Docker
notation
Docker | notation | |
---|---|---|
4 | 7 | |
3,177 | 289 | |
0.2% | 1.0% | |
2.5 | 8.9 | |
18 days ago | 9 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Docker
-
Dagger: a new way to build CI/CD pipelines
I'm not touching anything Docker anymore.
Here's the scenario: you're the unfortunate soul who received the first M1 as a new employee, and nothing Docker-related works. Cue multi-arch builds; what a rotten mess. I spent more than a week figuring out the careful orchestration that any build involving `docker manifest` needs. If you aren't within the very fine line that buildx assumes, good luck pal. How long has `docker manifest` been "experimental?" It's abandonware.
Then I decided it would be smart to point out that we don't sign our images, and so I had to figure out how to combine the `docker manifest` mess with `docker trust`, another piece of abandonware. Eventually I figured out that the way to do it was with notary[1], another (poorly documented) piece of abandonware. The new shiny thing is notation[2], which does exactly the same thing, but is nowhere near complete.
At least Google clearly signals that they are killing something, Docker just lets projects go quiet.
How long before this project lands up like the rest of them? Coincidentally, we were talking about decoupling our CI from proprietary CI, seeing this was a rollercoaster of emotions.
[1]: https://github.com/notaryproject/notary
- Notary
- Notary is a project that allows anyone to have trust over arbitrary collections of data
notation
-
Securing CI/CD Images with Cosign and OPA
Notary v2: The evolution to Notary v2 brought improvements in signature portability and integration with third-party key management solutions. However, it does not provide a certificate authority, leaving public key discovery for open-source image verification as an unresolved issue.
-
Automating Kubernetes Deployments with FluxCD for Patched and Signed Container Images
Notation
-
Level-up Container Security: 4 Open-Source Tools for Secure Software Supply Chain
Notation is another command-line too that lets you digitally sign artifacts. And those signatures essentaily become the stamps of approval for the different things in your software supply chain. For example, container images.
- notaryproject/notation: Notation is a project to add signatures as standard items in the registry ecosystem, and to build a set of simple tooling for signing and verifying these signatures. Based on Notary V2 standard.
-
Getting Started with Notary
Notary is the CNCF project name and is often referenced when referring to the process of signing digital artifacts, but Notation is the command line tool that does the heavy lifting. Run the following commands to install Notation.
- Dagger: a new way to build CI/CD pipelines
-
Making the Internet more secure one signed container at a time
It should be interoperable, that's the goal. I proposed some idea for nv2 here: https://github.com/notaryproject/nv2/issues/39 and here: https://github.com/notaryproject/nv2/issues/40 too.
What are some alternatives?
Postman - CLI tool for batch-sending email via any SMTP server.
cosign - Code signing and transparency for containers and binaries
snap - The open telemetry framework
net-monitor - The sample net-monitor software, used as samples in Notary v2 (https://github.com/notaryproject/notaryproject)
Juju - Orchestration engine that enables the deployment, integration and lifecycle management of applications at any scale, on any infrastructure (Kubernetes or otherwise).
ratify - Artifact Ratification Framework
Seaweed File System - SeaweedFS is a fast distributed storage system for blobs, objects, files, and data lake, for billions of files! Blob store has O(1) disk seek, cloud tiering. Filer supports Cloud Drive, cross-DC active-active replication, Kubernetes, POSIX FUSE mount, S3 API, S3 Gateway, Hadoop, WebDAV, encryption, Erasure Coding. [Moved to: https://github.com/seaweedfs/seaweedfs]
grafeas - Artifact Metadata API
Dokku - A docker-powered PaaS that helps you build and manage the lifecycle of applications
secure-supply-chain-on-aks - Learn how to use open-source tools to secure your container deployments on Azure Kubernetes Service.
Documize - Modern Confluence alternative designed for internal & external docs, built with Go + EmberJS
distribution - distribution with reference types