Attachments

Created by Kristaps Felzenbergs, Modified on Fri, 15 Dec, 2023 at 12:17 AM by Kristaps Felzenbergs

When notarizing an asset you can add attachments to the transaction:

$ vcn n artifact --attach attachment1:label1 --attach attachment2:label1 --attach attachment3:label2

This is especially useful when running a CI pipeline in multiple steps and each step provides a different result that should be attached (i. e. vulnerability scanner result, compliance scanner result, dependency scanner result).

To retrieve these attachments you can either use the notarization transaction uid or the labels. When using the uid all attachments of the specific notarization transaction will be downloaded.

$ vcn a go.sum --lc-uid 1624700334893475066 --output attachments

When using labels you can either download a specific attachment or all attachments with the same label.

$ vcn a go.sum --attach attachment2:label1 --output attachments

$ vcn a go.sum --attach label1 --output attachments

Another example that shows the artifact attachment's download across all notarizations. Upload attachments one at a time:

$ vcn n asset.bin --attach file1.txt:labelXYZ

$ vcn n asset.bin --attach file2.txt:labelXYZ

$ vcn n asset.bin --attach file3.txt:labelXYZ

Downloads all attached files

$ vcn a asset.bin --attach labelXYZ --output attachments

The label-only command --attach label1 downloads the latest version of all attachments that have the requested label. Existing files will not be overwritten. In case you want to download and overwrite existing files use the `--force` flag. If there are multiple versions of a specific attachment the file will be downloaded with an enumerated postfix.

$ vcn a go.sum --attach lab1 --output attachments --force

Was this article helpful?