devops

cosign

Definition

cosign is an open-source tool from the Sigstore project for signing, verifying, and storing signatures for container images and other OCI artifacts. It supports keyless signing using ephemeral keys tied to OIDC identity tokens, creating a transparent and auditable supply chain.

cosign is widely adopted as part of software supply chain security practices.

Related Terms

Notary

Image Signing

Container Image Signing

OCI

Open Container Initiative

SBOM Generation

SBOM Generation in CI

← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product