Security-audits | Notary Project | A set of specifications and tools intended to provide a cross-industry standard for securing software supply chains.

Notation v2.0.0-alpha.1 is released! Exprience arbitrary blob signing and verification.

Security Audit

Welcome to the Security Audit Reports page. Here, you will find a collection of publicly available security audit reports.

2025

Quarkslab 2025 - Notary Project Security Audit

The audit report presents how Quarkslab installed and performed discovery of Notary Project tooling Notation and libraries, reviewed the code structure and quality, and analyzed the timestamping and certificate revocation.

2023

Ada logics 2023 - Notation Security Audit

In March and April 2023, Ada Logics carried out a security audit For Notation, Notation-go and Notation-core-go. The audit was a holistic audit involving threat modelling, manual auditing, fuzzing improvements and SLSA compliance review. This report details the findings from the audit.

ADA LOGICS 2022-23 - Notary Fuzzing Audit

This report details a fuzzing audit commissioned by the CNCF and the engagement is part of the broader efforts carried out by CNCF in securing the software in the CNCF landscape. Demonstrating and ensuring the security of these software packages is vital for the CNCF.

2018

August 7, 2018 by Cure53 covering TUF and Notary

This report documents the findings of a security assessment targeting the TUF/Notary software compound. The project, which comprised a source code audit and a classic penetration test, was carried out by Cure53 in 2018 and yielded only four securityrelevant findings.

2015

July 31, 2015 by NCC covering TUF and Notary

This report documents the findings of a security assessment targeting the TUF/Notary software compound. The project, which comprised a source code audit and a classic penetration test, was carried out by Cure53 in 2018 and yielded only four securityrelevant findings.