Enable javascript in your browser for better experience. Need to know to enable it? Go here.
Published : Oct 27, 2021
Oct 2021
Assess ? Worth exploring with the goal of understanding how it will affect your enterprise.

Cosign is a container signing and verification tool. Part of Sigstore — a project under the Cloud Native Computing Foundation (CNCF) umbrella aimed at simplifying software signing and transparency — Cosign supports not only Docker and Open Container Initiative (OCI) images but also other artifacts that can be stored in a container registry. We previously talked about Docker Notary, which also operates in this space; Notary v1, however, has some disadvantages: it's not registry native and needs a separate Notary server. Cosign avoids this problem and stores the signatures in the registry next to an image. It currently has integrations with GitHub actions and Kubernetes using a Webhook with further integrations in the pipeline. We've used Cosign in some of our projects and it looks quite promising.


Download Technology Radar Volume 25

English | Español | Português | 中文


Stay informed about technology


Subscribe now

Visit our archive to read previous volumes