in-toto
Prototype in-toto attestation verifier based on ITE-10 and ITE-11 layouts
Updated 2025-07-16 17:15:18 +08:00
Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.
Updated 2025-07-13 15:58:09 +08:00
Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for software artifacts.
Updated 2025-07-13 15:54:20 +08:00
Friends of in-toto! A place to record integrations and adoptions of the in-toto specification.
Updated 2025-07-12 14:29:03 +08:00
in-toto is a framework to secure the software supply chain.
Updated 2025-07-12 14:25:41 +08:00
in-toto Enhancements
Updated 2025-07-12 14:25:34 +08:00
in-toto is a framework to protect supply chain integrity.
Updated 2025-07-12 14:25:34 +08:00
in-toto helm charts
Updated 2025-07-12 14:24:43 +08:00
in-toto Attestation Framework
Updated 2025-07-12 14:24:36 +08:00
Go implementation of witness
Updated 2025-07-12 14:24:30 +08:00
Specification and other related documents.
Updated 2025-07-12 14:24:20 +08:00
Software Supply Chain Attribute Integrity (SCAI) Demos and CLI tools
Updated 2025-07-12 14:24:01 +08:00
A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.
Updated 2025-07-12 14:23:57 +08:00
The in-toto website and documentation
Updated 2025-07-01 01:05:05 +08:00