Skip to main content

Getting Started

Getting started with Cimon is as simple as introducing a single step in the pipeline. You run Cimon whenever you create an artifact you want to create the attestation for.

- name: Cimon Attest
uses: cycodelabs/cimon-action/attest@v0
with:
subjects: |
dist/artifact1
dist/artifact2
sign-key: private-key.pem

Read more about GitHub Actions integration here.

Cycode Authentication

Cycode Capabilities

Authenticating is optional for Cycode customers to enhance Cimon's capabilities. You can read more about it here.

The Cimon API key consists of two values: client-id and secret, and can be generated from the Cycode service accounts page.

These values should be saved in a secure secret manager titled CIMON_CLIENT_ID and CLIENT_SECRET. For example, this is how it should look in the GitHub Actions secret manager:

Once tokens are installed securely, Cimon can be invoked as follows:

- uses: cycodelabs/cimon-action@v0
with:
client-id: ${{ secrets.CIMON_CLIENT_ID }}
secret: ${{ secrets.CIMON_SECRET }}

Read More

Dive deeper into Cimon Attest's capabilities by reading the following topics: