A framework to secure the integrity of software supply chains

Software supply chain protection

Supply chain compromises are becoming a frequent occurrence. in-toto can help you protect your software supply chain.

Read more

Open, extensible standard

in-toto is an open metadata standard that you can implement in your software's supply chain toolchain.

Read the specifications

Extensive tooling

You can use in-toto today by using our Apache-licensed libraries and tools.