You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs.kosli.com/content/tutorials/attest_snyk.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,10 +13,10 @@ Snyk scans analyze your source code, docker images and IaC source for security i
13
13
14
14
In this tutorial, we will see how you can run and attest different types of Snyk scans to Kosli. We will run the scans on the [Kosli CLI git repo](https://github.com/kosli-dev/cli).
15
15
16
-
{{<hintinfo>}}
16
+
{{% hint info %}}
17
17
While snyk attestations can be bound to a trail or an artifact in a trail, this tutorial
18
18
demonstrates it only on trails for simplicity.
19
-
{{</hint>}}
19
+
{{% /hint %}}
20
20
21
21
## Getting ready
22
22
@@ -46,9 +46,9 @@ We will start by creating a flow in Kosli to contain Trails and Artifacts for th
46
46
kosli create flow snyk-demo --use-empty-template
47
47
```
48
48
49
-
{{<hintinfo>}}
49
+
{{% hint info %}}
50
50
`--use-empty-template` indicates that this flow does not have a predefined set of required attestations.
51
-
{{</hint>}}
51
+
{{% /hint %}}
52
52
53
53
Then, we can start a trail to bind our snyk attestations to.
54
54
@@ -58,10 +58,10 @@ kosli begin trail test-1 --flow snyk-demo
58
58
59
59
Now we can start running Snyk scans and attest them to this trail.
60
60
61
-
{{<hintinfo>}}
61
+
{{% hint info %}}
62
62
After each attestation in the sections below, you can navigate to:
63
63
**https://app.kosli.com/\<your-personal-org-name\>/flows/snyk-demo/trails/test-1** to view the status of the trail in Kosli.
64
-
{{</hint>}}
64
+
{{% /hint %}}
65
65
66
66
## Snyk Open source scan
67
67
@@ -74,9 +74,9 @@ snyk test --sarif-file-output=os.json
Copy file name to clipboardExpand all lines: docs.kosli.com/content/tutorials/evaluate_trails_with_opa.md
+10-10Lines changed: 10 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -23,9 +23,9 @@ To follow this tutorial, you need to:
23
23
export KOSLI_API_TOKEN=<your-api-token>
24
24
```
25
25
26
-
{{<hintinfo>}}
26
+
{{% hint info %}}
27
27
You don't need OPA installed — the Kosli CLI has a built-in Rego evaluator. You just need to write a `.rego` policy file.
28
-
{{</hint>}}
28
+
{{% /hint %}}
29
29
30
30
## Step 2: Write a policy
31
31
@@ -58,13 +58,13 @@ Let's break down what this policy does:
58
58
***`violations`** — a set of messages describing why the policy failed. The rule iterates over trails, then over pull requests within the `pull-request` attestation, looking for PRs where `approvers` is empty.
59
59
***`allow`** — trails are allowed only when there are no violations.
60
60
61
-
{{<hintinfo>}}
61
+
{{% hint info %}}
62
62
**Policy contract** — these are Kosli-specific conventions, not OPA built-ins:
63
63
64
64
***`package policy`** — required. Kosli queries `data.policy.*` to find your rules.
65
65
***`allow`** — required. Must evaluate to a **boolean**. Kosli exits with code 0 when `true`, code 1 when `false`.
66
66
***`violations`** — optional but recommended. Must be a **set of strings**, where each string is a human-readable reason the policy failed. Kosli displays these when `allow` is `false`.
67
-
{{</hint>}}
67
+
{{% /hint %}}
68
68
69
69
## Step 3: Evaluate multiple trails
70
70
@@ -153,9 +153,9 @@ RESULT: ALLOWED
153
153
154
154
The trail has zero high-severity vulnerabilities, so the policy allows it.
155
155
156
-
{{<hintinfo>}}
156
+
{{% hint info %}}
157
157
When writing a policy for `kosli evaluate trail`, reference `input.trail` (a single object). For `kosli evaluate trails`, reference `input.trails` (an array). The data shapes differ, so use separate policies for each command.
158
-
{{</hint>}}
158
+
{{% /hint %}}
159
159
160
160
## Step 5: Explore the policy input with --show-input
161
161
@@ -196,9 +196,9 @@ kosli evaluate trail \
196
196
]
197
197
```
198
198
199
-
{{<hintinfo>}}
199
+
{{% hint info %}}
200
200
Use the `--attestations` flag to limit which attestations are enriched with full detail. The flag filters by **attestation name** (not type). For example, `--attestations pull-request` fetches only details for attestations named `pull-request`, which speeds up evaluation and reduces noise when exploring the input.
201
-
{{</hint>}}
201
+
{{% /hint %}}
202
202
203
203
## Step 6: Use in CI/CD
204
204
@@ -268,9 +268,9 @@ This creates a generic attestation on the trail with:
268
268
***`--user-data`** containing the violations, which appear in the Kosli UI as
269
269
structured metadata on the attestation
270
270
271
-
{{<hintwarning>}}
271
+
{{% hint warning %}}
272
272
Use `--compliant=value` (with `=`) not `--compliant value` (with a space). Boolean
273
273
flags in Kosli CLI require the `=` syntax when passing `false` — otherwise `false`
0 commit comments