jfrog · mnsboev · Jul 16, 2025 · Jul 14, 2025 · Jul 15, 2025 · Jul 15, 2025
diff --git a/evidence/cli/command_build.go b/evidence/cli/command_build.go
@@ -21,6 +21,10 @@ func NewEvidenceBuildCommand(ctx *components.Context, execute execCommandFunc) E
 }
 
 func (ebc *evidenceBuildCommand) CreateEvidence(ctx *components.Context, serverDetails *config.ServerDetails) error {
+	if ebc.ctx.GetStringFlagValue(sigstoreBundle) != "" {
+		return errorutils.CheckErrorf("--%s is not supported for build evidence.", sigstoreBundle)
+	}
+
 	err := ebc.validateEvidenceBuildContext(ctx)
 	if err != nil {
 		return err

diff --git a/evidence/cli/command_build_test.go b/evidence/cli/command_build_test.go
@@ -0,0 +1,74 @@
+package cli
+
+import (
+	"flag"
+	"testing"
+
+	"github.com/jfrog/jfrog-cli-core/v2/common/commands"
+	"github.com/jfrog/jfrog-cli-core/v2/plugins/components"
+	"github.com/jfrog/jfrog-cli-core/v2/utils/config"
+	"github.com/stretchr/testify/assert"
+	"github.com/urfave/cli"
+)
+
+func TestEvidenceBuildCommand_CreateEvidence_SigstoreBundle(t *testing.T) {
+	tests := []struct {
+		name          string
+		flags         []components.Flag
+		expectError   bool
+		errorContains string
+	}{
+		{
+			name: "Invalid_SigstoreBundle_Not_Supported",
+			flags: []components.Flag{
+				setDefaultValue(sigstoreBundle, "/path/to/bundle.json"),
+				setDefaultValue(buildName, "test-build"),
+				setDefaultValue(buildNumber, "123"),
+			},
+			expectError:   true,
+			errorContains: "--sigstore-bundle is not supported for build evidence.",
+		},
+		{
+			name: "Valid_Without_SigstoreBundle",
+			flags: []components.Flag{
+				setDefaultValue(buildName, "test-build"),
+				setDefaultValue(buildNumber, "123"),
+				setDefaultValue(predicate, "/path/to/predicate.json"),
+				setDefaultValue(predicateType, "test-type"),
+				setDefaultValue(key, "/path/to/key.pem"),
+			},
+			expectError: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			app := cli.NewApp()
+			app.Commands = []cli.Command{{Name: "create"}}
+			set := flag.NewFlagSet("test", 0)
+			cliCtx := cli.NewContext(app, set, nil)
+
+			ctx, err := components.ConvertContext(cliCtx, tt.flags...)
+			assert.NoError(t, err)
+
+			mockExec := func(cmd commands.Command) error {
+				// Mock successful execution
+				return nil
+			}
+
+			cmd := NewEvidenceBuildCommand(ctx, mockExec)
+			serverDetails := &config.ServerDetails{}
+
+			err = cmd.CreateEvidence(ctx, serverDetails)
+
+			if tt.expectError {
+				assert.Error(t, err)
+				if tt.errorContains != "" {
+					assert.Contains(t, err.Error(), tt.errorContains)
+				}
+			} else {
+				assert.NoError(t, err)
+			}
+		})
+	}
+}
diff --git a/evidence/cli/command_cli.go b/evidence/cli/command_cli.go
@@ -3,6 +3,9 @@ package cli
 import (
 	"errors"
 	"fmt"
+	"os"
+	"strings"
+
 	"github.com/jfrog/jfrog-cli-artifactory/evidence/cli/docs/create"
 	"github.com/jfrog/jfrog-cli-artifactory/evidence/cli/docs/verify"
 	jfrogArtClient "github.com/jfrog/jfrog-cli-artifactory/evidence/utils"
@@ -15,8 +18,6 @@ import (
 	"github.com/jfrog/jfrog-client-go/utils"
 	"github.com/jfrog/jfrog-client-go/utils/errorutils"
 	"golang.org/x/exp/slices"
-	"os"
-	"strings"
 )
 
 func GetCommands() []components.Command {
@@ -118,6 +119,13 @@ func validateCreateEvidenceCommonContext(ctx *components.Context) error {
 		return pluginsCommon.WrongNumberOfArgumentsHandler(ctx)
 	}
 
+	if ctx.IsFlagSet(sigstoreBundle) && assertValueProvided(ctx, sigstoreBundle) == nil {
+		if err := validateSigstoreBundleArgsConflicts(ctx); err != nil {
+			return err
+		}
+		return nil
+	}
+
 	if (!ctx.IsFlagSet(predicate) || assertValueProvided(ctx, predicate) != nil) && !ctx.IsFlagSet(typeFlag) {
 		return errorutils.CheckErrorf("'predicate' is a mandatory field for creating evidence: --%s", predicate)
 	}
@@ -136,6 +144,29 @@ func validateCreateEvidenceCommonContext(ctx *components.Context) error {
 	return nil
 }
 
+func validateSigstoreBundleArgsConflicts(ctx *components.Context) error {
+	var conflictingParams []string
+
+	if ctx.IsFlagSet(key) && ctx.GetStringFlagValue(key) != "" {
+		conflictingParams = append(conflictingParams, "--"+key)
+	}
+	if ctx.IsFlagSet(keyAlias) && ctx.GetStringFlagValue(keyAlias) != "" {
+		conflictingParams = append(conflictingParams, "--"+keyAlias)
+	}
+	if ctx.IsFlagSet(predicate) && ctx.GetStringFlagValue(predicate) != "" {
+		conflictingParams = append(conflictingParams, "--"+predicate)
+	}
+	if ctx.IsFlagSet(predicateType) && ctx.GetStringFlagValue(predicateType) != "" {
+		conflictingParams = append(conflictingParams, "--"+predicateType)
+	}
+
+	if len(conflictingParams) > 0 {
+		return errorutils.CheckErrorf("The following parameters cannot be used with --%s: %s. These values are extracted from the bundle itself:", sigstoreBundle, strings.Join(conflictingParams, ", "))
+	}
+
+	return nil
+}
+
 func ensureKeyExists(ctx *components.Context, key string) error {
 	if ctx.IsFlagSet(key) && assertValueProvided(ctx, key) == nil {
 		return nil
@@ -165,6 +196,9 @@ func getAndValidateSubject(ctx *components.Context) ([]string, error) {
 	}
 
 	if len(foundSubjects) == 0 {
+		if ctx.IsFlagSet(sigstoreBundle) && assertValueProvided(ctx, sigstoreBundle) == nil {
+			return []string{subjectRepoPath}, nil // Return subjectRepoPath as the type for routing
+		}
 		// If we have no subject - we will try to create EVD on build
 		if !attemptSetBuildNameAndNumber(ctx) {
 			return nil, errorutils.CheckErrorf("subject must be one of the fields: [%s]", strings.Join(subjectTypes, ", "))
@@ -204,7 +238,7 @@ func validateKeys(ctx *components.Context) error {
 	providedKeys := ctx.GetStringsArrFlagValue(publicKeys)
 	if signingKeyValue == "" {
 		if len(providedKeys) == 0 && !ctx.GetBoolFlagValue(useArtifactoryKeys) {
-			return errorutils.CheckErrorf("JFROG_CLI_SIGNING_KEY env variable or --public-keys flag or --use-artifactory-publicKeys must be provided when verifying evidence")
+			return errorutils.CheckErrorf("JFROG_CLI_SIGNING_KEY env variable or --%s flag or --%s must be provided when verifying evidence", publicKeys, useArtifactoryKeys)
 		}
 		return nil
 	}
@@ -258,7 +292,7 @@ func platformToEvidenceUrls(rtDetails *config.ServerDetails) {
 
 func assertValueProvided(c *components.Context, fieldName string) error {
 	if c.GetStringFlagValue(fieldName) == "" {
-		return errorutils.CheckErrorf("the --%s option is mandatory", fieldName)
+		return errorutils.CheckErrorf("the argument --%s can not be empty", fieldName)
 	}
 	return nil
 }