attachProvides utilities for attaching artifacts to other artifacts in a registry
attestAttest the supplied container image
cleanRemove all signatures from an image
completionGenerate completion script
copyCopy the supplied container image and signatures
dockerfileProvides utilities for discovering images in and performing operations on Dockerfiles
downloadProvides utilities for downloading artifacts and attached artifacts in a registry
generateGenerates (unsigned) signature payloads from the supplied container image
generate-key-pairGenerates a key-pair
import-key-pairImports a PEM-encoded RSA or EC private key
initializeInitializes SigStore root to retrieve trusted certificate and key targets for verification
loadLoad a signed image on disk to a remote registry
loginLog in to a registry
manifestProvides utilities for discovering images in and performing operations on Kubernetes manifests
piv-toolThis cosign was not built with piv-tool support!
pkcs11-toolThis cosign was not built with pkcs11-tool support!
policySubcommand to manage a keyless policy
public-keyGets a public key from the key-pair
saveSave the container image and associated signatures to disk at the specified directory
signSign the supplied container image
sign-blobSign the supplied blob, outputting the base64-encoded signature to stdout
treeDisplay supply chain security related artifacts for an image such as signatures, SBOMs and attestations
triangulateOutputs the located cosign image reference. This is the location cosign stores the specified artifact type
uploadProvides utilities for uploading artifacts to a registry
verifyVerify a signature on the supplied container image
verify-attestationVerify an attestation on the supplied container image
verify-blobVerify a signature on the supplied blob
versionPrints the version
helpHelp about any command


--output-file <output-file>Log output to a file
--timeout, -t <timeout>Timeout for commands
--verbose, -dLog debug output
--help, -hHelp for cosign