kosli report evidence artifact generic #

kosli report evidence artifact generic is deprecated. See kosli attest commands. Deprecated commands will be removed in a future release.

Synopsis #

Report generic evidence to an artifact in a Kosli flow.
The artifact SHA256 fingerprint is calculated (based on the --artifact-type flag and the artifact name/path argument) or can be provided directly (with the --fingerprint flag).

kosli report evidence artifact generic [IMAGE-NAME | FILE-PATH | DIR-PATH] [flags]

Flags #

Flag Description
-t, --artifact-type string The type of the artifact to calculate its SHA256 fingerprint. One of: [docker, file, dir]. Only required if you want Kosli to calculate the fingerprint for you (i.e. when you don't specify '--fingerprint' on commands that allow it).
-b, --build-url string The url of CI pipeline that generated the evidence. (defaulted in some CIs: https://docs.kosli.com/ci-defaults ).
-C, --compliant [defaulted] Whether the evidence is compliant or not. A boolean flag https://docs.kosli.com/faq/#boolean-flags (default true)
-d, --description string [optional] The evidence description.
-D, --dry-run [optional] Run in dry-run mode. When enabled, no data is sent to Kosli and the CLI exits with 0 exit code regardless of any errors.
--evidence-fingerprint string [optional] The SHA256 fingerprint of the evidence file or dir.
-e, --evidence-paths strings [optional] The comma-separated list of paths containing supporting proof for the reported evidence. Paths can be for files or directories. All provided proofs will be uploaded to Kosli's evidence vault.
--evidence-url string [optional] The external URL where the evidence file or dir is stored.
-x, --exclude strings [optional] The comma separated list of directories and files to exclude from fingerprinting. Can take glob patterns. Only applicable for --artifact-type dir.
-F, --fingerprint string [conditional] The SHA256 fingerprint of the artifact. Only required if you don't specify '--artifact-type'.
-f, --flow string The Kosli flow name.
-h, --help help for generic
-n, --name string The name of the evidence.
--registry-password string [conditional] The docker registry password or access token. Only required if you want to read docker image SHA256 digest from a remote docker registry.
--registry-provider string [conditional] The docker registry provider or url. Only required if you want to read docker image SHA256 digest from a remote docker registry.
--registry-username string [conditional] The docker registry username. Only required if you want to read docker image SHA256 digest from a remote docker registry.
-u, --user-data string [optional] The path to a JSON file containing additional data you would like to attach to the evidence.

Flags inherited from parent commands #

Flag Description
-a, --api-token string The Kosli API token.
-c, --config-file string [optional] The Kosli config file path. (default "kosli")
--debug [optional] Print debug logs to stdout. A boolean flag https://docs.kosli.com/faq/#boolean-flags (default false)
-H, --host string [defaulted] The Kosli endpoint. (default "https://app.kosli.com")
--http-proxy string [optional] The HTTP proxy URL including protocol and port number. e.g. 'http://proxy-server-ip:proxy-port'
-r, --max-api-retries int [defaulted] How many times should API calls be retried when the API host is not reachable. (default 3)
--org string The Kosli organization.

Examples Use Cases #

report a generic evidence about a pre-built docker image

kosli report evidence artifact generic yourDockerImageName \
	--api-token yourAPIToken \
	--artifact-type docker \
	--build-url https://exampleci.com \
	--name yourEvidenceName \
	--org yourOrgName \
	--flow yourFlowName

report a generic evidence about a directory type artifact

kosli report evidence artifact generic /path/to/your/dir \
	--api-token yourAPIToken \
	--artifact-type dir \
	--build-url https://exampleci.com \
	--name yourEvidenceName \
	--org yourOrgName	\
	--flow yourFlowName

report a generic evidence about an artifact with a provided fingerprint (sha256)

kosli report evidence artifact generic \
	--api-token yourAPIToken \
	--build-url https://exampleci.com \	
	--name yourEvidenceName \
	--org yourOrgName \
	--flow yourFlowName \
	--fingerprint yourArtifactFingerprint

report a generic evidence about an artifact with evidence file upload

kosli report evidence artifact generic \
	--api-token yourAPIToken \
	--build-url https://exampleci.com \	
	--name yourEvidenceName \
	--org yourOrgName \
	--flow yourFlowName \
	--fingerprint yourArtifactFingerprint \
	--evidence-paths=yourEvidencePathName

report a generic evidence about an artifact with evidence file upload via API

curl -X 'POST' \
	'https://app.kosli.com/api/v2/evidence/yourOrgName/artifact/yourFlowName/generic' \
	-H 'accept: application/json' \
	-H 'Content-Type: multipart/form-data' \
	-F 'evidence_json={
  	  "artifact_fingerprint": "yourArtifactFingerprint",
	  "name": "yourEvidenceName",
      "build_url": "https://exampleci.com",
      "is_compliant": true
    }' \
	-F 'evidence_file=@yourEvidencePathName'

Get started for FREE!
Sign up with GitHub.
Easy!

Sign up

Share your feedback on the docs so we can make them easier for you to use

Join the Slack Community

Stuck with something?

We have an open Slack channel where you can get in touch with the Kosli team and other users.

Ask the Kosli Slack community

Email support

Kosli Logo
© 2023 Kosli Inc.
kosli.com
Privacy
Contact Kosli
Pricing
Blog
About
Consent preferences