There is gradle-witness plugin. Unfortunately it seems to be not actively developed anymore and there are some pending issues (like support for buildscript dependencies verification).
Anyway artifacts consistency does not seem to be high on the Gradle team priority list. There is an ability to verify sha256 signature of downloaded distribution (contributed by the community), but the official checksum for published distributions are not available (not to mention its OpenPGP/GPG signing).