LinuxCommandLibrary

gh-attestation

verify artifact attestations and build provenance

TLDR

Verify artifact attestation

$ gh attestation verify [artifact] -R [owner/repo]
copy
Verify with specific bundle
$ gh attestation verify [artifact] --bundle [attestation.json]
copy
Download attestations
$ gh attestation download [artifact] -R [owner/repo]
copy

SYNOPSIS

gh attestation command [options]

DESCRIPTION

gh attestation verifies artifact attestations using GitHub's artifact attestation feature. Ensures artifacts were built in GitHub Actions with provenance.

PARAMETERS

-R, --repo owner/repo

Repository.
--bundle file
Attestation bundle file.
--owner owner
Repository owner.

SUBCOMMANDS

verify

Verify artifact attestation.
download
Download attestation bundle.

SEE ALSO

gh(1), gh-release(1)

> TERMINAL_GEAR

Curated for the Linux community

Copied to clipboard

> TERMINAL_GEAR

Curated for the Linux community