Ubuntu Manpage: cosign - Container Signing/Verification/Storage tool

NAME

       cosign - Container Signing/Verification/Storage tool

DESCRIPTION

       A tool for Container Signing, Verification and Storage in an OCI registry.

       Usage: cosign [command]

       Available Commands: attach                  Provides utilities for attaching artifacts to other artifacts
       in   a   registry   attest                    Attest   the   supplied   container   image.    attest-blob
       Attest the supplied blob.   bundle                   Interact  with  a  Sigstore  protobuf  bundle  clean
       Remove   all   signatures  from  an  image.   completion               Generate  completion  script  copy
       Copy the supplied  container  image  and  signatures.   dockerfile               Provides  utilities  for
       discovering images in and performing operations on Dockerfiles download                Provides utilities
       for  downloading  artifacts  and  attached  artifacts in a registry env                     Prints Cosign
       environment variables generate                Generates (unsigned) signature payloads from  the  supplied
       container  image.   generate-key-pair       Generates a key-pair.  help                    Help about any
       command  import-key-pair          Imports  a   PEM-encoded   RSA   or   EC   private   key.    initialize
       Initializes  SigStore  root  to  retrieve  trusted  certificate  and  key targets for verification.  load
       Load a signed image on disk to a remote registry login                   Log in to  a  registry  manifest
       Provides utilities for discovering images in and performing operations on Kubernetes manifests public-key
       Gets  a  public  key  from the key-pair.  save                    Save the container image and associated
       signatures to disk at the specified  directory.   sign                     Sign  the  supplied  container
       image.   sign-blob                Sign  the  supplied  blob,  outputting  the base64-encoded signature to
       stdout.  tree                    Display supply chain security related artifacts for  an  image  such  as
       signatures,  SBOMs  and  attestations triangulate             Outputs the located cosign image reference.
       This is the location where cosign stores the specified artifact type.   trusted-root             Interact
       with  a Sigstore protobuf trusted root upload                  Provides utilities for uploading artifacts
       to  a  registry  verify                   Verify  a   signature   on   the   supplied   container   image
       verify-attestation        Verify   an   attestation   on   the   supplied   container  image  verify-blob
       Verify a signature on the supplied blob verify-blob-attestation Verify an  attestation  on  the  supplied
       blob version                 Prints the version

   Flags:

       -h, --help=false:

              help for cosign

       --output-file='':

              log output to a file

       -t, --timeout=3m0s:

              timeout for commands

       -d, --verbose=false:

              log debug output

       Additional  help  topics: cosign piv-tool                This cosign was not built with piv-tool support!
       cosign pkcs11-tool             This cosign was not built with pkcs11-tool support!

       Use "cosign [command] --help" for more information about a command.

cosign 2.5.0-2                                     April 2025                                          COSIGN(1)