When notarizing an asset you can add attachments to the transaction:
$ vcn n artifact --attach attachment1:label1 --attach attachment2:label1 --attach attachment3:label2
This is especially useful when running a CI pipeline in multiple steps and each step provides a different result that should be attached (i. e. vulnerability scanner result, compliance scanner result, dependency scanner result).
To retrieve these attachments you can either use the notarization transaction uid or the labels. When using the uid all attachments of the specific notarization transaction will be downloaded.
$ vcn a go.sum --lc-uid 1624700334893475066 --output attachments
When using labels you can either download a specific attachment or all attachments with the same label.
$ vcn a go.sum --attach attachment2:label1 --output attachments $ vcn a go.sum --attach label1 --output attachments
Another example that shows the artifact attachment's download across all notarizations. Upload attachments one at a time:
$ vcn n asset.bin --attach file1.txt:labelXYZ $ vcn n asset.bin --attach file2.txt:labelXYZ $ vcn n asset.bin --attach file3.txt:labelXYZ
Downloads all attached files
$ vcn a asset.bin --attach labelXYZ --output attachments
The label-only command --attach label1 downloads the latest version of all attachments that have the requested label. Existing files will not be overwritten. In case you want to download and overwrite existing files use the `--force` flag. If there are multiple versions of a specific attachment the file will be downloaded with an enumerated postfix.
$ vcn a go.sum --attach lab1 --output attachments --force
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article