Quickstarts | Ratify

📄️ Creating Plugins

Ratify supports plugins for stores and verifiers so that users can add capabilities that aren't included in the core application. This document is a guide on creating your own plugins.

📄️ Developer getting started

The intent of this document is to be a high level quick start guide to get up and running quickly. For a more in depth review on configuration please see CONTRIBUTING.MD.

📄️ Gatekeeper Policy Authoring

Ratify can be deployed behind admission

📄️ Manual Quick Start Steps

This document outlines the manual production ready steps to install Ratify with Gatekeeper in admission control scenarios. Please refer to the README.MD for recommended install steps.

📄️ Install Ratify for High Availability

The default Ratify installation relies on a single Ratify pod processing all requests. For higher performance and availability requirements, Ratify can be set to run with multiple replicas and a shared state store.

📄️ Ratify on AWS

This guide will explain how to get up and running with Ratify on AWS using EKS and ECR. This will involve setting up necessary AWS resources, installing necessary components, and configuring them properly. Once everything is set up we will walk through a simple scenario of verifying the signature on a container image at deployment time.

📄️ Ratify on Azure

The signed container images enable users to assure deployments are built from a trusted entity and verify images haven't been tampered with since their creation. The signed image ensures integrity and authenticity before the user pulls an image into any environment and avoid attacks.

📄️ Ratify with AWS Signer

This guide will explain how to get started with Ratify on AWS using EKS, ECR, and AWS Signer. This will involve setting up necessary AWS resources, installing necessary components, and configuring them properly. Once everything is set up we will walk through a simple scenario of verifying the signature on a container image at deployment time.

📄️ Ratify with Venafi CodeSign Protect

This guide will explain how to get started with Ratify and the Venafi CodeSign Protect notation plugin. This will involve setting up the necessary components, and configuring them properly. Once everything is set up we will walk through a simple scenario of verifying the signature on a container image at deployment time.

📄️ Working with SPDX

SPDX is a popular specification for representing software bill of material (SBoM) information. Once an SBoM has been