Skip to content

Support formatted output of Notation CLI #1228

New issue
New issue
Open
0 of 2 issues completed
Open
Support formatted output of Notation CLI#1228
0 of 2 issues completed
Labels
enhancementNew feature or request
Milestone
Future
@FeynmanZhou

Description

@FeynmanZhou
FeynmanZhou
opened on Mar 17, 2025

Is your feature request related to a problem?

Currently, Notation outputs human-readable text, which is not ideal for automation. Many users integrate Notation into CI/CD pipelines, security enforcement tools, and custom scripts.

This feature request has been asked by the community such as #96 and #455

What solution do you propose?

I would like to propose adding formatted output support to Notation to enhance its usability in scripting and automation scenarios. By supporting structured output formats such as JSON, users can programmatically parse and consume Notation command results in a consistent manner.

By introducing formatted output, we aim to:

  • Enable seamless integration with automation tools.
  • Improve parsing reliability by providing structured output.
  • Standardize output formats to align with cloud-native tooling best practices.

Scenarios

As a DevOps Engineer, I want to retrieve Notation command results in JSON format. So that I can integrate Notation with my automation scripts and CI/CD pipelines.

As a Security Engineer, I want to programmatically analyze Notation verification results. So that I can enforce security policies based on signature validation outcomes.

Brainstorming on open questions

  • Identify which notation command should provide formatted output?
  • Which data format (json, tree, table, go-template, etc.) should notation commands support?
  • The priorities of supporting formatted output in each notation command?

notation blob (experimental)

notation blob inspect
notation blob policy
notation blob sign
notation blob verify

notation sign

These fields are suggested to be outputed in notation sign:

  • artifact-reference
  • signature-reference
  • referrers-type: reffers-api/referrers-tag-schema
  • timestamp

notation verify

These fields are suggested to be outputed in notation verify:

  • artifact-reference
  • signature-reference
  • user-metadata

notation inspect

Note: When there are multiple signatures of an artifact, notation inspect show the metadata of multiple signatures as a whole. It does not support inspect a single signature)

These fields are suggested to be outputed in notation verify:

  • raw JSON format
  • go-template

notation key

notation key add
notation key delete
notation key list
notation key update

notation certificate

notation certificate add
notation certificate delete
notation certificate generate-test
notation certificate list
notation certificate show

notation list

notation list

notation login

notation login

notation logout

notation logout

notation plugin

notation plugin list

notation policy

notation policy import
notation policy show

What alternatives have you considered?

N/A

Any additional context?

No response

Sub-issues

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    Notary Project Planning Board

    Status

    Todo

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions