v1.0.0-rc.1

New Features

• Introduce new certificate store and CRD definition

  • A certificate store resource defines the list of certificate to fetch from a provider. You can find more about certificate stores including a sample notary verifier with certificate stores defined here.

• Introduce new Ratify server endpoint and accompanying functionality for a tag to digest external data provider

  • This service endpoint returns resolved digests of any tag provided in the request. Find the design doc here.

• Introduce new request cache lock to enable processing verification once per subject in case of concurrent requests

  • Verification results are cached with a 5 min TTL and refreshed if the cache entry is expired at read time.

• Introduce new cache layer to the ORAS store API to avoid lots of same requests to remote registry at the same time

  • Add cache layer to the ListReferrers ORAS store API with configurable TTL.

• Introduce new configurable logging level

  • Implements configurable log levels via RATIFY_LOG_LEVEL, with the default to the current INFO level. Find the valid options here.

Bug Fixes

• fix: update chart value for keyvault provider by @susanshi in #586
• fix: store crd chart missing managedIdentity oras authprovider by @fseldow in #543
• fix: notice file name for component governance by @sajayantony in #482

Tests

CLI

• Verifier Scenarios
  • Notation v2
  • Cosign
  • SBOM
  • License Checker
  • JSON Schema Validation
  • All verifier types in one

Kubernetes

• Verifier Scenarios
  • Notation v2
  • Cosign
  • SBOM
  • License Checker
  • JSON Schema Validation
  • All verifier types in one
• ORAS Store Authentication Providers
  • Docker
  • Kubernetes Secrets
  • Azure Workload Identity
  • Azure Managed Identity
• Mutation Provider

Detailed Commits

• Added notes for 2022-jan to 2022-jun by @sajayantony in #476
• chore: bump github/codeql-action from 2.1.35 to 2.1.36 by @dependabot in #479
• chore: update pull request template by @aramase in #484
• fix: notice file name for component governance by @sajayantony in #482
• chore: Bump k8s.io/client-go from 0.24.8 to 0.24.9 by @dependabot in #487
• ci: add semantic.yml by @aramase in #483
• Update devcontainer for latest Ratify by @noelbundick-msft in #491
• update document of oras auth provider for azure managed identity by @fseldow in #427
• chore: add gh issue template by @aramase in #486
• chore: Bump goreleaser/goreleaser-action from 3 to 4 by @dependabot in #495
• Enable verifier plugins to work with store plugins by @noelbundick-msft in #493
• chore: go fmt by @noelbundick-msft in #497
• Adds initial docs for creating plugins by @noelbundick-msft in #496
• Remove executionMode (passthrough mode) by @noelbundick-msft in #494
• chore: Bump github/codeql-action from 2.1.36 to 2.1.37 by @dependabot in #500
• chore: Bump ossf/scorecard-action from 2.0.6 to 2.1.0 by @dependabot in #501
• Add configurable logging level by @noelbundick-msft in #498
• chore: Bump oras.land/oras-go/v2 from 2.0.0-rc.5 to 2.0.0-rc.6 by @dependabot in #514
• chore: Bump github.com/Azure/azure-sdk-for-go from 67.1.0+incompatible to 67.2.0+incompatible by @dependabot in #512
• chore: add log level toggle to helm chart by @akashsinghal in #506
• chore: Bump github.com/docker/cli from 20.10.21+incompatible to 20.10.22+incompatible by @dependabot in #513
• chore: Bump github.com/aws/aws-sdk-go-v2/credentials from 1.13.4 to 1.13.5 by @dependabot in #511
• ci: remove markdown file bypass by @akashsinghal in #516
• Update quick start to latest image by @susanshi in #477
• chore: Bump ossf/scorecard-action from 2.1.0 to 2.1.1 by @dependabot in #517
• chore: Bump ossf/scorecard-action from 2.1.1 to 2.1.2 by @dependabot in #522
• chore: Bump github.com/aws/aws-sdk-go-v2/config from 1.18.4 to 1.18.7 by @dependabot in #524
• perf: add http retry client by @akashsinghal in #505
• pin GK to 3.10.0 until breaking changes are merged in and addressed by @mluker in #540
• chore: Bump github.com/hashicorp/go-retryablehttp from 0.7.1 to 0.7.2 by @dependabot in #532
• chore: Bump github.com/aws/aws-sdk-go-v2/credentials from 1.13.7 to 1.13.8 by @dependabot in #533
• chore: Bump github.com/aws/aws-sdk-go-v2/config from 1.18.7 to 1.18.8 by @dependabot in #534
• feat: add annotation of configmap/secret hash to ratify pod by @HDYA in #509
• docs: Added meeting notes for 2022-Dec by @sajayantony in #541
• Added maintainers for the Ratify project by @sajayantony in #537
• fix: store crd chart missing managedIdentity oras authprovider by @fseldow in #543
• feat: add JSON schema validator by @mluker in #527
• refactor: Move authprovider to pkg/common/oras by @noelbundick-msft in #520
• Add feature flag support by @noelbundick-msft in #544
• chore: Bump github/codeql-action from 2.1.37 to 2.1.38 by @dependabot in #549
• ci: enable linting with golangci-lint by @aramase in #547
• ci: add gatekeeper version matrix by @binbin-li in #530
• chore: Bump github.com/Azure/azure-sdk-for-go from 67.2.0+incompatible to 67.3.0+incompatible by @dependabot in #551
• chore: enable unused, whitespace linters and fix errors by @aramase in #548
• docs: verify azure cmd doc updates by @joshuaphelpsms in #545
• docs: cheatsheet to get up and running quicker by @mluker in #550
• chore: enable more linters and fix errors (part 2) by @aramase in #552

New Contributors

• @HDYA made their first contribution in #509

Full Changelog: v1.0.0-beta.2...v1.0.0-rc.1