A framework to secure the integrity of software supply chains

Software supply chain protection


Supply chain compromises are becoming a frequent occurrence. in-toto can help you protect your software supply chain.

Read more

Open, extensible standard


in-toto is an open metadata standard that you can implement in your software's supply chain toolchain.

Read the specifications

Extensive tooling


You can use in-toto today by using our Apache-licensed libraries and tools.

Tools