[TOOL_PROFILE]
cosign
Container image and artifact signing CLI from Sigstore.
security lang: all
[USE_WHEN]ALLOW
- ✓ Sign or verify container images and artifacts
[AVOID_WHEN]BLOCK
- ✕ Signing identity, keyless flow, or registry target is unclear
[GUARDRAILS]MANDATORY
- ⚠ Verify identity, registry, and artifact digest before signing.
[DETAILS]RAW_META
- Binary
- cosign
- Effects
- network_access, requires_auth, remote_write, secret_exposure
- Documentation
- https://docs.sigstore.dev/cosign/
[SIMILAR_TOOLS]03