NuGet Provenance Verifier

Verify GitHub build provenance attestations for NuGet packages. Removes the nuget.org repository signature, recomputes the digest, and queries GitHub's attestation API.

View project on GitHub

GitHub Authentication

The attestation API requires authentication. Create a fine-grained PAT with Public Repositories (read-only) access — no other permissions needed. Token stays in your browser.

Package Source

Package ID

Version

Drop a .nupkg file here or click to browse

GitHub Owner — auto-detected from .nuspec, or enter manually (user or org)

Verification Log

About this page: this published index.html comes from the georg-jung/nuget-provenance-verifier repository. Its release workflow stages site/index.html, creates a GitHub provenance attestation for that file, and then deploys it to GitHub Pages. To verify a local copy, use gh attestation verify index.html --repo georg-jung/nuget-provenance-verifier.