sigstore/cosign
Security
Cosign is a security tool. The whole project's value depends on getting trust boundaries right. This page summarizes them.
Trust boundaries
graph TB
subgraph Trusted["Trusted (compiled into the binary)"]
Code[Go source under cmd/, pkg/, internal/]
Vendor[Vendored modules in go.sum]
end
subgraph TUFTrust["Trusted via TUF metadata"]
TR[trusted_root.json: Fulcio CA, Rekor key, CT key, TSA chain]
end
subgraph External["External — verified, not trusted"]
Fulcio
Rekor
TSA
OIDC[OIDC issuer]
Reg[OCI registry]
end
Code --> TR
TR --> Fulcio
TR --> Rekor
TR --> TSA
Code --> OIDC
Code --> RegAnything cryptographically tied back to trusted_root.json is trusted; everything else is verified at use time. The TUF metadata itself is updated by cosign initialize (see pkg/cosign/tuf.go).
Where keys and secrets live
- Local cosign keys —
cosign.keyis encrypted withnacl/secretboxkeyed by an scrypt-derived password (pkg/cosign/keys.go::EncryptKey). The password is taken fromCOSIGN_PASSWORDor an interactive prompt. Thepkg/cosign/env/env.goregistry marksCOSIGN_PASSWORD,COSIGN_PKCS11_PIN,SIGSTORE_ID_TOKEN,GITHUB_TOKEN,GITLAB_TOKENasSensitive: true, which excludes them fromcosign envoutput. - KMS keys — never leave the KMS. Cosign asks the KMS to sign and never sees the private material. Provider URIs:
awskms://,gcpkms://,azurekms://,hashivault://. - Hardware tokens — PIV (
pkg/cosign/pivkey/) and PKCS#11 (pkg/cosign/pkcs11key/) hold private keys on the device. - OIDC tokens — short-lived (typically minutes), exchanged for a 10-minute Fulcio cert and discarded. They're the most sensitive in-flight material; the keyless flow's privacy prompt (
internal/ui/prompt.go, "by typing 'y', you attest…") exists to make sure the user knows the email/sub will land in the public Rekor log forever.
Identity-based verification is mandatory
Per the v2.x cleanup, every keyless cosign verify requires both --certificate-identity[-regexp] and --certificate-oidc-issuer[-regexp]. This is enforced in cmd/cosign/cli/verify/common.go and not optional. Without it the cryptographic check would only prove "some certificate signed by Fulcio" rather than "this specific identity signed".
Transparency log requirement
By default every keyless signature is uploaded to Rekor and verifiers require an inclusion proof. --insecure-ignore-tlog and --tlog-upload=false exist for niche workflows but cosign prints Skipping tlog verification is an insecure practice… when they're used (cmd/cosign/cli/verify.go::ignoreTLogMessage). The recently merged commit "bundle create: Prevent IgnoreTlog when bundle contains SET" (Apr 2026) further closes a footgun where a user might silently drop a Signed Entry Timestamp.
Supply chain hygiene of the project itself
Cosign signs its own releases with cosign — see release/ and .goreleaser.yml. CI also runs:
- OpenSSF Scorecard (
.github/workflows/scorecard-action.yml) — visible athttps://securityscorecards.dev/viewer/?uri=github.com/sigstore/cosign. - CodeQL static analysis (
.github/workflows/codeql-analysis.yml). - Dependency review (
.github/workflows/depsreview.yml). - Dependabot (
.github/dependabot.yml) for Go modules, Actions, and Docker. - CII Best Practices badge (visible in
README.md).
Maintainers gate releases behind the cut-release.yml and validate-release.yml workflows.
Reporting vulnerabilities
Use the upstream Sigstore process — see github.com/sigstore/community/blob/main/SECURITY.md. Do not file public issues for vulnerabilities.
Build-tag-gated risk surface
PIV (pivkey) and PKCS#11 (pkcs11key) builds enable CGO and link against vendor .so modules — these are larger trust surfaces than the default CGO_ENABLED=0 build. Default release artifacts do not include them, exactly to keep that surface optional.
Cross-references
- Patterns around env variables and sensitive data: How to contribute / patterns.
- The trust roots: Glossary / TUF, trusted root.
- Verification flow: Architecture / verification flow.
Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.