cosign verify-attestation

Verify an attestation on the supplied container image


--output-file <output-file>Log output to a file
--timeout, -t <timeout>Timeout for commands
--verbose, -dLog debug output
--allow-insecure-registryWhether to allow insecure connections to registries. Don't use this for anything but testing
--attachment-tag-prefix <attachment-tag-prefix>Optional custom prefix to use for attached image tags. Attachment images are tagged as: `[AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName]`
--cert <cert>Path to the public certificate
--cert-email <cert-email>The email expected in a valid Fulcio certificate
--cert-oidc-issuer <cert-oidc-issuer>The OIDC issuer expected in a valid Fulcio certificate, e.g. or
--check-claimsWhether to check the claims found
--k8s-keychainWhether to use the kubernetes keychain instead of the default keychain (supports workload identity)
--key <key>Path to the public key file, KMS URI or Kubernetes Secret
--local-imageWhether the specified image is a path to an image saved locally via 'cosign save'
--output, -o <output>Output format for the signing image information (json|text)
--policy <policy>Specify CUE or Rego files will be using for validation
--rekor-url <rekor-url>[EXPERIMENTAL] address of rekor STL server
--skWhether to use a hardware security key
--slot <slot>Security key slot to use for generated key (default: signature) (authentication|signature|card-authentication|key-management)
--type <type>Specify a predicate type (slsaprovenance|link|spdx|vuln|custom) or an URI
--help, -hHelp for verify-attestation