kosli pipeline artifact report evidence snyk #

Synopsis #

Report Snyk vulnerability scan evidence for an artifact in a Kosli pipeline. The artifact SHA256 fingerprint is calculated (based on --artifact-type flag) or alternatively it can be provided directly (with --fingerprint flag).

kosli pipeline artifact report evidence snyk [IMAGE-NAME | FILE-PATH | DIR-PATH] [flags]

Flags #

Flag Description
-t, --artifact-type string [conditional] The type of the artifact to calculate its SHA256 fingerprint. One of: [docker, file, dir]. Only required if you don't specify '--sha256' or '--fingerprint'.
-b, --build-url string The url of CI pipeline that generated the evidence. (defaulted in some CIs: https://docs.kosli.com/ci-defaults ).
-D, --dry-run [optional] Run in dry-run mode. When enabled, no data is sent to Kosli and the CLI exits with 0 exit code regardless of any errors.
--evidence-fingerprint string The fingerprint of the evidence.
--evidence-url string The URL to the evidence.
-f, --fingerprint string [conditional] The SHA256 fingerprint of the artifact. Only required if you don't specify '--artifact-type'.
-h, --help help for snyk
-n, --name string The name of the evidence.
-p, --pipeline string The Kosli pipeline name.
--registry-password string [conditional] The docker registry password or access token. Only required if you want to read docker image SHA256 digest from a remote docker registry.
--registry-provider string [conditional] The docker registry provider or url. Only required if you want to read docker image SHA256 digest from a remote docker registry.
--registry-username string [conditional] The docker registry username. Only required if you want to read docker image SHA256 digest from a remote docker registry.
-R, --scan-results string The path to Snyk scan results Json file.
-u, --user-data string [optional] The path to a JSON file containing additional data you would like to attach to this evidence.

Options inherited from parent commands #

Flag Description
-a, --api-token string The Kosli API token.
-c, --config-file string [optional] The Kosli config file path. (default "kosli")
--debug [optional] Print debug logs to stdout.
-H, --host string [defaulted] The Kosli endpoint. (default "https://app.kosli.com")
-r, --max-api-retries int [defaulted] How many times should API calls be retried when the API host is not reachable. (default 3)
--owner string The Kosli user or organization.

Examples # 


# report Snyk vulnerability scan evidence about a file artifact:
kosli pipeline artifact report evidence snyk FILE.tgz \
	--artifact-type file \
	--name yourEvidenceName \
	--pipeline yourPipelineName \
	--build-url https://exampleci.com \
	--api-token yourAPIToken \
	--owner yourOrgName	\
	--scan-results yourSnykJSONScanResults

# report Snyk vulnerability scan evidence about an artifact using an available Sha256 digest:
kosli pipeline artifact report evidence snyk \
	--fingerprint yourSha256 \
	--name yourEvidenceName \
	--pipeline yourPipelineName \
	--build-url https://exampleci.com \
	--api-token yourAPIToken \
	--owner yourOrgName	\
	--scan-results yourSnykJSONScanResults

Get started for FREE!
Sign up with GitHub.
Easy!

Sign up

Share your feedback on the docs so we can make them easier for you to use

Join the Slack Community

Stuck with something?

We have an open Slack channel where you can get in touch with the Kosli team and other users.

Ask the Kosli Slack community

Email support

Kosli Logo
© 2023 Kosli Inc.
kosli.com
Privacy
Contact Kosli
Pricing
Blog
About
Consent preferences