{"id":16888554,"url":"https://github.com/imjasonh/cosign-docker-cli-plugins","last_synced_at":"2025-04-11T12:55:03.048Z","repository":{"id":43859402,"uuid":"456596455","full_name":"imjasonh/cosign-docker-cli-plugins","owner":"imjasonh","description":"Docker CLI plugins for cosign","archived":false,"fork":false,"pushed_at":"2022-04-07T20:26:54.000Z","size":15,"stargazers_count":11,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-25T09:12:07.967Z","etag":null,"topics":["code-signing","container-image","docker"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/imjasonh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-02-07T16:56:27.000Z","updated_at":"2024-04-24T06:25:53.000Z","dependencies_parsed_at":"2022-09-06T07:20:51.830Z","dependency_job_id":null,"html_url":"https://github.com/imjasonh/cosign-docker-cli-plugins","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/imjasonh%2Fcosign-docker-cli-plugins","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/imjasonh%2Fcosign-docker-cli-plugins/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/imjasonh%2Fcosign-docker-cli-plugins/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/imjasonh%2Fcosign-docker-cli-plugins/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/imjasonh","download_url":"https://codeload.github.com/imjasonh/cosign-docker-cli-plugins/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248404010,"owners_count":21097635,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["code-signing","container-image","docker"],"created_at":"2024-10-13T16:52:39.886Z","updated_at":"2025-04-11T12:55:03.021Z","avatar_url":"https://github.com/imjasonh.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Docker CLI plugins for [`cosign`](https://github.com/sigstore/cosign)\n\nThese plugins aim to make it slightly easier to use `cosign` using `docker` CLI commands.\n\nThey require that you have [`cosign`](https://docs.sigstore.dev/cosign/installation/) and [`crane`](https://github.com/google/go-containerregistry/tree/main/cmd/crane#installation) installed.\n\n⚠️ **These plugins are unofficial, unsupported, experimental, and likely to change.** ⚠️\n\nIdeally, this functionality would be built into the `docker` CLI directly (see https://github.com/docker/cli/issues/3283).\nUntil then, CLI plugins are simply a temporary solution.\n\n## Install\n\nDocker CLI plugins are found in `~/.docker/cli-plugins`, with names like `docker-\u003ccommand\u003e`.\n\nYou can fetch and install these from this repo like so:\n\n```\nmkdir -p ~/.docker/cli-plugins\nfor cmd in docker-pullx docker-pushx docker-sign docker-verify; do\n    curl https://raw.githubusercontent.com/imjasonh/cosign-docker-cli-plugins/main/${cmd}.sh \\\n        -o ~/.docker/cli-plugins/${cmd} \u0026\u0026 \\\n        chmod +x ~/.docker/cli-plugins/${cmd}\ndone\n```\n\n_Please inspect the source of these plugins before using them; you are implicitly trusting them to make security decisions for you._\n\n## Commands\n\n### `docker pushx [image]`\n\nThis runs `docker push [image]` then `cosign sign [image]`, passing any remaining args to `cosign sign`.\n\n- _Note:_ This will not affect images pushed during `docker buildx --push`.\n- _Note:_ It's strongly recommended that you sign images by digest, to avoid race conditions.\n  This command does not currently do this.\n  For this reason, you should prefer to `docker push` the image separately, then `cosign sign` the pushed image by digest.\n\n### `docker pullx [image]`\n\nThis runs `cosign verify [image]` then `docker pull [image]`, passing any remaining args to `cosign verify`.\n\n- _Note:_ This will not affect images pulled during builds, for example in `FROM [image]` statements.\n- _Note:_ It's strongly recommended that you verify images by digest, to avoid race conditions.\n\n### `docker sign [image]`\n\nThis ensures the image exists in the registry, and if not, pushes it using `docker push [image]`.\nThen, it runs `cosign sign [image]`, passing any remaining args to `cosign sign`.\n\n- _Note:_ It's strongly recommended that you sign images by digest, to avoid race conditions.\n  For this reason, you should prefer to `docker push` the image separately, then `cosign sign` the pushed image by digest.\n\n### `docker verify [image]`\n\nThis is simply a wrapper for `cosign verify`, passing all args to `cosign verify`.\n\n- _Note:_ It's strongly recommended that you verify images by digest, to avoid race conditions.\n\n### `COSIGN_EXPERIMENTAL`\n\nAll of these plugins support the `COSIGN_EXPERIMENTAL` environment variable, which enables keyless signing and verification.\n\nFor example:\n\n```\nCOSIGN_EXPERIMENTAL=1 docker pullx ghcr.io/shipwright-io/build/shipwright-build-controller\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fimjasonh%2Fcosign-docker-cli-plugins","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fimjasonh%2Fcosign-docker-cli-plugins","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fimjasonh%2Fcosign-docker-cli-plugins/lists"}