ratify
« Back to VersTracker
Description:
Artifact Ratification Framework
Type: Formula  |  Latest Version: 1.4.0@0  |  Tracked Since: Dec 27, 2025
Links: Homepage  |  formulae.brew.sh
Category: Security
Tags: security supply-chain containers verification devops
Install: brew install ratify
About:
Ratify is a framework for verifying and attesting to the integrity and provenance of software artifacts. It provides a pluggable architecture to support multiple verification and attestation formats, enabling secure supply chain workflows. Its main value is in ensuring that only trusted, properly signed artifacts are deployed in containerized environments.
Key Features:
  • Pluggable architecture for verification and attestation
  • Support for multiple signature and attestation formats
  • Integration with OCI registries and artifact stores
  • Policy-based evaluation of artifact trust
  • Extensible through custom providers and executors
Use Cases:
  • Verifying container image signatures before deployment
  • Enforcing supply chain security policies in CI/CD pipelines
  • Validating artifact provenance in artifact registries
Alternatives:
  • cosign – Cosign focuses primarily on signing and verifying container images, while Ratify is a broader framework supporting multiple attestation types and pluggable policies.
  • notary – Notary is for signing and verifying trusted collections, whereas Ratify offers a more extensible, policy-driven framework for general artifact ratification.
Version History
Detected Version Rev Change Commit
Dec 27, 2025 5:16pm 1.4.0 0 VERSION_BUMP d642767d
Oct 9, 2025 8:07pm 0 VERSION_BUMP f57696c0
Sep 15, 2025 8:39pm 0 VERSION_BUMP 38f5e4b2
Dec 29, 2024 3:51am 0 VERSION_BUMP d2080bf1
Dec 28, 2024 6:24pm 0 NEW 8e9bee25
« Back to VersTracker  |  Browse Packages  |  About