https://github.com/notaryproject/ratify

Artifact Ratification Framework (CNCF Sandbox)
https://github.com/notaryproject/ratify

kubernetes secure-supply-chain

Last synced: about 2 months ago
JSON representation

Artifact Ratification Framework (CNCF Sandbox)

• Host: GitHub
• URL: https://github.com/notaryproject/ratify
• Owner: notaryproject
• License: apache-2.0
• Created: 2021-08-13T16:17:52.000Z (over 4 years ago)
• Default Branch: main
• Last Pushed: 2025-12-22T05:08:53.000Z (3 months ago)
• Last Synced: 2026-01-13T19:22:34.575Z (about 2 months ago)
• Topics: kubernetes, secure-supply-chain
• Language: Go
• Homepage: https://ratify.dev
• Size: 11.2 MB
• Stars: 282
• Watchers: 12
• Forks: 78
• Open Issues: 149
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md
  • Codeowners: CODEOWNERS
  • Security: SECURITY.md
  • Roadmap: ROADMAP.md
  • Notice: NOTICE
  • Maintainers: MAINTAINERS

Awesome Lists containing this project

• awesome-repositories - notaryproject/ratify - Artifact Ratification Framework (CNCF Sandbox) (Go)

README

          






# Ratify

Is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies you create.

[![Go Report Card](https://goreportcard.com/badge/github.com/notaryproject/ratify)](https://goreportcard.com/report/github.com/notaryproject/ratify)

[![build-pr](https://github.com/notaryproject/ratify/actions/workflows/build-pr.yml/badge.svg)](https://github.com/notaryproject/ratify/actions/workflows/build-pr.yml)

[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/notaryproject/ratify/badge)](https://api.securityscorecards.dev/projects/github.com/notaryproject/ratify)

[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/9334/badge)](https://www.bestpractices.dev/projects/9334)

[![Go Reference](https://pkg.go.dev/badge/github.com/notaryproject/ratify.svg)](https://pkg.go.dev/github.com/notaryproject/ratify)

[![codecov](https://codecov.io/gh/notaryproject/ratify/graph/badge.svg?token=3X0BIPI4VD)](https://codecov.io/gh/notaryproject/ratify)

## ⚠️ Development Notice: Main Branch Under Active v2 Development

> [!IMPORTANT]

> The `main` branch is currently under **active development for Ratify v2**.

> [!CAUTION]

> During this period, it may be **unstable or broken**.

If you are:

- Contributing new features

- Fixing bugs

- Building against a v1 version of Ratify

Please use the [`v1-dev` branch](https://github.com/notaryproject/ratify/tree/v1-dev).

We appreciate your patience as we work toward a more powerful and flexible Ratify v2! 🚀

Stay tuned for updates and migration guides.

## Table of Contents

- [Ratify](#ratify)

  - [Table of Contents](#table-of-contents)

  - [Quick Start](#quick-start)

  - [Community meetings](#community-meetings)

  - [Pull Request Review Series](#pull-request-review-series)

  - [Documents](#documents)

  - [Code of Conduct](#code-of-conduct)

  - [Project Governance](#project-governance)

  - [Release Management](#release-management)

  - [Licensing](#licensing)

## Quick Start

Please see [Ratify website](https://ratify.dev/docs/quick-start) for a quick start demo.

## Community meetings

Add the schedule to your calendar via the link https://zoom-lfx.platform.linuxfoundation.org/meetings/ratify?view=week.

- Agenda: 

- First series: the 2nd Wednesday of each month at 11:00 PM UTC

- Second series: the 4th Thursday of each month at 01:30 AM UTC

- We meet regularly to discuss and prioritize issues. The meeting may get cancelled due to holidays, all cancellation will be posted to meeting notes prior to the meeting.

- Reach out on Slack at [cloud-native.slack.com#ratify](https://cloud-native.slack.com/archives/C03T3PEKVA9). If you're not already a member of cloud-native slack channel, first add [yourself here](https://communityinviter.com/apps/cloud-native/cncf).

## Documents

Please see the [Ratify website](https://ratify.dev/docs/what-is-ratify) for more in-depth information.

Meeting notes for weekly project syncs can be found [here](https://hackmd.io/ABueHjizRz2iFQpWnQrnNA?both).

The Ratify community documents can be found in the repository [`.github`](https://github.com/notaryproject/.github).

## Code of Conduct

Ratify follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).

## Project Governance

The Ratify project governance can be found [here](https://github.com/notaryproject/.github/blob/main/GOVERNANCE.md).

## Release Management

The Ratify release process is defined in [RELEASES.md](./RELEASES.md).

## Licensing

This project is released under the [Apache-2.0 License](./LICENSE).





    

    
Ratify is a Cloud Native Computing Foundation Sandbox project.