Skip to content
@in-toto

in-toto

A framework to protect software supply chain integrity

Pinned Loading

  1. in-toto in-toto Public

    in-toto is a framework to protect supply chain integrity.

    Python 893 141

  2. community community Public

    in-toto is a framework to secure the software supply chain.

    69 10

  3. friends friends Public

    Friends of in-toto! A place to record integrations and adoptions of the in-toto specification.

    Python 12 12

  4. attestation attestation Public

    in-toto Attestation Framework

    Go 252 69

  5. ITE ITE Public

    in-toto Enhancements

    19 16

  6. specification specification Public

    Specification and other related documents.

    Python 41 26

Repositories

Showing 10 of 43 repositories
  • attestation Public

    in-toto Attestation Framework

    in-toto/attestation’s past year of commit activity
    Go 252 69 57 (3 issues need help) 7 Updated Dec 23, 2024
  • scai-demos Public

    Software Supply Chain Attribute Integrity (SCAI) Demos and CLI tools

    in-toto/scai-demos’s past year of commit activity
    Go 18 Apache-2.0 4 1 1 Updated Dec 23, 2024
  • in-toto Public

    in-toto is a framework to protect supply chain integrity.

    in-toto/in-toto’s past year of commit activity
    Python 893 141 42 (1 issue needs help) 6 Updated Dec 23, 2024
  • archivista Public

    Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for software artifacts.

    in-toto/archivista’s past year of commit activity
    Go 75 Apache-2.0 25 25 (1 issue needs help) 11 Updated Dec 23, 2024
  • go-witness Public

    Go implementation of witness

    in-toto/go-witness’s past year of commit activity
    Go 28 Apache-2.0 21 20 (1 issue needs help) 11 Updated Dec 23, 2024
  • friends Public

    Friends of in-toto! A place to record integrations and adoptions of the in-toto specification.

    in-toto/friends’s past year of commit activity
    Python 12 12 4 (1 issue needs help) 5 Updated Dec 23, 2024
  • witness Public

    Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.

    in-toto/witness’s past year of commit activity
    Go 419 Apache-2.0 60 67 (1 issue needs help) 6 Updated Dec 22, 2024
  • in-toto-golang Public

    A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.

    in-toto/in-toto-golang’s past year of commit activity
    Go 133 51 28 (8 issues need help) 3 Updated Dec 22, 2024
  • attestation-verifier Public

    Prototype in-toto attestation verifier based on ITE-10 and ITE-11 layouts

    in-toto/attestation-verifier’s past year of commit activity
    Go 15 6 4 5 Updated Dec 17, 2024
  • in-toto.io Public

    The in-toto website and documentation

    in-toto/in-toto.io’s past year of commit activity
    SCSS 2 20 14 1 Updated Dec 16, 2024