sigstore-cosign-mcp

Sigstore cosign + rekor transparency log verification for signed container images + git tags + b...

90/100 A+ · ranked #76 of 339 MEOK MCPs · v1.0.3 · 5 tools

Is sigstore-cosign-mcp production-ready?

sigstore-cosign-mcp scores 90/100 on the proofof.ai 100-point rubric — flagship-grade (top tier). That is above the fleet average of 85. Install: pip install sigstore-cosign-mcp.

How does sigstore-cosign-mcp score across the 10 categories?

Category	Score
README	10/10
Tool design	10/10
Examples	10/10
Tests + CI	10/10
Transports	5/10
Metadata	10/10
Reliability	8/10
Security	10/10
Docs surface	7/10
Provenance/Revenue	10/10

What can sigstore-cosign-mcp do?

Framework: fastmcp · transport: stdio. Tools: verify_image_signature, query_rekor_log, verify_attestation, check_keyless_identity, list_trusted_certs.

How to install sigstore-cosign-mcp

pip install sigstore-cosign-mcp

MCP client config: add {"command":"uvx","args":["sigstore-cosign-mcp"]} under mcpServers.

sigstore-cosign-mcp

Is sigstore-cosign-mcp production-ready?

How does sigstore-cosign-mcp score across the 10 categories?

What can sigstore-cosign-mcp do?

How to install sigstore-cosign-mcp

Links