Notation
Notation is a CLI project to add signatures as standard items in the registry ecosystem, and to build a set of simple tooling for signing and verifying these signatures. This should be viewed as similar security to checking git commit signatures, although the signatures are generic and can be used for additional purposes. Notation is an implementation of the Notary project specifications.
Note The documentation for using
notation
is available here.
Table of Contents
Documents
- Quick start: Sign and validate a container image
- Build, sign, and verify container images using Notary and Azure Key Vault
Community
Development and Contributing
- Build Notation from source code
- Governance for Notation
- Maintainers and reviewers list
- Regular conversations for Notation occur on the Cloud Native Computing Slack notary-project channel.
Notary project Community Meeting
- Mondays 5-6 PM PDT, 4-5 PM PST, 8-9 PM EDT, 7-8 PM EST, 8-9 AM Shanghai
- Thursdays 9-10 AM PDT, 8-9 AM PST, 12 PM EDT, 11 AM EST, 5 PM UK
Join us at Zoom Dial-in link / Passcode: 77777. Please see the CNCF Calendar for community meeting details. Meeting notes are captured on hackmd.io.
Release Management
The Notation release process is defined in RELEASE_MANAGEMENT.md.
Support
Support for the Notation project is defined in supported releases.
Code of Conduct
This project has adopted the CNCF Code of Conduct. See CODE_OF_CONDUCT.md for further details.
License
This project is covered under the Apache 2.0 license. You can read the license here.