A framework to secure the integrity of software supply chains
in-toto is designed to ensure the integrity of a software product from initiation to end-user installation. It does so by making it transparent to the user what steps were performed, by whom and in what order.
Software supply chain protection
Supply chain compromises are becoming a frequent occurrence. in-toto can help you protect your software supply chain.
Open, extensible standard
in-toto is an open metadata standard that you can implement in your software’s supply chain toolchain.
Extensive tooling
You can use in-toto today by using our Apache-licensed libraries and tools.
in-toto is a CNCF incubating project.
