diff --git a/.obs/workflows.yml b/.obs/workflows.yml
index 6b51ad701..9a6bfb2d0 100644
--- a/.obs/workflows.yml
+++ b/.obs/workflows.yml
@@ -33,6 +33,10 @@ staging_build:
source_project: home:defolos:BCI:CR:SLE-15-SP6
source_package: busybox-image
target_project: home:defolos:BCI:CR:SLE-15-SP6:Staging
+ - branch_package:
+ source_project: home:defolos:BCI:CR:SLE-15-SP6
+ source_package: cosign-image
+ target_project: home:defolos:BCI:CR:SLE-15-SP6:Staging
- branch_package:
source_project: home:defolos:BCI:CR:SLE-15-SP6
source_package: aspnet-runtime-6.0
@@ -250,6 +254,9 @@ refresh_devel_BCI:
- trigger_services:
project: devel:BCI:SLE-15-SP6
package: busybox-image
+ - trigger_services:
+ project: devel:BCI:SLE-15-SP6
+ package: cosign-image
- trigger_services:
project: devel:BCI:SLE-15-SP6
package: aspnet-runtime-6.0
diff --git a/cosign-image/Dockerfile b/cosign-image/Dockerfile
new file mode 100644
index 000000000..36732444c
--- /dev/null
+++ b/cosign-image/Dockerfile
@@ -0,0 +1,57 @@
+# SPDX-License-Identifier: Apache-2.0
+
+# Copyright (c) 2024 SUSE LLC
+
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon.
+
+# The content of THIS FILE IS AUTOGENERATED and should not be manually modified.
+# It is maintained by the BCI team and generated by
+# https://github.com/SUSE/BCI-dockerfile-generator
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+# You can contact the BCI team via https://github.com/SUSE/bci/discussions
+
+#!UseOBSRepositories
+
+#!BuildTag: suse/cosign:%%cosign_version%%-%RELEASE%
+#!BuildTag: suse/cosign:%%cosign_version%%
+#!BuildTag: suse/cosign:2.2
+#!BuildTag: suse/cosign:latest
+#!BuildName: suse-cosign-2.2
+#!BuildVersion: 15.6.2.2
+#!BuildRelease: 0
+FROM registry.suse.com/bci/bci-micro:15.6 AS target
+FROM suse/sle15:15.6 AS builder
+COPY --from=target / /target
+
+RUN set -euo pipefail; \
+ zypper -n --installroot /target --gpg-auto-import-keys install --no-recommends cosign; \
+ zypper -n clean; \
+ rm -rf {/target,}/var/log/{alternatives.log,lastlog,tallylog,zypper.log,zypp/history,YaST2}
+FROM registry.suse.com/bci/bci-micro:15.6
+COPY --from=builder /target /
+# Define labels according to https://en.opensuse.org/Building_derived_containers
+# labelprefix=com.suse.application.cosign
+LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
+LABEL org.opencontainers.image.title="SLE cosign"
+LABEL org.opencontainers.image.description="Signing OCI containers using Sigstore, based on the SLE Base Container Image."
+LABEL org.opencontainers.image.version="%%cosign_version%%"
+LABEL org.opencontainers.image.url="https://www.suse.com/products/base-container-images/"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="SUSE LLC"
+LABEL org.opencontainers.image.source="%SOURCEURL%"
+LABEL org.opencontainers.image.ref.name="%%cosign_version%%-%RELEASE%"
+LABEL org.opensuse.reference="registry.suse.com/suse/cosign:%%cosign_version%%-%RELEASE%"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL com.suse.supportlevel="techpreview"
+LABEL com.suse.eula="sle-eula"
+LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle#suse-linux-enterprise-server-15"
+LABEL com.suse.release-stage="released"
+# endlabelprefix
+LABEL org.opencontainers.image.base.name="%BASE_REFNAME%"
+LABEL org.opencontainers.image.base.digest="%BASE_DIGEST%"
+LABEL io.artifacthub.package.readme-url="%SOURCEURL%/README.md"
+LABEL io.artifacthub.package.logo-url="https://raw.githubusercontent.com/sigstore/community/main/artwork/cosign/horizontal/color/sigstore_cosign-horizontal-color.svg"
+ENTRYPOINT ["/usr/bin/cosign"]
diff --git a/cosign-image/README.md b/cosign-image/README.md
new file mode 100644
index 000000000..b8e9283dc
--- /dev/null
+++ b/cosign-image/README.md
@@ -0,0 +1,66 @@
+# SLE cosign
+[-Build_L3-Green)](https://documentation.suse.com/sbp/server-linux/html/SBP-SLSA4/)
+[](https://documentation.suse.com/container/all/html/Container-guide/index.html#container-verify)
+
+## Description
+Cosign aims to make signatures management easy.
+
+Cosign supports the following functionality:
+
+* "Keyless signing" with the Sigstore public good Fulcio certificate authority and Rekor transparency log (default)
+* Hardware and KMS signing
+* Signing with a Cosign-generated encrypted private/public keypair
+* Container signing, verification and storage in an OCI registry.
+* Bring-your-own public key infrastructure (PKI)
+
+
+## Usage
+
+### Verify a container image
+
+To verify the image, specify a certificate subject
+and a certificate issuer using the `--certificate-identity` and
+`--certificate-oidc-issuer` flags:
+
+```shell
+$ podman run registry.suse.com/suse/cosign:2.2 \
+ verify $IMAGE \
+ --certificate-identity=$IDENTITY \
+ --certificate-oidc-issuer=$OIDC_ISSUER
+```
+
+You can also provide a regex for the certificate identity and issuer flags,
+`--certificate-identity-regexp` and `--certificate-oidc-issuer-regexp`. For more information, see
+[Keyless verification using OpenID Connect](https://docs.sigstore.dev/cosign/verifying/verify/#keyless-verification-using-openid-connect).
+
+### Verify a container image against a public key
+
+The `verify` command returns `0` if *at least one* `cosign`-formatted signature for
+the image is found matching the public key. See the detailed usage below for
+information and caveats on other signature formats.
+
+Valid payload is printed to stdout, in JSON format. Note that the
+signed payload includes the digest of the container image, which indicated that these "detached" signatures apply to the correct image.
+
+```shell
+$ podman run registry.suse.com/suse/cosign:2.2 verify --key cosign.pub $IMAGE_URI:1h
+The following checks were performed on these signatures:
+ - The cosign claims were validated
+ - The signatures were verified against the specified public key
+{"Critical":{"Identity":{"docker-reference":""},"Image":{"Docker-manifest-digest":"sha256:87ef60f558bad79beea6425a3b28989f01dd417164150ab3baab98dcbf04def8"},"Type":"cosign container image signature"},"Optional":null}
+```
+
+For more use cases and information, refer to the
+[sigstore cosign Quickstart](https://docs.sigstore.dev/quickstart/quickstart-cosign/).
+
+## Licensing
+
+`SPDX-License-Identifier: Apache-2.0`
+
+This documentation and the build recipe are licensed as Apache-2.0.
+The container itself contains various software components under various open source licenses listed in the associated
+Software Bill of Materials (SBOM).
+
+This image is a tech preview. Do not use it for production.
+Your feedback is welcome.
+Please report any issues to the [SUSE Bugzilla](https://bugzilla.suse.com/enter_bug.cgi?product=SUSE%20Linux%20Enterprise%20Base%20Container%20Images).
diff --git a/cosign-image/_service b/cosign-image/_service
new file mode 100644
index 000000000..9004634c2
--- /dev/null
+++ b/cosign-image/_service
@@ -0,0 +1,10 @@
+
+
+
+
+ Dockerfile
+ %%cosign_version%%
+ cosign
+ patch
+
+
\ No newline at end of file
diff --git a/cosign-image/cosign-image.changes b/cosign-image/cosign-image.changes
new file mode 100644
index 000000000..57025490a
--- /dev/null
+++ b/cosign-image/cosign-image.changes
@@ -0,0 +1,4 @@
+-------------------------------------------------------------------
+Wed Oct 30 12:54:46 UTC 2024 - SUSE Update Bot
+
+- First version of the cosign BCI