Skip to main content

Documentation Index

Fetch the complete documentation index at: https://kosli-mintlify-rotate-api-keys-tutorial.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Synopsis

kosli assert artifact [IMAGE-NAME | FILE-PATH | DIR-PATH] [flags]
Assert the compliance status of an artifact in Kosli. There are three ways to choose what to assert against:
  1. Against an environment. When --environment is specified, asserts against all policies currently attached to the given environment.
  2. Against one or more policies. When --policy is specified, asserts against all the given policies.
  3. Against flow templates. When neither --environment nor --policy is specified, asserts against the template files of the flows the artifact is found in.
--environment and --policy are mutually exclusive. --flow can be combined with any of the above to narrow the lookup to a specific flow. Without --flow, all flows containing the artifact (by fingerprint) are considered. Exits with zero code if the artifact has compliant status, non-zero code if non-compliant status.

Flags

FlagDescription
-t, --artifact-type stringThe type of the artifact to calculate its SHA256 fingerprint. One of: [oci, docker, file, dir]. Only required if you want Kosli to calculate the fingerprint for you (i.e. when you don’t specify ‘--fingerprint’ on commands that allow it).
-D, --dry-run[optional] Run in dry-run mode. When enabled, no data is sent to Kosli and the CLI exits with 0 exit code regardless of any errors.
--environment stringThe Kosli environment name to assert the artifact against.
-x, --exclude strings[optional] The comma separated list of directories and files to exclude from fingerprinting. Can take glob patterns. Only applicable for --artifact-type dir.
-F, --fingerprint string[conditional] The SHA256 fingerprint of the artifact. Only required if you don’t specify ‘--artifact-type’.
-f, --flow stringThe Kosli flow name.
-h, --helphelp for artifact
-o, --output string[defaulted] The format of the output. Valid formats are: [table, json]. (default “table”)
--policy strings[optional] policy name (can be specified multiple times)
--registry-password string[conditional] The container registry password or access token. Only required if you want to read container image SHA256 digest from a remote container registry.
--registry-username string[conditional] The container registry username. Only required if you want to read container image SHA256 digest from a remote container registry.

Flags inherited from parent commands

FlagDescription
-a, --api-token stringThe Kosli API token.
-c, --config-file string[optional] The Kosli config file path. (default “kosli”)
--debug[optional] Print debug logs to stdout.
-H, --host string[defaulted] The Kosli endpoint. (default “https://app.kosli.com”)
--http-proxy string[optional] The HTTP proxy URL including protocol and port number. e.g. http://proxy-server-ip:proxy-port
-r, --max-api-retries int[defaulted] How many times should API calls be retried when the API host is not reachable. (default 3)
--org stringThe Kosli organization.
-q, --quiet[optional] Suppress non-critical warning messages. Errors and normal output are not affected. If both --quiet and --debug are set, --debug wins.

Live Examples in different CI systems

View an example of the kosli assert artifact command in GitHub.In this YAML file

Examples Use Cases

These examples all assume that the flags --api-token, --org, --host, (and --flow, --trail when required), are set/provided. 
kosli assert artifact 
	--fingerprint 184c799cd551dd1d8d5c5f9a5d593b2e931f5e36122ee5c793c1d08a19839cc0 
	--environment prod 


kosli assert artifact 
	--fingerprint 184c799cd551dd1d8d5c5f9a5d593b2e931f5e36122ee5c793c1d08a19839cc0 
	--policy has-approval,has-been-integration-tested 


export KOSLI_FLOW=yourFlowName
kosli assert artifact 
	--fingerprint 184c799cd551dd1d8d5c5f9a5d593b2e931f5e36122ee5c793c1d08a19839cc0 


unset KOSLI_FLOW
kosli assert artifact library/nginx:1.21 
	--artifact-type docker
Last modified on May 18, 2026