Notary, the CNCF undertaking that gives cross-industry requirements for provide chain safety, has introduced a significant launch.
This brings each the Notary Undertaking and Notation Undertaking to model 1.0.0. Notation is a sub-project that implements Notary specs.
Included on this launch are an OCI signature specification, OCI COSE signature envelope, OCI JWS signature envelope, OCI signing and verification workflow, signing scheme, Belief Retailer, and Belief coverage, and plugin specification for Notation.
The workforce additionally revealed what it’s engaged on subsequent. These embrace the flexibility to signal and confirm arbitrary blogs, integration with GitHub Actions, a HashiCorp Vault plugin, plugin lifecycle administration, timestamping assist, and the flexibility to handle belief insurance policies utilizing CLI instructions.
“As containers and cloud native artifacts turn into frequent deployment items, customers wish to be sure that they’re genuine of their environments. The Notary Undertaking is a set of specs and instruments meant to supply cross-industry requirements for securing software program provide chains by signing and verification, signature portability, and key/certificates administration,” the undertaking maintainers wrote in a weblog submit.
