in-toto

in-toto

in-toto is a framework to protect supply chain integrity.

witness

Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.

attestation

in-toto Attestation Framework

in-toto-golang

A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.

demo

Securing Alice's, Bob's and Carl's software supply chain using in-toto

archivista

Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for software artifacts.

community

in-toto is a framework to secure the software supply chain.

docs

Specification and other related documents.

in-toto-rs

A rust implementation of in-toto

scai-demos

Software Supply Chain Attribute Integrity (SCAI) Demos and CLI tools

ITE

in-toto Enhancements

go-witness

Go implementation of witness

attestation-verifier

Prototype in-toto attestation verifier based on ITE-10 and ITE-11 layouts

in-toto-java

A Java implementation of in-toto runlib

friends

Friends of in-toto! A place to record integrations and adoptions of the in-toto specification.

apt-transport-in-toto

in-toto transport for apt

github-action

in-toto provenance github action

Dockerfiles

in-toto-testing

rebuilderd

Independent verification of binary packages - reproducible builds

in-toto-jenkins-plugin

A Jenkins plugin to track steps and create in-toto link metadata

layout-web-tool

A flask app that helps to create, modify and visualize in-toto layouts.

image-resources

This repo contains image-related resources for in-toto

in-toto.io

ite-4-demo

demo-opensuse

in-toto openSUSE demo

ite-4-demo-test-repo

rebuilderd-website

Arch Linux Rebuilderd status webpage (read-only mirror)

securesystemslib

Cryptographic and general-purpose routines for Secure Systems Lab projects at NYU

windows-setup