GitHub CLI

gh attestation verify

gh attestation verify [<file-path> | oci://<image-uri>] [--owner | --repo] [flags]

Verify the integrity and provenance of an artifact using its associated cryptographically signed attestations.

In order to verify an attestation, you must validate the identity of the Actions workflow that produced the attestation (a.k.a. the signer workflow). Given this identity, the verification process checks the signatures in the attestations, and confirms that the attestation refers to provided artifact.

To specify the artifact, the command requires:

a file path to an artifact, or
a container image URI (e.g. oci://<image-uri>)
- (note that if you provide an OCI URL, you must already be authenticated with its container registry)

To fetch the attestation, and validate the identity of the signer, the command requires either:

the --repo flag (e.g. --repo github/example).
the --owner flag (e.g. --owner github), or

The --repo flag value must match the name of the GitHub repository that the artifact is linked with.

The --owner flag value must match the name of the GitHub organization that the artifact's linked repository belongs to.

By default, the verify command will:

only verify provenance attestations
attempt to fetch relevant attestations via the GitHub API.

To verify other types of attestations, use the --predicate-type flag.

To use your artifact's OCI registry instead of GitHub's API, use the --bundle-from-oci flag. For offline verification, using attestations stored on desk (c.f. the download command), provide a path to the --bundle flag.

To see the full results that are generated upon successful verification, i.e. for use with a policy engine, provide the --format=json flag.

The signer workflow's identity is validated against the Subject Alternative Name (SAN) within the attestation certificate. Often, the signer workflow is the same workflow that started the run and generated the attestation, and will be located inside your repository. For this reason, by default this command uses either the --repo or the --owner flag value to validate the SAN.

However, sometimes the caller workflow is not the same workflow that performed the signing. If your attestation was generated via a reusable workflow, then that reusable workflow is the signer whose identity needs to be validated. In this situation, the signer workflow may or may not be located inside your --repo or --owner.

When using reusable workflows, use the --signer-repo, --signer-workflow, or --cert-identity flags to validate the signer workflow's identity.

For more policy verification options, see the other available flags.

Options

-b, --bundle <string>: Path to bundle on disk, either a single bundle in a JSON file or a JSON lines file with multiple bundles
--bundle-from-oci: When verifying an OCI image, fetch the attestation bundle from the OCI registry instead of from GitHub
--cert-identity <string>: Enforce that the certificate's subject alternative name matches the provided value exactly
-i, --cert-identity-regex <string>: Enforce that the certificate's subject alternative name matches the provided regex
--cert-oidc-issuer <string> (default "https://token.actions.githubusercontent.com"): Issuer of the OIDC token
--custom-trusted-root <string>: Path to a trusted_root.jsonl file; likely for offline verification
--deny-self-hosted-runners: Fail verification for attestations generated on self-hosted runners
-d, --digest-alg <string> (default "sha256"): The algorithm used to compute a digest of the artifact: {sha256|sha512}
--format <string>: Output format: {json}
--hostname <string>: Configure host to use
-q, --jq <expression>: Filter JSON output using a jq expression
-L, --limit <int> (default 30): Maximum number of attestations to fetch
--no-public-good: Do not verify attestations signed with Sigstore public good instance
-o, --owner <string>: GitHub organization to scope attestation lookup by
--predicate-type <string> (default "https://slsa.dev/provenance/v1"): Filter attestations by provided predicate type
-R, --repo <string>: Repository name in the format <owner>/<repo>
--signer-repo <string>: Repository of reusable workflow that signed attestation in the format <owner>/<repo>
--signer-workflow <string>: Workflow that signed attestation in the format [host/]<owner>/<repo>/<path>/<to>/<workflow>
-t, --template <string>: Format JSON output using a Go template; see "gh help formatting"

Examples

# Verify an artifact linked with a repository
$ gh attestation verify example.bin --repo github/example

# Verify an artifact linked with an organization
$ gh attestation verify example.bin --owner github

# Verify an artifact and output the full verification result
$ gh attestation verify example.bin --owner github --format json

# Verify an OCI image using attestations stored on disk
$ gh attestation verify oci://<image-uri> --owner github --bundle sha256:foo.jsonl

# Verify an artifact signed with a reusable workflow
$ gh attestation verify example.bin --owner github --signer-repo actions/example

gh attestation verify

Options

Examples

See also