vcn Command Line Interface tool

vcn is a command line interface (CLI) tool that allows you to interact with the Trustcenter service. It is a cross-platform tool that can be used on Windows, Linux and macOS.

The main commands available in vcn are:

• authenticate - Authenticate assets against Trustcenter
• bom - Collect BOM information
• help - Help about any command
• inspect - Returns the asset history with low-level information
• list - Returns the history of operations made with API key
• login - Log in Trustcenter
• logout - Log out the current user
• notarize - Notarize an asset onto Trustcenter
• unsupport - Unsupport an asset
• untrust - Untrust an asset

What vcn can do?

• Notarize and authenticate assets of many types: images, containers, git repositories, binaries, files, directories, etc.;
• Scan and generate SBOMs for assets in many languages: Java, Python, Go, JavaScript, Rust, NET, Nodejs, PHP, etc.;
• Scan OS package managers: apk, dpkg, rpm;
• SBOM formats supported include SPDX and CycloneDX (both JSON and XML);
• Import SBOMs from other sources into Trustcenter;
• Send attachments to Trustcenter along with notarizations, for example to store SBOMs, vulnerability scan results or other documents in file format;
• Work with labels and custom attributes (metadata) to authenticate and notarize assets;
• Run vulnerability scanning along with authentication and notarization;
• Connect to any image registries, including Docker Hub, Quay, ECR, GCR, ACR, etc.;
• Run cosign notarization and authentication. Cosign is a tool for signing and verification, maintained by the Cloud Native Computing Foundation (CNCF).