notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)Want a good monitor light? See my photosAll times are UTC		 Ukraine

Bot filter coming soon

To deter bots pegging the database CPU to 100%, a bot testing filter to be added to the website. This should not affect newsfeeds etc. Anubis seems light-weight - it is already in use within the FreeBSD Project. This notice is just a heads up in case you see something odd. This notice will be updated after Anubis is installed.

Port details
cosign Signing OCI containers and other artifacts using Sigstore
2.5.0 securitynew! on this many watch lists=0 search for ports that depend on this port Find issues related to this port Report an issue related to this port View this port on Repology. pkg-fallout Package not present on quarterly.This port was created during this quarter. It will be in the next quarterly branch but not the current one.
Maintainer: bofh@FreeBSD.org search for ports maintained by this maintainer
Port Added: 2025-05-04 18:49:45
Last Update: 2025-05-04 18:44:46
Commit Hash: e4a9ef0
License: APACHE20
WWW:
https://www.sigstore.dev/
Description:
Cosign aims to make signatures invisible infrastructure. Cosign supports: - "Keyless signing" with the Sigstore public good Fulcio certificate authority and Rekor transparency log (default) - Hardware and KMS signing - Signing with a cosign generated encrypted private/public keypair - Container Signing, Verification and Storage in an OCI registry. - Bring-your-own PKI
Homepage    cgit ¦ Codeberg ¦ GitHub ¦ GitLab ¦ SVNWeb - no subversion history for this port

Manual pages:
FreshPorts has no man page information for this port.
pkg-plist: as obtained via: make generate-plist
Expand this list (4 items)
Collapse this list.
  1. bin/cosign
  2. /usr/local/share/licenses/cosign-2.5.0/catalog.mk
  3. /usr/local/share/licenses/cosign-2.5.0/LICENSE
  4. /usr/local/share/licenses/cosign-2.5.0/APACHE20
Collapse this list.
Dependency lines:
  • cosign>0:security/cosign
To install the port:
cd /usr/ports/security/cosign/ && make install clean
To add the package, run one of these commands:
  • pkg install security/cosign
  • pkg install cosign
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.
PKGNAME: cosign
Flavors: there is no flavor information for this port.
distinfo:
TIMESTAMP = 1746276026 SHA256 (go/security_cosign/cosign-v2.5.0/v2.5.0.mod) = fc290766dd5324141caa63fed997ce4b975b0a5b9eb2345c43db315bd8969e4e SIZE (go/security_cosign/cosign-v2.5.0/v2.5.0.mod) = 14751

Expand this list (2 items)

Collapse this list.

SHA256 (go/security_cosign/cosign-v2.5.0/v2.5.0.zip) = 930d7c766f230d56063bc42a2a4cee77260e4fd5d79a6200c531e5e99b354b0c SIZE (go/security_cosign/cosign-v2.5.0/v2.5.0.zip) = 1260158

Collapse this list.

Packages (timestamps in pop-ups are UTC):
cosign
ABIaarch64amd64armv6armv7i386powerpcpowerpc64powerpc64le
FreeBSD:13:latest2.5.02.5.0-2.5.02.5.0---
FreeBSD:13:quarterly--------
FreeBSD:14:latest2.5.02.5.0-2.5.02.5.0---
FreeBSD:14:quarterly--------
FreeBSD:15:latest2.5.02.5.0n/a2.5.0n/a---
Dependencies
NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
Build dependencies:
  1. go123 : lang/go123
Fetch dependencies:
  1. go123 : lang/go123
  2. ca_root_nss>0 : security/ca_root_nss
There are no ports dependent upon this port
Configuration Options:
No options to configure
Options name:
security_cosign
USES:
cpe go:1.23,modules zip
FreshPorts was unable to extract/find any pkg message
Master Sites:
Expand this list (1 items)
Collapse this list.
  1. https://proxy.golang.org/github.com/sigstore/cosign/v2/@v/
Collapse this list.

Number of commits found: 1

Commit History - (may be incomplete: for full details, see links to repositories near top of page)
CommitCreditsLog message
2.5.0
04 May 2025 18:44:46
commit hash: e4a9ef0dd38bcab6535b4d6ad4bdc8c3f3abd389commit hash: e4a9ef0dd38bcab6535b4d6ad4bdc8c3f3abd389commit hash: e4a9ef0dd38bcab6535b4d6ad4bdc8c3f3abd389commit hash: e4a9ef0dd38bcab6535b4d6ad4bdc8c3f3abd389 files touched by this commit		 Muhammad Moinur Rahman (bofh) search for other commits by this committer 
security/cosign: New port

Signing OCI containers and other artifacts using Sigstore

Cosign aims to make signatures invisible infrastructure.

Cosign supports:
- "Keyless signing" with the Sigstore public good Fulcio certificate
   authority and Rekor transparency log (default)
- Hardware and KMS signing
- Signing with a cosign generated encrypted private/public keypair
- Container Signing, Verification and Storage in an OCI registry.
- Bring-your-own PKI

WWW: https://github.com/sigstore/cosign

Number of commits found: 1
Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD

This site
What is FreshPorts?
About the authors
Issues
FAQ
How big is it?
Security Policy
Privacy
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
openh264Jun 22
clamavJun 20
clamavJun 20
chromiumJun 19
ungoogled-chromiumJun 19
navidromeJun 18
chromiumJun 17
chromiumJun 17
firefoxJun 17
ungoogled-chromiumJun 17
ungoogled-chromiumJun 17
firefoxJun 15
firefox-esrJun 15
thunderbirdJun 15
webminJun 15

15 vulnerabilities affecting 243 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities

Last processed:
2025-06-22 20:51:37 UTC


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds

Statistics
Graphs
NEW Graphs (Javascript)

Calculated hourly:
Port count 33416
Broken 142
Deprecated 305
Ignore 258
Forbidden 0
Restricted 2
No CDROM 1
Vulnerable 31
Expired 51
Set to expire 247
Interactive 0
new 24 hours 34
new 48 hours34
new 7 days71
new fortnight123
new month176
Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD 		Valid HTML, CSS, and RSS. Copyright © 2000-2025 Dan Langille. All rights reserved.