intoto stop

Snapshot output files at the end of a pipeline step and upload the signed link

Synopsis

Record the cryptographic hashes of all output files (products) after a pipeline step finishes, sign the link with the DevGuard token, and upload it to DevGuard.

This is the second half of the start/stop pair. The signed link proves which files existed before and after this step, and that this specific token (CI identity) performed it.

Examples

Options

Options inherited from parent commands

Have feedback? We want to hear from you!

Fields marked with * are required