Verify with cosign¶
Every OCI image released after v1.0.0 is signed with Sigstore cosign using keyless OIDC signing from GitHub Actions.
Install cosign¶
Cosign installation instructions.
Via Homebrew:
brew install cosign
Verify the signature¶
cosign verify ghcr.io/klein-business/legal-text-mcp-de:v1.0.0 \
--certificate-identity-regexp 'https://github.com/klein-business/.*' \
--certificate-oidc-issuer https://token.actions.githubusercontent.com
Expected output: a JSON object listing the certificate, the workflow identity, and confirming the signature is valid. Non-zero exit indicates verification failure.
Verify SBOM and SLSA attestations¶
cosign verify-attestation \
--type cyclonedx \
--certificate-identity-regexp 'https://github.com/klein-business/.*' \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
ghcr.io/klein-business/legal-text-mcp-de:v1.0.0
cosign verify-attestation \
--type slsaprovenance \
--certificate-identity-regexp 'https://github.com/klein-business/.*' \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
ghcr.io/klein-business/legal-text-mcp-de:v1.0.0
Both return JSON predicates with the expected types when verification succeeds.
Why no signing key?¶
Keyless signing ties each signature to the build identity (the GitHub Actions workflow run that produced it). Verification checks that the certificate was issued to the project's repo and a workflow the maintainer controls. There is no long-lived private key to leak.
What if verification fails?¶
Stop. Verification failure means the image was modified, the signature was forged, or you are pulling from a fork that isn't ours. Open a security issue (see SECURITY.md) before using the image.
Related¶
- SBOM — inspecting the software bill of materials.
- Versioning — release process overview.