> ## Documentation Index
> Fetch the complete documentation index at: https://docs.kosli.com/llms.txt
> Use this file to discover all available pages before exploring further.
## Submitting Feedback
If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback:
POST https://docs.kosli.com/feedback
```json
{
"path": "/client_reference/kosli_attest_pullrequest_github",
"feedback": "Description of the issue"
}
```
Only submit feedback when you have something specific and actionable to report.
# kosli attest pullrequest github
> Report a Github pull request attestation to an artifact or a trail in a Kosli flow.
## Synopsis
```shell theme={"theme":"dracula","languages":{"custom":["/languages/rego.json"]}}
kosli attest pullrequest github [IMAGE-NAME | FILE-PATH | DIR-PATH] [flags]
```
Report a Github pull request attestation to an artifact or a trail in a Kosli flow.
It checks if a pull request exists for a given merge commit and reports the pull-request attestation to Kosli.
The attestation can be bound to a *trail* using the trail name.
The attestation can be bound to an *artifact* in two ways:
* using the artifact's SHA256 fingerprint which is calculated (based on the `--artifact-type` flag and the artifact name/path argument) or can be provided directly (with the `--fingerprint` flag).
* using the artifact's name in the flow yaml template and the git commit from which the artifact is/will be created. Useful when reporting an attestation before creating/reporting the artifact.
## Flags
| Flag | Description |
| :------------------------------------ | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| --annotate stringToString | \[optional] Annotate the attestation with data using key=value. |
| -t, --artifact-type string | The type of the artifact to calculate its SHA256 fingerprint. One of: \[oci, docker, file, dir]. Only required if you want Kosli to calculate the fingerprint for you (i.e. when you don't specify '--fingerprint' on commands that allow it). |
| --assert | \[optional] Exit with non-zero code if no pull requests found for the given commit. |
| --attachments strings | \[optional] The comma-separated list of paths of attachments for the reported attestation. Attachments can be files or directories. All attachments are compressed and uploaded to Kosli's evidence vault. |
| -g, --commit string | the git merge commit to be checked for associated pull requests. |
| --description string | \[optional] attestation description |
| -D, --dry-run | \[optional] Run in dry-run mode. When enabled, no data is sent to Kosli and the CLI exits with 0 exit code regardless of any errors. |
| -x, --exclude strings | \[optional] The comma separated list of directories and files to exclude from fingerprinting. Can take glob patterns. Only applicable for --artifact-type dir. |
| --external-fingerprint stringToString | \[optional] A SHA256 fingerprint of an external attachment represented by --external-url. The format is label=fingerprint (labels cannot contain '.' or '='). This flag can be set multiple times. There must be an external url with a matching label for each external fingerprint. |
| --external-url stringToString | \[optional] Add labeled reference URL for an external resource. The format is label=url (labels cannot contain '.' or '='). This flag can be set multiple times. If the resource is a file or dir, you can optionally add its fingerprint via --external-fingerprint |
| -F, --fingerprint string | \[conditional] The SHA256 fingerprint of the artifact to attach the attestation to. Only required if the attestation is for an artifact and --artifact-type and artifact name/path are not used. |
| -f, --flow string | The Kosli flow name. |
| --github-base-url string | \[optional] GitHub base URL (only needed for GitHub Enterprise installations). |
| --github-org string | Github organization. (defaulted if you are running in GitHub Actions: [docs](/integrations/ci_cd) ). |
| --github-token string | Github token. |
| -h, --help | help for github |
| -n, --name string | The name of the attestation as declared in the flow or trail yaml template. |
| -o, --origin-url string | \[optional] The url pointing to where the attestation came from or is related. (defaulted to the CI url in some CIs: [docs](/integrations/ci_cd/#defaulted-kosli-command-flags-from-ci-variables) ). |
| --redact-commit-info strings | \[optional] The list of commit info to be redacted before sending to Kosli. Allowed values are one or more of \[author, message, branch]. |
| --registry-password string | \[conditional] The container registry password or access token. Only required if you want to read container image SHA256 digest from a remote container registry. |
| --registry-username string | \[conditional] The container registry username. Only required if you want to read container image SHA256 digest from a remote container registry. |
| --repo-id string | \[conditional] The stable, unique identifier for the repository in your VCS provider (e.g. a numeric ID). Do not use the repository name as it can change if the repo is renamed. All three of --repo-id, --repo-url and --repository must be set to record repository information (defaulted in some CIs: [docs](/integrations/ci_cd) ). |
| --repo-provider string | \[optional] The source code hosting provider. One of: github, gitlab, bitbucket, azure-devops (defaulted in some CIs: [docs](/integrations/ci_cd) ). |
| --repo-root string | \[defaulted] The directory where the source git repository is available. Only used if --commit is used or defaulted in CI, see [docs](/integrations/ci_cd/#defaulted-kosli-command-flags-from-ci-variables) . (default ".") |
| --repo-url string | \[conditional] The URL of the repository. Must be a valid URL. All three of --repo-id, --repo-url and --repository must be set to record repository information (defaulted in some CIs: [docs](/integrations/ci_cd) ). |
| --repository string | \[conditional] The name of the repository (e.g. owner/repo-name). All three of --repo-id, --repo-url and --repository must be set to record repository information (defaulted in some CIs: [docs](/integrations/ci_cd) ). |
| -T, --trail string | The Kosli trail name. |
| -u, --user-data string | \[optional] The path to a JSON file containing additional data you would like to attach to the attestation. |
## Flags inherited from parent commands
| Flag | Description |
| :------------------------ | :---------------------------------------------------------------------------------------------------------- |
| -a, --api-token string | The Kosli API token. |
| -c, --config-file string | \[optional] The Kosli config file path. (default "kosli") |
| --debug | \[optional] Print debug logs to stdout. A boolean flag [docs](/faq/#boolean-flags) (default false) |
| -H, --host string | \[defaulted] The Kosli endpoint. (default "[https://app.kosli.com](https://app.kosli.com)") |
| --http-proxy string | \[optional] The HTTP proxy URL including protocol and port number. e.g. `http://proxy-server-ip:proxy-port` |
| -r, --max-api-retries int | \[defaulted] How many times should API calls be retried when the API host is not reachable. (default 3) |
| --org string | The Kosli organization. |
## Live Examples in different CI systems
View an example of the `kosli attest pullrequest github` command in GitHub.
In [this YAML file](https://github.com/cyber-dojo/differ/blob/30dffd09c3f896a322c65029247abcea3019c43a/.github/workflows/main.yml#L95), which created [this Kosli Event](https://app.kosli.com/cyber-dojo/flows/differ-ci/trails/30dffd09c3f896a322c65029247abcea3019c43a?attestation_id=a3c84fec-c679-4536-83df-35d25f2d).
## Examples Use Cases
These examples all assume that the flags `--api-token`, `--org`, `--host`, (and `--flow`, `--trail` when required), are [set/provided](/getting_started/install/#assigning-flags-via-environment-variables).
```shell theme={"theme":"dracula","languages":{"custom":["/languages/rego.json"]}}
kosli attest pullrequest github yourDockerImageName
--artifact-type docker
--name yourAttestationName
--github-token yourGithubToken
--github-org yourGithubOrg
--commit yourArtifactGitCommit
--repository yourGithubGitRepository
```
```shell theme={"theme":"dracula","languages":{"custom":["/languages/rego.json"]}}
kosli attest pullrequest github
--fingerprint yourDockerImageFingerprint
--name yourAttestationName
--github-token yourGithubToken
--github-org yourGithubOrg
--commit yourArtifactGitCommit
--repository yourGithubGitRepository
```
```shell theme={"theme":"dracula","languages":{"custom":["/languages/rego.json"]}}
kosli attest pullrequest github
--name yourAttestationName
--github-token yourGithubToken
--github-org yourGithubOrg
--commit yourArtifactGitCommit
--repository yourGithubGitRepository
```
```shell theme={"theme":"dracula","languages":{"custom":["/languages/rego.json"]}}
kosli attest pullrequest github
--name yourTemplateArtifactName.yourAttestationName
--github-token yourGithubToken
--github-org yourGithubOrg
--commit yourArtifactGitCommit
--repository yourGithubGitRepository
```
```shell theme={"theme":"dracula","languages":{"custom":["/languages/rego.json"]}}
kosli attest pullrequest github
--name yourAttestationName
--github-token yourGithubToken
--github-org yourGithubOrg
--commit yourArtifactGitCommit
--repository yourGithubGitRepository
--attachments=yourAttachmentPathName
```
```shell theme={"theme":"dracula","languages":{"custom":["/languages/rego.json"]}}
kosli attest pullrequest github
--name yourTemplateArtifactName.yourAttestationName
--github-token yourGithubToken
--github-org yourGithubOrg
--commit yourArtifactGitCommit
--repository yourGithubGitRepository
--assert
```