Create Evidence CLI - Sample Commands

Artifact evidence sample

jf evd create --subject-repo-path example-generic/file.txt --subject-sha256 7afd53a30794391969dd598dcae4daecd123ec7059b801c62a53c51b1ff17c21 --key private.pem --key-alias my-key-alias --predicate predicate.json --predicate-type https://jfrog.com/evidence/approval/v1 --provider-id gradle

In the sample above, the command creates a signed evidence file with a predicate type of SLSA provenance for an artifact named file.txt. The evidence was provided by Gradle.

Package evidence sample

jf evd create --predicate /Users/jsmith/Downloads/code-review.json --predicate-type https://in-toto.io/attestation/vulns --package-name DockerPackage --package-version 1.0.0 --package-repo-name local-docker --key /Users/jsmith/Documents/keys/private.pem --key-alias xyzey

Build evidence sample

jf evd create --predicate /Users/jsmith/Downloads/code-review.json --predicate-type https://in-toto.io/attestation/vulns --build-name DockerBuild --build-number 1.0.0 --key /Users/jsmith/Documents/keys/private.pem --key-alias xyzey

Release Bundle v2 evidence sample

jf evd create --predicate /Users/jsmith/Downloads/code-review.json --predicate-type https://in-toto.io/attestation/vulns --release-bundle bundledemo --release-bundle-version 1.0.0 --key /Users/jsmith/Documents/keys/private.pem --key-alias xyzey 

Application version evidence sample

jf evd create --predicate /Users/jsmith/Downloads/code-review.json --predicate-type https://in-toto.io/attestation/vulns --application-key green-pizza --application-version 1.2.4 --key /Users/jsmith/Documents/keys/private.pem --key-alias xyzey 

Sigstore Bundle evidence sample

jf evd create --sigstore-bundle bundle.json