The ec tool is used to evaluate Enterprise Contract policies for Software Supply Chain. Various sub-commands can be used to assert facts about an artifact such as:

• Validating container image signature
• Validating container image provenance
• Evaluating Enterprise Contract policies over the container image provenance
• Fetching artifact authorization

Consult the documentation for available sub-commands, descriptions and examples of use.

Run make build from the root directory and use the dist/ec executable, or run make dist to build for all supported architectures.

Run make test to run the unit tests, and make acceptance to run the acceptance tests.

Run make lint to check for linting issues, and make lint-fix to fix linting issues (formatting, import order, ...).

Run hack/demo.sh to evaluate the policy against images that have been built ahead of time.

To regenerate those images, say in case of change in the attestation data, run hack/rebuild.sh.