The ec
tool is used to evaluate Enterprise Contract policies for Software
Supply Chain. Various sub-commands can be used to assert facts about an artifact
such as:
- Validating container image signature
- Validating container image provenance
- Evaluating Enterprise Contract policies over the container image provenance
- Fetching artifact authorization
Consult the documentation for available sub-commands, descriptions and examples of use.
Run make build
from the root directory and use the dist/ec
executable, or
run make dist
to build for all supported architectures.
Run make test
to run the unit tests, and make acceptance
to run the
acceptance tests.
Run make lint
to check for linting issues, and make lint-fix
to fix linting
issues (formatting, import order, ...).
Run hack/demo.sh
to evaluate the policy against images that have been
built ahead of time. Or use hack/test-builds.sh hacbs
from the
https://github.com/redhat-appstudio/build-definitions/ repository with
the Tekton Chains controller from the poc-tep-84
branch, e.g. via the
image built here: https://github.com/hacbs-contract/chains/pkgs/container/chains%2Fcontroller/?tag=poc-tep-84