Back to Terragrunt

Install Script Attestation

docs/src/data/changelog/v1.1.0/install-script-attestation.mdx

1.1.0633 B
Original Source

Install script verifies release attestations

The install script now checks downloaded release assets against the release attestation that ships with immutable releases. For releases starting with v1.1.0, when an authenticated GitHub CLI (v2.81.0 or later) is available, the script verifies the checksums file and the binary against the attestation before installing, and aborts if either does not match the published release. The check is skipped with a warning when gh is unavailable, too old, or unauthenticated. Use --no-verify-attestation to opt out.