Run `cosign verify --certificate-identity-regexp '<workflow-url-pattern>' --certificate-oidc-issuer https://token.actions.githubusercontent.com <image>@<digest>` and confirm exit code 0
Run `cosign verify-attestation --type cyclonedx --certificate-identity-regexp '<pattern>' --certificate-oidc-issuer https://token.actions.githubusercontent.com <image>@<digest>` to verify an attached SBOM attestation
Pipe the attestation output to `jq '.payload | @base64d | fromjson'` to decode and inspect the predicate
Integrate both verify commands as a pre-deploy gate in CI; fail the pipeline if either returns a non-zero exit code
For Kubernetes, configure Sigstore Policy Controller or Kyverno `verifyImages` rules to enforce verification at admission time
Known gotchas
Cosign verify checks the Rekor inclusion proof by default in 2.x; if Rekor is temporarily unavailable the verification will fail even for valid signatures — use `--insecure-ignore-tlog` only in air-gapped contexts with explicit justification
The `--certificate-identity` and `--certificate-oidc-issuer` flags are required for keyless; omitting them skips identity checks and only validates the cryptographic chain
Attestation type names (`cyclonedx`, `slsaprovenance`, `vuln`) are case-sensitive and must match the predicate type URI used at signing time
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp