System Grab Bag

View all TLDR pages from common (or from all pages)

in-toto-run

Generating link metadata while carrying out a supply chain step. More information: https://in-toto.readthedocs.io/en/latest/command-line-tools/in-toto-run.html.
  • Tag a git repo and signing the resulting link file:
    in-toto-run -n {{tag}} --products {{.}} -k {{key_file}} -- {{git tag v1.0}}
  • Create a tarball, storing files as materials and the tarball as product:
    in-toto-run -n {{package}} -m {{project}} -p {{project.tar.gz}} -- {{tar czf project.tar.gz project}}
  • Generate signed attestations for review work:
    in-toto-run -n {{review}} -k {{key_file}} -m {{document.pdf}} -x
  • Scan the image using Trivy and generate link file:
    in-toto-run -n {{scan}} -k {{key_file}} -p {{report.json}} -- {{/bin/sh -c "trivy -o report.json -f json <IMAGE>"}}

License and Disclaimer

The content on this page is copyright © 2014—present the tldr-pages team and contributors.
This page is used with permission under Creative Commons Attribution 4.0 International License.

While we do attempt to make sure content is accurate, there isn't a warranty of any kind.