GH-RELEASE-VERIFY-ASSET(1) GitHub CLI manual GH-RELEASE-VERIFY-ASSET(1) NAME gh-release-verify-asset - Verify that a given asset originated from a release SYNOPSIS gh release verify-asset [] [flags] DESCRIPTION Verify that a given asset file originated from a specific GitHub Release using cryptographically signed attestations. An attestation is a claim made by GitHub regarding a release and its assets. This command checks that the asset you provide matches a valid attestation for the specified release (or the latest release, if no tag is given). It ensures the asset's integrity by validating that the asset's digest matches the subject in the attestation and that the attestation is associated with the release. OPTIONS --format Output format: {json} -q, --jq Filter JSON output using a jq expression -t, --template Format JSON output using a Go template; see "gh help formatting" OPTIONS INHERITED FROM PARENT COMMANDS -R, --repo <[HOST/]OWNER/REPO> Select another repository using the [HOST/]OWNER/REPO format EXIT CODES 0: Successful execution 1: Error 2: Command canceled 4: Authentication required NOTE: Specific commands may have additional exit codes. Refer to the command's help for more information. EXAMPLE # Verify an asset from the latest release $ gh release verify-asset ./dist/my-asset.zip # Verify an asset from a specific release tag $ gh release verify-asset v1.2.3 ./dist/my-asset.zip # Verify an asset from a specific release tag and output the attestation in JSON format $ gh release verify-asset v1.2.3 ./dist/my-asset.zip --format json SEE ALSO gh-release(1) Oct 2025 GH-RELEASE-VERIFY-ASSET(1)