bitnami/cosign

By bitnami

Updated 9 days ago

Bitnami Secure Image for cosign

Image
Artifact
Security
Integration & delivery
3

1M+

bitnami/cosign repository overview

Bitnami Secure Image for Cosign

Cosign supports container signing, verification, and storage in an OCI registry. Written in Go, it aims to make signatures invisible infrastructure.

Overview of Cosign Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.

TL;DR

docker run --name cosign REGISTRY_NAME/bitnami/cosign:latest

Note: You need to substitute the REGISTRY_NAME placeholder with a reference to your container registry.

Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags in our documentation page.

Get this image

The recommended way to get the Bitnami Cosign Docker Image is to pull the prebuilt image from the Docker Hub Registry.

docker pull REGISTRY_NAME/bitnami/cosign:latest

To use a specific version, you can pull a versioned tag. You can view the list of available versions in the Docker Hub Registry.

docker pull REGISTRY_NAME/bitnami/cosign:[TAG]

If you wish, you can also build the image yourself by cloning the repository, changing to the directory containing the Dockerfile and executing the docker build command. Remember to replace the APP, VERSION and OPERATING-SYSTEM path placeholders in the example command below with the correct values.

git clone https://github.com/bitnami/containers.git
cd bitnami/APP/VERSION/OPERATING-SYSTEM
docker build -t REGISTRY_NAME/bitnami/APP:latest .

Configuration

The following section describes how to run commands

Running commands

To run commands inside this container you can use docker run, for example to execute cosign --help you can follow the example below:

docker run --rm --name cosign REGISTRY_NAME/bitnami/cosign:latest --help

Check the official Cosign documentation for more information about how to use Cosign.

FIPS configuration in Bitnami Secure Images

The Bitnami Cosign Docker image from the Bitnami Secure Images catalog includes extra features and settings to configure the container with FIPS capabilities. You can configure the next environment variables:

  • OPENSSL_FIPS: whether OpenSSL runs in FIPS mode or not. yes (default), no.
  • GODEBUG: controls Go FIPS mode. Use fips140=only (restricted), fips140=on (relaxed), or fips140=off (disabled).

Notable Changes

Starting January 16, 2024
  • The docker-compose.yaml file has been removed, as it was solely intended for internal testing purposes.

License

Copyright © 2026 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Tag summary

Content type

Image

Digest

sha256:0486267ce

Size

7.8 kB

Last updated

9 days ago

docker pull bitnami/cosign:sha256-2b410b7a6a8da18f3c8ddf12dfeb137e76010a6d1e12b5c3ce7557d7cc5d0cba
Bitnami