export
Descriptionโ
Safely exports a software package from the local package store to a user-specified location.
Packages are referenced by their purls, as registered in the rl-secure
package store.
This functionality is equivalent to the Download File option in Spectra Assure Portal File Stream and Projects.
Software package integrity is automatically verified in the package store before exporting the file to the user-specified location.
It's also possible to check the integrity of a software package in the package store without exporting it.
To do this, use the --check-only
option in the command.
Failed hash verification will result in an error, and if the command is used in a CI/CD setting, the build is expected to fail as well.
The export
command allows exporting software packages that have failed the quality assurance testing and/or the integrity verification.
When you first try to export a software package with the FAIL
status, the command output warns about the issue and prevents the package from being exported.
Adding --allow-bad-quality
or --allow-bad-integrity
options to the command will override the export restriction.
Using --allow-bad-integrity
is highly discouraged.
Generally, integrity errors in software packages are likely due to file tampering.
Exporting such software packages should only be done by security teams to review the packages for signs of malicious intent.
Usageโ
rl-secure export <purl> <file-path> [<options>]
rl-secure export --purl=<purl> --file-path=<file-path> [<options>]
Optionsโ
Option | Description |
---|---|
-p, --purl | Required. Package URL of the software package you want to export from the rl-secure package store. Must be in the format [pkg:type/]<project></package><@version> . The purl must be specified first in the command, before the --file-path (and any other options). |
--file-path | Required. Destination file path where the exported software package file will be copied. The output file name must be specified, but does not need to match the original file name. |
-s, --rl-store | Path to an initialized package store containing the package URL to export. If you don't specify the path, the current directory is used. |
--allow-bad-quality | Export the package even if it failed software quality assurance testing. |
--allow-bad-integrity | Export the package even if it failed integrity verification. |
--check-only | Check the integrity of the software package in the package store without exporting it. |
--replace, --silent | Don't prompt about replacing the file when it already exists in the destination file path. |
--no-tracking | Don't display progress bars. |
--no-color | Don't color the output. |
-h, --help | Display usage information and exit. |
Examplesโ
Export a software packageโ
This example exports a software package from the package store as a file with the user-specified file name into a directory on the local system.
Because we have previously exported the same software package with the same file name into that directory, the command output prompts us to replace the existing file.
To prevent this, you can use the --silent
option with the command.
The command expects the package store to exist in the current directory.
Use the -s
or --rl-store
options to provide an alternative path to the package store.
- Simplified input
- Extended input
- Output
rl-secure export my-project/my-package@1.0 /home/armando/Downloads/output_file
rl-secure export --purl=pkg:rl/my-project/my-package@1.0 --file-path=/home/armando/Downloads/output_file --rl-store=/home/armando/my-repository/
Integrity check for my-project/my-package@1.0 [PASSED]
Replace the existing /home/armando/Downloads/output_file (y/n)?: y
Copying [==================================================] 100% [00m:00s] 3656/3656 bytes