Introducing RSTUF (Repository Service for TUF) Beta Release!
We’re thrilled to announce the availability of RSTUF, an innovative open source project designed to simplify and enhance secure content distribution.
Securing software repositories is crucial to protect against supply chain attacks and tampering.
The Update Framework (TUF) addresses this challenge by providing a robust framework for secure repository management. However, implementing TUF repositories can be complex and time-consuming. That’s where RSTUF comes in. RSTUF simplifies the implementation process, allowing developers and organizations to easily adopt and benefit from the security advantages offered by TUF.
RSTUF highlights
- Deploy RSTUF on premises or on cloud (public or private)
- Language agnostic, the integration is done by REST API calls.
- Artifact agnostic, any kind of content download can be protected, such as software packages, documents, images, etc.
- RSTUF resides along existing content repository and release process, simplifying the TUF adoption
Beta release features:
- Guided process to bootstrap TUF Metadata
- Import existing artifacts to the new TUF Metadata
- Add or remove artifacts to TUF metadata using the REST API
- Key rotation/revocation at scale
- Key generation
Coming soon:
- Distributed Asynchronous Signing
- Custom Delegations
- Cloud KeyVault (AWS, Google, Hashicorp) to store online keys
- Cloud Storage (AWS, Google) to store the metadata
Stay tuned to the Open Source Blog and follow us on Twitter for more deep dives into the world of open source contributing.
