Enable javascript in your browser for better experience. Need to know to enable it? Go here.
Menu
Close
Tools Back
Published : Nov 20, 2019
NOT ON THE CURRENT EDITION
This blip is not on the current edition of the Radar. If it was on one of the last few editions, it is likely that it is still relevant. If the blip is older, it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the Radar. Understand more
Nov 2019
Assess ?

Docker Notary is an OSS tool that enables signing of assets such as images, files and containers. This means that the provenance of assets can be asserted which is superuseful in regulated environments and better practice everywhere. As an example, when a container is created, it's signed by a private key and a hash, tied to the publisher's identity, stored as metadata. Once published, the provenance of the container (or other asset) can be checked using the image hash and the publisher's public key. There are publicly available, trusted registries such as the Docker Trusted Registry, but it's also possible to run your own. Our teams have reported some spiky edges running local Notary servers and suggest using a registry that includes Notary where possible.

Download the PDF

 

 

English | Español | Português | 中文

Sign up for the Technology Radar newsletter

 

Subscribe now

Visit our archive to read previous volumes

Go to archive