Install cosign from the sigstore/cosign GitHub releases for your platform
Run cosign verify-attestation <image-ref> --type <predicate-type> to fetch and verify the attestation
For SLSA provenance, set --type to slsaprovenance or slsaprovenance02 depending on the predicate version used when the attestation was generated
Pass --certificate-identity and --certificate-oidc-issuer (or their regex equivalents) to enforce that the signing identity matches the expected GitHub Actions workflow
Pipe the output to jq or a policy engine to extract and evaluate specific fields from the verified predicate payload
Use --policy with a CUE or Rego policy file to automate assertion of predicate field values
Known gotchas
cosign verify-attestation fetches attestations stored in the OCI registry as sigstore bundles; if the attestation was stored elsewhere, you need to pass it differently
The --type flag must match the predicate type URI used at signing time; a mismatch causes the tool to report no matching attestations found
Keyless verification (Sigstore Fulcio + Rekor) requires that the signing OIDC token claims match the --certificate-identity flags; overly broad regexes can undermine the security check
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp