Skip to content

Navigation Menu

Appearance settings

in-toto

View all features
- BY COMPANY SIZE
  Enterprises
  Small and medium teams
  Startups
  Nonprofits
- BY USE CASE
  App Modernization
  DevSecOps
  DevOps
  CI/CD
  View all use cases
- BY INDUSTRY
  Healthcare
  Financial services
  Manufacturing
  Government
  View all industries
View all solutions
- EXPLORE BY TOPIC
  AI
  Software Development
  DevOps
  Security
  View all topics
- EXPLORE BY TYPE
  Customer stories
  Events & webinars
  Ebooks & reports
  Business insights
  GitHub Skills
- SUPPORT & SERVICES
  Documentation
  Customer support
  Community forum
  Trust center
  Partners
- COMMUNITY
  GitHub SponsorsFund open source developers
- PROGRAMS
  Security Lab
  Maintainer Community
  Accelerator
  Archive Program
- REPOSITORIES
  Topics
  Trending
  Collections
- ENTERPRISE SOLUTIONS
  Enterprise platformAI-powered developer platform
- AVAILABLE ADD-ONS
  GitHub Advanced SecurityEnterprise-grade security features
  Copilot for BusinessEnterprise-grade AI features
  Premium SupportEnterprise-grade 24/7 support
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

Appearance settings

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

in-toto

A framework to protect software supply chain integrity

194 followers
https://in-toto.io/

Overview
Repositories
Projects
Packages
People

More

Overview
Repositories
Projects
Packages
People

Pinned Loading

in-toto in-toto Public

in-toto is a framework to protect supply chain integrity.

Python 966 151
community community Public

in-toto is a framework to secure the software supply chain.

71 11
friends friends Public

Friends of in-toto! A place to record integrations and adoptions of the in-toto specification.

Python 19 17
attestation attestation Public

in-toto Attestation Framework

Rust 317 101
ITE ITE Public

in-toto Enhancements

18 19
specification specification Public

Specification and other related documents.

Python 47 29

Repositories

Loading

Type

Select type

All Public Sources Forks Archived Mirrors Templates

Language

Select language

All CSS Dockerfile Go HTML Java JavaScript Python Rich Text Format Rust SCSS Shell Smarty

Sort

Select order

Last updated Name Stars

Showing 10 of 43 repositories

in-toto Public
in-toto is a framework to protect supply chain integrity.

in-toto/in-toto’s past year of commit activity

Python 966 151 41 (1 issue needs help) 11 Updated Jan 5, 2026
attestation Public
in-toto Attestation Framework

in-toto/attestation’s past year of commit activity

Rust 317 101 57 (3 issues need help) 6 Updated Jan 5, 2026
friends Public
Friends of in-toto! A place to record integrations and adoptions of the in-toto specification.

in-toto/friends’s past year of commit activity

Python 19 17 5 (1 issue needs help) 8 Updated Jan 5, 2026
in-toto-golang Public
A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.

in-toto/in-toto-golang’s past year of commit activity

Go 142 53 29 (8 issues need help) 14 Updated Dec 30, 2025
archivista Public
Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for software artifacts.

in-toto/archivista’s past year of commit activity

Go 103 Apache-2.0 32 29 (1 issue needs help) 16 Updated Dec 29, 2025
go-witness Public
Go implementation of witness

in-toto/go-witness’s past year of commit activity

Go 42 Apache-2.0 32 29 (2 issues need help) 15 Updated Dec 29, 2025
witness Public
Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.

in-toto/witness’s past year of commit activity

Go 511 Apache-2.0 74 71 (2 issues need help) 6 Updated Dec 29, 2025
attestation-verifier Public
Prototype in-toto attestation verifier based on ITE-10 and ITE-11 layouts

in-toto/attestation-verifier’s past year of commit activity

Go 17 8 5 6 Updated Dec 16, 2025
in-toto-rs Public
A rust implementation of in-toto

in-toto/in-toto-rs’s past year of commit activity

Rust 34 MIT 13 6 (1 issue needs help) 1 Updated Dec 16, 2025
scai-demos Public
Software Supply Chain Attribute Integrity (SCAI) Demos and CLI tools

in-toto/scai-demos’s past year of commit activity

Go 18 Apache-2.0 5 1 0 Updated Dec 15, 2025

View all repositories

People

Top languages

Python Go Rust JavaScript Java

Most used topics

security in-toto software-supply-chain software-supply-chain-security supply-chain

Footer

© 2026 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Community
Docs
Contact

You can’t perform that action at this time.