verify-sign
OfficialVerify artifact signatures in Harness pipelines.
System Documentation
What problem does it solve?
Add an Artifact Verification (SscaArtifactVerification) step to an existing Harness pipeline to verify Cosign signatures on container or local-stage artifacts. Supports CI, Security, and CD Deploy (containerized step group). Supports Third-Party registries (Docker, ECR, GCR, GAR, ACR), Harness Artifact Registry (HAR), and Harness Local Stage artifacts. Only works with existing pipelines. Use when asked to verify signed artifacts, verify artifact signature, verify-sign, validate Cosign signature, or configure SscaArtifactVerification.
Core Features & Use Cases
- Interactive wizard guides users through adding Artifact Verification, aligning with existing signing steps.
- Supports CI, Security, and CD deployment stages, containerized step groups, and multiple source types (Docker registries, HAR, Harness Local Stage).
- Reuses signing context (source, image) and supports keyless or Cosign-based verification with a public key secret.
- CD deployment: verification can occur before deploy inside a containerized step group.
Quick Start
Run /verify-sign to start the interactive wizard and attach an Artifact Verification step to your pipeline.
Dependency Matrix
Required Modules
None requiredComponents
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: verify-sign Download link: https://github.com/harness/harness-skills/archive/main.zip#verify-sign Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 510,000+ vetted skills library on demand.