Container Image Signing with Cosign and Sigstore

Signing images was once cryptography heavy lifting. With Sigstore, it is a CI step.

Why image signing matters

Image signing answers a single question: was this image built by a process I authorise? Without it, you trust whoever pushed to the registry. Supply-chain attacks have made unsigned images a real risk vector.

• Provenance. The signature attests "this image came from this CI pipeline," not "this image came from someone with push access."
• Supply-chain risk. Compromised registry credentials let attackers push malicious images; signing makes the attack visible.
• Compliance driver. SLSA, SOC 2, and emerging regulation expect image provenance evidence; signing is the mechanism.
• The fix is cheap. Sigstore makes signing a CI step; the cost is one shell command, the gain is verifiable provenance.

Cosign + Sigstore basics

Cosign signs container images using Sigstore’s keyless flow. OIDC-based authentication, transparency log entries, no key management to operate; the cryptography that used to be a quarterly project is now a CI step.

• Cosign. The CLI for signing and verifying container images; integrates with major registries; one command per signature.
• Sigstore keyless. OIDC-based identity; no long-lived keys to rotate or lose; the signing identity is the CI’s OIDC token.
• Rekor transparency log. Every signature logged publicly and immutably; tamper evidence built into the protocol.
• Free plus zero infrastructure. Sigstore public-good infrastructure; no servers to operate; no per-signature cost.

CI integration

CI step: cosign sign --keyless <image>. Done. Logs to Sigstore Rekor (transparency log).

Ten minutes to integrate; signature is permanent and verifiable.

Cluster-side verification

Policy controller (Sigstore policy-controller, Kyverno) blocks unsigned images at the cluster admission webhook.

Trust hierarchy: only images signed by a known issuer (your CI) deploy.

Antipatterns

• Signing without verification. Pure theatre.
• Long-lived keys instead of keyless. Keys to lose; rotation pain.
• No emergency revocation plan. Compromise needs a path.

What to do this week

Three moves. (1) Pick one production system to apply this pattern to first. (2) Measure the security signal before/after. (3) Document the gap and write a follow-up ticket so the program stays alive between quarterly reviews.