E_COSIGN_VERIFY

Render

What happened

Cosign signature failed cryptographic verification, or the payload disagrees with the fetched digest. Attacker-side signal — someone served bytes the configured key didn't approve.

How to fix it

This error doesn't have an extended remediation guide yet — track issues on GitHub or open one with your --json output if the message above wasn't enough.