Since the infamous SolarWinds attack, supply chain integrity is something a lot of people are discussing and working on. In this post we’ll see how we can verify a binary built with Go is indeed what it says it is. Building from Go mod proxy Using go install The easiest way of doing that is using go install: $ go install github.com/caarlos0/svu@v1.7.0 And then we can verify with go version -m:
