Authenticate to the container registry where the image is stored using standard registry credential mechanisms such as docker login or a workload identity credential
Run 'cosign sign --yes <image>@<digest>' referencing the image by its immutable digest rather than a mutable tag to ensure the signature is tied to the exact image content
Confirm that cosign obtains an OIDC token from the ambient identity provider, requests a certificate from Fulcio, and records the signature to Rekor
Verify the signature was pushed to the registry as an OCI referrer by running 'cosign verify <image>@<digest> --certificate-identity <identity> --certificate-oidc-issuer <issuer>'
Ensure downstream consumers reference images by digest when verifying, as tag-based references are mutable and may point to a different image than what was signed
Known gotchas
Signing by tag rather than by digest is unsafe; if the tag is updated to point to a new image, the existing signature becomes orphaned and verification will fail for the new image content
The '--yes' flag suppresses the interactive confirmation prompt, which is required in non-interactive CI environments; without it the command waits for user input and times out
Registries that do not support the OCI Referrers API may store cosign signatures in a separate tag derived from the image digest; ensure your registry supports OCI referrers or the legacy tag-based storage cosign falls back to
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp