commands.sh

in-toto-run

all

Generating link metadata while carrying out a supply chain step.

More info →

Options (4)

-n, --step-nameboolean

Tag a Git repo and signing the resulting link file

Example: in-toto-run {{[-n|--step-name]}} {{tag}} {{[-p|--products]}} {{.}} --signing-key {{key_file}} -- {{git tag v1.0}}
-p, --productsboolean

Tag a Git repo and signing the resulting link file

Example: in-toto-run {{[-n|--step-name]}} {{tag}} {{[-p|--products]}} {{.}} --signing-key {{key_file}} -- {{git tag v1.0}}
-m, --materialsboolean

Create a tarball, storing files as materials and the tarball as product

Example: in-toto-run {{[-n|--step-name]}} {{package}} {{[-m|--materials]}} {{project}} {{[-p|--products]}} {{project.tar.gz}} -- {{tar czf project.tar.gz project}}
-x, --no-commandboolean

Generate signed attestations for review work

Example: in-toto-run {{[-n|--step-name]}} {{review}} --signing-key {{key_file}} {{[-m|--materials]}} {{document.pdf}} {{[-x|--no-command]}}

Examples (4)

Tag a Git repo and signing the resulting link file

in-toto-run [-n|--step-name] tag [-p|--products] . --signing-key key_file -- git tag v1.0

Create a tarball, storing files as materials and the tarball as product

in-toto-run [-n|--step-name] package [-m|--materials] project [-p|--products] project.tar.gz -- tar czf project.tar.gz project

Generate signed attestations for review work

in-toto-run [-n|--step-name] review --signing-key key_file [-m|--materials] document.pdf [-x|--no-command]

Scan the image using Trivy and generate link file

in-toto-run [-n|--step-name] scan --signing-key key_file [-p|--products] report.json -- /bin/sh -c "trivy --output report.json --format json path/to/image"
made by @shridhargupta | data from tldr-pages