Cosign is the command-line client of the Sigstore project for signing, verifying, and storing container images, OCI artifacts, blobs, and in-toto attestations. Cosign supports keyless signing via OIDC identity providers, short-lived certificates from Fulcio, and transparency log recording in Rekor.
URL: Visit APIs.json URL
- Type: Index
- Position: Provider
- Access: Public
- x-type: opensource
- Apache 2.0, Attestations, CLI, Code Signing, Containers, Fulcio, Go, Keyless, OCI, OIDC, Open Source, Rekor, Sigstore, Supply Chain, Transparency Log, Verification
- Created: 2026-03-26
- Modified: 2026-04-28
Command-line tool for signing, verifying, and storing container images and OCI artifacts. Supports keyless signing, hardware keys, KMS providers, attestations, and transparency log inclusion.
Public Sigstore transparency log REST API that cosign writes to and reads from when recording and verifying signing events.
Public Sigstore code-signing certificate authority that issues short-lived X.509 certificates bound to OIDC identities for keyless signing.
FN: Kin Lane Email: [email protected]