Verify Sign

Add an Artifact Verification (SscaArtifactVerification) step to an existing Harness pipeline. The step verifies Cosign signatures on artifacts — typically immediately after SscaArtifactSigning.

This skill only works with existing pipelines — do not create standalone verification-only pipelines.

Prerequisites: Artifact must already be signed (typically via /sign-artifact / SscaArtifactSigning). Key-based verify requires the Cosign public key file secret matching the signing private key (/create-secret). If signing did not upload .sig to the registry, Harness pulls the signature from its database during verification.

Supported stages: CI, Security, and CD (Deployment in containerized step group before deploy).

Guide the user through a step-by-step interactive wizard (same UX as /sign-artifact):

• Wizard: references/interactive-wizard-flow.md
• UI ↔ YAML: references/artifact-verification-step.md
• CD containerized step groups: references/cd-containerized-step-group.md