notaryproject/ratify v1.0.0-rc.4

on GitHub

New Features

• Introducing new dependency metrics
  • Adds metrics and supporting dashboards for registry requests, blob cache hit, AAD exchange duration, ACR Exchange duration, and AKV cert fetch duration. More information can be found here.
• Introducing support for multiple signature report in verifier report for Cosign
  • Cosign allows for multiple signatures to be attached as layers in a single OCI Image. Ratify now provides support to bubble up failures/successes per signature layer.
  • More information can be found here.
• Introducing fixes for ECR Basic Auth registry parse and new notation plugin manager for use with the notation verifier
  • Adds a new plugin manager that can be used with the Notation verifier. It allows users to download notation plugins through the ratify Dynamic Plugins feature to use in verification.
  • Fix an issue with ECR basic auth when downloading objects through the Dynamic Plugins feature.
  • More information can be found here.
• Introducing pre-install hook for Ratify CRs
  • Add pre-install hook to CR templates so that they can skip rendering and only be installed after CRDs are updated.

Documentation

• docs: add cache doc by @akashsinghal in #786
• docs: Update AWS docs to reference notation and IRSA by @byronchien in #824
• docs: Add new notation-validation sample policy by @byronchien in #823

Tests

CLI

• Verifier Scenarios
  • Notation v2
  • Cosign
    • Keyed
    • Keyless
  • SBOM
  • License Checker
  • JSON Schema Validation
  • All verifier types in one
• Dynamic OCI Plugins
  • Verifier Plugin
  • Store Plugin
• OCI 1.0 spec compatability test

Kubernetes

• Verifier Scenarios
  • Notation v2
  • Cosign
  • SBOM
  • License Checker
  • JSON Schema Validation
  • All verifier types in one
• ORAS Store Authentication Providers
  • Docker
  • Kubernetes Secrets
  • Azure Workload Identity
  • Azure Managed Identity
• Certificate Store Providers
  • Inline Certificate
  • Azure Key Vault Certificate
• Mutation Provider
• Dynamic OCI Plugins
  • Verifier Plugin
• CertifacteProvider CRD Status

Bug Fixes

• fix: update notation plugin manager directory by @akashsinghal in #815

Changelog

• feat: add pre-install hook to Ratify CRs by @binbin-li in #772
• chore: Bump github/codeql-action from 2.2.11 to 2.2.12 by @dependabot in #776
• chore: Bump k8s.io/apimachinery from 0.24.12 to 0.24.13 by @dependabot in #782
• chore: Bump github.com/aws/aws-sdk-go-v2/credentials from 1.13.19 to 1.13.20 by @dependabot in #781
• chore: Bump k8s.io/client-go from 0.24.12 to 0.24.13 by @dependabot in #778
• chore: Bump github.com/aws/aws-sdk-go-v2/config from 1.18.20 to 1.18.21 by @dependabot in #780
• ci: enforce semantic title on PR by @binbin-li in #783
• docs: update community meeting schedule by @akashsinghal in #785
• feat: add dependency metrics by @akashsinghal in #774
• feat: add multi signature report in verifier report for cosign by @akashsinghal in #784
• docs: add cache doc by @akashsinghal in #786
• chore: Bump github.com/docker/cli from 23.0.3+incompatible to 23.0.4+incompatible by @dependabot in #793
• chore: Bump github/codeql-action from 2.2.12 to 2.3.0 by @dependabot in #792
• chore: Bump github.com/notaryproject/notation-go from 1.0.0-rc.3 to 1.0.0-rc.4 by @dependabot in #794
• ci: Harden GitHub Actions by @step-security-bot in #797
• chore: Bump actions/checkout from 3.1.0 to 3.5.2 by @dependabot in #800
• chore: Bump github/codeql-action from 2.3.0 to 2.3.1 by @dependabot in #801
• chore: Bump github/codeql-action from 2.3.1 to 2.3.2 by @dependabot in #802
• chore: Bump github.com/aws/aws-sdk-go-v2/config from 1.18.21 to 1.18.22 by @dependabot in #807
• chore: Bump github.com/Azure/go-autorest/autorest from 0.11.28 to 0.11.29 by @dependabot in #806
• chore: Bump github.com/docker/cli from 23.0.4+incompatible to 23.0.5+incompatible by @dependabot in #808
• feat: ECR basic auth registry parse and add notation plugin manager by @byronchien in #804
• chore: Bump github/codeql-action from 2.3.2 to 2.3.3 by @dependabot in #813
• chore: Bump actions/upload-artifact from 3.1.0 to 3.1.2 by @dependabot in #814
• chore: Bump github.com/aws/aws-sdk-go-v2/config from 1.18.22 to 1.18.23 by @dependabot in #816
• fix: update notation plugin manager directory by @akashsinghal in #815
• chore: Bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible by @dependabot in #822
• docs: Update AWS docs to reference notation and IRSA by @byronchien in #824
• docs: Add new notation-validation sample policy by @byronchien in #823
• chore: prepare chart for rc4 release by @akashsinghal in #825

New Contributors

• @byronchien made their first contribution in #804

Full Changelog: v1.0.0-rc.3...v1.0.0-rc.4