> ## Documentation Index
> Fetch the complete documentation index at: https://docs.kosli.com/llms.txt
> Use this file to discover all available pages before exploring further.
## Submitting Feedback
If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback:
POST https://docs.kosli.com/feedback
```json
{
"path": "/api-reference/asserts/assert-artifact",
"feedback": "Description of the issue"
}
```
Only submit feedback when you have something specific and actionable to report.
# Assert artifact
> Assert an artifact.
## OpenAPI
````yaml https://app.kosli.com/api/v2/openapi.json get /asserts/{org}/fingerprint/{fingerprint}
openapi: 3.1.0
info:
title: Kosli API
summary: The API for communicating with Kosli
description: >
# Authentication
When making requests against Kosli API, you can authenticate your requests
using a bearer token.
Set the bearer token in the request Authorization header to a valid API
key.
API Keys can be personal or for service accounts. Check the [service
accounts
documentation](https://docs.kosli.com/getting_started/service-accounts/) for
details.
## Curl example
```shell
curl -H "Authorization: Bearer <>"
https://app.kosli.com/api/v2/environments/<>
```
version: '2.0'
servers:
- url: https://app.kosli.com/api/v2
description: EU
- url: https://app.us.kosli.com/api/v2
description: US
security:
- HTTPBearer: []
paths:
/asserts/{org}/fingerprint/{fingerprint}:
get:
tags:
- Asserts
summary: Assert artifact
description: Assert an artifact.
operationId: assert_artifact_asserts__org__fingerprint__fingerprint__get
parameters:
- name: fingerprint
in: path
required: true
schema:
type: string
title: Fingerprint
- name: org
in: path
required: true
schema:
type: string
title: Org
- name: flow_name
in: query
required: false
schema:
anyOf:
- type: string
- type: 'null'
description: Filter by flow name
title: Flow Name
description: Filter by flow name
- name: environment_name
in: query
required: false
schema:
anyOf:
- type: string
- type: 'null'
description: >-
The name of the environment. Ignored if environment does not use
policies.
title: Environment Name
description: >-
The name of the environment. Ignored if environment does not use
policies.
- name: policy_name
in: query
required: false
schema:
anyOf:
- items:
type: string
type: array
- type: 'null'
description: >-
List of policy names to assert against.
?policy_name=a&policy_name=b
title: Policy Name
description: List of policy names to assert against. ?policy_name=a&policy_name=b
responses:
'200':
description: Successful Response
content:
application/json:
schema:
$ref: '#/components/schemas/AssertArtifactResponse'
'404':
description: Artifact Not Found
content:
application/json:
schema:
$ref: >-
#/components/schemas/fastapi_app__errors__NotFoundResponse___locals___NotFoundResponseModel__29
security:
- HTTPBearer: []
- HTTPBasic: []
components:
schemas:
AssertArtifactResponse:
properties:
fingerprint:
type: string
pattern: ^[a-f0-9]{64}$
title: Fingerprint
description: Artifact fingerprint.
flow:
type: string
pattern: ^[a-zA-Z0-9][a-zA-Z0-9\.\-_~]*$
title: Flow
description: The flow name of the artifact.
trail:
type: string
pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_.~]*$
title: Trail
description: The trail name of the artifact.
compliant:
type: boolean
title: Compliant
description: >-
Whether the artifact complies with the defined policies for an
environment, Or the artifact is compliant in the trail
compliance_status:
anyOf:
- $ref: '#/components/schemas/ArtifactComplianceResultResponse'
- type: 'null'
description: The compliance status of the artifact.
html_url:
type: string
title: Html Url
description: URL to view the artifact details in the web UI
flows:
anyOf:
- $ref: '#/components/schemas/AssertArtifactFlowResponse'
- type: 'null'
description: The flows associated with the artifact.
scope:
type: string
enum:
- flow
- environment
- policy
title: Scope
description: >-
The scope of the assertion (flow-level, environment-level or
policy-level)
environment:
anyOf:
- type: string
- type: 'null'
title: Environment
description: >-
The name of the environment (only present when scope is
'environment')
policy_evaluations:
anyOf:
- items:
$ref: '#/components/schemas/PolicyEvaluationResponse'
type: array
- type: 'null'
title: Policy Evaluations
description: >-
List of policy evaluation results (only present when scope is
'environment')
allow_listing:
anyOf:
- $ref: '#/components/schemas/AllowlistInformation'
- type: 'null'
description: >-
Allowlisting information if the artifact is allowlisted (only
present when scope is 'environment')
type: object
required:
- fingerprint
- flow
- trail
- compliant
- compliance_status
- html_url
- scope
title: AssertArtifactResponse
description: >-
Response model for assertion results.
Represents compliance status of an artifact within a flow or environment
scope.
examples:
- compliance_status:
artifact_fingerprint: 19daf927d2e8709673b9948316b37bd52435434ad5c16d8bbec7dbcb287325c5
attestations_statuses:
- attestation_name: approval
attestation_type: generic
expected: false
is_compliant: true
status: COMPLETE
evaluated_at: 1758259675.0286536
expected: false
is_compliant: true
status: COMPLIANT
compliant: true
fingerprint: 19daf927d2e8709673b9948316b37bd52435434ad5c16d8bbec7dbcb287325c5
flow: my-flow-name
html_url: >-
https://app.kosli.com/acme-org/flows/acme-flow/artifacts/089eeef9ef2ba07f142d93bb172eab3f23586b4cb40af75175ce140ab9a88c9a
scope: flow
trail: my-trail-name
- compliance_status:
artifact_fingerprint: e41a0b51a083b3a692e3cf7588b9eb0d83913f292a226ee2e5b4a7ecf06cdbf7
attestations_statuses:
- attestation_name: junit
attestation_type: '*'
expected: true
status: MISSING
evaluated_at: 1759224787.307779
expected: true
is_compliant: false
status: INCOMPLETE
compliant: false
environment: policy-env
fingerprint: e41a0b51a083b3a692e3cf7588b9eb0d83913f292a226ee2e5b4a7ecf06cdbf7
flow: v1-flow
html_url: >-
http://app.kosli.com/use-cases/flows/v1-flow/artifacts/e41a0b51a083b3a692e3cf7588b9eb0d83913f292a226ee2e5b4a7ecf06cdbf7?artifact_id=76a80a75-d5c6-4a00-a8f9-7e3449dd
policy_evaluations:
- policy_name: attestation-policy
policy_version: 1
rule_evaluations:
- ignored: false
resolutions:
- context:
flow_name: v1-flow
trail_name: 21fad3d3c2929a5b0d99e734f41298c5f2a91dd1
type: rule_satisfied
rule:
definition:
exceptions: []
required: true
type: provenance
satisfied: true
- ignored: false
resolutions:
- context:
artifact_status: INCOMPLETE
flow_name: v1-flow
trail_name: 21fad3d3c2929a5b0d99e734f41298c5f2a91dd1
type: non_compliant_in_trail
rule:
definition:
exceptions: []
required: true
type: trail-compliance
satisfied: false
- ignored: false
resolutions:
- context:
flow_name: v1-flow
trail_name: 21fad3d3c2929a5b0d99e734f41298c5f2a91dd1
type: missing_attestation
rule:
definition:
must_be_compliant: true
name: '*'
type: snyk
type: attestation
satisfied: false
- ignored: false
resolutions:
- context:
flow_name: v1-flow
trail_name: 21fad3d3c2929a5b0d99e734f41298c5f2a91dd1
type: missing_attestation
rule:
definition:
must_be_compliant: true
name: unit-tests
type: '*'
type: attestation
satisfied: false
- ignored: false
resolutions:
- context:
flow_name: v1-flow
trail_name: 21fad3d3c2929a5b0d99e734f41298c5f2a91dd1
type: missing_attestation
rule:
definition:
must_be_compliant: true
name: person
type: custom:typed-person-with-evaluation
type: attestation
satisfied: false
status: NON-COMPLIANT
scope: environment
trail: 21fad3d3c2929a5b0d99e734f41298c5f2a91dd1
fastapi_app__errors__NotFoundResponse___locals___NotFoundResponseModel__29:
properties:
message:
type: string
title: Message
description: Error message
errors:
anyOf:
- additionalProperties:
type: string
type: object
- type: 'null'
title: Errors
description: Validation errors by field
type: object
required:
- message
title: NotFoundResponseModel
description: Artifact not found
examples:
- message: Artifact not found
ArtifactComplianceResultResponse:
properties:
artifact_fingerprint:
anyOf:
- type: string
- type: 'null'
title: Artifact Fingerprint
status:
type: string
title: Status
default: ''
is_compliant:
anyOf:
- type: boolean
- type: 'null'
title: Is Compliant
attestations_statuses:
items:
$ref: '#/components/schemas/AttestationComplianceStatusResponse'
type: array
title: Attestations Statuses
evaluated_at:
anyOf:
- type: number
- type: 'null'
title: Evaluated At
unexpected:
type: boolean
title: Unexpected
type: object
required:
- unexpected
title: ArtifactComplianceResultResponse
AssertArtifactFlowResponse:
properties:
flow:
type: string
pattern: ^[a-zA-Z0-9][a-zA-Z0-9\.\-_~]*$
title: Flow
description: The flow name of the artifact.
trail:
type: string
pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_.~]*$
title: Trail
description: The trail name of the artifact.
compliant:
type: boolean
title: Compliant
description: Whether the the artifact is compliant in the trail
compliance_status:
anyOf:
- $ref: '#/components/schemas/ArtifactComplianceResultResponse'
- type: 'null'
description: The compliance status of the artifact.
html_url:
type: string
title: Html Url
description: URL to view the artifact details in the web UI
type: object
required:
- flow
- trail
- compliant
- compliance_status
- html_url
title: AssertArtifactFlowResponse
PolicyEvaluationResponse:
properties:
policy_version:
type: integer
title: Policy Version
status:
type: string
enum:
- COMPLIANT
- NON-COMPLIANT
title: Status
rule_evaluations:
items:
$ref: '#/components/schemas/RuleEvaluationResponse'
type: array
title: Rule Evaluations
default: []
policy_name:
type: string
title: Policy Name
readOnly: true
type: object
required:
- policy_version
- status
- policy_name
title: PolicyEvaluationResponse
description: represents the result of evaluating one artifact against one policy
AllowlistInformation:
properties:
allowlist_id:
type: string
title: Allowlist Id
allowed_by_user_id:
type: string
title: Allowed By User Id
timestamp:
type: number
title: Timestamp
description:
type: string
title: Description
type: object
required:
- allowlist_id
- allowed_by_user_id
- timestamp
- description
title: AllowlistInformation
description: represents information about the allowlisting of an artifact
AttestationComplianceStatusResponse:
properties:
attestation_name:
type: string
title: Attestation Name
attestation_type:
anyOf:
- type: string
- type: 'null'
title: Attestation Type
status:
anyOf:
- type: string
- type: 'null'
title: Status
is_compliant:
anyOf:
- type: boolean
- type: 'null'
title: Is Compliant
unexpected:
type: boolean
title: Unexpected
type: object
required:
- attestation_name
- unexpected
title: AttestationComplianceStatusResponse
RuleEvaluationResponse:
properties:
rule:
$ref: '#/components/schemas/PolicyRuleDefinition'
satisfied:
anyOf:
- type: boolean
- type: 'null'
title: Satisfied
ignored:
anyOf:
- type: boolean
- type: 'null'
title: Ignored
default: false
resolutions:
items:
$ref: '#/components/schemas/RuleResolutionResponse'
type: array
title: Resolutions
default: []
type: object
required:
- rule
title: RuleEvaluationResponse
description: represents one policy rule evaluation result
PolicyRuleDefinition:
properties:
type:
type: string
enum:
- provenance
- trail-compliance
- attestation
title: Type
definition:
anyOf:
- $ref: '#/components/schemas/RequiredAttestationRule'
- $ref: '#/components/schemas/BooleanRule'
title: Definition
type: object
required:
- type
- definition
title: PolicyRuleDefinition
RuleResolutionResponse:
properties:
type:
type: string
enum:
- missing_attestation
- non_compliant_attestation
- non_compliant_in_trail
- no_provenance
- missing_provenance
- legacy_flow
- rule_satisfied
- rule_not_applicable
title: Type
context:
anyOf:
- $ref: '#/components/schemas/ContextResponse'
- type: 'null'
type: object
required:
- type
title: RuleResolutionResponse
RequiredAttestationRule:
properties:
if:
anyOf:
- $ref: '#/components/schemas/PolicyExpression'
- type: 'null'
name:
type: string
title: Name
default: '*'
type:
anyOf:
- type: string
enum:
- generic
- junit
- snyk
- pull_request
- jira
- sonar
- type: string
pattern: ^custom:.*$
- type: string
const: '*'
title: Type
must_be_compliant:
type: boolean
title: Must Be Compliant
default: true
additionalProperties: false
type: object
required:
- type
title: RequiredAttestationRule
BooleanRule:
properties:
required:
type: boolean
title: Required
default: false
exceptions:
items:
$ref: '#/components/schemas/ConditionalRule'
type: array
title: Exceptions
default: []
additionalProperties: false
type: object
title: BooleanRule
ContextResponse:
properties:
flow_name:
anyOf:
- type: string
- type: 'null'
title: Flow Name
trail_name:
anyOf:
- type: string
- type: 'null'
title: Trail Name
artifact_status:
anyOf:
- type: string
- type: 'null'
title: Artifact Status
type: object
title: ContextResponse
PolicyExpression:
properties:
text:
type: string
title: Text
type: object
required:
- text
title: PolicyExpression
ConditionalRule:
properties:
if:
anyOf:
- $ref: '#/components/schemas/PolicyExpression'
- type: 'null'
additionalProperties: false
type: object
title: ConditionalRule
securitySchemes:
HTTPBearer:
type: http
scheme: bearer
````