Skip to content

Signing and verifying artifacts. Safeguarding the software delivery security from development to deployment.

License

Notifications You must be signed in to change notification settings

Two-Hearts/notation

 
 

Repository files navigation

Notation

Go Report Card codecov OpenSSF Scorecard

Notation is a CLI project to add signatures as standard items in the OCI registry ecosystem, and to build a set of simple tooling for signing and verifying these signatures. This should be viewed as similar security to checking git commit signatures, although the signatures are generic and can be used for additional purposes. Notation is an implementation of the Notary Project specifications.

You can find the Notary Project README to learn about the overall Notary Project.

Note

The documentation for installing Notation CLI is available here.

Table of Contents

Quick Start

Community

Notary Project is a CNCF Incubating project. We ❤️ your contribution.

Development and Contributing

Notary Project Community Meeting

  • Mondays 5-6 PM PDT, 4-5 PM PST, 8-9 PM EDT, 7-8 PM EST, 8-9 AM Shanghai
  • Thursdays 9-10 AM PDT, 8-9 AM PST, 12 PM EDT, 11 AM EST, 5 PM UK

Join us at Zoom Dial-in link / Passcode: 77777. Please see the CNCF Calendar for community meeting details. Meeting notes are captured on hackmd.io.

Release Management

The Notation release process is defined in RELEASE_MANAGEMENT.md.

Support

Support for the Notation project is defined in supported releases.

Code of Conduct

This project has adopted the CNCF Code of Conduct. See CODE_OF_CONDUCT.md for further details.

License

This project is covered under the Apache 2.0 license. You can read the license here.

About

Signing and verifying artifacts. Safeguarding the software delivery security from development to deployment.

Resources

License

Code of conduct

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Go 95.1%
  • Shell 3.7%
  • Other 1.2%