Bitnami Secure Image for cosign
1M+
Cosign supports container signing, verification, and storage in an OCI registry. Written in Go, it aims to make signatures invisible infrastructure.
Overview of Cosign Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
docker run --name cosign REGISTRY_NAME/bitnami/cosign:latest
Note: You need to substitute the
REGISTRY_NAMEplaceholder with a reference to your container registry.
Dockerfile linksLearn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags in our documentation page.
The recommended way to get the Bitnami Cosign Docker Image is to pull the prebuilt image from the Docker Hub Registry.
docker pull REGISTRY_NAME/bitnami/cosign:latest
To use a specific version, you can pull a versioned tag. You can view the list of available versions in the Docker Hub Registry.
docker pull REGISTRY_NAME/bitnami/cosign:[TAG]
If you wish, you can also build the image yourself by cloning the repository, changing to the directory containing the Dockerfile and executing the docker build command. Remember to replace the APP, VERSION and OPERATING-SYSTEM path placeholders in the example command below with the correct values.
git clone https://github.com/bitnami/containers.git
cd bitnami/APP/VERSION/OPERATING-SYSTEM
docker build -t REGISTRY_NAME/bitnami/APP:latest .
The following section describes how to run commands
To run commands inside this container you can use docker run, for example to execute cosign --help you can follow the example below:
docker run --rm --name cosign REGISTRY_NAME/bitnami/cosign:latest --help
Check the official Cosign documentation for more information about how to use Cosign.
The Bitnami Cosign Docker image from the Bitnami Secure Images catalog includes extra features and settings to configure the container with FIPS capabilities. You can configure the next environment variables:
OPENSSL_FIPS: whether OpenSSL runs in FIPS mode or not. yes (default), no.GODEBUG: controls Go FIPS mode. Use fips140=only (restricted), fips140=on (relaxed), or fips140=off (disabled).docker-compose.yaml file has been removed, as it was solely intended for internal testing purposes.Copyright © 2026 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.