Menu :

TL;DR

in-toto-run

Generating link metadata while carrying out a supply chain step. More information: https://in-toto.readthedocs.io/en/latest/command-line-tools/in-toto-run.html.

Tag a Git repo and signing the resulting link file:

in-toto-run -n tag --products . -k key_file -- git tag v1.0

Create a tarball, storing files as materials and the tarball as product:

in-toto-run -n package -m project -p project.tar.gz -- tar czf project.tar.gz project

Generate signed attestations for review work:

in-toto-run -n review -k key_file -m document.pdf -x

Scan the image using Trivy and generate link file:

in-toto-run -n scan -k key_file -p report.json -- /bin/sh -c "trivy -o report.json -f json <IMAGE>"

This document was created using the contents of the tldr project.

a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
others