akua attest
Planned
Emit a SLSA v1 provenance predicate for the current package or a built artifact.
akua attest [path] [flags]Flags
| flag | description | |
|---|---|---|
--key=<cosign-key-ref> | cosign signing key | |
--oci=<ref> | attest a remote OCI artifact instead of local build | |
--out=<file> | where to write the predicate (default: <target>.attestation.json) | |
| `--format=<slsa-v1\ | in-toto>` | predicate format (default: slsa-v1) |
JSON output
{
"subject": {
"name": "pkg.akua.dev/payments-api",
"digest": "sha256:…"
},
"predicateType": "https://slsa.dev/provenance/v1",
"predicate": { /* SLSA v1 predicate */ },
"signed": true,
"signature": "./attestation.sig"
}