> ## Documentation Index
> Fetch the complete documentation index at: https://docs.kosli.com/llms.txt
> Use this file to discover all available pages before exploring further.
## Submitting Feedback
If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback:
POST https://docs.kosli.com/feedback
```json
{
"path": "/client_reference/kosli_assert_artifact",
"feedback": "Description of the issue"
}
```
Only submit feedback when you have something specific and actionable to report.
# kosli assert artifact
> Assert the compliance status of an artifact in Kosli. There are three ways to choose what to assert against:
1. Against an environment. When `--environment` is specified, asserts against all poli...
## Synopsis
```shell theme={"theme":"dracula","languages":{"custom":["/languages/rego.json"]}}
kosli assert artifact [IMAGE-NAME | FILE-PATH | DIR-PATH] [flags]
```
Assert the compliance status of an artifact in Kosli.
There are three ways to choose what to assert against:
1. Against an environment. When `--environment` is specified,
asserts against all policies currently attached to the given environment.
2. Against one or more policies. When `--policy` is specified,
asserts against all the given policies.
3. Against flow templates. When neither `--environment` nor `--policy`
is specified, asserts against the template files of the flows the artifact
is found in.
`--environment` and `--policy` are mutually exclusive.
`--flow` can be combined with any of the above to narrow the lookup
to a specific flow. Without `--flow`, all flows containing the artifact
(by fingerprint) are considered.
Exits with zero code if the artifact has compliant status,
non-zero code if non-compliant status.
## Flags
| Flag | Description |
| :------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| -t, --artifact-type string | The type of the artifact to calculate its SHA256 fingerprint. One of: \[oci, docker, file, dir]. Only required if you want Kosli to calculate the fingerprint for you (i.e. when you don't specify '--fingerprint' on commands that allow it). |
| -D, --dry-run | \[optional] Run in dry-run mode. When enabled, no data is sent to Kosli and the CLI exits with 0 exit code regardless of any errors. |
| --environment string | The Kosli environment name to assert the artifact against. |
| -x, --exclude strings | \[optional] The comma separated list of directories and files to exclude from fingerprinting. Can take glob patterns. Only applicable for --artifact-type dir. |
| -F, --fingerprint string | \[conditional] The SHA256 fingerprint of the artifact. Only required if you don't specify '--artifact-type'. |
| -f, --flow string | The Kosli flow name. |
| -h, --help | help for artifact |
| -o, --output string | \[defaulted] The format of the output. Valid formats are: \[table, json]. (default "table") |
| --policy strings | \[optional] policy name (can be specified multiple times) |
| --registry-password string | \[conditional] The container registry password or access token. Only required if you want to read container image SHA256 digest from a remote container registry. |
| --registry-username string | \[conditional] The container registry username. Only required if you want to read container image SHA256 digest from a remote container registry. |
## Flags inherited from parent commands
| Flag | Description |
| :------------------------ | :---------------------------------------------------------------------------------------------------------- |
| -a, --api-token string | The Kosli API token. |
| -c, --config-file string | \[optional] The Kosli config file path. (default "kosli") |
| --debug | \[optional] Print debug logs to stdout. A boolean flag [docs](/faq/#boolean-flags) (default false) |
| -H, --host string | \[defaulted] The Kosli endpoint. (default "[https://app.kosli.com](https://app.kosli.com)") |
| --http-proxy string | \[optional] The HTTP proxy URL including protocol and port number. e.g. `http://proxy-server-ip:proxy-port` |
| -r, --max-api-retries int | \[defaulted] How many times should API calls be retried when the API host is not reachable. (default 3) |
| --org string | The Kosli organization. |
## Live Examples in different CI systems
View an example of the `kosli assert artifact` command in GitHub.
In [this YAML file](https://github.com/cyber-dojo/differ/blob/30dffd09c3f896a322c65029247abcea3019c43a/.github/workflows/main.yml#L329)
View an example of the `kosli assert artifact` command in GitLab.
In [this YAML file](https://gitlab.com/cyber-dojo/creator/-/blob/b3152a10de1f36b7dbe2818c0918af06fd3aca61/.gitlab/workflows/main.yml#L153)
## Examples Use Cases
These examples all assume that the flags `--api-token`, `--org`, `--host`, (and `--flow`, `--trail` when required), are [set/provided](/getting_started/install/#assigning-flags-via-environment-variables).
```shell theme={"theme":"dracula","languages":{"custom":["/languages/rego.json"]}}
kosli assert artifact
--fingerprint 184c799cd551dd1d8d5c5f9a5d593b2e931f5e36122ee5c793c1d08a19839cc0
--environment prod
```
```shell theme={"theme":"dracula","languages":{"custom":["/languages/rego.json"]}}
kosli assert artifact
--fingerprint 184c799cd551dd1d8d5c5f9a5d593b2e931f5e36122ee5c793c1d08a19839cc0
--policy has-approval,has-been-integration-tested
```
```shell theme={"theme":"dracula","languages":{"custom":["/languages/rego.json"]}}
export KOSLI_FLOW=yourFlowName
kosli assert artifact
--fingerprint 184c799cd551dd1d8d5c5f9a5d593b2e931f5e36122ee5c793c1d08a19839cc0
```
```shell theme={"theme":"dracula","languages":{"custom":["/languages/rego.json"]}}
unset KOSLI_FLOW
kosli assert artifact library/nginx:1.21
--artifact-type docker
```