COSIGN
Sigstore Cosign CLI for signing OCI containers.
Definition
Cosign supports keyless (OIDC) or local key signing, attestations (SLSA, vuln, cyclonedx), policies via Cue/Rego, automatic transparency log via Rekor. CI/CD integration GitHub Actions, GitLab CI. v2.x (2024) stable. Written in Go. Apache 2.0 license.
Origin
Launched by Sigstore (Google + Red Hat + Linux Foundation) in 2021.
Example in context
cosign verify gcr.io/myapp:v1 --certificate-identity-regexp=".*@my-org\.com$" — verifies signature.
Related terms
- Sigstore — parent project.