ec

Conforma CLI

Synopsis

Conforma CLI

Secure your software supply chain by validating that your artifacts meet security and compliance requirements. Conforma helps you verify the authenticity and integrity of container images, build processes, and deployment pipelines.

Whether you’re ensuring images are properly signed, validating build attestations comply with your organization’s policies, or checking that Tekton tasks follow security best practices, Conforma provides the tools you need to establish trust in your software delivery process.

Key capabilities: • Verify signatures and attestations on container images • Validate SLSA provenance to ensure secure build processes • Enforce compliance policies across your development workflow • Generate detailed reports for audit and compliance purposes • Support for custom validation rules to meet your specific requirements

Use Conforma to implement "trust but verify" practices in your CI/CD pipeline, ensuring that only secure, compliant artifacts make it to production.

Have feedback or want to contribute? Visit https://conforma.dev/contribute/ to join our community, report issues, or help improve Conforma.

ec [flags]

Options

--debug

same as verbose but also show function names and line numbers (Default: false)

-h, --help

help for ec (Default: false)

--kubeconfig

path to the Kubernetes config file to use

--logfile

file to write the logging output. If not specified logging output will be written to stderr

--quiet

less verbose output (Default: false)

--timeout

max overall execution duration (Default: 5m0s)

--trace

enable trace logging, set one or more comma separated values: none,all,perf,cpu,mem,opa,log (Default: none)

--verbose

more verbose output (Default: false)

Options inherited from parent commands

See also