in-toto/specification

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/in-toto/specification)

in-toto / specification

Specification and other related documents.

☆50

Alternatives and similar repositories for specification

Users that are interested in specification are comparing it to the libraries listed below

Sorting:

in-toto / ITE
View on GitHub
in-toto Enhancements
☆20Feb 17, 2025Updated last year
philips-labs / fatt
View on GitHub
fatt tries to find any purl in your project by looking at predefined fields in the supported packages. These fields describe using a purl…
☆11Jan 26, 2026Updated last month
in-toto / community
View on GitHub
in-toto is a framework to secure the software supply chain.
☆72Dec 2, 2025Updated 3 months ago
in-toto / in-toto
View on GitHub
in-toto is a framework to protect supply chain integrity.
☆976Feb 11, 2026Updated 3 weeks ago
in-toto / scai-demos
View on GitHub
Software Supply Chain Attribute Integrity (SCAI) Demos and CLI tools
☆19Feb 6, 2026Updated 3 weeks ago
mlieberman85 / supply-chain-examples
View on GitHub
☆23Oct 26, 2021Updated 4 years ago
AevaOnline / supply-chain-synthesis
View on GitHub
Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.
☆33Apr 4, 2023Updated 2 years ago
in-toto / attestation
View on GitHub
in-toto Attestation Framework
☆326Feb 17, 2026Updated 2 weeks ago
in-toto / in-toto-java
View on GitHub
A Java implementation of in-toto runlib
☆11Jul 23, 2024Updated last year
in-toto / in-toto-golang
View on GitHub
A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.
☆145Feb 13, 2026Updated 2 weeks ago
paketo-buildpacks / jam
View on GitHub
☆13Updated this week
slsa-framework / slsa-proposals
View on GitHub
SLSA Proposals
☆11Jan 29, 2024Updated 2 years ago
in-toto / archivista
View on GitHub
Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…
☆108Feb 23, 2026Updated last week
secure-systems-lab / securesystemslib
View on GitHub
Cryptographic and general-purpose routines for Secure Systems Lab projects at NYU
☆52Feb 24, 2026Updated last week
testifysec / go-ima
View on GitHub
go-ima is a tool that checks if a file has been tampered with. It is useful in ensuring integrity in CI systems
☆13Sep 28, 2023Updated 2 years ago
mlieberman85 / scq
View on GitHub
Supply Chain Query Tool
☆13May 25, 2022Updated 3 years ago
SpectralOps / lightscreen
View on GitHub
A configurable and flexible admission controller toolkit for Kubernetes built in Go and extensible with Go.
☆13Sep 29, 2023Updated 2 years ago
cnabio / signy
View on GitHub
Go implementation for CNAB content trust verification using TUF, Notary, and in-toto
☆31Jul 5, 2023Updated 2 years ago
notaryproject / specifications
View on GitHub
Cross tooling and interoperability specifications
☆175May 20, 2025Updated 9 months ago
psf / psf-tuf-runbook
View on GitHub
A runbook for the PSF, for TUF key setup and initial signing operations to bootstrap signing for PyPI.
☆16Jun 7, 2022Updated 3 years ago
rewanthtammana / sigstore-the-easy-way
View on GitHub
Software signing just got easier
☆20Dec 11, 2023Updated 2 years ago
kubernetes-sigs / tejolote
View on GitHub
A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.
☆72Updated this week
in-toto / demo
View on GitHub
Securing Alice's, Bob's and Carl's software supply chain using in-toto
☆104Feb 11, 2026Updated 3 weeks ago
philips-labs / continuous-compliance-action
View on GitHub
Continuous Compliance makes it possible to enforce company policy on repositories. Continuous Compliance will automatically check your re…
☆22Nov 24, 2025Updated 3 months ago
wolfi-dev / advisories
View on GitHub
Security advisory data for Wolfi
☆20Jan 7, 2026Updated last month
spdx / tools-golang
View on GitHub
Collection of Go packages to work with SPDX files
☆159Feb 23, 2026Updated last week
MChorfa / awesome-cnab
View on GitHub
A curated list of awesome CNAB (Cloud Native Applications Bundles) | https://cnab.io/
☆16Dec 17, 2020Updated 5 years ago
tuananh / how-small-can-it-be
View on GitHub
How small can a Java application container image be
☆21Feb 17, 2023Updated 3 years ago
evryfs / sbom-dependency-submission-action
View on GitHub
Submit SBOMs to GitHub's dependency submission API
☆18Dec 4, 2025Updated 3 months ago
secure-systems-lab / dsse
View on GitHub
A specification for signing methods and formats used by Secure Systems Lab projects.
☆94Nov 10, 2025Updated 3 months ago
omnibor / spec
View on GitHub
Specification for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.
☆26Nov 17, 2025Updated 3 months ago
sigstore / sget-rs
View on GitHub
sget is a keyless safe script retrieval and execution tool
☆18Feb 7, 2022Updated 4 years ago
tap8stry / orion
View on GitHub
Go beyond package manager discovery for SBOM
☆18Feb 22, 2022Updated 4 years ago
cloud-native-skunkworks / ohmyyaml
View on GitHub
A single repo that shows terraform, terragrunt, helm & docker
☆21Jun 8, 2022Updated 3 years ago
falcosecurity / plugin-sdk-go
View on GitHub
Falco plugins SDK for Go
☆26Jan 29, 2026Updated last month
chainguard-dev / clank
View on GitHub
Simple tool that allows you to detect imposter commits in GitHub Actions workflows.
☆26Dec 17, 2024Updated last year
tektoncd / chains
View on GitHub
Supply Chain Security in Tekton Pipelines
☆270Updated this week
chainguard-dev / vex
View on GitHub
vexctl is a tool to attest VEX impact statements
☆45Mar 27, 2023Updated 2 years ago
kcp-dev / client-go
View on GitHub
Golang libraries for multi-cluster-aware Kubernetes clients, listers and informers.
☆21Feb 23, 2026Updated last week