Ratify
Is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies you create.
⚠️ Development Notice: Main Branch Under Active v2 Development
[!IMPORTANT] The
mainbranch is currently under active development for Ratify v2.
[!CAUTION] During this period, it may be unstable or broken.
If you are:
- Contributing new features
- Fixing bugs
- Building against a v1 version of Ratify
Please use the v1-dev branch.
We appreciate your patience as we work toward a more powerful and flexible Ratify v2! 🚀 Stay tuned for updates and migration guides.
Table of Contents
Quick Start
Please see Ratify website for a quick start demo.
Community meetings
Add the schedule to your calendar via the link https://zoom-lfx.platform.linuxfoundation.org/meetings/ratify?view=week.
- Agenda: https://hackmd.io/ABueHjizRz2iFQpWnQrnNA
- First series: the 2nd Wednesday of each month at 11:00 PM UTC
- Second series: the 4th Thursday of each month at 01:30 AM UTC
- We meet regularly to discuss and prioritize issues. The meeting may get cancelled due to holidays, all cancellation will be posted to meeting notes prior to the meeting.
- Reach out on Slack at cloud-native.slack.com#ratify. If you're not already a member of cloud-native slack channel, first add yourself here.
Documents
Please see the Ratify website for more in-depth information.
Meeting notes for weekly project syncs can be found here.
The Ratify community documents can be found in the repository .github.
Code of Conduct
Ratify follows the CNCF Code of Conduct.
Project Governance
The Ratify project governance can be found here.
Release Management
The Ratify release process is defined in RELEASES.md.
Licensing
This project is released under the Apache-2.0 License.
Ratify is a Cloud Native Computing Foundation Sandbox project.