๐๏ธ Creating Plugins
Ratify supports plugins for stores and verifiers so that users can add capabilities that aren't included in the core application. This document is a guide on creating your own plugins.
๐๏ธ Developer getting started
The intent of this document is to be a high level quick start guide to get up and running quickly. For a more in depth review on configuration please see CONTRIBUTING.MD.
๐๏ธ Gatekeeper Policy Authoring
Ratify can be deployed behind admission
๐๏ธ Manual Quick Start Steps
This document outlines the manual production ready steps to install Ratify with Gatekeeper in admission control scenarios. Please refer to the README.MD for recommended install steps.
๐๏ธ Install Ratify for High Availability
Feature status: Experimental.
๐๏ธ Ratify on AWS
This guide will explain how to get up and running with Ratify on AWS using EKS and ECR. This will involve setting up necessary AWS resources, installing necessary components, and configuring them properly. Once everything is set up we will walk through a simple scenario of verifying the signature on a container image at deployment time.
๐๏ธ Ratify on Azure
The signed container images enable users to assure deployments are built from a trusted entity and verify images haven't been tampered with since their creation. The signed image ensures integrity and authenticity before the user pulls an image into any environment and avoid attacks.
๐๏ธ Ratify with AWS Signer
This guide will explain how to get started with Ratify on AWS using EKS, ECR, and AWS Signer. This will involve setting up necessary AWS resources, installing necessary components, and configuring them properly. Once everything is set up we will walk through a simple scenario of verifying the signature on a container image at deployment time.
๐๏ธ Ratify with Venafi CodeSign Protect
This guide will explain how to get started with Ratify and the Venafi CodeSign Protect notation plugin. This will involve setting up the necessary components, and configuring them properly. Once everything is set up we will walk through a simple scenario of verifying the signature on a container image at deployment time.
๐๏ธ Working with SPDX
SPDX is a popular specification for representing software bill of material (SBoM) information. Once an SBoM has been