SLSA

All artifacts provided by this repository meet SLSA L3.

Verify SLSA provenance

Install slsa-verifier from slsa-verifier project.
Get digest of image index/manifest. GHCR UI provides the digest in the UI. alternatively, docker, crane or cosign triangulate --type=digest command can be used.
```
docker images \
    --digests \
    --format "Image={{.Repository}}:{{.Tag}} Digest={{.Digest}}" \
    ghcr.io/tprasadtp/protonwire
```

Verify Image

slsa-verifier verify-image \
   --source-uri=github.com/tprasadtp/protonvpn-docker \
    ghcr.io/tprasadtp/protonwire@<IMAGE_DIGEST>