connaisseur
An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster (by sse-secure-systems)
notation
A CLI tool to sign and verify artifacts (by notaryproject)
| connaisseur | notation | |
|---|---|---|
| 3 | 7 | |
| 418 | 289 | |
| 0.5% | 1.0% | |
| 9.0 | 8.9 | |
| 6 days ago | 8 days ago | |
| Go | Go | |
| Apache License 2.0 | Apache License 2.0 |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
connaisseur
Posts with mentions or reviews of connaisseur.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-11-16.
-
Container security best practices: Comprehensive guide
We already mentioned Connaisseur Admission Controller as a way to enforce content trust and reject images that are not signed by trusted sources.
- GitHub - sse-secure-systems/connaisseur: An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster
-
Making the Internet more secure one signed container at a time
Admission Controller was based on Connaisseur, heavily modified to work with v2 instead of v1 signatures.
notation
Posts with mentions or reviews of notation.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-11-15.
-
Securing CI/CD Images with Cosign and OPA
Notary v2: The evolution to Notary v2 brought improvements in signature portability and integration with third-party key management solutions. However, it does not provide a certificate authority, leaving public key discovery for open-source image verification as an unresolved issue.
-
Automating Kubernetes Deployments with FluxCD for Patched and Signed Container Images
Notation
-
Level-up Container Security: 4 Open-Source Tools for Secure Software Supply Chain
Notation is another command-line too that lets you digitally sign artifacts. And those signatures essentaily become the stamps of approval for the different things in your software supply chain. For example, container images.
- notaryproject/notation: Notation is a project to add signatures as standard items in the registry ecosystem, and to build a set of simple tooling for signing and verifying these signatures. Based on Notary V2 standard.
-
Getting Started with Notary
Notary is the CNCF project name and is often referenced when referring to the process of signing digital artifacts, but Notation is the command line tool that does the heavy lifting. Run the following commands to install Notation.
- Dagger: a new way to build CI/CD pipelines
-
Making the Internet more secure one signed container at a time
It should be interoperable, that's the goal. I proposed some idea for nv2 here: https://github.com/notaryproject/nv2/issues/39 and here: https://github.com/notaryproject/nv2/issues/40 too.
What are some alternatives?
When comparing connaisseur and notation you can also consider the following projects:
cosign - Code signing and transparency for containers and binaries
gatekeeper - 🐊 Gatekeeper - Policy Controller for Kubernetes
net-monitor - The sample net-monitor software, used as samples in Notary v2 (https://github.com/notaryproject/notaryproject)
enhancements - Enhancements tracking repo for Kubernetes
ratify - Artifact Ratification Framework
gatekeeper-library - 📚 The OPA Gatekeeper policy library
grafeas - Artifact Metadata API
magtape - MagTape Policy-as-Code for Kubernetes
secure-supply-chain-on-aks - Learn how to use open-source tools to secure your container deployments on Azure Kubernetes Service.
cfn_nag - Linting tool for CloudFormation templates
distribution - distribution with reference types
connaisseur vs cosign
notation vs cosign
connaisseur vs gatekeeper
notation vs net-monitor
connaisseur vs enhancements
notation vs ratify
connaisseur vs gatekeeper-library
notation vs grafeas
connaisseur vs magtape
notation vs secure-supply-chain-on-aks
connaisseur vs cfn_nag
notation vs distribution