From 3e85e1915fbc838441624a3d941dc89b2a9006e9 Mon Sep 17 00:00:00 2001 From: Braydon Kains <93549768+braydonk@users.noreply.github.com> Date: Wed, 9 Oct 2024 09:47:12 -0400 Subject: [PATCH] Update README.md (#212) --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 831a6b1..4c31bcb 100644 --- a/README.md +++ b/README.md @@ -58,6 +58,8 @@ For in-depth configuration documentation see [Config](docs/config-file.md). ## Verifying release artifacts +NOTE: Support for verifying with cosign is present from v0.14.0 onward. + In case you get the `yamlfmt` binary directly from a release, you may want to verify its authenticity. Checksums are applied to all released artifacts, and the resulting checksum file is signed using [cosign](https://docs.sigstore.dev/cosign/installation/). Steps to verify (replace `A.B.C` in the commands listed below with the version you want):