How to sign container images with Cosign
Sign and verify container images with Cosign keyless signing, bound to your CI identity via OIDC, and attach SBOM attestations to secure the supply chain.
What and why
Unsigned container images can be tampered with or impersonated. Cosign, part of the Sigstore project, signs and verifies images so consumers can prove an image came from your pipeline. Keyless signing uses short-lived certificates tied to your CI identity, removing the need to manage private keys. This tutorial signs and verifies an image.
Prerequisites
- A container image published to a registry.
- A CI pipeline that can request an OIDC identity token.
- Cosign installed (locally for verification).
Steps
1. Install Cosign
Install the CLI and confirm:
cosign version
2. Understand keyless signing
Keyless signing requests a short-lived certificate from Sigstore's Fulcio CA bound to your CI's OIDC identity, then records the signature in the Rekor transparency log. There is no long-lived key to leak.
3. Sign an image in CI
permissions:
id-token: write
packages: write
steps:
- run: cosign sign --yes ghcr.io/acme/web@${{ steps.build.outputs.digest }}
Sign by digest, never by a mutable tag, so the signature pins exact content.
4. Verify the signature
cosign verify \
--certificate-identity-regexp '^https://github.com/acme/' \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
ghcr.io/acme/web@sha256:abc123...
Verification checks the signature came from the expected identity and issuer.
5. Attach an SBOM attestation
cosign attest --yes --predicate sbom.json --type cyclonedx \
ghcr.io/acme/web@sha256:abc123...
An attestation binds metadata, such as an SBOM, to the image under the same signing guarantees.
Verification
Run cosign verify against the signed digest with the correct identity; it should succeed. Try a wrong identity regex and confirm it fails. Inspect the Rekor entry to see the transparency record.
Next Steps
Enforce signature verification at deploy time with an admission policy so unsigned images are rejected. Sign provenance attestations too. Pin the issuer and identity tightly to prevent spoofing.
Prerequisites
- A published container image
- A CI pipeline with OIDC
- Cosign installed
Steps
- 1Install Cosign
- 2Understand keyless signing
- 3Sign an image in CI
- 4Verify the signature
- 5Attach an SBOM attestation
- 6Enforce verification at deploy