cosign
Subcommands
| Name | Description |
|---|---|
attach | Provides utilities for attaching artifacts to other artifacts in a registry |
attest | Attest the supplied container image |
clean | Remove all signatures from an image |
completion | Generate completion script |
copy | Copy the supplied container image and signatures |
dockerfile | Provides utilities for discovering images in and performing operations on Dockerfiles |
download | Provides utilities for downloading artifacts and attached artifacts in a registry |
generate | Generates (unsigned) signature payloads from the supplied container image |
generate-key-pair | Generates a key-pair |
import-key-pair | Imports a PEM-encoded RSA or EC private key |
initialize | Initializes SigStore root to retrieve trusted certificate and key targets for verification |
load | Load a signed image on disk to a remote registry |
login | Log in to a registry |
manifest | Provides utilities for discovering images in and performing operations on Kubernetes manifests |
piv-tool | This cosign was not built with piv-tool support! |
pkcs11-tool | This cosign was not built with pkcs11-tool support! |
policy | Subcommand to manage a keyless policy |
public-key | Gets a public key from the key-pair |
save | Save the container image and associated signatures to disk at the specified directory |
sign | Sign the supplied container image |
sign-blob | Sign the supplied blob, outputting the base64-encoded signature to stdout |
tree | Display supply chain security related artifacts for an image such as signatures, SBOMs and attestations |
triangulate | Outputs the located cosign image reference. This is the location cosign stores the specified artifact type |
upload | Provides utilities for uploading artifacts to a registry |
verify | Verify a signature on the supplied container image |
verify-attestation | Verify an attestation on the supplied container image |
verify-blob | Verify a signature on the supplied blob |
version | Prints the version |
help | Help about any command |
Options
| Name | Description |
|---|---|
--output-file <output-file> | Log output to a file |
--timeout, -t <timeout> | Timeout for commands |
--verbose, -d | Log debug output |
--help, -h | Help for cosign |