notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Want a good monitor light? See my photosAll times are UTC		 Ukraine
The recently imposed "must be logged in" restriction is a response to increased bot traffic on the site. This affects search, commits, and vuxml pages.
Search engines are not blocked. Try using "site:www.freshports.org" and your search terms.
Port details on branch 2026Q1
cosign Signing OCI containers and other artifacts using Sigstore
2.6.1_7 security on this many watch lists=0 search for ports that depend on this port Find issues related to this port Report an issue related to this port View this port on Repology. pkg-fallout 3.0.5_3Version of this port present on the latest quarterly branch.
Maintainer: bofh@FreeBSD.org search for ports maintained by this maintainer
Port Added: 2026-01-25 01:42:26
Last Update: 2026-03-06 03:52:43
Commit Hash: ef8f442
License: APACHE20
WWW:
https://www.sigstore.dev/
Description:
Cosign aims to make signatures invisible infrastructure. Cosign supports: - "Keyless signing" with the Sigstore public good Fulcio certificate authority and Rekor transparency log (default) - Hardware and KMS signing - Signing with a cosign generated encrypted private/public keypair - Container Signing, Verification and Storage in an OCI registry. - Bring-your-own PKI
Homepage    cgit ¦ Codeberg ¦ GitHub ¦ GitLab ¦ SVNWeb - no subversion history for this port

Manual pages:
FreshPorts has no man page information for this port.
pkg-plist: as obtained via: make generate-plist
Expand this list (4 items)
Collapse this list.
  1. bin/cosign
  2. /usr/local/share/licenses/cosign-2.6.1_7/catalog.mk
  3. /usr/local/share/licenses/cosign-2.6.1_7/LICENSE
  4. /usr/local/share/licenses/cosign-2.6.1_7/APACHE20
Collapse this list.
USE_RC_SUBR (Service Scripts)
  • no SUBR information found for this port
Dependency lines:
  • cosign>0:security/cosign
To install the port:
cd /usr/ports/security/cosign/ && make install clean
To add the package, run one of these commands:
  • pkg install security/cosign
  • pkg install cosign
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.
PKGNAME: cosign
Flavors: there is no flavor information for this port.
distinfo:
TIMESTAMP = 1759523978 SHA256 (go/security_cosign/cosign-v2.6.1/v2.6.1.mod) = 4d6e9e11c0efec4ed8d03058cd1b73a0f9a830b804fb59a42890e6ea7f91fea8 SIZE (go/security_cosign/cosign-v2.6.1/v2.6.1.mod) = 17701

Expand this list (2 items)

Collapse this list.

SHA256 (go/security_cosign/cosign-v2.6.1/v2.6.1.zip) = 8821408a71dba7b6ed4b94cac23b8e0679a9d23419d83a3e4b303796d920c6d3 SIZE (go/security_cosign/cosign-v2.6.1/v2.6.1.zip) = 1367164

Collapse this list.

Packages (timestamps in pop-ups are UTC):
cosign
ABIaarch64amd64armv6armv7i386powerpcpowerpc64powerpc64le
FreeBSD:13:latest3.0.6_13.0.6_1-2.6.03.0.6_1n/an/an/a
FreeBSD:13:quarterly3.0.5_13.0.5_1-2.5.13.0.5_1n/an/an/a
FreeBSD:14:latest3.1.03.1.1-2.5.3_13.1.1---
FreeBSD:14:quarterly3.0.5_33.0.5_3-2.5.13.0.5_3---
FreeBSD:15:latest3.1.13.1.1n/a-n/an/a--
FreeBSD:15:quarterly3.0.5_33.0.5_3n/a-n/an/a--
FreeBSD:16:latest3.1.13.1.1n/a-n/an/a--
Dependencies
NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
Build dependencies:
  1. go124 : lang/go124
Fetch dependencies:
  1. go124 : lang/go124
There are no ports dependent upon this port
Configuration Options:
No options to configure
Options name:
security_cosign
USES:
cpe go:modules zip
FreshPorts was unable to extract/find any pkg message
Master Sites:
Expand this list (1 items)
Collapse this list.
  1. https://proxy.golang.org/github.com/sigstore/cosign/v2/@v/
Collapse this list.

Number of commits found: 3

Commit History - (may be incomplete: for full details, see links to repositories near top of page)
CommitCreditsLog message
2.6.1_7
06 Mar 2026 03:52:43
commit hash: ef8f442a3f6b40cbf3668a21fe541ebe8c8a07c9commit hash: ef8f442a3f6b40cbf3668a21fe541ebe8c8a07c9commit hash: ef8f442a3f6b40cbf3668a21fe541ebe8c8a07c9commit hash: ef8f442a3f6b40cbf3668a21fe541ebe8c8a07c9 files touched by this commit		 Adam Weinberger (adamw) search for other commits by this committer 
various: Bump ports for Go 1.25.8

This is a direct commit to 2026Q1.
2.6.1_6
05 Feb 2026 18:02:36
commit hash: 010c6554e1ed5ef4312705d922e942eb4b0edc1dcommit hash: 010c6554e1ed5ef4312705d922e942eb4b0edc1dcommit hash: 010c6554e1ed5ef4312705d922e942eb4b0edc1dcommit hash: 010c6554e1ed5ef4312705d922e942eb4b0edc1d files touched by this commit		 Adam Weinberger (adamw) search for other commits by this committer 
various: Bump Go ports for 1.24.13

This is a direct commit to 2026Q1.
2.6.1_5
25 Jan 2026 01:35:05
commit hash: ca7bf6089bffdf18221d51adecc35589d666a2a9commit hash: ca7bf6089bffdf18221d51adecc35589d666a2a9commit hash: ca7bf6089bffdf18221d51adecc35589d666a2a9commit hash: ca7bf6089bffdf18221d51adecc35589d666a2a9 files touched by this commit		 Adam Weinberger (adamw) search for other commits by this committer 
various: Bump dependent ports for Go 1.24.12.

This is a direct commit to 2026Q1.

Number of commits found: 3
Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD

This site
What is FreshPorts?
About the authors
Issues
FAQ
How big is it?
Security Policy
Privacy
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
python310*Jun 19
python310*Jun 19
python310*Jun 19
python310*Jun 19
python311*Jun 19
python311*Jun 19
python311*Jun 19
python311*Jun 19
python312*Jun 19
python312*Jun 19
python312*Jun 19
python312*Jun 19
python313*Jun 19
python313*Jun 19
python313*Jun 19

39 vulnerabilities affecting 421 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities

Last processed:
2026-06-21 13:04:26 UTC


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds

Statistics
Graphs
NEW Graphs (Javascript)

Calculated hourly:
Port count 34591
Broken 78
Deprecated 324
Ignore 194
Forbidden 0
Restricted 1
No CDROM 1
Vulnerable 41
Expired 14
Set to expire 251
Interactive 0
new 24 hours 0
new 48 hours5
new 7 days36
new fortnight57
new month142
Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD 		Valid HTML, CSS, and RSS. Copyright © 2000-2026 Dan Langille. All rights reserved.