← [BACK_TO_DIRECTORY]
[TOOL_PROFILE]

cosign

high risk

Container image and artifact signing CLI from Sigstore.

security lang: all
[USE_WHEN]ALLOW
  • Sign or verify container images and artifacts
[AVOID_WHEN]BLOCK
  • Signing identity, keyless flow, or registry target is unclear
[GUARDRAILS]MANDATORY
[DETAILS]RAW_META
Binary
cosign
Effects
network_access, requires_auth, remote_write, secret_exposure
[SIMILAR_TOOLS]03