Overview

An overview of the Notary Project

Introduction

The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. Notation Project specifications and tooling provides signing and verification workflows for OCI artifacts, signature portability across OCI compliant registries, and integration with 3rd party key management solutions through a plugin model. Notary Project is also the name of the GitHub organization that has multiple prominent subprojects like Notation, Notary Project specifications, and Notary. Very often we use the name Notary Project to refer to all the above as well as the community that drives the specifications and the implementations. To learn more about Notary Project terms, please refer to the FAQ.

Here is a list of repositories under the Notary Project organization

RepositoryDescription
.githubThis repository contains the Notary Project governance and other common documents that are shared across all repositories under the Notary Project organization.
meeting-notesThis repository contains the archived meeting notes.
notaryThis repository contains the source code for the server and the client of the initial TUF-based implementation circa 2016.
specificationsThis repository contains the latest Notary Project requirements, scenarios, specifications, and security audits to overcome the challenges from the initial implementation of 2016.
notaryproject.devThis repository contains the source code and content for the Notary Project website.
notationThis repository contains the source code for the convenient CLI implementation of the new Notary Project specifications.
notation-goThis repository contains the source code for the convenient Golang library implementation of the new Notary Project signing and verification flow.
notation-core-goThis repository contains the source code for the Golang library implementation of the Notary Project signature (hereafter “Notary Project signature”) specification and wrapping (COSE and JWS).
roadmapThis repository is intended for keeping track of development activities in the Notary Project. It may be retired in the future as feature request and milestones are moved to the appropriate repositories.
tufThis repository is intended for prototyping the storage of TUF metadata in OCI-compliant registries. It is not under active development at the moment but there are plans to revive it in the future.

Project status

The Notary Project is in active development. The latest release announcements are published on the Notary Project blog. The Notary Project community uses the project board for project planning and status tracking. You can also use GitHub milestones to track the progress of each repository:

Security

The Notary Project has a continuous fuzz testing implemented for the following repositories: notary, notation-go, and notation-core-go.

In addition, the Notary Project has had several public security audits:

Community

You can reach the Notary Project community and developers via the following channels: