Cosign — Sign and Verify Container Images and Artifacts

Introduction

Cosign is the signing and verification tool from the Sigstore project, backed by the Linux Foundation. It was created to make container image signing as easy as git commit signing. With keyless mode, developers sign images using their existing OIDC identity (GitHub, Google, Microsoft) and a short-lived certificate from the Fulcio CA, eliminating private key management entirely.

What Cosign Does

• Signs OCI container images and stores signatures in the same registry alongside the image
• Supports keyless signing via OIDC and Sigstore's Fulcio certificate authority
• Verifies image signatures against identity and issuer constraints
• Signs and verifies arbitrary blobs, SBOMs, and in-toto attestations
• Integrates with Kubernetes admission controllers to enforce signature policies

Architecture Overview

Cosign stores signatures as OCI artifacts in the container registry, linked to the image digest via a tag convention. In keyless mode, cosign requests a short-lived certificate from Fulcio (the Sigstore CA) using an OIDC token, signs the image digest, and records the signing event in Rekor (a tamper-proof transparency log). Verifiers check the Rekor log entry and the Fulcio certificate chain without needing the signer's public key — only the identity and OIDC issuer are required.

Self-Hosting & Configuration

• Install the cosign binary from GitHub releases, Homebrew, or as a Go module
• For keyless signing, ensure you have an OIDC token (CI environments like GitHub Actions provide this automatically)
• For key-based signing, generate a key pair: cosign generate-key-pair
• Use cosign policy init to create image admission policies for Kubernetes
• Integrate with Kyverno or OPA Gatekeeper to enforce signature verification at deploy time

Key Features

• Keyless signing removes the burden of managing and rotating signing keys
• Transparency log (Rekor) provides an immutable audit trail of all signing events
• Attestation support for SLSA provenance, SBOMs, and custom predicates
• Native integration with GitHub Actions, GitLab CI, and Tekton for automated signing
• Works with any OCI-compliant registry (Docker Hub, ECR, GCR, ACR, Harbor)

Comparison with Similar Tools

• Docker Content Trust (Notary v1) — complex setup with a separate trust server; Cosign uses the registry itself
• Notary v2 — also OCI-native but a separate project with different UX; Cosign has wider adoption
• GPG signing — manual, not OCI-aware, requires public key distribution
• Syft + Grype — generate and scan SBOMs; Cosign signs those SBOMs for tamper-proof distribution
• TUF — framework-level specification; Sigstore/Cosign is a concrete implementation

FAQ

Q: What is keyless signing? A: Cosign uses your OIDC identity (e.g., GitHub login) to obtain a short-lived certificate from Fulcio. No long-lived private key is needed.

Q: Where are signatures stored? A: In the same OCI registry as the image, using a predictable tag derived from the image digest.

Q: Can I enforce signatures in Kubernetes? A: Yes. Use Kyverno, OPA Gatekeeper, or the Sigstore policy-controller to reject unsigned images at admission time.

Q: Does keyless signing work in CI without human interaction? A: Yes. GitHub Actions, GitLab CI, and other providers supply OIDC tokens that Cosign uses automatically.

Sources

• https://github.com/sigstore/cosign
• https://docs.sigstore.dev/cosign/