Container signing, verification and storage in an OCI registry. Cosign aims to make signatures invisible infrastructure.

Cosign supports:

Hardware and KMS signing
Bring-your-own PKI
Our free OIDC PKI (Fulcio
Built-in binary transparency and timestamping service (Rekor)

Cosign is being developed as part of the sigstore project. Join us on our Slack channel (need an invite?)

Edit this page on GitHub Updated at Sat, Nov 27, 2021