kosli fingerprint

Synopsis

kosli fingerprint {IMAGE-NAME | FILE-PATH | DIR-PATH} [flags]

Calculate the SHA256 fingerprint of an artifact. Requires --artifact-type flag to be set. Artifact type can be one of: “file” for files, “dir” for directories, “oci” for container images in registries or “docker” for local docker images. Fingerprinting container images can be done using the local docker daemon or the fingerprint can be fetched from a remote registry. When fingerprinting a ‘dir’ artifact, you can exclude certain paths from fingerprint calculation using the --exclude flag. Excluded paths are relative to the DIR-PATH and can be literal paths or glob patterns. With a directory structure like this foo/bar/zam/file.txt if you are calculating the fingerprint of foo/bar you need to exclude zam/file.txt which is relative to the DIR-PATH. The supported glob pattern syntax is what is documented here: https://pkg.go.dev/path/filepath#Match , plus the ability to use recursive globs ”**” If the directory structure contains a symbolic link to a file (for example, a link ‘from/this/file’ and a target of ‘to/another/file’) then:

the name of the link (‘from/this/file’) is included in the fingerprint.
the name of the link (‘from/this/file’) is subject to .kosli_ignore entries.
the name of the target (‘to/another/file’) is not included in the fingerprint.
the content of target is included in the fingerprint, even if the target is outside the root directory being fingerprinted.

If the directory structure contains a symbolic link to a directory (for example, a link ‘from/this/dir’ and a target of ‘to/another/dir’) then:

the name of the link (‘from/this/dir’) is included in the fingerprint.
the name of the link (‘from/this/dir’) is subject to .kosli_ignore entries.
the name of the target (‘to/another/dir’) is included in the fingerprint, even if the target is outside the root directory being fingerprinted.
the name of the target (‘to/another/dir’) is not subject to .kosli_ignore entries.
the content of the target is not included in the fingerprint.

To specify paths in a directory artifact that should always be excluded from the SHA256 calculation, you can add a .kosli_ignore file to the root of the artifact. Each line should specify a relative path or path glob to be ignored. You can include comments in this file, using #. The .kosli_ignore will be treated as part of the artifact like any other file, unless it is explicitly ignored itself.

Flags

Flag	Description
-t, —artifact-type string	The type of the artifact to calculate its SHA256 fingerprint. One of: [oci, docker, file, dir]. Only required if you want Kosli to calculate the fingerprint for you (i.e. when you don’t specify ‘—fingerprint’ on commands that allow it).
-x, —exclude strings	[optional] The comma separated list of directories and files to exclude from fingerprinting. Can take glob patterns. Only applicable for —artifact-type dir.
-h, —help	help for fingerprint
—registry-password string	[conditional] The container registry password or access token. Only required if you want to read container image SHA256 digest from a remote container registry.
—registry-username string	[conditional] The container registry username. Only required if you want to read container image SHA256 digest from a remote container registry.

Flags inherited from parent commands

Flag	Description
-a, —api-token string	The Kosli API token.
-c, —config-file string	[optional] The Kosli config file path. (default “kosli”)
—debug	[optional] Print debug logs to stdout. A boolean flag docs (default false)
-H, —host string	[defaulted] The Kosli endpoint. (default “https://app.kosli.com”)
—http-proxy string	[optional] The HTTP proxy URL including protocol and port number. e.g. ‘http://proxy-server-ip:proxy-port’
-r, —max-api-retries int	[defaulted] How many times should API calls be retried when the API host is not reachable. (default 3)
—org string	The Kosli organization.

Live Examples in different CI systems

GitHub

View an example of the kosli fingerprint command in GitHub.In this YAML file

Examples Use Cases

These examples all assume that the flags --api-token, --org, --host, (and --flow, --trail when required), are set/provided.

fingerprint a file

kosli fingerprint --artifact-type file file.txt

fingerprint a dir

kosli fingerprint --artifact-type dir mydir

fingerprint a dir while excluding paths `mydir/logs` and `mydir/*.exe`

kosli fingerprint --artifact-type dir --exclude logs --exclude *.exe mydir

fingerprint a dir while excluding all `.pyc` files

kosli fingerprint --artifact-type dir  --exclude **/*.pyc mydir

fingerprint a dir while excluding paths in `.kosli_ignore` file

echo bar/file.txt > mydir/.kosli_ignore
kosli fingerprint --artifact-type dir mydir

fingerprint a locally available docker image (requires docker daemon running)

kosli fingerprint --artifact-type docker nginx:latest

fingerprint a public image from a remote registry

kosli fingerprint --artifact-type oci nginx:latest

fingerprint a private image from a remote registry

kosli fingerprint --artifact-type oci private:latest \
  --registry-username YourUsername \
  --registry-password YourPassword

General

kosli allow

kosli archive

kosli assert

kosli attest

kosli begin

kosli create

kosli diff

kosli disable / enable

kosli evaluate

kosli get

kosli join

kosli list

kosli log

kosli rename

kosli report

kosli request

kosli snapshot

Deprecated

Synopsis

Flags

Flags inherited from parent commands

Live Examples in different CI systems

Examples Use Cases

General

kosli allow

kosli archive

kosli assert

kosli attest

kosli begin

kosli create

kosli diff

kosli disable / enable

kosli evaluate

kosli get

kosli join

kosli list

kosli log

kosli rename

kosli report

kosli request

kosli snapshot

Deprecated

​Synopsis

​Flags

​Flags inherited from parent commands

​Live Examples in different CI systems

​Examples Use Cases

Synopsis

Flags

Flags inherited from parent commands

Live Examples in different CI systems

Examples Use Cases