Enable javascript in your browser for better experience. Need to know to enable it? Go here.
Published : Oct 27, 2021
This blip is not on the current edition of the Radar. If it was on one of the last few editions, it is likely that it is still relevant. If the blip is older, it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the Radar. Understand more
Oct 2021
Assess ? Worth exploring with the goal of understanding how it will affect your enterprise.

Cosign is a container signing and verification tool. Part of Sigstore — a project under the Cloud Native Computing Foundation (CNCF) umbrella aimed at simplifying software signing and transparency — Cosign supports not only Docker and Open Container Initiative (OCI) images but also other artifacts that can be stored in a container registry. We previously talked about Docker Notary, which also operates in this space; Notary v1, however, has some disadvantages: it's not registry native and needs a separate Notary server. Cosign avoids this problem and stores the signatures in the registry next to an image. It currently has integrations with GitHub actions and Kubernetes using a Webhook with further integrations in the pipeline. We've used Cosign in some of our projects and it looks quite promising.

Download Technology Radar Volume 29

English | Español | Português | 中文

Stay informed about technology


Subscribe now

Visit our archive to read previous volumes