Red Hat Summitこのコンテンツは選択した言語では利用できません。
Standalone CLIs
Explore the standalone CLIs you can use with Red Hat Advanced Developer Suite - software supply chain.
Abstract
Preface
Several standalone CLIs are available to you as part of Red Hat Advanced Developer Suite - software supply chain through its components and related products.
With the help of the standalone CLIs, you can customize the CI experience, along with automating and securing the process of building and testing your applications. You can enhance the software supply chain security by, for example, running enhanced security checks, signing and verifying your software artifacts, managing compliance with security policies, or generating SBOMs.
You can use these CLI tools with an instance of RHADS - SSC running on an OpenShift cluster, or you can install them on your workstation to build and test your applications locally in a more automated and secure way.
Chapter 1. Overview of Red Hat Advanced Developer Suite - software supply chain standalone CLI programs
You can use five command line interface (CLI) programs as part of Red Hat Advanced Developer Suite - software supply chain (RHADS - SSC) to enhance the security and compliance in your software supply chain.
These standalone CLI programs are shipped with Red Hat products that are either components or dependencies of RHADS - SSC:
Red Hat Trusted Artifact Signer (RHTAS) is a security tool that signs and attests software artifacts. You can install it simultaneously with RHADS - SSC or later using the Operator Lifecycle Manager. RHTAS provides access to these CLI tools:
Red Hat Trusted Profile Analyzer (RHTPA) automates the creation of software bills of materials (SBOMs) and helps you manage them. You can choose to install RHTPA during the RHADS - SSC installation. The CLI tool used for SBOMs generation is:
Red Hat Advanced Cluster Security (RHACS) is automatically installed and configured during the RHADS - SSC installation. RHACS tools thoroughly scan software artifacts to identify and address vulnerabilities at an early stage. The CLI available with RHACS is:
To check that a CLI binary is available for your architecture, view Chapter 2. Architectures
1.1. CLI programs available with RHTAS
The binaries of the Cosign, Rekor, and Conforma CLI programs are shipped as components of RHTAS. After you have installed RHTAS, you can download these binaries from the OpenShift cluster by using the OpenShift web console.
Cosign
cosign is a tool for signing container images and verifying the signatures.
-
For
cosigninstallation and usage, refer to the Signing and verifying containers by using Cosign from the command-line interface RHTAS guide. - For more instructions on signing container images with cosign, refer to Managing compliance with Conforma in RHADS - SSC docs.
Rekor
The rekor tool is a data log that stores metadata of signed software artifacts and provides transparency for signatures of those artifacts. With the Rekor CLI, you can make, verify, and query entries in the Rekor transparency log.
-
To install
rekorand query the transparency log, refer to the Rekor-related procedures in the RHTAS Deployment guide.
Conforma
Conforma is a tool that enhances security of software supply chains. You can use it to define and enforce security policies for building and testing container images. Conforma is the Red Hat-supported build of the upstream open source project Conforma.
- For the Conforma CLI installation and usage, refer to Verifying signatures on container images with Conforma.
- For more information, refer to the Managing compliance with Conforma RHADS - SSC guide.
- For full upstream Conforma documentation, refer to the community-run Conforma Documentation website.
1.2. CLI used with RHTPA
Syft
Syft is a CLI tool for generating Software Bill of Materials (SBOMs) for container images or your local file systems. It provides detailed information about packages, libraries, and dependencies of your software or file systems. Transparency on the software composition helps you secure your software supply chain and manage vulnerabilities.
Syft is distributed as a standalone container image through Red Hat Ecosystem Catalog. The container image is available for AMD64 architecture on Linux.
- To download the Syft image, view the Get this image instructions.
- To use Syft on architectures other than AMD64, install the upstream version of Syft.
- To create SBOMs with Syft, refer to Creating a software bill of materials manifest file.
- To inspect and manage SBOMs, refer to Inspecting your SBOM using Red Hat Trusted Profile Analyzer.
1.3. CLI used with RHACS
roxctl
roxctl is a CLI for running commands on RHACS. RHADS - SSC pipelines can run three roxctl tasks, including scanning your container images for vulnerabilities and checking the build-time violations of your security policies in container images and YAML deployment files.
-
To learn more about
roxctltasks in the RHADS - SSC pipeline runs, refer to Red Hat Advanced Cluster Security tasks. -
To install the
roxctlbinary, refer to the roxctl CLI guide in the RHACS docs.
Chapter 2. Architectures
Red Hat Advanced Developer Suite - software supply chain (RHADS - SSC) standalone CLI programs are available for these architectures:
| Architectures | Cosign, Rekor, Conforma, roxctl | Syft |
|---|---|---|
| Linux | ||
| x86_64 | yes | yes |
| arm64 | yes | |
| ppc64le | yes | |
| s390x | yes | |
| MacOS | ||
| x86_64 | yes | |
| arm64 | yes | |
| Windows | ||
| x86_64 | yes | |
To use Syft on architectures other than x86_64 on Linux, install the upstream version of Syft.
Revised on 2026-02-04 23:24:20 UTC
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}