Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/deislabs/ratify
Artifact Ratification Framework
https://github.com/deislabs/ratify
kubernetes secure-supply-chain
Last synced: 29 days ago
JSON representation
Artifact Ratification Framework
- Host: GitHub
- URL: https://github.com/deislabs/ratify
- Owner: deislabs
- License: apache-2.0
- Created: 2021-08-13T16:17:52.000Z (almost 3 years ago)
- Default Branch: dev
- Last Pushed: 2024-04-30T10:50:39.000Z (about 2 months ago)
- Last Synced: 2024-04-30T11:42:21.035Z (about 2 months ago)
- Topics: kubernetes, secure-supply-chain
- Language: Go
- Homepage: https://ratify.dev
- Size: 4.68 MB
- Stars: 179
- Watchers: 12
- Forks: 54
- Open Issues: 111
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Codeowners: CODEOWNERS
- Security: SECURITY.md
- Roadmap: ROADMAP.md
Lists
- awesome-software-supply-chain-security - Ratify - ![GitHub stars](https://img.shields.io/github/stars/deislabs/ratify?style=flat-square) - The project provides a framework to integrate scenarios that require verification of reference artifacts and provides a set of interfaces that can be consumed by various systems that can participate in artifact ratification. (Kubernetes Admission Controller)
- DevSecOps - https://github.com/deislabs/ratify - the-badge)| (Supply chain specific tools)
- awesome-stars - deislabs/ratify - Artifact Ratification Framework (kubernetes)
- awesome-software-supply-chain-security - deislabs/ratify: Artifact Ratification Framework
README
![]()
# Ratify
Is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies you create.
[![Go Report Card](https://goreportcard.com/badge/github.com/deislabs/ratify)](https://goreportcard.com/report/github.com/deislabs/ratify)
[![build-pr](https://github.com/deislabs/ratify/actions/workflows/build-pr.yml/badge.svg)](https://github.com/deislabs/ratify/actions/workflows/build-pr.yml)
[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/deislabs/ratify/badge)](https://api.securityscorecards.dev/projects/github.com/deislabs/ratify)
[![Go Reference](https://pkg.go.dev/badge/github.com/deislabs/ratify.svg)](https://pkg.go.dev/github.com/deislabs/ratify)## Table of Contents
- [Ratify](#ratify)
- [Table of Contents](#table-of-contents)
- [Quick Start](#quick-start)
- [Community meetings](#community-meetings)
- [Pull Request Review Series](#pull-request-review-series)
- [Documents](#documents)
- [Code of Conduct](#code-of-conduct)
- [Release Management](#release-management)
- [Licensing](#licensing)
- [Trademark](#trademark)## Quick Start
Please see [Ratify website](https://ratify.dev/docs/quick-start) for a quick start demo.
## Community meetings
- Agenda:
- We hold a weekly Ratify community meeting on Thurs 12:00 - 1:00 AM (UTC)
Get Ratify Community Meeting Calendar [here](https://calendar.google.com/calendar/u/0?cid=OWJjdTF2M3ZiZGhubm1mNmJyMDhzc2swNTRAZ3JvdXAuY2FsZW5kYXIuZ29vZ2xlLmNvbQ)
- We meet regularly to discuss and prioritize issues. The meeting may get cancelled due to holidays, all cancellation will be posted to meeting notes prior to the meeting.
- Reach out on Slack at [cloud-native.slack.com#ratify](https://cloud-native.slack.com/archives/C03T3PEKVA9). If you're not already a member of cloud-native slack channel, first add [yourself here](https://communityinviter.com/apps/cloud-native/cncf).## Pull Request Review Series
- We hold a weekly Ratify Pull Request Review Series on Mondays 5-6 pm PST.
- People are able to use this time to walk through any Pull Requests and seek feedback from others in the Community. If there are no PR to review, the meeting will be cancelled during that week.
- Reach out on Slack if you want to reserve a session for review or during our weekly community meetings.## Documents
Please see the [Ratify website](https://ratify.dev/docs/what-is-ratify) for more in-depth information.
Meeting notes for weekly project syncs can be found [here](https://hackmd.io/ABueHjizRz2iFQpWnQrnNA?both)
## Code of Conduct
This project has adopted the [Microsoft Open Source Code of
Conduct](https://opensource.microsoft.com/codeofconduct/).For more information see the [Code of Conduct
FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact
[[email protected]](mailto:[email protected]) with any additional
questions or comments.## Release Management
The Ratify release process is defined in [RELEASES.md](./RELEASES.md).
## Licensing
This project is released under the [Apache-2.0 License](./LICENSE).
## Trademark
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow [Microsoft's Trademark & Brand Guidelines][microsoft-trademark]. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.
[microsoft-trademark]: https://www.microsoft.com/legal/intellectualproperty/trademarks