in-toto

attestation-verifier

Go 0 0

Prototype in-toto attestation verifier based on ITE-10 and ITE-11 layouts

in-toto

Updated 2025-10-03 12:12:04 +08:00

witness

Go 0 0

Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.

Updated 2025-09-30 05:37:46 +08:00

archivista

Go 0 0

Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for software artifacts.

Updated 2025-09-26 00:34:14 +08:00

go-witness

Go 0 0

Go implementation of witness

Updated 2025-09-26 00:21:30 +08:00

scai-demos

Go 0 0

Software Supply Chain Attribute Integrity (SCAI) Demos and CLI tools

cli attestations demos software-supply-chain-security

Updated 2025-09-17 09:46:01 +08:00

in-toto-golang

Go 0 0

A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.

security in-toto software-supply-chain

Updated 2025-09-10 22:04:54 +08:00