Skip to main content

GitLab CI

Cimon Attest

In GitLab CI, Cimon Attest is performed using the CLI. In the first step, you must install Cimon CLI and then attest the artifact that is created.

variables:
CIMON_CLIENT_ID: $CIMON_CLIENT_ID
CIMON_SECRET: $CIMON_SECRET

unsigned_provenance:
variables:
CIMON_SUBJECTS: |
dist/artifact1
dist/artifact2

before_script:
# Download Cimon
curl -sSfL https://cimon-releases.s3.amazonaws.com/install.sh | sh

script:
# Build Artifacts
mkdir dist
echo artifact1 > dist/artifact1
echo artifact2 > dist/artifact2

# Cimon Attest
./bin/cimon attest

after_script:
# Print Provenance
cat provenance.intoto.jsonl

Explanation:

variables:
CIMON_CLIENT_ID: $CIMON_CLIENT_ID
CIMON_SECRET: $CIMON_SECRET

Cimon receives input parameters through environment variables.

# Download Cimon
curl -sSfL https://cimon-releases.s3.amazonaws.com/install.sh | sh

Installing Cimon tooling. More info for installation options can be found in CLI integration page.

# Build Artifacts
mkdir dist
echo artifact1 > dist/artifact1
echo artifact2 > dist/artifact2

Creating artifacts. This is build-specific, and we just used stub artifacts for the process demonstration.

# Cimon Attest
./bin/cimon attest

Attesting the artifacts given through input variables. These can be configured through the CLI parameters.

# Print Provenance
cat provenance.intoto.jsonl

Printing the attestation according to the default path. This can be configured through the CLI parameters.

Usage

The supported parameters that could be supplied to Cimon are explained in the CLI integration.