Add the actions/attest-build-provenance step to your GitHub Actions workflow after the build step, pointing subject-path at your built artifact or image digest.
Ensure the workflow has id-token: write permission so GitHub Actions can request an OIDC token for Sigstore-based signing.
The action generates a Sigstore-signed in-toto provenance statement and uploads it to GitHub's attestation store, returning an attestation ID.
Download the attestation bundle for an artifact using the GitHub CLI: gh attestation download ARTIFACT_PATH -R org/repo.
Verify the provenance locally or in CI using slsa-verifier: slsa-verifier verify-artifact ARTIFACT_PATH --provenance-path provenance.json --source-uri github.com/org/repo.
Inspect the provenance predicate to confirm the builder ID, source commit SHA, and workflow path match expected values before promoting an artifact to production.
Known gotchas
actions/attest-build-provenance produces SLSA v1.0 Build Level 2 by default; achieving Level 3 requires using the slsa-github-generator reusable workflow which runs signing on separate infrastructure.
The attestation is stored in GitHub's artifact store and retrievable only for repositories where GitHub Advanced Security is available; private repos on Free plans cannot use this feature.
slsa-verifier checks the Rekor transparency log for inclusion proof; runs in environments without internet access to Rekor will fail unless a custom TUF root is configured.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp