Standards-based spec and tooling for securing software supply chains
Signing and verifying artifacts. Safeguarding the software delivery security from development to deployment.
Scenarios we fit and problems we solve for
Sign and validate software artifacts, and ensure they have not been tampered with. Provide security policies to determine which validated artifacts are allowed to be used in your systems.
Secure containers and K8s
For Developers
DevSecOps
For DevOps Engineer
Auditing and Compliances
For Security Operator
Contributed by the community, in collaboration
with
Why the Notary Project is unique?
The Notary Project is aiming to provide enterprise-grade solutions and cross-industry standards for securing software supply chain
Cryptographic Signing
COSE and JWS signatures are supported for secure authentication, enabling versatile signing and verification of software artifacts. The system is built on standard PKI, ensuring reliable and compatible cryptographic operations. It accommodates online and air-gapped signing scenarios to meet diverse requirements.
Security Policy
The ability to customize trust policies is provided, allowing users to determine the authenticity of signed artifacts. It is ensured that all artifacts are signed with trusted identities and originate from trusted registries, thus enhancing system integrity and authenticity.
Extensibility
The system provides extensibility options that allow users to customize and adapt the platform according to their specific needs. With a flexible architecture and robust APIs, integration and extension of functionalities can be achieved to meet their requirements effectively.
Multi-registry
Multiple registries are supported, facilitating the management and organization of artifacts across different repositories. The platform offers seamless integration and synchronization capabilities, enabling efficient collaboration with artifacts from various sources.
Community-driven
The platform is community-driven, with active participation and collaboration from developers worldwide. They can join the vibrant community to share knowledge, contribute to the ecosystem, and benefit from collective expertise to drive innovation and growth.
See more Installation method.
brew install notation
winget install notation -s winget
brew install notation
News & Blogs
Adopted and trusted by
Industry-leading enterprises and organizations are using the Notary Project for research, production, and integration with security products. If you are using the Notary Project, please share your case with us
AWS team is using and contributing to Notation, building the cryptographic signing services for customers
Notation used across Microsoft teams and services(eg., Windows container, AKS, Azure Code Signing, Ratify).
Zot registry supports store Notation signature as OCI artifacts
Docker Hub supports signing container images with Notation and storing signatures and other supply chain artifacts