October 14, 2019
Tobias Furuholm presented in-toto at the CASTOR Software Days and shared a video recording and his slides with us.
October 2, 2019
Adrian Colyer wrote an article about in-toto in “the morning paper”.
July 9, 2019
in-toto was featured in the blog post “33(+) Kubernetes Security Tools”.
June 8, 2019
We demonstrated how reproducible builds can be verified on “apt install” using in-toto at MiniDebConf Hamburg. You can watch it online.
June 3, 2019
Datadog has deployed TUF and in-toto into their pipeline! Read more here.
June 1, 2019
Our paper “in-toto: providing farm-to-table security properties for bits and bytes” was accepted into USENIX ‘19. More information here.
February 13, 2019
We’ve worked alongside with Control Plane to make a test deployment of Kubesec using in-toto.
January 7, 2019
We released the first version of the official in-toto Jenkins plugin. This provenance Agent will help you track and sign link metadata for any step within your pipeline in a secure and distributed way.
October 19, 2018
Colin Domoney gave a talk on this year’s DevSecCon London. He covered some of the fundamentals of in-toto to protect your cloud native deployment, as well as some other good supply-chain security practices.
May 29, 2018
Pacman 5.1 has been released! This new version adds support for reproducible builds, and includes a security check for tampered git tag metadata.
May 17, 2018
A LWN article has been published, covering various supply chain security issues and their solutions, including grafeas, the update framework, and in-toto.
May 2, 2018
We presented in-toto along with Grafeas at Kubecon 2018.
April 12, 2018
Grafeas mentioned in-toto integration plans on the Google Cloud platform blog.
March 3, 2018
Our le-git-imate paper on improving the security of web-based Git repositories has been accepted at ASIACCS 2018!
February 20, 2019
We will present an integration of in-toto and Grafeas at KubeCon + CloudNativeCon Europe 2018 on May 2 in Copenhagen, Denmark.
October 17, 2017
A fix to our git tag metadata tampering attack paper (USENIX ‘16) has been included in the master branch of the pacman package manager and will be included in the next release.
August 10, 2017
Lukas presented in-toto at Debian’s Debconf 2017. You can watch the video of the talk here.
February 6, 2017
We presented a demo of in-toto at Dockercon 2017. You can watch the video here.
January 17, 2017
A fix to our git tag metadata tampering vulnerability was merged into git’s master branch and will be available starting from git v2.12. You can read more about it in our USENIX ‘16 paper.
October 14, 2016
We presented a demo of in-toto in the Docker Distributed System Summit. You can watch the video here.
October 7, 2016
We are live! please check back soon for more updates.