macOS
Homebrewverified · 100%
brew install cosignlocal Homebrew formula metadata
MacPortsverified · 94%
sudo port install cosignMacPorts ports tree · security/cosign/Portfile · source: api.github.com
brew / rang 642
Installer cosign
Consultez les chemins d'installation, exécutables, métadonnées et notes de sécurité de cosign pour les workflows d'agents IA.
installation
Installer avec Automic Vault
Automic Vault
sudo av install brew:cosignLinux
Alpine Linux apkverified · 92%
sudo apk add cosignAlpine Linux edge package indexes · cosign · source: dl-cdn.alpinelinux.org
Debian aptverified · 92%
sudo apt install cosignDebian stable package indexes · cosign · source: deb.debian.org
Nixverified · 92%
nix profile install nixpkgs#cosignnixpkgs package indexes · pkgs/by-name/co/cosign/package.nix · source: api.github.com
Arch Linux pacmanverified · 92%
sudo pacman -S cosignArch Linux sync databases · cosign · source: geo.mirror.pkgbuild.com
openSUSE zypperverified · 92%
sudo zypper install cosignopenSUSE Tumbleweed package metadata · cosign · source: download.opensuse.org
Windows
Scoopverified · 92%
scoop install main/cosignScoop official bucket manifest trees · bucket/cosign.json · source: api.github.com
Windows Package Managerverified · 92%
winget install --id Sigstore.Cosign -eWindows Package Manager source index · Sigstore.Cosign · source: cdn.winget.microsoft.com
Source du gestionnaire de paquets
Notes de plateforme
- Aucune note de plateforme propre au paquet n'était présente.
aperçu
Résumé du paquet
Container Signing
Page d'accueil
Commandes et alias
- cosign
posture de sécurité
Niveau de risque : orange
infrastructure mutation or orchestration signal.
Risk classifier
orange risk · medium confidence · infrastructure
Why
- infrastructure mutation or orchestration signal
Signals
- text:container
Install behavior
- No Homebrew post-install hook is recorded in formula metadata.
- Homebrew bottle metadata is available for 6 platform targets.
- Build metadata lists 1 build dependencies.
Revue recommandée
Avant une utilisation sans surveillance par un agent, vérifiez si l'outil lit des identifiants en clair, écrit un état distant, publie des artefacts ou lance des plugins.
exécutables
Exécutables installés
| Commande | Type | Exposition | Note |
|---|---|---|---|
cosign | cli | global executable |
fraîcheur
Version et fraîcheur
Ces signaux séparent l'âge de génération de la page, l'activité du gestionnaire de paquets et la comparaison avec les versions amont. Un retard de version n'est signalé que lorsqu'une URL de preuve et des versions comparables sont présentes.
page générée2026-06-10
version du gestionnaire3.1.1
gestionnaire mis à jour2026-06-09
données localesok
amontnot checked
dernière version détectéenot detected
https://github.com/sigstore/cosign
- infoNo cached GitHub release or tag data was available.https://github.com/sigstore/cosignnone confidence
métadonnées d'installation
Métadonnées du paquet
| Package key | brew:cosign |
|---|---|
| Version | 3.1.1 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/cosign |
| Homepage | https://github.com/sigstore/cosign |
| Repository | https://github.com/sigstore/cosign |
| Upstream docs | https://docs.sigstore.dev/cosign |
| License | Apache-2.0 |
| Source archive | https://github.com/sigstore/cosign.git |
| Last updated | 2026-06-09T18:09:12Z |
| Pulse | updated |
| Build dependencies | go |
| Bottle | available (arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
Source database details
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | cosign |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Other package-manager records
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
Debian apt95%
cosign 2.5.0-2+b4
Code signing/transparency for containers and binaries (program)
https://github.com/sigstore/cosign
sudo apt install cosign- Section: golang
- Architecture: amd64
- Source Package: cosign
- 1 dependencies
- normalized package name match
- Matched by: Cosign
Debian apt95%
golang-github-sigstore-cosign-dev 2.5.0-2
Code signing/transparency for containers and binaries (library)
https://github.com/sigstore/cosign
sudo apt install golang-github-sigstore-cosign-dev- Section: golang
- Architecture: all
- Source Package: cosign
- 32 dependencies
- normalized package name match
- Matched by: Cosign
Nix95%
cosign
nix profile install nixpkgs#cosign- normalized package name match
- Matched by: Cosign
apk95%
cosign 3.0.6-r1
container signing tool with support for ephemeral keys and Sigstore signing
https://github.com/sigstore/cosign
sudo apk add cosign- License: Apache-2.0
- Architecture: x86_64
- Source Package: cosign
- 1 dependencies
- 1 provides
- normalized package name match
- Matched by: Cosign
apk95%
cosign-bash-completion 3.0.6-r1
Bash completions for cosign
https://github.com/sigstore/cosign
sudo apk add cosign-bash-completion- License: Apache-2.0
- Architecture: x86_64
- Source Package: cosign
- normalized package name match
- Matched by: Cosign
apk95%
cosign-fish-completion 3.0.6-r1
Fish completions for cosign
https://github.com/sigstore/cosign
sudo apk add cosign-fish-completion- License: Apache-2.0
- Architecture: x86_64
- Source Package: cosign
- normalized package name match
- Matched by: Cosign
apk95%
cosign-zsh-completion 3.0.6-r1
Zsh completions for cosign
https://github.com/sigstore/cosign
sudo apk add cosign-zsh-completion- License: Apache-2.0
- Architecture: x86_64
- Source Package: cosign
- normalized package name match
- Matched by: Cosign
pacman95%
cosign 3.0.6-1
Container Signing with support for ephemeral keys and Sigstore signing
https://github.com/sigstore/cosign
sudo pacman -S cosign- License: Apache-2.0
- Architecture: x86_64
- 1 dependencies
- normalized package name match
- Matched by: Cosign
zypper95%
cosign 3.0.6-1.1
Container Signing, Verification and Storage in an OCI registry
https://github.com/sigstore/cosign
sudo zypper install cosign- License: Apache-2.0
- Category: Unspecified
- Architecture: x86_64
- Source Package: cosign
- 1 dependencies
- 1 provides
- normalized package name match
- Matched by: Cosign
zypper95%
cosign-bash-completion 3.0.6-1.1
Bash Completion for cosign
https://github.com/sigstore/cosign
sudo zypper install cosign-bash-completion- License: Apache-2.0
- Category: System/Shells
- Architecture: noarch
- Source Package: cosign
- 2 dependencies
- 1 provides
- normalized package name match
- Matched by: Cosign
zypper95%
cosign-fish-completion 3.0.6-1.1
Fish Completion for cosign
https://github.com/sigstore/cosign
sudo zypper install cosign-fish-completion- License: Apache-2.0
- Category: System/Shells
- Architecture: noarch
- Source Package: cosign
- 1 dependencies
- 1 provides
- normalized package name match
- Matched by: Cosign
zypper95%
cosign-zsh-completion 3.0.6-1.1
Zsh Completion for cosign
https://github.com/sigstore/cosign
sudo zypper install cosign-zsh-completion- License: Apache-2.0
- Category: System/Shells
- Architecture: noarch
- Source Package: cosign
- 1 dependencies
- 1 provides
- normalized package name match
- Matched by: Cosign
MacPorts95%
cosign
sudo port install cosign- normalized package name match
- Matched by: Cosign
Scoop95%
main/cosign
scoop install main/cosign- normalized package name match
- Matched by: Cosign
winget95%
Sigstore.Cosign
winget install --id Sigstore.Cosign -e- normalized package name match
- Matched by: Cosign
piste source
Généré depuis les données du dépôt
Cette page est servie par av-web depuis l'artéfact SQLite privé des paquets généré par scripts/generate-pkg-sqlite.py.
Sources utilisées
- Geiger risk classifier
- Nucleus package database
- av.db category and tag curation
- cross-ecosystem install command graph
- external package-manager database matches
- package relationship graph
- package version freshness
- package-page enrichment