cosign
https://github.com/sigstore/cosign
Go
Container Signing
Triage Issues!
When you volunteer to triage issues, you'll receive an email each day with a link to an open issue that needs help in this project. You'll also receive instructions on how to triage issues.
Triage Docs!
Receive a documented method or class from your favorite GitHub repos in your inbox every day. If you're really pro, receive undocumented methods or classes and supercharge your commit history.
Go not yet supported2 Subscribers
Add a CodeTriage badge to cosign
Help out
- Issues
- fix(deps): CVE-2026-2303 / CVE-2026-2303 go.mongodb.org/mongo-driver
- Make sure cosign release signing takes rekor v2 change into account
- fix(verify): Attach provided certificate and chain to loaded signature
- feat: add command update-key-pair (solves #3168)
- Reconsider the use of the annotation "kind": "dev.cosignproject.cosign/image" as gatekeeper for verify
- VerifyImageAttestations has no OCI 1.1 referrer discovery path
- cosign sign fails permanently with createLogEntryConflict if initial OCI push fails
- Add cosign-specific user-agent to all HTTP requests
- Deprecation notices to get ready for cosign v4
- Manifest's `.config.mediaType` being prefered as "artifact type" in OCI-layout `index.json` over `.artifactType`
- Docs
- Go not yet supported