind creating an issue explaining the problem and when it happens? Because in Helm charts we support both OCI and tarballs. Does this happen with other artifacts as well?

OCI HELM_CHART is a material of ContainerImage type, where tarball is handled as Artifact. For ContainerImage materials we don't store content anywhere, we only use the metadata so it's not affected. Added the issue.

I don't understand how an issue in the policy engine requires changing if/when to store an artifact?

I don't understand how an issue in the policy engine requires changing if/when to store an artifact?

We don't change WHEN it is stored, we change WHAT is being passed for the evaluation. For evaluations we accept only json content, for xml we marshal it into json first for processing. The same thing was being done for helm charts, we took binary content and tried to marshal into json before passing to policy engine, hence the issue. For non inline backends it was already excluded, with this PR it is being also excluded for the inline backend.

I don't understand how an issue in the policy engine requires changing if/when to store an artifact?

We don't change WHEN it is stored, we change WHAT is being passed for the evaluation. For evaluations we accept only json content, for xml we marshal it into json first for processing. The same thing was being done for helm charts, we took binary content and tried to marshal into json before passing to policy engine, hence the issue. For non inline backends it was already excluded, with this PR it is being also excluded for the inline backend.

Ah, I missunderstood, your response, sorry.

So what happens if you have a evidence or artifact policy type?

So what happens if you have a evidence or artifact policy type?

It will fail in the same place, where we would try to marshal binary into json content. Kind detection works correctly for helm charts, so that will only happen if the user tries to evaluate helm chart that was explicitly passed as artifact or evidence

We don't change WHEN it is stored, we change WHAT is being passed for the evaluation. For evaluations we accept only json content, for xml we marshal it into json first for processing.

Hmm have a look at the WASM engine because that engine allows to pass any format, including raw bytes to the policy.

I am closing it because I think this is a more wirespread problem that needs to be solved #2065