Cosign Alternatives

Similar projects and alternatives to cosign

Poetry

1 417 34,278 9.1 Python cosign VS Poetry

Python packaging and dependency management made easy
SaaSHub

www.saashub.com featured

SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
speedtest

2 125 14,811 7.6 JavaScript cosign VS speedtest

Self-hosted Speed Test for HTML5 and more. Easy setup, examples, configurable, mobile friendly. Supports PHP, Node, Multiple servers, and more
trivy

3 120 36,314 9.7 Go cosign VS trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
OPA (Open Policy Agent)

4 118 11,843 9.8 Go cosign VS OPA (Open Policy Agent)

Open Policy Agent (OPA) is an open source, general-purpose policy engine.
argo-cd

5 102 23,123 9.9 Go cosign VS argo-cd

Declarative Continuous Deployment for Kubernetes
kubescape

6 79 11,474 9.4 Go cosign VS kubescape

Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.
checkov

7 72 8,782 9.4 Python cosign VS checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
grype

8 64 12,394 9.6 Go cosign VS grype

A vulnerability scanner for container images and filesystems
falco

9 55 9,036 9.3 C++ cosign VS falco

Cloud Native Runtime Security
Kyverno

10 51 7,827 9.9 Go cosign VS Kyverno

Unified Policy as Code
syft

11 42 9,091 9.7 Go cosign VS syft

CLI tool and library for generating a Software Bill of Materials from container images and filesystems
build-push-action

12 39 5,302 8.8 TypeScript cosign VS build-push-action

GitHub Action to build and push Docker images with Buildx
rekor

13 34 1,158 9.4 Go cosign VS rekor

Software Supply Chain Transparency Log
metadata-action

14 16 1,130 8.8 TypeScript cosign VS metadata-action

GitHub Action to extract metadata (tags, labels) from Git reference and GitHub events for Docker
notation

15 8 486 6.7 Go cosign VS notation

A CLI tool to sign and verify artifacts (by notaryproject)
login-action

16 13 1,434 8.6 TypeScript cosign VS login-action

GitHub Action to login against a Docker registry
cosign-installer

17 4 201 6.7 cosign VS cosign-installer

Cosign Github Action
in-toto-golang

18 0 150 6.5 Go cosign VS in-toto-golang

A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.
spire

19 6 2,390 9.7 Go cosign VS spire

The SPIFFE Runtime Environment
fulcio

20 6 851 9.4 Go cosign VS fulcio

Sigstore OIDC PKI

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better cosign alternative or higher similarity.

Suggest an alternative to cosign

cosign discussion

cosign reviews and mentions

Posts with mentions or reviews of cosign. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2026-03-20.

Evidence Stores for Supply Chain Security
7 projects | dev.to | 20 Mar 2026

Solutions like Cosign, in-toto and ShiftLeftCyber's SecureSBOM can be mentioned here.
Introduction to Gitless GitOps: A New OCI-Centric and Secure Architecture
9 projects | dev.to | 16 Apr 2025

Flux uses cosign
Top Terraform/OpenTofu tools to Use in 2025
24 projects | dev.to | 4 Feb 2025

Verifies downloads using cosign and PGP (via gopenpgp), ensuring the integrity and authenticity of tool binaries.
1minDocker #13 - Push, build and dockerize with GitHub Actions
7 projects | dev.to | 23 Jan 2025
10 Docker Security Best Practices
6 projects | dev.to | 8 Jan 2025

SigStore project, including its cosign tool, implements simple signing, storage, and verification of artifacts.
Reading the Ruby 3.4 NEWS with professionals (English translation)
17 projects | dev.to | 26 Dec 2024

RubyGems now supports sigstore.dev, which aims to improve the security of the software supply chain. Sigstore is a series of mechanisms that provide automated signing for the software supply chain. If you pass the file path to a Sigstore Bundle generated using cosign or sigstore-ruby to --attestation, you can upload the Gem signature to RubyGems.
Securing CI/CD Images with Cosign and OPA
4 projects | dev.to | 15 Nov 2023

Cosign: In this context, Cosign from the Sigstore project offers a compelling solution. Its simplicity, registry compatibility, and effective link between images and their signatures provide a user-friendly and versatile approach. The integration of Fulcio for certificate management and Rekor for secure logging enhances Cosign's appeal, making it particularly suitable for modern development environments that prioritize security and agility.
An Overview of Kubernetes Security Projects at KubeCon Europe 2023
17 projects | dev.to | 22 May 2023

sigstore is another suite of tools that focuses on attestation and provenance. Within the suite are two tools I heard mentioned a few times at KubeCon: Cosign and Rekor.
Spin 1.0 — The Developer Tool for Serverless WebAssembly
17 projects | dev.to | 28 Mar 2023

Since we can distribute Spin applications using popular registry services, we can also take advantage of ecosystem tools such as Sigstore and Cosign, which address the software supply chain issue by signing and verifying applications using Sigstore's new keyless signatures (using OIDC identity tokens from providers such as GitHub).
Iron Bank: Secure Registries, Secure Containers
3 projects | dev.to | 8 Feb 2023

Use distroless images (which contain only application and its runtime dependencies, and don't include package managers/shells or any other programs you would expect to find in a standard Linux distribution). All distroless images are signed by cosign.
A note from our sponsor - SaaSHub
www.saashub.com | 15 Jun 2026

SaaSHub helps you find the best software and product alternatives Learn more →

Stats

Basic cosign repo stats

Mentions

Stars

6,036

Activity

9.6

Last Commit

2 days ago

sigstore/cosign is an open source project licensed under Apache License 2.0 which is an OSI approved license.

The primary programming language of cosign is Go.

cosign

Cosign Alternatives

Similar projects and alternatives to cosign

Poetry

SaaSHub

speedtest

trivy

OPA (Open Policy Agent)

argo-cd

kubescape

checkov

grype

falco

Kyverno

syft

build-push-action

rekor

metadata-action

notation

cosign-installer

in-toto-golang

spire

fulcio

cosign discussion

cosign reviews and mentions

Stats

Popular Comparisons

Did you know that Go is
the 4th most popular programming language
based on number of references?

cosign

Cosign Alternatives

Similar projects and alternatives to cosign

cosign discussion

cosign reviews and mentions

Stats

Popular Comparisons

Did you know that Go is the 4th most popular programming language based on number of references?

Did you know that Go is
the 4th most popular programming language
based on number of references?