Cosign
What is Cosign?
CosignAn open-source CLI from the Sigstore project for signing, verifying, and attesting to OCI artifacts and other software using either keyed or keyless workflows.
Cosign is the user-facing tool of the Sigstore stack. It can sign container images, OCI artifacts, blobs, SBOMs, and in-toto attestations and store signatures alongside the artifact or in an OCI registry. In keyless mode it relies on Fulcio to issue a short-lived certificate bound to an OIDC identity and records the signature in the Rekor transparency log; in keyed mode it uses traditional keys, hardware tokens, or KMS-backed keys. Verification policies can require trusted identities (e.g. a specific GitHub Actions workflow), reusable workflows, or attestation predicates. Cosign is the default signing tool in many CI pipelines and Kubernetes admission systems (Kyverno, Connaisseur, OPA Gatekeeper) for enforcing supply-chain integrity.
● Examples
- 01
cosign sign --identity-token $OIDC_TOKEN ghcr.io/org/app:v1.2
- 02
Kyverno policy verifying that production images are signed by a specific GitHub Actions workflow.
● Frequently asked questions
What is Cosign?
An open-source CLI from the Sigstore project for signing, verifying, and attesting to OCI artifacts and other software using either keyed or keyless workflows. It belongs to the Application Security category of cybersecurity.
What does Cosign mean?
An open-source CLI from the Sigstore project for signing, verifying, and attesting to OCI artifacts and other software using either keyed or keyless workflows.
How does Cosign work?
Cosign is the user-facing tool of the Sigstore stack. It can sign container images, OCI artifacts, blobs, SBOMs, and in-toto attestations and store signatures alongside the artifact or in an OCI registry. In keyless mode it relies on Fulcio to issue a short-lived certificate bound to an OIDC identity and records the signature in the Rekor transparency log; in keyed mode it uses traditional keys, hardware tokens, or KMS-backed keys. Verification policies can require trusted identities (e.g. a specific GitHub Actions workflow), reusable workflows, or attestation predicates. Cosign is the default signing tool in many CI pipelines and Kubernetes admission systems (Kyverno, Connaisseur, OPA Gatekeeper) for enforcing supply-chain integrity.
How do you defend against Cosign?
Defences for Cosign typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Cosign?
Common alternative names include: cosign.
● Related terms
- appsec№ 1044
Sigstore
An open-source Linux Foundation project that makes signing, verifying, and protecting software artifacts easy by combining short-lived keys, OIDC identities, and a transparency log.
- appsec№ 784
Package Signing
Applying a cryptographic signature to a software package so that consumers can verify the publisher's identity and that the artifact has not been altered after release.
- appsec№ 870
Provenance Attestation
A signed, machine-verifiable statement that describes how a software artifact was produced - including source, build system, parameters, and dependencies - so consumers can trust its origin.
- appsec№ 1053
SLSA Framework
Supply-chain Levels for Software Artifacts: a tiered set of requirements published by OpenSSF that progressively hardens how software is built, signed, and verified against supply-chain tampering.
- appsec№ 1069
Software Supply Chain Security
The discipline of protecting every link of the software production chain - source, dependencies, build, signing, distribution, and deployment - against tampering, malicious code, and integrity loss.
- appsec№ 522
in-toto
An open framework that cryptographically attests to every step of a software supply chain so that consumers can verify the artifact was built and handled exactly as the project owner intended.