diff --git a/Makefile b/Makefile
index da31dbfd..f1a45552 100644
--- a/Makefile
+++ b/Makefile
@@ -12,6 +12,7 @@ STACKER := $(shell which stacker)
 GOLINTER := $(TOOLSDIR)/bin/golangci-lint
 GOLINTER_VERSION := v1.49.0
 NOTATION := $(TOOLSDIR)/bin/notation
+COSIGN := $(TOOLSDIR)/bin/cosign
 HELM := $(TOOLSDIR)/bin/helm
 ORAS := $(TOOLSDIR)/bin/oras
 REGCLIENT := $(TOOLSDIR)/bin/regctl
@@ -331,6 +332,11 @@ $(STACKER):
 	curl -fsSL https://github.com/project-stacker/stacker/releases/latest/download/stacker -o $@; \
 	chmod +x $@
 
+$(COSIGN):
+	mkdir -p $(TOOLSDIR)/bin
+	curl -fsSL https://github.com/sigstore/cosign/releases/download/v1.13.0/cosign-linux-amd64 -o $@; \
+	chmod +x $@
+
 .PHONY: test-annotations
-test-annotations: binary check-skopeo $(BATS) $(STACKER)
+test-annotations: binary check-skopeo $(BATS) $(STACKER) $(NOTATION) $(COSIGN)
 	$(BATS) --trace --print-output-on-failure test/blackbox/annotations.bats
diff --git a/test/blackbox/annotations.bats b/test/blackbox/annotations.bats
index c5fe05bf..a350cb24 100644
--- a/test/blackbox/annotations.bats
+++ b/test/blackbox/annotations.bats
@@ -89,3 +89,38 @@ function teardown_file() {
     [ $(echo "${lines[-1]}" | jq '.data.ImageList[0].Vendor') = '"CentOs"' ]
     [ $(echo "${lines[-1]}" | jq '.data.ImageList[0].Licenses') = '"GPLv2"' ]
 }
+
+@test "sign/verify with cosign" {
+    run curl -X POST -H "Content-Type: application/json" --data '{ "query": "{ ImageList(repo: \"annotations\") { RepoName Tag Digest ConfigDigest Size Layers {Size Digest } Vendor Licenses }}"}' http://localhost:8080/v2/_zot/ext/search
+    [ "$status" -eq 0 ]
+    [ $(echo "${lines[-1]}" | jq '.data.ImageList[0].RepoName') = '"annotations"' ]
+    local digest=$(echo "${lines[-1]}" | jq -r '.data.ImageList[0].Digest')
+    
+    run cosign initialize
+    [ "$status" -eq 0 ]
+    run cosign generate-key-pair
+    [ "$status" -eq 0 ]
+    run cosign sign --key cosign.key localhost:8080/annotations:latest --yes
+    [ "$status" -eq 0 ]
+    run cosign verify --key cosign.pub localhost:8080/annotations:latest
+    [ "$status" -eq 0 ]
+    local sigName=$(echo "${lines[-1]}" | jq '.[].critical.image."docker-manifest-digest"')
+    [ "$status" -eq 0 ]
+    [[ "$sigName" == *"${digest}"* ]]
+}
+
+@test "sign/verify with notation" {
+    run curl -X POST -H "Content-Type: application/json" --data '{ "query": "{ ImageList(repo: \"annotations\") { RepoName Tag Digest ConfigDigest Size Layers {Size Digest } }}"}' http://localhost:8080/v2/_zot/ext/search
+    [ "$status" -eq 0 ]
+    [ $(echo "${lines[-1]}" | jq '.data.ImageList[0].RepoName') = '"annotations"' ]
+    [ "$status" -eq 0 ]
+
+    run notation cert generate-test --trust "notation-sign-test"
+    [ "$status" -eq 0 ]
+    run notation sign --key "notation-sign-test" --plain-http localhost:8080/annotations:latest
+    [ "$status" -eq 0 ]
+    run notation verify --cert "notation-sign-test" --plain-http localhost:8080/annotations:latest
+    [ "$status" -eq 0 ]
+    run notation list --plain-http localhost:8080/annotations:latest
+    [ "$status" -eq 0 ]
+}