Skip to content

v0.1.0-alpha.1

Pre-release
Pre-release
Compare
Choose a tag to compare
@github-actions github-actions released this 16 Nov 23:30
· 1163 commits to main since this release
v0.1.0-alpha.1
This tag was signed with the committer’s verified signature. The key has expired.
sajayantony Sajay Antony
GPG key ID: 5B35EA5B93B469F6
Expired
Learn about vigilant mode.
d8f3566
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Initial Alpha Release

This is an alpha release of Ratify. It includes the initial feature set and scaffolding to allow contributors to integrate additional referrer stores and verifiers.

Features

  • Support for running from CLI and as a web service
  • Support for registries supporting the oras artifact spec
  • Support for verifying notation signatures
  • Support for verifying cosign signatures
  • Support for artifact discovery
  • Plugin architecture for integration of additional referrer stores and verifiers.
  • Support for "any" or "all" policy on validation checks

Commits

f931af6 Add ORAS and notaryv2 as built-in providers into the framework. (#20)
3e89635 Add Security Reporting Instructions (#41)
ca9fb31 Add an example policy for referrers not found case (#37)
7285b5c Add contribution guidelines (#23)
834a718 Add cosign verifier with ability to discover cosign tag based artifacts in the ociregistry store
2cd1cf6 Add deployment files and other changes to support enabling Hora in OPA Gatekeeper.
ae28fbc Add initial design docs (#29)
4eefe37 Add quick start tutorial with latest steps for creating supply chain graph (#72)
8bc2cdc Add trademark notice (#39)
b3c988a Added PHONY targets (#62)
b840e4a Added artifact hierarchy
6d3d6ce Added comments to all exported members (#73)
2afbf86 Added copyright header (#64)
5aff12f Added makefile with build and install commands
fa0bafb Added section about nested verifiers and config
f53a538 Added subject response
c02a978 Added tests to common, utils, store and verifier packages (#63)
6aa75ff Added tests to executor core package (#66)
15f9ece Added version command (#69)
d75d877 Adding code of conduct info
b2ecbb3 Addressed PR feedback and added README.md
3eb5c1a Consider artifact verification policy per artifact type (#26)
8b2d50d Demo script for discovering & verifying supply chain content using Hora (#42)
8d3bc92 Fix branch in README (#60)
218241d Fix go test to walk the source (#58)
a523cba Fix make install location
d8f3566 Fixed markdown linting errors and links (#71)
85d92d8 Fixed markdown linting rules and added warnings (#25)
3eb753a Hora prototype with verify and referrer commands
73884ac Initial commit
8a0a3d0 Merge pull request #1 from deislabs/codeofconduct
ccb214e Merge pull request #12 from sajayantony/dev
f3d2e73 Merge pull request #15 from mnltejaswini/cosign
438749e Merge pull request #19 from mnltejaswini/k8s
5b7510d Merge remote-tracking branch 'origin/docs' into dev
4c9ff75 Oras go integration (#50)
e24f04f Pass the referrer store config to plugin so that they can query the store directly
467ea25 Ratify (#53)
29c9cf4 Release action (#34)
4d21ee7 Show the full reference
e53c31a Trimmed goreleaser and fixed version (#70)
ce33a4c Update import paths (#22)
8a75765 Update license to Apache (#49)
6db56bb Update notary v2 to use notation-go-lib (#38)
9c34bf7 Updated README.md with details of components
98562df Updated package location to deislabs
a1f6614 Updating setup steps (#33)
52d28b7 add git commit id as a docker image label (#68)
8a2f9ee add license statement to readme
666ddf6 build and publish a docker image (#67)
fda00bf run basic verifications on PR to main (#51)
6eab22e specify versioning and release procedures for hora project (#27)

Assets 8
Loading