GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
GH-ATTESTATION-VERIFY(1) GitHub CLI manual GH-ATTESTATION-VERIFY(1)

gh-attestation-verify - Verify an artifact's integrity using attestations

gh attestation verify [<file-path> | oci://<image-uri>] [--owner | --repo] [flags]

Verify the integrity and provenance of an artifact using its associated cryptographically signed attestations.

An attestation is a claim (i.e. a provenance statement) made by an actor (i.e. a GitHub Actions workflow) regarding a subject (i.e. an artifact).

In order to verify an attestation, you must provide an artifact and validate: * the identity of the actor that produced the attestation * the expected attestation predicate type (the nature of the claim)

By default, this command enforces the https://slsa.dev/provenance/v1 predicate type. To verify other attestation predicate types use the --predicate-type flag.

The "actor identity" consists of: * the repository or the repository owner the artifact is linked with * the Actions workflow that produced the attestation (a.k.a the
signer workflow)

This identity is then validated against the attestation's certificate's SourceRepository, SourceRepositoryOwner, and SubjectAlternativeName (SAN) fields, among others.

It is up to you to decide how precisely you want to enforce this identity.

At a minimum, this command requires either: * the --owner flag (e.g. --owner github), or * the --repo flag (e.g. --repo github/example)

The more precisely you specify the identity, the more control you will have over the security guarantees offered by the verification process.

Ideally, the path of the signer workflow is also validated using the --signer-workflow or --cert-identity flags.

Please note: if your attestation was generated via a reusable workflow then that reusable workflow is the signer whose identity needs to be validated. In this situation, you must use either the --signer-workflow or the --signer-repo flag.

For more options, see the other available flags.

To specify the artifact, this command requires: * a file path to an artifact, or * a container image URI (e.g. oci://<image-uri>)
* (note that if you provide an OCI URL, you must already be authenticated with its container registry)

By default, this command will attempt to fetch relevant attestations via the GitHub API using the values provided to --owner or --repo.

To instead fetch attestations from your artifact's OCI registry, use the --bundle-from-oci flag.

For offline verification using attestations stored on disk (c.f. the download command) provide a path to the --bundle flag.

Given the --format=json flag, upon successful verification this command will output a JSON array containing one entry per verified attestation.

This output can then be used for additional policy enforcement, i.e. by being piped into a policy engine.

Each object in the array contains two properties: * an attestation object, which contains the bundle that was verified * a verificationResult object, which is a parsed representation of the
contents of the bundle that was verified.

Within the verificationResult object you will find: * signature.certificate, which is a parsed representation of the X.509
certificate embedded in the attestation, * verifiedTimestamps, an array of objects denoting when the attestation
was witnessed by a transparency log or a timestamp authority * statement, which contains the subject array referencing artifacts,
the predicateType field, and the predicate object which contains
additional, often user-controllable, metadata

IMPORTANT: please note that only the signature.certificate and the verifiedTimestamps properties contain values that cannot be manipulated by the workflow that originated the attestation.

When dealing with attestations created within GitHub Actions, the contents of signature.certificate are populated directly from the OpenID Connect token that GitHub has generated. The contents of the verifiedTimestamps array are populated from the signed timestamps originating from either a transparency log or a timestamp authority – and likewise cannot be forged by users.

When designing policy enforcement using this output, special care must be taken when examining the contents of the statement.predicate property: should an attacker gain access to your workflow's execution context, they could then falsify the contents of the statement.predicate.

To mitigate this attack vector, consider using a "trusted builder": when generating an artifact, have the build and attestation signing occur within a reusable workflow whose execution cannot be influenced by input provided through the caller workflow.

See above re: --signer-workflow.

Path to bundle on disk, either a single bundle in a JSON file or a JSON lines file with multiple bundles

When verifying an OCI image, fetch the attestation bundle from the OCI registry instead of from GitHub

Enforce that the certificate's SubjectAlternativeName matches the provided value exactly

Enforce that the certificate's SubjectAlternativeName matches the provided regex

Enforce that the issuer of the OIDC token matches the provided value

Path to a trusted_root.jsonl file; likely for offline verification

Fail verification for attestations generated on self-hosted runners

The algorithm used to compute a digest of the artifact: {sha256|sha512}

Output format: {json}

Configure host to use

Filter JSON output using a jq expression

Maximum number of attestations to fetch

Do not verify attestations signed with Sigstore public good instance

GitHub organization to scope attestation lookup by

Enforce that verified attestations' predicate type matches the provided value

Repository name in the format /

Enforce that the digest associated with the signer workflow matches the provided value

Enforce that the workflow that signed the attestation's repository matches the provided value (/)

Enforce that the workflow that signed the attestation matches the provided value ([host/]////)

Enforce that the digest associated with the source repository matches the provided value

Enforce that the git ref associated with the source repository matches the provided value

Format JSON output using a Go template; see "gh help formatting"

0: Successful execution

1: Error

2: Command canceled

4: Authentication required

NOTE: Specific commands may have additional exit codes. Refer to the command's help for more information.

# Verify an artifact linked with a repository
$ gh attestation verify example.bin --repo github/example
# Verify an artifact linked with an organization
$ gh attestation verify example.bin --owner github
# Verify an artifact and output the full verification result
$ gh attestation verify example.bin --owner github --format json
# Verify an OCI image using attestations stored on disk
$ gh attestation verify oci://<image-uri> --owner github --bundle sha256:foo.jsonl
# Verify an artifact signed with a reusable workflow
$ gh attestation verify example.bin --owner github --signer-repo actions/example

gh-attestation(1)

Jul 2025
Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.