depscope
Packages
IntegrateAPI DocsCuratorBenchmarkCoverage
Sign inGet API access
depscope/go/github.com/sigstore/cosign/v2

github.com/sigstore/cosign/v2

govv2.6.3

Code signing and transparency for containers and binaries

License Apache-2.0permissive27 versions248 maintainers0 deps5,859 weekly dl
sigstore/cosign/v2
78
/ 100
Health
safe to use

github.com/sigstore/cosign/[email protected] is safe to use (health: 78/100)

Update to >= 3.0.5 to fix known vulnerabilities

Health breakdown0 – 100
25/25
maintenance
6/20
popularity
25/25
security
12/15
maturity
10/15
community
Vulnerabilities
2
2 low
Advisories (2)
SeverityIDSummaryFixed in
unknownBIT-cosign-2026-22703Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign3.0.4
unknownBIT-cosign-2026-24122Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign3.0.5

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/go/github.com/sigstore/cosign/v2

Last updated · 2026-04-06T21:25:20Z

DepScope

Package intelligence for AI agents. 19 ecosystems.

Resources
API DocumentationHallucination BenchmarkFor EnterpriseSwagger / OpenAPIPopular PackagesCoverageAI Plugin SetupWatch the pitch (60s)
Legal
Legal hubPrivacy PolicyTerms of ServiceCookie PolicyAcceptable UseAttributionDPASub-processorsSecurityImprintContact中文
© 2026 Cuttalo srl — Italy · VAT IT03242390734Built for AI agents