kosli-dev · FayeSGW · Nov 11, 2025 · Nov 11, 2025
diff --git a/cmd/kosli/assertArtifact_test.go b/cmd/kosli/assertArtifact_test.go
@@ -25,6 +25,11 @@ type AssertArtifactCommandTestSuite struct {
 	artifactName2         string
 	artifact2Path         string
 	fingerprint2          string
+	flowName3             string
+	trailName             string
+	artifactName3         string
+	artifact3Path         string
+	fingerprint3          string
 }
 
 func (suite *AssertArtifactCommandTestSuite) SetupTest() {
@@ -60,6 +65,19 @@ func (suite *AssertArtifactCommandTestSuite) SetupTest() {
 	require.NoError(suite.Suite.T(), err)
 	CreateArtifact(suite.flowName1, suite.fingerprint2, suite.artifactName2, suite.Suite.T())
 	CreateArtifact(suite.flowName2, suite.fingerprint2, suite.artifactName1, suite.Suite.T())
+
+	// Setup for asserting non-compliant artifact to check error response
+	suite.flowName3 = "assert-non-compliant-artifact"
+	suite.trailName = "non-compliant-trail"
+	suite.artifactName3 = "arti-for-AssertArtifactCommandTestSuite-non-compliant"
+	suite.artifact3Path = "testdata/artifacts/AssertArtifactCommandTestSuiteArtifact3.txt"
+	suite.fingerprint3, err = GetSha256Digest(suite.artifact3Path, fingerprintOptions, logger)
+	CreateFlow(suite.flowName3, suite.Suite.T())
+	BeginTrail(suite.trailName, suite.flowName3, "", suite.Suite.T())
+	CreateArtifactOnTrail(suite.flowName3, suite.trailName, "cli", suite.fingerprint3, suite.artifactName3, suite.Suite.T())
+	require.NoError(suite.Suite.T(), err)
+	CreateGenericArtifactAttestation(suite.flowName3, suite.trailName, suite.fingerprint3, "failing-attestation", false, suite.Suite.T())
+	require.NoError(suite.Suite.T(), err)
 }
 
 func (suite *AssertArtifactCommandTestSuite) TestAssertArtifactCmd() {
@@ -169,6 +187,18 @@ func (suite *AssertArtifactCommandTestSuite) TestAssertArtifactCmd() {
 			cmd:       fmt.Sprintf(`assert artifact --fingerprint %s --environment %s --policy %s %s`, suite.fingerprint1, suite.envName, suite.policyName1, suite.defaultKosliArguments),
 			golden:    "Error: Cannot specify both 'environment_name' and 'policy_name' at the same time\n",
 		},
+		{
+			wantError:   true,
+			name:        "16 asserting a single existing non-compliant artifact (using --fingerprint) results in non-zero exit",
+			cmd:         fmt.Sprintf(`assert artifact --fingerprint %s %s`, suite.fingerprint3, suite.defaultKosliArguments),
+			goldenRegex: "^Error: NON-COMPLIANT\n",
+		},
+		{
+			wantError:   true,
+			name:        "17 asserting a single existing non-compliant artifact (using --artifact-type) results in non-zero exit",
+			cmd:         fmt.Sprintf(`assert artifact %s --artifact-type file %s`, suite.artifact3Path, suite.defaultKosliArguments),
+			goldenRegex: "^Error: NON-COMPLIANT\n",
+		},
 	}
 
 	runTestCmd(suite.Suite.T(), tests)

diff --git a/cmd/kosli/getAttestation_test.go b/cmd/kosli/getAttestation_test.go
@@ -42,9 +42,9 @@ func (suite *GetAttestationCommandTestSuite) SetupTest() {
 	suite.fingerprint, err = GetSha256Digest(suite.artifactPath, fingerprintOptions, logger)
 	require.NoError(suite.Suite.T(), err)
 	CreateArtifactOnTrail(suite.flowName, suite.trailName, "cli", suite.fingerprint, suite.artifactName, suite.Suite.T())
-	CreateGenericArtifactAttestation(suite.flowName, suite.trailName, suite.fingerprint, "first-artifact-attestation", suite.Suite.T())
+	CreateGenericArtifactAttestation(suite.flowName, suite.trailName, suite.fingerprint, "first-artifact-attestation", true, suite.Suite.T())
 	CreateGenericTrailAttestation(suite.flowName, suite.trailName, "first-trail-attestation", suite.Suite.T())
-	CreateGenericArtifactAttestation(suite.flowName, suite.trailName, suite.fingerprint, "second-artifact-attestation", suite.Suite.T())
+	CreateGenericArtifactAttestation(suite.flowName, suite.trailName, suite.fingerprint, "second-artifact-attestation", true, suite.Suite.T())
 	CreateGenericTrailAttestation(suite.flowName, suite.trailName, "second-trail-attestation", suite.Suite.T())
 }
 

diff --git a/cmd/kosli/testHelpers.go b/cmd/kosli/testHelpers.go
@@ -500,7 +500,7 @@ func CreatePolicy(org, policyName string, t *testing.T) {
 	require.NoError(t, err, "policy should be created without error")
 }
 
-func CreateGenericArtifactAttestation(flowName, trailName, fingerprint, attestationName string, t *testing.T) {
+func CreateGenericArtifactAttestation(flowName, trailName, fingerprint, attestationName string, compliant bool, t *testing.T) {
 	t.Helper()
 	o := &attestGenericOptions{
 		CommonAttestationOptions: &CommonAttestationOptions{
@@ -513,7 +513,7 @@ func CreateGenericArtifactAttestation(flowName, trailName, fingerprint, attestat
 			CommonAttestationPayload: &CommonAttestationPayload{
 				ArtifactFingerprint: fingerprint,
 			},
-			Compliant: true,
+			Compliant: compliant,
 		},
 	}
 	err := o.run([]string{})

diff --git a/cmd/kosli/testdata/artifacts/AssertArtifactCommandTestSuiteArtifact3.txt b/cmd/kosli/testdata/artifacts/AssertArtifactCommandTestSuiteArtifact3.txt
@@ -0,0 +1 @@
+This shall only be used by the AssertArtifactCommandTestSuite and is the third, non-compliant, artifact
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		This shall only be used by the AssertArtifactCommandTestSuite and is the third, non-compliant, artifact