Note
Repository Service for TUF is a work in progress. As of June 2023 RSTUF is considered beta - use with caution.
Please reference the The RSTUF ROADMAP for feature and functionality plans.
TUF is easily implemented on the client side utilizing powerful TUF client libraries.
Some RSTUF use case examples include but are not limited to:
- An organization has a live "Software Updater". This "Software Updater" uses TUF to download, install and update software artifacts.
- An organization distributes documents. The reader uses TUF to fetch documents submitted by a trusted source.
- An organization owns a private container image registry and uses TUF in the CI/CD to deploy computing trusted images at the edge .
- An organization with many Operational Technology (OT) devices in different plants uses TUF clients to fetch firmware, software, and projects from a distributed artifact repository.
- Web portal, which uses TUF to list all artifacts from a content repository and render as a Web UI, the user to download using a web browser.
The Update Framework is a software framework designed to protect mechanisms that automatically identify and download updates to software. TUF uses a series of roles and keys to provide a means to retain security, even when some keys or servers are compromised.1 TUF
TUF provides a flexible framework and specification that developers can adopt and an excellent Python Library (python-tuf) that provides two APIs for low-level Metadata management and client implementation.
Implementing TUF requires sufficient knowledge of TUF to design how to integrate the framework into a repository and hours of engineering work to implement.
RSTUF was born as a consequence of working on implementing PEP 458 in the Warehouse project, which powers the2 Python Package Index (PyPI).
Due to combined experience with the complexity and fragility of deep integration into an intricate platform, the designing of how to implement a flexible, reusable TUF platform to integrate into different flows and infrastructures began.
Repository Service for TUF aims to be an easy-to-use tool for Developers, DevOps, and DevOpsSec teams working on the delivery process.
guide/index devel/index