notation
cue
Our great sponsors
notation | cue | |
---|---|---|
7 | 108 | |
289 | 4,754 | |
6.6% | 2.3% | |
8.9 | 9.7 | |
6 days ago | 5 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
notation
-
Securing CI/CD Images with Cosign and OPA
Notary v2: The evolution to Notary v2 brought improvements in signature portability and integration with third-party key management solutions. However, it does not provide a certificate authority, leaving public key discovery for open-source image verification as an unresolved issue.
-
Automating Kubernetes Deployments with FluxCD for Patched and Signed Container Images
Notation
-
Level-up Container Security: 4 Open-Source Tools for Secure Software Supply Chain
Notation is another command-line too that lets you digitally sign artifacts. And those signatures essentaily become the stamps of approval for the different things in your software supply chain. For example, container images.
- notaryproject/notation: Notation is a project to add signatures as standard items in the registry ecosystem, and to build a set of simple tooling for signing and verifying these signatures. Based on Notary V2 standard.
-
Getting Started with Notary
Notary is the CNCF project name and is often referenced when referring to the process of signing digital artifacts, but Notation is the command line tool that does the heavy lifting. Run the following commands to install Notation.
- Dagger: a new way to build CI/CD pipelines
-
Making the Internet more secure one signed container at a time
It should be interoperable, that's the goal. I proposed some idea for nv2 here: https://github.com/notaryproject/nv2/issues/39 and here: https://github.com/notaryproject/nv2/issues/40 too.
cue
-
Show HN: Workout Tracker – self-hosted, single binary web application
Where `kube.cue` sets reasonable defaults (e.g. image is /). The "cluster" runs on a mini PC in my basement, and I have a small Digital Ocean VM with a static IP acting as an ingress (networking via Tailscale). Backups to cloud storage with restic, alerting/monitoring with Prometheus/Grafana, Caddy/Tailscale for local ingress.
[1] https://www.talos.dev/
[2] https://cuelang.org/
-
Apple releases Pkl – onfiguration as code language
I've been somewhat surprised that CUE bills itself as "tooling friendly" and doesn't yet have a language server- the number one bit of tooling most devs use for a particular language.
I'm assuming it's becaus CUE is still unstable?
Anyway, if others are interested in CUE's LSP work, I think https://github.com/cue-lang/cue/issues/142 is the issue to subscribe to
-
Why the fuck are we templating YAML? (2019)
This is where I usually pitch in with "Have your heard of CUELang, our lord and savior?": https://cuelang.org/
- Not turing complete
-
10 Ways for Kubernetes Declarative Configuration Management
CUE: The core problem CUE solves is "type checking", which is mainly used in configuration constraint verification scenarios and simple cloud native configuration scenarios.
-
Lua is a viable alternative for JSON
If you really want executable configurations please consider a newer language like https://dascript.org or https://cuelang.org which provide better type safety.
1- https://news.ycombinator.com/item?id=38030778
-
Writerside – a new technical writing environment from JetBrains
Markdown and XML are nice, but what about more advanced documentation formats like OpenAPI? For one recent project, I set up automatic generation of the OpenAPI docs from (much more compact and flexible) CUE definitions (https://cuelang.org/) - which has the bonus of also being able to test the API against the definitions. JetBrains has a CUE plugin, but it's really barebones (doesn't even support jumping from the usage of a schema to its definition). Of course the possibilities when generating docs are endless (just think of the various syntaxes for doc comments, embedding examples/tests in source code etc.)...
-
Show HN: Config-file-validator – CLI tool to validate all your config files
It doesn't include validators for TOML and INI, but if you're doing JSON and YAML, I would take a look at using or building upon CUE (https://cuelang.org/). It is a different take on schema definition (plus more), and is surprising terse and powerful model.
- That's a Lot of YAML
- An INI Critique of TOML
- What Is Wrong with TOML?
What are some alternatives?
cosign - Code signing and transparency for containers and binaries
dhall-lang - Maintainable configuration files
net-monitor - The sample net-monitor software, used as samples in Notary v2 (https://github.com/notaryproject/notaryproject)
jsonnet - Jsonnet - The data templating language
ratify - Artifact Ratification Framework
terraform - Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
grafeas - Artifact Metadata API
starlark-rust - A Rust implementation of the Starlark language
secure-supply-chain-on-aks - Learn how to use open-source tools to secure your container deployments on Azure Kubernetes Service.
Protobuf - Protocol Buffers - Google's data interchange format
distribution - distribution with reference types
jsonnet-libs - Grafana Labs' Jsonnet libraries