> ## Documentation Index > Fetch the complete documentation index at: https://docs.qlty.sh/llms.txt > Use this file to discover all available pages before exploring further. # Integrity Verification Qlty publishes cryptographic attestations for all CLI releases, allowing you to verify that the binary you downloaded was built by Qlty and hasn't been tampered with. These attestations are powered by [Sigstore](https://www.sigstore.dev/) and published as [GitHub artifact attestations](https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds). ## How it works When we release a new version of the Qlty CLI, our GitHub Actions workflow: 1. Builds the CLI binaries for each supported platform 2. Generates a cryptographic attestation for each build artifact 3. Publishes the attestations to GitHub's attestation store These attestations cryptographically prove that the binary was built from our official repository using our CI/CD pipeline. ## Verifying the CLI You can verify the integrity of any Qlty CLI release using the GitHub CLI (`gh`). The `gh` CLI must be authenticated to verify attestations, even for public repositories. Run `gh auth login` first if you haven't already. **Example (macOS Apple Silicon):** ```shell lines theme={"system"} # Download the archive from https://github.com/qltysh/qlty/releases curl -LO https://github.com/qltysh/qlty/releases/latest/download/qlty-aarch64-apple-darwin.tar.xz # Verify the attestation gh attestation verify --owner qltysh qlty-aarch64-apple-darwin.tar.xz # Unpack and install tar -xJf qlty-aarch64-apple-darwin.tar.xz sudo mv qlty-aarch64-apple-darwin/qlty /usr/local/bin/ ``` For other platforms, download the appropriate archive from [GitHub releases](https://github.com/qltysh/qlty/releases). ## Successful verification A successful verification will display output similar to: ``` Loaded digest sha256:abc123... for file qlty-aarch64-apple-darwin.tar.xz Loaded 1 attestation from GitHub API ✓ Verification succeeded! ``` This confirms the binary was signed by GitHub Actions and built from the official Qlty repository. ## Learn more * [GitHub artifact attestations documentation](https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds) * [Sigstore](https://www.sigstore.dev/) * [Qlty CLI releases](https://github.com/qltysh/qlty/releases)