Skip to content

Cosign: verify tracee signature


Before you begin, ensure that you have the following installed:

Verify tracee signature

Tracee images are signed with cosign keyless. To verify the signature we can run the command:

cosign verify aquasec/tracee:tag-name  --certificate-oidc-issuer --certificate-identity-regexp | jq

Note that all of the tag-names can be found on the Tracee Docker Hub Registry.

The output should look similar to the following: Tracee Signature Scanning