notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Want a good monitor light? See my photosAll times are UTC		 Ukraine
The recently imposed "must be logged in" restriction is a response to increased bot traffic on the site. This affects search, commits, and vuxml pages.
Search engines are not blocked. Try using "site:www.freshports.org" and your search terms.
Port details
cosign Signing OCI containers and other artifacts using Sigstore
3.1.0 security on this many watch lists=0 search for ports that depend on this port Find issues related to this port Report an issue related to this port View this port on Repology. pkg-fallout 3.0.5_3Version of this port present on the latest quarterly branch.
Maintainer: bofh@FreeBSD.org search for ports maintained by this maintainer
Port Added: 2025-05-04 18:49:45
Last Update: 2026-06-07 16:48:54
Commit Hash: 01f0406
License: APACHE20
WWW:
https://www.sigstore.dev/
Description:
Cosign aims to make signatures invisible infrastructure. Cosign supports: - "Keyless signing" with the Sigstore public good Fulcio certificate authority and Rekor transparency log (default) - Hardware and KMS signing - Signing with a cosign generated encrypted private/public keypair - Container Signing, Verification and Storage in an OCI registry. - Bring-your-own PKI
Homepage    cgit ¦ Codeberg ¦ GitHub ¦ GitLab ¦ SVNWeb - no subversion history for this port

Manual pages:
FreshPorts has no man page information for this port.
pkg-plist: as obtained via: make generate-plist
Expand this list (4 items)
Collapse this list.
  1. bin/cosign
  2. /usr/local/share/licenses/cosign-3.1.0/catalog.mk
  3. /usr/local/share/licenses/cosign-3.1.0/LICENSE
  4. /usr/local/share/licenses/cosign-3.1.0/APACHE20
Collapse this list.
USE_RC_SUBR (Service Scripts)
  • no SUBR information found for this port
Dependency lines:
  • cosign>0:security/cosign
To install the port:
cd /usr/ports/security/cosign/ && make install clean
To add the package, run one of these commands:
  • pkg install security/cosign
  • pkg install cosign
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.
PKGNAME: cosign
Flavors: there is no flavor information for this port.
distinfo:
TIMESTAMP = 1780847937 SHA256 (go/security_cosign/cosign-v3.1.0/v3.1.0.mod) = 4055a3ceeb95f394352d99a98423fe5202968498ca84e95d3fc850f505099407 SIZE (go/security_cosign/cosign-v3.1.0/v3.1.0.mod) = 16197

Expand this list (2 items)

Collapse this list.

SHA256 (go/security_cosign/cosign-v3.1.0/v3.1.0.zip) = 68fc46dcd3263aab19625b5988999e9b062bee3a31dc7e26fbe6e3fb49e69e53 SIZE (go/security_cosign/cosign-v3.1.0/v3.1.0.zip) = 1353222

Collapse this list.

Packages (timestamps in pop-ups are UTC):
cosign
ABIaarch64amd64armv6armv7i386powerpcpowerpc64powerpc64le
FreeBSD:13:latest3.0.6_13.0.6_1-2.6.03.0.6_1n/an/an/a
FreeBSD:13:quarterly3.0.5_13.0.5_1-2.5.13.0.5_1n/an/an/a
FreeBSD:14:latest3.0.6_33.0.6_3-2.5.3_13.0.6_3---
FreeBSD:14:quarterly3.0.5_33.0.5_3-2.5.13.0.5_3---
FreeBSD:15:latest3.0.6_23.0.6_3n/a-n/an/a--
FreeBSD:15:quarterly3.0.5_33.0.5_3n/a-n/an/a--
FreeBSD:16:latest3.0.6_23.0.6_3n/a-n/an/a--
Dependencies
NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
Build dependencies:
  1. go125 : lang/go125
Fetch dependencies:
  1. go125 : lang/go125
There are no ports dependent upon this port
Configuration Options:
No options to configure
Options name:
security_cosign
USES:
cpe go:modules zip
FreshPorts was unable to extract/find any pkg message
Master Sites:
Expand this list (1 items)
Collapse this list.
  1. https://proxy.golang.org/github.com/sigstore/cosign/v3/@v/
Collapse this list.

Number of commits found: 29

Commit History - (may be incomplete: for full details, see links to repositories near top of page)
CommitCreditsLog message
3.1.0
07 Jun 2026 16:48:54
commit hash: 01f040612c3eb08e5d7d46b931088a3f20b00f36commit hash: 01f040612c3eb08e5d7d46b931088a3f20b00f36commit hash: 01f040612c3eb08e5d7d46b931088a3f20b00f36commit hash: 01f040612c3eb08e5d7d46b931088a3f20b00f36 files touched by this commit		 Muhammad Moinur Rahman (bofh) search for other commits by this committer 
security/cosign: Update version 3.0.6=>3.1.0

Changelog: https://github.com/sigstore/cosign/releases/tag/v3.1.0
3.0.6_3
03 Jun 2026 17:54:22
commit hash: dd8dc2a59ddc46a12ace1cc4f7a953de512853bdcommit hash: dd8dc2a59ddc46a12ace1cc4f7a953de512853bdcommit hash: dd8dc2a59ddc46a12ace1cc4f7a953de512853bdcommit hash: dd8dc2a59ddc46a12ace1cc4f7a953de512853bd files touched by this commit		 Dag-Erling Smørgrav (des) search for other commits by this committer 
various: Bump go ports for go-1.25.11 / go-1.26.4
3.0.6_2
09 May 2026 17:25:51
commit hash: 4e243a83f8d8d5cd511bba2b689931886b3a57cecommit hash: 4e243a83f8d8d5cd511bba2b689931886b3a57cecommit hash: 4e243a83f8d8d5cd511bba2b689931886b3a57cecommit hash: 4e243a83f8d8d5cd511bba2b689931886b3a57ce files touched by this commit		 Adam Weinberger (adamw) search for other commits by this committer 
various: Bump ports for Go 1.25.10
3.0.6_1
10 Apr 2026 15:57:27
commit hash: 7507e72a845b5c83e1ad035bd54b1c35482fb86acommit hash: 7507e72a845b5c83e1ad035bd54b1c35482fb86acommit hash: 7507e72a845b5c83e1ad035bd54b1c35482fb86acommit hash: 7507e72a845b5c83e1ad035bd54b1c35482fb86a files touched by this commit		 Dag-Erling Smørgrav (des) search for other commits by this committer 
various: Bump go ports for go-1.25.9 / 1.26.2
3.0.6
07 Apr 2026 11:04:21
commit hash: 1b617f298a8ddfbc5f2be0fa3b88c0874049f7afcommit hash: 1b617f298a8ddfbc5f2be0fa3b88c0874049f7afcommit hash: 1b617f298a8ddfbc5f2be0fa3b88c0874049f7afcommit hash: 1b617f298a8ddfbc5f2be0fa3b88c0874049f7af files touched by this commit		 Muhammad Moinur Rahman (bofh) search for other commits by this committer 
security/cosign: Update version 3.0.5=>3.0.6

Changelog: https://github.com/sigstore/cosign/releases/tag/v3.0.6
3.0.5
20 Mar 2026 12:39:34
commit hash: 2e1d2f3133a3def13b19b87fb25245322cf24c0bcommit hash: 2e1d2f3133a3def13b19b87fb25245322cf24c0bcommit hash: 2e1d2f3133a3def13b19b87fb25245322cf24c0bcommit hash: 2e1d2f3133a3def13b19b87fb25245322cf24c0b files touched by this commit		 Muhammad Moinur Rahman (bofh) search for other commits by this committer 
security/cosign: Update version 3.0.4=>3.0.5

Changelog: https://github.com/sigstore/cosign/releases/tag/v3.0.5
3.0.4
15 Mar 2026 11:28:04
commit hash: c8d51bba6f116640aeaecefb10ed6fec04fa39becommit hash: c8d51bba6f116640aeaecefb10ed6fec04fa39becommit hash: c8d51bba6f116640aeaecefb10ed6fec04fa39becommit hash: c8d51bba6f116640aeaecefb10ed6fec04fa39be files touched by this commit		 Muhammad Moinur Rahman (bofh) search for other commits by this committer 
security/cosign: Update version 3.0.3=>3.0.4

Changelog: https://github.com/sigstore/cosign/releases/tag/v3.0.4
3.0.3
14 Mar 2026 19:00:34
commit hash: 17a8535d54b5d64a447c620e5f23ec7581160a1ecommit hash: 17a8535d54b5d64a447c620e5f23ec7581160a1ecommit hash: 17a8535d54b5d64a447c620e5f23ec7581160a1ecommit hash: 17a8535d54b5d64a447c620e5f23ec7581160a1e files touched by this commit		 Muhammad Moinur Rahman (bofh) search for other commits by this committer 
security/cosign: Update version 3.0.2=>3.0.3

Changelog: https://github.com/sigstore/cosign/releases/tag/v3.0.3
3.0.2_1
06 Mar 2026 03:33:23
commit hash: a8d318da7c159b84ddff6a525e2e39800ab3f795commit hash: a8d318da7c159b84ddff6a525e2e39800ab3f795commit hash: a8d318da7c159b84ddff6a525e2e39800ab3f795commit hash: a8d318da7c159b84ddff6a525e2e39800ab3f795 files touched by this commit		 Adam Weinberger (adamw) search for other commits by this committer 
various: Bump ports for Go 1.25.8
3.0.2
03 Mar 2026 14:44:00
commit hash: 348279850e3a2592617d40542a05ec0f11b76865commit hash: 348279850e3a2592617d40542a05ec0f11b76865commit hash: 348279850e3a2592617d40542a05ec0f11b76865commit hash: 348279850e3a2592617d40542a05ec0f11b76865 files touched by this commit		 Muhammad Moinur Rahman (bofh) search for other commits by this committer 
security/cosign: Update version 3.0.1=>3.0.2

Changelog: https://github.com/sigstore/cosign/releases/tag/v3.0.2
3.0.1
23 Feb 2026 11:14:03
commit hash: 9dc625dcb93ef148757182eed8ed52655bba7cd0commit hash: 9dc625dcb93ef148757182eed8ed52655bba7cd0commit hash: 9dc625dcb93ef148757182eed8ed52655bba7cd0commit hash: 9dc625dcb93ef148757182eed8ed52655bba7cd0 files touched by this commit		 Muhammad Moinur Rahman (bofh) search for other commits by this committer 
security/cosign: Update version 3.0.0=>3.0.1

Changelog: https://github.com/sigstore/cosign/releases/tag/v3.0.1
3.0.0
22 Feb 2026 12:22:14
commit hash: 9bfdd808a3b30a36c157e0d9f45643d0d4fe9213commit hash: 9bfdd808a3b30a36c157e0d9f45643d0d4fe9213commit hash: 9bfdd808a3b30a36c157e0d9f45643d0d4fe9213commit hash: 9bfdd808a3b30a36c157e0d9f45643d0d4fe9213 files touched by this commit		 Muhammad Moinur Rahman (bofh) search for other commits by this committer 
security/cosign: Update version 2.6.2=>3.0.0

Changelog: https://github.com/sigstore/cosign/releases/tag/v3.0.0
2.6.2_3
11 Feb 2026 19:21:45
commit hash: 97685c188649d678a8a0e5fde3e8ecb842bf9422commit hash: 97685c188649d678a8a0e5fde3e8ecb842bf9422commit hash: 97685c188649d678a8a0e5fde3e8ecb842bf9422commit hash: 97685c188649d678a8a0e5fde3e8ecb842bf9422 files touched by this commit		 Adam Weinberger (adamw) search for other commits by this committer 
various: Bump ports for Go default 1.24->1.25
2.6.2_2
05 Feb 2026 16:48:00
commit hash: 529df949a5b00103a138f1defddc73ef64750f2fcommit hash: 529df949a5b00103a138f1defddc73ef64750f2fcommit hash: 529df949a5b00103a138f1defddc73ef64750f2fcommit hash: 529df949a5b00103a138f1defddc73ef64750f2f files touched by this commit		 Adam Weinberger (adamw) search for other commits by this committer 
various: Bump Go ports for 1.24.13
2.6.2_1
16 Jan 2026 17:49:03
commit hash: 013f2d30b04bfe9e8d278b7bfad96a64b72c36dacommit hash: 013f2d30b04bfe9e8d278b7bfad96a64b72c36dacommit hash: 013f2d30b04bfe9e8d278b7bfad96a64b72c36dacommit hash: 013f2d30b04bfe9e8d278b7bfad96a64b72c36da files touched by this commit		 Adam Weinberger (adamw) search for other commits by this committer 
various: Bump Go ports for 1.24.12
2.6.2
14 Jan 2026 19:52:14
commit hash: 025a603c112ce55f3cf49d37a43597b9554575e8commit hash: 025a603c112ce55f3cf49d37a43597b9554575e8commit hash: 025a603c112ce55f3cf49d37a43597b9554575e8commit hash: 025a603c112ce55f3cf49d37a43597b9554575e8 files touched by this commit		 Muhammad Moinur Rahman (bofh) search for other commits by this committer 
security/cosign: Update version 2.6.1=>2.6.2

Changelog: https://github.com/sigstore/cosign/releases/tag/v2.6.2
2.6.1_4
03 Dec 2025 18:24:45
commit hash: b24429e3ede02a855f8e7ecb3564af0287306483commit hash: b24429e3ede02a855f8e7ecb3564af0287306483commit hash: b24429e3ede02a855f8e7ecb3564af0287306483commit hash: b24429e3ede02a855f8e7ecb3564af0287306483 files touched by this commit		 Adam Weinberger (adamw) search for other commits by this committer 
various: Bump Go ports for 1.24.11
2.6.1_3
06 Nov 2025 17:03:19
commit hash: 0dfced16fb0f78e71c42a767df8b6f394a185d6ccommit hash: 0dfced16fb0f78e71c42a767df8b6f394a185d6ccommit hash: 0dfced16fb0f78e71c42a767df8b6f394a185d6ccommit hash: 0dfced16fb0f78e71c42a767df8b6f394a185d6c files touched by this commit		 Adam Weinberger (adamw) search for other commits by this committer 
various: Bump Go ports for 1.24.10
2.6.1_2
14 Oct 2025 15:13:55
commit hash: 90f976619bf883b36d921c6ab89ffc5ff156b391commit hash: 90f976619bf883b36d921c6ab89ffc5ff156b391commit hash: 90f976619bf883b36d921c6ab89ffc5ff156b391commit hash: 90f976619bf883b36d921c6ab89ffc5ff156b391 files touched by this commit		 Adam Weinberger (adamw) search for other commits by this committer 
various: Bump go ports for go-1.24.9
2.6.1_1
08 Oct 2025 00:41:39
commit hash: 2e7587aaf8e7f893fd2025d55f66de088427b180commit hash: 2e7587aaf8e7f893fd2025d55f66de088427b180commit hash: 2e7587aaf8e7f893fd2025d55f66de088427b180commit hash: 2e7587aaf8e7f893fd2025d55f66de088427b180 files touched by this commit		 Adam Weinberger (adamw) search for other commits by this committer 
many: Bump dependent ports after go124 update
2.6.1
04 Oct 2025 11:59:18
commit hash: 8878d4e0bc9f1f6bcf1fd40ebd6c22bc782f2f1fcommit hash: 8878d4e0bc9f1f6bcf1fd40ebd6c22bc782f2f1fcommit hash: 8878d4e0bc9f1f6bcf1fd40ebd6c22bc782f2f1fcommit hash: 8878d4e0bc9f1f6bcf1fd40ebd6c22bc782f2f1f files touched by this commit		 Muhammad Moinur Rahman (bofh) search for other commits by this committer 
security/cosign: Update version 2.6.0=>2.6.1

Changelog: https://github.com/sigstore/cosign/releases/tag/v2.6.1
2.6.0
13 Sep 2025 21:03:18
commit hash: 5a35c1f026e42e09f3a663e0acae75215706a765commit hash: 5a35c1f026e42e09f3a663e0acae75215706a765commit hash: 5a35c1f026e42e09f3a663e0acae75215706a765commit hash: 5a35c1f026e42e09f3a663e0acae75215706a765 files touched by this commit		 Muhammad Moinur Rahman (bofh) search for other commits by this committer 
security/cosign: Update version 2.5.3=>2.6.0

Changelog: https://github.com/sigstore/cosign/releases/tag/v2.6.0
2.5.3_2
04 Sep 2025 17:53:24
commit hash: 31a5a229a778dc5f458cb8887954f192d846e0e3commit hash: 31a5a229a778dc5f458cb8887954f192d846e0e3commit hash: 31a5a229a778dc5f458cb8887954f192d846e0e3commit hash: 31a5a229a778dc5f458cb8887954f192d846e0e3 files touched by this commit		 Adam Weinberger (adamw) search for other commits by this committer 
many: Bump go ports for go-1.24.7
2.5.3_1
07 Aug 2025 00:02:46
commit hash: 53610681ea46b375186fc68723dcc335051ef9b4commit hash: 53610681ea46b375186fc68723dcc335051ef9b4commit hash: 53610681ea46b375186fc68723dcc335051ef9b4commit hash: 53610681ea46b375186fc68723dcc335051ef9b4 files touched by this commit		 Adam Weinberger (adamw) search for other commits by this committer 
go ports: Bump for 1.24.6
2.5.3
18 Jul 2025 21:35:10
commit hash: 1be8799a621231ef4e72c0c15fd5c399ac05fe6dcommit hash: 1be8799a621231ef4e72c0c15fd5c399ac05fe6dcommit hash: 1be8799a621231ef4e72c0c15fd5c399ac05fe6dcommit hash: 1be8799a621231ef4e72c0c15fd5c399ac05fe6d files touched by this commit		 Muhammad Moinur Rahman (bofh) search for other commits by this committer 
security/cosign: Update version 2.5.2=>2.5.3

Changelog: https://github.com/sigstore/cosign/releases/tag/v2.5.3
2.5.2_1
09 Jul 2025 16:11:00
commit hash: 275975297bc1002e96f88f503cf18dea17df847ecommit hash: 275975297bc1002e96f88f503cf18dea17df847ecommit hash: 275975297bc1002e96f88f503cf18dea17df847ecommit hash: 275975297bc1002e96f88f503cf18dea17df847e files touched by this commit		 Adam Weinberger (adamw) search for other commits by this committer 
many: Bump PORTREVISION for go-1.24.5 update
2.5.2
02 Jul 2025 16:29:33
commit hash: 1689e3eb1cfd498da66863d5aa518168a66a63bbcommit hash: 1689e3eb1cfd498da66863d5aa518168a66a63bbcommit hash: 1689e3eb1cfd498da66863d5aa518168a66a63bbcommit hash: 1689e3eb1cfd498da66863d5aa518168a66a63bb files touched by this commit		 Muhammad Moinur Rahman (bofh) search for other commits by this committer 
security/cosign: Update version 2.5.1=>2.5.2

Changelog: https://github.com/sigstore/cosign/releases/tag/v2.5.2
2.5.1
30 Jun 2025 16:11:12
commit hash: ee522035c078de598f383ccc719d74ec15b19772commit hash: ee522035c078de598f383ccc719d74ec15b19772commit hash: ee522035c078de598f383ccc719d74ec15b19772commit hash: ee522035c078de598f383ccc719d74ec15b19772 files touched by this commit		 Muhammad Moinur Rahman (bofh) search for other commits by this committer 
security/cosign: Update version 2.5.0=>2.5.1

Changelog: https://github.com/sigstore/cosign/releases/tag/v2.5.1
2.5.0
04 May 2025 18:44:46
commit hash: e4a9ef0dd38bcab6535b4d6ad4bdc8c3f3abd389commit hash: e4a9ef0dd38bcab6535b4d6ad4bdc8c3f3abd389commit hash: e4a9ef0dd38bcab6535b4d6ad4bdc8c3f3abd389commit hash: e4a9ef0dd38bcab6535b4d6ad4bdc8c3f3abd389 files touched by this commit		 Muhammad Moinur Rahman (bofh) search for other commits by this committer 
security/cosign: New port

Signing OCI containers and other artifacts using Sigstore

Cosign aims to make signatures invisible infrastructure.

Cosign supports:
- "Keyless signing" with the Sigstore public good Fulcio certificate
   authority and Rekor transparency log (default)
- Hardware and KMS signing
- Signing with a cosign generated encrypted private/public keypair
- Container Signing, Verification and Storage in an OCI registry.
- Bring-your-own PKI

WWW: https://github.com/sigstore/cosign

Number of commits found: 29
Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD

This site
What is FreshPorts?
About the authors
Issues
FAQ
How big is it?
Security Policy
Privacy
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
mariadb1011-server*Jun 30
mariadb106-server*Jun 30
mariadb114-server*Jun 30
mariadb118-server*Jun 30
weechatJun 07
weechatJun 07
gitlabJun 06
apache24Jun 04
powerdnsJun 04
xorg-serverJun 01
xwaylandJun 01
chromiumMay 30
ungoogled-chromiumMay 30
gohugoMay 29
erlangMay 28

26 vulnerabilities affecting 291 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities

Last processed:
2026-06-07 09:04:06 UTC


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds

Statistics
Graphs
NEW Graphs (Javascript)

Calculated hourly:
Port count 34564
Broken 101
Deprecated 318
Ignore 215
Forbidden 0
Restricted 1
No CDROM 1
Vulnerable 40
Expired 15
Set to expire 251
Interactive 0
new 24 hours 2
new 48 hours5
new 7 days21
new fortnight74
new month139
Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD 		Valid HTML, CSS, and RSS. Copyright © 2000-2026 Dan Langille. All rights reserved.