https://github.com/stackloklabs/trusty-cli
A command line tool to interact with Trusty
https://github.com/stackloklabs/trusty-cli
Last synced: 3 months ago
JSON representation
A command line tool to interact with Trusty
- Host: GitHub
- URL: https://github.com/stackloklabs/trusty-cli
- Owner: StacklokLabs
- License: apache-2.0
- Created: 2024-07-19T18:31:26.000Z (10 months ago)
- Default Branch: main
- Last Pushed: 2024-07-22T17:42:57.000Z (10 months ago)
- Last Synced: 2024-07-23T20:37:59.041Z (10 months ago)
- Language: Go
- Size: 11.1 MB
- Stars: 0
- Watchers: 2
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Trusty CLI
A utility to do useful stuff with trusty data.
This tool collects POCs of applications that leverage Trusty data to supply chain
technologies.
⚠️ _Alpha Notice:_ ⚠️ This project is not yet meant to be stable. All output
and command line params are subject to change without notice.
## Usage
```
A CLI utility to do useful stuff with Trusty data.
Usage:
trusty [command]
Available Commands:
attest generate Trusty attestations from source code
completion Generate the autocompletion script for the specified shell
help Help about any command
sbom report dependency quality from an SBOM
version Prints the version
Flags:
-h, --help help for trusty
--log-level string the logging verbosity, either 'panic', 'fatal', 'error', 'warning', 'info', 'debug', 'trace' (default "info")
Use "trusty [command] --help" for more information about a command.
```
## Attest Trusty Data
The Trusty CLI can generate attestations capturing the scores of the dependencies
of a project. Attestations can be signed and bundled in sigstore bundle.
## SBOM Analysis
The CLI tool can read SBOMs and report data on dependencies found in the document.
The Trust CLI can export quality data to CSV files for further analysis in other
tools.