A framework to secure the integrity of software supply chains
Software supply chain protection
Supply chain compromises are becoming a frequent occurrence. in-toto can help you protect your software supply chain.
Open, extensible standard
in-toto is an open metadata standard that you can implement in your software's supply chain toolchain.
You can use in-toto today by using our Apache-licensed libraries and tools.