Automic VaultAutomic Vault

brew / 排名 642

安装 cosign

查看 cosign 的安装路径、可执行文件、元数据以及面向 AI 代理工作流的安全说明。

安装命令安全说明

安装

使用 Automic Vault 安装

Automic Vault
下载 AV
sudo av install brew:cosign

macOS

Homebrewverified · 100%
brew install cosign

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install cosign

MacPorts ports tree · security/cosign/Portfile · source: api.github.com

Linux

Alpine Linux apkverified · 92%
sudo apk add cosign

Alpine Linux edge package indexes · cosign · source: dl-cdn.alpinelinux.org

Debian aptverified · 92%
sudo apt install cosign

Debian stable package indexes · cosign · source: deb.debian.org

Nixverified · 92%
nix profile install nixpkgs#cosign

nixpkgs package indexes · pkgs/by-name/co/cosign/package.nix · source: api.github.com

Arch Linux pacmanverified · 92%
sudo pacman -S cosign

Arch Linux sync databases · cosign · source: geo.mirror.pkgbuild.com

openSUSE zypperverified · 92%
sudo zypper install cosign

openSUSE Tumbleweed package metadata · cosign · source: download.opensuse.org

Windows

Scoopverified · 92%
scoop install main/cosign

Scoop official bucket manifest trees · bucket/cosign.json · source: api.github.com

Windows Package Managerverified · 92%
winget install --id Sigstore.Cosign -e

Windows Package Manager source index · Sigstore.Cosign · source: cdn.winget.microsoft.com

平台说明

  • 没有特定于此软件包的平台说明。

概览

软件包摘要

Container Signing

命令和别名

  • cosign

安全态势

风险级别:orange

infrastructure mutation or orchestration signal.

Risk classifier

orange risk · medium confidence · infrastructure

Why

  • infrastructure mutation or orchestration signal

Signals

  • text:container

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 1 build dependencies.

建议审查

在无人值守的代理使用前,请检查该工具是否读取明文凭据、写入远程状态、发布制品或调用插件。

可执行文件

已安装的可执行文件

命令类型暴露范围备注
cosigncliglobal executable

新鲜度

版本和新鲜度

这些信号区分页生成时间、软件包管理器活动和上游发布比较。只有存在证据 URL 和可比较版本时,才会提示版本落后。

页面生成时间2026-06-10
管理器版本3.1.1
管理器更新时间2026-06-09
本地数据ok
上游not checked
检测到的最新版本not detected

https://github.com/sigstore/cosign

安装元数据

软件包元数据

Package keybrew:cosign
Version3.1.1
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/cosign
Homepagehttps://github.com/sigstore/cosign
Repositoryhttps://github.com/sigstore/cosign
Upstream docshttps://docs.sigstore.dev/cosign
LicenseApache-2.0
Source archivehttps://github.com/sigstore/cosign.git
Last updated2026-06-09T18:09:12Z
Pulseupdated
Build dependenciesgo
Bottleavailable (arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namecosign
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Debian apt95%

cosign 2.5.0-2+b4

Code signing/transparency for containers and binaries (program)

https://github.com/sigstore/cosign

sudo apt install cosign
  • Section: golang
  • Architecture: amd64
  • Source Package: cosign
  • 1 dependencies
  • normalized package name match
  • Matched by: Cosign
Debian stable package indexes · deb.debian.org · Debian stable package indexes: cosign from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Debian apt95%

golang-github-sigstore-cosign-dev 2.5.0-2

Code signing/transparency for containers and binaries (library)

https://github.com/sigstore/cosign

sudo apt install golang-github-sigstore-cosign-dev
  • Section: golang
  • Architecture: all
  • Source Package: cosign
  • 32 dependencies
  • normalized package name match
  • Matched by: Cosign
Debian stable package indexes · deb.debian.org · Debian stable package indexes: golang-github-sigstore-cosign-dev from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Nix95%

cosign

nix profile install nixpkgs#cosign
  • normalized package name match
  • Matched by: Cosign
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/co/cosign/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
apk95%

cosign 3.0.6-r1

container signing tool with support for ephemeral keys and Sigstore signing

https://github.com/sigstore/cosign

sudo apk add cosign
  • License: Apache-2.0
  • Architecture: x86_64
  • Source Package: cosign
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Cosign
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: cosign from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
apk95%

cosign-bash-completion 3.0.6-r1

Bash completions for cosign

https://github.com/sigstore/cosign

sudo apk add cosign-bash-completion
  • License: Apache-2.0
  • Architecture: x86_64
  • Source Package: cosign
  • normalized package name match
  • Matched by: Cosign
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: cosign-bash-completion from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
apk95%

cosign-fish-completion 3.0.6-r1

Fish completions for cosign

https://github.com/sigstore/cosign

sudo apk add cosign-fish-completion
  • License: Apache-2.0
  • Architecture: x86_64
  • Source Package: cosign
  • normalized package name match
  • Matched by: Cosign
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: cosign-fish-completion from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
apk95%

cosign-zsh-completion 3.0.6-r1

Zsh completions for cosign

https://github.com/sigstore/cosign

sudo apk add cosign-zsh-completion
  • License: Apache-2.0
  • Architecture: x86_64
  • Source Package: cosign
  • normalized package name match
  • Matched by: Cosign
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: cosign-zsh-completion from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
pacman95%

cosign 3.0.6-1

Container Signing with support for ephemeral keys and Sigstore signing

https://github.com/sigstore/cosign

sudo pacman -S cosign
  • License: Apache-2.0
  • Architecture: x86_64
  • 1 dependencies
  • normalized package name match
  • Matched by: Cosign
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: cosign from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz
zypper95%

cosign 3.0.6-1.1

Container Signing, Verification and Storage in an OCI registry

https://github.com/sigstore/cosign

sudo zypper install cosign
  • License: Apache-2.0
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: cosign
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Cosign
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: cosign from https://download.opensuse.org/tumbleweed/repo/oss/repodata/155b97171d05e27afd950b6fe0d55513ff38f4597110664535bceedc680bbe6fd459f0733718dcc21dcf0efc7c8250fd1390c73d4790b42e62fb2c16a87242e5-primary.xml.zst
zypper95%

cosign-bash-completion 3.0.6-1.1

Bash Completion for cosign

https://github.com/sigstore/cosign

sudo zypper install cosign-bash-completion
  • License: Apache-2.0
  • Category: System/Shells
  • Architecture: noarch
  • Source Package: cosign
  • 2 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Cosign
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: cosign-bash-completion from https://download.opensuse.org/tumbleweed/repo/oss/repodata/155b97171d05e27afd950b6fe0d55513ff38f4597110664535bceedc680bbe6fd459f0733718dcc21dcf0efc7c8250fd1390c73d4790b42e62fb2c16a87242e5-primary.xml.zst
zypper95%

cosign-fish-completion 3.0.6-1.1

Fish Completion for cosign

https://github.com/sigstore/cosign

sudo zypper install cosign-fish-completion
  • License: Apache-2.0
  • Category: System/Shells
  • Architecture: noarch
  • Source Package: cosign
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Cosign
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: cosign-fish-completion from https://download.opensuse.org/tumbleweed/repo/oss/repodata/155b97171d05e27afd950b6fe0d55513ff38f4597110664535bceedc680bbe6fd459f0733718dcc21dcf0efc7c8250fd1390c73d4790b42e62fb2c16a87242e5-primary.xml.zst
zypper95%

cosign-zsh-completion 3.0.6-1.1

Zsh Completion for cosign

https://github.com/sigstore/cosign

sudo zypper install cosign-zsh-completion
  • License: Apache-2.0
  • Category: System/Shells
  • Architecture: noarch
  • Source Package: cosign
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Cosign
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: cosign-zsh-completion from https://download.opensuse.org/tumbleweed/repo/oss/repodata/155b97171d05e27afd950b6fe0d55513ff38f4597110664535bceedc680bbe6fd459f0733718dcc21dcf0efc7c8250fd1390c73d4790b42e62fb2c16a87242e5-primary.xml.zst
MacPorts95%

cosign

sudo port install cosign
  • normalized package name match
  • Matched by: Cosign
MacPorts ports tree · api.github.com · MacPorts ports tree: security/cosign/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
Scoop95%

main/cosign

scoop install main/cosign
  • normalized package name match
  • Matched by: Cosign
Scoop official bucket manifest trees · api.github.com · Scoop official bucket manifest trees: bucket/cosign.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1
winget95%

Sigstore.Cosign

winget install --id Sigstore.Cosign -e
  • normalized package name match
  • Matched by: Cosign
Windows Package Manager source index · cdn.winget.microsoft.com · Windows Package Manager source index: Sigstore.Cosign from https://cdn.winget.microsoft.com/cache/source.msix

软件包图谱

链接来自本地软件包关系图、补充数据、依赖边、生态匹配和软件包 hub 归属。

相关工具

  • goBuild dependency declared by Homebrew.

相同工作流

  • sigstoreShares av.db curated category or tags: cli, security, sigstore, software-supply-chain, supply-chain-security.
  • rekor-cliShares av.db curated category or tags: cli, security, sigstore, software-supply-chain, supply-chain-security.
  • gitsignShares av.db curated category or tags: cli, security, sigstore, software-supply-chain, supply-chain-security.
  • safetyShares av.db curated category or tags: cli, security, software-supply-chain, supply-chain-security.
  • poutineShares av.db curated category or tags: cli, security, software-supply-chain, supply-chain-security.
  • notationShares av.db curated category or tags: cli, security, software-supply-chain, supply-chain-security.

来源线索

由仓库数据生成

此页面由 av-webscripts/generate-pkg-sqlite.py 生成的私有软件包 SQLite 工件提供。

使用的来源

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment