diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index 13b598d52..cb210ce56 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -37,3 +37,6 @@ jobs:
 
       - name: Build
         run: go build -v ./cmd/gh
+
+      - name: Run attestation command integration Tests
+        run: ./test/integration/attestation-cmd/test/download-and-verify-package-attestation.sh
diff --git a/test/integration/attestation-cmd/download-and-verify-package-attestation.sh b/test/integration/attestation-cmd/download-and-verify-package-attestation.sh
new file mode 100755
index 000000000..cb54f66e9
--- /dev/null
+++ b/test/integration/attestation-cmd/download-and-verify-package-attestation.sh
@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Get the root directory of the repository
+rootDir="$(git rev-parse --show-toplevel)"
+
+ghBuildPath="$rootDir/bin/gh"
+
+# Compute the package and attestation URLs
+labRatPackageName="sigstore"
+latestPackageVersion=$(npm -s info $labRatPackageName dist-tags.latest | tr -d '\n')
+packageFile="$labRatPackageName-$latestPackageVersion.tgz"
+packageURL="https://registry.npmjs.org/$labRatPackageName/-/$packageFile"
+attestationFile="$labRatPackageName-$latestPackageVersion.json"
+attestationURL="https://registry.npmjs.org/-/npm/v1/attestations/$labRatPackageName@$latestPackageVersion"
+
+echo "Testing with package $packageFile and attestation $attestationFile"
+
+curl -s $packageURL -o $packageFile
+curl -s $attestationURL | jq '.attestations[1].bundle' > $attestationFile
+
+# Verify the package with the --owner flag
+$ghVerifyBuildPath $packageFile -b $attestationFile --digest-alg=sha512 --owner=sigstore
+if [ $? -ne 0 ]; then
+    # cleanup test data
+    rm $packageFile $attestationFile
+    exit 1
+fi
+
+$ghVerifyBuildPath $packageFile -b $attestationFile --digest-alg=sha512 --repo=sigstore-js
+if [ $? -ne 0 ]; then
+    # cleanup test data
+    rm $packageFile $attestationFile
+    exit 1
+fi
+
+# cleanup test data
+rm $packageFile $attestationFile