Add tag protection to generated policy

This commit adds the tag protection entry to the generated policy
when it is reported in the active controls.

Signed-off-by: Adolfo Garcia Veytia (puerco) <[email protected]>

Author: puerco

pkg/policy/policy.go

@@ -276,6 +276,16 @@ func (pe *PolicyEvaluator) CreateLocalPolicy(ctx context.Context, repo *models.R
 			},
 		},
 	}
+
+	// If the controls returned
+	controls := slsa.Controls(provPred.GetControls())
+	tagHygiene := controls.GetControl(slsa.TagHygiene)
+	if tagHygiene != nil {
+		p.ProtectedTag = &ProtectedTag{
+			Since:      tagHygiene.GetSince(),
+			TagHygiene: true,
+		}
+	}
 	data, err := json.MarshalIndent(&p, "", "  ")
 	if err != nil {
 		return "", err

pkg/sourcetool/tool.go

@@ -220,6 +220,15 @@ func (t *Tool) createPolicy(r *models.Repository, branch *models.Branch, control
 			},
 		},
 	}
+
+	// If the controls returned
+	tagHygiene := controls.GetActiveControls().GetControl(slsa.TagHygiene)
+	if tagHygiene != nil {
+		p.ProtectedTag = &policy.ProtectedTag{
+			Since:      tagHygiene.GetSince(),
+			TagHygiene: true,
+		}
+	}
 	return p, nil
 }