Standalone CLIs


Red Hat Trusted Application Pipeline 1.3

Explore the standalone CLIs you can use with Red Hat Trusted Application Pipeline.

Red Hat Trusted Application Pipeline Documentation Team

Abstract

This document provides information about the standalone CLIs you can use with Red Hat Trusted Application Pipeline to customize, automate, and secure your software supply chain.

Preface

Several standalone CLIs are available to you as part of Red Hat Trusted Application Pipeline through its components and related products.

With the help of the standalone CLIs, you can customize the CI experience, along with automating and securing the process of building and testing your applications. You can enhance the software supply chain security by, for example, running enhanced security checks, signing and verifying your software artifacts, managing compliance with security policies, or generating SBOMs.

You can use these CLI tools with an instance of RHTAP running on an OpenShift cluster, or you can install them on your workstation to build and test your applications locally in a more automated and secure way.

Chapter 1. Overview of RHTAP standalone CLIs

You can use five standalone CLIs with RHTAP. They’re shipped with Red Hat products that are either components or dependencies of RHTAP:

To check that a CLI binary is available for your architecture, view Chapter 2. Architectures

1.1. CLIs available with RHTAS

The binaries of the Cosign, Rekor, and EC CLIs are shipped as components of RHTAS. After you’ve installed RHTAS, you can download these binaries from the OpenShift cluster using the OpenShift web console.

Cosign

cosign is a tool for signing container images and verifying the signatures.

Rekor

The rekor tool is a data log that stores metadata of signed software artifacts and provides transparency for signatures of those artifacts. With the Rekor CLI, you can make, verify, and query entries in the Rekor transparency log.

EC

Enterprise Contract (EC) is a tool that enhances security of software supply chains. You can use it to define and enforce security policies for building and testing container images.

1.2. CLI used with RHTPA

Syft

Syft is a CLI tool for generating Software Bill of Materials (SBOMs) for container images or your local file systems. It provides detailed information about packages, libraries, and dependencies of your software or file systems. Transparency on the software composition helps you secure your software supply chain and manage vulnerabilities.

Syft is distributed as a standalone container image through Red Hat Ecosystem Catalog. The container image is available for AMD64 architecture on Linux.

1.3. CLI used with ACS

roxctl

roxctl is a CLI tool that performs comprehensive security checks. This tool is available to RHTAP users through ACS. RHTAP pipelines can run three roxctl tasks: roxctl can scan your container images for vulnerabilities and check the build-time violations of your security policies in container images and YAML deployment files.

Chapter 2. Architectures

RHTAP standalone CLIs are available for these architectures:

ArchitecturesCosign, Rekor, EC, roxctlSyft

Linux

x86_64

yes

yes

arm64

yes

 

ppc64le

yes

 

s390x

yes

 

MacOS

x86_64

yes

 

arm64

yes

 

Windows

x86_64

yes

 
Note

To use Syft on architectures other than x86_64 on Linux, install the upstream version of Syft.





Revised on 2024-12-13 16:47:44 UTC

Legal Notice

Copyright © 2024 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.