What Is cosign verify?
cosign verify is the verification operation of Cosign, the Sigstore signing tool, used to confirm that a container image or artifact carries a valid signature from an expected identity. It checks the signature, the certificate identity, and optionally the transparency-log entry before allowing the artifact to proceed. A failed verification stops a deploy.
Why it matters
Signing only adds value if something actually verifies before trusting the artifact. Running cosign verify as a gate in CI or at admission time ensures only images from the expected workflow identity are deployed. Pinning the expected identity is essential; verifying that any signature exists is not the same as verifying the right signer.