-
Notifications
You must be signed in to change notification settings - Fork 59
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'notaryproject:main' into main
- Loading branch information
Showing
7 changed files
with
163 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
--- | ||
title: Notary Project announces Notation v1.1.0! | ||
author: "Notary Project Release Team" | ||
date: 2024-02-08 | ||
draft: false | ||
--- | ||
|
||
The Notary Project maintainers are proud to announce new releases for its sub-projects, including [Notary Project specifications v1.1.0](https://github.com/notaryproject/specifications/releases/tag/v1.1.0), [notation v1.1.0](https://github.com/notaryproject/notation/releases/tag/v1.1.0), [notation-go v1.1.0](https://github.com/notaryproject/notation-go/releases/tag/v1.1.0), and [notation-core-go v1.0.2](https://github.com/notaryproject/notation-core-go/releases/tag/v1.0.2), [Notation GitHub Actions v1.0.1](https://github.com/notaryproject/notation-action/releases/tag/v1.0.1) which are ready for production use! | ||
|
||
Meanwhile, a new library [notation-plugin-framework-go | ||
](https://github.com/notaryproject/notation-plugin-framework-go) released the first release v1.0.0. It contains framework required to create notation plugins as per [Notation Plugin specification](https://github.com/notaryproject/specifications/blob/v1.1.0/specs/plugin-extensibility.md). | ||
|
||
## Notable Capabilities in this Release | ||
|
||
Here are some of the major capabilities and features included in this release. | ||
|
||
### Easier plugin management functionalities | ||
|
||
Notation has an [extensible design based on a plugin framework](https://github.com/notaryproject/specifications/blob/v1.1.0/specs/plugin-extensibility.md). This framework provides plugin interfaces for users and vendors to implement their own integration with key/certificate management solutions or signing services. | ||
|
||
In this release, Notation offers Notation plugin management capabilities to simplify the plugin user experience. | ||
|
||
- Added new command `notation plugin install`. Users are now able to install a notation plugin directly from a URL or from their file system. Supported plugin installation formats are `.zip`, `.tar.gz`, and single plugin executable file. See an example usage below: | ||
|
||
```bash | ||
$ notation plugin install --file <file_path> | ||
``` | ||
|
||
```bash | ||
$ notation plugin install --sha256sum <digest> --url <HTTPS_URL> | ||
``` | ||
|
||
- Added new command `notation plugin uninstall`. Users are now able to uninstall a notation plugin by providing the plugin name. See an example usage below: | ||
|
||
```bash | ||
notation plugin uninstall <plugin_name> | ||
``` | ||
|
||
The following plugins have been well tested with Notation plugin commands by Notary Project maintainers: | ||
|
||
- [AWS Signer plugin for Notation](https://docs.aws.amazon.com/signer/latest/developerguide/Welcome.html) | ||
- [Azure Key Vault for Notation](https://learn.microsoft.com/en-us/azure/container-registry/container-registry-tutorial-sign-build-push) | ||
- [Venafi CodeSign Protect Signing Plugin for Notation](https://github.com/Venafi/notation-venafi-csp) | ||
|
||
### Specifications | ||
|
||
For plugin vendors who want to package and distribute a Notation plugin, [Notation Plugin specification](https://github.com/notaryproject/specifications/blob/v1.1.0/specs/plugin-extensibility.md) defines the plugin conventions to ensure plugins are delivered in a consistent format and compatible with `notation plugin` management commands. | ||
|
||
### Get started with Notation v1.1.0 | ||
|
||
You can follow this [quick start](https://notaryproject.dev/docs/quickstart/) to try Notation v1.1.0 on your terminal. | ||
|
||
The default Notation CLI setup action in Notation GitHub Actions has also been updated to v1.1.0. It enables users to install Notation and its plugin, sign and verify OCI artifacts in GitHub Actions workflow with ease. | ||
|
||
To get started with Notation v1.1.0 in a CI/CD workflow, you can find the Notation GitHub Actions in the [Marketplace](https://github.com/marketplace/actions/notation-actions). | ||
|
||
## What's next | ||
|
||
The Notary Project maintainers are considering the following features for future milestones. Feel free to reach out on the [Slack channel](https://app.slack.com/client/T08PSQ7BQ/CQUH8U287/) or [GitHub issues](https://github.com/notaryproject/notation/issues) to ask questions, provide feedback, or share ideas. | ||
|
||
- Sign and verify arbitrary blobs | ||
- Timestamping support | ||
- Improve error messages and verbose logs | ||
|
||
And more! | ||
|
||
## Acknowledgements | ||
|
||
The Notary Project release team wants to thank the entire Notary Project community for all the activity and engagement that has been vital for helping the project grow and reach this major milestone. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
--- | ||
title: Bitnami now uses Notation for signing and verifying containers and Helm charts on Docker Hub | ||
author: Beltran Rueda | ||
date: 2024-03-18 | ||
draft: false | ||
--- | ||
|
||
Bitnami-packaged open source software container images and Helm charts [available in DockerHub](https://hub.docker.com/u/bitnami) are now signed by [Notation](https://github.com/notaryproject/notation). | ||
|
||
[Bitnami](https://bitnami.com) provides the latest versions of pre-packaged, hardened, ready-to-deploy open source software application packages that enable developers to hit the ground running when building new applications and services on any platform. Bitnami open source software packages are highly popular with developers with over 500 million pulls per month and over 2 billion computer hours per year. This strong developer community of Bitnami has leveraged its robust application catalog to build millions of applications for almost 20 years now. | ||
|
||
In December 2023, [we announced](https://tanzu.vmware.com/content/tanzu-application-catalog-resources/tanzu-application-catalog-leverages-notation) that Tanzu Application Catalog, the enterprise edition of Bitnami Application Catalog, started making use of Notation as a tool for signing and verifying open container initiative (OCI) artifacts (e.g. container images, Helm charts, and metadata bundles. | ||
|
||
Now, we are happy to have extended our collaboration with Notation and announce the extension of this capability to the community edition of Bitnami-packaged container images and Helm charts in DockerHub as well. | ||
|
||
To know more about the benefits that the Bitnami users stand to enjoy with this integration and to learn how to verify the signature of a Bitnami-package, check out [this blog](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html). | ||
|
||
If you are interested in learning more about Tanzu Application Catalog, check out their [product webpage](https://tanzu.vmware.com/application-catalog) and [additional resources](https://tanzu.vmware.com/content/vmware-application-catalog-resources/jun-23-boost-developer-productivity-and-operator-confidence-with-secure-open-source-components). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters