in-toto
The in-toto website and documentation
Updated 2025-10-30 03:01:48 +08:00
Prototype in-toto attestation verifier based on ITE-10 and ITE-11 layouts
Updated 2025-10-03 12:12:04 +08:00
Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.
Updated 2025-09-30 05:37:46 +08:00
Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for software artifacts.
Updated 2025-09-26 00:34:14 +08:00
Go implementation of witness
Updated 2025-09-26 00:21:30 +08:00
in-toto is a framework to protect supply chain integrity.
Updated 2025-09-23 14:21:24 +08:00
Friends of in-toto! A place to record integrations and adoptions of the in-toto specification.
Updated 2025-09-18 19:37:07 +08:00
Software Supply Chain Attribute Integrity (SCAI) Demos and CLI tools
Updated 2025-09-17 09:46:01 +08:00
in-toto Attestation Framework
Updated 2025-09-11 06:58:52 +08:00
A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.
Updated 2025-09-10 22:04:54 +08:00
in-toto helm charts
Updated 2025-09-03 03:24:29 +08:00
in-toto Enhancements
Updated 2025-02-18 06:15:27 +08:00
Specification and other related documents.
Updated 2025-01-14 00:48:36 +08:00
in-toto is a framework to secure the software supply chain.
Updated 2025-01-09 11:10:44 +08:00