How to Sign Docker Images with Cosign

Enterno.io Editorial Team

How to Sign Docker Images

By Anatoly Oshmanovsky · Updated Apr 18, 2026

Key idea:

Cosign — open-source tool (Sigstore project) for cryptographic signing of container images. Supply chain security essential in 2026. Keyless mode — uses OIDC (GitHub Actions / Google / Microsoft) instead of long-lived keys. Verify: cosign verify --certificate-identity=... image. SLSA (Supply-chain Levels for Software Artifacts) level 3 compliance achievable with cosign + GitHub Actions.

Below: step-by-step, working examples, common pitfalls, FAQ.

Try it now — free →

Step-by-Step Setup

brew install cosign or download the binary
Keyless sign (recommended): cosign sign --yes ghcr.io/me/app:v1
Browser opens for OIDC auth (GitHub/Google)
Cosign contacts Sigstore Fulcio for a short-lived cert
Signature + cert stored in OCI registry as a sidecar image
Verify: cosign verify image --certificate-identity=user@example.com
Kubernetes: sigstore-policy-controller admission webhook blocks unsigned images

Working Examples

Scenario	Config
GitHub Actions keyless sign	`# .github/workflows/release.yml permissions: id-token: write # OIDC for cosign packages: write - name: Sign image run: \| cosign sign --yes \ ghcr.io/${{ github.repository }}:${{ github.sha }}`
Verify signed image	`cosign verify \ --certificate-identity-regexp='.+@example.com' \ --certificate-oidc-issuer=https://token.actions.githubusercontent.com \ ghcr.io/me/app:v1`
Kubernetes policy-controller	`apiVersion: policy.sigstore.dev/v1beta1 kind: ClusterImagePolicy metadata: name: enforce-signed spec: images: [ { glob: 'ghcr.io/me/*' } ] authorities: - keyless: identities: - issuer: https://token.actions.githubusercontent.com subjectRegExp: '.+'`
Key-based (legacy)	`# Generate key pair $ cosign generate-key-pair # Sign with private key $ cosign sign --key cosign.key ghcr.io/me/app:v1 # Verify with public $ cosign verify --key cosign.pub ghcr.io/me/app:v1`
SBOM attach + sign	`# Generate SBOM $ syft ghcr.io/me/app:v1 -o spdx-json > sbom.json # Attach + sign atomically $ cosign attest --predicate sbom.json --type spdx \ ghcr.io/me/app:v1`

Common Pitfalls

Keyless = identity tied to OIDC provider uptime. For strict enterprise — keys via KMS
Without an admission controller in K8s — signed images not enforced. Deploy sigstore-policy-controller
Old cosign v1 not compatible with v2 verify. Use v2.0+ in 2026
CI without id-token permission — keyless does not work. permissions: id-token: write required
Registry without cosign support (private self-host) — signatures stored but verify may fail

HeadersCSP, HSTS, X-Frame-Options, etc.

SSL/TLSEncryption and certificate

ConfigurationServer settings and leaks

Grade A-FOverall security score

Why teams trust us

OWASP

guidelines

15+

security headers

<2s

result

A–F

security grade

How it works

Enter site URL

Security headers analyzed

Get grade A–F

What Does the Security Analysis Check?

The tool checks HTTP security headers, SSL/TLS configuration, server info leaks, and protection against common attacks (XSS, clickjacking, MIME sniffing). A grade fromA to F shows overall security level.

Header Analysis

Checking Content-Security-Policy, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and more.

SSL Check

TLS version, certificate expiry, chain of trust, HSTS support.

Leak Detection

Finding exposed server versions, debug modes, open configs, and directories.

Report with Recommendations

Detailed report explaining each issue with specific steps to fix it.

Who uses this

Security teams

HTTP header audit

DevOps

config verification

Developers

CSP & HSTS setup

Auditors

compliance checks

Common Mistakes

❌

Missing Content-Security-PolicyCSP is the primary XSS defense. Without it, script injection is much easier.

❌

Missing HSTS headerWithout HSTS, HTTPS-to-HTTP downgrade attacks are possible. Enable Strict-Transport-Security.

❌

Server header exposes versionServer: Apache/2.4.52 helps attackers find exploits. Hide the version.

❌

X-Frame-Options not setSite can be embedded in iframe for clickjacking. Set DENY or SAMEORIGIN.

❌

Missing X-Content-Type-OptionsWithout nosniff, browsers may misinterpret file types (MIME sniffing).

Best Practices

✓

Start with basic headersMinimum: HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy. Takes 5 minutes.

✓

Implement CSP graduallyStart with Content-Security-Policy-Report-Only, monitor violations, then enforce.

✓

Hide server headersRemove Server, X-Powered-By, X-AspNet-Version from responses.

✓

Configure Permissions-PolicyRestrict camera, microphone, geolocation access — only what is actually used.

✓

Check after every deploySecurity headers can be overwritten during server configuration updates.

Get more with a free account

Security check history and HTTP security header monitoring.

Learn more

How-to

Glossary

Research

Alternatives

Sentry Alternatives

Frequently Asked Questions

Why sign images?

Supply chain attacks (SolarWinds, xz) showed: untrusted images = RCE. Signing proves "this image was built by X CI". SLSA level 3 requires it.

Keyless vs key-based?

Keyless: no key management, OIDC-based, fits most. Key-based: offline signing, for air-gapped, requires key storage (HSM / KMS).

What is an SBOM?

Software Bill of Materials. syft / Trivy generate list of packages in image. Combined with cosign attest — creates attested SBOM.

Admission in K8s?

sigstore-policy-controller (preferred 2025+) or Kyverno with cosign verify. Block unsigned images or wrong signer.