正式なドキュメントは英語版であり、この日本語訳はAI支援翻訳により作成された参考用のものです。日本語訳の一部の内容は人間によるレビューがまだ行われていないため、翻訳のタイミングにより英語版との間に差異が生じることがあります。最新かつ正確な情報については、英語版をご参照ください。

glab attestation verify

Verify the provenance of a specific artifact or file. (EXPERIMENTAL)

Synopsis

Verify the provenance of an artifact built by a GitLab CI/CD pipeline. This command checks the artifact’s signed attestation against the expected GitLab project and pipeline.

This command requires the cosign binary. To install it, see Cosign installation.

This command works only on GitLab.com.

For more information about attestations, see:

This feature is an experiment and is not ready for production use. It might be unstable or removed at any time. For more information, see https://docs.gitlab.com/policy/development_stages_support/.

glab attestation verify <project-id> <artifact-path> [flags]

Examples

# Verify attestation for filename.txt in the gitlab-org/gitlab project
glab attestation verify gitlab-org/gitlab filename.txt

# Verify attestation for filename.txt in the project with ID 123
glab attestation verify 123 filename.txt

Options inherited from parent commands

  -h, --help   Show help for this command.