# Install notation

CLI tool to sign and verify OCI artifacts and container images. Version 1.3.2 via Homebrew; verified from local package data.

## Install

```sh
sudo av install brew:notation
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install notation
```

  Evidence: local Homebrew formula metadata

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#notation
```

  Evidence: nixpkgs package indexes: pkgs/by-name/no/notation/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

### Windows

- winget (92%):

```sh
winget install --id NotaryProject.Notation -e
```

  Evidence: Windows Package Manager source index: NotaryProject.Notation from https://cdn.winget.microsoft.com/cache/source.msix

## Package Facts

- **Package key:** brew:notation
- **Package manager:** Homebrew
- **Package manager URL:** <https://formulae.brew.sh/formula/notation>
- **Version:** 1.3.2
- **Source summary:** CLI tool to sign and verify OCI artifacts and container images
- **Homepage:** <https://notaryproject.dev/>
- **Repository:** <https://github.com/notaryproject/notation>
- **Upstream docs:** <https://github.com/notaryproject/notation#readme>
- **License:** Apache-2.0
- **Source archive:** <https://github.com/notaryproject/notation/archive/refs/tags/v1.3.2.tar.gz>
- **Generated:** 2026-06-10T07:18:26+00:00

## Executables

- notation (cli)
- notation (alias)

## Build Dependencies

- go

## Install Behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-06-10
- Package-manager version: 1.3.2
- Local data status: ok
- Upstream repository: https://github.com/notaryproject/notation
- Upstream latest detected: v1.3.2 (current)
- info: No package-manager update timestamp was available.

## Sicherheitshinweise

broad file, network, media, or database tool signal. infrastructure mutation or orchestration signal.

- **Geiger risk:** orange / medium
- broad file, network, media, or database tool signal
- infrastructure mutation or orchestration signal

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** notation
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Nix - notation: normalized package name match | nixpkgs package indexes: pkgs/by-name/no/notation/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- winget - NotaryProject.Notation: normalized package name match | Windows Package Manager source index: NotaryProject.Notation from https://cdn.winget.microsoft.com/cache/source.msix


## Related Links

- [Cloud CLI packages](https://www.automicvault.com/de/pkg/cloud-clis/) - Belongs to a cloud or infrastructure command family.
- [Secret-risk packages](https://www.automicvault.com/de/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/de/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/de/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [go](https://www.automicvault.com/de/pkg/brew/go/) - Build dependency declared by Homebrew.
- [cosign](https://www.automicvault.com/de/pkg/brew/cosign/) - Shares av.db curated category or tags: cli, security, software-supply-chain, supply-chain-security.
- [safety](https://www.automicvault.com/de/pkg/brew/safety/) - Shares av.db curated category or tags: cli, security, software-supply-chain, supply-chain-security.
- [sigstore](https://www.automicvault.com/de/pkg/brew/sigstore/) - Shares av.db curated category or tags: cli, security, software-supply-chain, supply-chain-security.
- [rekor-cli](https://www.automicvault.com/de/pkg/brew/rekor-cli/) - Shares av.db curated category or tags: cli, security, software-supply-chain, supply-chain-security.
- [poutine](https://www.automicvault.com/de/pkg/brew/poutine/) - Shares av.db curated category or tags: cli, security, software-supply-chain, supply-chain-security.
- [gitsign](https://www.automicvault.com/de/pkg/brew/gitsign/) - Shares av.db curated category or tags: cli, security, signing, software-supply-chain, supply-chain-security.
- [gittuf](https://www.automicvault.com/de/pkg/brew/gittuf/) - Shares av.db curated category or tags: cli, security, software-supply-chain, supply-chain-security.
- [syft](https://www.automicvault.com/de/pkg/brew/syft/) - Shares av.db curated category or tags: cli, security, software-supply-chain.
- [cdxgen](https://www.automicvault.com/de/pkg/brew/cdxgen/) - Security-sensitive metadata or terminology overlaps. Shared terms: chain, cli, security, sign, software-supply-chain.

## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph