SLSA Verifier (github.com/slsa-framework/slsa-verifier) is the verification counterpart to SLSA (Supply-chain Levels for Software Artifacts) provenance generation. While tools like Sigstore Cosign handle cryptographic signature verification of container images, SLSA Verifier specifically validates the provenance metadata that describes where, when, and how a software artifact was produced — answering the question “was this binary actually built from the source code I expect, by a trusted build system?”

The tool works with provenance attestations generated by SLSA-compliant builders, including the official GitHub Actions SLSA builders maintained by the slsa-framework organization. When a CI pipeline builds an artifact using a SLSA builder, it produces a signed provenance document containing the source repository, commit hash, builder identity, build configuration, and input materials. SLSA Verifier takes this provenance and the artifact, then cryptographically verifies the chain of trust.

Verification checks include: the provenance signature is valid and from a trusted builder, the source repository matches expected values, the builder identity is an authorized SLSA builder at the expected level, the artifact digest matches what the provenance claims was produced, and the build configuration has not been tampered with. The tool supports verification of both container images and generic artifacts (binaries, packages, tarballs).

SLSA Verifier integrates into CI/CD pipelines and release processes as a verification gate. Teams can add it to their deployment pipelines to ensure only artifacts with valid provenance from trusted builders reach production. It also supports verification against specific SLSA levels, allowing organizations to enforce minimum build integrity standards across their software supply chain.

The tool is written in Go, distributed as pre-built binaries with their own SLSA provenance (bootstrapping trust), and licensed under Apache 2.0. It is maintained by the SLSA Framework organization, a collaboration between Google, Intel, VMware, and other OpenSSF members. As supply chain attacks become more prevalent, SLSA Verifier fills a specific gap that signature-only tools miss: verifying not just that an artifact is authentic, but that the entire build process that produced it was trustworthy.