Identify the expected signing identity (e.g., a GitHub Actions workflow ref or service account email) and its OIDC issuer URL
Run cosign verify with the certificate-identity and certificate-oidc-issuer flags set to the expected values against the image digest
Confirm cosign retrieves the signature, validates the Fulcio certificate chain, and checks the Rekor log entry
Assert the command exits zero before allowing the image to be deployed or promoted
Integrate this verification step as a required gate in your deployment pipeline or admission controller
Log the verified identity and digest for audit purposes
Known gotchas
Using certificate-identity-regexp instead of exact certificate-identity can introduce overly broad matches; prefer exact matching in production policies
Verification requires network access to the Rekor and Fulcio endpoints unless an offline bundle is provided; air-gapped environments need alternative trust anchors
Verifying a tag rather than a digest allows TOCTOU race conditions; always pin to the digest returned at verification time
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp