Skip to content

Navigation Menu

in-toto

Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

Sign up

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

in-toto

A framework to protect software supply chain integrity

169 followers
https://in-toto.io/

Overview
Repositories 43
Projects
Packages
People 9

More

Overview
Repositories
Projects
Packages
People

Pinned Loading

in-toto Public

in-toto is a framework to protect supply chain integrity.

Python 913 143
community Public

in-toto is a framework to secure the software supply chain.

70 10
friends Public

Friends of in-toto! A place to record integrations and adoptions of the in-toto specification.

Python 14 13
attestation Public

in-toto Attestation Framework

Go 265 74
ITE Public

in-toto Enhancements

19 17
specification Public

Specification and other related documents.

Python 45 28

Repositories

Loading

Type

Select type

All Public Sources Forks Archived Mirrors Templates

Language

Select language

All CSS Dockerfile Go HTML Java JavaScript Python Rich Text Format Rust SCSS Shell Smarty

Sort

Select order

Last updated Name Stars

Showing 10 of 43 repositories

in-toto Public
in-toto is a framework to protect supply chain integrity.

Python 913 143 41 (1 issue needs help) 9 Updated Apr 8, 2025
archivista Public
Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for software artifacts.

Go 85 Apache-2.0 25 25 (1 issue needs help) 8 Updated Apr 7, 2025
go-witness Public
Go implementation of witness

Go 33 Apache-2.0 23 20 (1 issue needs help) 20 Updated Apr 7, 2025
witness Public
Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.

Go 435 Apache-2.0 62 69 (1 issue needs help) 9 Updated Apr 7, 2025
in-toto-golang Public
A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.

Go 136 52 28 (8 issues need help) 8 Updated Apr 7, 2025
friends Public
Friends of in-toto! A place to record integrations and adoptions of the in-toto specification.

Python 14 13 5 (1 issue needs help) 1 Updated Apr 7, 2025
helm-charts Public
in-toto helm charts

Smarty 0 1 1 (1 issue needs help) 0 Updated Apr 2, 2025
attestation Public
in-toto Attestation Framework

Go 265 74 58 (3 issues need help) 4 Updated Mar 31, 2025
scai-demos Public
Software Supply Chain Attribute Integrity (SCAI) Demos and CLI tools

Go 18 Apache-2.0 4 1 0 Updated Mar 25, 2025
attestation-verifier Public
Prototype in-toto attestation verifier based on ITE-10 and ITE-11 layouts

Go 16 6 4 5 Updated Mar 25, 2025

View all repositories

People

Top languages

Loading…

Most used topics

security in-toto software-supply-chain software-supply-chain-security supply-chain

Footer

© 2025 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.