Icon

Cosign

Cosign is a CLI tool by Sigstore for signing, verifying, and storing signatures of container images and other software artifacts. It supports keyless signing using Sigstore's Fulcio certificate authority and Rekor transparency log, hardware and KMS signing, and container signing with OCI registries.
Latest: 4.1.2 GitHub
Last checked: Jun 9, 2026 12:10am
Rank: 3037/15140
Also monitored via:
Site Monitor Winget
Follow to track new versions in your feed.
Report

Overview

0
License: Apache-2.0Winget: Available
Product Page Download Page

Version & Lifecycle

0
Current: 4.1.2 N-2: 3.0.6 Oldest supported: 2.0.0 Avg cadence: Every 31 days

Tags

0
container signing software signing keyless signing OCI Sigstore security open source

Top Contributors

Top sitewide contributors:

  1. Anbarasan
  2. nico_k
  3. Bob
  4. Vigneshwaran

Community Notes

No community notes yet

Be the first to as a good question or share deployment tips, customization scripts, command lines, or troubleshooting steps.

Release Notes & Updates

0
Avg cadence:
Updates • 0

Help us match vulnerabilities

No vulnerability match yet. Pick the right product:

Looking for matching products…
Don’t see it? Paste a CPE

Also known as

Other names people use for this app — helps search and matching.

Cosignsigstore Cosign

Notes

0

Cosign is part of the Sigstore project and supports signing with ephemeral keys authenticated via OpenID Connect. Installation methods include binaries for Linux and macOS, Homebrew, Arch, Nix, GitHub Actions, and Kubernetes. Version 2.0.0 or higher is required for some integrations.

Your community for enterprise application details

Explore

Account

© 2026 RWK Systems. All rights reserved.
Sign in