rekor-cli
Rekor-cli is a command line tool used for interacting with the Rekor project. It provides a simple way to perform various operations related to software supply chain security. Rekor is an open-source project developed by the CNCF (Cloud Native Computing Foundation) to verify the provenance of software components and detect any tampering in the supply chain. With rekor-cli, you can submit software artifacts to Rekor's transparency log, which provides an immutable record of all submissions. It supports multiple types of evidence, including SPDX files, in-toto attestations, and SLSA metadata. Using rekor-cli, you can also query the transparency log to verify the integrity of software components by providing their cryptographic hashes. Rekor-cli offers functionality to verify signatures on attestations and export the transparency log in various formats, such as JSON and CSV. It allows you to search for specific submissions or retrieve the latest information about an artifact. Rekor-cli is a powerful tool that helps developers ensure the security and trustworthiness of the software components they use.
List of commands for rekor-cli:
-
rekor-cli:tldr:5cbe2 rekor-cli: Get information regarding entries in the Transparency Log.$ rekor-cli get --uuid=${0e81b4d9299e2609e45b5c453a4c0e7820ac74e02c4935a8b830d104632fd2d1}try on your machineexplain this command
-
rekor-cli:tldr:7a6ef rekor-cli: Search the Rekor index to find entries by a specific hash.$ rekor-cli search --sha ${6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b}try on your machineexplain this command
-
rekor-cli:tldr:9fc6b rekor-cli: Search the Rekor index to find entries by Artifact.$ rekor-cli search --artifact ${filename-ext}try on your machineexplain this command
-
rekor-cli:tldr:e6c3f rekor-cli: Upload an artifact to Rekor.$ rekor-cli upload --artifact ${filename-ext} --signature ${filename-ext-sig} --pki-format=${x509} --public-key=${path-to-key-pub}try on your machineexplain this command