FICHA · MANJARO

cosign

Container Signing with support for ephemeral keys and Sigstore signing

  • cli
  • CLI
  • SECURITY
  • CONTAINERS
  • Launchable
  • Runs in terminal
official+codex · reviewed · May 27, 2026 description in en

Description

Signs and verifies container images and other artifacts with Sigstore support, including keyless or ephemeral-key workflows. It helps teams prove artifact origin and detect tampering in software supply chains.

Use it when container or artifact signing is part of the release policy. Verification rules, identity constraints, and transparency-log expectations should be defined before relying on signatures.

How to run

cosign

Commands: cosign

Permissions

Permissions not analysed for this source yet.