slsa-verifier
« Back to VersTracker
Description:
Verify provenance from SLSA compliant builders
Type: Formula  |  Latest Version: 2.7.1@0  |  Tracked Since: Dec 27, 2025
Links: Homepage  |  formulae.brew.sh
Category: Security
Tags: security devsecops supply-chain provenance verification compliance
Install: brew install slsa-verifier
About:
The slsa-verifier is a command-line tool that validates artifacts against the Supply-chain Levels for Software Attestation (SLSA) framework. It checks digital signatures and verifies the authenticity and integrity of software provenance generated by SLSA-compliant build platforms. Its main value is enabling users to trust that software binaries were built securely and have not been tampered with.
Key Features:
  • Verifies provenance attestations from builders like GitHub Actions and Google Cloud Build
  • Validates artifact integrity against the signed provenance statement
  • Supports verification against different SLSA build levels (1-4)
  • Can be integrated into CI/CD pipelines for automated compliance checks
  • Provides detailed output on verification success or failure reasons
Use Cases:
  • Enforcing supply chain security policies in CI/CD pipelines before deployment
  • Auditing open-source or third-party binaries for build integrity before use
  • Implementing a secure software procurement process for internal development
Alternatives:
  • cosign – Cosign is a general-purpose tool for signing and verifying container images and artifacts, while slsa-verifier is specifically designed for the SLSA provenance format and framework.
  • in-toto – In-toto is a framework to secure software supply chains, providing a more flexible metadata format; slsa-verifier is a concrete implementation focused on verifying SLSA, which builds upon in-toto concepts.
Version History
Detected Version Rev Change Commit
Dec 27, 2025 6:36pm 2.7.1 0 VERSION_BUMP 57fe1c5a
Sep 15, 2025 10:41am 0 VERSION_BUMP 914ec6bb
Sep 13, 2024 11:27pm 0 VERSION_BUMP f892b465
Jul 16, 2024 1:20am 0 VERSION_BUMP cdb2324a
Jul 15, 2024 9:45pm 0 VERSION_BUMP d4085401
Nov 9, 2023 6:15pm 0 VERSION_BUMP 8581f204
Sep 24, 2023 7:23pm 0 VERSION_BUMP 0c886626
« Back to VersTracker  |  Browse Packages  |  About