Notary Project
Open SourceFundedStandards-based software supply chain security with cryptographic signing.
About Notary Project
The Notary Project provides a set of open-source specifications and tools designed to secure software supply chains by enabling cryptographic signing and verification of software artifacts. It supports signing arbitrary blobs, container images, and other software components, ensuring their integrity and authenticity throughout the development and deployment lifecycle. The project is built on standard Public Key Infrastructure (PKI) and supports both online and air-gapped signing scenarios, making it suitable for diverse enterprise environments.
Targeted at DevOps engineers, security operators, and developers, the Notary Project offers fine-grained security policies to enforce trusted identities and registries, enhancing system integrity. Its pluggable architecture and SDK facilitate integration and customization, while multi-registry support ensures portability and immutability of signed artifacts. Adopted by leading organizations such as AWS and Microsoft, the project is community-driven and governed openly under the Cloud Native Computing Foundation (CNCF) incubating status, providing enterprises with a reliable and extensible solution for securing their software delivery pipelines.
Key Capabilities
- ✓Cryptographic signing of arbitrary software artifacts
- ✓Support for COSE and JWS signature formats
- ✓Customizable fine-grained security policies
- ✓Multi-registry OCI-compliant signature storage
- ✓Extensible CLI and SDK for automation and integration
Integrations
Other Directory Vendors
This profile was compiled by CIOPages from public sources with AI assistance, and may be incomplete or out of date. It is informational only and not an endorsement. Represent this vendor? or .