TECH_COMPARISON
Cosign vs Notary: Container Image Signing Comparison
Compare Cosign (Sigstore) and Notary on image signing workflow, key management, verification, registry integration, and supply chain security.
Overview
Cosign (part of the Sigstore project) and Notary are both tools for signing container images to establish supply chain integrity. Cosign has rapidly become the dominant standard due to its keyless signing workflow, transparency log integration, and broad adoption by major registries and Kubernetes tools. Notary v2 (part of the CNCF Notary project) is the successor to Notary v1 (Docker Content Trust), addressing the limitations of the original implementation.
Key Technical Differences
Cosign's keyless signing workflow is its most compelling feature. Using Sigstore's Fulcio certificate authority, cosign binds a signing certificate to an OIDC identity (GitHub Actions workflow, Google service account, etc.) rather than a long-lived private key. This eliminates key management overhead — the signature is tied to the identity that created it, and every signature is recorded in Rekor, Sigstore's immutable transparency log.
The transparency log is security-critical: if an attacker compromises a signing key, they cannot retroactively remove or alter existing signatures in Rekor. Verifiers can detect anomalies by comparing expected and actual signing identities in the transparency log. Notary has no equivalent transparency mechanism in its default configuration.
Cosign stores signatures as OCI artifacts (using the OCI image spec referrers API) in the same registry as the signed image, with no additional infrastructure required. Notary v1 required registry-side changes to support Docker Content Trust; Notary v2 adopts the OCI referrers model similar to Cosign, improving compatibility.
For Kubernetes enforcement, Cosign Policy Controller (maintained by the Sigstore project) provides admission webhook-based signature verification. Ratify is the equivalent for Notary v2 in Kubernetes, implemented as an external data provider for OPA Gatekeeper.
Performance & Scale
Both tools add milliseconds to image push and verification workflows. The bottleneck is typically registry latency and key/certificate operations, not the signing tools themselves.
When to Choose Each
Choose Cosign for new supply chain security implementations. Its keyless workflow, Rekor transparency, SBOM attestation, and Kubernetes Policy Controller make it the most complete solution for modern container supply chain security.
Choose Notary v2 if your organization is committed to the CNCF Notary project, has existing Notary v1 infrastructure to migrate, or if registry partners specifically support Notary v2.
Bottom Line
Cosign is the de facto standard for container image signing in 2025. Its Sigstore ecosystem, keyless signing, and transparency log address the core problems of previous image signing approaches. Notary v2 is a viable alternative but has not matched Cosign's adoption pace.
GO DEEPER
Master this topic in our 12-week cohort
Our Advanced System Design cohort covers this and 11 other deep-dive topics with live sessions, assignments, and expert feedback.