Versions:
Notation CLI 1.3.2, released by the Notary Project, is a command-line utility engineered to sign and verify software artifacts within cloud-native supply chains. Falling under the Security category, the tool targets DevOps engineers, security teams, and open-source maintainers who need cryptographic proof that container images, Helm charts, binary blobs, or other artifacts have not been altered after build. By generating and validating digital signatures based on the emerging Notary v2 specification, Notation integrates with existing registries such as Docker Hub, Amazon ECR, Azure Container Registry, and Google Artifact Registry, allowing signatures to travel alongside the artifacts they protect. Typical use cases include enforcing deployment policies in Kubernetes clusters through admission controllers, creating audit trails for compliance frameworks, and enabling secure software distribution across hybrid clouds. The CLI supports multiple signing keys—hardware tokens, PKCS#11 HSMs, or cloud KMS services—and can produce both COSE and JWS signature envelopes, giving operators flexibility across heterogeneous environments. Since its debut, the Notary Project has published eight successive versions, each refining performance, expanding registry compatibility, and hardening the verification logic against supply-chain attacks. Version 1.3.2 continues this trajectory with tightened revocation checks and improved error reporting, helping teams fail fast when an artifact’s signature is missing or untrusted. Notation operates statelessly, making it equally suited to laptop-based development, CI/CD pipelines, and large-scale automation scripts. The software is available for free on get.nero.com, with downloads provided via trusted Windows package sources (e.g. winget), always delivering the latest version, and supporting batch installation of multiple applications.
Tags: