You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

proxy-git.cwkhome.fun/notaryproject/ratify

Package Overview
Dependencies
Alerts
File Explorer
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

proxy-git.cwkhome.fun/notaryproject/ratify

v1.4.0
Go
Version published
Created
Source

Ratify

Is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies you create.

Go Report Card build-pr OpenSSF Scorecard OpenSSF Best Practices Go Reference codecov

Table of Contents

Quick Start

Please see Ratify website for a quick start demo.

Community meetings

  • Agenda: https://hackmd.io/ABueHjizRz2iFQpWnQrnNA
  • We hold a weekly Ratify community meeting on Thurs 12:00 - 1:00 AM (UTC)
    Get Ratify Community Meeting Calendar here
  • We meet regularly to discuss and prioritize issues. The meeting may get cancelled due to holidays, all cancellation will be posted to meeting notes prior to the meeting.
  • Reach out on Slack at cloud-native.slack.com#ratify. If you're not already a member of cloud-native slack channel, first add yourself here.

Pull Request Review Series

  • We hold a weekly Ratify Pull Request Review Series on Mondays 5-6 pm PST.
  • People are able to use this time to walk through any Pull Requests and seek feedback from others in the Community. If there are no PR to review, the meeting will be cancelled during that week.
  • Reach out on Slack if you want to reserve a session for review or during our weekly community meetings.

Documents

Please see the Ratify website for more in-depth information.

Meeting notes for weekly project syncs can be found here.

The Ratify community documents can be found in the repository .github.

Code of Conduct

Ratify follows the CNCF Code of Conduct.

Project Governance

The Ratify project governance can be found here.

Release Management

The Ratify release process is defined in RELEASES.md.

Licensing

This project is released under the Apache-2.0 License.

Trademark

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.

FAQs

Package last updated on 30 Jan 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

npm Adopts OIDC for Trusted Publishing in CI/CD Workflows

Security News

npm Adopts OIDC for Trusted Publishing in CI/CD Workflows

npm now supports Trusted Publishing with OIDC, enabling secure package publishing directly from CI/CD workflows without relying on long-lived tokens.

By Sarah Gooding  -  Aug 08, 2025
60 Malicious Ruby Gems Used in Targeted Credential Theft Campaign

Research

/

Security News

60 Malicious Ruby Gems Used in Targeted Credential Theft Campaign

A RubyGems malware campaign used 60 malicious packages posing as automation tools to steal credentials from social media and marketing tool users.

By Kirill Boychenko  -  Aug 07, 2025
SocketSocket SOC 2 Logo

Product

About

Packages

Explore npm
Explore Cargo
Explore Go
Explore Maven
Explore NuGet
Explore PyPI
Explore Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc

U.S. Patent No. 12,346,443 & 12,314,394. Other pending.