Add `id-token: write` permission to the GitHub Actions job so it can obtain an OIDC token from GitHub's token endpoint
Install cosign in the workflow step (use the `sigstore/cosign-installer` action or download the binary directly)
Build and push your container image to the registry; capture the image digest (not just the tag) — digest-based references are required for signing
Run `cosign sign --yes <image>@<digest>` — cosign requests a short-lived certificate from Fulcio using the OIDC token and records the signature in the Rekor transparency log
Distribute the image by digest and advise consumers to verify with `cosign verify --certificate-identity-regexp <expected-identity> --certificate-oidc-issuer https://token.actions.githubusercontent.com <image>@<digest>`
Optionally attach a Software Bill of Materials (SBOM) as a cosign attestation with `cosign attest --predicate sbom.json --type spdxjson <image>@<digest>`
Known gotchas
Signing by tag is unreliable because tags are mutable — always sign and verify by digest to ensure you are attesting to a specific immutable image layer set
The Rekor transparency log entry is public and permanent — it records the workflow identity and image digest; do not sign images containing secrets or private information
cosign keyless signing requires outbound HTTPS to Fulcio and Rekor endpoints; corporate proxies or restrictive egress policies will cause signing to fail silently or with TLS errors
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp