tldr/pages/common/in-toto-run.md

# in-toto-run

> Generating link metadata while carrying out a supply chain step.
> More information: <https://in-toto.readthedocs.io/en/latest/command-line-tools/in-toto-run.html>.

- Tag a Git repo and signing the resulting link file:

`in-toto-run {{[-n|--step-name]}} {{tag}} {{[-p|--products]}} {{.}} -k {{key_file}} -- {{git tag v1.0}}`

- Create a tarball, storing files as materials and the tarball as product:

`in-toto-run {{[-n|--step-name]}} {{package}} {{[-m|--materials]}} {{project}} {{[-p|--products]}} {{project.tar.gz}} -- {{tar czf project.tar.gz project}}`

- Generate signed attestations for review work:

`in-toto-run {{[-n|--step-name]}} {{review}} -k {{key_file}} {{[-m|--materials]}} {{document.pdf}} {{[-x|--no-command]}}`

- Scan the image using Trivy and generate link file:

`in-toto-run {{[-n|--step-name]}} {{scan}} -k {{key_file}} {{[-p|--products]}} {{report.json}} -- {{/bin/sh -c "trivy --output report.json --format json <IMAGE>"}}`
in-toto-run: add page 2021-10-20 21:52:47 +03:00			`# in-toto-run`

			`> Generating link metadata while carrying out a supply chain step.`
			`> More information: <https://in-toto.readthedocs.io/en/latest/command-line-tools/in-toto-run.html>.`

pages: fix brand and technical names (#12145) pages: fix Python, Java, pacman, apt, zip, xz, tar, git, RPM and grep names pages: fix brand and technical names Co-authored-by: Lena <126529524+acuteenvy@users.noreply.github.com> fluxctl, gitmoji, in-toto-run, osv-scanner: replace `git` with Git * bzegrep: enclose egrep with backticks Co-authored-by: Sebastiaan Speck <12570668+sebastiaanspeck@users.noreply.github.com> * git-bug: use Git instead of `git` Co-authored-by: Sebastiaan Speck <12570668+sebastiaanspeck@users.noreply.github.com> * git-bug: use Git instead of `git` Co-authored-by: Sebastiaan Speck <12570668+sebastiaanspeck@users.noreply.github.com> * git-force-clone: use Git instead of `git` Co-authored-by: Sebastiaan Speck <12570668+sebastiaanspeck@users.noreply.github.com> * gitwatch: use Git instead of `git` Co-authored-by: Sebastiaan Speck <12570668+sebastiaanspeck@users.noreply.github.com> * hub-init: use Git instead of `git` Co-authored-by: Sebastiaan Speck <12570668+sebastiaanspeck@users.noreply.github.com> * pages.*: use Linux instead of GNU/Linux --------- Co-authored-by: Lena <126529524+acuteenvy@users.noreply.github.com> Co-authored-by: Sebastiaan Speck <12570668+sebastiaanspeck@users.noreply.github.com> 2024-01-30 01:46:32 -03:00			`- Tag a Git repo and signing the resulting link file:`
in-toto-run: add page 2021-10-20 21:52:47 +03:00
common/*: add option placeholders part 2 (#16217) 2025-04-22 15:48:30 +03:00			`in-toto-run {{[-n\|--step-name]}} {{tag}} {{[-p\|--products]}} {{.}} -k {{key_file}} -- {{git tag v1.0}}`
in-toto-run: add page 2021-10-20 21:52:47 +03:00
			`- Create a tarball, storing files as materials and the tarball as product:`

common/*: add option placeholders part 2 (#16217) 2025-04-22 15:48:30 +03:00			`in-toto-run {{[-n\|--step-name]}} {{package}} {{[-m\|--materials]}} {{project}} {{[-p\|--products]}} {{project.tar.gz}} -- {{tar czf project.tar.gz project}}`
in-toto-run: add page 2021-10-20 21:52:47 +03:00
			`- Generate signed attestations for review work:`

common/*: add option placeholders part 2 (#16217) 2025-04-22 15:48:30 +03:00			`in-toto-run {{[-n\|--step-name]}} {{review}} -k {{key_file}} {{[-m\|--materials]}} {{document.pdf}} {{[-x\|--no-command]}}`
in-toto-run: add page 2021-10-20 21:52:47 +03:00
			`- Scan the image using Trivy and generate link file:`

in-toto-run, pueue-add, x8, ippeveps, pasuspender, screenkey: fix nested placeholders (#17255) 2025-07-18 18:32:46 +03:00			`in-toto-run {{[-n\|--step-name]}} {{scan}} -k {{key_file}} {{[-p\|--products]}} {{report.json}} -- {{/bin/sh -c "trivy --output report.json --format json <IMAGE>"}}`