Notary Project logo

Notary Project

The Notary Project is a CNCF incubating set of specifications and tools for signing and verifying container images and other OCI artifacts. It provides Notation, a CLI and library for signing artifacts stored in OCI-compliant registries. The project defines standards for signature formats, trust policies, and verification workflows to secure software supply chains.

4 APIs 0 Features
Cloud NativeContainer SecurityImage SigningIncubatingOCIVerification

APIs

Notary Project Signing Specification

The Notary Project specification defines the signature envelope format, trust store and trust policy for container image signing and verification. It supports multiple signature...

Notation CLI

Notation is the command-line tool that implements the Notary Project specifications for signing and verifying OCI artifacts stored in container registries. It supports signing w...

notation-go Library

notation-go is the official Go library for signing and verifying OCI artifacts using the Notary Project specifications. It provides the programmatic interface used by the Notati...

Notation Plugin Extensibility

The Notation plugin extensibility specification defines the interface that third-party plugins must implement to integrate with Notation for key management, signing, and verific...

Semantic Vocabularies

Notary Context

7 classes · 32 properties

JSON-LD

Resources

🔗
Website
Website
🔗
Documentation
Documentation
🚀
Getting Started
Getting Started
📰
Blog
Blog
💬
FAQ
FAQ
👥
GitHubOrganization
GitHubOrganization
👥
GitHubRepository
GitHubRepository
📄
Change Log
Change Log
🔗
JSONSchema
JSONSchema
🔗
JSONSchema
JSONSchema
🔗
JSONSchema
JSONSchema
🔗
JSONSchema
JSONSchema
🔗
JSON-LD
JSON-LD

Sources

apis.yml Raw ↑ 
aid: notary
name: Notary Project
description: >-
  The Notary Project is a CNCF incubating set of specifications and tools
  for signing and verifying container images and other OCI artifacts. It
  provides Notation, a CLI and library for signing artifacts stored in
  OCI-compliant registries. The project defines standards for signature
  formats, trust policies, and verification workflows to secure software
  supply chains.
url: https://notaryproject.dev
image: https://kinlane-productions2.s3.amazonaws.com/apis-json/apis-json-logo.jpg
tags:
  - Cloud Native
  - Container Security
  - Image Signing
  - Incubating
  - OCI
  - Verification
created: '2026-03-16'
modified: '2026-04-28'
specificationVersion: '0.19'
type: Index
apis:
  - aid: notary:notary-spec
    name: Notary Project Signing Specification
    description: >-
      The Notary Project specification defines the signature envelope format,
      trust store and trust policy for container image signing and verification.
      It supports multiple signature formats and integrates with OCI distribution
      registries for storing signatures alongside container images. The
      specification enables end-to-end supply chain security from build to
      deployment.
    humanURL: https://notaryproject.dev/docs/
    image: https://kinlane-productions2.s3.amazonaws.com/apis-json/apis-json-logo.jpg
    properties:
      - type: Documentation
        url: https://notaryproject.dev/docs/
      - type: Reference
        url: https://github.com/notaryproject/specifications/blob/main/specs/trust-store-trust-policy.md
      - type: GitHubRepository
        url: https://github.com/notaryproject/specifications
      - type: JSONSchema
        url: json-schema/notary-trust-policy-schema.json
      - type: JSONSchema
        url: json-schema/notary-signature-envelope-schema.json
    tags:
      - Signing
      - Specification
      - Verification
  - aid: notary:notation-cli
    name: Notation CLI
    description: >-
      Notation is the command-line tool that implements the Notary Project
      specifications for signing and verifying OCI artifacts stored in
      container registries. It supports signing with certificates stored in
      trust stores, configuring trust policies for verification, and extends
      to third-party key management systems via a plugin model.
    humanURL: https://notaryproject.dev/docs/user-guides/installation/cli/
    image: https://kinlane-productions2.s3.amazonaws.com/apis-json/apis-json-logo.jpg
    properties:
      - type: Documentation
        url: https://notaryproject.dev/docs/user-guides/installation/cli/
      - type: Getting Started
        url: https://notaryproject.dev/docs/user-guides/installation/
      - type: Reference
        url: https://github.com/notaryproject/notation/blob/main/specs/notation-cli.md
      - type: GitHubRepository
        url: https://github.com/notaryproject/notation
      - type: Change Log
        url: https://github.com/notaryproject/notation/releases
    tags:
      - CLI
      - OCI
      - Signing
      - Verification
  - aid: notary:notation-go
    name: notation-go Library
    description: >-
      notation-go is the official Go library for signing and verifying OCI
      artifacts using the Notary Project specifications. It provides the
      programmatic interface used by the Notation CLI and enables Go
      applications to integrate artifact signing and verification into their
      own workflows without invoking the CLI directly.
    humanURL: https://github.com/notaryproject/notation-go
    image: https://kinlane-productions2.s3.amazonaws.com/apis-json/apis-json-logo.jpg
    properties:
      - type: Documentation
        url: https://pkg.go.dev/github.com/notaryproject/notation-go
      - type: GitHubRepository
        url: https://github.com/notaryproject/notation-go
    tags:
      - Client Library
      - Go
      - SDK
      - Signing
  - aid: notary:notation-plugin-framework
    name: Notation Plugin Extensibility
    description: >-
      The Notation plugin extensibility specification defines the interface
      that third-party plugins must implement to integrate with Notation for
      key management, signing, and verification operations. Plugins allow
      Notation to work with hardware security modules, cloud key management
      services, and other external credential systems.
    humanURL: https://github.com/notaryproject/specifications/blob/main/specs/plugin-extensibility.md
    image: https://kinlane-productions2.s3.amazonaws.com/apis-json/apis-json-logo.jpg
    properties:
      - type: Documentation
        url: https://github.com/notaryproject/specifications/blob/main/specs/plugin-extensibility.md
      - type: Reference
        url: https://pkg.go.dev/github.com/notaryproject/notation-plugin-framework-go/plugin
      - type: GitHubRepository
        url: https://github.com/notaryproject/notation-go
      - type: JSONSchema
        url: json-schema/notary-plugin-schema.json
      - type: JSONSchema
        url: json-schema/notary-plugin-protocol-schema.json
    tags:
      - Extensibility
      - Key Management
      - Plugin
      - Signing
common:
  - type: Website
    url: https://notaryproject.dev
  - type: Documentation
    url: https://notaryproject.dev/docs/
  - type: Getting Started
    url: https://notaryproject.dev/docs/user-guides/installation/
  - type: Blog
    url: https://notaryproject.dev/blog/
  - type: FAQ
    url: https://notaryproject.dev/docs/faq/
  - type: GitHubOrganization
    url: https://github.com/notaryproject
  - type: GitHubRepository
    url: https://github.com/notaryproject/notation
  - type: Change Log
    url: https://github.com/notaryproject/notation/releases
  - type: JSONSchema
    url: json-schema/notary-trust-policy-schema.json
  - type: JSONSchema
    url: json-schema/notary-plugin-schema.json
  - type: JSONSchema
    url: json-schema/notary-plugin-protocol-schema.json
  - type: JSONSchema
    url: json-schema/notary-signature-envelope-schema.json
  - type: JSON-LD
    url: json-ld/notary-context.jsonld
maintainers:
  - FN: Kin Lane
    email: [email protected]