HiveBrain v1.2.0
Get Started
← Back to all entries
snippetbashTip

in-toto-run — Generating link metadata while carrying out a supply chain step. More information: <https://in-toto.

Submitted by: @import:tldr-pages··
0
Viewed 0 times
whilecommandlinkmetadatacligeneratingin-toto-runcarrying

Problem

How to use the in-toto-run command: Generating link metadata while carrying out a supply chain step. More information: <https://in-toto.readthedocs.io/en/latest/command-line-tools/in-toto-run.html>.

Solution

in-toto-run — Generating link metadata while carrying out a supply chain step. More information: <https://in-toto.readthedocs.io/en/latest/command-line-tools/in-toto-run.html>.

Tag a Git repo and signing the resulting link file:
in-toto-run {{[-n|--step-name]}} {{tag}} {{[-p|--products]}} {{.}} --signing-key {{key_file}} -- {{git tag v1.0}}


Create a tarball, storing files as materials and the tarball as product:
in-toto-run {{[-n|--step-name]}} {{package}} {{[-m|--materials]}} {{project}} {{[-p|--products]}} {{project.tar.gz}} -- {{tar czf project.tar.gz project}}


Generate signed attestations for review work:
in-toto-run {{[-n|--step-name]}} {{review}} --signing-key {{key_file}} {{[-m|--materials]}} {{document.pdf}} {{[-x|--no-command]}}


Scan the image using Trivy and generate link file:
in-toto-run {{[-n|--step-name]}} {{scan}} --signing-key {{key_file}} {{[-p|--products]}} {{report.json}} -- /bin/sh -c "trivy --output report.json --format json {{path/to/image}}"

Code Snippets

Tag a Git repo and signing the resulting link file

in-toto-run {{[-n|--step-name]}} {{tag}} {{[-p|--products]}} {{.}} --signing-key {{key_file}} -- {{git tag v1.0}}

Create a tarball, storing files as materials and the tarball as product

in-toto-run {{[-n|--step-name]}} {{package}} {{[-m|--materials]}} {{project}} {{[-p|--products]}} {{project.tar.gz}} -- {{tar czf project.tar.gz project}}

Generate signed attestations for review work

in-toto-run {{[-n|--step-name]}} {{review}} --signing-key {{key_file}} {{[-m|--materials]}} {{document.pdf}} {{[-x|--no-command]}}

Scan the image using Trivy and generate link file

in-toto-run {{[-n|--step-name]}} {{scan}} --signing-key {{key_file}} {{[-p|--products]}} {{report.json}} -- /bin/sh -c "trivy --output report.json --format json {{path/to/image}}"

Context

tldr-pages: common/in-toto-run

Revisions (0)

No revisions yet.