Skip to content

api-evangelist/ratify

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
README.md
README.md
 
 
apis.yml
apis.yml
 
 

Repository files navigation

Ratify

Ratify is a CNCF Sandbox open-source verification framework for container images and other supply chain artifacts in Kubernetes environments. It enables policy-driven artifact ratification by coordinating any number of pluggable verifiers — signatures, SBOMs, scan results, and attestations — against a given policy, integrating with Kubernetes admission webhooks via the Gatekeeper policy engine.

Ratify is developed by the ratify-project GitHub organization (originally a Microsoft open-source project), written in Go, and distributed as a CLI tool, Go library, and Kubernetes admission webhook server. It supports OCI-compliant artifact stores including Azure Container Registry, Amazon ECR, and Docker Hub.

No public-facing REST API or OpenAPI specification is published. Ratify exposes an internal HTTP verification API (v2alpha1) consumed by its webhook server.

URL: Visit APIs.json

Scope

  • Type: Index
  • Position: Consuming
  • Access: 3rd-Party

Tags

Artifact Verification, CNCF, Cloud Native, Container Security, Kubernetes, Open Source, Policy Enforcement, Security, Supply Chain

Timestamps

  • Created: 2025-01-01
  • Modified: 2026-05-02

APIs

No public APIs have been documented at this time. Ratify is consumed via Kubernetes admission webhooks, a CLI, and Go libraries.

Key Features

  • Pluggable Verifiers — Signatures (Notation, Cosign), SBOMs, vulnerability scan results, custom attestations
  • Kubernetes-Native — Admission webhook integration with OPA Gatekeeper
  • OCI Support — Works with any OCI-compliant registry
  • Policy Engine — Policy-driven verification decisions
  • CLI Tool — Standalone verification via the ratify-cli
  • CNCF Sandbox — Vendor-neutral governance under the CNCF

GitHub Repositories

Repo Description
ratify Core verification framework (Go)
ratify-cli Standalone CLI for artifact verification
docker-ratify Docker integration
ratify-verifier-plugin Plugin framework for custom verifiers

Common Properties

Maintainers

FN: Kin Lane

Email: kin@apievangelist.com

About

Ratify is a CNCF Sandbox open-source verification framework for container images and other supply chain artifacts in Kubernetes environments.

Topics

kubernetes open-source security cncf supply-chain cloud-native container-security policy-enforcement apis-json artifact-verification naftiko

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors