Understand the in-toto attestation envelope: a DSSE (Dead Simple Signing Envelope) wrapping a Statement that contains a subject (the artifact digest) and a predicate (the provenance data).
Use slsa-github-generator (for GitHub Actions) or another in-toto-aware builder to produce a SLSA provenance attestation predicate (predicate type is defined in the SLSA specification; verify current predicate type URI in SLSA docs) as part of your build workflow.
Sign the attestation using cosign attest with the appropriate predicate type flag pointing to the predicate JSON file; the result is stored in the OCI registry as a referrer or a separate tag.
Verify the attestation using cosign verify-attestation with the expected predicate type and the signer's identity (OIDC issuer and subject) to confirm both signature validity and predicate content.
Use slsa-verifier verify-artifact or verify-image (for container images) to perform SLSA-level verification that checks the provenance against the expected builder and source repository.
Known gotchas
The SLSA provenance predicate schema has versions (v0.2, v1.0, etc.); ensure your generation and verification tooling agree on the predicate type URI or verification will fail.
in-toto attestations require the artifact subject to include a sha256 digest; tag-only references are insufficient and will cause verification failures.
Storing attestations in an OCI registry requires the registry to support the OCI Referrers API or the legacy tag-based attachment scheme; verify your registry's support before designing the pipeline.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp