📄️ Verifying kacti binaries
kacti creates intoto provenance with every release, aligning with the Supply-chain levels for Software Artifacts (SLSA) level 3 requirements. This allows you to verify that a particular binary was created from the project and that it hasn't been tampered with post-release.
📄️ Verifying kacti images
Kacti images are signed using Sigstore, and provenance is recorded in the public-good Rekor instance.