Notation CLI

by Notary Projectv1.3.2

Last updated Jun 8, 2026

A tool to sign and verify artifacts

Install with winget

$ winget install --id NotaryProject.Notation --exact --version 1.3.2

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

Installers · v1.3.2

Architecture	Type	Scope	Install	Download
x64	ZIP archive	-		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

6 known CVEs via NVD

low3.3Patched in wingetCVE-2024-51491affects before 1.3.0Jan 13, 2025
notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List (CRL) based revocation check feature. After retrieving the C...
Patch
medium4.0Patched in wingetCVE-2024-23332Jan 19, 2024
The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. An external actor with control of a compromised container registry can provide o...
Patch Vendor advisory
high8.3Patched in wingetCVE-2023-33959affects before 1.0.0Jun 6, 2023
notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-...
Vendor advisory
medium5.4Patched in wingetCVE-2023-33958affects before 1.0.0Jun 6, 2023
notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the sam...
Vendor advisory
low2.6Patched in wingetCVE-2023-33957affects before 1.0.0Jun 6, 2023
notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation inspect command on the sa...
Patch Vendor advisory
high7.5Patched in wingetCVE-2023-25656affects v0.7.0Feb 20, 2023
notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus a...
Vendor advisory

Source: NVD, updated just now. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Related apps

Gpg4winThe Gpg4win Project
GnuPG.Gpg4winv5.0.2
A secure solution for file and email encryption.
MobiPDFMobiSystems, Inc.
MobiSystems.MobiPDFv11.40.15506.0
PDF editor for viewing, editing, filling, signing, and converting PDFs
CloudShow LauncherBinary Fortress Software
BinaryFortress.CloudShowv6.8.2.0
Turn any screen into a digital sign in minutes with CloudShow.
eID softwareRIA
RIA.eIDsoftwarev26.4.20.8412
Use your ID-card electronically, digitally sign documents and encrypt documents for safe transfer.
Gpg4win (Beta)The Gpg4win Project
GnuPG.Gpg4win.Betav5.0.0-beta395
A secure solution for file and email encryption.
GNU Privacy GuardThe GnuPG Project
GnuPG.GnuPGv2.5.20
GNU Privacy Guard (GnuPG or GPG) is a free-software replacement for Symantec's PGP cryptographic software suite.

More from Notary Project or browse notation, sign, verify.

Frequently asked questions

How do I install Notation CLI on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id NotaryProject.Notation --exact --version 1.3.2. winget downloads the installer from Notary Project and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install Notation CLI silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id NotaryProject.Notation --exact 1.3.2 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

How do I uninstall Notation CLI via winget?

Run: winget uninstall --id NotaryProject.Notation --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from Notation CLI's Apps & Features entry.

Is Notation CLI free?

Notation CLI is distributed under Apache-2.0. Refer to the publisher (https://notaryproject.dev/) for the full license terms - Wingetly itself does not charge for installation.

Does Notation CLI work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls Notation CLI directly from the publisher.

How do I keep Notation CLI up to date?

Run winget upgrade --id NotaryProject.Notation --exact, or winget upgrade --all to update everything winget tracks. We index 8 versions of Notation CLI from microsoft/winget-pkgs.

Recent versions

1.3.2latest
1.3.1
1.3.0
1.2.0
1.1.1
1.1.0
1.0.1
1.0.0