Use the `slsa-framework/slsa-github-generator` reusable workflows for your artifact type (e.g., Go binary, container image, or generic artifact)
In your workflow, call the generator's reusable workflow via `uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@<pinned-tag>` and pass the artifact's digest as input
The generator workflow runs in an isolated, ephemeral environment, builds provenance, and signs it with Sigstore's Fulcio CA using the workflow's OIDC identity — no long-lived keys needed
Upload both the artifact and the `.intoto.jsonl` provenance attestation file to your GitHub release assets or container registry
Verify provenance with the `slsa-verifier` CLI: `slsa-verifier verify-artifact <artifact> --provenance-path <file> --source-uri github.com/YOUR_ORG/YOUR_REPO`
Pin the generator workflow to a specific tagged version (not a branch) to prevent dependency confusion attacks on your supply chain
Known gotchas
SLSA level 3 requires that the build runs in an isolated environment not controllable by the repository owner — using self-hosted runners downgrades the attainable level
The provenance is tied to the exact artifact digest; any post-build modification (repackaging, re-tagging) invalidates the attestation
Verifying provenance requires network access to Sigstore's transparency log (Rekor) — air-gapped environments need a private Rekor instance or offline verification workarounds
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp