Skillquality 0.45

Sigstore Cosign Verification Pipeline

Verifies container image signatures and SBOMs using Sigstore Cosign and Rekor transparency log. Enforces supply chain security policies by validating keyless signatures against Fulcio certificate authorities.

Price

free

Protocol

skill

Verified

Endpoint

https://skills.sh/agentskillexchange/skills/sigstore-cosign-verification-pipeline

What it does

Sigstore Cosign Verification Pipeline

Installation

Use the upstream install or setup path that matches your environment:

$ git clone https://github.com/sigstore/cosign
$ go install ./cmd/cosign
$ docker push $IMAGE_URI

Requirements and caveats from upstream:

{"Critical":{"Identity":{"docker-reference":""},"Image":{"Docker-manifest-digest":"sha256:87ef60f558bad79beea6425a3b28989f01dd417164150ab3baab98dcbf04def8"},"Type":"cosign container image signature"},"Optional":null}
Note: Most verification workflows require periodically requesting service keys from a TUF repository.
Verification fails with failed to verify timestamps: threshold not met for verified log entry integrated timestamps: 0 < 1: You may be verifying a signature that requires RFC3161 timestamp support

Basic usage or getting-started notes:

For Homebrew, Arch, Nix, GitHub Action, and Kubernetes installs see the installation docs.
For Linux and macOS binaries see the GitHub release assets.
:rotating_light: If you are downloading releases of cosign from our GCS bucket - please see more information on the July 31, 2023 deprecation notice :ro...
Source: https://github.com/sigstore/cosign
Extracted from upstream docs: https://raw.githubusercontent.com/sigstore/cosign/HEAD/README.md

Source

Agent Skill Exchange

Capabilities

skillsource-agentskillexchangeskill-sigstore-cosign-verification-pipelinetopic-agent-skillstopic-ai-agentstopic-ai-toolstopic-awesome-listtopic-claude-codetopic-codextopic-cursortopic-llmtopic-mcptopic-npx-skillstopic-openclawtopic-skills-catalog

Install

Installnpx skills add agentskillexchange/skills

Sourcehttps://github.com/agentskillexchange/skills/tree/main/skills/sigstore-cosign-verification-pipeline

skills.shhttps://skills.sh/agentskillexchange/skills/sigstore-cosign-verification-pipeline

Transportskills-sh

Protocolskill

Quality

0.45/ 1.00

deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (1,801 chars)

Provenance

Indexed fromgithub

Enriched2026-05-18 19:12:29Z · deterministic:skill-github:v1 · v1

First seen2026-05-18

Last seen2026-05-18

Agent access

JSONhttps://clawmart.sh/api/listings/UVKVM9