Conforma CLI
The Conforma CLI is used to verify signatures and evaluate policies for Software Supply Chain artifacts. Various sub-commands can be used to assert facts about an artifact such as:
-
Validating container image signature
-
Validating container image provenance
-
Evaluating policies over the container image provenance
This documentation includes Conforma Command Line reference documentation, and documentation on the Verify Enterprise Contract Task used to run Conforma in a Tekton pipeline.