From c27df7ac6961ef8c13c44b8b435a6ce982e32def Mon Sep 17 00:00:00 2001
From: Brad House <brad@brad-house.com>
Date: Sun, 10 Nov 2024 12:40:36 -0500
Subject: [PATCH] add SLSA verification example

---
 index.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/index.md b/index.md
index a387870..fd049d0 100644
--- a/index.md
+++ b/index.md
@@ -61,6 +61,20 @@ that the release was generated from the intended repository.
 
 To verify the provenance of the release, please follow the instructions [here](https://github.com/slsa-framework/slsa-github-generator#verify-provenance).
 
+Example:
+```
+$ curl -sO https://github.com/c-ares/c-ares/releases/download/v1.34.3/c-ares-1.34.3.intoto.jsonl
+$ curl -sO https://github.com/c-ares/c-ares/releases/download/v1.34.3/c-ares-1.34.3.tar.gz
+$ slsa-verifier verify-artifact c-ares-1.34.3.tar.gz \
+    --provenance-path c-ares-1.34.3.intoto.jsonl \
+    --source-uri github.com/c-ares/c-ares \
+    --source-tag v1.34.3
+Verified signature against tlog entry index 147812470 at URL: https://rekor.sigstore.dev/api/v1/log/entries/108e9186e8c5677a9bfd5bc5181d05ada688a805f9a59cfd082dec27cb6d6567f85b7382eea39dc5
+Verified build using builder "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v2.0.0" at commit c29e75d54c3743783d51a609980495cf553b4bca
+Verifying artifact c-ares-1.34.3.tar.gz: PASSED
+
+PASSED: SLSA verification passed
+```
 
 ## Features