ratify
ratify copied to clipboard
ratify-project
Artifact Ratification Framework
### What would you like to be added? [in-toto](https://github.com/in-toto/in-toto) provides a framework to protect the integrity of the software supply chain. It has an [Attestation](https://github.com/in-toto/attestation) framework that provides a specification...
### What would you like to be added? Currently, the ORAS store creates a local ORAS OCI store to cache artifact blobs locally. ORAS generates a blob descriptor index and...
### What would you like to be added? Currently, configuring notation plugins with the Ratify notation Verifier requires a separate verifier defined just to download the notation plugin from a...
### What would you like to be added? Cosign exposes many different options for configuring signature verification. The Cosign CLI is a good example of the number of flags/options. Ratify...
### What happened in your environment? If user is running a previous Ratify version with v1alpha1 policy, once users upgrade to v1beta1 policy, Ratify cannot read existing CR objects in...
example scenario: check if an image was built from a specific repo, with a specific branch/commit, include certain reviewers, etc https://slsa.dev/provenance/v0.2
### What would you like to be added? Currently the Ratify CRD is in beta, as we release GA, what are the considerations for bumping version to GA. ### Anything...
### What would you like to be added? When running Ratify on Kubernetes, users need to configure the logger by changing its `logger.level` from `level: "info"` to `level: "debug"` in...
### What would you like to be added? There are 4 in memory caches each using a different implementation. Instrumenting cache metrics for each will add unnecessary overhead. We should...
### What would you like to be added? Ratify should be configurable to align with Gatekeeper's fail open/close strategy. Fail open behavior: Gatekeeper is set by default to fail open....