GH-ATTESTATION-DOWNLOAD(1)     GitHub CLI manual    GH-ATTESTATION-DOWNLOAD(1)



NAME
       gh-attestation-download - Download an artifact's attestations for
       offline use



SYNOPSIS
       gh attestation download [<file-path> | oci://<image-uri>] [--owner |
       --repo] [flags]



DESCRIPTION
   NOTE: This feature is currently in public preview, and subject to change.
       Download attestations associated with an artifact for offline use.


       The command requires either: * a file path to an artifact, or * a
       container image URI (e.g. oci://<image-uri>)
         * (note that if you provide an OCI URL, you must already be
       authenticated with its container registry)


       In addition, the command requires either: * the --repo flag (e.g.
       --repo github/example).  * the --owner flag (e.g. --owner github), or


       The --repo flag value must match the name of the GitHub repository that
       the artifact is linked with.


       The --owner flag value must match the name of the GitHub organization
       that the artifact's linked repository belongs to.


       Any associated bundle(s) will be written to a file in the current
       directory named after the artifact's digest. For example, if the digest
       is "sha256:1234", the file will be named "sha256:1234.jsonl".


       Colons are special characters on Windows and cannot be used in file
       names. To accommodate, a dash will be used to separate the algorithm
       from the digest in the attestations file name. For example, if the
       digest is "sha256:1234", the file will be named "sha256-1234.jsonl".



OPTIONS
       -d, --digest-alg <string> (default "sha256")
              The algorithm used to compute a digest of the artifact:
              {sha256|sha512}


       --hostname <string>
              Configure host to use


       -L, --limit <int> (default 30)
              Maximum number of attestations to fetch


       -o, --owner <string>
              a GitHub organization to scope attestation lookup by


       --predicate-type <string>
              Filter attestations by provided predicate type


       -R, --repo <string>
              Repository name in the format /



EXIT CODES
       0: Successful execution


       1: Error


       2: Command canceled


       4: Authentication required


       NOTE: Specific commands may have additional exit codes. Refer to the
       command's help for more information.



EXAMPLE
       # Download attestations for a local artifact linked with an organization
       $ gh attestation download example.bin -o github

       # Download attestations for a local artifact linked with a repository
       $ gh attestation download example.bin -R github/example

       # Download attestations for an OCI image linked with an organization
       $ gh attestation download oci://example.com/foo/bar:latest -o github




SEE ALSO
       gh-attestation(1)

                                   Jan 2025         GH-ATTESTATION-DOWNLOAD(1)