kosli assert artifact #

Synopsis #

Assert the compliance status of an artifact in Kosli.
Exits with non-zero code if the artifact has a non-compliant status.

kosli assert artifact [IMAGE-NAME | FILE-PATH | DIR-PATH] [flags]

Flags #

Flag Description
-t, --artifact-type string [conditional] The type of the artifact to calculate its SHA256 fingerprint. One of: [docker, file, dir]. Only required if you don't specify '--fingerprint'.
-D, --dry-run [optional] Run in dry-run mode. When enabled, no data is sent to Kosli and the CLI exits with 0 exit code regardless of any errors.
-x, --exclude strings [optional] The comma separated list of directories and files to exclude from fingerprinting. Can take glob patterns. Only applicable for --artifact-type dir.
-F, --fingerprint string [conditional] The SHA256 fingerprint of the artifact. Only required if you don't specify '--artifact-type'.
-f, --flow string The Kosli flow name.
-h, --help help for artifact
--registry-password string [conditional] The docker registry password or access token. Only required if you want to read docker image SHA256 digest from a remote docker registry.
--registry-provider string [conditional] The docker registry provider or url. Only required if you want to read docker image SHA256 digest from a remote docker registry.
--registry-username string [conditional] The docker registry username. Only required if you want to read docker image SHA256 digest from a remote docker registry.

Options inherited from parent commands #

Flag Description
-a, --api-token string The Kosli API token.
-c, --config-file string [optional] The Kosli config file path. (default "kosli")
--debug [optional] Print debug logs to stdout. A boolean flag https://docs.kosli.com/faq/#boolean-flags (default false)
-H, --host string [defaulted] The Kosli endpoint. (default "https://app.kosli.com")
-r, --max-api-retries int [defaulted] How many times should API calls be retried when the API host is not reachable. (default 3)
--org string The Kosli organization.

Examples #


# fail if an artifact has a non-compliant status (using the artifact fingerprint)
kosli assert artifact \
	--fingerprint 184c799cd551dd1d8d5c5f9a5d593b2e931f5e36122ee5c793c1d08a19839cc0 \
	--flow yourFlowName \
	--api-token yourAPIToken \
	--org yourOrgName 

# fail if an artifact has a non-compliant status (using the artifact name and type)
kosli assert artifact library/nginx:1.21 \
	--artifact-type docker \
	--flow yourFlowName \
	--api-token yourAPIToken \
	--org yourOrgName