in-toto
There are 16 repositories under in-toto topic.
chainloop-dev/chainloop
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
in-toto/in-toto-golang
A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.
argoproj-labs/argocd-interlace
Enabling Software Supply Chain Security Capabilities in ArgoCD
in-toto/community
in-toto is a framework to secure the software supply chain.
philips-labs/slsa-provenance-action
Github Action implementation of SLSA Provenance Generation
cnabio/signy
Go implementation for CNAB content trust verification using TUF, Notary, and in-toto
R3DRUN3/immunize
Pipeline for patching CVEs in container images 💉📦
in-toto/attestation-verifier
Prototype in-toto attestation verifier based on ITE-10 and ITE-11 layouts
docker/attest
Library to create, verify, and evaluate policy for attestations on container images
engineerd/in-toto-container
Programmatically running in-toto verifications in a container
DBOMproject/in-toto-dbom-wrapper
A wrapper for running in-toto commands and using dbom repositories as the storage medium for the in-toto attestations
danbev/trygg
This is just a experimental project to investigate things related to secure supply chain security.
engineerd/pysigny
[WIP] Python reference implementation for the CNAB security specification, with TUF, and in-toto
pojntfx/uni-supply-chain-paper
A paper on supply chain security in software development for Uni.
angelcamposm/jenkins-shared-library
Jenkins Shared Library
simar7/in-toto-rust
an experimental rust implementation of in-toto verifylib