Summary
Currently, slsa-verifier verify-artifact requires actual artifact files as positional arguments.
I propose allowing it to also accept artifact digests instead of files.
Background
When verifying downloaded artifacts in CI using slsa-verifier verify-artifact, there are several challenges:
- Verification takes some time
- Dependency on slsa-verifier (requires installation)
- Rekor access occasionally fails
- Cannot verify in network-restricted environments where Rekor is inaccessible
A practical solution to these issues is:
- Verify the digest once using provenance and record it in a lock file
- Subsequently, verify artifacts against the digest recorded in the lock file
Step 1 only needs to be performed when adding or updating artifacts, while step 2 eliminates the issues mentioned above.
Digests can be obtained from files like checksums.txt or the GitHub Releases API without downloading large artifacts.
However, since slsa-verifier verify-artifact currently cannot accept digests as arguments, downloading the artifact is still required.
Supporting digest arguments would enable efficient verification in step 1.
Proposal
Allow verify-artifact to accept digest strings in the format sha256:<hex> or sha512:<hex> as positional arguments, in addition to file paths.
Example Usage
# Verify using digest instead of file
slsa-verifier verify-artifact sha256:b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9 \
--provenance-path provenance.json \
--source-uri github.com/org/repo
# Mix file paths and digests
slsa-verifier verify-artifact artifact.tar.gz sha256:abc123... \
--provenance-path provenance.json \
--source-uri github.com/org/repo
Proposed Behavior
- If an argument starts with
sha256: or sha512:, treat it as a digest
- Validate the digest format (correct length, valid hex characters)
- Otherwise, treat the argument as a file path (current behavior)
Note
Summary
Currently,
slsa-verifier verify-artifactrequires actual artifact files as positional arguments.I propose allowing it to also accept artifact digests instead of files.
Background
When verifying downloaded artifacts in CI using
slsa-verifier verify-artifact, there are several challenges:A practical solution to these issues is:
Step 1 only needs to be performed when adding or updating artifacts, while step 2 eliminates the issues mentioned above.
Digests can be obtained from files like
checksums.txtor the GitHub Releases API without downloading large artifacts.However, since
slsa-verifier verify-artifactcurrently cannot accept digests as arguments, downloading the artifact is still required.Supporting digest arguments would enable efficient verification in step 1.
Proposal
Allow
verify-artifactto accept digest strings in the formatsha256:<hex>orsha512:<hex>as positional arguments, in addition to file paths.Example Usage
Proposed Behavior
sha256:orsha512:, treat it as a digestNote
cosign verify-blobalso supports digests in the same usagegh attestation verifyandgh attestation downloadcommand cli/cli#12462