Sigstore

Cosign

Cosign is the Sigstore tool for signing and verifying container images and other OCI artifacts. It enables keyless signing using OIDC identity, hardware token signing, and policy enforcement for container supply chain security.

GitHub

Documentation

📖
Documentation
https://docs.sigstore.dev/cosign/signing/overview/

Other Resources

🔗
GitHub Repository
https://github.com/sigstore/cosign

API entry from apis.yml

apis.yml Raw ↑ 
aid: sigstore:cosign
name: Cosign
description: Cosign is the Sigstore tool for signing and verifying container images and other OCI artifacts.
  It enables keyless signing using OIDC identity, hardware token signing, and policy enforcement for container
  supply chain security.
humanURL: https://docs.sigstore.dev/cosign/signing/overview/
tags:
- Code Signing
- Containers
- OCI
- Security
- Software Supply Chain
properties:
- type: Documentation
  url: https://docs.sigstore.dev/cosign/signing/overview/
- type: GitHub Repository
  url: https://github.com/sigstore/cosign