Notary Project

Notary Project is an open-source initiative that delivers a minimalist yet security-critical toolchain for signing and verifying software artifacts throughout the DevOps lifecycle. Its flagship product, the Notation CLI, functions as a low-friction command-line utility that embeds cryptographic signatures into container images, Helm charts, WASM modules, and other cloud-native artifacts, enabling teams to enforce tamper-proof provenance and policy-driven admission control in CI/CD pipelines. By generating standards-based signatures that can be checked at deploy time against registries or Kubernetes admission controllers, the tool helps organizations meet compliance mandates for software supply-chain integrity without altering existing build workflows. Typical use cases include signing release artifacts in GitHub Actions, verifying third-party images before production deployment, and attesting SBOMs or scan reports so that runtime environments accept only trusted payloads. The CLI integrates natively with OCI-compliant registries, supports pluggable signing schemes such as X.509 and KMS-backed keys, and produces portable signatures that travel alongside artifacts across clouds. Notary Project’s software is available for free on get.nero.com, where downloads are delivered through trusted Windows package sources like winget, always installing the latest upstream release and allowing several utilities to be installed in one batch operation.