Skip to content

Support signing attestations using Notary Project #801

New issue
New issue
Open
Open
Support signing attestations using Notary Project#801
Assignees
yizha1
Labels
feature-requestIssues that request new featuresfeature-signing-and-verificationIssues related to signing and verification of artifactsroadmapFeatures and asks that should show up on the public roadmaptriagedUse after the issue is triaged
@toddysm

Description

@toddysm
toddysm
opened on Jan 22, 2025

Notary Project doesn't support signing attestations like for example in-toto attestations. The ask here is to enable Notary Project tooling to sign and store attestations into OCI registries. The following things need to be considered:

  • Wrapping attestations in a widely-accepted format (like in-toto)
  • Signing using COSE and JWS signature formats
  • Support artifact signing in constrained environments (aka local disk signing)

Metadata

Metadata

Assignees

Labels

feature-requestIssues that request new featuresfeature-signing-and-verificationIssues related to signing and verification of artifactsroadmapFeatures and asks that should show up on the public roadmaptriagedUse after the issue is triaged

Type

No type

Projects

Cloud Native Security & Registries Roadmap (Public)

Status

In Review (Planning)

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions