Skip to main content

create

Descriptionโ€‹

Creates new projects and packages in the package store.

Use this command to build out the structure of your package store before scanning any packages.

In an initialized package store, this command can do the following:

  • create a new project without any packages
  • create a new project with a package in it
  • create a new package in an existing project

The create command does not support adding package versions (scanning files). To do that, use rl-secure scan.

Example structure of a package storeโ€‹

/home/armando/my-repository/
โ””โ”€โ”€ .rl-secure/
    โ”œโ”€โ”€ .yara/
    โ”œโ”€โ”€ .repository-policy.info
    โ””โ”€โ”€ projects/
        โ””โ”€โ”€ my-project/
            โ”œโ”€โ”€ .yara/
            โ”œโ”€โ”€ .project-policy.info
            โ””โ”€โ”€ packages/
                โ””โ”€โ”€ my-package/
                    โ”œโ”€โ”€ versions/
                    โ”œโ”€โ”€ .yara/
                    โ””โ”€โ”€ .package-policy.info

When you use create for packages in the store, you're only creating entries (subdirectories) for them in the directory structure. The create command does not actually add any files (package versions) to the store - the rl-secure scan command is used for that.

To specify project and package names with the create command, you must use the purl (package URL) format. This is a standard schema used for identifying items in your package store. The create command requires at least the project name, while scheme and type (pkg:rl) are optional:

[pkg:rl/]<project>[/<package>]

tip

We recommend you always specify the scheme and type, even when it's optional. The default scheme is pkg and the default type is rl. You can use them for all projects and packages in your package store. This will make it easier for you to distinguish between multiple package types when they become supported in rl-secure.

Keep in mind that the project/package name combination must be unique on the level of each package store. In other words, you can't have two projects called my-project in the same package store.

Similarly, you can't create two packages called my-package in the same project. However, you can create a my-package in different projects in the same package store.

The following examples illustrate supported and unsupported scenarios.

โœ… Supported
rl-store: /home/armando/my-repository/
  / my-project-dev
      / my-package@1.0.1
      / my-package@1.0.2
  / my-project-test
      / my-package@1.0.1
โŒ Unsupported
rl-store: /home/armando/my-repository/
  / my-project
      / my-package@1.0.1
      / my-package@1.0.2
  / my-project
      / my-package@1.0.1

Usageโ€‹

rl-secure create <purl> [<rl-store>]

rl-secure create --purl=<purl> --rl-store=[<rl-store>]

Optionsโ€‹

OptionDescription
-p, --purlRequired. Package URL of the project or package you want to create. Must be in the format [pkg:type/]<project>[/<package>]. Project and package names must be unique on the package store level.
--rl-levelCreate the project or package with the specified SAFE Level setting. Specify the level as an integer value from 0 to 5 (for example, --rl-level=4). When set to 0, the SAFE Levels feature is disabled (not used) in the created project.

The level setting applies to all packages created in a project. You can override the setting for specific packages in their policy configuration files. SAFE Levels cannot be configured for individual package versions, so if this setting is used when creating a package, it will apply to all package versions.
-h, --helpDisplay usage information and exit.
-s, --rl-store ย  ย  ย  ย Path to an initialized package store where you want to create a project or package. If you don't specify the path, the current directory is used.

Examplesโ€‹

Create an empty projectโ€‹

This example creates a new project in a previously initialized package store. The command expects the package store to exist in the current directory. Use the -s or --rl-store options to provide an alternative path to the package store.

rl-secure create pkg:rl/my-project

Create a package in a projectโ€‹

This example creates a new package in a previously created project. The command expects the package store containing the project to exist in the current directory. Use the -s or --rl-store options to provide an alternative path to the package store.

rl-secure create pkg:rl/my-project/my-package