{"id":13481009,"url":"https://github.com/sigstore/cosign","last_synced_at":"2026-04-06T23:06:23.050Z","repository":{"id":37036336,"uuid":"335952417","full_name":"sigstore/cosign","owner":"sigstore","description":"Code signing and transparency for containers and binaries","archived":false,"fork":false,"pushed_at":"2026-04-03T00:02:35.000Z","size":25875,"stargazers_count":5779,"open_issues_count":141,"forks_count":713,"subscribers_count":55,"default_branch":"main","last_synced_at":"2026-04-03T06:04:24.587Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sigstore.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":"COPYRIGHT.txt","agents":null,"dco":null,"cla":null}},"created_at":"2021-02-04T12:49:39.000Z","updated_at":"2026-04-03T05:57:56.000Z","dependencies_parsed_at":"2024-03-11T01:26:32.647Z","dependency_job_id":"d25d7c4f-af58-4f99-a88e-e64ee03683e1","html_url":"https://github.com/sigstore/cosign","commit_stats":{"total_commits":2453,"total_committers":223,"mean_commits":11.0,"dds":0.657154504688137,"last_synced_commit":"d275a272ec0cdf5a4c22d01b891a4d7e20164d71"},"previous_names":["projectcosign/cosign"],"tags_count":75,"template":false,"template_full_name":null,"purl":"pkg:github/sigstore/cosign","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sigstore%2Fcosign","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sigstore%2Fcosign/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sigstore%2Fcosign/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sigstore%2Fcosign/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sigstore","download_url":"https://codeload.github.com/sigstore/cosign/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sigstore%2Fcosign/sbom","scorecard":{"id":476730,"data":{"date":"2025-08-19T14:58:43Z","repo":{"name":"github.com/sigstore/cosign","commit":"b11824349c8e79b30546a256cb543281e2f2971d"},"scorecard":{"version":"v5.2.1","commit":"ab2f6e92482462fe66246d9e32f642855a691dc1"},"score":8.3,"checks":[{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dependency-update-tool"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#maintained"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yaml:43","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/build.yaml:44","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:44","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:45","Info: jobLevel 'contents' permission set to 'read': .github/workflows/cut-release.yml:42","Info: jobLevel 'contents' permission set to 'read': .github/workflows/depsreview.yml:27","Info: jobLevel 'contents' permission set to 'read': .github/workflows/donotsubmit.yaml:34","Info: jobLevel 'contents' permission set to 'read': .github/workflows/e2e-with-binary.yml:45","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/github-oidc.yaml:40","Info: jobLevel 'contents' permission set to 'read': .github/workflows/github-oidc.yaml:41","Info: jobLevel 'contents' permission set to 'read': .github/workflows/golangci-lint.yml:31","Info: jobLevel 'contents' permission set to 'read': .github/workflows/golangci-lint.yml:51","Info: jobLevel 'contents' permission set to 'read': .github/workflows/kind-verify-attestation.yaml:45","Info: jobLevel 'actions' permission set to 'read': .github/workflows/scorecard-action.yml:37","Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecard-action.yml:38","Info: jobLevel 'contents' permission set to 'read': .github/workflows/tests.yaml:81","Info: jobLevel 'contents' permission set to 'read': .github/workflows/tests.yaml:178","Info: jobLevel 'contents' permission set to 'read': .github/workflows/tests.yaml:208","Info: jobLevel 'contents' permission set to 'read': .github/workflows/tests.yaml:35","Info: found token with 'none' permissions: .github/workflows/validate-release.yml:1","Info: jobLevel 'contents' permission set to 'read': .github/workflows/verify-docgen.yaml:34","Info: jobLevel 'contents' permission set to 'read': .github/workflows/whitespace.yaml:33","Info: found token with 'none' permissions: .github/workflows/build.yaml:1","Info: found token with 'none' permissions: .github/workflows/codeql-analysis.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/conformance-nightly.yml:23","Info: topLevel 'contents' permission set to 'read': .github/workflows/conformance.yml:26","Warn: no topLevel permission defined: .github/workflows/cut-release.yml:1","Info: found token with 'none' permissions: .github/workflows/depsreview.yml:1","Info: found token with 'none' permissions: .github/workflows/donotsubmit.yaml:1","Warn: no topLevel permission defined: .github/workflows/e2e-tests.yml:1","Info: found token with 'none' permissions: .github/workflows/e2e-with-binary.yml:1","Info: found token with 'none' permissions: .github/workflows/github-oidc.yaml:1","Info: found token with 'none' permissions: .github/workflows/golangci-lint.yml:1","Info: found token with 'none' permissions: .github/workflows/kind-verify-attestation.yaml:1","Info: found token with 'none' permissions: .github/workflows/scorecard-action.yml:1","Warn: no topLevel permission defined: .github/workflows/tests.yaml:1","Warn: no topLevel permission defined: .github/workflows/validate-release.yml:1","Info: found token with 'none' permissions: .github/workflows/verify-docgen.yaml:1","Info: found token with 'none' permissions: .github/workflows/whitespace.yaml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":8,"reason":"dependency not pinned by hash detected -- score normalized to 8","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/conformance-nightly.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/sigstore/cosign/conformance-nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conformance-nightly.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/sigstore/cosign/conformance-nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e-tests.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/sigstore/cosign/e2e-tests.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e-tests.yml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/sigstore/cosign/e2e-tests.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e-tests.yml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/sigstore/cosign/e2e-tests.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/kind-verify-attestation.yaml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/sigstore/cosign/kind-verify-attestation.yaml/main?enable=pin","Warn: goCommand not pinned by hash: test/fuzz/oss_fuzz_build.sh:17","Warn: goCommand not pinned by hash: .github/workflows/tests.yaml:219","Info:  48 out of  49 GitHub-owned GitHubAction dependencies pinned","Info:  21 out of  26 third-party GitHubAction dependencies pinned","Info:   2 out of   4 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":2,"reason":"badge detected: InProgress","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#license"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#branch-protection"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found","Info: GoBuiltInFuzzer integration found: pkg/cosign/attestation/fuzz_test.go:23","Info: GoBuiltInFuzzer integration found: pkg/cosign/cue/fuzz_test.go:22","Info: GoBuiltInFuzzer integration found: pkg/cosign/fuzz_test.go:40","Info: GoBuiltInFuzzer integration found: pkg/cosign/fuzz_test.go:71","Info: GoBuiltInFuzzer integration found: pkg/cosign/rego/fuzz_test.go:22","Info: GoBuiltInFuzzer integration found: pkg/policy/fuzz_test.go:49"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":8,"reason":"5 out of the last 5 releases have a total of 5 signed artifacts.","details":["Info: signed release artifact: cosign-2.5.3-1.aarch64.rpm-keyless.sig: https://github.com/sigstore/cosign/releases/tag/v2.5.3","Info: signed release artifact: cosign-2.5.2-1.aarch64.rpm-keyless.sig: https://github.com/sigstore/cosign/releases/tag/v2.5.2","Info: signed release artifact: cosign-2.5.1-1.aarch64.rpm-keyless.sig: https://github.com/sigstore/cosign/releases/tag/v2.5.1","Info: signed release artifact: cosign-2.5.0-1.aarch64.rpm-keyless.sig: https://github.com/sigstore/cosign/releases/tag/v2.5.0","Info: signed release artifact: cosign-2.4.3-1.aarch64.rpm-keyless.sig: https://github.com/sigstore/cosign/releases/tag/v2.4.3","Warn: release artifact v2.5.3 does not have provenance: https://api.github.com/repos/sigstore/cosign/releases/233309868","Warn: release artifact v2.5.2 does not have provenance: https://api.github.com/repos/sigstore/cosign/releases/225996705","Warn: release artifact v2.5.1 does not have provenance: https://api.github.com/repos/sigstore/cosign/releases/225639103","Warn: release artifact v2.5.0 does not have provenance: https://api.github.com/repos/sigstore/cosign/releases/210877653","Warn: release artifact v2.4.3 does not have provenance: https://api.github.com/repos/sigstore/cosign/releases/201274722"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#signed-releases"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/sigstore/.github/SECURITY.md:1","Info: Found linked content: github.com/sigstore/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/sigstore/.github/SECURITY.md:1","Info: Found text in security policy: github.com/sigstore/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":7,"reason":"3 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0635","Warn: Project is vulnerable to: GO-2022-0646","Warn: Project is vulnerable to: GO-2025-3770"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#vulnerabilities"}},{"name":"CI-Tests","score":-1,"reason":"internal error: internal error: Client.Repositories.ListCheckRunsForRef: error during graphqlHandler.setupCheckRuns: non-200 OK status code: 502 Bad Gateway body: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e502 Bad Gateway\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e502 Bad Gateway\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003enginx\u003c/center\u003e\\r\\n\u003c/body\u003e\\r\\n\u003c/html\u003e\\r\\n\"","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#ci-tests"}},{"name":"SAST","score":-1,"reason":"internal error: internal error: Client.Checks.ListCheckRunsForRef: error during graphqlHandler.setupCheckRuns: non-200 OK status code: 502 Bad Gateway body: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e502 Bad Gateway\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e502 Bad Gateway\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003enginx\u003c/center\u003e\\r\\n\u003c/body\u003e\\r\\n\u003c/html\u003e\\r\\n\"","details":null,"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#sast"}},{"name":"Contributors","score":10,"reason":"project has 75 contributing companies or organizations","details":["Info: found contributions from: Clean-Dependency-Project, FannieMaeOpenSource, GitHubBounty, KernelCafe, Lind-Project, NixOS, PyCQA, SBOM-Community, Trendyol, astropy, bindl-dev, bitbomdev, bom-squad, botless, buildpacks, caarlos0-graveyard, carabiner-dev  @uservers, catppuccin, cdfoundation, chainguard, chainguard-dev, chainguard-images, charm-and-friends, charmbracelet, charmbracelet @goreleaser, cloudevents, cloudnativetr, distroless, dracula, falcosecurity, fluxcd, fosdem-testingautomation, funtenna, gatekeeper, getantibody, github, gittuf, google, googlers, goreleaser, helm, honk-ci, ir8labs, jaegertracing, keylime, knative, ko-build, kubeflow, kubernetes, kubernetes-nightly, kubernetes-sigs, linkedin, microsoft, multi-factor-auth-users, npm, octo-sts, opencontainers, opensbom-generator, openshift, openvex, ossf, pdxcat, prometheus-community, protobom, red hat, redhat-et, sigstore, stacklok, tektoncd, trendyol, unicode-snowman, uservers, wolfi-dev, yahoo, 🚀 red dot rocket"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#contributors"}}]},"last_synced_at":"2025-08-19T15:29:45.010Z","repository_id":37036336,"created_at":"2025-08-19T15:29:45.010Z","updated_at":"2025-08-19T15:29:45.010Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31484168,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-06T17:22:55.647Z","status":"ssl_error","status_checked_at":"2026-04-06T17:22:54.741Z","response_time":112,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T17:00:47.595Z","updated_at":"2026-04-06T23:06:23.035Z","avatar_url":"https://github.com/sigstore.png","language":"Go","readme":"\u003cp align=\"center\"\u003e\n  \u003cimg style=\"max-width: 100%;width: 300px;\" src=\"https://raw.githubusercontent.com/sigstore/community/main/artwork/cosign/horizontal/color/sigstore_cosign-horizontal-color.svg\" alt=\"Cosign logo\"/\u003e\n\u003c/p\u003e\n\n# cosign\n\nSigning OCI containers (and other artifacts) using [Sigstore](https://sigstore.dev/)!\n\n[![Go Report Card](https://goreportcard.com/badge/github.com/sigstore/cosign)](https://goreportcard.com/report/github.com/sigstore/cosign)\n[![e2e-tests](https://github.com/sigstore/cosign/actions/workflows/e2e-tests.yml/badge.svg)](https://github.com/sigstore/cosign/actions/workflows/e2e-tests.yml)\n[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/5715/badge)](https://bestpractices.coreinfrastructure.org/projects/5715)\n[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/sigstore/cosign/badge)](https://securityscorecards.dev/viewer/?uri=github.com/sigstore/cosign)\n\nCosign aims to make signatures **invisible infrastructure**.\n\nCosign supports:\n\n* \"Keyless signing\" with the Sigstore public good Fulcio certificate authority and Rekor transparency log (default)\n* Hardware and KMS signing\n* Signing with a cosign generated encrypted private/public keypair\n* Container Signing, Verification and Storage in an OCI registry.\n* Bring-your-own PKI\n\n## Info\n\n`Cosign` is developed as part of the [`sigstore`](https://sigstore.dev) project.\nWe also use a [slack channel](https://sigstore.slack.com)!\nClick [here](https://join.slack.com/t/sigstore/shared_invite/zt-2ub0ztl5z-PkWb_Ldwef5d6nb~oryaTA) for the invite link.\n\n## Installation\n\nFor Homebrew, Arch, Nix, GitHub Action, and Kubernetes installs see the [installation docs](https://docs.sigstore.dev/cosign/system_config/installation/).\n\nFor Linux and macOS binaries see the [GitHub release assets](https://github.com/sigstore/cosign/releases/latest).\n\n:rotating_light: If you are downloading releases of cosign from our GCS bucket - please see more information on the July 31, 2023 [deprecation notice](https://blog.sigstore.dev/cosign-releases-bucket-deprecation/) :rotating_light:\n\n## Developer Installation\n\nIf you have Go 1.22+, you can setup a development environment:\n\n```shell\n$ git clone https://github.com/sigstore/cosign\n$ cd cosign\n$ go install ./cmd/cosign\n$ $(go env GOPATH)/bin/cosign\n```\n\n## Contributing\n\nIf you are interested in contributing to `cosign`, please read the [contributing documentation](./CONTRIBUTING.md).\n\nFuture Cosign development will be focused the next major release which will be based on\n[sigstore-go](https://github.com/sigstore/sigstore-go). Maintainers will be focused on feature development within\nsigstore-go. Contributions to sigstore-go, particularly around bring-your-own keys and signing, are appreciated.\nPlease see the [issue tracker](https://github.com/sigstore/sigstore-go/issues) for good first issues.\n\nCosign 2.x is a stable release and will continue to receive periodic feature updates and bug fixes. PRs\nthat are small in scope and size are most likely to be quickly reviewed.\n\nPRs which significantly modify or break the API will not be accepted. PRs which are significant in size but do not\nintroduce breaking changes may be accepted, but will be considered lower priority than PRs in sigstore-go.\n\n## Dockerfile\n\nHere is how to install and use cosign inside a Dockerfile through the ghcr.io/sigstore/cosign/cosign image:\n\n```shell\nFROM ghcr.io/sigstore/cosign/cosign:v2.4.1 as cosign-bin\n\n# Source: https://github.com/chainguard-images/static\nFROM cgr.dev/chainguard/static:latest\nCOPY --from=cosign-bin /ko-app/cosign /usr/local/bin/cosign\nENTRYPOINT [ \"cosign\" ]\n```\n\n## Quick Start\n\nThis shows how to:\n* sign a container image with the default identity-based \"keyless signing\" method (see [the documentation for more information](https://docs.sigstore.dev/cosign/signing/overview/))\n* verify the container image\n* explore broader keyless blob signing/verification flows in the [Sigstore Cosign Quickstart](https://docs.sigstore.dev/quickstart/quickstart-cosign/)\n\n### Sign a container and store the signature in the registry\n\nNote that you should always sign images based on their digest (`@sha256:...`)\nrather than a tag (`:latest`) because otherwise you might sign something you\ndidn't intend to!\n\n```shell\n cosign sign $IMAGE\n\nGenerating ephemeral keys...\nRetrieving signed certificate...\n\n\tNote that there may be personally identifiable information associated with this signed artifact.\n\tThis may include the email address associated with the account with which you authenticate.\n\tThis information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later.\n\nBy typing 'y', you attest that you grant (or have permission to grant) and agree to have this information stored permanently in transparency logs.\nAre you sure you would like to continue? [y/N] y\nYour browser will now be opened to:\nhttps://oauth2.sigstore.dev/auth/auth?access_type=online\u0026client_id=sigstore\u0026code_challenge=OrXitVKUZm2lEWHVt1oQWR4HZvn0rSlKhLcltglYxCY\u0026code_challenge_method=S256\u0026nonce=2KvOWeTFxYfxyzHtssvlIXmY6Jk\u0026redirect_uri=http%3A%2F%2Flocalhost%3A57102%2Fauth%2Fcallback\u0026response_type=code\u0026scope=openid+email\u0026state=2KvOWfbQJ1caqScgjwibzK2qJmb\nSuccessfully verified SCT...\ntlog entry created with index: 12086900\nPushing signature to: $IMAGE\n```\n\nCosign will prompt you to authenticate via OIDC, where you'll sign in with your email address.\nUnder the hood, cosign will request a code signing certificate from the Fulcio certificate authority.\nThe subject of the certificate will match the email address you logged in with.\nCosign will then store the signature and certificate in the Rekor transparency log, and upload the signature to the OCI registry alongside the image you're signing.\n\n\n### Verify a container\n\nTo verify the image, you'll need to pass in the expected certificate subject and certificate issuer via the `--certificate-identity` and `--certificate-oidc-issuer` flags:\n\n```\ncosign verify $IMAGE --certificate-identity=$IDENTITY --certificate-oidc-issuer=$OIDC_ISSUER\n```\n\nYou can also pass in a regex for the certificate identity and issuer flags, `--certificate-identity-regexp` and `--certificate-oidc-issuer-regexp`.\n\n### Verify a container against a public key\n\nThis command returns `0` if *at least one* `cosign` formatted signature for the image is found\nmatching the public key.\nSee the detailed usage below for information and caveats on other signature formats.\n\nAny valid payloads are printed to stdout, in json format.\nNote that these signed payloads include the digest of the container image, which is how we can be\nsure these \"detached\" signatures cover the correct image.\n\n```shell\n$ cosign verify --key cosign.pub $IMAGE_URI:1h\nThe following checks were performed on these signatures:\n  - The cosign claims were validated\n  - The signatures were verified against the specified public key\n{\"Critical\":{\"Identity\":{\"docker-reference\":\"\"},\"Image\":{\"Docker-manifest-digest\":\"sha256:87ef60f558bad79beea6425a3b28989f01dd417164150ab3baab98dcbf04def8\"},\"Type\":\"cosign container image signature\"},\"Optional\":null}\n```\n\n### Verify a container in an air-gapped environment\n\n**Note:** This section is out of date.\n\n**Note:** Most verification workflows require periodically requesting service keys from a TUF repository.\nFor airgapped verification of signatures using the public-good instance, you will need to retrieve the\n[trusted root](https://github.com/sigstore/root-signing/blob/main/targets/trusted_root.json) file from the production\nTUF repository. The contents of this file will change without notification. By not using TUF, you will need\nto build your own mechanism to keep your airgapped copy of this file up-to-date.\n\nCosign can do completely offline verification by verifying a [bundle](./specs/SIGNATURE_SPEC.md#properties) which is typically distributed as an annotation on the image manifest.\nAs long as this annotation is present, then offline verification can be done.\nThis bundle annotation is always included by default for keyless signing, so the default `cosign sign` functionality will include all materials needed for offline verification.\n\nTo verify an image in an air-gapped environment, the image and signatures must be available locally on the filesystem.\n\nAn image can be saved locally using `cosign save` (note, this step must be done with a network connection):\n\n```\ncosign initialize # This will pull in the latest TUF root\ncosign save $IMAGE_NAME --dir ./path/to/dir\n```\n\nNow, in an air-gapped environment, this local image can be verified:\n\n```shell\ncosign verify \\\n  --certificate-identity $CERT_IDENTITY \\\n  --certificate-oidc-issuer $CERT_OIDC_ISSUER \\\n  --offline=true \\\n  --new-bundle-format=false \\ # for artifacts signed without the new protobuf bundle format\n  --trusted-root ~/.sigstore/root/tuf-repo-cdn.sigstore.dev/targets/trusted_root.json \\ # default location of trusted root\n  --local-image ./path/to/dir\n```\n\nYou'll need to pass in expected values for `$CERT_IDENTITY` and `$CERT_OIDC_ISSUER` to correctly verify this image.\nIf you signed with a keypair, the same command will work, assuming the public key material is present locally:\n\n```\ncosign verify --key cosign.pub --offline --local-image ./path/to/dir\n```\n\n### Identity-based blob signing and verification\n\nUse keyless blob signing (`cosign sign-blob` without `--key`) and verify against the expected signer identity:\n\n```shell\n$ cosign sign-blob artifact --bundle artifact.sigstore.json --yes\n$ cosign verify-blob artifact \\\n  --bundle artifact.sigstore.json \\\n  --certificate-identity \"https://github.com/ORG/REPO/.github/workflows/release.yml@refs/heads/main\" \\\n  --certificate-oidc-issuer \"https://token.actions.githubusercontent.com\"\n```\n\n### Troubleshooting\n\nIf you encounter issues with Cosign, first make sure you are using a recent release: The Cosign project actively supports the most recent release as well as the last release in the v2 series.\n\n#### Common issues and remedies\n\n1. Verification fails with `failed to verify timestamps: threshold not met for verified log entry integrated timestamps: 0 \u003c 1`: You may be verifying a signature that requires RFC3161 timestamp support\n   * Upgrade to most recent Cosign or\n   * With Cosign 2.6.x, use `--use-signed-timestamps`\n1. Verification fails with `no signatures found`: You may be verifying an image signature that requires support for Rekor v2 transparency log\n   * Upgrade to most recent Cosign\n1. Signing fails with HTTP errors: Signing with Cosign depends on multiple Sigstore services. Retrying on failure may be a useful workaround if any of these services fail -- filing issues for specific failures is also appreciated\n\n#### My problem is something else\n\nPlease open an [issue](https://github.com/sigstore/cosign/issues/new/choose) or ask in the [slack channel](#info).\n\n## Working with Other Artifacts\n\nOCI registries are useful for storing more than just container images!\n`Cosign` also includes some utilities for publishing generic artifacts, including binaries, scripts, and configuration files using the OCI protocol.\n\nThis section shows how to leverage these for an easy-to-use, backwards-compatible artifact distribution system that integrates well with the rest of Sigstore.\n\nSee [the documentation](https://docs.sigstore.dev/cosign/signing/other_types/) for more information.\n\n### Blobs\n\nYou can publish an artifact with `cosign upload blob`:\n\n```shell\n$ echo \"my first artifact\" \u003e artifact\n$ BLOB_SUM=$(shasum -a 256 artifact | cut -d' ' -f 1) \u0026\u0026 echo \"$BLOB_SUM\"\nc69d72c98b55258f9026f984e4656f0e9fd3ef024ea3fac1d7e5c7e6249f1626\n$ BLOB_NAME=my-artifact-$(uuidgen | head -c 8 | tr 'A-Z' 'a-z')\n$ BLOB_URI=ttl.sh/$BLOB_NAME:1h\n\n$ BLOB_URI_DIGEST=$(cosign upload blob -f artifact $BLOB_URI) \u0026\u0026 echo \"$BLOB_URI_DIGEST\"\nUploading file from [artifact] to [ttl.sh/my-artifact-f42c22e0:5m] with media type [text/plain]\nFile [artifact] is available directly at [ttl.sh/v2/my-artifact-f42c22e0/blobs/sha256:c69d72c98b55258f9026f984e4656f0e9fd3ef024ea3fac1d7e5c7e6249f1626]\nUploaded image to:\nttl.sh/my-artifact-f42c22e0@sha256:790d47850411e902aabebc3a684eeb78fcae853d4dd6e1cc554d70db7f05f99f\n```\n\nYour users can download it from the \"direct\" url with standard tools like curl or wget:\n\n```shell\n$ curl -L ttl.sh/v2/$BLOB_NAME/blobs/sha256:$BLOB_SUM \u003e artifact-fetched\n```\n\nThe digest is baked right into the URL, so they can check that as well:\n\n```shell\n$ cat artifact-fetched | shasum -a 256\nc69d72c98b55258f9026f984e4656f0e9fd3ef024ea3fac1d7e5c7e6249f1626  -\n```\n\nYou can sign it with the normal `cosign sign` command and flags:\n\n```shell\n$ cosign sign --key cosign.key $BLOB_URI_DIGEST\nEnter password for private key:\nPushing signature to: ttl.sh/my-artifact-f42c22e0\n```\n\nAs usual, make sure to reference any images you sign by their digest to make sure you don't sign the wrong thing!\n\n#### Tekton Bundles\n\n[Tekton](https://tekton.dev) bundles can be uploaded and managed within an OCI registry.\nThe specification is [here](https://tekton.dev/docs/pipelines/tekton-bundle-contracts/).\nThis means they can also be signed and verified with `cosign`.\n\nTekton Bundles can currently be uploaded with the [tkn cli](https://github.com/tektoncd/cli), but we may add this support to\n`cosign` in the future.\n\n```shell\n$ tkn bundle push us.gcr.io/dlorenc-vmtest2/pipeline:latest -f task-output-image.yaml\nCreating Tekton Bundle:\n        - Added TaskRun:  to image\n\nPushed Tekton Bundle to us.gcr.io/dlorenc-vmtest2/pipeline@sha256:124e1fdee94fe5c5f902bc94da2d6e2fea243934c74e76c2368acdc8d3ac7155\n$ cosign sign --key cosign.key us.gcr.io/dlorenc-vmtest2/pipeline@sha256:124e1fdee94fe5c5f902bc94da2d6e2fea243934c74e76c2368acdc8d3ac7155\nEnter password for private key:\ntlog entry created with index: 5086\nPushing signature to: us.gcr.io/dlorenc-vmtest2/demo:sha256-124e1fdee94fe5c5f902bc94da2d6e2fea243934c74e76c2368acdc8d3ac7155.sig\n```\n\n#### WASM\n\nWeb Assembly Modules can also be stored in an OCI registry, using this [specification](https://github.com/solo-io/wasm/tree/master/spec).\n\nCosign can upload these using the `cosign wasm upload` command:\n\n```shell\n$ cosign upload wasm -f hello.wasm us.gcr.io/dlorenc-vmtest2/wasm\n$ cosign sign --key cosign.key us.gcr.io/dlorenc-vmtest2/wasm@sha256:9e7a511fb3130ee4641baf1adc0400bed674d4afc3f1b81bb581c3c8f613f812\nEnter password for private key:\ntlog entry created with index: 5198\nPushing signature to: us.gcr.io/dlorenc-vmtest2/wasm:sha256-9e7a511fb3130ee4641baf1adc0400bed674d4afc3f1b81bb581c3c8f613f812.sig\n```\n#### eBPF\n\n[eBPF](https://ebpf.io) modules can also be stored in an OCI registry, using this [specification](https://github.com/solo-io/bumblebee/tree/main/spec).\n\nThe image below was built using the `bee` tool. More information can be found [here](https://github.com/solo-io/bumblebee/)\n\nCosign can then sign these images as they can any other OCI image.\n\n```shell\n$ bee build ./examples/tcpconnect/tcpconnect.c localhost:5000/tcpconnect:test\n$ bee push localhost:5000/tcpconnect:test\n$ cosign sign  --key cosign.key localhost:5000/tcpconnect@sha256:7a91c50d922925f152fec96ed1d84b7bc6b2079c169d68826f6cf307f22d40e6\nEnter password for private key:\nPushing signature to: localhost:5000/tcpconnect\n$ cosign verify --key cosign.pub localhost:5000/tcpconnect:test\n\nVerification for localhost:5000/tcpconnect:test --\nThe following checks were performed on each of these signatures:\n  - The cosign claims were validated\n  - The signatures were verified against the specified public key\n\n[{\"critical\":{\"identity\":{\"docker-reference\":\"localhost:5000/tcpconnect\"},\"image\":{\"docker-manifest-digest\":\"sha256:7a91c50d922925f152fec96ed1d84b7bc6b2079c169d68826f6cf307f22d40e6\"},\"type\":\"cosign container image signature\"},\"optional\":null}]\n\n```\n\n#### In-Toto Attestations\n\nCosign also has built-in support for [in-toto](https://in-toto.io) attestations.\nThe specification for these is defined [here](https://github.com/in-toto/attestation).\n\nYou can create and sign one from a local predicate file using the following commands:\n\n```shell\n$ cosign attest --predicate \u003cfile\u003e --key cosign.key $IMAGE_URI_DIGEST\n```\n\nAll of the standard key management systems are supported.\nPayloads are signed using the DSSE signing spec, defined [here](https://github.com/secure-systems-lab/dsse).\n\nTo verify:\n\n```shell\n$ cosign verify-attestation --key cosign.pub $IMAGE_URI\n```\n\n## Detailed Usage\n\nSee the [Usage documentation](https://docs.sigstore.dev/cosign/signing/overview/) for more information.\n\n## Hardware-based Tokens\n\nSee the [Hardware Tokens documentation](https://docs.sigstore.dev/cosign/key_management/hardware-based-tokens/) for information on how to use `cosign` with hardware.\n\n## Registry Support\n\n`cosign` uses [go-containerregistry](https://github.com/google/go-containerregistry) for registry\ninteractions, which has generally excellent compatibility, but some registries may have quirks.\n\nToday, `cosign` has been tested and works against the following registries:\n\n* AWS Elastic Container Registry\n* GCP's Artifact Registry and Container Registry\n* Docker Hub\n* Azure Container Registry\n* JFrog Artifactory Container Registry\n* The CNCF distribution/distribution Registry\n* GitLab Container Registry\n* GitHub Container Registry\n* The CNCF Harbor Registry\n* Digital Ocean Container Registry\n* Sonatype Nexus Container Registry\n* Alibaba Cloud Container Registry\n* Red Hat Quay Container Registry 3.6+ / Red Hat quay.io\n* Elastic Container Registry\n* IBM Cloud Container Registry\n* Cloudsmith Container Registry\n* The CNCF zot Registry\n* OVHcloud Managed Private Registry\n\nWe aim for wide registry support. To `sign` images in registries which do not yet fully support [OCI media types](https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md), one may need to use `COSIGN_DOCKER_MEDIA_TYPES` to fall back to legacy equivalents. For example:\n\n```shell\nCOSIGN_DOCKER_MEDIA_TYPES=1 cosign sign --key cosign.key legacy-registry.example.com/my/image@$DIGEST\n```\n\nPlease help test and file bugs if you see issues!\nInstructions can be found in the [tracking issue](https://github.com/sigstore/cosign/issues/40).\n\n## Caveats\n\n### Intentionally Missing Features\n\n`cosign` only generates ECDSA-P256 keys and uses SHA256 hashes, for both ephemeral keyless signing and managed key signing.\nKeys are stored in PEM-encoded PKCS8 format.\nHowever, you can use `cosign` to store and retrieve signatures in any format, from any algorithm.\n\n### Things That Should Probably Change\n\n#### Payload Formats\n\n`cosign` only supports Red Hat's [simple signing](https://www.redhat.com/en/blog/container-image-signing)\nformat for payloads.\nThat looks like:\n\n```json\n{\n    \"critical\": {\n           \"identity\": {\n               \"docker-reference\": \"testing/manifest\"\n           },\n           \"image\": {\n               \"Docker-manifest-digest\": \"sha256:20be...fe55\"\n           },\n           \"type\": \"cosign container image signature\"\n    },\n    \"optional\": {\n           \"creator\": \"Bob the Builder\",\n           \"timestamp\": 1458239713\n    }\n}\n```\n\n**Note:** This can be generated for an image reference using `cosign generate $IMAGE_URI_DIGEST`.\n\nI'm happy to switch this format to something else if it makes sense.\nSee https://github.com/notaryproject/nv2/issues/40 for one option.\n\n#### Registry Details\n\n`cosign` signatures are stored as separate objects in the OCI registry, with only a weak\nreference back to the object they \"sign\".\nThis means this relationship is opaque to the registry, and signatures *will not* be deleted\nor garbage-collected when the image is deleted.\nSimilarly, they **can** easily be copied from one environment to another, but this is not\nautomatic.\n\nMultiple signatures are stored in a list which is unfortunately a race condition today.\nTo add a signature, clients orchestrate a \"read-append-write\" operation, so the last write\nwill win in the case of contention.\n\n##### Specifying Registry\n\n`cosign` will default to storing signatures in the same repo as the image it is signing.\nTo specify a different repo for signatures, you can set the `COSIGN_REPOSITORY` environment variable.\n\nThis will replace the repo in the provided image like this:\n\n```shell\n$ export COSIGN_REPOSITORY=gcr.io/my-new-repo\n$ cosign sign --key cosign.key $IMAGE_URI_DIGEST\n```\n\nSo the signature for `gcr.io/dlorenc-vmtest2/demo` will be stored in `gcr.io/my-new-repo/demo:sha256-DIGEST.sig`.\n\nNote: different registries might expect different formats for the \"repository.\"\n\n* To use [GCR](https://cloud.google.com/container-registry), a registry name\n  like `gcr.io/$REPO` is sufficient, as in the example above.\n* To use [Artifact Registry](https://cloud.google.com/artifact-registry),\n  specify a full image name like\n  `$LOCATION-docker.pkg.dev/$PROJECT/$REPO/$STORAGE_IMAGE`, not just a\n  repository. For example,\n\n  ```shell\n  $ export COSIGN_REPOSITORY=us-docker.pkg.dev/my-new-repo/demo\n  $ cosign sign --key cosign.key $IMAGE_URI_DIGEST\n  ```\n\n  where the `sha256-DIGEST` will match the digest for\n  `gcr.io/dlorenc-vmtest2/demo`. Specifying just a repo like\n  `$LOCATION-docker.pkg.dev/$PROJECT/$REPO` will not work in Artifact Registry.\n\n\n## Signature Specification\n\n`cosign` is inspired by tools like [minisign](https://jedisct1.github.io/minisign/) and\n[signify](https://www.openbsd.org/papers/bsdcan-signify.html).\n\nGenerated private keys are stored in PEM format.\nThe keys encrypted under a password using scrypt as a KDF and nacl/secretbox for encryption.\n\nThey have a PEM header of `ENCRYPTED SIGSTORE PRIVATE KEY`:\n\n```shell\n-----BEGIN ENCRYPTED SIGSTORE PRIVATE KEY-----\n...\n-----END ENCRYPTED SIGSTORE PRIVATE KEY-----\n```\n\nPublic keys are stored on disk in PEM-encoded standard PKIX format with a header of `PUBLIC KEY`.\n```\n-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELigCnlLNKgOglRTx1D7JhI7eRw99\nQolE9Jo4QUxnbMy5nUuBL+UZF9qqfm/Dg1BNeHRThHzWh2ki9vAEgWEDOw==\n-----END PUBLIC KEY-----\n```\n\n## Storage Specification\n\n`cosign` stores signatures in an OCI registry, and uses a naming convention (tag based\non the sha256 of what we're signing) for locating the signature index.\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"/images/signatures.dot.svg\" /\u003e\n\u003c/p\u003e\n\n`reg.example.com/ubuntu@sha256:703218c0465075f4425e58fac086e09e1de5c340b12976ab9eb8ad26615c3715` has signatures located at `reg.example.com/ubuntu:sha256-703218c0465075f4425e58fac086e09e1de5c340b12976ab9eb8ad26615c3715.sig`\n\nRoughly (ignoring ports in the hostname): `s/:/-/g` and `s/@/:/g` to find the signature index.\n\nSee [Race conditions](#registry-details) for some caveats around this strategy.\n\nAlternative implementations could use transparency logs, local filesystem, a separate repository\nregistry, an explicit reference to a signature index, a new registry API, grafeas, etc.\n\n### Signing subjects\n\n`cosign` only works for artifacts stored as \"manifests\" in the registry today.\nThe proposed mechanism is flexible enough to support signing arbitrary things.\n\n### KMS Support\n\n`cosign` supports using a KMS provider to generate and sign keys.\nRight now cosign supports Hashicorp Vault, AWS KMS, GCP KMS, Azure Key Vault and we are hoping to support more in the future!\n\nSee the [KMS docs](https://docs.sigstore.dev/cosign/key_management/overview/) for more details.\n\n### OCI Artifacts\n\nPush an artifact to a registry using [oras](https://github.com/deislabs/oras) (in this case, `cosign` itself!):\n\n```shell\n$ oras push us-central1-docker.pkg.dev/dlorenc-vmtest2/test/artifact ./cosign\nUploading f53604826795 cosign\nPushed us-central1-docker.pkg.dev/dlorenc-vmtest2/test/artifact\nDigest: sha256:551e6cce7ed2e5c914998f931b277bc879e675b74843e6f29bc17f3b5f692bef\n```\n\nNow sign it! Using `cosign` of course:\n\n```shell\n$ cosign sign --key cosign.key us-central1-docker.pkg.dev/dlorenc-vmtest2/test/artifact@sha256:551e6cce7ed2e5c914998f931b277bc879e675b74843e6f29bc17f3b5f692bef\nEnter password for private key:\nPushing signature to: us-central1-docker.pkg.dev/dlorenc-vmtest2/test/artifact:sha256-551e6cce7ed2e5c914998f931b277bc879e675b74843e6f29bc17f3b5f692bef.sig\n```\n\nFinally, verify `cosign` with `cosign` again:\n\n```shell\n$ cosign verify --key cosign.pub  us-central1-docker.pkg.dev/dlorenc-vmtest2/test/artifact@sha256:551e6cce7ed2e5c914998f931b277bc879e675b74843e6f29bc17f3b5f692bef\nThe following checks were performed on each of these signatures:\n  - The cosign claims were validated\n  - The claims were present in the transparency log\n  - The signatures were integrated into the transparency log when the certificate was valid\n  - The signatures were verified against the specified public key\n  - The code-signing certificate was verified using trusted certificate authority certificates\n\n{\"Critical\":{\"Identity\":{\"docker-reference\":\"\"},\"Image\":{\"Docker-manifest-digest\":\"sha256:551e6cce7ed2e5c914998f931b277bc879e675b74843e6f29bc17f3b5f692bef\"},\"Type\":\"cosign container image signature\"},\"Optional\":null}\n```\n\n## FAQ\n\n### Why not use Notary v2\n\nIt's hard to answer this briefly.\nThis post contains some comparisons:\n\n[Notary V2 and Cosign](https://medium.com/@dlorenc/notary-v2-and-cosign-b816658f044d)\n\nIf you find other comparison posts, please send a PR here and we'll link them all.\n\n### Why not use containers/image signing\n\n`containers/image` signing is close to `cosign`, and we reuse payload formats.\n`cosign` differs in that it signs with ECDSA-P256 keys instead of PGP, and stores\nsignatures in the registry.\n\n### Why not use TUF?\n\nI believe this tool is complementary to TUF, and they can be used together.\nI haven't tried yet, but think we can also reuse a registry for TUF storage.\n\n## Design Requirements\n\n* No external services for signature storage, querying, or retrieval\n* We aim for as much registry support as possible\n* Everything should work over the registry API\n* PGP should not be required at all.\n* Users must be able to find all signatures for an image\n* Signers can sign an image after push\n* Multiple entities can sign an image\n* Signing an image does not mutate the image\n* Pure-go implementation\n\n## Future Ideas\n\n### Registry API Changes\n\nThe naming convention and read-modify-write update patterns we use to store things in\na registry are a bit, well, \"hacky\".\nI think they're the best (only) real option available today, but if the registry API\nchanges we can improve these.\n\n### Other Types\n\n`cosign` can sign anything in a registry.\nThese examples show signing a single image, but you could also sign a multi-platform `Index`,\nor any other type of artifact.\nThis includes Helm Charts, Tekton Pipelines, and anything else currently using OCI registries\nfor distribution.\n\nThis also means new artifact types can be uploaded to a registry and signed.\nOne interesting type to store and sign would be TUF repositories.\nI haven't tried yet, but I'm fairly certain TUF could be implemented on top of this.\n\n### Tag Signing\n\n`cosign` signatures protect the digests of objects stored in a registry.\nThe optional `annotations` support (via the `-a` flag to `cosign sign`) can be used to add extra\ndata to the payload that is signed and protected by the signature.\nOne use-case for this might be to sign a tag-\u003edigest mapping.\n\nIf you would like to attest that a specific tag (or set of tags) should point at a digest, you can\nrun something like:\n\n```shell\n$ docker push $IMAGE_URI\nThe push refers to repository [dlorenc/demo]\n994393dc58e7: Pushed\n5m: digest: sha256:1304f174557314a7ed9eddb4eab12fed12cb0cd9809e4c28f29af86979a3c870 size: 528\n$ TAG=sign-me\n$ cosign sign --key cosign.key -a tag=$TAG $IMAGE_URI_DIGEST\nEnter password for private key:\nPushing signature to: dlorenc/demo:1304f174557314a7ed9eddb4eab12fed12cb0cd9809e4c28f29af86979a3c870.sig\n```\n\nThen you can verify that the tag-\u003edigest mapping is also covered in the signature, using the `-a` flag to `cosign verify`.\nThis example verifies that the digest `$TAG` which points to (`sha256:1304f174557314a7ed9eddb4eab12fed12cb0cd9809e4c28f29af86979a3c870`)\nhas been signed, **and also** that the `tag` annotation has the value `sign-me`:\n\n```shell\n$ cosign verify --key cosign.pub -a tag=$TAG $IMAGE_URI | jq .\n{\n  \"Critical\": {\n    \"Identity\": {\n      \"docker-reference\": \"\"\n    },\n    \"Image\": {\n      \"Docker-manifest-digest\": \"97fc222cee7991b5b061d4d4afdb5f3428fcb0c9054e1690313786befa1e4e36\"\n    },\n    \"Type\": \"cosign container image signature\"\n  },\n  \"Optional\": {\n    \"tag\": \"sign-me\"\n  }\n}\n```\n\nTimestamps could also be added here, to implement TUF-style freeze-attack prevention.\n\n### Base Image/Layer Signing\n\nAgain, `cosign` can sign anything in a registry.\nYou could use `cosign` to sign an image that is intended to be used as a base image,\nand include that provenance metadata in resulting derived images.\nThis could be used to enforce that an image was built from an authorized base image.\n\nRough Idea:\n* OCI manifests have an ordered list of `layer` `Descriptors`, which can contain annotations.\n  See [here](https://github.com/opencontainers/image-spec/blob/master/manifest.md) for the\n  specification.\n* A base image is an ordered list of layers to which other layers are appended, as well as an\n  initial configuration object that is mutated.\n  * A derived image is free to completely delete/destroy/recreate the config from its base image,\n    so signing the config would provided limited value.\n* We can sign the full set of ordered base layers, and attach that signature as an annotation to\n  the **last** layer in the resulting child image.\n\nThis example manifest manifest represents an image that has been built from a base image with two\nlayers.\nOne additional layer is added, forming the final image.\n\n```json\n{\n  \"schemaVersion\": 2,\n  \"config\": {\n    \"mediaType\": \"application/vnd.oci.image.config.v1+json\",\n    \"size\": 7023,\n    \"digest\": \"sha256:b5b2b2c507a0944348e0303114d8d93aaaa081732b86451d9bce1f432a537bc7\"\n  },\n  \"layers\": [\n    {\n      \"mediaType\": \"application/vnd.oci.image.layer.v1.tar+gzip\",\n      \"size\": 32654,\n      \"digest\": \"sha256:9834876dcfb05cb167a5c24953eba58c4ac89b1adf57f28f2f9d09af107ee8f0\"\n    },\n    {\n      \"mediaType\": \"application/vnd.oci.image.layer.v1.tar+gzip\",\n      \"size\": 16724,\n      \"digest\": \"sha256:3c3a4604a545cdc127456d94e421cd355bca5b528f4a9c1905b15da2eb4a4c6b\",\n      \"annotations\": {\n        \"dev.cosign.signature.baseimage\": \"Ejy6ipGJjUzMDoQFePWixqPBYF0iSnIvpMWps3mlcYNSEcRRZelL7GzimKXaMjxfhy5bshNGvDT5QoUJ0tqUAg==\"\n      }\n    },\n    {\n      \"mediaType\": \"application/vnd.oci.image.layer.v1.tar+gzip\",\n      \"size\": 73109,\n      \"digest\": \"sha256:ec4b8955958665577945c89419d1af06b5f7636b4ac3da7f12184802ad867736\"\n    }\n  ],\n}\n```\n\nNote that this could be applied recursively, for multiple intermediate base images.\n\n### Counter-Signing\n\nCosign signatures (and their protected payloads) are stored as artifacts in a registry.\nThese signature objects can also be signed, resulting in a new, \"counter-signature\" artifact.\nThis \"counter-signature\" protects the signature (or set of signatures) **and** the referenced artifact, which allows\nit to act as an attestation to the **signature(s) themselves**.\n\nBefore we sign the signature artifact, we first give it a memorable name so we can find it later.\n\n```shell\n$ cosign sign --key cosign.key -a sig=original $IMAGE_URI_DIGEST\nEnter password for private key:\nPushing signature to: dlorenc/demo:sha256-97fc222cee7991b5b061d4d4afdb5f3428fcb0c9054e1690313786befa1e4e36.sig\n$ cosign verify --key cosign.pub dlorenc/demo | jq .\n{\n  \"Critical\": {\n    \"Identity\": {\n      \"docker-reference\": \"\"\n    },\n    \"Image\": {\n      \"Docker-manifest-digest\": \"97fc222cee7991b5b061d4d4afdb5f3428fcb0c9054e1690313786befa1e4e36\"\n    },\n    \"Type\": \"cosign container image signature\"\n  },\n  \"Optional\": {\n    \"sig\": \"original\"\n  }\n}\n```\n\n\u003c!-- TODO: https://github.com/sigstore/cosign/issues/2333 --\u003e\n\nNow give that signature a memorable name, then sign that:\n\n```shell\n$ crane tag $(cosign triangulate $IMAGE_URI) mysignature\n2021/02/15 20:22:55 dlorenc/demo:mysignature: digest: sha256:71f70e5d29bde87f988740665257c35b1c6f52dafa20fab4ba16b3b1f4c6ba0e size: 556\n$ cosign sign --key cosign.key -a sig=counter dlorenc/demo:mysignature\nEnter password for private key:\nPushing signature to: dlorenc/demo:sha256-71f70e5d29bde87f988740665257c35b1c6f52dafa20fab4ba16b3b1f4c6ba0e.sig\n$ cosign verify --key cosign.pub dlorenc/demo:mysignature\n{\"Critical\":{\"Identity\":{\"docker-reference\":\"\"},\"Image\":{\"Docker-manifest-digest\":\"71f70e5d29bde87f988740665257c35b1c6f52dafa20fab4ba16b3b1f4c6ba0e\"},\"Type\":\"cosign container image signature\"},\"Optional\":{\"sig\":\"counter\"}}\n```\n\nFinally, check the original signature:\n\n```shell\n$ crane manifest dlorenc/demo@sha256:71f70e5d29bde87f988740665257c35b1c6f52dafa20fab4ba16b3b1f4c6ba0e\n{\n  \"schemaVersion\": 2,\n  \"config\": {\n    \"mediaType\": \"application/vnd.oci.image.config.v1+json\",\n    \"size\": 233,\n    \"digest\": \"sha256:3b25a088710d03f39be26629d22eb68cd277a01673b9cb461c4c24fbf8c81c89\"\n  },\n  \"layers\": [\n    {\n      \"mediaType\": \"application/vnd.oci.descriptor.v1+json\",\n      \"size\": 217,\n      \"digest\": \"sha256:0e79a356609f038089088ec46fd95f4649d04de989487220b1a0adbcc63fadae\",\n      \"annotations\": {\n        \"dev.sigstore.cosign/signature\": \"5uNZKEP9rm8zxAL0VVX7McMmyArzLqtxMTNPjPO2ns+5GJpBeXg+i9ILU+WjmGAKBCqiexTxzLC1/nkOzD4cDA==\"\n      }\n    }\n  ]\n}\n```\n\n## Release Cadence\n\nWe cut releases as needed. Patch releases are cut to fix small bugs. Minor releases are\ncut periodically when there are multiple bugs fixed or features added. Major releases\nwill be released when there are breaking features.\n\n## Security\n\nShould you discover any security issues, please refer to sigstore's [security\nprocess](https://github.com/sigstore/.github/blob/main/SECURITY.md)\n\n## Bundle files in GitHub Release Assets\n\nThe GitHub release assets for `cosign` contain Sigstore bundle files produced by [GoReleaser](https://github.com/sigstore/cosign/blob/ac999344eb381ae91455b0a9c5c267e747608d76/.goreleaser.yml#L166) while signing the cosign blob that is used to verify the integrity of the release binaries. This file is not used by cosign itself, but is provided for users who wish to [verify the integrity of the release binaries](https://docs.sigstore.dev/cosign/system_config/installation/#verifying-cosign-with-artifact-key).\n","funding_links":[],"categories":["Zero Trust","开源类库","Go","零信任","Containers","others","Software Tools","Signing Artefacts","Artifact signing and attestation","🔐 Supply Chain \u0026 Runtime Security","ArgoCon","蓝队工具","Security \u0026 Compliance","Image scanning / Registry","Real-world Examples","Libraries for creating HTTP middlewares","Artifact Signing \u0026 Verification"],"sub_categories":["Routers","容器技术","路由器","Firmware Supply Chain and SBOM","Threat modelling","Image Distribution \u0026 Caching","供应链安全","Utility/Miscellaneous","Tutorials"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsigstore%2Fcosign","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsigstore%2Fcosign","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsigstore%2Fcosign/lists"}