slsa-verifier

Verify provenance from SLSA compliant builders

brewmacoslinux

Try with needOr install directly

About

Verify provenance from SLSA compliant builders

slsa-verifier

Verify provenance of a binary artifact$ slsa-verifier verify-artifact --artifact-path ./my-binary --provenance ./provenance.json

Verify image provenance from a container registry$ slsa-verifier verify-image --image-uri ghcr.io/user/image:v1.0.0 --provenance ./provenance.json

Download and verify provenance for a GitHub release

$ slsa-verifier verify-artifact --artifact-path ./app --provenance https://github.com/owner/repo/releases/download/v1.0/provenance.json