Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/notaryproject/tuf
The Update Framework for OCI Registries
https://github.com/notaryproject/tuf
Last synced: about 1 month ago
JSON representation
The Update Framework for OCI Registries
- Host: GitHub
- URL: https://github.com/notaryproject/tuf
- Owner: notaryproject
- Created: 2021-08-25T11:10:30.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2024-04-09T01:28:10.000Z (8 months ago)
- Last Synced: 2024-08-04T00:13:53.647Z (4 months ago)
- Language: Go
- Size: 725 KB
- Stars: 11
- Watchers: 9
- Forks: 11
- Open Issues: 33
-
Metadata Files:
- Readme: README.md
- Codeowners: CODEOWNERS
Awesome Lists containing this project
- awesome-software-supply-chain-security - notaryproject/tuf: The Update Framework for OCI Registries
README
# TUF
This repository is **not** in active maintenance. Please see the Notary Project [README](https://github.com/notaryproject/.github/blob/main/README.md) file to learn about overall Notary Project.
TUF is a project to implement the full TUF specification in a registry native way. This may
require upstream TUF spec changes or extensions, as there are some differences between the
registry model and common usage to other TUF use cases. This project will use existing
registry extensions where available but may need its own document types in addition.
The notary TUF-based implementation ran as an additional service on a registry, so was not
available everywhere and did not create native registry artifacts. In turn this meant
that moving signatures between registries was not supported. The notary TUF-based implementation also made some
changes to the TUF security model, like defaulting to TOFU, which in retrospect were
not a good model in a world of ephemeral cloud native hosts. It did not get widespread
adoption due to these reasons and others. This project aims to build a version suitable
for widespread adoption that resolves these issues.