macOS
Homebrewverified · 100%
brew install cosignlocal Homebrew formula metadata
MacPortsverified · 94%
sudo port install cosignMacPorts ports tree · security/cosign/Portfile · source: api.github.com
brew / Rang 642
cosign installieren
Prüfe Installationswege, Executables, Metadaten und Sicherheitshinweise für cosign in AI-Agent-Workflows.
Installation
Mit Automic Vault installieren
Automic Vault
sudo av install brew:cosignLinux
Alpine Linux apkverified · 92%
sudo apk add cosignAlpine Linux edge package indexes · cosign · source: dl-cdn.alpinelinux.org
Debian aptverified · 92%
sudo apt install cosignDebian stable package indexes · cosign · source: deb.debian.org
Nixverified · 92%
nix profile install nixpkgs#cosignnixpkgs package indexes · pkgs/by-name/co/cosign/package.nix · source: api.github.com
Arch Linux pacmanverified · 92%
sudo pacman -S cosignArch Linux sync databases · cosign · source: geo.mirror.pkgbuild.com
openSUSE zypperverified · 92%
sudo zypper install cosignopenSUSE Tumbleweed package metadata · cosign · source: download.opensuse.org
Windows
Scoopverified · 92%
scoop install main/cosignScoop official bucket manifest trees · bucket/cosign.json · source: api.github.com
Windows Package Managerverified · 92%
winget install --id Sigstore.Cosign -eWindows Package Manager source index · Sigstore.Cosign · source: cdn.winget.microsoft.com
Paketmanager-Quelle
Plattformhinweise
- Es waren keine paketspezifischen Plattformhinweise vorhanden.
Überblick
Paketzusammenfassung
Container Signing
Homepage
Befehle und Aliase
- cosign
Sicherheitslage
Risikostufe: orange
infrastructure mutation or orchestration signal.
Risk classifier
orange risk · medium confidence · infrastructure
Why
- infrastructure mutation or orchestration signal
Signals
- text:container
Install behavior
- No Homebrew post-install hook is recorded in formula metadata.
- Homebrew bottle metadata is available for 6 platform targets.
- Build metadata lists 1 build dependencies.
Empfohlene Prüfung
Prüfe vor unbeaufsichtigter Agent-Nutzung, ob das Tool Klartext-Credentials liest, Remote-Zustand schreibt, Artefakte veröffentlicht oder Plugins ausführt.
Executables
Installierte Executables
| Befehl | Art | Sichtbarkeit | Hinweis |
|---|---|---|---|
cosign | cli | global executable |
Aktualität
Version und Aktualität
Diese Signale trennen das Alter der Seitengenerierung, Aktivität des Paketmanagers und Upstream-Release-Vergleich. Versionsrückstand wird nur gemeldet, wenn eine Evidenz-URL und vergleichbare Versionen vorhanden sind.
Seite generiert2026-06-10
Manager-Version3.1.1
Manager aktualisiert2026-06-09
lokale Datenok
Upstreamnot checked
neueste erkannte Versionnot detected
https://github.com/sigstore/cosign
- infoNo cached GitHub release or tag data was available.https://github.com/sigstore/cosignnone confidence
Installationsmetadaten
Paketmetadaten
| Package key | brew:cosign |
|---|---|
| Version | 3.1.1 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/cosign |
| Homepage | https://github.com/sigstore/cosign |
| Repository | https://github.com/sigstore/cosign |
| Upstream docs | https://docs.sigstore.dev/cosign |
| License | Apache-2.0 |
| Source archive | https://github.com/sigstore/cosign.git |
| Last updated | 2026-06-09T18:09:12Z |
| Pulse | updated |
| Build dependencies | go |
| Bottle | available (arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
Source database details
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | cosign |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Other package-manager records
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
Debian apt95%
cosign 2.5.0-2+b4
Code signing/transparency for containers and binaries (program)
https://github.com/sigstore/cosign
sudo apt install cosign- Section: golang
- Architecture: amd64
- Source Package: cosign
- 1 dependencies
- normalized package name match
- Matched by: Cosign
Debian apt95%
golang-github-sigstore-cosign-dev 2.5.0-2
Code signing/transparency for containers and binaries (library)
https://github.com/sigstore/cosign
sudo apt install golang-github-sigstore-cosign-dev- Section: golang
- Architecture: all
- Source Package: cosign
- 32 dependencies
- normalized package name match
- Matched by: Cosign
Nix95%
cosign
nix profile install nixpkgs#cosign- normalized package name match
- Matched by: Cosign
apk95%
cosign 3.0.6-r1
container signing tool with support for ephemeral keys and Sigstore signing
https://github.com/sigstore/cosign
sudo apk add cosign- License: Apache-2.0
- Architecture: x86_64
- Source Package: cosign
- 1 dependencies
- 1 provides
- normalized package name match
- Matched by: Cosign
apk95%
cosign-bash-completion 3.0.6-r1
Bash completions for cosign
https://github.com/sigstore/cosign
sudo apk add cosign-bash-completion- License: Apache-2.0
- Architecture: x86_64
- Source Package: cosign
- normalized package name match
- Matched by: Cosign
apk95%
cosign-fish-completion 3.0.6-r1
Fish completions for cosign
https://github.com/sigstore/cosign
sudo apk add cosign-fish-completion- License: Apache-2.0
- Architecture: x86_64
- Source Package: cosign
- normalized package name match
- Matched by: Cosign
apk95%
cosign-zsh-completion 3.0.6-r1
Zsh completions for cosign
https://github.com/sigstore/cosign
sudo apk add cosign-zsh-completion- License: Apache-2.0
- Architecture: x86_64
- Source Package: cosign
- normalized package name match
- Matched by: Cosign
pacman95%
cosign 3.0.6-1
Container Signing with support for ephemeral keys and Sigstore signing
https://github.com/sigstore/cosign
sudo pacman -S cosign- License: Apache-2.0
- Architecture: x86_64
- 1 dependencies
- normalized package name match
- Matched by: Cosign
zypper95%
cosign 3.0.6-1.1
Container Signing, Verification and Storage in an OCI registry
https://github.com/sigstore/cosign
sudo zypper install cosign- License: Apache-2.0
- Category: Unspecified
- Architecture: x86_64
- Source Package: cosign
- 1 dependencies
- 1 provides
- normalized package name match
- Matched by: Cosign
zypper95%
cosign-bash-completion 3.0.6-1.1
Bash Completion for cosign
https://github.com/sigstore/cosign
sudo zypper install cosign-bash-completion- License: Apache-2.0
- Category: System/Shells
- Architecture: noarch
- Source Package: cosign
- 2 dependencies
- 1 provides
- normalized package name match
- Matched by: Cosign
zypper95%
cosign-fish-completion 3.0.6-1.1
Fish Completion for cosign
https://github.com/sigstore/cosign
sudo zypper install cosign-fish-completion- License: Apache-2.0
- Category: System/Shells
- Architecture: noarch
- Source Package: cosign
- 1 dependencies
- 1 provides
- normalized package name match
- Matched by: Cosign
zypper95%
cosign-zsh-completion 3.0.6-1.1
Zsh Completion for cosign
https://github.com/sigstore/cosign
sudo zypper install cosign-zsh-completion- License: Apache-2.0
- Category: System/Shells
- Architecture: noarch
- Source Package: cosign
- 1 dependencies
- 1 provides
- normalized package name match
- Matched by: Cosign
MacPorts95%
cosign
sudo port install cosign- normalized package name match
- Matched by: Cosign
Scoop95%
main/cosign
scoop install main/cosign- normalized package name match
- Matched by: Cosign
winget95%
Sigstore.Cosign
winget install --id Sigstore.Cosign -e- normalized package name match
- Matched by: Cosign
Quellspur
Aus Repository-Daten generiert
Diese Seite wird von av-web aus dem privaten Paket-SQLite-Artefakt bereitgestellt, das scripts/generate-pkg-sqlite.py erstellt.
Verwendete Quellen
- Geiger risk classifier
- Nucleus package database
- av.db category and tag curation
- cross-ecosystem install command graph
- external package-manager database matches
- package relationship graph
- package version freshness
- package-page enrichment