Sunday, 12 April 2026 @ 09:17 UTC ~2 12,244 130,117

cosign

sigstore · Sigstore.Cosign

Code signing and transparency for containers and binaries

winget install --id Sigstore.Cosign --exact --source winget

Latest 3.0.6

Release Notes

Changelog v3.0.6 resolves GHSA-w6c6-c85g-mmv6. This release also adds support for signing with OpenBao-managed keys.

  • f1ad3ee Fix DSSE predicate check (GHSA-w6c6-c85g-mmv6) (#4801)
  • a09afa9 Handle whitespace-only certificate annotation (#4760)
  • 5a38a6d fix(sign): closing SignerVerifier too early when signing with a security key (#4761)
  • 2290a59 Disallow --new-bundle-format and --rfc3161-timestamp (#4762)
  • 36f4008 support managed keys in conformance testing (#4728)
  • 3274cf9 Add support for GCE metadata server env var (#4732)
  • 2e9754a fix: preserve per-layer annotations in WriteAttestationsReferrer (#4709)
  • dece275 Fix parsing of in-toto for string predicates
  • bd4f0fd Mark batch of flags for deprecation (#4698)
  • 9b259ff disallow key and cert identity being used together during verification (#4636)
  • 95eb1c3 support key creation in GitLab group (#4704) Thanks to all contributors!

Installer type: portable

Architecture Scope Download SHA256
x64 Download 9B85A88EBFF2D9DD30FF4984A6F61F2CEDC232DD87D81FA7F2FF3C0ED96C241C

Details

Homepage
https://github.com/sigstore/cosign
License
Apache-2.0
Publisher
sigstore
Support
https://github.com/sigstore/cosign/issues
Moniker
cosign

Older versions (16)

3.0.5
Architecture Scope Download SHA256
x64 Download 44E9E44202B67DDFAAF5EA1234F5A265417960C4AE98C5B57C35BC40BA9DD714
3.0.4
Architecture Scope Download SHA256
x64 Download A3A0DC4E8C745F9BD855EC18DB346538B78AB2C4D6D510AE4186BB4A03F35438
3.0.3
Architecture Scope Download SHA256
x64 Download 2593655025B52B5B1C99E43464459B645A3ACBE5D4A5A9F3A766E77BEEC5A441
3.0.2
Architecture Scope Download SHA256
x64 Download 7A137280D8686665CEB4D8565DF2A0AC63F28031E014CDCAE5D56891A6C8A400
3.0.1
Architecture Scope Download SHA256
x64 Download 21843DBB2E910097531CA23E9F87D0CA2AE9A412E056009EAE670B090418E8ED
2.6.1
Architecture Scope Download SHA256
x64 Download 049026DAE3246D6EA8201512EC3EFCE3AAB0C7F1D338D52E26C525DD02B418A0
2.6.0
Architecture Scope Download SHA256
x64 Download 7BEB4DD1E19A72C328BBF7C0D7342D744EDBF5CBB082F227B2B76E04A21C16EF
2.5.3
Architecture Scope Download SHA256
x64 Download 545D87E096CAB55E213F25B6EC5C9A74C958F72D05182CEE1CD53A4EB6C2E561
2.5.2
Architecture Scope Download SHA256
x64 Download FEF1C4731DA9112D4CF2F6D93AE2A1551C73116A4F73FAB7B0C15B38E95FF688
2.5.1
Architecture Scope Download SHA256
x64 Download 7A2B09ADD2620AD618A224B7F4BD6ADFA8BAEFA7526047C1FC0EC6C313D69CD6
2.5.0
Architecture Scope Download SHA256
x64 Download 2345667CBCF60767C1A6F678755CBB7465367761084E9D2CBB59AE0CC1A94437
2.4.3
Architecture Scope Download SHA256
x64 Download A2AC24E197111C9430CB2A98F10A641164381AFB83DF036504868E4EA5720800
2.4.2
Architecture Scope Download SHA256
x64 Download 996E6B5E0CA712C3A2C0E182AEE957B85DF1EBA69BABAAE8A6349C0BCE0088DB
2.4.1
Architecture Scope Download SHA256
x64 Download 8D57F8A42A981D27290C4227271FA9F0F62CA6630EB4A21D316BD6B01405B87C
2.4.0
Architecture Scope Download SHA256
x64 Download 88F1ADDBAE6BDD83EC2C067470C1F56B6D0D3BA35F49AD34603F2502CB2933F3
2.3.0
Architecture Scope Download SHA256
x64 Download 7E91FD101DF73601B93061BC39DE734CDCAA26345D3BD8F925E0B53166DC0220