Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.kosli.com/llms.txt

Use this file to discover all available pages before exploring further.

In this tutorial, you’ll report a with kosli attest custom. You’ll see how to:
  • Bind the attestation to a trail or to an artifact — two alternative options for the same command.
  • Identify an artifact by letting Kosli fingerprint it (container image, file, or directory), or by passing a SHA256 fingerprint directly.
  • Attest before the artifact has been reported, using the artifact’s template name and a git commit.

Prerequisites

  • Install Kosli CLI and set the common env vars (KOSLI_API_TOKEN, KOSLI_ORG, KOSLI_FLOW, KOSLI_TRAIL).
  • A Kosli flow and trail — see the Getting started guide if you don’t have one.
  • A custom attestation type that already exists in your org. This is a hard requirement — kosli attest custom --type <name> will fail if <name> hasn’t been created yet.

1. Create the custom attestation type first

Before you can report a custom attestation, the type referenced by --type must already exist in your Kosli org. You have two ways to create it: For this tutorial we’ll create a minimal coverage-report type that requires a coverage field of at least 80: 
kosli create attestation-type coverage-report \
  --description "Code coverage report" \
  --jq '.coverage >= 80'
Prepare a JSON file with the data you want to attest. Save it as coverage.json: 
{ "coverage": 92, "tool": "pytest-cov" }
In every example below, this coverage.json is the value of --attestation-data.

2. Report the attestation

A custom attestation can be bound to either a trail or an artifact. Pick the option that matches what you want to attest about.
Use this when the evidence applies to the trail as a whole (e.g. overall test results, release readiness, change approval) and is not tied to a specific build artifact.
kosli attest custom \
  --type coverage-report \
  --name overall-coverage \
  --attestation-data coverage.json
--name must match an attestation declared in the flow or trail YAML template.

3. Attest before the artifact exists

You can report an attestation for an artifact that hasn’t been reported to Kosli yet. Reference the artifact by its template name from the flow YAML and pass --commit so Kosli can bind the attestation when the artifact is later reported. 
kosli attest custom \
  --type coverage-report \
  --name myArtifactTemplateName.overall-coverage \
  --commit $(git rev-parse HEAD) \
  --attestation-data coverage.json
The --name uses the dotted form <artifact-template-name>.<attestation-name>. --commit is required in this case so Kosli knows which future artifact this attestation belongs to.

4. Add an attachment (optional)

You can attach files or directories as evidence. They are compressed and stored in Kosli’s evidence vault. 
kosli attest custom \
  --type coverage-report \
  --name overall-coverage \
  --attestation-data coverage.json \
  --attachments ./coverage-report.html

What you’ve accomplished

You can now report a custom attestation in every relevant shape:
  • against a trail, or against an artifact (by fingerprint or by name + commit);
  • identifying the artifact via container image, file, directory, or a raw SHA256.
From here:
Last modified on May 23, 2026