kosli evaluate trail #
Synopsis #
kosli evaluate trail TRAIL-NAME [flags]
Evaluate a trail against a policy.
Fetch a single trail from Kosli and evaluate it against a Rego policy using OPA.
The trail data is passed to the policy as input.trail.
Use --attestations to enrich the input with detailed attestation data
(e.g. pull request approvers, scan results). Use --show-input to inspect the
full data structure available to the policy. Use --output json for structured output.
Flags #
| Flag | Description |
|---|---|
| --attestations strings | [optional] Limit which attestations are included. Plain name for trail-level, dot-qualified (artifact.name) for artifact-level. |
| -f, --flow string | The Kosli flow name. |
| -h, --help | help for trail |
| -o, --output string | [defaulted] The format of the output. Valid formats are: [table, json]. (default "table") |
| -p, --policy string | Path to a Rego policy file to evaluate against the trail. |
| --show-input | [optional] Include the policy input data in the output. |
Flags inherited from parent commands #
| Flag | Description |
|---|---|
| -a, --api-token string | The Kosli API token. |
| -c, --config-file string | [optional] The Kosli config file path. (default "kosli") |
| --debug | [optional] Print debug logs to stdout. A boolean flag https://docs.kosli.com/faq/#boolean-flags (default false) |
| -H, --host string | [defaulted] The Kosli endpoint. (default "https://app.kosli.com") |
| --http-proxy string | [optional] The HTTP proxy URL including protocol and port number. e.g. 'http://proxy-server-ip:proxy-port' |
| -r, --max-api-retries int | [defaulted] How many times should API calls be retried when the API host is not reachable. (default 3) |
| --org string | The Kosli organization. |
Examples Use Cases #
These examples all assume that the flags --api-token, --org, --host, (and --flow, --trail when required), are set/provided.
evaluate a trail against a policy #
kosli evaluate trail yourTrailName
--policy yourPolicyFile.rego
evaluate a trail with attestation enrichment #
kosli evaluate trail yourTrailName
--policy yourPolicyFile.rego
--attestations pull-request
evaluate a trail and show the policy input data #
kosli evaluate trail yourTrailName
--policy yourPolicyFile.rego
--show-input
--output json
