cosign

Cosign is Sigstore's CLI for signing, verifying, and attaching provenance data to container images, blobs, and other OCI-addressed artifacts. It is a supply-chain integrity tool: publish signatures or attestations, then verify them against keys, certificates, identities, transparency logs, and trusted roots.

• Sign container images or blobs with keyless OIDC, local keys, hardware tokens, or cloud KMS, and attach the resulting signatures or bundles to OCI registries.
• Verify image signatures, blob signatures, and attestations against expected keys, certificate identities, OIDC issuers, transparency logs, or offline trusted-root bundles.
• Inspect and retrieve supply-chain metadata around an image, including signatures, attestations, SBOM attachments, and other related OCI artifacts.

• Important read paths are machine-friendly: verify and verify-attestation default to JSON output, and version --json is explicitly supported.
• The subcommands map well to inspect and verify loops in CI or agent workflows because signing, verification, download, and tree inspection are direct shell commands with stdout-first conventions.
• Automation is strongest when auth and trust inputs are already wired up; default keyless signing can still prompt for consent or browser-based OIDC login, and safe verification depends on passing explicit identity, issuer, key, or trusted-root expectations.

• Default keyless signing can open an interactive OIDC flow unless you provide non-interactive credentials such as --identity-token and suppress confirmation prompts.
• Verification is security-sensitive rather than plug-and-play: pin image digests and expected signer identity or key material instead of treating a bare success as sufficient.