valint_download
valint download
Downloads the evidence based on cache
valint download [TARGET] [flags]
Optional flags
Flags for download subcommand
| Short | Long | Description | Default |
|---|---|---|---|
| --beautify | Enhance the output using ANSI and Unicode characters | ||
| --folder-path | Folder to download the evidences of the given target | ||
| -o | --format | Evidence format, options=[attest-cyclonedx-json attest-slsa statement-slsa statement-cyclonedx-json statement-generic attest-generic ] | |
| -h | --help | help for download | |
| -I | --initiative-report | Download Initiative result report | |
| --md | Output Initiative result markdown report file | ||
| --payload | path of the decoded payload | ||
| --ref | Evidence store refrence | ||
| --store | Select evidence store |
Global options flags
Flags for all valint subcommands
| Short | Long | Description | Default |
|---|---|---|---|
| --cache-enable | Enable local cache | true | |
| -c | --config | Configuration file path | |
| -C | --context-type | CI context type, options=[jenkins github circleci azure gitlab travis tekton bitbucket teamcity local admission] | |
| --deliverable | Mark as deliverable, options=[true, false] | ||
| -e | --env | Environment keys to include in evidence | |
| --gate-name | Policy Gate name | ||
| -G | --gate-type | Policy Gate type | |
| --input | Input Evidence target, format (<parser>:<file> or <scheme>:<name>:<tag>) | ||
| -L | --label | Add Custom labels | |
| --level | Log depth level, options=[panic fatal error warning info debug trace] | ||
| --log-context | Attach context to all logs | ||
| --log-file | Output log to file | ||
| -d | --output-directory | Output directory path | "${XDG_CACHE_HOME}/valint" |
| -O | --output-file | Output file name | |
| -p | --pipeline-name | Pipeline name | |
| --predicate-type | Custom Predicate type (generic evidence format) | "http://scribesecurity.com/evidence/generic/v0.1" | |
| -n | --product-key | Product Key | |
| -V | --product-version | Product Version | |
| -q | --quiet | Suppress all logging output | |
| -U | --scribe.client-id | Scribe Client ID (deprecated) | |
| -P | --scribe.client-secret | Scribe Client Token | |
| -D | --scribe.disable | Disable scribe client | |
| -E | --scribe.enable | Enable scribe client (deprecated) | |
| -u | --scribe.url | Scribe API Url | "https://api.scribesecurity.com" |
| -s | --show | Print evidence to stdout | |
| --structured | Enable structured logger | ||
| --timeout | Timeout duration | "120s" | |
| -v | --verbose | Log verbosity level [-v,--verbose=1] = info, [-vv,--verbose=2] = debug |
Examples for running valint download
valint download <target>
<target> Target object name format=[<image:tag>, <dir path>, <git url>, <file path]
valint download alpine:latest download default (cyclonedxjson) sbom downloads to cache
valint download alpine:latest --format statement download sbom with specified format
valint download alpine:latest --format statement --output-file <path> download sbom with specified format in the specified output file
valint download --ref <ref> download sbom by ref (default storer is cache)
valint download --ref <ref> --store <storer> download sbom by ref and storer
valint download --ref <ref> --store <storer> --output-file <path> download sbom by ref and storer in the specified output directory
valint download alpine:latest --payload <path> download evidence payload in the specified output file.
Format-aliases:
* json=attest-cyclonedx-json
* predicate=predicate-cyclonedx-json
* statement=statement-cyclonedx-json
* attest=attest-cyclonedx-json
Storers:
* cache
* scribe
For example, to retrieve the SBOM from signed evidence:
valint bom alpine:latest -o attest
valint download alpine:latest --payload <path>
For example, to retrieve third-party evidence from unsigned evidence:
valint evidence some_file.json
valint download some_file.json -o statement-generic --payload <path>
SEE ALSO
- valint - Validate Supply Chain Integrity