Data

Tools

Indexes

Applications

Experiments

Packages

An open API service providing package, version and dependency metadata of many open source software ecosystems and registries.

Top 2.8% on proxy.golang.org
Top 1.8% dependent packages on proxy.golang.org
Top 2.3% dependent repos on proxy.golang.org
Top 3.0% forks on proxy.golang.org

proxy.golang.org : github.com/notaryproject/notation

Signing and verifying artifacts. Safeguarding the software delivery security from development to deployment.

Registry - Source - Documentation - JSON
purl: pkg:golang/github.com/notaryproject/notation
Keywords: cloud-native , cncf , container , kubernetes , sign
License: Apache-2.0
Latest release: about 1 month ago
First release: over 3 years ago
Namespace: github.com/notaryproject
Dependent packages: 7
Dependent repositories: 5
Stars: 147 on GitHub
Forks: 68 on GitHub
Docker dependents: 1
Docker downloads: 32,648
See more repository details: repos.ecosyste.ms
Last synced: 4 days ago

Moderate
GSA_kwCzR0hTQS01N3d4LW02MzYtZzNnOM4AA4lw
Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry
Ecosystems: go
Packages: github.com/notaryproject/notation
Source: github
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05bTN2LXY0cjUtcHB4N84AAzr2
Notation vulnerable to denial of service from high number of artifact signatures
Ecosystems: go
Packages: github.com/notaryproject/notation
Source: github
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1ydnJ4LXJyd2gtcjlwNs4AAzr3
Notation's default `maxSignatureAttempts` in `notation verify` enables an endless data attack
Ecosystems: go
Packages: github.com/notaryproject/notation
Source: github
Published: almost 2 years ago