Skip to main content

Documentation Index

Fetch the complete documentation index at: https://kosli-reference-docs-v2-17-8.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Synopsis

kosli evaluate trails TRAIL-NAME [TRAIL-NAME...] [flags]
[BETA] Evaluate multiple trails against a policy. Fetch multiple trails from Kosli and evaluate them together against a Rego policy. The trail data is passed to the policy as input.trails (an array), unlike evaluate trail which passes input.trail (a single object). Use --attestations to enrich the input with detailed attestation data (e.g. pull request approvers, scan results). Use --show-input to inspect the full data structure available to the policy. Use --output json for structured output.

Flags

FlagDescription
—assert[optional] Exit with a non-zero status when the policy denies. This is the current default; pass —assert to lock it in across future releases.
—attestations strings[optional] Limit which attestations are included. Plain name for trail-level, dot-qualified (artifact.name) for artifact-level.
-f, —flow stringThe Kosli flow name.
-h, —helphelp for trails
—no-assert[optional] Print the result and always exit 0, even when the policy denies. Use when this command feeds another tool as a policy decision point.
-o, —output string[defaulted] The format of the output. Valid formats are: [table, json]. (default “table”)
—params string[optional] Policy parameters as inline JSON or @file.json. Available in policies as data.params.
-p, —policy stringPath or http(s):// URL of a Rego policy to evaluate against the trails.
—show-input[optional] Include the policy input data in the output.

Flags inherited from parent commands

FlagDescription
-a, —api-token stringThe Kosli API token.
-c, —config-file string[optional] The Kosli config file path. (default “kosli”)
—debug[optional] Print debug logs to stdout.
-H, —host string[defaulted] The Kosli endpoint. (default “https://app.kosli.com”)
—http-proxy string[optional] The HTTP proxy URL including protocol and port number. e.g. http://proxy-server-ip:proxy-port
-r, —max-api-retries int[defaulted] How many times should API calls be retried when the API host is not reachable. (default 3)
—org stringThe Kosli organization.
-q, —quiet[optional] Suppress non-critical warning messages. Errors and normal output are not affected. If both —quiet and —debug are set, —debug wins.

Examples Use Cases

These examples all assume that the flags --api-token, --org, --host, (and --flow, --trail when required), are set/provided. 
kosli evaluate trails yourTrailName1 yourTrailName2 
	--policy yourPolicyFile.rego 


kosli evaluate trails yourTrailName1 yourTrailName2 
	--policy yourPolicyFile.rego 
	--attestations pull-request 


kosli evaluate trails yourTrailName1 yourTrailName2 
	--policy yourPolicyFile.rego 
	--show-input 
	--output json 


kosli evaluate trails yourTrailName1 yourTrailName2 
	--policy yourPolicyFile.rego 
	--params '{"min_approvers": 2}' 


kosli evaluate trails yourTrailName1 yourTrailName2 
	--policy https://policies.example.com/trails.rego 


kosli evaluate trails yourTrailName1 yourTrailName2 
	--policy yourPolicyFile.rego 
	--no-assert
Last modified on May 11, 2026