Skip to main content
Version: 1.13.x

CLI Reference

Help

To see the available command-line options on your version of Hoppr, execute:

hopctl -h

hopctl

Usage: hopctl [OPTIONS] COMMAND [ARGS]...

Collect, process, & bundle your software supply chain

Options

Name(s)ShorthandDescription
--install-completionInstall completion for the current shell.
--show-completionShow completion for the current shell, to copy it or customize the installation.
--help-hShow this message and exit.

Global options

Name(s)ShorthandEnv VarDescription
--basic-term-bHOPPR_BASIC_TERMUse simplified output for non-TTY or legacy terminal emulators. (Default: False)
--experimental-xHOPPR_EXPERIMENTALEnable experimental features. (Default: False)
--strict / --no-strictHOPPR_STRICT_REPOSUtilize only manifest repositories for package collection. (Default: strict)
--debug, --verbose-vEnable debug output.
--log-lHOPPR_LOG_FILEFile to which log will be written.

Subcommands

CommandDescription
bundleRun the stages specified in the transfer config file on the content specified in the manifest
generateGenerate in-toto keys/layout or schemas for Hoppr input files
mergeMerge all properties of two or more SBOM files
validateValidate multiple manifest files for schema errors (Available since Hoppr v1.11.0 and supports CycloneDX 1.5)
versionPrint version information for hoppr

Deprecated Subcommands

CommandDescription
generate-layoutSee hopctl generate layout subcommand
generate-schemasSee hopctl generate schemas subcommand

Subcommand Reference

To see further help on sub-commands (in this example, bundle), execute:

hopctl bundle -h

hopctl bundle

Usage: hopctl bundle [OPTIONS] [MANIFEST_FILE]

Runs the stages specified in the transfer config file on the content specified in the manifest.

Arguments
NameDescription
manifest_filePath to manifest file (default: manifest.yml)
Options
Name(s)ShorthandEnv VarDescription
--attest-aHOPPR_ATTESTATIONGenerate in-toto attestations.
--sign-sHOPPR_SIGNINGGenerate signature for the bundle and delivered sbom.
--credentials-cHOPPR_CREDS_CONFIGSpecify credentials config for services.
--functionary-key-fkHOPPR_FUNCTIONARY_KEYPath to key used to sign in-toto layout or bundle / sbom.
--functionary-key-password-fk-passHOPPR_FUNCTIONARY_KEY_PASSWORDPassword for functionary key.
--ignore-errors-iHOPPR_IGNORE_ERRORSGenerate a bundle even if some components fail to be collected.
--previous-delivery-pdHOPPR_PREVIOUS_DELIVERYPath to manifest or tar bundle representing a previous delivery.
--delivered-sbom-output-SHOPPR_DELIVERED_SBOMFile to which delivered SBOM will be written if specified.
--transfer-tHOPPR_TRANSFER_CONFIGSpecify transfer config. (default: transfer.yml)
--help-hShow this message and exit.

hopctl generate

Usage: hopctl generate [OPTIONS] COMMAND [ARGS]...

Generate in-toto keys/layout for Hoppr input files

hopctl generate layout

Usage: hopctl generate layout [OPTIONS]

Generate in-toto layout based on transfer file.

Options
Name(s)ShorthandEnv VarDescription
--transfer-tHOPPR_TRANSFER_CONFIGSpecify transfer config. (default: transfer.yml)
--project-owner-key-pkHOPPR_PROJECT_OWNER_KEYPath to key used to sign in-toto layout. (required)
--functionary-key-fkHOPPR_FUNCTIONARY_KEYPath to key used to sign in-toto layout. (required)
--project-owner-key-password-pk-passHOPPR_PROJECT_OWNER_KEY_PASSWORDPassword for project owner key.
--help-hShow this message and exit.

hopctl merge

Usage: hopctl merge [OPTIONS]

Merge all properties of two or more SBOM files.

Options
Name(s)ShorthandTypeDescription
--manifest-mFileManifest file containing SBOMs to merge.
--sbom-sFileSBOM file to merge (can be specified multiple times).
--sbom-dir-dDirectoryDirectory containing SBOM files to merge (can be specified multiple times).
--sbom-url-uURLURL of SBOM to merge (can be specified multiple times).
--output-file-oFilePath to output file [default: hopctl-merge-YYMMDD-HHMMSS.json].
--deep-mergeResolve and expand externalReferences in-place.
--flattenFlatten nested components into single unified list.
--help-hShow this message and exit.

hopctl validate

note

The minimum supported CycloneDX version for SBOM validation is CycloneDX 1.5.

The hopctl validate command was introduced in Hoppr v1.11.0.

Usage: hopctl validate [OPTIONS] INPUT_FILES...

Validate multiple manifest files for schema errors.

Arguments
NameDescription
input_filesPaths to manifest files.
Options
Name(s)ShorthandTypeEnv VarDescription
--credentials-cPathHOPPR_CREDS_CONFIGSpecify credentials config for services.
--transfer-tPathHOPPR_TRANSFER_CONFIGSpecify transfer config. (default: transfer.yml)
--help-hShow this message and exit.

hopctl version

Print version information for hoppr.