Attestations

Excalibur's release assets are all generated using GitHub Actions. By doing so, we can leverage the use of artefact attestations, making the provenance of the assets of Excalibur unfalsifiable and verifiable.

Verifying Assets

important

You will need to install the GitHub CLI.

You will also need to set up the GitHub CLI by running gh auth login.

Suppose you downloaded a file from one of the releases. You can verify its provenance using the gh attestations verify command as follows:

gh attestation verify <FILE> --repo PhotonicGluon/Excalibur

If the verification process was successful, you should see a Verification succeeded! message appear in the terminal.

All Attestations

You can find Excalibur's attestations here.

Verifying Assets​

All Attestations​

Verifying Assets

All Attestations