.
Sign in

Technology

Cosign

Cosign is the Sigstore CLI for keyless signing and verification of container images and software supply chain artifacts.

Cosign is the command-line utility from the Sigstore project, purpose-built to secure your software supply chain. It provides keyless signing and verification for OCI artifacts: container images, SBOMs (Software Bills of Materials), and arbitrary file blobs. Keyless signing is a major feature, eliminating private key management by leveraging your OpenID Connect (OIDC) identity to generate short-lived keys. The process uses the Fulcio certificate authority and logs attestations to the Rekor transparency log, ensuring tamper-proof provenance. This approach simplifies security, allowing consumers to verify image integrity with a single `cosign verify` command.

https://www.sigstore.dev/docs/cosign/
1 project · 1 city

Related technologies

Anthropic 110 AWS Bedrock 13 AWS EKS 1 AWS Nitro Enclaves 3 Claude 384 Sonnet 63

Recent Talks & Demos

Showing 1-1 of 1

Members-Only

Sign in to see who built these projects

Sign in View FAQ
Identity Machines: Zero Trust AI Agents
Toronto May 22
AWS Bedrock Anthropic
Events Gallery