Download slsa-verifier from the slsa-framework/slsa-verifier GitHub releases page and place it on your PATH; verify the verifier binary itself with its own published provenance to bootstrap trust.
Obtain the artifact (binary or archive) and its provenance file (a .intoto.jsonl file) produced by the slsa-github-generator or a compatible SLSA builder during CI.
Run slsa-verifier verify-artifact <artifact-path> --provenance-path <provenance.intoto.jsonl> --source-uri github.com/<owner>/<repo> to verify the artifact's provenance.
Add --builder-id to assert the specific trusted builder that produced the artifact (e.g., https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml).
Optionally pass --source-tag or --source-versioned-tag to assert the exact Git tag the artifact was built from, preventing acceptance of builds from unexpected branches.
Integrate the verify step into your deployment pipeline so that artifacts are verified before being promoted to production; fail the pipeline if verification exits non-zero.
Known gotchas
slsa-verifier requires network access to the Sigstore transparency log (Rekor) to verify the signing certificate chain; air-gapped environments need an offline verification workflow using the --offline flag and a cached log snapshot.
The --source-uri flag must match exactly the repository URI embedded in the provenance; even a trailing slash difference causes verification to fail.
Provenance files produced by slsa-github-generator are DSSE-encoded JSON lines; tools that strip or reformat the file (e.g., some artifact upload steps) can corrupt the envelope and make verification fail even for legitimate builds.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp