Open-Source Wikis

/

Cosign

/

CLI

/

OCI and attachment commands

sigstore/cosign

OCI and attachment commands

Cosign has a long tail of registry-utility commands that don't sign or verify on their own — they manipulate signature artifacts, navigate the deterministic-tag layout, and copy or save signed content for offline use.

cosign attach

Attach pre-existing artifacts to an image without going through the full sign flow. Useful if you signed something elsewhere (e.g. via a hardware HSM workflow that produced a detached signature) and just need to publish it.

Subcommand Implementation Purpose
cosign attach signature cmd/cosign/cli/attach.go Push an existing .sig + payload + cert + chain to the deterministic tag
cosign attach attestation cmd/cosign/cli/attach.go Push an existing DSSE-signed in-toto envelope
cosign attach sbom (deprecated) Push a raw SBOM as an OCI attachment — superseded by SBOM-as-attestation

See doc/cosign_attach.md and friends.

cosign download

The mirror image of attach — read attached artifacts off a registry without verifying them.

Subcommand Purpose
cosign download signature <image> Pull every cosign signature attached to the digest
cosign download attestation <image> Pull every attestation
cosign download sbom <image> (deprecated) Pull a raw OCI-attached SBOM

Implementation: cmd/cosign/cli/download.go + cmd/cosign/cli/download/.

cosign upload

Subcommand Purpose
cosign upload blob Wrap arbitrary bytes as an OCI image and push (one-layer image, configurable media type)
cosign upload wasm Same, but with WASM-specific media types

Implementation: cmd/cosign/cli/upload.go. Useful for distributing signed artifacts that aren't container images via OCI registries.

cosign copy

cosign copy <src-image> <dst-image>

Implementation: cmd/cosign/cli/copy.go. Copies an image plus every attached signature/attestation/SBOM to a new repository, preserving the deterministic-tag relationships. Handy when promoting a signed image between registries.

cosign clean

cosign clean <image> --type signature|attestation|sbom|all

Implementation: cmd/cosign/cli/clean.go. Deletes attached artifacts. Requires registry write access. The --type flag selects which tag(s) to remove.

cosign triangulate

cosign triangulate <image-digest>

Implementation: cmd/cosign/cli/triangulate.go. Prints the OCI tag where the image's signatures live (i.e. sha256-<digest>.sig for signatures, .att for attestations, .sbom for SBOMs). Pure path computation — does not hit the network.

cosign tree

cosign tree <image>

Implementation: cmd/cosign/cli/tree.go. Prints a tree of every attached artifact (signatures, attestations, SBOMs) for the image, with their digests and types. Good first stop when debugging "what does my image actually have attached?".

cosign save / cosign load

cosign save <image> --dir ./signed-export
cosign load --dir ./signed-export        # imports it back to a different registry

Implementation: cmd/cosign/cli/save.go, cmd/cosign/cli/load.go. Serializes an image and all attached artifacts into an OCI Image Layout on disk (per the OCI spec). cosign verify --local-image ./signed-export then verifies offline.

cosign manifest

cosign manifest verify --key cosign.pub <kubernetes-manifest.yaml>

Implementation: cmd/cosign/cli/manifest.go. Walks a Kubernetes manifest, extracts every image reference, and verifies all of them against the supplied key/identity. Useful in admission-controller-adjacent workflows.

cosign dockerfile

cosign dockerfile verify --key cosign.pub Dockerfile

Implementation: cmd/cosign/cli/dockerfile.go. Same idea, but for FROM references in a Dockerfile.

cosign generate

cosign generate <image>

Implementation: cmd/cosign/cli/generate.go. Emits the simple-signing payload that would be signed for that image — useful for offline workflows where the actual signing happens elsewhere (e.g. on an air-gapped HSM workstation).

cosign initialize

cosign initialize [--mirror <url>] [--root <root.json>]

Implementation: cmd/cosign/cli/initialize.go. Pulls or refreshes the TUF metadata and trusted_root.json from the public-good repo (or a custom mirror). Stores them under ~/.sigstore/root/. Run once before air-gapped verification.

cosign trusted-root and cosign signing-config

cosign trusted-root create --certificate-chain ca.pem --rekor-key rekor.pub ... -o trusted_root.json
cosign signing-config create --fulcio-url https://... --rekor-url https://... -o signing_config.json

Implementation: cmd/cosign/cli/trustedroot.go and cmd/cosign/cli/signingconfig.go. Build the JSON documents that cosign verify --trusted-root ... and cosign sign --signing-config ... consume — the path to running cosign against a private Sigstore deployment.

cosign bundle

cosign bundle create --signature sig.txt --certificate cert.pem --rekor-bundle rekor.json -o bundle.sigstore.json

Implementation: cmd/cosign/cli/bundle.go. Combines pre-existing detached materials into a single Sigstore protobuf bundle — useful for migrating a legacy .sig + .pem + Rekor entry set onto the new bundle format. Recently hardened (commit bundle create: Prevent IgnoreTlog when bundle contains SET, Apr 2026) to refuse to drop the SET on the floor.

Key source files

File Purpose
cmd/cosign/cli/attach.go attach command tree
cmd/cosign/cli/download.go download command tree
cmd/cosign/cli/upload.go upload (blob, wasm)
cmd/cosign/cli/copy.go Image + attached artifact copy
cmd/cosign/cli/clean.go Delete attached artifacts
cmd/cosign/cli/triangulate.go Tag derivation
cmd/cosign/cli/tree.go List attached artifacts
cmd/cosign/cli/save.go, load.go OCI Image Layout export/import
cmd/cosign/cli/manifest.go, dockerfile.go Verify-by-spec helpers
cmd/cosign/cli/initialize.go TUF refresh
cmd/cosign/cli/trustedroot.go, signingconfig.go, bundle.go v3 trust/bundle composition tools

Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.

OCI and attachment commands – Cosign wiki | Factory