Skip to main content

How to sign container images with Cosign

Sign and verify container images with Cosign keyless signing, bound to your CI identity via OIDC, and attach SBOM attestations to secure the supply chain.

Difficulty
Advanced
Duration
45 minutes
Steps
6

What and why

Unsigned container images can be tampered with or impersonated. Cosign, part of the Sigstore project, signs and verifies images so consumers can prove an image came from your pipeline. Keyless signing uses short-lived certificates tied to your CI identity, removing the need to manage private keys. This tutorial signs and verifies an image.

Prerequisites

  • A container image published to a registry.
  • A CI pipeline that can request an OIDC identity token.
  • Cosign installed (locally for verification).

Steps

1. Install Cosign

Install the CLI and confirm:

cosign version

2. Understand keyless signing

Keyless signing requests a short-lived certificate from Sigstore's Fulcio CA bound to your CI's OIDC identity, then records the signature in the Rekor transparency log. There is no long-lived key to leak.

3. Sign an image in CI

    permissions:
      id-token: write
      packages: write
    steps:
      - run: cosign sign --yes ghcr.io/acme/web@${{ steps.build.outputs.digest }}

Sign by digest, never by a mutable tag, so the signature pins exact content.

4. Verify the signature

cosign verify \
  --certificate-identity-regexp '^https://github.com/acme/' \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  ghcr.io/acme/web@sha256:abc123...

Verification checks the signature came from the expected identity and issuer.

5. Attach an SBOM attestation

cosign attest --yes --predicate sbom.json --type cyclonedx \
  ghcr.io/acme/web@sha256:abc123...

An attestation binds metadata, such as an SBOM, to the image under the same signing guarantees.

Verification

Run cosign verify against the signed digest with the correct identity; it should succeed. Try a wrong identity regex and confirm it fails. Inspect the Rekor entry to see the transparency record.

Next Steps

Enforce signature verification at deploy time with an admission policy so unsigned images are rejected. Sign provenance attestations too. Pin the issuer and identity tightly to prevent spoofing.

Prerequisites

  • A published container image
  • A CI pipeline with OIDC
  • Cosign installed

Steps

  • 1
    Install Cosign
  • 2
    Understand keyless signing
  • 3
    Sign an image in CI
  • 4
    Verify the signature
  • 5
    Attach an SBOM attestation
  • 6
    Enforce verification at deploy

Category

Security