Verify using transparent log

[betorvs]

As described here: https://docs.sigstore.dev/cosign/verifying/verify/#verify-an-image-on-the-transparency-log

I tried to check my image using only transparent log:

➜ cosign verify betorvs/roberto-test-cosign:alpine.3.22.1
Error: --certificate-identity or --certificate-identity-regexp is required for verification in keyless mode
error during command execution: --certificate-identity or --certificate-identity-regexp is required for verification in keyless mode

And this is my cosign version:

✗  cosign version
  ______   ______        _______. __    _______ .__   __.
 /      | /  __  \      /       ||  |  /  _____||  \ |  |
|  ,----'|  |  |  |    |   (----`|  | |  |  __  |   \|  |
|  |     |  |  |  |     \   \    |  | |  | |_ | |  . `  |
|  `----.|  `--'  | .----)   |   |  | |  |__| | |  |\   |
 \______| \______/  |_______/    |__|  \______| |__| \__|
cosign: A tool for Container Signing, Verification and Storage in an OCI registry.

GitVersion:    v3.0.3
GitCommit:     3f32cea203c59a93323a6bebfebff03417520143
GitTreeState:  "clean"
BuildDate:     2025-12-10T00:02:23Z
GoVersion:     go1.25.5
Compiler:      gc
Platform:      darwin/arm64

and this is the log when I signed my image:

➜ cosign sign --key cosign.key betorvs/roberto-test-cosign:alpine.3.22.1
Enter password for private key:
WARNING: Image reference betorvs/roberto-test-cosign:alpine.3.22.1 uses a tag, not a digest, to identify the image to sign.
    This can lead you to sign a different image than the intended one. Please use a
    digest (example.com/ubuntu@sha256:abc123...) rather than tag
    (example.com/ubuntu:latest) for the input to cosign. The ability to refer to
    images by tag will be removed in a future release.


	The sigstore service, hosted by sigstore a Series of LF Projects, LLC, is provided pursuant to the Hosted Project Tools Terms of Use, available at https://lfprojects.org/policies/hosted-project-tools-terms-of-use/.
	Note that if your submission includes personal data associated with this signed artifact, it will be part of an immutable record.
	This may include the email address associated with the account with which you authenticate your contractual Agreement.
	This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later, and is subject to the Immutable Record notice at https://lfprojects.org/policies/hosted-project-tools-immutable-records/.

By typing 'y', you attest that (1) you are not submitting the personal data of any other person; and (2) you understand and agree to the statement and the Agreement terms at the URLs listed above.
Are you sure you would like to continue? [y/N] y
tlog entry created with index: 768602272
Pushing signature to: index.docker.io/betorvs/roberto-test-cosign

How can I verify my image only using transparent log? Is it possible?

[haydentherapper]

Follow these instructions. You must specify the identity of the signer. https://docs.sigstore.dev/cosign/verifying/verify/#keyless-verification-using-openid-connect

We can update the docs to remove that section, it can be ignored as it's redundant.