Skip to content
@in-toto

in-toto

A framework to protect software supply chain integrity

Pinned Loading

  1. in-toto in-toto Public

    in-toto is a framework to protect supply chain integrity.

    Python 904 143

  2. community community Public

    in-toto is a framework to secure the software supply chain.

    70 10

  3. friends friends Public

    Friends of in-toto! A place to record integrations and adoptions of the in-toto specification.

    Python 14 13

  4. attestation attestation Public

    in-toto Attestation Framework

    Go 261 74

  5. ITE ITE Public

    in-toto Enhancements

    19 17

  6. specification specification Public

    Specification and other related documents.

    Python 44 28

Repositories

Showing 10 of 43 repositories
  • witness Public

    Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.

    in-toto/witness’s past year of commit activity
    Go 430 Apache-2.0 61 68 (1 issue needs help) 8 Updated Mar 20, 2025
  • in-toto-golang Public

    A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.

    in-toto/in-toto-golang’s past year of commit activity
    Go 136 52 28 (8 issues need help) 7 Updated Mar 19, 2025
  • go-witness Public

    Go implementation of witness

    in-toto/go-witness’s past year of commit activity
    Go 33 Apache-2.0 22 20 (1 issue needs help) 8 Updated Mar 19, 2025
  • attestation-verifier Public

    Prototype in-toto attestation verifier based on ITE-10 and ITE-11 layouts

    in-toto/attestation-verifier’s past year of commit activity
    Go 16 6 4 5 Updated Mar 19, 2025
  • in-toto Public

    in-toto is a framework to protect supply chain integrity.

    in-toto/in-toto’s past year of commit activity
    Python 904 143 40 (1 issue needs help) 13 Updated Mar 19, 2025
  • archivista Public

    Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for software artifacts.

    in-toto/archivista’s past year of commit activity
    Go 80 Apache-2.0 25 25 (1 issue needs help) 8 Updated Mar 18, 2025
  • scai-demos Public

    Software Supply Chain Attribute Integrity (SCAI) Demos and CLI tools

    in-toto/scai-demos’s past year of commit activity
    Go 18 Apache-2.0 4 1 2 Updated Mar 17, 2025
  • friends Public

    Friends of in-toto! A place to record integrations and adoptions of the in-toto specification.

    in-toto/friends’s past year of commit activity
    Python 14 13 5 (1 issue needs help) 0 Updated Mar 17, 2025
  • attestation Public

    in-toto Attestation Framework

    in-toto/attestation’s past year of commit activity
    Go 261 74 58 (3 issues need help) 4 Updated Mar 10, 2025
  • demo Public

    Securing Alice's, Bob's and Carl's software supply chain using in-toto

    in-toto/demo’s past year of commit activity
    Python 92 40 3 2 Updated Mar 4, 2025
View all repositories

Most used topics

Loading…